2 Unix SMB/CIFS implementation.
3 SMB NT transaction handling
4 Copyright (C) Jeremy Allison 1994-2007
5 Copyright (C) Stefan (metze) Metzmacher 2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 extern enum protocol_types Protocol
;
25 extern struct current_user current_user
;
27 static const char *known_nt_pipes
[] = {
48 static char *nttrans_realloc(char **ptr
, size_t size
)
51 smb_panic("nttrans_realloc() called with NULL ptr");
54 *ptr
= (char *)SMB_REALLOC(*ptr
, size
);
58 memset(*ptr
,'\0',size
);
62 /****************************************************************************
63 Send the required number of replies back.
64 We assume all fields other than the data fields are
65 set correctly for the type of call.
66 HACK ! Always assumes smb_setup field is zero.
67 ****************************************************************************/
69 void send_nt_replies(struct smb_request
*req
, NTSTATUS nt_error
,
70 char *params
, int paramsize
,
71 char *pdata
, int datasize
)
73 int data_to_send
= datasize
;
74 int params_to_send
= paramsize
;
78 int params_sent_thistime
, data_sent_thistime
, total_sent_thistime
;
79 int alignment_offset
= 3;
80 int data_alignment_offset
= 0;
83 * If there genuinely are no parameters or data to send just send
87 if(params_to_send
== 0 && data_to_send
== 0) {
88 reply_outbuf(req
, 18, 0);
89 show_msg((char *)req
->outbuf
);
94 * When sending params and data ensure that both are nicely aligned.
95 * Only do this alignment when there is also data to send - else
96 * can cause NT redirector problems.
99 if (((params_to_send
% 4) != 0) && (data_to_send
!= 0)) {
100 data_alignment_offset
= 4 - (params_to_send
% 4);
104 * Space is bufsize minus Netbios over TCP header minus SMB header.
105 * The alignment_offset is to align the param bytes on a four byte
106 * boundary (2 bytes for data len, one byte pad).
107 * NT needs this to work correctly.
110 useable_space
= max_send
- (smb_size
113 + data_alignment_offset
);
116 * useable_space can never be more than max_send minus the
120 useable_space
= MIN(useable_space
,
121 max_send
- (alignment_offset
+data_alignment_offset
));
124 while (params_to_send
|| data_to_send
) {
127 * Calculate whether we will totally or partially fill this packet.
130 total_sent_thistime
= params_to_send
+ data_to_send
+
131 alignment_offset
+ data_alignment_offset
;
134 * We can never send more than useable_space.
137 total_sent_thistime
= MIN(total_sent_thistime
, useable_space
);
139 reply_outbuf(req
, 18, total_sent_thistime
);
142 * Set total params and data to be sent.
145 SIVAL(req
->outbuf
,smb_ntr_TotalParameterCount
,paramsize
);
146 SIVAL(req
->outbuf
,smb_ntr_TotalDataCount
,datasize
);
149 * Calculate how many parameters and data we can fit into
150 * this packet. Parameters get precedence.
153 params_sent_thistime
= MIN(params_to_send
,useable_space
);
154 data_sent_thistime
= useable_space
- params_sent_thistime
;
155 data_sent_thistime
= MIN(data_sent_thistime
,data_to_send
);
157 SIVAL(req
->outbuf
, smb_ntr_ParameterCount
,
158 params_sent_thistime
);
160 if(params_sent_thistime
== 0) {
161 SIVAL(req
->outbuf
,smb_ntr_ParameterOffset
,0);
162 SIVAL(req
->outbuf
,smb_ntr_ParameterDisplacement
,0);
165 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
166 * parameter bytes, however the first 4 bytes of outbuf are
167 * the Netbios over TCP header. Thus use smb_base() to subtract
168 * them from the calculation.
171 SIVAL(req
->outbuf
,smb_ntr_ParameterOffset
,
172 ((smb_buf(req
->outbuf
)+alignment_offset
)
173 - smb_base(req
->outbuf
)));
175 * Absolute displacement of param bytes sent in this packet.
178 SIVAL(req
->outbuf
, smb_ntr_ParameterDisplacement
,
183 * Deal with the data portion.
186 SIVAL(req
->outbuf
, smb_ntr_DataCount
, data_sent_thistime
);
188 if(data_sent_thistime
== 0) {
189 SIVAL(req
->outbuf
,smb_ntr_DataOffset
,0);
190 SIVAL(req
->outbuf
,smb_ntr_DataDisplacement
, 0);
193 * The offset of the data bytes is the offset of the
194 * parameter bytes plus the number of parameters being sent this time.
197 SIVAL(req
->outbuf
, smb_ntr_DataOffset
,
198 ((smb_buf(req
->outbuf
)+alignment_offset
) -
199 smb_base(req
->outbuf
))
200 + params_sent_thistime
+ data_alignment_offset
);
201 SIVAL(req
->outbuf
,smb_ntr_DataDisplacement
, pd
- pdata
);
205 * Copy the param bytes into the packet.
208 if(params_sent_thistime
) {
209 if (alignment_offset
!= 0) {
210 memset(smb_buf(req
->outbuf
), 0,
213 memcpy((smb_buf(req
->outbuf
)+alignment_offset
), pp
,
214 params_sent_thistime
);
218 * Copy in the data bytes
221 if(data_sent_thistime
) {
222 if (data_alignment_offset
!= 0) {
223 memset((smb_buf(req
->outbuf
)+alignment_offset
+
224 params_sent_thistime
), 0,
225 data_alignment_offset
);
227 memcpy(smb_buf(req
->outbuf
)+alignment_offset
228 +params_sent_thistime
+data_alignment_offset
,
229 pd
,data_sent_thistime
);
232 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
233 params_sent_thistime
, data_sent_thistime
, useable_space
));
234 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
235 params_to_send
, data_to_send
, paramsize
, datasize
));
237 if (NT_STATUS_V(nt_error
)) {
238 error_packet_set((char *)req
->outbuf
,
243 /* Send the packet */
244 show_msg((char *)req
->outbuf
);
245 if (!send_smb(smbd_server_fd(),(char *)req
->outbuf
)) {
246 exit_server_cleanly("send_nt_replies: send_smb failed.");
249 TALLOC_FREE(req
->outbuf
);
251 pp
+= params_sent_thistime
;
252 pd
+= data_sent_thistime
;
254 params_to_send
-= params_sent_thistime
;
255 data_to_send
-= data_sent_thistime
;
261 if(params_to_send
< 0 || data_to_send
< 0) {
262 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
263 params_to_send
, data_to_send
));
269 /****************************************************************************
270 Is it an NTFS stream name ?
271 ****************************************************************************/
273 bool is_ntfs_stream_name(const char *fname
)
275 if (lp_posix_pathnames()) {
278 return (strchr_m(fname
, ':') != NULL
) ? True
: False
;
281 struct case_semantics_state
{
282 connection_struct
*conn
;
285 bool short_case_preserve
;
288 /****************************************************************************
289 Restore case semantics.
290 ****************************************************************************/
291 static int restore_case_semantics(struct case_semantics_state
*state
)
293 state
->conn
->case_sensitive
= state
->case_sensitive
;
294 state
->conn
->case_preserve
= state
->case_preserve
;
295 state
->conn
->short_case_preserve
= state
->short_case_preserve
;
299 /****************************************************************************
301 ****************************************************************************/
302 static struct case_semantics_state
*set_posix_case_semantics(TALLOC_CTX
*mem_ctx
,
303 connection_struct
*conn
)
305 struct case_semantics_state
*result
;
307 if (!(result
= talloc(mem_ctx
, struct case_semantics_state
))) {
308 DEBUG(0, ("talloc failed\n"));
313 result
->case_sensitive
= conn
->case_sensitive
;
314 result
->case_preserve
= conn
->case_preserve
;
315 result
->short_case_preserve
= conn
->short_case_preserve
;
318 conn
->case_sensitive
= True
;
319 conn
->case_preserve
= True
;
320 conn
->short_case_preserve
= True
;
322 talloc_set_destructor(result
, restore_case_semantics
);
327 /****************************************************************************
328 Reply to an NT create and X call on a pipe
329 ****************************************************************************/
331 static void nt_open_pipe(char *fname
, connection_struct
*conn
,
332 struct smb_request
*req
, int *ppnum
)
334 smb_np_struct
*p
= NULL
;
337 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname
));
339 /* See if it is one we want to handle. */
341 if (lp_disable_spoolss() && strequal(fname
, "\\spoolss")) {
342 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
347 for( i
= 0; known_nt_pipes
[i
]; i
++ ) {
348 if( strequal(fname
,known_nt_pipes
[i
])) {
353 if ( known_nt_pipes
[i
] == NULL
) {
354 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
359 /* Strip \\ off the name. */
362 DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname
));
364 p
= open_rpc_pipe_p(fname
, conn
, req
->vuid
);
366 reply_doserror(req
, ERRSRV
, ERRnofids
);
370 /* TODO: Add pipe to db */
372 if ( !store_pipe_opendb( p
) ) {
373 DEBUG(3,("nt_open_pipe: failed to store %s pipe open.\n", fname
));
380 /****************************************************************************
381 Reply to an NT create and X call for pipes.
382 ****************************************************************************/
384 static void do_ntcreate_pipe_open(connection_struct
*conn
,
385 struct smb_request
*req
)
390 uint32 flags
= IVAL(req
->inbuf
,smb_ntcreate_Flags
);
391 TALLOC_CTX
*ctx
= talloc_tos();
393 srvstr_pull_buf_talloc(ctx
, (char *)req
->inbuf
, req
->flags2
, &fname
,
394 smb_buf(req
->inbuf
), STR_TERMINATE
);
397 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
401 nt_open_pipe(fname
, conn
, req
, &pnum
);
409 * Deal with pipe return.
412 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
413 /* This is very strange. We
414 * return 50 words, but only set
415 * the wcnt to 42 ? It's definately
416 * what happens on the wire....
418 reply_outbuf(req
, 50, 0);
419 SCVAL(req
->outbuf
,smb_wct
,42);
421 reply_outbuf(req
, 34, 0);
424 p
= (char *)req
->outbuf
+ smb_vwv2
;
428 SIVAL(p
,0,FILE_WAS_OPENED
);
431 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
434 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
436 SSVAL(p
,2, 0x5FF); /* ? */
439 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
441 SIVAL(p
,0,FILE_GENERIC_ALL
);
443 * For pipes W2K3 seems to return
445 * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
447 SIVAL(p
,4,(FILE_GENERIC_READ
|FILE_GENERIC_WRITE
)&~FILE_APPEND_DATA
);
450 DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname
));
455 /****************************************************************************
456 Reply to an NT create and X call for a quota file.
457 ****************************************************************************/
459 static void reply_ntcreate_and_X_quota(connection_struct
*conn
,
460 struct smb_request
*req
,
461 enum FAKE_FILE_TYPE fake_file_type
,
465 uint32 desired_access
= IVAL(req
->inbuf
,smb_ntcreate_DesiredAccess
);
469 status
= open_fake_file(conn
, fake_file_type
, fname
, desired_access
,
472 if (!NT_STATUS_IS_OK(status
)) {
473 reply_nterror(req
, status
);
477 reply_outbuf(req
, 34, 0);
479 p
= (char *)req
->outbuf
+ smb_vwv2
;
481 /* SCVAL(p,0,NO_OPLOCK_RETURN); */
483 SSVAL(p
,0,fsp
->fnum
);
485 DEBUG(5,("reply_ntcreate_and_X_quota: fnum = %d, open name = %s\n", fsp
->fnum
, fsp
->fsp_name
));
490 /****************************************************************************
491 Reply to an NT create and X call.
492 ****************************************************************************/
494 void reply_ntcreate_and_X(connection_struct
*conn
,
495 struct smb_request
*req
)
500 uint32 file_attributes
;
502 uint32 create_disposition
;
503 uint32 create_options
;
505 SMB_BIG_UINT allocation_size
;
506 /* Breakout the oplock request bits so we can set the
507 reply bits separately. */
508 int oplock_request
= 0;
510 SMB_OFF_T file_len
= 0;
511 SMB_STRUCT_STAT sbuf
;
513 files_struct
*fsp
= NULL
;
515 struct timespec c_timespec
;
516 struct timespec a_timespec
;
517 struct timespec m_timespec
;
518 bool extended_oplock_granted
= False
;
520 struct case_semantics_state
*case_state
= NULL
;
521 TALLOC_CTX
*ctx
= talloc_tos();
523 START_PROFILE(SMBntcreateX
);
526 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
530 flags
= IVAL(req
->inbuf
,smb_ntcreate_Flags
);
531 access_mask
= IVAL(req
->inbuf
,smb_ntcreate_DesiredAccess
);
532 file_attributes
= IVAL(req
->inbuf
,smb_ntcreate_FileAttributes
);
533 share_access
= IVAL(req
->inbuf
,smb_ntcreate_ShareAccess
);
534 create_disposition
= IVAL(req
->inbuf
,smb_ntcreate_CreateDisposition
);
535 create_options
= IVAL(req
->inbuf
,smb_ntcreate_CreateOptions
);
536 root_dir_fid
= (uint16
)IVAL(req
->inbuf
,smb_ntcreate_RootDirectoryFid
);
538 allocation_size
= (SMB_BIG_UINT
)IVAL(req
->inbuf
,smb_ntcreate_AllocationSize
);
539 #ifdef LARGE_SMB_OFF_T
540 allocation_size
|= (((SMB_BIG_UINT
)IVAL(req
->inbuf
,smb_ntcreate_AllocationSize
+ 4)) << 32);
543 srvstr_get_path(ctx
, (char *)req
->inbuf
, req
->flags2
, &fname
,
544 smb_buf(req
->inbuf
), 0, STR_TERMINATE
, &status
);
546 if (!NT_STATUS_IS_OK(status
)) {
547 reply_nterror(req
, status
);
548 END_PROFILE(SMBntcreateX
);
552 DEBUG(10,("reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x "
553 "file_attributes = 0x%x, share_access = 0x%x, "
554 "create_disposition = 0x%x create_options = 0x%x "
555 "root_dir_fid = 0x%x, fname = %s\n",
557 (unsigned int)access_mask
,
558 (unsigned int)file_attributes
,
559 (unsigned int)share_access
,
560 (unsigned int)create_disposition
,
561 (unsigned int)create_options
,
562 (unsigned int)root_dir_fid
,
566 * If it's an IPC, use the pipe handler.
570 if (lp_nt_pipe_support()) {
571 do_ntcreate_pipe_open(conn
, req
);
572 END_PROFILE(SMBntcreateX
);
575 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
576 END_PROFILE(SMBntcreateX
);
581 if (create_options
& FILE_OPEN_BY_FILE_ID
) {
582 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
583 END_PROFILE(SMBntcreateX
);
591 if (root_dir_fid
!= 0) {
593 * This filename is relative to a directory fid.
595 char *parent_fname
= NULL
;
596 files_struct
*dir_fsp
= file_fsp(root_dir_fid
);
599 reply_doserror(req
, ERRDOS
, ERRbadfid
);
600 END_PROFILE(SMBntcreateX
);
604 if(!dir_fsp
->is_directory
) {
607 * Check to see if this is a mac fork of some kind.
610 if( is_ntfs_stream_name(fname
)) {
612 req
, NT_STATUS_OBJECT_PATH_NOT_FOUND
);
613 END_PROFILE(SMBntcreateX
);
618 we need to handle the case when we get a
619 relative open relative to a file and the
620 pathname is blank - this is a reopen!
621 (hint from demyn plantenberg)
624 reply_doserror(req
, ERRDOS
, ERRbadfid
);
625 END_PROFILE(SMBntcreateX
);
629 if (ISDOT(dir_fsp
->fsp_name
)) {
631 * We're at the toplevel dir, the final file name
632 * must not contain ./, as this is filtered out
633 * normally by srvstr_get_path and unix_convert
634 * explicitly rejects paths containing ./.
636 parent_fname
= talloc_strdup(ctx
,"");
638 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
639 END_PROFILE(SMBntcreateX
);
643 size_t dir_name_len
= strlen(dir_fsp
->fsp_name
);
646 * Copy in the base directory name.
649 parent_fname
= TALLOC_ARRAY(ctx
, char, dir_name_len
+2);
651 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
652 END_PROFILE(SMBntcreateX
);
655 memcpy(parent_fname
, dir_fsp
->fsp_name
,
659 * Ensure it ends in a '/'.
660 * We used TALLOC_SIZE +2 to add space for the '/'.
664 && (parent_fname
[dir_name_len
-1] != '\\')
665 && (parent_fname
[dir_name_len
-1] != '/')) {
666 parent_fname
[dir_name_len
] = '/';
667 parent_fname
[dir_name_len
+1] = '\0';
671 fname
= talloc_asprintf(ctx
, "%s%s", parent_fname
, fname
);
673 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
674 END_PROFILE(SMBntcreateX
);
679 * Check to see if this is a mac fork of some kind.
682 if( is_ntfs_stream_name(fname
)) {
683 enum FAKE_FILE_TYPE fake_file_type
= is_fake_file(fname
);
684 if (fake_file_type
!=FAKE_FILE_TYPE_NONE
) {
686 * Here we go! support for changing the disk quotas --metze
688 * We need to fake up to open this MAGIC QUOTA file
689 * and return a valid FID.
691 * w2k close this file directly after openening
692 * xp also tries a QUERY_FILE_INFO on the file and then close it
694 reply_ntcreate_and_X_quota(conn
, req
,
695 fake_file_type
, fname
);
697 reply_nterror(req
, NT_STATUS_OBJECT_PATH_NOT_FOUND
);
699 END_PROFILE(SMBntcreateX
);
705 * Now contruct the smb_open_mode value from the filename,
706 * desired access and the share access.
708 status
= resolve_dfspath(ctx
, conn
,
709 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
712 if (!NT_STATUS_IS_OK(status
)) {
713 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
714 reply_botherror(req
, NT_STATUS_PATH_NOT_COVERED
,
718 reply_nterror(req
, status
);
720 END_PROFILE(SMBntcreateX
);
724 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
725 if (oplock_request
) {
726 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
) ? BATCH_OPLOCK
: 0;
730 * Ordinary file or directory.
734 * Check if POSIX semantics are wanted.
737 if (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
738 case_state
= set_posix_case_semantics(NULL
, conn
);
739 file_attributes
&= ~FILE_FLAG_POSIX_SEMANTICS
;
742 status
= unix_convert(ctx
, conn
, fname
, False
, &fname
, NULL
, &sbuf
);
743 if (!NT_STATUS_IS_OK(status
)) {
744 TALLOC_FREE(case_state
);
745 reply_nterror(req
, status
);
746 END_PROFILE(SMBntcreateX
);
749 /* All file access must go through check_name() */
750 status
= check_name(conn
, fname
);
751 if (!NT_STATUS_IS_OK(status
)) {
752 TALLOC_FREE(case_state
);
753 reply_nterror(req
, status
);
754 END_PROFILE(SMBntcreateX
);
758 /* This is the correct thing to do (check every time) but can_delete is
759 expensive (it may have to read the parent directory permissions). So
760 for now we're not doing it unless we have a strong hint the client
761 is really going to delete this file. If the client is forcing FILE_CREATE
762 let the filesystem take care of the permissions. */
764 /* Setting FILE_SHARE_DELETE is the hint. */
766 if (lp_acl_check_permissions(SNUM(conn
))
767 && (create_disposition
!= FILE_CREATE
)
768 && (share_access
& FILE_SHARE_DELETE
)
769 && (access_mask
& DELETE_ACCESS
)) {
770 if (((dos_mode(conn
, fname
, &sbuf
) & FILE_ATTRIBUTE_READONLY
)
771 && !lp_delete_readonly(SNUM(conn
))) ||
772 !can_delete_file_in_directory(conn
, fname
)) {
773 TALLOC_FREE(case_state
);
774 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
775 END_PROFILE(SMBntcreateX
);
781 /* We need to support SeSecurityPrivilege for this. */
782 if ((access_mask
& SEC_RIGHT_SYSTEM_SECURITY
) &&
783 !user_has_privileges(current_user
.nt_user_token
,
785 TALLOC_FREE(case_state
);
786 END_PROFILE(SMBntcreateX
);
787 return ERROR_NT(NT_STATUS_PRIVILEGE_NOT_HELD
);
792 * If it's a request for a directory open, deal with it separately.
795 if(create_options
& FILE_DIRECTORY_FILE
) {
797 /* Can't open a temp directory. IFS kit test. */
798 if (file_attributes
& FILE_ATTRIBUTE_TEMPORARY
) {
799 TALLOC_FREE(case_state
);
800 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
801 END_PROFILE(SMBntcreateX
);
806 status
= open_directory(conn
, req
, fname
, &sbuf
,
817 * Ordinary file case.
820 /* NB. We have a potential bug here. If we
821 * cause an oplock break to ourselves, then we
822 * could end up processing filename related
823 * SMB requests whilst we await the oplock
824 * break response. As we may have changed the
825 * filename case semantics to be POSIX-like,
826 * this could mean a filename request could
827 * fail when it should succeed. This is a rare
828 * condition, but eventually we must arrange
829 * to restore the correct case semantics
830 * before issuing an oplock break request to
831 * our client. JRA. */
833 status
= open_file_ntcreate(conn
, req
, fname
, &sbuf
,
842 /* We cheat here. There are two cases we
843 * care about. One is a directory rename,
844 * where the NT client will attempt to
845 * open the source directory for
846 * DELETE access. Note that when the
847 * NT client does this it does *not*
848 * set the directory bit in the
849 * request packet. This is translated
850 * into a read/write open
851 * request. POSIX states that any open
852 * for write request on a directory
853 * will generate an EISDIR error, so
854 * we can catch this here and open a
855 * pseudo handle that is flagged as a
856 * directory. The second is an open
857 * for a permissions read only, which
858 * we handle in the open_file_stat case. JRA.
861 if (NT_STATUS_EQUAL(status
, NT_STATUS_FILE_IS_A_DIRECTORY
)) {
864 * Fail the open if it was explicitly a non-directory
868 if (create_options
& FILE_NON_DIRECTORY_FILE
) {
869 TALLOC_FREE(case_state
);
870 reply_force_nterror(req
,
871 NT_STATUS_FILE_IS_A_DIRECTORY
);
872 END_PROFILE(SMBntcreateX
);
877 status
= open_directory(conn
, req
, fname
,
888 TALLOC_FREE(case_state
);
890 if (!NT_STATUS_IS_OK(status
)) {
891 if (open_was_deferred(req
->mid
)) {
892 /* We have re-scheduled this call. */
893 END_PROFILE(SMBntcreateX
);
896 reply_openerror(req
, status
);
897 END_PROFILE(SMBntcreateX
);
901 file_len
= sbuf
.st_size
;
902 fattr
= dos_mode(conn
,fname
,&sbuf
);
904 fattr
= FILE_ATTRIBUTE_NORMAL
;
906 if (!fsp
->is_directory
&& (fattr
& aDIR
)) {
907 close_file(fsp
,ERROR_CLOSE
);
908 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
909 END_PROFILE(SMBntcreateX
);
913 /* Save the requested allocation size. */
914 if ((info
== FILE_WAS_CREATED
) || (info
== FILE_WAS_OVERWRITTEN
)) {
915 if (allocation_size
&& (allocation_size
> (SMB_BIG_UINT
)file_len
)) {
916 fsp
->initial_allocation_size
= smb_roundup(fsp
->conn
, allocation_size
);
917 if (fsp
->is_directory
) {
918 close_file(fsp
,ERROR_CLOSE
);
919 /* Can't set allocation size on a directory. */
920 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
921 END_PROFILE(SMBntcreateX
);
924 if (vfs_allocate_file_space(fsp
, fsp
->initial_allocation_size
) == -1) {
925 close_file(fsp
,ERROR_CLOSE
);
926 reply_nterror(req
, NT_STATUS_DISK_FULL
);
927 END_PROFILE(SMBntcreateX
);
931 fsp
->initial_allocation_size
= smb_roundup(fsp
->conn
,(SMB_BIG_UINT
)file_len
);
936 * If the caller set the extended oplock request bit
937 * and we granted one (by whatever means) - set the
938 * correct bit for extended oplock reply.
941 if (oplock_request
&& lp_fake_oplocks(SNUM(conn
))) {
942 extended_oplock_granted
= True
;
945 if(oplock_request
&& EXCLUSIVE_OPLOCK_TYPE(fsp
->oplock_type
)) {
946 extended_oplock_granted
= True
;
949 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
950 /* This is very strange. We
951 * return 50 words, but only set
952 * the wcnt to 42 ? It's definately
953 * what happens on the wire....
955 reply_outbuf(req
, 50, 0);
956 SCVAL(req
->outbuf
,smb_wct
,42);
958 reply_outbuf(req
, 34, 0);
961 p
= (char *)req
->outbuf
+ smb_vwv2
;
964 * Currently as we don't support level II oplocks we just report
965 * exclusive & batch here.
968 if (extended_oplock_granted
) {
969 if (flags
& REQUEST_BATCH_OPLOCK
) {
970 SCVAL(p
,0, BATCH_OPLOCK_RETURN
);
972 SCVAL(p
,0, EXCLUSIVE_OPLOCK_RETURN
);
974 } else if (fsp
->oplock_type
== LEVEL_II_OPLOCK
) {
975 SCVAL(p
,0, LEVEL_II_OPLOCK_RETURN
);
977 SCVAL(p
,0,NO_OPLOCK_RETURN
);
981 SSVAL(p
,0,fsp
->fnum
);
983 if ((create_disposition
== FILE_SUPERSEDE
) && (info
== FILE_WAS_OVERWRITTEN
)) {
984 SIVAL(p
,0,FILE_WAS_SUPERSEDED
);
991 c_timespec
= get_create_timespec(&sbuf
,lp_fake_dir_create_times(SNUM(conn
)));
992 a_timespec
= get_atimespec(&sbuf
);
993 m_timespec
= get_mtimespec(&sbuf
);
995 if (lp_dos_filetime_resolution(SNUM(conn
))) {
996 dos_filetime_timespec(&c_timespec
);
997 dos_filetime_timespec(&a_timespec
);
998 dos_filetime_timespec(&m_timespec
);
1001 put_long_date_timespec(p
, c_timespec
); /* create time. */
1003 put_long_date_timespec(p
, a_timespec
); /* access time */
1005 put_long_date_timespec(p
, m_timespec
); /* write time */
1007 put_long_date_timespec(p
, m_timespec
); /* change time */
1009 SIVAL(p
,0,fattr
); /* File Attributes. */
1011 SOFF_T(p
, 0, get_allocation_size(conn
,fsp
,&sbuf
));
1013 SOFF_T(p
,0,file_len
);
1015 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1019 SCVAL(p
,0,fsp
->is_directory
? 1 : 0);
1021 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1024 if (fsp
->is_directory
|| can_write_to_file(conn
, fname
, &sbuf
)) {
1025 perms
= FILE_GENERIC_ALL
;
1027 perms
= FILE_GENERIC_READ
|FILE_EXECUTE
;
1032 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp
->fnum
, fsp
->fsp_name
));
1035 END_PROFILE(SMBntcreateX
);
1039 /****************************************************************************
1040 Reply to a NT_TRANSACT_CREATE call to open a pipe.
1041 ****************************************************************************/
1043 static void do_nt_transact_create_pipe(connection_struct
*conn
,
1044 struct smb_request
*req
,
1045 uint16
**ppsetup
, uint32 setup_count
,
1046 char **ppparams
, uint32 parameter_count
,
1047 char **ppdata
, uint32 data_count
)
1050 char *params
= *ppparams
;
1056 TALLOC_CTX
*ctx
= talloc_tos();
1059 * Ensure minimum number of parameters sent.
1062 if(parameter_count
< 54) {
1063 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count
));
1064 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
1068 flags
= IVAL(params
,0);
1070 srvstr_get_path(ctx
, params
, req
->flags2
, &fname
, params
+53,
1071 parameter_count
-53, STR_TERMINATE
,
1073 if (!NT_STATUS_IS_OK(status
)) {
1074 reply_nterror(req
, status
);
1078 nt_open_pipe(fname
, conn
, req
, &pnum
);
1085 /* Realloc the size of parameters and data we will return */
1086 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1087 /* Extended response is 32 more byyes. */
1092 params
= nttrans_realloc(ppparams
, param_len
);
1093 if(params
== NULL
) {
1094 reply_doserror(req
, ERRDOS
, ERRnomem
);
1099 SCVAL(p
,0,NO_OPLOCK_RETURN
);
1104 SIVAL(p
,0,FILE_WAS_OPENED
);
1108 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
1111 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
1113 SSVAL(p
,2, 0x5FF); /* ? */
1116 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1118 SIVAL(p
,0,FILE_GENERIC_ALL
);
1120 * For pipes W2K3 seems to return
1122 * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
1124 SIVAL(p
,4,(FILE_GENERIC_READ
|FILE_GENERIC_WRITE
)&~FILE_APPEND_DATA
);
1127 DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname
));
1129 /* Send the required number of replies */
1130 send_nt_replies(req
, NT_STATUS_OK
, params
, param_len
, *ppdata
, 0);
1135 /****************************************************************************
1136 Internal fn to set security descriptors.
1137 ****************************************************************************/
1139 static NTSTATUS
set_sd(files_struct
*fsp
, char *data
, uint32 sd_len
, uint32 security_info_sent
)
1142 SEC_DESC
*psd
= NULL
;
1143 TALLOC_CTX
*mem_ctx
;
1146 if (sd_len
== 0 || !lp_nt_acl_support(SNUM(fsp
->conn
))) {
1147 return NT_STATUS_OK
;
1151 * Init the parse struct we will unmarshall from.
1154 if ((mem_ctx
= talloc_init("set_sd")) == NULL
) {
1155 DEBUG(0,("set_sd: talloc_init failed.\n"));
1156 return NT_STATUS_NO_MEMORY
;
1159 prs_init(&pd
, 0, mem_ctx
, UNMARSHALL
);
1162 * Setup the prs_struct to point at the memory we just
1166 prs_give_memory( &pd
, data
, sd_len
, False
);
1169 * Finally, unmarshall from the data buffer.
1172 if(!sec_io_desc( "sd data", &psd
, &pd
, 1)) {
1173 DEBUG(0,("set_sd: Error in unmarshalling security descriptor.\n"));
1175 * Return access denied for want of a better error message..
1177 talloc_destroy(mem_ctx
);
1178 return NT_STATUS_NO_MEMORY
;
1181 if (psd
->owner_sid
==0) {
1182 security_info_sent
&= ~OWNER_SECURITY_INFORMATION
;
1184 if (psd
->group_sid
==0) {
1185 security_info_sent
&= ~GROUP_SECURITY_INFORMATION
;
1188 security_info_sent
&= ~SACL_SECURITY_INFORMATION
;
1191 security_info_sent
&= ~DACL_SECURITY_INFORMATION
;
1194 status
= SMB_VFS_FSET_NT_ACL( fsp
, fsp
->fh
->fd
, security_info_sent
, psd
);
1196 talloc_destroy(mem_ctx
);
1200 /****************************************************************************
1201 Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
1202 ****************************************************************************/
1204 static struct ea_list
*read_nttrans_ea_list(TALLOC_CTX
*ctx
, const char *pdata
, size_t data_size
)
1206 struct ea_list
*ea_list_head
= NULL
;
1209 if (data_size
< 4) {
1213 while (offset
+ 4 <= data_size
) {
1214 size_t next_offset
= IVAL(pdata
,offset
);
1215 struct ea_list
*eal
= read_ea_list_entry(ctx
, pdata
+ offset
+ 4, data_size
- offset
- 4, NULL
);
1221 DLIST_ADD_END(ea_list_head
, eal
, struct ea_list
*);
1222 if (next_offset
== 0) {
1225 offset
+= next_offset
;
1228 return ea_list_head
;
1231 /****************************************************************************
1232 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
1233 ****************************************************************************/
1235 static void call_nt_transact_create(connection_struct
*conn
,
1236 struct smb_request
*req
,
1237 uint16
**ppsetup
, uint32 setup_count
,
1238 char **ppparams
, uint32 parameter_count
,
1239 char **ppdata
, uint32 data_count
,
1240 uint32 max_data_count
)
1243 char *params
= *ppparams
;
1244 char *data
= *ppdata
;
1245 /* Breakout the oplock request bits so we can set the reply bits separately. */
1246 int oplock_request
= 0;
1248 SMB_OFF_T file_len
= 0;
1249 SMB_STRUCT_STAT sbuf
;
1251 files_struct
*fsp
= NULL
;
1253 bool extended_oplock_granted
= False
;
1256 uint32 file_attributes
;
1257 uint32 share_access
;
1258 uint32 create_disposition
;
1259 uint32 create_options
;
1262 uint16 root_dir_fid
;
1263 struct timespec c_timespec
;
1264 struct timespec a_timespec
;
1265 struct timespec m_timespec
;
1266 struct ea_list
*ea_list
= NULL
;
1270 struct case_semantics_state
*case_state
= NULL
;
1271 SMB_BIG_UINT allocation_size
;
1272 TALLOC_CTX
*ctx
= talloc_tos();
1274 DEBUG(5,("call_nt_transact_create\n"));
1277 * If it's an IPC, use the pipe handler.
1281 if (lp_nt_pipe_support()) {
1282 do_nt_transact_create_pipe(
1284 ppsetup
, setup_count
,
1285 ppparams
, parameter_count
,
1286 ppdata
, data_count
);
1289 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
1295 * Ensure minimum number of parameters sent.
1298 if(parameter_count
< 54) {
1299 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)parameter_count
));
1300 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1304 flags
= IVAL(params
,0);
1305 access_mask
= IVAL(params
,8);
1306 file_attributes
= IVAL(params
,20);
1307 share_access
= IVAL(params
,24);
1308 create_disposition
= IVAL(params
,28);
1309 create_options
= IVAL(params
,32);
1310 sd_len
= IVAL(params
,36);
1311 ea_len
= IVAL(params
,40);
1312 root_dir_fid
= (uint16
)IVAL(params
,4);
1313 allocation_size
= (SMB_BIG_UINT
)IVAL(params
,12);
1314 #ifdef LARGE_SMB_OFF_T
1315 allocation_size
|= (((SMB_BIG_UINT
)IVAL(params
,16)) << 32);
1318 /* Ensure the data_len is correct for the sd and ea values given. */
1319 if ((ea_len
+ sd_len
> data_count
) ||
1320 (ea_len
> data_count
) || (sd_len
> data_count
) ||
1321 (ea_len
+ sd_len
< ea_len
) || (ea_len
+ sd_len
< sd_len
)) {
1322 DEBUG(10,("call_nt_transact_create - ea_len = %u, sd_len = %u, data_count = %u\n",
1323 (unsigned int)ea_len
, (unsigned int)sd_len
, (unsigned int)data_count
));
1324 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1329 if (!lp_ea_support(SNUM(conn
))) {
1330 DEBUG(10,("call_nt_transact_create - ea_len = %u but EA's not supported.\n",
1331 (unsigned int)ea_len
));
1332 reply_nterror(req
, NT_STATUS_EAS_NOT_SUPPORTED
);
1337 DEBUG(10,("call_nt_transact_create - ea_len = %u - too small (should be more than 10)\n",
1338 (unsigned int)ea_len
));
1339 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1344 srvstr_get_path(ctx
, params
, req
->flags2
, &fname
,
1345 params
+53, parameter_count
-53,
1346 STR_TERMINATE
, &status
);
1347 if (!NT_STATUS_IS_OK(status
)) {
1348 reply_nterror(req
, status
);
1352 if (create_options
& FILE_OPEN_BY_FILE_ID
) {
1353 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
1358 * Get the file name.
1361 if(root_dir_fid
!= 0) {
1363 * This filename is relative to a directory fid.
1365 char *parent_fname
= NULL
;
1366 files_struct
*dir_fsp
= file_fsp(root_dir_fid
);
1369 reply_doserror(req
, ERRDOS
, ERRbadfid
);
1373 if(!dir_fsp
->is_directory
) {
1376 * Check to see if this is a mac fork of some kind.
1379 if( is_ntfs_stream_name(fname
)) {
1381 NT_STATUS_OBJECT_PATH_NOT_FOUND
);
1386 we need to handle the case when we get a
1387 relative open relative to a file and the
1388 pathname is blank - this is a reopen!
1389 (hint from demyn plantenberg)
1392 reply_doserror(req
, ERRDOS
, ERRbadfid
);
1396 if (ISDOT(dir_fsp
->fsp_name
)) {
1398 * We're at the toplevel dir, the final file name
1399 * must not contain ./, as this is filtered out
1400 * normally by srvstr_get_path and unix_convert
1401 * explicitly rejects paths containing ./.
1403 parent_fname
= talloc_strdup(ctx
,"");
1404 if (!parent_fname
) {
1405 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1409 size_t dir_name_len
= strlen(dir_fsp
->fsp_name
);
1412 * Copy in the base directory name.
1415 parent_fname
= TALLOC_ARRAY(ctx
, char, dir_name_len
+2);
1417 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1420 memcpy(parent_fname
, dir_fsp
->fsp_name
,
1424 * Ensure it ends in a '/'.
1425 * We used TALLOC_SIZE +2 to add space for the '/'.
1429 && (parent_fname
[dir_name_len
-1] != '\\')
1430 && (parent_fname
[dir_name_len
-1] != '/')) {
1431 parent_fname
[dir_name_len
] = '/';
1432 parent_fname
[dir_name_len
+1] = '\0';
1436 fname
= talloc_asprintf(ctx
, "%s%s", parent_fname
, fname
);
1437 if (fname
== NULL
) {
1438 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1439 END_PROFILE(SMBntcreateX
);
1444 * Check to see if this is a mac fork of some kind.
1447 if( is_ntfs_stream_name(fname
)) {
1448 reply_nterror(req
, NT_STATUS_OBJECT_PATH_NOT_FOUND
);
1453 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
1454 if (oplock_request
) {
1455 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
) ? BATCH_OPLOCK
: 0;
1459 * Ordinary file or directory.
1463 * Check if POSIX semantics are wanted.
1466 if (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
1467 case_state
= set_posix_case_semantics(NULL
, conn
);
1468 file_attributes
&= ~FILE_FLAG_POSIX_SEMANTICS
;
1471 status
= resolve_dfspath(ctx
, conn
,
1472 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
1475 if (!NT_STATUS_IS_OK(status
)) {
1476 TALLOC_FREE(case_state
);
1477 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
1478 reply_botherror(req
, NT_STATUS_PATH_NOT_COVERED
,
1479 ERRSRV
, ERRbadpath
);
1482 reply_nterror(req
, status
);
1486 status
= unix_convert(ctx
, conn
, fname
, False
, &fname
, NULL
, &sbuf
);
1487 if (!NT_STATUS_IS_OK(status
)) {
1488 TALLOC_FREE(case_state
);
1489 reply_nterror(req
, status
);
1492 /* All file access must go through check_name() */
1493 status
= check_name(conn
, fname
);
1494 if (!NT_STATUS_IS_OK(status
)) {
1495 TALLOC_FREE(case_state
);
1496 reply_nterror(req
, status
);
1500 /* This is the correct thing to do (check every time) but can_delete is
1501 expensive (it may have to read the parent directory permissions). So
1502 for now we're not doing it unless we have a strong hint the client
1503 is really going to delete this file. If the client is forcing FILE_CREATE
1504 let the filesystem take care of the permissions. */
1506 /* Setting FILE_SHARE_DELETE is the hint. */
1508 if (lp_acl_check_permissions(SNUM(conn
))
1509 && (create_disposition
!= FILE_CREATE
)
1510 && (share_access
& FILE_SHARE_DELETE
)
1511 && (access_mask
& DELETE_ACCESS
)) {
1512 if (((dos_mode(conn
, fname
, &sbuf
) & FILE_ATTRIBUTE_READONLY
)
1513 && !lp_delete_readonly(SNUM(conn
))) ||
1514 !can_delete_file_in_directory(conn
, fname
)) {
1515 TALLOC_FREE(case_state
);
1516 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1522 /* We need to support SeSecurityPrivilege for this. */
1523 if ((access_mask
& SEC_RIGHT_SYSTEM_SECURITY
) &&
1524 !user_has_privileges(current_user
.nt_user_token
,
1526 TALLOC_FREE(case_state
);
1527 reply_nterror(req
, NT_STATUS_PRIVILEGE_NOT_HELD
);
1533 pdata
= data
+ sd_len
;
1535 /* We have already checked that ea_len <= data_count here. */
1536 ea_list
= read_nttrans_ea_list(talloc_tos(), pdata
,
1539 TALLOC_FREE(case_state
);
1540 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1546 * If it's a request for a directory open, deal with it separately.
1549 if(create_options
& FILE_DIRECTORY_FILE
) {
1551 /* Can't open a temp directory. IFS kit test. */
1552 if (file_attributes
& FILE_ATTRIBUTE_TEMPORARY
) {
1553 TALLOC_FREE(case_state
);
1554 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1559 * We will get a create directory here if the Win32
1560 * app specified a security descriptor in the
1561 * CreateDirectory() call.
1565 status
= open_directory(conn
, req
, fname
, &sbuf
,
1575 * Ordinary file case.
1578 status
= open_file_ntcreate(conn
,req
,fname
,&sbuf
,
1587 if (NT_STATUS_EQUAL(status
, NT_STATUS_FILE_IS_A_DIRECTORY
)) {
1590 * Fail the open if it was explicitly a non-directory file.
1593 if (create_options
& FILE_NON_DIRECTORY_FILE
) {
1594 TALLOC_FREE(case_state
);
1595 reply_force_nterror(
1597 NT_STATUS_FILE_IS_A_DIRECTORY
);
1602 status
= open_directory(conn
, req
, fname
,
1613 TALLOC_FREE(case_state
);
1615 if(!NT_STATUS_IS_OK(status
)) {
1616 if (open_was_deferred(req
->mid
)) {
1617 /* We have re-scheduled this call. */
1620 reply_openerror(req
, status
);
1625 * According to the MS documentation, the only time the security
1626 * descriptor is applied to the opened file is iff we *created* the
1627 * file; an existing file stays the same.
1629 * Also, it seems (from observation) that you can open the file with
1630 * any access mask but you can still write the sd. We need to override
1631 * the granted access before we call set_sd
1632 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
1635 if (lp_nt_acl_support(SNUM(conn
)) && sd_len
&& info
== FILE_WAS_CREATED
) {
1636 uint32 saved_access_mask
= fsp
->access_mask
;
1638 /* We have already checked that sd_len <= data_count here. */
1640 fsp
->access_mask
= FILE_GENERIC_ALL
;
1642 status
= set_sd( fsp
, data
, sd_len
, ALL_SECURITY_INFORMATION
);
1643 if (!NT_STATUS_IS_OK(status
)) {
1644 close_file(fsp
,ERROR_CLOSE
);
1645 TALLOC_FREE(case_state
);
1646 reply_nterror(req
, status
);
1649 fsp
->access_mask
= saved_access_mask
;
1652 if (ea_len
&& (info
== FILE_WAS_CREATED
)) {
1653 status
= set_ea(conn
, fsp
, fname
, ea_list
);
1654 if (!NT_STATUS_IS_OK(status
)) {
1655 close_file(fsp
,ERROR_CLOSE
);
1656 TALLOC_FREE(case_state
);
1657 reply_nterror(req
, status
);
1662 TALLOC_FREE(case_state
);
1664 file_len
= sbuf
.st_size
;
1665 fattr
= dos_mode(conn
,fname
,&sbuf
);
1667 fattr
= FILE_ATTRIBUTE_NORMAL
;
1669 if (!fsp
->is_directory
&& (fattr
& aDIR
)) {
1670 close_file(fsp
,ERROR_CLOSE
);
1671 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
1675 /* Save the requested allocation size. */
1676 if ((info
== FILE_WAS_CREATED
) || (info
== FILE_WAS_OVERWRITTEN
)) {
1677 if (allocation_size
&& (allocation_size
> file_len
)) {
1678 fsp
->initial_allocation_size
= smb_roundup(fsp
->conn
, allocation_size
);
1679 if (fsp
->is_directory
) {
1680 close_file(fsp
,ERROR_CLOSE
);
1681 /* Can't set allocation size on a directory. */
1682 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1685 if (vfs_allocate_file_space(fsp
, fsp
->initial_allocation_size
) == -1) {
1686 close_file(fsp
,ERROR_CLOSE
);
1687 reply_nterror(req
, NT_STATUS_DISK_FULL
);
1691 fsp
->initial_allocation_size
= smb_roundup(fsp
->conn
, (SMB_BIG_UINT
)file_len
);
1696 * If the caller set the extended oplock request bit
1697 * and we granted one (by whatever means) - set the
1698 * correct bit for extended oplock reply.
1701 if (oplock_request
&& lp_fake_oplocks(SNUM(conn
))) {
1702 extended_oplock_granted
= True
;
1705 if(oplock_request
&& EXCLUSIVE_OPLOCK_TYPE(fsp
->oplock_type
)) {
1706 extended_oplock_granted
= True
;
1709 /* Realloc the size of parameters and data we will return */
1710 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1711 /* Extended response is 32 more byyes. */
1716 params
= nttrans_realloc(ppparams
, param_len
);
1717 if(params
== NULL
) {
1718 reply_doserror(req
, ERRDOS
, ERRnomem
);
1723 if (extended_oplock_granted
) {
1724 if (flags
& REQUEST_BATCH_OPLOCK
) {
1725 SCVAL(p
,0, BATCH_OPLOCK_RETURN
);
1727 SCVAL(p
,0, EXCLUSIVE_OPLOCK_RETURN
);
1729 } else if (fsp
->oplock_type
== LEVEL_II_OPLOCK
) {
1730 SCVAL(p
,0, LEVEL_II_OPLOCK_RETURN
);
1732 SCVAL(p
,0,NO_OPLOCK_RETURN
);
1736 SSVAL(p
,0,fsp
->fnum
);
1738 if ((create_disposition
== FILE_SUPERSEDE
) && (info
== FILE_WAS_OVERWRITTEN
)) {
1739 SIVAL(p
,0,FILE_WAS_SUPERSEDED
);
1746 c_timespec
= get_create_timespec(&sbuf
,lp_fake_dir_create_times(SNUM(conn
)));
1747 a_timespec
= get_atimespec(&sbuf
);
1748 m_timespec
= get_mtimespec(&sbuf
);
1750 if (lp_dos_filetime_resolution(SNUM(conn
))) {
1751 dos_filetime_timespec(&c_timespec
);
1752 dos_filetime_timespec(&a_timespec
);
1753 dos_filetime_timespec(&m_timespec
);
1756 put_long_date_timespec(p
, c_timespec
); /* create time. */
1758 put_long_date_timespec(p
, a_timespec
); /* access time */
1760 put_long_date_timespec(p
, m_timespec
); /* write time */
1762 put_long_date_timespec(p
, m_timespec
); /* change time */
1764 SIVAL(p
,0,fattr
); /* File Attributes. */
1766 SOFF_T(p
, 0, get_allocation_size(conn
,fsp
,&sbuf
));
1768 SOFF_T(p
,0,file_len
);
1770 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1774 SCVAL(p
,0,fsp
->is_directory
? 1 : 0);
1776 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1779 if (fsp
->is_directory
|| can_write_to_file(conn
, fname
, &sbuf
)) {
1780 perms
= FILE_GENERIC_ALL
;
1782 perms
= FILE_GENERIC_READ
|FILE_EXECUTE
;
1787 DEBUG(5,("call_nt_transact_create: open name = %s\n", fname
));
1789 /* Send the required number of replies */
1790 send_nt_replies(req
, NT_STATUS_OK
, params
, param_len
, *ppdata
, 0);
1795 /****************************************************************************
1796 Reply to a NT CANCEL request.
1797 conn POINTER CAN BE NULL HERE !
1798 ****************************************************************************/
1800 void reply_ntcancel(connection_struct
*conn
, struct smb_request
*req
)
1803 * Go through and cancel any pending change notifies.
1806 START_PROFILE(SMBntcancel
);
1807 remove_pending_change_notify_requests_by_mid(req
->mid
);
1808 remove_pending_lock_requests_by_mid(req
->mid
);
1809 srv_cancel_sign_response(req
->mid
);
1811 DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", req
->mid
));
1813 END_PROFILE(SMBntcancel
);
1817 /****************************************************************************
1819 ****************************************************************************/
1821 static NTSTATUS
copy_internals(TALLOC_CTX
*ctx
,
1822 connection_struct
*conn
,
1823 struct smb_request
*req
,
1824 const char *oldname_in
,
1825 const char *newname_in
,
1828 SMB_STRUCT_STAT sbuf1
, sbuf2
;
1829 char *oldname
= NULL
;
1830 char *newname
= NULL
;
1831 char *last_component_oldname
= NULL
;
1832 char *last_component_newname
= NULL
;
1833 files_struct
*fsp1
,*fsp2
;
1837 NTSTATUS status
= NT_STATUS_OK
;
1842 if (!CAN_WRITE(conn
)) {
1843 return NT_STATUS_MEDIA_WRITE_PROTECTED
;
1846 status
= unix_convert(ctx
, conn
, oldname_in
, False
, &oldname
,
1847 &last_component_oldname
, &sbuf1
);
1848 if (!NT_STATUS_IS_OK(status
)) {
1852 status
= check_name(conn
, oldname
);
1853 if (!NT_STATUS_IS_OK(status
)) {
1857 /* Source must already exist. */
1858 if (!VALID_STAT(sbuf1
)) {
1859 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1861 /* Ensure attributes match. */
1862 fattr
= dos_mode(conn
,oldname
,&sbuf1
);
1863 if ((fattr
& ~attrs
) & (aHIDDEN
| aSYSTEM
)) {
1864 return NT_STATUS_NO_SUCH_FILE
;
1867 status
= unix_convert(ctx
, conn
, newname_in
, False
, &newname
,
1868 &last_component_newname
, &sbuf2
);
1869 if (!NT_STATUS_IS_OK(status
)) {
1873 status
= check_name(conn
, newname
);
1874 if (!NT_STATUS_IS_OK(status
)) {
1878 /* Disallow if newname already exists. */
1879 if (VALID_STAT(sbuf2
)) {
1880 return NT_STATUS_OBJECT_NAME_COLLISION
;
1883 /* No links from a directory. */
1884 if (S_ISDIR(sbuf1
.st_mode
)) {
1885 return NT_STATUS_FILE_IS_A_DIRECTORY
;
1888 /* Ensure this is within the share. */
1889 status
= check_reduced_name(conn
, oldname
);
1890 if (!NT_STATUS_IS_OK(status
)) {
1894 DEBUG(10,("copy_internals: doing file copy %s to %s\n",
1897 status
= open_file_ntcreate(conn
, req
, oldname
, &sbuf1
,
1898 FILE_READ_DATA
, /* Read-only. */
1899 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
,
1901 0, /* No create options. */
1902 FILE_ATTRIBUTE_NORMAL
,
1906 if (!NT_STATUS_IS_OK(status
)) {
1910 status
= open_file_ntcreate(conn
, req
, newname
, &sbuf2
,
1911 FILE_WRITE_DATA
, /* Read-only. */
1912 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
,
1914 0, /* No create options. */
1919 if (!NT_STATUS_IS_OK(status
)) {
1920 close_file(fsp1
,ERROR_CLOSE
);
1924 if (sbuf1
.st_size
) {
1925 ret
= vfs_transfer_file(fsp1
, fsp2
, sbuf1
.st_size
);
1929 * As we are opening fsp1 read-only we only expect
1930 * an error on close on fsp2 if we are out of space.
1931 * Thus we don't look at the error return from the
1934 close_file(fsp1
,NORMAL_CLOSE
);
1936 /* Ensure the modtime is set correctly on the destination file. */
1937 fsp_set_pending_modtime(fsp2
, get_mtimespec(&sbuf1
));
1939 status
= close_file(fsp2
,NORMAL_CLOSE
);
1941 /* Grrr. We have to do this as open_file_ntcreate adds aARCH when it
1942 creates the file. This isn't the correct thing to do in the copy
1944 file_set_dosmode(conn
, newname
, fattr
, &sbuf2
,
1945 parent_dirname(newname
),false);
1947 if (ret
< (SMB_OFF_T
)sbuf1
.st_size
) {
1948 return NT_STATUS_DISK_FULL
;
1951 if (!NT_STATUS_IS_OK(status
)) {
1952 DEBUG(3,("copy_internals: Error %s copy file %s to %s\n",
1953 nt_errstr(status
), oldname
, newname
));
1958 /****************************************************************************
1959 Reply to a NT rename request.
1960 ****************************************************************************/
1962 void reply_ntrename(connection_struct
*conn
, struct smb_request
*req
)
1964 char *oldname
= NULL
;
1965 char *newname
= NULL
;
1968 bool src_has_wcard
= False
;
1969 bool dest_has_wcard
= False
;
1972 TALLOC_CTX
*ctx
= talloc_tos();
1974 START_PROFILE(SMBntrename
);
1977 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1978 END_PROFILE(SMBntrename
);
1982 attrs
= SVAL(req
->inbuf
,smb_vwv0
);
1983 rename_type
= SVAL(req
->inbuf
,smb_vwv1
);
1985 p
= smb_buf(req
->inbuf
) + 1;
1986 p
+= srvstr_get_path_wcard(ctx
, (char *)req
->inbuf
, req
->flags2
, &oldname
, p
,
1987 0, STR_TERMINATE
, &status
,
1989 if (!NT_STATUS_IS_OK(status
)) {
1990 reply_nterror(req
, status
);
1991 END_PROFILE(SMBntrename
);
1995 if( is_ntfs_stream_name(oldname
)) {
1996 /* Can't rename a stream. */
1997 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1998 END_PROFILE(SMBntrename
);
2002 if (ms_has_wild(oldname
)) {
2003 reply_nterror(req
, NT_STATUS_OBJECT_PATH_SYNTAX_BAD
);
2004 END_PROFILE(SMBntrename
);
2009 p
+= srvstr_get_path_wcard(ctx
, (char *)req
->inbuf
, req
->flags2
, &newname
, p
,
2010 0, STR_TERMINATE
, &status
,
2012 if (!NT_STATUS_IS_OK(status
)) {
2013 reply_nterror(req
, status
);
2014 END_PROFILE(SMBntrename
);
2018 status
= resolve_dfspath(ctx
, conn
,
2019 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
2022 if (!NT_STATUS_IS_OK(status
)) {
2023 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
2024 reply_botherror(req
, NT_STATUS_PATH_NOT_COVERED
,
2025 ERRSRV
, ERRbadpath
);
2026 END_PROFILE(SMBntrename
);
2029 reply_nterror(req
, status
);
2030 END_PROFILE(SMBntrename
);
2034 status
= resolve_dfspath(ctx
, conn
,
2035 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
2038 if (!NT_STATUS_IS_OK(status
)) {
2039 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
2040 reply_botherror(req
, NT_STATUS_PATH_NOT_COVERED
,
2041 ERRSRV
, ERRbadpath
);
2042 END_PROFILE(SMBntrename
);
2045 reply_nterror(req
, status
);
2046 END_PROFILE(SMBntrename
);
2050 DEBUG(3,("reply_ntrename : %s -> %s\n",oldname
,newname
));
2052 switch(rename_type
) {
2053 case RENAME_FLAG_RENAME
:
2054 status
= rename_internals(ctx
, conn
, req
, oldname
,
2055 newname
, attrs
, False
, src_has_wcard
,
2058 case RENAME_FLAG_HARD_LINK
:
2059 if (src_has_wcard
|| dest_has_wcard
) {
2061 status
= NT_STATUS_OBJECT_PATH_SYNTAX_BAD
;
2063 status
= hardlink_internals(ctx
,
2069 case RENAME_FLAG_COPY
:
2070 if (src_has_wcard
|| dest_has_wcard
) {
2072 status
= NT_STATUS_OBJECT_PATH_SYNTAX_BAD
;
2074 status
= copy_internals(ctx
, conn
, req
, oldname
,
2078 case RENAME_FLAG_MOVE_CLUSTER_INFORMATION
:
2079 status
= NT_STATUS_INVALID_PARAMETER
;
2082 status
= NT_STATUS_ACCESS_DENIED
; /* Default error. */
2086 if (!NT_STATUS_IS_OK(status
)) {
2087 if (open_was_deferred(req
->mid
)) {
2088 /* We have re-scheduled this call. */
2089 END_PROFILE(SMBntrename
);
2093 reply_nterror(req
, status
);
2094 END_PROFILE(SMBntrename
);
2098 reply_outbuf(req
, 0, 0);
2100 END_PROFILE(SMBntrename
);
2104 /****************************************************************************
2105 Reply to a notify change - queue the request and
2106 don't allow a directory to be opened.
2107 ****************************************************************************/
2109 static void call_nt_transact_notify_change(connection_struct
*conn
,
2110 struct smb_request
*req
,
2114 uint32 parameter_count
,
2115 char **ppdata
, uint32 data_count
,
2116 uint32 max_data_count
,
2117 uint32 max_param_count
)
2119 uint16
*setup
= *ppsetup
;
2125 if(setup_count
< 6) {
2126 reply_doserror(req
, ERRDOS
, ERRbadfunc
);
2130 fsp
= file_fsp(SVAL(setup
,4));
2131 filter
= IVAL(setup
, 0);
2132 recursive
= (SVAL(setup
, 6) != 0) ? True
: False
;
2134 DEBUG(3,("call_nt_transact_notify_change\n"));
2137 reply_doserror(req
, ERRDOS
, ERRbadfid
);
2142 char *filter_string
;
2144 if (!(filter_string
= notify_filter_string(NULL
, filter
))) {
2145 reply_nterror(req
,NT_STATUS_NO_MEMORY
);
2149 DEBUG(3,("call_nt_transact_notify_change: notify change "
2150 "called on %s, filter = %s, recursive = %d\n",
2151 fsp
->fsp_name
, filter_string
, recursive
));
2153 TALLOC_FREE(filter_string
);
2156 if((!fsp
->is_directory
) || (conn
!= fsp
->conn
)) {
2157 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2161 if (fsp
->notify
== NULL
) {
2163 status
= change_notify_create(fsp
, filter
, recursive
);
2165 if (!NT_STATUS_IS_OK(status
)) {
2166 DEBUG(10, ("change_notify_create returned %s\n",
2167 nt_errstr(status
)));
2168 reply_nterror(req
, status
);
2173 if (fsp
->notify
->num_changes
!= 0) {
2176 * We've got changes pending, respond immediately
2180 * TODO: write a torture test to check the filtering behaviour
2184 change_notify_reply(req
->inbuf
, max_param_count
, fsp
->notify
);
2187 * change_notify_reply() above has independently sent its
2194 * No changes pending, queue the request
2197 status
= change_notify_add_request(req
->inbuf
, max_param_count
, filter
,
2199 if (!NT_STATUS_IS_OK(status
)) {
2200 reply_nterror(req
, status
);
2205 /****************************************************************************
2206 Reply to an NT transact rename command.
2207 ****************************************************************************/
2209 static void call_nt_transact_rename(connection_struct
*conn
,
2210 struct smb_request
*req
,
2211 uint16
**ppsetup
, uint32 setup_count
,
2212 char **ppparams
, uint32 parameter_count
,
2213 char **ppdata
, uint32 data_count
,
2214 uint32 max_data_count
)
2216 char *params
= *ppparams
;
2217 char *new_name
= NULL
;
2218 files_struct
*fsp
= NULL
;
2219 bool replace_if_exists
= False
;
2220 bool dest_has_wcard
= False
;
2222 TALLOC_CTX
*ctx
= talloc_tos();
2224 if(parameter_count
< 5) {
2225 reply_doserror(req
, ERRDOS
, ERRbadfunc
);
2229 fsp
= file_fsp(SVAL(params
, 0));
2230 replace_if_exists
= (SVAL(params
,2) & RENAME_REPLACE_IF_EXISTS
) ? True
: False
;
2231 if (!check_fsp(conn
, req
, fsp
, ¤t_user
)) {
2234 srvstr_get_path_wcard(ctx
, params
, req
->flags2
, &new_name
, params
+4,
2235 parameter_count
- 4,
2236 STR_TERMINATE
, &status
, &dest_has_wcard
);
2237 if (!NT_STATUS_IS_OK(status
)) {
2238 reply_nterror(req
, status
);
2242 status
= rename_internals(ctx
,
2252 if (!NT_STATUS_IS_OK(status
)) {
2253 if (open_was_deferred(req
->mid
)) {
2254 /* We have re-scheduled this call. */
2257 reply_nterror(req
, status
);
2262 * Rename was successful.
2264 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2266 DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
2267 fsp
->fsp_name
, new_name
));
2272 /******************************************************************************
2273 Fake up a completely empty SD.
2274 *******************************************************************************/
2276 static NTSTATUS
get_null_nt_acl(TALLOC_CTX
*mem_ctx
, SEC_DESC
**ppsd
)
2280 *ppsd
= make_standard_sec_desc( mem_ctx
, &global_sid_World
, &global_sid_World
, NULL
, &sd_size
);
2282 DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
2283 return NT_STATUS_NO_MEMORY
;
2286 return NT_STATUS_OK
;
2289 /****************************************************************************
2290 Reply to query a security descriptor.
2291 ****************************************************************************/
2293 static void call_nt_transact_query_security_desc(connection_struct
*conn
,
2294 struct smb_request
*req
,
2298 uint32 parameter_count
,
2301 uint32 max_data_count
)
2303 char *params
= *ppparams
;
2304 char *data
= *ppdata
;
2306 SEC_DESC
*psd
= NULL
;
2308 uint32 security_info_wanted
;
2309 TALLOC_CTX
*mem_ctx
;
2310 files_struct
*fsp
= NULL
;
2313 if(parameter_count
< 8) {
2314 reply_doserror(req
, ERRDOS
, ERRbadfunc
);
2318 fsp
= file_fsp(SVAL(params
,0));
2320 reply_doserror(req
, ERRDOS
, ERRbadfid
);
2324 security_info_wanted
= IVAL(params
,4);
2326 DEBUG(3,("call_nt_transact_query_security_desc: file = %s, info_wanted = 0x%x\n", fsp
->fsp_name
,
2327 (unsigned int)security_info_wanted
));
2329 params
= nttrans_realloc(ppparams
, 4);
2330 if(params
== NULL
) {
2331 reply_doserror(req
, ERRDOS
, ERRnomem
);
2335 if ((mem_ctx
= talloc_init("call_nt_transact_query_security_desc")) == NULL
) {
2336 DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
2337 reply_doserror(req
, ERRDOS
, ERRnomem
);
2342 * Get the permissions to return.
2345 if (!lp_nt_acl_support(SNUM(conn
))) {
2346 status
= get_null_nt_acl(mem_ctx
, &psd
);
2348 status
= SMB_VFS_FGET_NT_ACL(fsp
, fsp
->fh
->fd
,
2349 security_info_wanted
, &psd
);
2352 if (!NT_STATUS_IS_OK(status
)) {
2353 talloc_destroy(mem_ctx
);
2354 reply_nterror(req
, status
);
2358 sd_size
= sec_desc_size(psd
);
2360 DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size
));
2362 SIVAL(params
,0,(uint32
)sd_size
);
2364 if(max_data_count
< sd_size
) {
2366 send_nt_replies(req
, NT_STATUS_BUFFER_TOO_SMALL
,
2367 params
, 4, *ppdata
, 0);
2368 talloc_destroy(mem_ctx
);
2373 * Allocate the data we will point this at.
2376 data
= nttrans_realloc(ppdata
, sd_size
);
2378 talloc_destroy(mem_ctx
);
2379 reply_doserror(req
, ERRDOS
, ERRnomem
);
2384 * Init the parse struct we will marshall into.
2387 prs_init(&pd
, 0, mem_ctx
, MARSHALL
);
2390 * Setup the prs_struct to point at the memory we just
2394 prs_give_memory( &pd
, data
, (uint32
)sd_size
, False
);
2397 * Finally, linearize into the outgoing buffer.
2400 if(!sec_io_desc( "sd data", &psd
, &pd
, 1)) {
2401 DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \
2402 security descriptor.\n"));
2404 * Return access denied for want of a better error message..
2406 talloc_destroy(mem_ctx
);
2407 reply_unixerror(req
, ERRDOS
, ERRnoaccess
);
2412 * Now we can delete the security descriptor.
2415 talloc_destroy(mem_ctx
);
2417 send_nt_replies(req
, NT_STATUS_OK
, params
, 4, data
, (int)sd_size
);
2421 /****************************************************************************
2422 Reply to set a security descriptor. Map to UNIX perms or POSIX ACLs.
2423 ****************************************************************************/
2425 static void call_nt_transact_set_security_desc(connection_struct
*conn
,
2426 struct smb_request
*req
,
2430 uint32 parameter_count
,
2433 uint32 max_data_count
)
2435 char *params
= *ppparams
;
2436 char *data
= *ppdata
;
2437 files_struct
*fsp
= NULL
;
2438 uint32 security_info_sent
= 0;
2441 if(parameter_count
< 8) {
2442 reply_doserror(req
, ERRDOS
, ERRbadfunc
);
2446 if((fsp
= file_fsp(SVAL(params
,0))) == NULL
) {
2447 reply_doserror(req
, ERRDOS
, ERRbadfid
);
2451 if(!lp_nt_acl_support(SNUM(conn
))) {
2455 security_info_sent
= IVAL(params
,4);
2457 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp
->fsp_name
,
2458 (unsigned int)security_info_sent
));
2460 if (data_count
== 0) {
2461 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
2465 if (!NT_STATUS_IS_OK(nt_status
= set_sd( fsp
, data
, data_count
, security_info_sent
))) {
2466 reply_nterror(req
, nt_status
);
2472 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2476 /****************************************************************************
2478 ****************************************************************************/
2480 static void call_nt_transact_ioctl(connection_struct
*conn
,
2481 struct smb_request
*req
,
2482 uint16
**ppsetup
, uint32 setup_count
,
2483 char **ppparams
, uint32 parameter_count
,
2484 char **ppdata
, uint32 data_count
,
2485 uint32 max_data_count
)
2492 static bool logged_message
;
2493 char *pdata
= *ppdata
;
2495 if (setup_count
!= 8) {
2496 DEBUG(3,("call_nt_transact_ioctl: invalid setup count %d\n", setup_count
));
2497 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2501 function
= IVAL(*ppsetup
, 0);
2502 fidnum
= SVAL(*ppsetup
, 4);
2503 isFSctl
= CVAL(*ppsetup
, 6);
2504 compfilter
= CVAL(*ppsetup
, 7);
2506 DEBUG(10,("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n",
2507 function
, fidnum
, isFSctl
, compfilter
));
2509 fsp
=file_fsp(fidnum
);
2510 /* this check is done in each implemented function case for now
2511 because I don't want to break anything... --metze
2512 FSP_BELONGS_CONN(fsp,conn);*/
2515 case FSCTL_SET_SPARSE
:
2516 /* pretend this succeeded - tho strictly we should
2517 mark the file sparse (if the local fs supports it)
2518 so we can know if we need to pre-allocate or not */
2520 DEBUG(10,("FSCTL_SET_SPARSE: called on FID[0x%04X](but not implemented)\n", fidnum
));
2521 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2524 case FSCTL_CREATE_OR_GET_OBJECT_ID
:
2526 unsigned char objid
[16];
2528 /* This should return the object-id on this file.
2529 * I think I'll make this be the inode+dev. JRA.
2532 DEBUG(10,("FSCTL_CREATE_OR_GET_OBJECT_ID: called on FID[0x%04X]\n",fidnum
));
2534 if (!fsp_belongs_conn(conn
, req
, fsp
, ¤t_user
)) {
2539 pdata
= nttrans_realloc(ppdata
, data_count
);
2540 if (pdata
== NULL
) {
2541 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2544 push_file_id_16(pdata
, &fsp
->file_id
);
2545 memcpy(pdata
+16,create_volume_objectid(conn
,objid
),16);
2546 push_file_id_16(pdata
+32, &fsp
->file_id
);
2547 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0,
2552 case FSCTL_GET_REPARSE_POINT
:
2553 /* pretend this fail - my winXP does it like this
2557 DEBUG(10,("FSCTL_GET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum
));
2558 reply_nterror(req
, NT_STATUS_NOT_A_REPARSE_POINT
);
2561 case FSCTL_SET_REPARSE_POINT
:
2562 /* pretend this fail - I'm assuming this because of the FSCTL_GET_REPARSE_POINT case.
2566 DEBUG(10,("FSCTL_SET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum
));
2567 reply_nterror(req
, NT_STATUS_NOT_A_REPARSE_POINT
);
2570 case FSCTL_GET_SHADOW_COPY_DATA
: /* don't know if this name is right...*/
2573 * This is called to retrieve the number of Shadow Copies (a.k.a. snapshots)
2574 * and return their volume names. If max_data_count is 16, then it is just
2575 * asking for the number of volumes and length of the combined names.
2577 * pdata is the data allocated by our caller, but that uses
2578 * total_data_count (which is 0 in our case) rather than max_data_count.
2579 * Allocate the correct amount and return the pointer to let
2580 * it be deallocated when we return.
2582 SHADOW_COPY_DATA
*shadow_data
= NULL
;
2583 TALLOC_CTX
*shadow_mem_ctx
= NULL
;
2584 bool labels
= False
;
2585 uint32 labels_data_count
= 0;
2589 if (!fsp_belongs_conn(conn
, req
, fsp
, ¤t_user
)) {
2593 if (max_data_count
< 16) {
2594 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) < 16 is invalid!\n",
2596 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2600 if (max_data_count
> 16) {
2604 shadow_mem_ctx
= talloc_init("SHADOW_COPY_DATA");
2605 if (shadow_mem_ctx
== NULL
) {
2606 DEBUG(0,("talloc_init(SHADOW_COPY_DATA) failed!\n"));
2607 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2611 shadow_data
= TALLOC_ZERO_P(shadow_mem_ctx
,SHADOW_COPY_DATA
);
2612 if (shadow_data
== NULL
) {
2613 DEBUG(0,("TALLOC_ZERO() failed!\n"));
2614 talloc_destroy(shadow_mem_ctx
);
2615 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2619 shadow_data
->mem_ctx
= shadow_mem_ctx
;
2622 * Call the VFS routine to actually do the work.
2624 if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp
, shadow_data
, labels
)!=0) {
2625 talloc_destroy(shadow_data
->mem_ctx
);
2626 if (errno
== ENOSYS
) {
2627 DEBUG(5,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, not supported.\n",
2628 conn
->connectpath
));
2629 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2632 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, failed.\n",
2633 conn
->connectpath
));
2634 reply_nterror(req
, NT_STATUS_UNSUCCESSFUL
);
2639 labels_data_count
= (shadow_data
->num_volumes
*2*sizeof(SHADOW_COPY_LABEL
))+2;
2644 data_count
= 12+labels_data_count
+4;
2647 if (max_data_count
<data_count
) {
2648 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) too small (%u) bytes needed!\n",
2649 max_data_count
,data_count
));
2650 talloc_destroy(shadow_data
->mem_ctx
);
2651 reply_nterror(req
, NT_STATUS_BUFFER_TOO_SMALL
);
2655 pdata
= nttrans_realloc(ppdata
, data_count
);
2656 if (pdata
== NULL
) {
2657 talloc_destroy(shadow_data
->mem_ctx
);
2658 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2664 /* num_volumes 4 bytes */
2665 SIVAL(pdata
,0,shadow_data
->num_volumes
);
2668 /* num_labels 4 bytes */
2669 SIVAL(pdata
,4,shadow_data
->num_volumes
);
2672 /* needed_data_count 4 bytes */
2673 SIVAL(pdata
,8,labels_data_count
);
2677 DEBUG(10,("FSCTL_GET_SHADOW_COPY_DATA: %u volumes for path[%s].\n",
2678 shadow_data
->num_volumes
,fsp
->fsp_name
));
2679 if (labels
&& shadow_data
->labels
) {
2680 for (i
=0;i
<shadow_data
->num_volumes
;i
++) {
2681 srvstr_push(pdata
, req
->flags2
,
2682 cur_pdata
, shadow_data
->labels
[i
],
2683 2*sizeof(SHADOW_COPY_LABEL
),
2684 STR_UNICODE
|STR_TERMINATE
);
2685 cur_pdata
+=2*sizeof(SHADOW_COPY_LABEL
);
2686 DEBUGADD(10,("Label[%u]: '%s'\n",i
,shadow_data
->labels
[i
]));
2690 talloc_destroy(shadow_data
->mem_ctx
);
2692 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0,
2698 case FSCTL_FIND_FILES_BY_SID
: /* I hope this name is right */
2700 /* pretend this succeeded -
2702 * we have to send back a list with all files owned by this SID
2704 * but I have to check that --metze
2708 size_t sid_len
= MIN(data_count
-4,SID_MAX_SIZE
);
2710 DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum
));
2712 if (!fsp_belongs_conn(conn
, req
, fsp
, ¤t_user
)) {
2716 /* unknown 4 bytes: this is not the length of the sid :-( */
2717 /*unknown = IVAL(pdata,0);*/
2719 sid_parse(pdata
+4,sid_len
,&sid
);
2720 DEBUGADD(10,("for SID: %s\n",sid_string_static(&sid
)));
2722 if (!sid_to_uid(&sid
, &uid
)) {
2723 DEBUG(0,("sid_to_uid: failed, sid[%s] sid_len[%lu]\n",
2724 sid_string_static(&sid
),(unsigned long)sid_len
));
2728 /* we can take a look at the find source :-)
2730 * find ./ -uid $uid -name '*' is what we need here
2733 * and send 4bytes len and then NULL terminated unicode strings
2736 * but I don't know how to deal with the paged results
2737 * (maybe we can hang the result anywhere in the fsp struct)
2739 * we don't send all files at once
2740 * and at the next we should *not* start from the beginning,
2741 * so we have to cache the result
2746 /* this works for now... */
2747 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2751 if (!logged_message
) {
2752 logged_message
= True
; /* Only print this once... */
2753 DEBUG(0,("call_nt_transact_ioctl(0x%x): Currently not implemented.\n",
2758 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2762 #ifdef HAVE_SYS_QUOTAS
2763 /****************************************************************************
2764 Reply to get user quota
2765 ****************************************************************************/
2767 static void call_nt_transact_get_user_quota(connection_struct
*conn
,
2768 struct smb_request
*req
,
2772 uint32 parameter_count
,
2775 uint32 max_data_count
)
2777 NTSTATUS nt_status
= NT_STATUS_OK
;
2778 char *params
= *ppparams
;
2779 char *pdata
= *ppdata
;
2781 int data_len
=0,param_len
=0;
2784 files_struct
*fsp
= NULL
;
2788 bool start_enum
= True
;
2789 SMB_NTQUOTA_STRUCT qt
;
2790 SMB_NTQUOTA_LIST
*tmp_list
;
2791 SMB_NTQUOTA_HANDLE
*qt_handle
= NULL
;
2796 if (current_user
.ut
.uid
!= 0) {
2797 DEBUG(1,("get_user_quota: access_denied service [%s] user [%s]\n",
2798 lp_servicename(SNUM(conn
)),conn
->user
));
2799 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
2804 * Ensure minimum number of parameters sent.
2807 if (parameter_count
< 4) {
2808 DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count
));
2809 reply_doserror(req
, ERRDOS
, ERRinvalidparam
);
2813 /* maybe we can check the quota_fnum */
2814 fsp
= file_fsp(SVAL(params
,0));
2815 if (!CHECK_NTQUOTA_HANDLE_OK(fsp
,conn
)) {
2816 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2817 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
2821 /* the NULL pointer checking for fsp->fake_file_handle->pd
2822 * is done by CHECK_NTQUOTA_HANDLE_OK()
2824 qt_handle
= (SMB_NTQUOTA_HANDLE
*)fsp
->fake_file_handle
->pd
;
2826 level
= SVAL(params
,2);
2828 /* unknown 12 bytes leading in params */
2831 case TRANSACT_GET_USER_QUOTA_LIST_CONTINUE
:
2832 /* seems that we should continue with the enum here --metze */
2834 if (qt_handle
->quota_list
!=NULL
&&
2835 qt_handle
->tmp_list
==NULL
) {
2838 free_ntquota_list(&(qt_handle
->quota_list
));
2840 /* Realloc the size of parameters and data we will return */
2842 params
= nttrans_realloc(ppparams
, param_len
);
2843 if(params
== NULL
) {
2844 reply_doserror(req
, ERRDOS
, ERRnomem
);
2849 SIVAL(params
,0,data_len
);
2856 case TRANSACT_GET_USER_QUOTA_LIST_START
:
2858 if (qt_handle
->quota_list
==NULL
&&
2859 qt_handle
->tmp_list
==NULL
) {
2863 if (start_enum
&& vfs_get_user_ntquota_list(fsp
,&(qt_handle
->quota_list
))!=0) {
2864 reply_doserror(req
, ERRSRV
, ERRerror
);
2868 /* Realloc the size of parameters and data we will return */
2870 params
= nttrans_realloc(ppparams
, param_len
);
2871 if(params
== NULL
) {
2872 reply_doserror(req
, ERRDOS
, ERRnomem
);
2876 /* we should not trust the value in max_data_count*/
2877 max_data_count
= MIN(max_data_count
,2048);
2879 pdata
= nttrans_realloc(ppdata
, max_data_count
);/* should be max data count from client*/
2881 reply_doserror(req
, ERRDOS
, ERRnomem
);
2887 /* set params Size of returned Quota Data 4 bytes*/
2888 /* but set it later when we know it */
2890 /* for each entry push the data */
2893 qt_handle
->tmp_list
= qt_handle
->quota_list
;
2896 tmp_list
= qt_handle
->tmp_list
;
2898 for (;((tmp_list
!=NULL
)&&((qt_len
+40+SID_MAX_SIZE
)<max_data_count
));
2899 tmp_list
=tmp_list
->next
,entry
+=entry_len
,qt_len
+=entry_len
) {
2901 sid_len
= sid_size(&tmp_list
->quotas
->sid
);
2902 entry_len
= 40 + sid_len
;
2904 /* nextoffset entry 4 bytes */
2905 SIVAL(entry
,0,entry_len
);
2907 /* then the len of the SID 4 bytes */
2908 SIVAL(entry
,4,sid_len
);
2910 /* unknown data 8 bytes SMB_BIG_UINT */
2911 SBIG_UINT(entry
,8,(SMB_BIG_UINT
)0); /* this is not 0 in windows...-metze*/
2913 /* the used disk space 8 bytes SMB_BIG_UINT */
2914 SBIG_UINT(entry
,16,tmp_list
->quotas
->usedspace
);
2916 /* the soft quotas 8 bytes SMB_BIG_UINT */
2917 SBIG_UINT(entry
,24,tmp_list
->quotas
->softlim
);
2919 /* the hard quotas 8 bytes SMB_BIG_UINT */
2920 SBIG_UINT(entry
,32,tmp_list
->quotas
->hardlim
);
2922 /* and now the SID */
2923 sid_linearize(entry
+40, sid_len
, &tmp_list
->quotas
->sid
);
2926 qt_handle
->tmp_list
= tmp_list
;
2928 /* overwrite the offset of the last entry */
2929 SIVAL(entry
-entry_len
,0,0);
2931 data_len
= 4+qt_len
;
2932 /* overwrite the params quota_data_len */
2933 SIVAL(params
,0,data_len
);
2937 case TRANSACT_GET_USER_QUOTA_FOR_SID
:
2939 /* unknown 4 bytes IVAL(pdata,0) */
2941 if (data_count
< 8) {
2942 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count
,8));
2943 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
2947 sid_len
= IVAL(pdata
,4);
2948 /* Ensure this is less than 1mb. */
2949 if (sid_len
> (1024*1024)) {
2950 reply_doserror(req
, ERRDOS
, ERRnomem
);
2954 if (data_count
< 8+sid_len
) {
2955 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count
,(unsigned long)(8+sid_len
)));
2956 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
2960 data_len
= 4+40+sid_len
;
2962 if (max_data_count
< data_len
) {
2963 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: max_data_count(%d) < data_len(%d)\n",
2964 max_data_count
, data_len
));
2966 SIVAL(params
,0,data_len
);
2968 nt_status
= NT_STATUS_BUFFER_TOO_SMALL
;
2972 sid_parse(pdata
+8,sid_len
,&sid
);
2974 if (vfs_get_ntquota(fsp
, SMB_USER_QUOTA_TYPE
, &sid
, &qt
)!=0) {
2977 * we have to return zero's in all fields
2978 * instead of returning an error here
2983 /* Realloc the size of parameters and data we will return */
2985 params
= nttrans_realloc(ppparams
, param_len
);
2986 if(params
== NULL
) {
2987 reply_doserror(req
, ERRDOS
, ERRnomem
);
2991 pdata
= nttrans_realloc(ppdata
, data_len
);
2993 reply_doserror(req
, ERRDOS
, ERRnomem
);
2999 /* set params Size of returned Quota Data 4 bytes*/
3000 SIVAL(params
,0,data_len
);
3002 /* nextoffset entry 4 bytes */
3005 /* then the len of the SID 4 bytes */
3006 SIVAL(entry
,4,sid_len
);
3008 /* unknown data 8 bytes SMB_BIG_UINT */
3009 SBIG_UINT(entry
,8,(SMB_BIG_UINT
)0); /* this is not 0 in windows...-mezte*/
3011 /* the used disk space 8 bytes SMB_BIG_UINT */
3012 SBIG_UINT(entry
,16,qt
.usedspace
);
3014 /* the soft quotas 8 bytes SMB_BIG_UINT */
3015 SBIG_UINT(entry
,24,qt
.softlim
);
3017 /* the hard quotas 8 bytes SMB_BIG_UINT */
3018 SBIG_UINT(entry
,32,qt
.hardlim
);
3020 /* and now the SID */
3021 sid_linearize(entry
+40, sid_len
, &sid
);
3026 DEBUG(0,("do_nt_transact_get_user_quota: fnum %d unknown level 0x%04hX\n",fsp
->fnum
,level
));
3027 reply_doserror(req
, ERRSRV
, ERRerror
);
3032 send_nt_replies(req
, nt_status
, params
, param_len
,
3036 /****************************************************************************
3037 Reply to set user quota
3038 ****************************************************************************/
3040 static void call_nt_transact_set_user_quota(connection_struct
*conn
,
3041 struct smb_request
*req
,
3045 uint32 parameter_count
,
3048 uint32 max_data_count
)
3050 char *params
= *ppparams
;
3051 char *pdata
= *ppdata
;
3052 int data_len
=0,param_len
=0;
3053 SMB_NTQUOTA_STRUCT qt
;
3056 files_struct
*fsp
= NULL
;
3061 if (current_user
.ut
.uid
!= 0) {
3062 DEBUG(1,("set_user_quota: access_denied service [%s] user [%s]\n",
3063 lp_servicename(SNUM(conn
)),conn
->user
));
3064 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
3069 * Ensure minimum number of parameters sent.
3072 if (parameter_count
< 2) {
3073 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count
));
3074 reply_doserror(req
, ERRDOS
, ERRinvalidparam
);
3078 /* maybe we can check the quota_fnum */
3079 fsp
= file_fsp(SVAL(params
,0));
3080 if (!CHECK_NTQUOTA_HANDLE_OK(fsp
,conn
)) {
3081 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
3082 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
3086 if (data_count
< 40) {
3087 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count
,40));
3088 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3092 /* offset to next quota record.
3093 * 4 bytes IVAL(pdata,0)
3098 sid_len
= IVAL(pdata
,4);
3100 if (data_count
< 40+sid_len
) {
3101 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count
,(unsigned long)40+sid_len
));
3102 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3106 /* unknown 8 bytes in pdata
3107 * maybe its the change time in NTTIME
3110 /* the used space 8 bytes (SMB_BIG_UINT)*/
3111 qt
.usedspace
= (SMB_BIG_UINT
)IVAL(pdata
,16);
3112 #ifdef LARGE_SMB_OFF_T
3113 qt
.usedspace
|= (((SMB_BIG_UINT
)IVAL(pdata
,20)) << 32);
3114 #else /* LARGE_SMB_OFF_T */
3115 if ((IVAL(pdata
,20) != 0)&&
3116 ((qt
.usedspace
!= 0xFFFFFFFF)||
3117 (IVAL(pdata
,20)!=0xFFFFFFFF))) {
3118 /* more than 32 bits? */
3119 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3122 #endif /* LARGE_SMB_OFF_T */
3124 /* the soft quotas 8 bytes (SMB_BIG_UINT)*/
3125 qt
.softlim
= (SMB_BIG_UINT
)IVAL(pdata
,24);
3126 #ifdef LARGE_SMB_OFF_T
3127 qt
.softlim
|= (((SMB_BIG_UINT
)IVAL(pdata
,28)) << 32);
3128 #else /* LARGE_SMB_OFF_T */
3129 if ((IVAL(pdata
,28) != 0)&&
3130 ((qt
.softlim
!= 0xFFFFFFFF)||
3131 (IVAL(pdata
,28)!=0xFFFFFFFF))) {
3132 /* more than 32 bits? */
3133 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3136 #endif /* LARGE_SMB_OFF_T */
3138 /* the hard quotas 8 bytes (SMB_BIG_UINT)*/
3139 qt
.hardlim
= (SMB_BIG_UINT
)IVAL(pdata
,32);
3140 #ifdef LARGE_SMB_OFF_T
3141 qt
.hardlim
|= (((SMB_BIG_UINT
)IVAL(pdata
,36)) << 32);
3142 #else /* LARGE_SMB_OFF_T */
3143 if ((IVAL(pdata
,36) != 0)&&
3144 ((qt
.hardlim
!= 0xFFFFFFFF)||
3145 (IVAL(pdata
,36)!=0xFFFFFFFF))) {
3146 /* more than 32 bits? */
3147 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3150 #endif /* LARGE_SMB_OFF_T */
3152 sid_parse(pdata
+40,sid_len
,&sid
);
3153 DEBUGADD(8,("SID: %s\n",sid_string_static(&sid
)));
3155 /* 44 unknown bytes left... */
3157 if (vfs_set_ntquota(fsp
, SMB_USER_QUOTA_TYPE
, &sid
, &qt
)!=0) {
3158 reply_doserror(req
, ERRSRV
, ERRerror
);
3162 send_nt_replies(req
, NT_STATUS_OK
, params
, param_len
,
3165 #endif /* HAVE_SYS_QUOTAS */
3167 static void handle_nttrans(connection_struct
*conn
,
3168 struct trans_state
*state
,
3169 struct smb_request
*req
)
3171 if (Protocol
>= PROTOCOL_NT1
) {
3172 req
->flags2
|= 0x40; /* IS_LONG_NAME */
3173 SSVAL(req
->inbuf
,smb_flg2
,req
->flags2
);
3176 /* Now we must call the relevant NT_TRANS function */
3177 switch(state
->call
) {
3178 case NT_TRANSACT_CREATE
:
3180 START_PROFILE(NT_transact_create
);
3181 call_nt_transact_create(
3183 &state
->setup
, state
->setup_count
,
3184 &state
->param
, state
->total_param
,
3185 &state
->data
, state
->total_data
,
3186 state
->max_data_return
);
3187 END_PROFILE(NT_transact_create
);
3191 case NT_TRANSACT_IOCTL
:
3193 START_PROFILE(NT_transact_ioctl
);
3194 call_nt_transact_ioctl(
3196 &state
->setup
, state
->setup_count
,
3197 &state
->param
, state
->total_param
,
3198 &state
->data
, state
->total_data
,
3199 state
->max_data_return
);
3200 END_PROFILE(NT_transact_ioctl
);
3204 case NT_TRANSACT_SET_SECURITY_DESC
:
3206 START_PROFILE(NT_transact_set_security_desc
);
3207 call_nt_transact_set_security_desc(
3209 &state
->setup
, state
->setup_count
,
3210 &state
->param
, state
->total_param
,
3211 &state
->data
, state
->total_data
,
3212 state
->max_data_return
);
3213 END_PROFILE(NT_transact_set_security_desc
);
3217 case NT_TRANSACT_NOTIFY_CHANGE
:
3219 START_PROFILE(NT_transact_notify_change
);
3220 call_nt_transact_notify_change(
3222 &state
->setup
, state
->setup_count
,
3223 &state
->param
, state
->total_param
,
3224 &state
->data
, state
->total_data
,
3225 state
->max_data_return
,
3226 state
->max_param_return
);
3227 END_PROFILE(NT_transact_notify_change
);
3231 case NT_TRANSACT_RENAME
:
3233 START_PROFILE(NT_transact_rename
);
3234 call_nt_transact_rename(
3236 &state
->setup
, state
->setup_count
,
3237 &state
->param
, state
->total_param
,
3238 &state
->data
, state
->total_data
,
3239 state
->max_data_return
);
3240 END_PROFILE(NT_transact_rename
);
3244 case NT_TRANSACT_QUERY_SECURITY_DESC
:
3246 START_PROFILE(NT_transact_query_security_desc
);
3247 call_nt_transact_query_security_desc(
3249 &state
->setup
, state
->setup_count
,
3250 &state
->param
, state
->total_param
,
3251 &state
->data
, state
->total_data
,
3252 state
->max_data_return
);
3253 END_PROFILE(NT_transact_query_security_desc
);
3257 #ifdef HAVE_SYS_QUOTAS
3258 case NT_TRANSACT_GET_USER_QUOTA
:
3260 START_PROFILE(NT_transact_get_user_quota
);
3261 call_nt_transact_get_user_quota(
3263 &state
->setup
, state
->setup_count
,
3264 &state
->param
, state
->total_param
,
3265 &state
->data
, state
->total_data
,
3266 state
->max_data_return
);
3267 END_PROFILE(NT_transact_get_user_quota
);
3271 case NT_TRANSACT_SET_USER_QUOTA
:
3273 START_PROFILE(NT_transact_set_user_quota
);
3274 call_nt_transact_set_user_quota(
3276 &state
->setup
, state
->setup_count
,
3277 &state
->param
, state
->total_param
,
3278 &state
->data
, state
->total_data
,
3279 state
->max_data_return
);
3280 END_PROFILE(NT_transact_set_user_quota
);
3283 #endif /* HAVE_SYS_QUOTAS */
3286 /* Error in request */
3287 DEBUG(0,("handle_nttrans: Unknown request %d in "
3288 "nttrans call\n", state
->call
));
3289 reply_doserror(req
, ERRSRV
, ERRerror
);
3295 /****************************************************************************
3296 Reply to a SMBNTtrans.
3297 ****************************************************************************/
3299 void reply_nttrans(connection_struct
*conn
, struct smb_request
*req
)
3305 uint16 function_code
;
3307 struct trans_state
*state
;
3310 START_PROFILE(SMBnttrans
);
3312 if (req
->wct
< 19) {
3313 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3314 END_PROFILE(SMBnttrans
);
3318 size
= smb_len(req
->inbuf
) + 4;
3319 pscnt
= IVAL(req
->inbuf
,smb_nt_ParameterCount
);
3320 psoff
= IVAL(req
->inbuf
,smb_nt_ParameterOffset
);
3321 dscnt
= IVAL(req
->inbuf
,smb_nt_DataCount
);
3322 dsoff
= IVAL(req
->inbuf
,smb_nt_DataOffset
);
3323 function_code
= SVAL(req
->inbuf
, smb_nt_Function
);
3325 if (IS_IPC(conn
) && (function_code
!= NT_TRANSACT_CREATE
)) {
3326 reply_doserror(req
, ERRSRV
, ERRaccess
);
3327 END_PROFILE(SMBnttrans
);
3331 result
= allow_new_trans(conn
->pending_trans
, req
->mid
);
3332 if (!NT_STATUS_IS_OK(result
)) {
3333 DEBUG(2, ("Got invalid nttrans request: %s\n", nt_errstr(result
)));
3334 reply_nterror(req
, result
);
3335 END_PROFILE(SMBnttrans
);
3339 if ((state
= TALLOC_P(conn
->mem_ctx
, struct trans_state
)) == NULL
) {
3340 reply_doserror(req
, ERRSRV
, ERRaccess
);
3341 END_PROFILE(SMBnttrans
);
3345 state
->cmd
= SMBnttrans
;
3347 state
->mid
= req
->mid
;
3348 state
->vuid
= req
->vuid
;
3349 state
->total_data
= IVAL(req
->inbuf
, smb_nt_TotalDataCount
);
3351 state
->total_param
= IVAL(req
->inbuf
, smb_nt_TotalParameterCount
);
3352 state
->param
= NULL
;
3353 state
->max_data_return
= IVAL(req
->inbuf
,smb_nt_MaxDataCount
);
3354 state
->max_param_return
= IVAL(req
->inbuf
,smb_nt_MaxParameterCount
);
3356 /* setup count is in *words* */
3357 state
->setup_count
= 2*CVAL(req
->inbuf
,smb_nt_SetupCount
);
3358 state
->setup
= NULL
;
3359 state
->call
= function_code
;
3362 * All nttrans messages we handle have smb_wct == 19 +
3363 * state->setup_count. Ensure this is so as a sanity check.
3366 if(req
->wct
!= 19 + (state
->setup_count
/2)) {
3367 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
3368 req
->wct
, 19 + (state
->setup_count
/2)));
3372 /* Don't allow more than 128mb for each value. */
3373 if ((state
->total_data
> (1024*1024*128)) ||
3374 (state
->total_param
> (1024*1024*128))) {
3375 reply_doserror(req
, ERRDOS
, ERRnomem
);
3376 END_PROFILE(SMBnttrans
);
3380 if ((dscnt
> state
->total_data
) || (pscnt
> state
->total_param
))
3383 if (state
->total_data
) {
3384 /* Can't use talloc here, the core routines do realloc on the
3385 * params and data. */
3386 if ((state
->data
= (char *)SMB_MALLOC(state
->total_data
)) == NULL
) {
3387 DEBUG(0,("reply_nttrans: data malloc fail for %u "
3388 "bytes !\n", (unsigned int)state
->total_data
));
3390 reply_doserror(req
, ERRDOS
, ERRnomem
);
3391 END_PROFILE(SMBnttrans
);
3394 if ((dsoff
+dscnt
< dsoff
) || (dsoff
+dscnt
< dscnt
))
3396 if ((smb_base(req
->inbuf
)+dsoff
+dscnt
3397 > (char *)req
->inbuf
+ size
) ||
3398 (smb_base(req
->inbuf
)+dsoff
+dscnt
< smb_base(req
->inbuf
)))
3401 memcpy(state
->data
,smb_base(req
->inbuf
)+dsoff
,dscnt
);
3404 if (state
->total_param
) {
3405 /* Can't use talloc here, the core routines do realloc on the
3406 * params and data. */
3407 if ((state
->param
= (char *)SMB_MALLOC(state
->total_param
)) == NULL
) {
3408 DEBUG(0,("reply_nttrans: param malloc fail for %u "
3409 "bytes !\n", (unsigned int)state
->total_param
));
3410 SAFE_FREE(state
->data
);
3412 reply_doserror(req
, ERRDOS
, ERRnomem
);
3413 END_PROFILE(SMBnttrans
);
3416 if ((psoff
+pscnt
< psoff
) || (psoff
+pscnt
< pscnt
))
3418 if ((smb_base(req
->inbuf
)+psoff
+pscnt
3419 > (char *)req
->inbuf
+ size
) ||
3420 (smb_base(req
->inbuf
)+psoff
+pscnt
< smb_base(req
->inbuf
)))
3423 memcpy(state
->param
,smb_base(req
->inbuf
)+psoff
,pscnt
);
3426 state
->received_data
= dscnt
;
3427 state
->received_param
= pscnt
;
3429 if(state
->setup_count
> 0) {
3430 DEBUG(10,("reply_nttrans: state->setup_count = %d\n",
3431 state
->setup_count
));
3432 state
->setup
= (uint16
*)TALLOC(state
, state
->setup_count
);
3433 if (state
->setup
== NULL
) {
3434 DEBUG(0,("reply_nttrans : Out of memory\n"));
3435 SAFE_FREE(state
->data
);
3436 SAFE_FREE(state
->param
);
3438 reply_doserror(req
, ERRDOS
, ERRnomem
);
3439 END_PROFILE(SMBnttrans
);
3443 if ((smb_nt_SetupStart
+ state
->setup_count
< smb_nt_SetupStart
) ||
3444 (smb_nt_SetupStart
+ state
->setup_count
< state
->setup_count
)) {
3447 if (smb_nt_SetupStart
+ state
->setup_count
> size
) {
3451 memcpy( state
->setup
, &req
->inbuf
[smb_nt_SetupStart
],
3452 state
->setup_count
);
3453 dump_data(10, (uint8
*)state
->setup
, state
->setup_count
);
3456 if ((state
->received_data
== state
->total_data
) &&
3457 (state
->received_param
== state
->total_param
)) {
3458 handle_nttrans(conn
, state
, req
);
3459 SAFE_FREE(state
->param
);
3460 SAFE_FREE(state
->data
);
3462 END_PROFILE(SMBnttrans
);
3466 DLIST_ADD(conn
->pending_trans
, state
);
3468 /* We need to send an interim response then receive the rest
3469 of the parameter/data bytes */
3470 reply_outbuf(req
, 0, 0);
3471 show_msg((char *)req
->outbuf
);
3472 END_PROFILE(SMBnttrans
);
3477 DEBUG(0,("reply_nttrans: invalid trans parameters\n"));
3478 SAFE_FREE(state
->data
);
3479 SAFE_FREE(state
->param
);
3481 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3482 END_PROFILE(SMBnttrans
);
3486 /****************************************************************************
3487 Reply to a SMBnttranss
3488 ****************************************************************************/
3490 void reply_nttranss(connection_struct
*conn
, struct smb_request
*req
)
3492 unsigned int pcnt
,poff
,dcnt
,doff
,pdisp
,ddisp
;
3493 struct trans_state
*state
;
3497 START_PROFILE(SMBnttranss
);
3499 show_msg((char *)req
->inbuf
);
3501 if (req
->wct
< 18) {
3502 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3503 END_PROFILE(SMBnttranss
);
3507 for (state
= conn
->pending_trans
; state
!= NULL
;
3508 state
= state
->next
) {
3509 if (state
->mid
== req
->mid
) {
3514 if ((state
== NULL
) || (state
->cmd
!= SMBnttrans
)) {
3515 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3516 END_PROFILE(SMBnttranss
);
3520 /* Revise state->total_param and state->total_data in case they have
3521 changed downwards */
3522 if (IVAL(req
->inbuf
, smb_nts_TotalParameterCount
)
3523 < state
->total_param
) {
3524 state
->total_param
= IVAL(req
->inbuf
,
3525 smb_nts_TotalParameterCount
);
3527 if (IVAL(req
->inbuf
, smb_nts_TotalDataCount
) < state
->total_data
) {
3528 state
->total_data
= IVAL(req
->inbuf
, smb_nts_TotalDataCount
);
3531 size
= smb_len(req
->inbuf
) + 4;
3533 pcnt
= IVAL(req
->inbuf
,smb_nts_ParameterCount
);
3534 poff
= IVAL(req
->inbuf
, smb_nts_ParameterOffset
);
3535 pdisp
= IVAL(req
->inbuf
, smb_nts_ParameterDisplacement
);
3537 dcnt
= IVAL(req
->inbuf
, smb_nts_DataCount
);
3538 ddisp
= IVAL(req
->inbuf
, smb_nts_DataDisplacement
);
3539 doff
= IVAL(req
->inbuf
, smb_nts_DataOffset
);
3541 state
->received_param
+= pcnt
;
3542 state
->received_data
+= dcnt
;
3544 if ((state
->received_data
> state
->total_data
) ||
3545 (state
->received_param
> state
->total_param
))
3549 if (pdisp
+pcnt
> state
->total_param
)
3551 if ((pdisp
+pcnt
< pdisp
) || (pdisp
+pcnt
< pcnt
))
3553 if (pdisp
> state
->total_param
)
3555 if ((smb_base(req
->inbuf
) + poff
+ pcnt
3556 > (char *)req
->inbuf
+ size
) ||
3557 (smb_base(req
->inbuf
) + poff
+ pcnt
3558 < smb_base(req
->inbuf
)))
3560 if (state
->param
+ pdisp
< state
->param
)
3563 memcpy(state
->param
+pdisp
, smb_base(req
->inbuf
)+poff
,
3568 if (ddisp
+dcnt
> state
->total_data
)
3570 if ((ddisp
+dcnt
< ddisp
) || (ddisp
+dcnt
< dcnt
))
3572 if (ddisp
> state
->total_data
)
3574 if ((smb_base(req
->inbuf
) + doff
+ dcnt
3575 > (char *)req
->inbuf
+ size
) ||
3576 (smb_base(req
->inbuf
) + doff
+ dcnt
3577 < smb_base(req
->inbuf
)))
3579 if (state
->data
+ ddisp
< state
->data
)
3582 memcpy(state
->data
+ddisp
, smb_base(req
->inbuf
)+doff
,
3586 if ((state
->received_param
< state
->total_param
) ||
3587 (state
->received_data
< state
->total_data
)) {
3588 END_PROFILE(SMBnttranss
);
3593 * construct_reply_common will copy smb_com from inbuf to
3594 * outbuf. SMBnttranss is wrong here.
3596 SCVAL(req
->inbuf
,smb_com
,SMBnttrans
);
3598 handle_nttrans(conn
, state
, req
);
3600 DLIST_REMOVE(conn
->pending_trans
, state
);
3601 SAFE_FREE(state
->data
);
3602 SAFE_FREE(state
->param
);
3604 END_PROFILE(SMBnttranss
);
3609 DEBUG(0,("reply_nttranss: invalid trans parameters\n"));
3610 DLIST_REMOVE(conn
->pending_trans
, state
);
3611 SAFE_FREE(state
->data
);
3612 SAFE_FREE(state
->param
);
3614 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3615 END_PROFILE(SMBnttranss
);