search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixed typo.
[Samba.git] / source / smbd / nttrans.c
blob840ced458f19f42a78c4f3543ef6a693affefb60
1 /*
2 Unix SMB/Netbios implementation.
3 Version 1.9.
4 SMB NT transaction handling
5 Copyright (C) Jeremy Allison 1994-1998
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22 #include "includes.h"
23 #include "nterr.h"
24
25 extern int DEBUGLEVEL;
26 extern int Protocol;
27 extern int Client;
28 extern int smb_read_error;
29 extern int global_oplock_break;
30 extern int chain_size;
31 extern BOOL case_sensitive;
32 extern BOOL case_preserve;
33 extern BOOL short_case_preserve;
34
35 static void remove_pending_change_notify_requests_by_mid(int mid);
36
37 static char *known_nt_pipes[] = {
38 "\\LANMAN",
39 "\\srvsvc",
40 "\\samr",
41 "\\wkssvc",
42 "\\NETLOGON",
43 "\\ntlsa",
44 "\\ntsvcs",
45 "\\lsass",
46 "\\lsarpc",
47 "\\winreg",
48 NULL
49 };
50
51 /****************************************************************************
52 Send the required number of replies back.
53 We assume all fields other than the data fields are
54 set correctly for the type of call.
55 HACK ! Always assumes smb_setup field is zero.
56 ****************************************************************************/
57
58 static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, uint32 nt_error, char *params,
59 int paramsize, char *pdata, int datasize)
60 {
61 extern int max_send;
62 int data_to_send = datasize;
63 int params_to_send = paramsize;
64 int useable_space;
65 char *pp = params;
66 char *pd = pdata;
67 int params_sent_thistime, data_sent_thistime, total_sent_thistime;
68 int alignment_offset = 3;
69 int data_alignment_offset = 0;
70
71 /*
72 * Initially set the wcnt area to be 18 - this is true for all
73 * transNT replies.
74 */
75
76 set_message(outbuf,18,0,True);
77
78 if(nt_error != 0) {
79 /* NT Error. */
80 SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
81
82 ERROR(0,nt_error);
83 }
84
85 /*
86 * If there genuinely are no parameters or data to send just send
87 * the empty packet.
88 */
89
90 if(params_to_send == 0 && data_to_send == 0) {
91 send_smb(Client,outbuf);
92 return 0;
93 }
94
95 /*
96 * When sending params and data ensure that both are nicely aligned.
97 * Only do this alignment when there is also data to send - else
98 * can cause NT redirector problems.
99 */
100
101 if (((params_to_send % 4) != 0) && (data_to_send != 0))
102 data_alignment_offset = 4 - (params_to_send % 4);
103
104 /*
105 * Space is bufsize minus Netbios over TCP header minus SMB header.
106 * The alignment_offset is to align the param bytes on a four byte
107 * boundary (2 bytes for data len, one byte pad).
108 * NT needs this to work correctly.
109 */
110
111 useable_space = bufsize - ((smb_buf(outbuf)+
112 alignment_offset+data_alignment_offset) -
113 outbuf);
114
115 /*
116 * useable_space can never be more than max_send minus the
117 * alignment offset.
118 */
119
120 useable_space = MIN(useable_space,
121 max_send - (alignment_offset+data_alignment_offset));
122
123
124 while (params_to_send || data_to_send) {
125
126 /*
127 * Calculate whether we will totally or partially fill this packet.
128 */
129
130 total_sent_thistime = params_to_send + data_to_send +
131 alignment_offset + data_alignment_offset;
132
133 /*
134 * We can never send more than useable_space.
135 */
136
137 total_sent_thistime = MIN(total_sent_thistime, useable_space);
138
139 set_message(outbuf, 18, total_sent_thistime, True);
140
141 /*
142 * Set total params and data to be sent.
143 */
144
145 SIVAL(outbuf,smb_ntr_TotalParameterCount,paramsize);
146 SIVAL(outbuf,smb_ntr_TotalDataCount,datasize);
147
148 /*
149 * Calculate how many parameters and data we can fit into
150 * this packet. Parameters get precedence.
151 */
152
153 params_sent_thistime = MIN(params_to_send,useable_space);
154 data_sent_thistime = useable_space - params_sent_thistime;
155 data_sent_thistime = MIN(data_sent_thistime,data_to_send);
156
157 SIVAL(outbuf,smb_ntr_ParameterCount,params_sent_thistime);
158
159 if(params_sent_thistime == 0) {
160 SIVAL(outbuf,smb_ntr_ParameterOffset,0);
161 SIVAL(outbuf,smb_ntr_ParameterDisplacement,0);
162 } else {
163 /*
164 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
165 * parameter bytes, however the first 4 bytes of outbuf are
166 * the Netbios over TCP header. Thus use smb_base() to subtract
167 * them from the calculation.
168 */
169
170 SIVAL(outbuf,smb_ntr_ParameterOffset,
171 ((smb_buf(outbuf)+alignment_offset) - smb_base(outbuf)));
172 /*
173 * Absolute displacement of param bytes sent in this packet.
174 */
175
176 SIVAL(outbuf,smb_ntr_ParameterDisplacement,pp - params);
177 }
178
179 /*
180 * Deal with the data portion.
181 */
182
183 SIVAL(outbuf,smb_ntr_DataCount, data_sent_thistime);
184
185 if(data_sent_thistime == 0) {
186 SIVAL(outbuf,smb_ntr_DataOffset,0);
187 SIVAL(outbuf,smb_ntr_DataDisplacement, 0);
188 } else {
189 /*
190 * The offset of the data bytes is the offset of the
191 * parameter bytes plus the number of parameters being sent this time.
192 */
193
194 SIVAL(outbuf,smb_ntr_DataOffset,((smb_buf(outbuf)+alignment_offset) -
195 smb_base(outbuf)) + params_sent_thistime + data_alignment_offset);
196 SIVAL(outbuf,smb_ntr_DataDisplacement, pd - pdata);
197 }
198
199 /*
200 * Copy the param bytes into the packet.
201 */
202
203 if(params_sent_thistime)
204 memcpy((smb_buf(outbuf)+alignment_offset),pp,params_sent_thistime);
205
206 /*
207 * Copy in the data bytes
208 */
209
210 if(data_sent_thistime)
211 memcpy(smb_buf(outbuf)+alignment_offset+params_sent_thistime+
212 data_alignment_offset,pd,data_sent_thistime);
213
214 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
215 params_sent_thistime, data_sent_thistime, useable_space));
216 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
217 params_to_send, data_to_send, paramsize, datasize));
218
219 /* Send the packet */
220 send_smb(Client,outbuf);
221
222 pp += params_sent_thistime;
223 pd += data_sent_thistime;
224
225 params_to_send -= params_sent_thistime;
226 data_to_send -= data_sent_thistime;
227
228 /*
229 * Sanity check
230 */
231
232 if(params_to_send < 0 || data_to_send < 0) {
233 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
234 params_to_send, data_to_send));
235 return -1;
236 }
237 }
238
239 return 0;
240 }
241
242 /****************************************************************************
243 (Hopefully) temporary call to fix bugs in NT5.0beta2. This OS sends unicode
244 strings in NT calls AND DOESN'T SET THE UNICODE BIT !!!!!!!
245 ****************************************************************************/
246
247 static void my_wcstombs(char *dst, uint16 *src, size_t len)
248 {
249 size_t i;
250
251 for(i = 0; i < len; i++)
252 dst[i] = (char)SVAL(src,i*2);
253 }
254
255 static void get_filename( char *fname, char *inbuf, int data_offset, int data_len, int fname_len)
256 {
257 if(data_len - fname_len > 1) {
258 /*
259 * NT 5.0 Beta 2 has kindly sent us a UNICODE string
260 * without bothering to set the unicode bit. How kind.
261 *
262 * Firstly - ensure that the data offset is aligned
263 * on a 2 byte boundary - add one if not.
264 */
265 fname_len = fname_len/2;
266 if(data_offset & 1)
267 data_offset++;
268 my_wcstombs( fname, (uint16 *)(inbuf+data_offset), fname_len);
269 } else {
270 StrnCpy(fname,inbuf+data_offset,fname_len);
271 }
272 fname[fname_len] = '\0';
273 }
274
275 /****************************************************************************
276 Save case statics.
277 ****************************************************************************/
278
279 static BOOL saved_case_sensitive;
280 static BOOL saved_case_preserve;
281 static BOOL saved_short_case_preserve;
282
283 /****************************************************************************
284 Save case semantics.
285 ****************************************************************************/
286
287 static void set_posix_case_semantics(uint32 file_attributes)
288 {
289 if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS))
290 return;
291
292 saved_case_sensitive = case_sensitive;
293 saved_case_preserve = case_preserve;
294 saved_short_case_preserve = short_case_preserve;
295
296 /* Set to POSIX. */
297 case_sensitive = True;
298 case_preserve = True;
299 short_case_preserve = True;
300 }
301
302 /****************************************************************************
303 Restore case semantics.
304 ****************************************************************************/
305
306 static void restore_case_semantics(uint32 file_attributes)
307 {
308 if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS))
309 return;
310
311 case_sensitive = saved_case_sensitive;
312 case_preserve = saved_case_preserve;
313 short_case_preserve = saved_short_case_preserve;
314 }
315
316 /****************************************************************************
317 Utility function to map create disposition.
318 ****************************************************************************/
319
320 static int map_create_disposition( uint32 create_disposition)
321 {
322 int ret;
323
324 switch( create_disposition ) {
325 case FILE_CREATE:
326 /* create if not exist, fail if exist */
327 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_FAIL);
328 break;
329 case FILE_SUPERSEDE:
330 case FILE_OVERWRITE_IF:
331 /* create if not exist, trunc if exist */
332 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE);
333 break;
334 case FILE_OPEN:
335 /* fail if not exist, open if exists */
336 ret = (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN);
337 break;
338 case FILE_OPEN_IF:
339 /* create if not exist, open if exists */
340 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_OPEN);
341 break;
342 case FILE_OVERWRITE:
343 /* fail if not exist, truncate if exists */
344 ret = (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE);
345 break;
346 default:
347 DEBUG(0,("map_create_disposition: Incorrect value for create_disposition = %d\n",
348 create_disposition ));
349 return -1;
350 }
351
352 DEBUG(10,("map_create_disposition: Mapped create_disposition %lx to %x\n",
353 (unsigned long)create_disposition, ret ));
354
355 return ret;
356 }
357
358 /****************************************************************************
359 Utility function to map share modes.
360 ****************************************************************************/
361
362 static int map_share_mode( BOOL *pstat_open_only, char *fname,
363 uint32 desired_access, uint32 share_access, uint32 file_attributes)
364 {
365 int smb_open_mode = -1;
366
367 *pstat_open_only = False;
368
369 switch( desired_access & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA) ) {
370 case FILE_READ_DATA:
371 smb_open_mode = DOS_OPEN_RDONLY;
372 break;
373 case FILE_WRITE_DATA:
374 case FILE_APPEND_DATA:
375 case FILE_WRITE_DATA|FILE_APPEND_DATA:
376 smb_open_mode = DOS_OPEN_WRONLY;
377 break;
378 case FILE_READ_DATA|FILE_WRITE_DATA:
379 case FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA:
380 case FILE_READ_DATA|FILE_APPEND_DATA:
381 smb_open_mode = DOS_OPEN_RDWR;
382 break;
383 }
384
385 /*
386 * NB. For DELETE_ACCESS we should really check the
387 * directory permissions, as that is what controls
388 * delete, and for WRITE_DAC_ACCESS we should really
389 * check the ownership, as that is what controls the
390 * chmod. Note that this is *NOT* a security hole (this
391 * note is for you, Andrew) as we are not *allowing*
392 * the access at this point, the actual unlink or
393 * chown or chmod call would do this. We are just helping
394 * clients out by telling them if they have a hope
395 * of any of this succeeding. POSIX acls may still
396 * deny the real call. JRA.
397 */
398
399 if (smb_open_mode == -1) {
400 if(desired_access == WRITE_DAC_ACCESS || desired_access == READ_CONTROL_ACCESS)
401 *pstat_open_only = True;
402
403 if(desired_access & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|
404 FILE_EXECUTE|FILE_READ_ATTRIBUTES|
405 FILE_READ_EA|FILE_WRITE_EA|SYSTEM_SECURITY_ACCESS|
406 FILE_WRITE_ATTRIBUTES|READ_CONTROL_ACCESS))
407 smb_open_mode = DOS_OPEN_RDONLY;
408 else {
409 DEBUG(0,("map_share_mode: Incorrect value %lx for desired_access to file %s\n",
410 (unsigned long)desired_access, fname));
411 return -1;
412 }
413 }
414
415 /*
416 * Set the special bit that means allow share delete.
417 * This is held outside the normal share mode bits at 1<<15.
418 * JRA.
419 */
420
421 if(share_access & FILE_SHARE_DELETE)
422 smb_open_mode |= ALLOW_SHARE_DELETE;
423
424 /* Add in the requested share mode. */
425 switch( share_access & (FILE_SHARE_READ|FILE_SHARE_WRITE)) {
426 case FILE_SHARE_READ:
427 smb_open_mode |= SET_DENY_MODE(DENY_WRITE);
428 break;
429 case FILE_SHARE_WRITE:
430 smb_open_mode |= SET_DENY_MODE(DENY_READ);
431 break;
432 case (FILE_SHARE_READ|FILE_SHARE_WRITE):
433 smb_open_mode |= SET_DENY_MODE(DENY_NONE);
434 break;
435 case FILE_SHARE_NONE:
436 smb_open_mode |= SET_DENY_MODE(DENY_ALL);
437 break;
438 }
439
440 /*
441 * Handle an O_SYNC request.
442 */
443
444 if(file_attributes & FILE_FLAG_WRITE_THROUGH)
445 smb_open_mode |= FILE_SYNC_OPENMODE;
446
447 DEBUG(10,("map_share_mode: Mapped desired access %lx, share access %lx, file attributes %lx \
448 to open_mode %x\n", (unsigned long)desired_access, (unsigned long)share_access,
449 (unsigned long)file_attributes, smb_open_mode ));
450
451 return smb_open_mode;
452 }
453
454 /*
455 * This is a *disgusting* hack.
456 * This is *so* bad that even I'm embarrassed (and I
457 * have no shame). Here's the deal :
458 * Until we get the correct SPOOLSS code into smbd
459 * then when we're running with NT SMB support then
460 * NT makes this call with a level of zero, and then
461 * immediately follows it with an open request to
462 * the \\SRVSVC pipe. If we allow that open to
463 * succeed then NT barfs when it cannot open the
464 * \\SPOOLSS pipe immediately after and continually
465 * whines saying "Printer name is invalid" forever
466 * after. If we cause *JUST THIS NEXT OPEN* of \\SRVSVC
467 * to fail, then NT downgrades to using the downlevel code
468 * and everything works as well as before. I hate
469 * myself for adding this code.... JRA.
470 *
471 * The HACK_FAIL_TIME define allows only a 2
472 * second window for this to occur, just in
473 * case...
474 */
475
476 static BOOL fail_next_srvsvc = False;
477 static time_t fail_time;
478 #define HACK_FAIL_TIME 2 /* In seconds. */
479
480 void fail_next_srvsvc_open(void)
481 {
482 fail_next_srvsvc = True;
483 fail_time = time(NULL);
484 DEBUG(10,("fail_next_srvsvc_open: setting up timeout close of \\srvsvc pipe for print fix.\n"));
485 }
486
487 /*
488 * HACK alert.... see above - JRA.
489 */
490
491 BOOL should_fail_next_srvsvc_open(const char *pipename)
492 {
493
494 DEBUG(10,("should_fail_next_srvsvc_open: fail = %d, pipe = %s\n",
495 (int)fail_next_srvsvc, pipename));
496
497 if(fail_next_srvsvc && (time(NULL) > fail_time + HACK_FAIL_TIME)) {
498 fail_next_srvsvc = False;
499 fail_time = (time_t)0;
500 DEBUG(10,("should_fail_next_srvsvc_open: End of timeout close of \\srvsvc pipe for print fix.\n"));
501 }
502
503 if(fail_next_srvsvc && strequal(pipename, "srvsvc")) {
504 fail_next_srvsvc = False;
505 DEBUG(10,("should_fail_next_srvsvc_open: Deliberately failing open of \\srvsvc pipe for print fix.\n"));
506 return True;
507 }
508 return False;
509 }
510
511
512 /****************************************************************************
513 Reply to an NT create and X call on a pipe.
514 ****************************************************************************/
515 static int nt_open_pipe(char *fname, connection_struct *conn,
516 char *inbuf, char *outbuf, int *ppnum)
517 {
518 pipes_struct *p = NULL;
519
520 uint16 vuid = SVAL(inbuf, smb_uid);
521 int i;
522
523 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
524
525 /* See if it is one we want to handle. */
526 for( i = 0; known_nt_pipes[i]; i++ )
527 if( strequal(fname,known_nt_pipes[i]))
528 break;
529
530 if ( known_nt_pipes[i] == NULL )
531 return(ERROR(ERRSRV,ERRaccess));
532
533 /* Strip \\ off the name. */
534 fname++;
535
536 if(should_fail_next_srvsvc_open(fname))
537 return (ERROR(ERRSRV,ERRaccess));
538
539 DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
540
541 p = open_rpc_pipe_p(fname, conn, vuid);
542 if (!p)
543 return(ERROR(ERRSRV,ERRnofids));
544
545 *ppnum = p->pnum;
546
547 return 0;
548 }
549
550 /****************************************************************************
551 Reply to an NT create and X call.
552 ****************************************************************************/
553
554 int reply_ntcreate_and_X(connection_struct *conn,
555 char *inbuf,char *outbuf,int length,int bufsize)
556 {
557 pstring fname;
558 uint32 flags = IVAL(inbuf,smb_ntcreate_Flags);
559 uint32 desired_access = IVAL(inbuf,smb_ntcreate_DesiredAccess);
560 uint32 file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
561 uint32 share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
562 uint32 create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
563 uint32 create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
564 uint32 fname_len = MIN(((uint32)SVAL(inbuf,smb_ntcreate_NameLength)),
565 ((uint32)sizeof(fname)-1));
566 uint16 root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
567 int smb_ofun;
568 int smb_open_mode;
569 int smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK);
570 /* Breakout the oplock request bits so we can set the
571 reply bits separately. */
572 int oplock_request = 0;
573 mode_t unixmode;
574 int pnum = -1;
575 int fmode=0,rmode=0;
576 SMB_OFF_T file_len = 0;
577 SMB_STRUCT_STAT sbuf;
578 int smb_action = 0;
579 BOOL bad_path = False;
580 files_struct *fsp=NULL;
581 char *p = NULL;
582 BOOL stat_open_only = False;
583
584 /*
585 * We need to construct the open_and_X ofun value from the
586 * NT values, as that's what our code is structured to accept.
587 */
588
589 if((smb_ofun = map_create_disposition( create_disposition )) == -1)
590 return(ERROR(ERRDOS,ERRbadaccess));
591
592 /*
593 * Get the file name.
594 */
595
596 if(root_dir_fid != 0) {
597 /*
598 * This filename is relative to a directory fid.
599 */
600 files_struct *dir_fsp = file_fsp(inbuf,smb_ntcreate_RootDirectoryFid);
601 size_t dir_name_len;
602
603 if(!dir_fsp)
604 return(ERROR(ERRDOS,ERRbadfid));
605
606 if(!dir_fsp->is_directory) {
607 /*
608 * Check to see if this is a mac fork of some kind.
609 */
610
611 get_filename(&fname[0], inbuf, smb_buf(inbuf)-inbuf,
612 smb_buflen(inbuf),fname_len);
613
614 if( fname[0] == ':') {
615 SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
616 return(ERROR(0, 0xc0000000|NT_STATUS_OBJECT_PATH_NOT_FOUND));
617 }
618 return(ERROR(ERRDOS,ERRbadfid));
619 }
620
621 /*
622 * Copy in the base directory name.
623 */
624
625 pstrcpy( fname, dir_fsp->fsp_name );
626 dir_name_len = strlen(fname);
627
628 /*
629 * Ensure it ends in a '\'.
630 */
631
632 if(fname[dir_name_len-1] != '\\' && fname[dir_name_len-1] != '/') {
633 pstrcat(fname, "\\");
634 dir_name_len++;
635 }
636
637 if(fname_len + dir_name_len >= sizeof(pstring))
638 return(ERROR(ERRSRV,ERRfilespecs));
639
640 get_filename(&fname[dir_name_len], inbuf, smb_buf(inbuf)-inbuf,
641 smb_buflen(inbuf),fname_len);
642
643 } else {
644
645 get_filename(fname, inbuf, smb_buf(inbuf)-inbuf,
646 smb_buflen(inbuf),fname_len);
647 }
648
649 /* If it's an IPC, use the pipe handler. */
650
651 if (IS_IPC(conn) && lp_nt_pipe_support()) {
652
653 int ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum);
654 if(ret != 0)
655 return ret;
656
657 /*
658 * Deal with pipe return.
659 */
660
661 set_message(outbuf,34,0,True);
662
663 p = outbuf + smb_vwv2;
664 p++;
665 SSVAL(p,0,pnum);
666 p += 2;
667 SIVAL(p,0,FILE_WAS_OPENED);
668 p += 4;
669 p += 32;
670 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
671 p += 20;
672 /* File type. */
673 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
674 /* Device state. */
675 SSVAL(p,2, 0x5FF); /* ? */
676
677 DEBUG(5,("reply_ntcreate_and_X: open pipe = %s\n", fname));
678
679 return chain_reply(inbuf,outbuf,length,bufsize);
680 }
681
682 /*
683 * Now contruct the smb_open_mode value from the filename,
684 * desired access and the share access.
685 */
686
687 if((smb_open_mode = map_share_mode(&stat_open_only, fname, desired_access,
688 share_access,
689 file_attributes)) == -1)
690 return(ERROR(ERRDOS,ERRbadaccess));
691
692 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
693 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
694
695 /*
696 * Ordinary file or directory.
697 */
698
699 /*
700 * Check if POSIX semantics are wanted.
701 */
702
703 set_posix_case_semantics(file_attributes);
704
705 unix_convert(fname,conn,0,&bad_path,NULL);
706
707 fsp = file_new();
708 if (!fsp) {
709 restore_case_semantics(file_attributes);
710 return(ERROR(ERRSRV,ERRnofids));
711 }
712
713 if (!check_name(fname,conn)) {
714 if((errno == ENOENT) && bad_path) {
715 unix_ERR_class = ERRDOS;
716 unix_ERR_code = ERRbadpath;
717 }
718 file_free(fsp);
719
720 restore_case_semantics(file_attributes);
721
722 return(UNIXERROR(ERRDOS,ERRnoaccess));
723 }
724
725 unixmode = unix_mode(conn,smb_attr | aARCH);
726
727 /*
728 * If it's a request for a directory open, deal with it separately.
729 */
730
731 if(create_options & FILE_DIRECTORY_FILE) {
732 oplock_request = 0;
733
734 open_directory(fsp, conn, fname, smb_ofun,
735 unixmode, &smb_action);
736
737 restore_case_semantics(file_attributes);
738
739 if(!fsp->open) {
740 file_free(fsp);
741 return(UNIXERROR(ERRDOS,ERRnoaccess));
742 }
743 } else {
744 /*
745 * Ordinary file case.
746 */
747
748 /* NB. We have a potential bug here. If we
749 * cause an oplock break to ourselves, then we
750 * could end up processing filename related
751 * SMB requests whilst we await the oplock
752 * break response. As we may have changed the
753 * filename case semantics to be POSIX-like,
754 * this could mean a filename request could
755 * fail when it should succeed. This is a rare
756 * condition, but eventually we must arrange
757 * to restore the correct case semantics
758 * before issuing an oplock break request to
759 * our client. JRA. */
760
761 open_file_shared(fsp,conn,fname,smb_open_mode,
762 smb_ofun,unixmode, oplock_request,&rmode,&smb_action);
763
764 if (!fsp->open) {
765 /* We cheat here. There are two cases we
766 * care about. One is a directory rename,
767 * where the NT client will attempt to
768 * open the source directory for
769 * DELETE access. Note that when the
770 * NT client does this it does *not*
771 * set the directory bit in the
772 * request packet. This is translated
773 * into a read/write open
774 * request. POSIX states that any open
775 * for write request on a directory
776 * will generate an EISDIR error, so
777 * we can catch this here and open a
778 * pseudo handle that is flagged as a
779 * directory. The second is an open
780 * for a permissions read only, which
781 * we handle in the open_file_stat case. JRA.
782 */
783
784 if(errno == EISDIR) {
785
786 /*
787 * We only fall back to directory open if no oplock was
788 * requested and no read/write data was requested.
789 */
790
791 if(oplock_request || (desired_access & (FILE_READ_DATA|FILE_WRITE_DATA|
792 FILE_APPEND_DATA|FILE_READ_ATTRIBUTES|FILE_READ_EA|
793 FILE_WRITE_ATTRIBUTES|FILE_WRITE_EA))) {
794 SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
795 return(ERROR(0, 0xc0000000|NT_STATUS_FILE_IS_A_DIRECTORY));
796 }
797
798 oplock_request = 0;
799 open_directory(fsp, conn, fname, smb_ofun, unixmode, &smb_action);
800
801 if(!fsp->open) {
802 file_free(fsp);
803 restore_case_semantics(file_attributes);
804 return(UNIXERROR(ERRDOS,ERRnoaccess));
805 }
806 } else if (errno == EACCES && stat_open_only) {
807
808 /*
809 * We couldn't open normally and all we want
810 * are the permissions. Try and do a stat open.
811 */
812
813 oplock_request = 0;
814
815 open_file_stat(fsp,conn,fname,smb_open_mode,&sbuf,&smb_action);
816
817 if(!fsp->open) {
818 file_free(fsp);
819 restore_case_semantics(file_attributes);
820 return(UNIXERROR(ERRDOS,ERRnoaccess));
821 }
822
823 } else {
824
825 if((errno == ENOENT) && bad_path) {
826 unix_ERR_class = ERRDOS;
827 unix_ERR_code = ERRbadpath;
828 }
829
830 file_free(fsp);
831
832 restore_case_semantics(file_attributes);
833
834 return(UNIXERROR(ERRDOS,ERRnoaccess));
835 }
836 }
837 }
838
839 if(fsp->is_directory) {
840 if(dos_stat(fsp->fsp_name, &sbuf) != 0) {
841 close_file(fsp,True);
842 restore_case_semantics(file_attributes);
843 return(ERROR(ERRDOS,ERRnoaccess));
844 }
845 } else {
846 if (!fsp->stat_open && sys_fstat(fsp->fd_ptr->fd,&sbuf) != 0) {
847 close_file(fsp,False);
848 restore_case_semantics(file_attributes);
849 return(ERROR(ERRDOS,ERRnoaccess));
850 }
851 }
852
853 restore_case_semantics(file_attributes);
854
855 file_len = sbuf.st_size;
856 fmode = dos_mode(conn,fname,&sbuf);
857 if(fmode == 0)
858 fmode = FILE_ATTRIBUTE_NORMAL;
859 if (!fsp->is_directory && (fmode & aDIR)) {
860 close_file(fsp,False);
861 return(ERROR(ERRDOS,ERRnoaccess));
862 }
863
864 /*
865 * If the caller set the extended oplock request bit
866 * and we granted one (by whatever means) - set the
867 * correct bit for extended oplock reply.
868 */
869
870 if (oplock_request && lp_fake_oplocks(SNUM(conn)))
871 smb_action |= EXTENDED_OPLOCK_GRANTED;
872
873 if(oplock_request && fsp->granted_oplock)
874 smb_action |= EXTENDED_OPLOCK_GRANTED;
875
876 set_message(outbuf,34,0,True);
877
878 p = outbuf + smb_vwv2;
879
880 /*
881 * Currently as we don't support level II oplocks we just report
882 * exclusive & batch here.
883 */
884
885 SCVAL(p,0, (smb_action & EXTENDED_OPLOCK_GRANTED ? BATCH_OPLOCK : 0));
886
887 p++;
888 SSVAL(p,0,fsp->fnum);
889 p += 2;
890 SIVAL(p,0,smb_action);
891 p += 4;
892
893 /* Create time. */
894 put_long_date(p,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
895 p += 8;
896 put_long_date(p,sbuf.st_atime); /* access time */
897 p += 8;
898 put_long_date(p,sbuf.st_mtime); /* write time */
899 p += 8;
900 put_long_date(p,sbuf.st_mtime); /* change time */
901 p += 8;
902 SIVAL(p,0,fmode); /* File Attributes. */
903 p += 4;
904 SOFF_T(p, 0, file_len);
905 p += 8;
906 SOFF_T(p,0,file_len);
907 p += 12;
908 SCVAL(p,0,fsp->is_directory ? 1 : 0);
909
910 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp->fnum, fsp->fsp_name));
911
912 return chain_reply(inbuf,outbuf,length,bufsize);
913 }
914
915 /****************************************************************************
916 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
917 ****************************************************************************/
918 static int call_nt_transact_create(connection_struct *conn,
919 char *inbuf, char *outbuf, int length,
920 int bufsize,
921 char **ppsetup, char **ppparams,
922 char **ppdata)
923 {
924 pstring fname;
925 char *params = *ppparams;
926 uint32 flags = IVAL(params,0);
927 uint32 desired_access = IVAL(params,8);
928 uint32 file_attributes = IVAL(params,20);
929 uint32 share_access = IVAL(params,24);
930 uint32 create_disposition = IVAL(params,28);
931 uint32 create_options = IVAL(params,32);
932 uint32 fname_len = MIN(((uint32)IVAL(params,44)),
933 ((uint32)sizeof(fname)-1));
934 uint16 root_dir_fid = (uint16)IVAL(params,4);
935 int smb_ofun;
936 int smb_open_mode;
937 int smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK);
938 /* Breakout the oplock request bits so we can set the
939 reply bits separately. */
940 int oplock_request = 0;
941 mode_t unixmode;
942 int pnum = -1;
943 int fmode=0,rmode=0;
944 SMB_OFF_T file_len = 0;
945 SMB_STRUCT_STAT sbuf;
946 int smb_action = 0;
947 BOOL bad_path = False;
948 files_struct *fsp = NULL;
949 char *p = NULL;
950 BOOL stat_open_only = False;
951
952 /*
953 * We need to construct the open_and_X ofun value from the
954 * NT values, as that's what our code is structured to accept.
955 */
956
957 if((smb_ofun = map_create_disposition( create_disposition )) == -1)
958 return(ERROR(ERRDOS,ERRbadaccess));
959
960 /*
961 * Get the file name.
962 */
963
964 if(root_dir_fid != 0) {
965 /*
966 * This filename is relative to a directory fid.
967 */
968
969 files_struct *dir_fsp = file_fsp(params,4);
970 size_t dir_name_len;
971
972 if(!dir_fsp)
973 return(ERROR(ERRDOS,ERRbadfid));
974
975 if(!dir_fsp->is_directory) {
976 /*
977 * Check to see if this is a mac fork of some kind.
978 */
979
980 StrnCpy(fname,params+53,fname_len);
981 fname[fname_len] = '\0';
982
983 if( fname[0] == ':') {
984 SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
985 return(ERROR(0, 0xc0000000|NT_STATUS_OBJECT_PATH_NOT_FOUND));
986 }
987
988 return(ERROR(ERRDOS,ERRbadfid));
989 }
990
991 /*
992 * Copy in the base directory name.
993 */
994
995 pstrcpy( fname, dir_fsp->fsp_name );
996 dir_name_len = strlen(fname);
997
998 /*
999 * Ensure it ends in a '\'.
1000 */
1001
1002 if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) {
1003 pstrcat(fname, "\\");
1004 dir_name_len++;
1005 }
1006
1007 if(fname_len + dir_name_len >= sizeof(pstring))
1008 return(ERROR(ERRSRV,ERRfilespecs));
1009
1010 StrnCpy(&fname[dir_name_len], params+53, fname_len);
1011 fname[dir_name_len+fname_len] = '\0';
1012
1013 } else {
1014 StrnCpy(fname,params+53,fname_len);
1015 fname[fname_len] = '\0';
1016 }
1017
1018 /* If it's an IPC, use the pipe handler. */
1019 if (IS_IPC(conn)) {
1020 int ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum);
1021 if(ret != 0)
1022 return ret;
1023 smb_action = FILE_WAS_OPENED;
1024 } else {
1025
1026 /*
1027 * Now contruct the smb_open_mode value from the desired access
1028 * and the share access.
1029 */
1030
1031 if((smb_open_mode = map_share_mode( &stat_open_only, fname, desired_access,
1032 share_access, file_attributes)) == -1)
1033 return(ERROR(ERRDOS,ERRbadaccess));
1034
1035 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
1036 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
1037
1038 /*
1039 * Check if POSIX semantics are wanted.
1040 */
1041
1042 set_posix_case_semantics(file_attributes);
1043
1044 unix_convert(fname,conn,0,&bad_path,NULL);
1045
1046 fsp = file_new();
1047 if (!fsp) {
1048 restore_case_semantics(file_attributes);
1049 return(ERROR(ERRSRV,ERRnofids));
1050 }
1051
1052 if (!check_name(fname,conn)) {
1053 if((errno == ENOENT) && bad_path) {
1054 unix_ERR_class = ERRDOS;
1055 unix_ERR_code = ERRbadpath;
1056 }
1057 file_free(fsp);
1058
1059 restore_case_semantics(file_attributes);
1060
1061 return(UNIXERROR(ERRDOS,ERRnoaccess));
1062 }
1063
1064 unixmode = unix_mode(conn,smb_attr | aARCH);
1065
1066 /*
1067 * If it's a request for a directory open, deal with it separately.
1068 */
1069
1070 if(create_options & FILE_DIRECTORY_FILE) {
1071
1072 oplock_request = 0;
1073
1074 /*
1075 * We will get a create directory here if the Win32
1076 * app specified a security descriptor in the
1077 * CreateDirectory() call.
1078 */
1079
1080 open_directory(fsp, conn, fname, smb_ofun, unixmode, &smb_action);
1081
1082 if(!fsp->open) {
1083 file_free(fsp);
1084 restore_case_semantics(file_attributes);
1085 return(UNIXERROR(ERRDOS,ERRnoaccess));
1086 }
1087
1088 if(dos_stat(fsp->fsp_name, &sbuf) != 0) {
1089 close_file(fsp,True);
1090 restore_case_semantics(file_attributes);
1091 return(ERROR(ERRDOS,ERRnoaccess));
1092 }
1093
1094 } else {
1095
1096 /*
1097 * Ordinary file case.
1098 */
1099
1100 open_file_shared(fsp,conn,fname,smb_open_mode,smb_ofun,unixmode,
1101 oplock_request,&rmode,&smb_action);
1102
1103 if (!fsp->open) {
1104
1105 if(errno == EACCES && stat_open_only) {
1106
1107 /*
1108 * We couldn't open normally and all we want
1109 * are the permissions. Try and do a stat open.
1110 */
1111
1112 oplock_request = 0;
1113
1114 open_file_stat(fsp,conn,fname,smb_open_mode,&sbuf,&smb_action);
1115
1116 if(!fsp->open) {
1117 file_free(fsp);
1118 restore_case_semantics(file_attributes);
1119 return(UNIXERROR(ERRDOS,ERRnoaccess));
1120 }
1121 } else {
1122
1123 if((errno == ENOENT) && bad_path) {
1124 unix_ERR_class = ERRDOS;
1125 unix_ERR_code = ERRbadpath;
1126 }
1127 file_free(fsp);
1128
1129 restore_case_semantics(file_attributes);
1130
1131 return(UNIXERROR(ERRDOS,ERRnoaccess));
1132 }
1133 }
1134
1135 if (!fsp->stat_open && sys_fstat(fsp->fd_ptr->fd,&sbuf) != 0) {
1136 close_file(fsp,False);
1137
1138 restore_case_semantics(file_attributes);
1139
1140 return(ERROR(ERRDOS,ERRnoaccess));
1141 }
1142
1143 file_len = sbuf.st_size;
1144 fmode = dos_mode(conn,fname,&sbuf);
1145 if(fmode == 0)
1146 fmode = FILE_ATTRIBUTE_NORMAL;
1147
1148 if (fmode & aDIR) {
1149 close_file(fsp,False);
1150 restore_case_semantics(file_attributes);
1151 return(ERROR(ERRDOS,ERRnoaccess));
1152 }
1153
1154 /*
1155 * If the caller set the extended oplock request bit
1156 * and we granted one (by whatever means) - set the
1157 * correct bit for extended oplock reply.
1158 */
1159
1160 if (oplock_request && lp_fake_oplocks(SNUM(conn)))
1161 smb_action |= EXTENDED_OPLOCK_GRANTED;
1162
1163 if(oplock_request && fsp->granted_oplock)
1164 smb_action |= EXTENDED_OPLOCK_GRANTED;
1165 }
1166 }
1167
1168 restore_case_semantics(file_attributes);
1169
1170 /* Realloc the size of parameters and data we will return */
1171 params = *ppparams = Realloc(*ppparams, 69);
1172 if(params == NULL)
1173 return(ERROR(ERRDOS,ERRnomem));
1174
1175 memset((char *)params,'\0',69);
1176
1177 p = params;
1178 SCVAL(p,0, (smb_action & EXTENDED_OPLOCK_GRANTED ? BATCH_OPLOCK : 0));
1179 p += 2;
1180 if (IS_IPC(conn)) {
1181 SSVAL(p,0,pnum);
1182 } else {
1183 SSVAL(p,0,fsp->fnum);
1184 }
1185 p += 2;
1186 SIVAL(p,0,smb_action);
1187 p += 8;
1188
1189 if (IS_IPC(conn)) {
1190 /*
1191 * Deal with pipe return.
1192 */
1193 p += 32;
1194 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
1195 p += 20;
1196 /* File type. */
1197 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
1198 /* Device state. */
1199 SSVAL(p,2, 0x5FF); /* ? */
1200 } else {
1201 /*
1202 * Deal with file return.
1203 */
1204 /* Create time. */
1205 put_long_date(p,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
1206 p += 8;
1207 put_long_date(p,sbuf.st_atime); /* access time */
1208 p += 8;
1209 put_long_date(p,sbuf.st_mtime); /* write time */
1210 p += 8;
1211 put_long_date(p,sbuf.st_mtime); /* change time */
1212 p += 8;
1213 SIVAL(p,0,fmode); /* File Attributes. */
1214 p += 4;
1215 SOFF_T(p,0,file_len);
1216 p += 8;
1217 SOFF_T(p,0,file_len);
1218 }
1219
1220 /* Send the required number of replies */
1221 send_nt_replies(inbuf, outbuf, bufsize, 0, params, 69, *ppdata, 0);
1222
1223 return -1;
1224 }
1225
1226 /****************************************************************************
1227 Reply to a NT CANCEL request.
1228 ****************************************************************************/
1229 int reply_ntcancel(connection_struct *conn,
1230 char *inbuf,char *outbuf,int length,int bufsize)
1231 {
1232 /*
1233 * Go through and cancel any pending change notifies.
1234 */
1235
1236 int mid = SVAL(inbuf,smb_mid);
1237 remove_pending_change_notify_requests_by_mid(mid);
1238 remove_pending_lock_requests_by_mid(mid);
1239
1240 DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", mid));
1241
1242 return(-1);
1243 }
1244
1245 /****************************************************************************
1246 Reply to an unsolicited SMBNTtranss - just ignore it!
1247 ****************************************************************************/
1248 int reply_nttranss(connection_struct *conn,
1249 char *inbuf,char *outbuf,int length,int bufsize)
1250 {
1251 DEBUG(4,("Ignoring nttranss of length %d\n",length));
1252 return(-1);
1253 }
1254
1255 /****************************************************************************
1256 Reply to an NT transact rename command.
1257 ****************************************************************************/
1258
1259 static int call_nt_transact_rename(connection_struct *conn,
1260 char *inbuf, char *outbuf, int length,
1261 int bufsize,
1262 char **ppsetup, char **ppparams, char **ppdata)
1263 {
1264 char *params = *ppparams;
1265 pstring new_name;
1266 files_struct *fsp = file_fsp(params, 0);
1267 BOOL replace_if_exists = (SVAL(params,2) & RENAME_REPLACE_IF_EXISTS) ? True : False;
1268 uint32 fname_len = MIN((((uint32)IVAL(inbuf,smb_nt_TotalParameterCount)-4)),
1269 ((uint32)sizeof(new_name)-1));
1270 int outsize = 0;
1271
1272 CHECK_FSP(fsp, conn);
1273 StrnCpy(new_name,params+4,fname_len);
1274 new_name[fname_len] = '\0';
1275
1276 outsize = rename_internals(conn, inbuf, outbuf, fsp->fsp_name,
1277 new_name, replace_if_exists);
1278 if(outsize == 0) {
1279 /*
1280 * Rename was successful.
1281 */
1282 send_nt_replies(inbuf, outbuf, bufsize, 0, NULL, 0, NULL, 0);
1283
1284 DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
1285 fsp->fsp_name, new_name));
1286
1287 outsize = -1;
1288 }
1289
1290 return(outsize);
1291 }
1292
1293 /****************************************************************************
1294 This is the structure to keep the information needed to
1295 determine if a directory has changed.
1296 *****************************************************************************/
1297
1298 typedef struct {
1299 time_t modify_time; /* Info from the directory we're monitoring. */
1300 time_t status_time; /* Info from the directory we're monitoring. */
1301 time_t total_time; /* Total time of all directory entries - don't care if it wraps. */
1302 unsigned int num_entries; /* Zero or the number of files in the directory. */
1303 } change_hash_data;
1304
1305 /****************************************************************************
1306 This is the structure to queue to implement NT change
1307 notify. It consists of smb_size bytes stored from the
1308 transact command (to keep the mid, tid etc around).
1309 Plus the fid to examine and the time to check next.
1310 *****************************************************************************/
1311
1312 typedef struct {
1313 ubi_slNode msg_next;
1314 files_struct *fsp;
1315 connection_struct *conn;
1316 uint32 flags;
1317 time_t next_check_time;
1318 change_hash_data change_data;
1319 char request_buf[smb_size];
1320 } change_notify_buf;
1321
1322 static ubi_slList change_notify_queue = { NULL, (ubi_slNodePtr)&change_notify_queue, 0};
1323
1324 /****************************************************************************
1325 Setup the common parts of the return packet and send it.
1326 *****************************************************************************/
1327
1328 static void change_notify_reply_packet(char *inbuf, int error_class, uint32 error_code)
1329 {
1330 extern int Client;
1331 char outbuf[smb_size+38];
1332
1333 memset(outbuf, '\0', sizeof(outbuf));
1334 construct_reply_common(inbuf, outbuf);
1335
1336 /*
1337 * If we're returning a 'too much in the directory changed' we need to
1338 * set this is an NT error status flags. If we don't then the (probably
1339 * untested) code in the NT redirector has a bug in that it doesn't re-issue
1340 * the change notify.... Ah - I *love* it when I get so deeply into this I
1341 * can even determine how MS failed to test stuff and why.... :-). JRA.
1342 */
1343
1344 if(error_class == 0) /* NT Error. */
1345 SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
1346
1347 ERROR(error_class,error_code);
1348
1349 /*
1350 * Seems NT needs a transact command with an error code
1351 * in it. This is a longer packet than a simple error.
1352 */
1353 set_message(outbuf,18,0,False);
1354
1355 send_smb(Client,outbuf);
1356 }
1357
1358 /****************************************************************************
1359 Create the hash we will use to determine if the contents changed.
1360 *****************************************************************************/
1361
1362 static BOOL create_directory_notify_hash( change_notify_buf *cnbp, change_hash_data *change_data)
1363 {
1364 SMB_STRUCT_STAT st;
1365 files_struct *fsp = cnbp->fsp;
1366
1367 memset((char *)change_data, '\0', sizeof(change_data));
1368
1369 /*
1370 * Store the current timestamp on the directory we are monitoring.
1371 */
1372
1373 if(dos_stat(fsp->fsp_name, &st) < 0) {
1374 DEBUG(0,("create_directory_notify_hash: Unable to stat name = %s. \
1375 Error was %s\n", fsp->fsp_name, strerror(errno) ));
1376 return False;
1377 }
1378
1379 change_data->modify_time = st.st_mtime;
1380 change_data->status_time = st.st_ctime;
1381
1382 /*
1383 * If we are to watch for changes that are only stored
1384 * in inodes of files, not in the directory inode, we must
1385 * scan the directory and produce a unique identifier with
1386 * which we can determine if anything changed. We use the
1387 * modify and change times from all the files in the
1388 * directory, added together (ignoring wrapping if it's
1389 * larger than the max time_t value).
1390 */
1391
1392 if(cnbp->flags & (FILE_NOTIFY_CHANGE_SIZE|FILE_NOTIFY_CHANGE_LAST_WRITE)) {
1393 pstring full_name;
1394 char *p;
1395 char *fname;
1396 size_t remaining_len;
1397 size_t fullname_len;
1398 void *dp = OpenDir(cnbp->conn, fsp->fsp_name, True);
1399
1400 if(dp == NULL) {
1401 DEBUG(0,("create_directory_notify_hash: Unable to open directory = %s. \
1402 Error was %s\n", fsp->fsp_name, strerror(errno) ));
1403 return False;
1404 }
1405
1406 change_data->num_entries = 0;
1407
1408 pstrcpy(full_name, fsp->fsp_name);
1409 pstrcat(full_name, "/");
1410
1411 fullname_len = strlen(full_name);
1412 remaining_len = sizeof(full_name) - fullname_len - 1;
1413 p = &full_name[fullname_len];
1414
1415 while ((fname = ReadDirName(dp))) {
1416 if(strequal(fname, ".") || strequal(fname, ".."))
1417 continue;
1418
1419 change_data->num_entries++;
1420 safe_strcpy( p, fname, remaining_len);
1421
1422 memset(&st, '\0', sizeof(st));
1423
1424 /*
1425 * Do the stat - but ignore errors.
1426 */
1427
1428 if(dos_stat(full_name, &st) < 0) {
1429 DEBUG(5,("create_directory_notify_hash: Unable to stat content file = %s. \
1430 Error was %s\n", fsp->fsp_name, strerror(errno) ));
1431 }
1432 change_data->total_time += (st.st_mtime + st.st_ctime);
1433 }
1434
1435 CloseDir(dp);
1436 }
1437
1438 return True;
1439 }
1440
1441 /****************************************************************************
1442 Delete entries by fnum from the change notify pending queue.
1443 *****************************************************************************/
1444
1445 void remove_pending_change_notify_requests_by_fid(files_struct *fsp)
1446 {
1447 change_notify_buf *cnbp = (change_notify_buf *)ubi_slFirst( &change_notify_queue );
1448 change_notify_buf *prev = NULL;
1449
1450 while(cnbp != NULL) {
1451 if(cnbp->fsp->fnum == fsp->fnum) {
1452 free((char *)ubi_slRemNext( &change_notify_queue, prev));
1453 cnbp = (change_notify_buf *)(prev ? ubi_slNext(prev) : ubi_slFirst(&change_notify_queue));
1454 continue;
1455 }
1456
1457 prev = cnbp;
1458 cnbp = (change_notify_buf *)ubi_slNext(cnbp);
1459 }
1460 }
1461
1462 /****************************************************************************
1463 Delete entries by mid from the change notify pending queue. Always send reply.
1464 *****************************************************************************/
1465
1466 static void remove_pending_change_notify_requests_by_mid(int mid)
1467 {
1468 change_notify_buf *cnbp = (change_notify_buf *)ubi_slFirst( &change_notify_queue );
1469 change_notify_buf *prev = NULL;
1470
1471 while(cnbp != NULL) {
1472 if(SVAL(cnbp->request_buf,smb_mid) == mid) {
1473 change_notify_reply_packet(cnbp->request_buf,0,0xC0000000 |NT_STATUS_CANCELLED);
1474 free((char *)ubi_slRemNext( &change_notify_queue, prev));
1475 cnbp = (change_notify_buf *)(prev ? ubi_slNext(prev) : ubi_slFirst(&change_notify_queue));
1476 continue;
1477 }
1478
1479 prev = cnbp;
1480 cnbp = (change_notify_buf *)ubi_slNext(cnbp);
1481 }
1482 }
1483
1484 /****************************************************************************
1485 Delete entries by filename and cnum from the change notify pending queue.
1486 Always send reply.
1487 *****************************************************************************/
1488
1489 void remove_pending_change_notify_requests_by_filename(files_struct *fsp)
1490 {
1491 change_notify_buf *cnbp = (change_notify_buf *)ubi_slFirst( &change_notify_queue );
1492 change_notify_buf *prev = NULL;
1493
1494 while(cnbp != NULL) {
1495 /*
1496 * We know it refers to the same directory if the connection number and
1497 * the filename are identical.
1498 */
1499 if((cnbp->fsp->conn == fsp->conn) && strequal(cnbp->fsp->fsp_name,fsp->fsp_name)) {
1500 change_notify_reply_packet(cnbp->request_buf,0,0xC0000000 |NT_STATUS_CANCELLED);
1501 free((char *)ubi_slRemNext( &change_notify_queue, prev));
1502 cnbp = (change_notify_buf *)(prev ? ubi_slNext(prev) : ubi_slFirst(&change_notify_queue));
1503 continue;
1504 }
1505
1506 prev = cnbp;
1507 cnbp = (change_notify_buf *)ubi_slNext(cnbp);
1508 }
1509 }
1510
1511 /****************************************************************************
1512 Process the change notify queue. Note that this is only called as root.
1513 *****************************************************************************/
1514
1515 void process_pending_change_notify_queue(time_t t)
1516 {
1517 change_notify_buf *cnbp = (change_notify_buf *)ubi_slFirst( &change_notify_queue );
1518 change_notify_buf *prev = NULL;
1519
1520 if(cnbp == NULL)
1521 return;
1522
1523 if(cnbp->next_check_time >= t)
1524 return;
1525
1526 /*
1527 * It's time to check. Go through the queue and see if
1528 * the timestamps changed.
1529 */
1530
1531 while((cnbp != NULL) && (cnbp->next_check_time <= t)) {
1532 change_hash_data change_data;
1533 connection_struct *conn = cnbp->conn;
1534 uint16 vuid = (lp_security() == SEC_SHARE) ? UID_FIELD_INVALID :
1535 SVAL(cnbp->request_buf,smb_uid);
1536
1537 /*
1538 * Ensure we don't have any old chain_fsp values
1539 * sitting around....
1540 */
1541 chain_size = 0;
1542 file_chain_reset();
1543
1544 if(!become_user(conn,vuid)) {
1545 DEBUG(0,("process_pending_change_notify_queue: Unable to become user vuid=%d.\n",
1546 vuid ));
1547 /*
1548 * Remove the entry and return an error to the client.
1549 */
1550 change_notify_reply_packet(cnbp->request_buf,ERRSRV,ERRaccess);
1551 free((char *)ubi_slRemNext( &change_notify_queue, prev));
1552 cnbp = (change_notify_buf *)(prev ? ubi_slNext(prev) : ubi_slFirst(&change_notify_queue));
1553 continue;
1554 }
1555
1556 if(!become_service(conn,True)) {
1557 DEBUG(0,("process_pending_change_notify_queue: Unable to become service Error was %s.\n", strerror(errno) ));
1558 /*
1559 * Remove the entry and return an error to the client.
1560 */
1561 change_notify_reply_packet(cnbp->request_buf,ERRSRV,ERRaccess);
1562 free((char *)ubi_slRemNext( &change_notify_queue, prev));
1563 cnbp = (change_notify_buf *)(prev ? ubi_slNext(prev) : ubi_slFirst(&change_notify_queue));
1564 unbecome_user();
1565 continue;
1566 }
1567
1568 if(!create_directory_notify_hash( cnbp, &change_data)) {
1569 DEBUG(0,("process_pending_change_notify_queue: Unable to create change data for \
1570 directory %s\n", cnbp->fsp->fsp_name ));
1571 /*
1572 * Remove the entry and return an error to the client.
1573 */
1574 change_notify_reply_packet(cnbp->request_buf,ERRSRV,ERRaccess);
1575 free((char *)ubi_slRemNext( &change_notify_queue, prev));
1576 cnbp = (change_notify_buf *)(prev ? ubi_slNext(prev) : ubi_slFirst(&change_notify_queue));
1577 unbecome_user();
1578 continue;
1579 }
1580
1581 if(memcmp( (char *)&cnbp->change_data, (char *)&change_data, sizeof(change_data))) {
1582 /*
1583 * Remove the entry and return a change notify to the client.
1584 */
1585 DEBUG(5,("process_pending_change_notify_queue: directory name = %s changed.\n",
1586 cnbp->fsp->fsp_name ));
1587 change_notify_reply_packet(cnbp->request_buf,0,NT_STATUS_NOTIFY_ENUM_DIR);
1588 free((char *)ubi_slRemNext( &change_notify_queue, prev));
1589 cnbp = (change_notify_buf *)(prev ? ubi_slNext(prev) : ubi_slFirst(&change_notify_queue));
1590 unbecome_user();
1591 continue;
1592 }
1593
1594 unbecome_user();
1595
1596 /*
1597 * Move to the next in the list.
1598 */
1599 prev = cnbp;
1600 cnbp = (change_notify_buf *)ubi_slNext(cnbp);
1601 }
1602 }
1603
1604 /****************************************************************************
1605 Reply to a notify change - queue the request and
1606 don't allow a directory to be opened.
1607 ****************************************************************************/
1608
1609 static int call_nt_transact_notify_change(connection_struct *conn,
1610 char *inbuf, char *outbuf, int length,
1611 int bufsize,
1612 char **ppsetup,
1613 char **ppparams, char **ppdata)
1614 {
1615 char *setup = *ppsetup;
1616 files_struct *fsp;
1617 change_notify_buf *cnbp;
1618
1619 fsp = file_fsp(setup,4);
1620
1621 DEBUG(3,("call_nt_transact_notify_change\n"));
1622
1623 if(!fsp)
1624 return(ERROR(ERRDOS,ERRbadfid));
1625
1626 if((!fsp->open) || (!fsp->is_directory) || (conn != fsp->conn))
1627 return(ERROR(ERRDOS,ERRbadfid));
1628
1629 /*
1630 * Now queue an entry on the notify change stack. We timestamp
1631 * the entry we are adding so that we know when to scan next.
1632 * We only need to save smb_size bytes from this incoming packet
1633 * as we will always by returning a 'read the directory yourself'
1634 * error.
1635 */
1636
1637 if((cnbp = (change_notify_buf *)malloc(sizeof(change_notify_buf))) == NULL) {
1638 DEBUG(0,("call_nt_transact_notify_change: malloc fail !\n" ));
1639 return -1;
1640 }
1641
1642 memset((char *)cnbp, '\0', sizeof(change_notify_buf));
1643
1644 memcpy(cnbp->request_buf, inbuf, smb_size);
1645 cnbp->fsp = fsp;
1646 cnbp->conn = conn;
1647 cnbp->next_check_time = time(NULL) + lp_change_notify_timeout();
1648 cnbp->flags = IVAL(setup, 0);
1649
1650 if(!create_directory_notify_hash( cnbp, &cnbp->change_data )) {
1651 free((char *)cnbp);
1652 return(UNIXERROR(ERRDOS,ERRbadfid));
1653 }
1654
1655 /*
1656 * Adding to the tail enables us to check only
1657 * the head when scanning for change, as this entry
1658 * is forced to have the first timeout expiration.
1659 */
1660
1661 ubi_slAddTail(&change_notify_queue, cnbp);
1662
1663 DEBUG(3,("call_nt_transact_notify_change: notify change called on directory \
1664 name = %s\n", fsp->fsp_name ));
1665
1666 return -1;
1667 }
1668
1669 /****************************************************************************
1670 Map unix perms to NT.
1671 ****************************************************************************/
1672
1673 static SEC_ACCESS map_unix_perms( int *pacl_type, mode_t perm, int r_mask, int w_mask, int x_mask, BOOL is_directory)
1674 {
1675 SEC_ACCESS sa;
1676 uint32 nt_mask = 0;
1677
1678 *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
1679
1680 if((perm & (r_mask|w_mask|x_mask)) == (r_mask|w_mask|x_mask)) {
1681 nt_mask = UNIX_ACCESS_RWX;
1682 } else if((perm & (r_mask|w_mask|x_mask)) == 0) {
1683 nt_mask = UNIX_ACCESS_NONE;
1684 } else {
1685 nt_mask |= (perm & r_mask) ? UNIX_ACCESS_R : 0;
1686 if(is_directory)
1687 nt_mask |= (perm & w_mask) ? UNIX_ACCESS_W : 0;
1688 else
1689 nt_mask |= (perm & w_mask) ? UNIX_ACCESS_W : 0;
1690 nt_mask |= (perm & x_mask) ? UNIX_ACCESS_X : 0;
1691 }
1692 init_sec_access(&sa,nt_mask);
1693 return sa;
1694 }
1695
1696 /****************************************************************************
1697 Reply to query a security descriptor from an fsp. If it succeeds it allocates
1698 the space for the return elements and returns True.
1699 ****************************************************************************/
1700
1701 static size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
1702 {
1703 extern DOM_SID global_sam_sid;
1704 extern DOM_SID global_sid_World;
1705 SMB_STRUCT_STAT sbuf;
1706 SEC_ACE ace_list[6];
1707 DOM_SID owner_sid;
1708 DOM_SID group_sid;
1709 size_t sec_desc_size;
1710 SEC_ACL *psa = NULL;
1711 SEC_ACCESS owner_access;
1712 int owner_acl_type;
1713 SEC_ACCESS group_access;
1714 int grp_acl_type;
1715 SEC_ACCESS other_access;
1716 int other_acl_type;
1717 int num_acls = 0;
1718
1719 *ppdesc = NULL;
1720
1721 if(!lp_nt_acl_support()) {
1722 sid_copy( &owner_sid, &global_sid_World);
1723 sid_copy( &group_sid, &global_sid_World);
1724 } else {
1725
1726 if(fsp->is_directory || fsp->fd_ptr == NULL) {
1727 if(dos_stat(fsp->fsp_name, &sbuf) != 0) {
1728 return 0;
1729 }
1730 } else {
1731 if(sys_fstat(fsp->fd_ptr->fd,&sbuf) != 0) {
1732 return 0;
1733 }
1734 }
1735
1736 /*
1737 * Get the owner, group and world SIDs.
1738 */
1739
1740 sid_copy(&owner_sid, &global_sam_sid);
1741 sid_copy(&group_sid, &global_sam_sid);
1742 sid_append_rid(&owner_sid, pdb_uid_to_user_rid(sbuf.st_uid));
1743 sid_append_rid(&group_sid, pdb_gid_to_group_rid(sbuf.st_gid));
1744
1745 /*
1746 * Create the generic 3 element UNIX acl.
1747 */
1748
1749 owner_access = map_unix_perms(&owner_acl_type, sbuf.st_mode,
1750 S_IRUSR, S_IWUSR, S_IXUSR, fsp->is_directory);
1751 group_access = map_unix_perms(&grp_acl_type, sbuf.st_mode,
1752 S_IRGRP, S_IWGRP, S_IXGRP, fsp->is_directory);
1753 other_access = map_unix_perms(&other_acl_type, sbuf.st_mode,
1754 S_IROTH, S_IWOTH, S_IXOTH, fsp->is_directory);
1755
1756 if(owner_access.mask)
1757 init_sec_ace(&ace_list[num_acls++], &owner_sid, owner_acl_type,
1758 owner_access, 0);
1759
1760 if(group_access.mask)
1761 init_sec_ace(&ace_list[num_acls++], &group_sid, grp_acl_type,
1762 group_access, 0);
1763
1764 if(other_access.mask)
1765 init_sec_ace(&ace_list[num_acls++], &global_sid_World, other_acl_type,
1766 other_access, 0);
1767
1768 if(fsp->is_directory) {
1769 /*
1770 * For directory ACLs we also add in the inherited permissions
1771 * ACE entries. These are the permissions a file would get when
1772 * being created in the directory.
1773 */
1774 mode_t mode = unix_mode( fsp->conn, FILE_ATTRIBUTE_ARCHIVE);
1775
1776 owner_access = map_unix_perms(&owner_acl_type, mode,
1777 S_IRUSR, S_IWUSR, S_IXUSR, fsp->is_directory);
1778 group_access = map_unix_perms(&grp_acl_type, mode,
1779 S_IRGRP, S_IWGRP, S_IXGRP, fsp->is_directory);
1780 other_access = map_unix_perms(&other_acl_type, mode,
1781 S_IROTH, S_IWOTH, S_IXOTH, fsp->is_directory);
1782
1783 if(owner_access.mask)
1784 init_sec_ace(&ace_list[num_acls++], &owner_sid, owner_acl_type,
1785 owner_access, SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY);
1786
1787 if(group_access.mask)
1788 init_sec_ace(&ace_list[num_acls++], &group_sid, grp_acl_type,
1789 group_access, SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY);
1790
1791 if(other_access.mask)
1792 init_sec_ace(&ace_list[num_acls++], &global_sid_World, other_acl_type,
1793 other_access, SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY);
1794 }
1795
1796 if(num_acls)
1797 if((psa = make_sec_acl( 3, num_acls, ace_list)) == NULL) {
1798 DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n"));
1799 return 0;
1800 }
1801 }
1802
1803 *ppdesc = make_standard_sec_desc( &owner_sid, &group_sid, psa, &sec_desc_size);
1804
1805 if(!*ppdesc) {
1806 DEBUG(0,("get_nt_acl: Unable to malloc space for security descriptor.\n"));
1807 sec_desc_size = 0;
1808 }
1809
1810 free_sec_acl(&psa);
1811
1812 return sec_desc_size;
1813 }
1814
1815 /****************************************************************************
1816 Reply to query a security descriptor - currently this is not implemented (it
1817 is planned to be though). Right now it just returns the same thing NT would
1818 when queried on a FAT filesystem. JRA.
1819 ****************************************************************************/
1820
1821 static int call_nt_transact_query_security_desc(connection_struct *conn,
1822 char *inbuf, char *outbuf,
1823 int length, int bufsize,
1824 char **ppsetup, char **ppparams, char **ppdata)
1825 {
1826 uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount);
1827 char *params = *ppparams;
1828 char *data = *ppdata;
1829 prs_struct pd;
1830 SEC_DESC *psd;
1831 size_t sec_desc_size;
1832
1833 files_struct *fsp = file_fsp(params,0);
1834
1835 if(!fsp)
1836 return(ERROR(ERRDOS,ERRbadfid));
1837
1838 DEBUG(3,("call_nt_transact_query_security_desc: file = %s\n", fsp->fsp_name ));
1839
1840 params = *ppparams = Realloc(*ppparams, 4);
1841 if(params == NULL)
1842 return(ERROR(ERRDOS,ERRnomem));
1843
1844 /*
1845 * Get the permissions to return.
1846 */
1847
1848 if((sec_desc_size = get_nt_acl(fsp, &psd)) == 0)
1849 return(UNIXERROR(ERRDOS,ERRnoaccess));
1850
1851 DEBUG(3,("call_nt_transact_query_security_desc: sec_desc_size = %d.\n",(int)sec_desc_size));
1852
1853 SIVAL(params,0,(uint32)sec_desc_size);
1854
1855 if(max_data_count < sec_desc_size) {
1856
1857 free_sec_desc(&psd);
1858
1859 send_nt_replies(inbuf, outbuf, bufsize, 0xC0000000|NT_STATUS_BUFFER_TOO_SMALL,
1860 params, 4, *ppdata, 0);
1861 return -1;
1862 }
1863
1864 /*
1865 * Allocate the data we will point this at.
1866 */
1867
1868 data = *ppdata = Realloc(*ppdata, sec_desc_size);
1869 if(data == NULL) {
1870 free_sec_desc(&psd);
1871 return(ERROR(ERRDOS,ERRnomem));
1872 }
1873
1874 memset(data, '\0', sec_desc_size);
1875
1876 /*
1877 * Init the parse struct we will marshall into.
1878 */
1879
1880 prs_init(&pd, 0, 4, MARSHALL);
1881
1882 /*
1883 * Setup the prs_struct to point at the memory we just
1884 * allocated.
1885 */
1886
1887 prs_give_memory( &pd, data, (uint32)sec_desc_size, False);
1888
1889 /*
1890 * Finally, linearize into the outgoing buffer.
1891 */
1892
1893 if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
1894 free_sec_desc(&psd);
1895 DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \
1896 security descriptor.\n"));
1897 /*
1898 * Return access denied for want of a better error message..
1899 */
1900 return(UNIXERROR(ERRDOS,ERRnoaccess));
1901 }
1902
1903 /*
1904 * Now we can delete the security descriptor.
1905 */
1906
1907 free_sec_desc(&psd);
1908
1909 send_nt_replies(inbuf, outbuf, bufsize, 0, params, 4, data, (int)sec_desc_size);
1910 return -1;
1911 }
1912
1913 /****************************************************************************
1914 Validate a SID.
1915 ****************************************************************************/
1916
1917 static BOOL validate_unix_sid( DOM_SID *psid, uint32 *prid, DOM_SID *sd_sid)
1918 {
1919 extern DOM_SID global_sam_sid;
1920 DOM_SID sid;
1921
1922 if(!sd_sid) {
1923 DEBUG(5,("validate_unix_sid: sid missing.\n"));
1924 return False;
1925 }
1926
1927 sid_copy(psid, sd_sid);
1928 sid_copy(&sid, sd_sid);
1929
1930 if(!sid_split_rid(&sid, prid)) {
1931 DEBUG(5,("validate_unix_sid: cannot get RID from sid.\n"));
1932 return False;
1933 }
1934
1935 if(!sid_equal( &sid, &global_sam_sid)) {
1936 DEBUG(5,("validate_unix_sid: sid is not ours.\n"));
1937 return False;
1938 }
1939
1940 return True;
1941 }
1942
1943 /****************************************************************************
1944 Map NT perms to UNIX.
1945 ****************************************************************************/
1946
1947 static mode_t map_nt_perms( SEC_ACCESS sec_access, int type)
1948 {
1949 mode_t mode = 0;
1950
1951 switch(type) {
1952 case S_IRUSR:
1953 if(sec_access.mask & GENERIC_ALL_ACCESS)
1954 mode = S_IRUSR|S_IWUSR|S_IXUSR;
1955 else {
1956 mode |= (sec_access.mask & GENERIC_READ_ACCESS) ? S_IRUSR : 0;
1957 mode |= (sec_access.mask & GENERIC_WRITE_ACCESS) ? S_IWUSR : 0;
1958 mode |= (sec_access.mask & GENERIC_EXECUTE_ACCESS) ? S_IXUSR : 0;
1959 }
1960 break;
1961 case S_IRGRP:
1962 if(sec_access.mask & GENERIC_ALL_ACCESS)
1963 mode = S_IRGRP|S_IWGRP|S_IXGRP;
1964 else {
1965 mode |= (sec_access.mask & GENERIC_READ_ACCESS) ? S_IRGRP : 0;
1966 mode |= (sec_access.mask & GENERIC_WRITE_ACCESS) ? S_IWGRP : 0;
1967 mode |= (sec_access.mask & GENERIC_EXECUTE_ACCESS) ? S_IXGRP : 0;
1968 }
1969 break;
1970 case S_IROTH:
1971 if(sec_access.mask & GENERIC_ALL_ACCESS)
1972 mode = S_IROTH|S_IWOTH|S_IXOTH;
1973 else {
1974 mode |= (sec_access.mask & GENERIC_READ_ACCESS) ? S_IROTH : 0;
1975 mode |= (sec_access.mask & GENERIC_WRITE_ACCESS) ? S_IWOTH : 0;
1976 mode |= (sec_access.mask & GENERIC_EXECUTE_ACCESS) ? S_IXOTH : 0;
1977 }
1978 break;
1979 }
1980
1981 return mode;
1982 }
1983
1984 /****************************************************************************
1985 Unpack a SEC_DESC into a owner, group and set of UNIX permissions.
1986 ****************************************************************************/
1987
1988 static BOOL unpack_nt_permissions(uid_t *puser, gid_t *pgrp, mode_t *pmode, uint32 security_info_sent,
1989 SEC_DESC *psd, BOOL is_directory)
1990 {
1991 extern DOM_SID global_sid_World;
1992 DOM_SID owner_sid;
1993 DOM_SID grp_sid;
1994 uint32 owner_rid;
1995 uint32 grp_rid;
1996 SEC_ACL *dacl = psd->dacl;
1997 int i;
1998
1999 *pmode = 0;
2000 *puser = (uid_t)-1;
2001 *pgrp = (uid_t)-1;
2002
2003 if(security_info_sent == 0) {
2004 DEBUG(0,("unpack_unix_permissions: no security info sent !\n"));
2005 return False;
2006 }
2007
2008 /*
2009 * Validate the owner and group SID's.
2010 */
2011
2012 memset(&owner_sid, '\0', sizeof(owner_sid));
2013 memset(&grp_sid, '\0', sizeof(grp_sid));
2014
2015 DEBUG(5,("unpack_unix_permissions: validating owner_sid.\n"));
2016
2017 /*
2018 * Don't immediately fail if the owner sid cannot be validated.
2019 * This may be a group chown only set.
2020 */
2021
2022 if(!validate_unix_sid( &owner_sid, &owner_rid, psd->owner_sid))
2023 DEBUG(3,("unpack_unix_permissions: unable to validate owner sid.\n"));
2024 else if(security_info_sent & OWNER_SECURITY_INFORMATION)
2025 *puser = pdb_user_rid_to_uid(owner_rid);
2026
2027 /*
2028 * Don't immediately fail if the group sid cannot be validated.
2029 * This may be an owner chown only set.
2030 */
2031
2032 if(!validate_unix_sid( &grp_sid, &grp_rid, psd->grp_sid))
2033 DEBUG(3,("unpack_unix_permissions: unable to validate group sid.\n"));
2034 else if(security_info_sent & GROUP_SECURITY_INFORMATION)
2035 *pgrp = pdb_user_rid_to_gid(grp_rid);
2036
2037 /*
2038 * If no DACL then this is a chown only security descriptor.
2039 */
2040
2041 if(!(security_info_sent & DACL_SECURITY_INFORMATION) || !dacl) {
2042 *pmode = 0;
2043 return True;
2044 }
2045
2046 /*
2047 * Now go through the DACL and ensure that
2048 * any owner/group sids match.
2049 */
2050
2051 for(i = 0; i < dacl->num_aces; i++) {
2052 DOM_SID ace_sid;
2053 SEC_ACE *psa = &dacl->ace_list[i];
2054
2055 if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) &&
2056 (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) {
2057 DEBUG(3,("unpack_unix_permissions: unable to set anything but an ALLOW or DENY ACE.\n"));
2058 return False;
2059 }
2060
2061 /*
2062 * Ignore or remove bits we don't care about on a directory ACE.
2063 */
2064
2065 if(is_directory) {
2066 if(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
2067 DEBUG(3,("unpack_unix_permissions: ignoring inherit only ACE.\n"));
2068 continue;
2069 }
2070
2071 psa->flags &= ~(SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT);
2072 }
2073
2074 if(psa->flags != 0) {
2075 DEBUG(1,("unpack_unix_permissions: unable to set ACE flags (%x).\n",
2076 (unsigned int)psa->flags));
2077 return False;
2078 }
2079
2080 /*
2081 * The security mask may be UNIX_ACCESS_NONE which should map into
2082 * no permissions (we overload the WRITE_OWNER bit for this) or it
2083 * should be one of the ALL/EXECUTE/READ/WRITE bits. Arrange for this
2084 * to be so. Any other bits override the UNIX_ACCESS_NONE bit.
2085 */
2086
2087 psa->info.mask &= (GENERIC_ALL_ACCESS|GENERIC_EXECUTE_ACCESS|GENERIC_WRITE_ACCESS|
2088 GENERIC_READ_ACCESS|UNIX_ACCESS_NONE);
2089
2090 if(psa->info.mask != UNIX_ACCESS_NONE)
2091 psa->info.mask &= ~UNIX_ACCESS_NONE;
2092
2093 sid_copy(&ace_sid, &psa->sid);
2094
2095 if(sid_equal(&ace_sid, &owner_sid)) {
2096 /*
2097 * Map the desired permissions into owner perms.
2098 */
2099
2100 if(psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED)
2101 *pmode |= map_nt_perms( psa->info, S_IRUSR);
2102 else
2103 *pmode &= ~(map_nt_perms( psa->info, S_IRUSR));
2104
2105 } else if( sid_equal(&ace_sid, &grp_sid)) {
2106 /*
2107 * Map the desired permissions into group perms.
2108 */
2109
2110 if(psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED)
2111 *pmode |= map_nt_perms( psa->info, S_IRGRP);
2112 else
2113 *pmode &= ~(map_nt_perms( psa->info, S_IRGRP));
2114
2115 } else if( sid_equal(&ace_sid, &global_sid_World)) {
2116 /*
2117 * Map the desired permissions into other perms.
2118 */
2119
2120 if(psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED)
2121 *pmode |= map_nt_perms( psa->info, S_IROTH);
2122 else
2123 *pmode &= ~(map_nt_perms( psa->info, S_IROTH));
2124
2125 } else {
2126 DEBUG(0,("unpack_unix_permissions: unknown SID used in ACL.\n"));
2127 return False;
2128 }
2129 }
2130
2131 return True;
2132 }
2133
2134 /****************************************************************************
2135 Reply to set a security descriptor. Map to UNIX perms.
2136 ****************************************************************************/
2137
2138 static int call_nt_transact_set_security_desc(connection_struct *conn,
2139 char *inbuf, char *outbuf, int length,
2140 int bufsize, char **ppsetup,
2141 char **ppparams, char **ppdata)
2142 {
2143 uint32 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
2144 char *params= *ppparams;
2145 char *data = *ppdata;
2146 prs_struct pd;
2147 SEC_DESC *psd = NULL;
2148 uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount);
2149 uid_t user = (uid_t)-1;
2150 gid_t grp = (gid_t)-1;
2151 mode_t perms = 0;
2152 SMB_STRUCT_STAT sbuf;
2153 files_struct *fsp = NULL;
2154 uint32 security_info_sent = 0;
2155
2156 if(!lp_nt_acl_support())
2157 return(UNIXERROR(ERRDOS,ERRnoaccess));
2158
2159 if(total_parameter_count < 8)
2160 return(ERROR(ERRDOS,ERRbadfunc));
2161
2162 if((fsp = file_fsp(params,0)) == NULL)
2163 return(ERROR(ERRDOS,ERRbadfid));
2164
2165 security_info_sent = IVAL(params,4);
2166
2167 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
2168 (unsigned int)security_info_sent ));
2169
2170 /*
2171 * Init the parse struct we will unmarshall from.
2172 */
2173
2174 prs_init(&pd, 0, 4, UNMARSHALL);
2175
2176 /*
2177 * Setup the prs_struct to point at the memory we just
2178 * allocated.
2179 */
2180
2181 prs_give_memory( &pd, data, total_data_count, False);
2182
2183 /*
2184 * Finally, unmarshall from the data buffer.
2185 */
2186
2187 if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
2188 free_sec_desc(&psd);
2189 DEBUG(0,("call_nt_transact_set_security_desc: Error in unmarshalling \
2190 security descriptor.\n"));
2191 /*
2192 * Return access denied for want of a better error message..
2193 */
2194 return(UNIXERROR(ERRDOS,ERRnoaccess));
2195 }
2196
2197 /*
2198 * Unpack the user/group/world id's and permissions.
2199 */
2200
2201 if(!unpack_nt_permissions( &user, &grp, &perms, security_info_sent, psd, fsp->is_directory)) {
2202 free_sec_desc(&psd);
2203 return(UNIXERROR(ERRDOS,ERRnoaccess));
2204 }
2205
2206 /*
2207 * Get the current state of the file.
2208 */
2209
2210 if(fsp->is_directory) {
2211 if(dos_stat(fsp->fsp_name, &sbuf) != 0) {
2212 return(UNIXERROR(ERRDOS,ERRnoaccess));
2213 }
2214 } else {
2215
2216 int ret;
2217
2218 if(fsp->fd_ptr == NULL)
2219 ret = dos_stat(fsp->fsp_name, &sbuf);
2220 else
2221 ret = sys_fstat(fsp->fd_ptr->fd,&sbuf);
2222
2223 if(ret != 0)
2224 return(UNIXERROR(ERRDOS,ERRnoaccess));
2225 }
2226
2227 /*
2228 * Do we need to chown ?
2229 */
2230
2231 if((user != (uid_t)-1 || grp != (uid_t)-1) && (sbuf.st_uid != user || sbuf.st_gid != grp)) {
2232
2233 DEBUG(3,("call_nt_transact_set_security_desc: chown %s. uid = %u, gid = %u.\n",
2234 fsp->fsp_name, (unsigned int)user, (unsigned int)grp ));
2235
2236 if(dos_chown( fsp->fsp_name, user, grp) == -1) {
2237 DEBUG(3,("call_nt_transact_set_security_desc: chown %s, %u, %u failed. Error = %s.\n",
2238 fsp->fsp_name, (unsigned int)user, (unsigned int)grp, strerror(errno) ));
2239 return(UNIXERROR(ERRDOS,ERRnoaccess));
2240 }
2241 }
2242
2243 /*
2244 * Only change security if we got a DACL.
2245 */
2246
2247 if((security_info_sent & DACL_SECURITY_INFORMATION) && (psd->dacl != NULL)) {
2248
2249 free_sec_desc(&psd);
2250
2251 /*
2252 * Check to see if we need to change anything.
2253 */
2254
2255 if(fsp->is_directory) {
2256
2257 perms &= lp_dir_mode(SNUM(conn));
2258 perms |= lp_force_dir_mode(SNUM(conn));
2259
2260 } else {
2261
2262 perms &= lp_create_mode(SNUM(conn));
2263 perms |= lp_force_create_mode(SNUM(conn));
2264
2265 }
2266
2267 /*
2268 * Do we need to chmod ?
2269 */
2270
2271 if(sbuf.st_mode != perms) {
2272
2273 DEBUG(3,("call_nt_transact_set_security_desc: chmod %s. perms = 0%o.\n",
2274 fsp->fsp_name, (unsigned int)perms ));
2275
2276 if(dos_chmod( fsp->fsp_name, perms) == -1) {
2277 DEBUG(3,("call_nt_transact_set_security_desc: chmod %s, 0%o failed. Error = %s.\n",
2278 fsp->fsp_name, (unsigned int)perms, strerror(errno) ));
2279 return(UNIXERROR(ERRDOS,ERRnoaccess));
2280 }
2281 }
2282 }
2283
2284 send_nt_replies(inbuf, outbuf, bufsize, 0, NULL, 0, NULL, 0);
2285 return -1;
2286 }
2287
2288 /****************************************************************************
2289 Reply to IOCTL - not implemented - no plans.
2290 ****************************************************************************/
2291 static int call_nt_transact_ioctl(connection_struct *conn,
2292 char *inbuf, char *outbuf, int length,
2293 int bufsize,
2294 char **ppsetup, char **ppparams, char **ppdata)
2295 {
2296 static BOOL logged_message = False;
2297
2298 if(!logged_message) {
2299 DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
2300 logged_message = True; /* Only print this once... */
2301 }
2302 return(ERROR(ERRSRV,ERRnosupport));
2303 }
2304
2305 /****************************************************************************
2306 Reply to a SMBNTtrans.
2307 ****************************************************************************/
2308 int reply_nttrans(connection_struct *conn,
2309 char *inbuf,char *outbuf,int length,int bufsize)
2310 {
2311 int outsize = 0;
2312 #if 0 /* Not used. */
2313 uint16 max_setup_count = CVAL(inbuf, smb_nt_MaxSetupCount);
2314 uint32 max_parameter_count = IVAL(inbuf, smb_nt_MaxParameterCount);
2315 uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount);
2316 #endif /* Not used. */
2317 uint32 total_parameter_count = IVAL(inbuf, smb_nt_TotalParameterCount);
2318 uint32 total_data_count = IVAL(inbuf, smb_nt_TotalDataCount);
2319 uint32 parameter_count = IVAL(inbuf,smb_nt_ParameterCount);
2320 uint32 parameter_offset = IVAL(inbuf,smb_nt_ParameterOffset);
2321 uint32 data_count = IVAL(inbuf,smb_nt_DataCount);
2322 uint32 data_offset = IVAL(inbuf,smb_nt_DataOffset);
2323 uint16 setup_count = 2*CVAL(inbuf,smb_nt_SetupCount); /* setup count is in *words* */
2324 uint16 function_code = SVAL( inbuf, smb_nt_Function);
2325 char *params = NULL, *data = NULL, *setup = NULL;
2326 uint32 num_params_sofar, num_data_sofar;
2327
2328 if(global_oplock_break && (function_code == NT_TRANSACT_CREATE)) {
2329 /*
2330 * Queue this open message as we are the process of an oplock break.
2331 */
2332
2333 DEBUG(2,("reply_nttrans: queueing message NT_TRANSACT_CREATE \
2334 due to being in oplock break state.\n" ));
2335
2336 push_oplock_pending_smb_message( inbuf, length);
2337 return -1;
2338 }
2339
2340 outsize = set_message(outbuf,0,0,True);
2341
2342 /*
2343 * All nttrans messages we handle have smb_wct == 19 + setup_count.
2344 * Ensure this is so as a sanity check.
2345 */
2346
2347 if(CVAL(inbuf, smb_wct) != 19 + (setup_count/2)) {
2348 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
2349 CVAL(inbuf, smb_wct), 19 + (setup_count/2)));
2350 return(ERROR(ERRSRV,ERRerror));
2351 }
2352
2353 /* Allocate the space for the setup, the maximum needed parameters and data */
2354
2355 if(setup_count > 0)
2356 setup = (char *)malloc(setup_count);
2357 if (total_parameter_count > 0)
2358 params = (char *)malloc(total_parameter_count);
2359 if (total_data_count > 0)
2360 data = (char *)malloc(total_data_count);
2361
2362 if ((total_parameter_count && !params) || (total_data_count && !data) ||
2363 (setup_count && !setup)) {
2364 DEBUG(0,("reply_nttrans : Out of memory\n"));
2365 return(ERROR(ERRDOS,ERRnomem));
2366 }
2367
2368 /* Copy the param and data bytes sent with this request into
2369 the params buffer */
2370 num_params_sofar = parameter_count;
2371 num_data_sofar = data_count;
2372
2373 if (parameter_count > total_parameter_count || data_count > total_data_count)
2374 exit_server("reply_nttrans: invalid sizes in packet.\n");
2375
2376 if(setup) {
2377 memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count);
2378 DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count));
2379 dump_data(10, setup, setup_count);
2380 }
2381 if(params) {
2382 memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count);
2383 DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count));
2384 dump_data(10, params, parameter_count);
2385 }
2386 if(data) {
2387 memcpy( data, smb_base(inbuf) + data_offset, data_count);
2388 DEBUG(10,("reply_nttrans: data_count = %d\n",data_count));
2389 dump_data(10, data, data_count);
2390 }
2391
2392 if(num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
2393 /* We need to send an interim response then receive the rest
2394 of the parameter/data bytes */
2395 outsize = set_message(outbuf,0,0,True);
2396 send_smb(Client,outbuf);
2397
2398 while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
2399 BOOL ret;
2400
2401 ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
2402
2403 if((ret && (CVAL(inbuf, smb_com) != SMBnttranss)) || !ret) {
2404 outsize = set_message(outbuf,0,0,True);
2405 if(ret) {
2406 DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n"));
2407 } else {
2408 DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
2409 (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
2410 }
2411 if(params)
2412 free(params);
2413 if(data)
2414 free(data);
2415 if(setup)
2416 free(setup);
2417 return(ERROR(ERRSRV,ERRerror));
2418 }
2419
2420 /* Revise total_params and total_data in case they have changed downwards */
2421 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
2422 total_data_count = IVAL(inbuf, smb_nts_TotalDataCount);
2423 num_params_sofar += (parameter_count = IVAL(inbuf,smb_nts_ParameterCount));
2424 num_data_sofar += ( data_count = IVAL(inbuf, smb_nts_DataCount));
2425 if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count)
2426 exit_server("reply_nttrans2: data overflow in secondary nttrans packet\n");
2427
2428 memcpy( &params[ IVAL(inbuf, smb_nts_ParameterDisplacement)],
2429 smb_base(inbuf) + IVAL(inbuf, smb_nts_ParameterOffset), parameter_count);
2430 memcpy( &data[IVAL(inbuf, smb_nts_DataDisplacement)],
2431 smb_base(inbuf)+ IVAL(inbuf, smb_nts_DataOffset), data_count);
2432 }
2433 }
2434
2435 if (Protocol >= PROTOCOL_NT1) {
2436 uint16 flg2 = SVAL(outbuf,smb_flg2);
2437 SSVAL(outbuf,smb_flg2,flg2 | 0x40); /* IS_LONG_NAME */
2438 }
2439
2440 /* Now we must call the relevant NT_TRANS function */
2441 switch(function_code) {
2442 case NT_TRANSACT_CREATE:
2443 outsize = call_nt_transact_create(conn, inbuf, outbuf, length, bufsize,
2444 &setup, &params, &data);
2445 break;
2446 case NT_TRANSACT_IOCTL:
2447 outsize = call_nt_transact_ioctl(conn,
2448 inbuf, outbuf, length, bufsize,
2449 &setup, &params, &data);
2450 break;
2451 case NT_TRANSACT_SET_SECURITY_DESC:
2452 outsize = call_nt_transact_set_security_desc(conn, inbuf, outbuf,
2453 length, bufsize,
2454 &setup, &params, &data);
2455 break;
2456 case NT_TRANSACT_NOTIFY_CHANGE:
2457 outsize = call_nt_transact_notify_change(conn, inbuf, outbuf,
2458 length, bufsize,
2459 &setup, &params, &data);
2460 break;
2461 case NT_TRANSACT_RENAME:
2462 outsize = call_nt_transact_rename(conn, inbuf, outbuf, length,
2463 bufsize,
2464 &setup, &params, &data);
2465 break;
2466
2467 case NT_TRANSACT_QUERY_SECURITY_DESC:
2468 outsize = call_nt_transact_query_security_desc(conn, inbuf, outbuf,
2469 length, bufsize,
2470 &setup, &params, &data);
2471 break;
2472 default:
2473 /* Error in request */
2474 DEBUG(0,("reply_nttrans: Unknown request %d in nttrans call\n", function_code));
2475 if(setup)
2476 free(setup);
2477 if(params)
2478 free(params);
2479 if(data)
2480 free(data);
2481 return (ERROR(ERRSRV,ERRerror));
2482 }
2483
2484 /* As we do not know how many data packets will need to be
2485 returned here the various call_nt_transact_xxxx calls
2486 must send their own. Thus a call_nt_transact_xxxx routine only
2487 returns a value other than -1 when it wants to send
2488 an error packet.
2489 */
2490
2491 if(setup)
2492 free(setup);
2493 if(params)
2494 free(params);
2495 if(data)
2496 free(data);
2497 return outsize; /* If a correct response was needed the call_nt_transact_xxxx
2498 calls have already sent it. If outsize != -1 then it is
2499 returning an error packet. */
2500 }
Samba GIT mirror