2 Unix SMB/CIFS implementation.
5 Copyright (C) Stefan Metzmacher 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/smb/smb_common.h"
26 #include "../lib/util/tevent_ntstatus.h"
27 #include "system/filesys.h"
30 #define DBGC_CLASS DBGC_SMB2
32 static struct tevent_req
*smbd_smb2_query_directory_send(TALLOC_CTX
*mem_ctx
,
33 struct tevent_context
*ev
,
34 struct smbd_smb2_request
*smb2req
,
35 struct files_struct
*in_fsp
,
36 uint8_t in_file_info_class
,
38 uint32_t in_file_index
,
39 uint32_t in_output_buffer_length
,
40 const char *in_file_name
);
41 static NTSTATUS
smbd_smb2_query_directory_recv(struct tevent_req
*req
,
43 DATA_BLOB
*out_output_buffer
);
45 static void smbd_smb2_request_find_done(struct tevent_req
*subreq
);
46 NTSTATUS
smbd_smb2_request_process_query_directory(struct smbd_smb2_request
*req
)
49 const uint8_t *inbody
;
50 uint8_t in_file_info_class
;
52 uint32_t in_file_index
;
53 uint64_t in_file_id_persistent
;
54 uint64_t in_file_id_volatile
;
55 struct files_struct
*in_fsp
;
56 uint16_t in_file_name_offset
;
57 uint16_t in_file_name_length
;
58 DATA_BLOB in_file_name_buffer
;
59 char *in_file_name_string
;
60 size_t in_file_name_string_size
;
61 uint32_t in_output_buffer_length
;
62 struct tevent_req
*subreq
;
65 status
= smbd_smb2_request_verify_sizes(req
, 0x21);
66 if (!NT_STATUS_IS_OK(status
)) {
67 return smbd_smb2_request_error(req
, status
);
69 inbody
= SMBD_SMB2_IN_BODY_PTR(req
);
71 in_file_info_class
= CVAL(inbody
, 0x02);
72 in_flags
= CVAL(inbody
, 0x03);
73 in_file_index
= IVAL(inbody
, 0x04);
74 in_file_id_persistent
= BVAL(inbody
, 0x08);
75 in_file_id_volatile
= BVAL(inbody
, 0x10);
76 in_file_name_offset
= SVAL(inbody
, 0x18);
77 in_file_name_length
= SVAL(inbody
, 0x1A);
78 in_output_buffer_length
= IVAL(inbody
, 0x1C);
80 if (in_file_name_offset
== 0 && in_file_name_length
== 0) {
82 } else if (in_file_name_offset
!=
83 (SMB2_HDR_BODY
+ SMBD_SMB2_IN_BODY_LEN(req
))) {
84 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
87 if (in_file_name_length
> SMBD_SMB2_IN_DYN_LEN(req
)) {
88 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
91 /* The output header is 8 bytes. */
92 if (in_output_buffer_length
<= 8) {
93 return smbd_smb2_request_error(req
, NT_STATUS_INVALID_PARAMETER
);
96 DEBUG(10,("smbd_smb2_request_find_done: in_output_buffer_length = %u\n",
97 (unsigned int)in_output_buffer_length
));
99 /* Take into account the output header. */
100 in_output_buffer_length
-= 8;
102 in_file_name_buffer
.data
= SMBD_SMB2_IN_DYN_PTR(req
);
103 in_file_name_buffer
.length
= in_file_name_length
;
105 ok
= convert_string_talloc(req
, CH_UTF16
, CH_UNIX
,
106 in_file_name_buffer
.data
,
107 in_file_name_buffer
.length
,
108 &in_file_name_string
,
109 &in_file_name_string_size
);
111 return smbd_smb2_request_error(req
, NT_STATUS_ILLEGAL_CHARACTER
);
114 if (in_file_name_buffer
.length
== 0) {
115 in_file_name_string_size
= 0;
118 if (strlen(in_file_name_string
) != in_file_name_string_size
) {
119 return smbd_smb2_request_error(req
, NT_STATUS_OBJECT_NAME_INVALID
);
122 in_fsp
= file_fsp_smb2(req
, in_file_id_persistent
, in_file_id_volatile
);
123 if (in_fsp
== NULL
) {
124 return smbd_smb2_request_error(req
, NT_STATUS_FILE_CLOSED
);
127 subreq
= smbd_smb2_query_directory_send(req
, req
->sconn
->ev_ctx
,
132 in_output_buffer_length
,
133 in_file_name_string
);
134 if (subreq
== NULL
) {
135 return smbd_smb2_request_error(req
, NT_STATUS_NO_MEMORY
);
137 tevent_req_set_callback(subreq
, smbd_smb2_request_find_done
, req
);
139 return smbd_smb2_request_pending_queue(req
, subreq
, 500);
142 static void smbd_smb2_request_find_done(struct tevent_req
*subreq
)
144 struct smbd_smb2_request
*req
= tevent_req_callback_data(subreq
,
145 struct smbd_smb2_request
);
148 uint16_t out_output_buffer_offset
;
149 DATA_BLOB out_output_buffer
= data_blob_null
;
151 NTSTATUS error
; /* transport error */
153 status
= smbd_smb2_query_directory_recv(subreq
,
157 if (!NT_STATUS_IS_OK(status
)) {
158 error
= smbd_smb2_request_error(req
, status
);
159 if (!NT_STATUS_IS_OK(error
)) {
160 smbd_server_connection_terminate(req
->xconn
,
167 out_output_buffer_offset
= SMB2_HDR_BODY
+ 0x08;
169 outbody
= smbd_smb2_generate_outbody(req
, 0x08);
170 if (outbody
.data
== NULL
) {
171 error
= smbd_smb2_request_error(req
, NT_STATUS_NO_MEMORY
);
172 if (!NT_STATUS_IS_OK(error
)) {
173 smbd_server_connection_terminate(req
->xconn
,
180 SSVAL(outbody
.data
, 0x00, 0x08 + 1); /* struct size */
181 SSVAL(outbody
.data
, 0x02,
182 out_output_buffer_offset
); /* output buffer offset */
183 SIVAL(outbody
.data
, 0x04,
184 out_output_buffer
.length
); /* output buffer length */
186 DEBUG(10,("smbd_smb2_request_find_done: out_output_buffer.length = %u\n",
187 (unsigned int)out_output_buffer
.length
));
189 outdyn
= out_output_buffer
;
191 error
= smbd_smb2_request_done(req
, outbody
, &outdyn
);
192 if (!NT_STATUS_IS_OK(error
)) {
193 smbd_server_connection_terminate(req
->xconn
,
199 static struct tevent_req
*fetch_write_time_send(TALLOC_CTX
*mem_ctx
,
200 struct tevent_context
*ev
,
201 connection_struct
*conn
,
204 char *entry_marshall_buf
,
206 static NTSTATUS
fetch_write_time_recv(struct tevent_req
*req
);
209 struct smbd_smb2_query_directory_state
{
210 struct tevent_context
*ev
;
211 struct smbd_smb2_request
*smb2req
;
212 uint64_t async_count
;
213 uint32_t find_async_delay_usec
;
214 DATA_BLOB out_output_buffer
;
217 static void smb2_query_directory_fetch_write_time_done(struct tevent_req
*subreq
);
218 static void smb2_query_directory_waited(struct tevent_req
*subreq
);
220 static struct tevent_req
*smbd_smb2_query_directory_send(TALLOC_CTX
*mem_ctx
,
221 struct tevent_context
*ev
,
222 struct smbd_smb2_request
*smb2req
,
223 struct files_struct
*fsp
,
224 uint8_t in_file_info_class
,
226 uint32_t in_file_index
,
227 uint32_t in_output_buffer_length
,
228 const char *in_file_name
)
230 struct smbXsrv_connection
*xconn
= smb2req
->xconn
;
231 struct tevent_req
*req
;
232 struct smbd_smb2_query_directory_state
*state
;
233 struct smb_request
*smbreq
;
234 connection_struct
*conn
= smb2req
->tcon
->compat
;
236 NTSTATUS empty_status
;
242 int last_entry_off
= 0;
245 uint32_t dirtype
= FILE_ATTRIBUTE_HIDDEN
| FILE_ATTRIBUTE_SYSTEM
| FILE_ATTRIBUTE_DIRECTORY
;
246 bool dont_descend
= false;
247 bool ask_sharemode
= false;
248 bool async_ask_sharemode
= false;
249 bool wcard_has_wild
= false;
253 req
= tevent_req_create(mem_ctx
, &state
,
254 struct smbd_smb2_query_directory_state
);
259 state
->smb2req
= smb2req
;
260 state
->out_output_buffer
= data_blob_null
;
262 DEBUG(10,("smbd_smb2_query_directory_send: %s - %s\n",
263 fsp_str_dbg(fsp
), fsp_fnum_dbg(fsp
)));
265 smbreq
= smbd_smb2_fake_smb_request(smb2req
);
266 if (tevent_req_nomem(smbreq
, req
)) {
267 return tevent_req_post(req
, ev
);
270 if (!fsp
->is_directory
) {
271 tevent_req_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
272 return tevent_req_post(req
, ev
);
275 if (strcmp(in_file_name
, "") == 0) {
276 tevent_req_nterror(req
, NT_STATUS_OBJECT_NAME_INVALID
);
277 return tevent_req_post(req
, ev
);
279 if (strchr_m(in_file_name
, '\\') != NULL
) {
280 tevent_req_nterror(req
, NT_STATUS_OBJECT_NAME_INVALID
);
281 return tevent_req_post(req
, ev
);
283 if (strchr_m(in_file_name
, '/') != NULL
) {
284 tevent_req_nterror(req
, NT_STATUS_OBJECT_NAME_INVALID
);
285 return tevent_req_post(req
, ev
);
288 p
= strptime(in_file_name
, GMT_FORMAT
, &tm
);
289 if ((p
!= NULL
) && (*p
=='\0')) {
291 * Bogus find that asks for a shadow copy timestamp as a
292 * directory. The correct response is that it does not exist as
295 tevent_req_nterror(req
, NT_STATUS_NO_SUCH_FILE
);
296 return tevent_req_post(req
, ev
);
299 if (in_output_buffer_length
> xconn
->smb2
.server
.max_trans
) {
300 DEBUG(2,("smbd_smb2_query_directory_send: "
301 "client ignored max trans:%s: 0x%08X: 0x%08X\n",
302 __location__
, in_output_buffer_length
,
303 xconn
->smb2
.server
.max_trans
));
304 tevent_req_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
305 return tevent_req_post(req
, ev
);
308 status
= smbd_smb2_request_verify_creditcharge(smb2req
,
309 in_output_buffer_length
);
311 if (!NT_STATUS_IS_OK(status
)) {
312 tevent_req_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
313 return tevent_req_post(req
, ev
);
316 switch (in_file_info_class
) {
317 case SMB2_FIND_DIRECTORY_INFO
:
318 info_level
= SMB_FIND_FILE_DIRECTORY_INFO
;
321 case SMB2_FIND_FULL_DIRECTORY_INFO
:
322 info_level
= SMB_FIND_FILE_FULL_DIRECTORY_INFO
;
325 case SMB2_FIND_BOTH_DIRECTORY_INFO
:
326 info_level
= SMB_FIND_FILE_BOTH_DIRECTORY_INFO
;
329 case SMB2_FIND_NAME_INFO
:
330 info_level
= SMB_FIND_FILE_NAMES_INFO
;
333 case SMB2_FIND_ID_BOTH_DIRECTORY_INFO
:
334 info_level
= SMB_FIND_ID_BOTH_DIRECTORY_INFO
;
337 case SMB2_FIND_ID_FULL_DIRECTORY_INFO
:
338 info_level
= SMB_FIND_ID_FULL_DIRECTORY_INFO
;
342 tevent_req_nterror(req
, NT_STATUS_INVALID_INFO_CLASS
);
343 return tevent_req_post(req
, ev
);
346 if (in_flags
& SMB2_CONTINUE_FLAG_REOPEN
) {
349 status
= fd_close(fsp
);
350 if (tevent_req_nterror(req
, status
)) {
351 return tevent_req_post(req
, ev
);
355 * fd_close() will close and invalidate the fsp's file
356 * descriptor. So we have to reopen it.
361 flags
|= O_DIRECTORY
;
363 status
= fd_open(conn
, fsp
, flags
, 0);
364 if (tevent_req_nterror(req
, status
)) {
365 return tevent_req_post(req
, ev
);
369 if (!smbreq
->posix_pathnames
) {
370 wcard_has_wild
= ms_has_wild(in_file_name
);
373 /* Ensure we've canonicalized any search path if not a wildcard. */
374 if (!wcard_has_wild
) {
375 struct smb_filename
*smb_fname
= NULL
;
376 const char *fullpath
;
377 char tmpbuf
[PATH_MAX
];
378 char *to_free
= NULL
;
379 uint32_t ucf_flags
= UCF_SAVE_LCOMP
|
380 UCF_ALWAYS_ALLOW_WCARD_LCOMP
|
381 (smbreq
->posix_pathnames
?
382 UCF_POSIX_PATHNAMES
: 0);
384 if (ISDOT(fsp
->fsp_name
->base_name
)) {
385 fullpath
= in_file_name
;
391 fsp
->fsp_name
->base_name
, in_file_name
,
392 tmpbuf
, sizeof(tmpbuf
), &tmp
, &to_free
);
395 return tevent_req_post(req
, ev
);
399 status
= filename_convert(state
,
406 TALLOC_FREE(to_free
);
408 if (tevent_req_nterror(req
, status
)) {
409 return tevent_req_post(req
, ev
);
412 in_file_name
= smb_fname
->original_lcomp
;
415 if (fsp
->dptr
== NULL
) {
416 status
= dptr_create(conn
,
420 false, /* old_handle */
421 false, /* expect_close */
423 in_file_name
, /* wcard */
427 if (!NT_STATUS_IS_OK(status
)) {
428 tevent_req_nterror(req
, status
);
429 return tevent_req_post(req
, ev
);
432 empty_status
= NT_STATUS_NO_SUCH_FILE
;
434 empty_status
= STATUS_NO_MORE_FILES
;
437 if (in_flags
& SMB2_CONTINUE_FLAG_RESTART
) {
438 dptr_SeekDir(fsp
->dptr
, 0);
441 if (in_flags
& SMB2_CONTINUE_FLAG_SINGLE
) {
444 max_count
= UINT16_MAX
;
447 #define DIR_ENTRY_SAFETY_MARGIN 4096
449 state
->out_output_buffer
= data_blob_talloc(state
, NULL
,
450 in_output_buffer_length
+ DIR_ENTRY_SAFETY_MARGIN
);
451 if (tevent_req_nomem(state
->out_output_buffer
.data
, req
)) {
452 return tevent_req_post(req
, ev
);
455 state
->out_output_buffer
.length
= 0;
456 pdata
= (char *)state
->out_output_buffer
.data
;
459 * end_data must include the safety margin as it's what is
460 * used to determine if pushed strings have been truncated.
462 end_data
= pdata
+ in_output_buffer_length
+ DIR_ENTRY_SAFETY_MARGIN
- 1;
467 DEBUG(8,("smbd_smb2_query_directory_send: dirpath=<%s> dontdescend=<%s>, "
468 "in_output_buffer_length = %u\n",
469 fsp
->fsp_name
->base_name
, lp_dont_descend(talloc_tos(), SNUM(conn
)),
470 (unsigned int)in_output_buffer_length
));
471 if (in_list(fsp
->fsp_name
->base_name
,lp_dont_descend(talloc_tos(), SNUM(conn
)),
472 conn
->case_sensitive
)) {
477 * SMB_FIND_FILE_NAMES_INFO doesn't need stat information
479 * This may change when we try to improve the delete on close
480 * handling in future.
482 if (info_level
!= SMB_FIND_FILE_NAMES_INFO
) {
483 ask_sharemode
= lp_parm_bool(SNUM(conn
),
484 "smbd", "search ask sharemode",
488 if (ask_sharemode
&& lp_clustering()) {
489 ask_sharemode
= false;
490 async_ask_sharemode
= true;
493 * Should we only set async_internal
494 * if we're not the last request in
497 smb2_request_set_async_internal(smb2req
, true);
501 * This gets set in autobuild for some tests
503 state
->find_async_delay_usec
= lp_parm_ulong(SNUM(conn
), "smbd",
504 "find async delay usec",
508 bool got_exact_match
= false;
509 int space_remaining
= in_output_buffer_length
- off
;
510 struct file_id file_id
;
513 SMB_ASSERT(space_remaining
>= 0);
515 status
= smbd_dirptr_lanman2_entry(state
,
522 false, /* requires_resume_key */
525 8, /* align to 8 bytes */
526 false, /* no padding */
536 off
= (int)PTR_DIFF(pdata
, base_data
);
538 if (!NT_STATUS_IS_OK(status
)) {
539 if (NT_STATUS_EQUAL(status
, NT_STATUS_ILLEGAL_CHARACTER
)) {
541 * Bad character conversion on name. Ignore this
545 } else if (num
> 0) {
546 goto last_entry_done
;
547 } else if (NT_STATUS_EQUAL(status
, STATUS_MORE_ENTRIES
)) {
548 tevent_req_nterror(req
, NT_STATUS_INFO_LENGTH_MISMATCH
);
549 return tevent_req_post(req
, ev
);
551 tevent_req_nterror(req
, empty_status
);
552 return tevent_req_post(req
, ev
);
556 if (async_ask_sharemode
) {
557 struct tevent_req
*subreq
= NULL
;
559 subreq
= fetch_write_time_send(req
,
564 base_data
+ last_entry_off
,
566 if (tevent_req_nomem(subreq
, req
)) {
567 return tevent_req_post(req
, ev
);
569 tevent_req_set_callback(
571 smb2_query_directory_fetch_write_time_done
,
574 state
->async_count
++;
578 state
->out_output_buffer
.length
= off
;
580 if (num
>= max_count
) {
589 SIVAL(state
->out_output_buffer
.data
, last_entry_off
, 0);
590 if (state
->async_count
> 0) {
591 DBG_DEBUG("Stopping after %"PRIu64
" async mtime "
592 "updates\n", state
->async_count
);
596 if (state
->find_async_delay_usec
> 0) {
598 struct tevent_req
*subreq
= NULL
;
601 * Should we only set async_internal
602 * if we're not the last request in
605 smb2_request_set_async_internal(smb2req
, true);
607 tv
= timeval_current_ofs(0, state
->find_async_delay_usec
);
609 subreq
= tevent_wakeup_send(state
, ev
, tv
);
610 if (tevent_req_nomem(subreq
, req
)) {
611 return tevent_req_post(req
, ev
);
613 tevent_req_set_callback(subreq
,
614 smb2_query_directory_waited
,
619 tevent_req_done(req
);
620 return tevent_req_post(req
, ev
);
623 tevent_req_nterror(req
, NT_STATUS_INTERNAL_ERROR
);
624 return tevent_req_post(req
, ev
);
627 static void smb2_query_directory_fetch_write_time_done(struct tevent_req
*subreq
)
629 struct tevent_req
*req
= tevent_req_callback_data(
630 subreq
, struct tevent_req
);
631 struct smbd_smb2_query_directory_state
*state
= tevent_req_data(
632 req
, struct smbd_smb2_query_directory_state
);
635 state
->async_count
--;
637 status
= fetch_write_time_recv(subreq
);
639 if (tevent_req_nterror(req
, status
)) {
643 if (state
->async_count
> 0) {
647 if (state
->find_async_delay_usec
> 0) {
650 tv
= timeval_current_ofs(0, state
->find_async_delay_usec
);
652 subreq
= tevent_wakeup_send(state
, state
->ev
, tv
);
653 if (tevent_req_nomem(subreq
, req
)) {
654 tevent_req_post(req
, state
->ev
);
657 tevent_req_set_callback(subreq
,
658 smb2_query_directory_waited
,
663 tevent_req_done(req
);
667 static void smb2_query_directory_waited(struct tevent_req
*subreq
)
669 struct tevent_req
*req
= tevent_req_callback_data(
670 subreq
, struct tevent_req
);
673 ok
= tevent_wakeup_recv(subreq
);
679 tevent_req_done(req
);
682 static NTSTATUS
smbd_smb2_query_directory_recv(struct tevent_req
*req
,
684 DATA_BLOB
*out_output_buffer
)
687 struct smbd_smb2_query_directory_state
*state
= tevent_req_data(req
,
688 struct smbd_smb2_query_directory_state
);
690 if (tevent_req_is_nterror(req
, &status
)) {
691 tevent_req_received(req
);
695 *out_output_buffer
= state
->out_output_buffer
;
696 talloc_steal(mem_ctx
, out_output_buffer
->data
);
698 tevent_req_received(req
);
702 struct fetch_write_time_state
{
703 connection_struct
*conn
;
706 char *entry_marshall_buf
;
709 static void fetch_write_time_done(struct tevent_req
*subreq
);
711 static struct tevent_req
*fetch_write_time_send(TALLOC_CTX
*mem_ctx
,
712 struct tevent_context
*ev
,
713 connection_struct
*conn
,
716 char *entry_marshall_buf
,
719 struct tevent_req
*req
= NULL
;
720 struct fetch_write_time_state
*state
= NULL
;
721 struct tevent_req
*subreq
= NULL
;
726 req
= tevent_req_create(mem_ctx
, &state
, struct fetch_write_time_state
);
731 *state
= (struct fetch_write_time_state
) {
734 .info_level
= info_level
,
735 .entry_marshall_buf
= entry_marshall_buf
,
738 subreq
= fetch_share_mode_send(state
, ev
, id
, &req_queued
);
739 if (tevent_req_nomem(subreq
, req
)) {
740 return tevent_req_post(req
, ev
);
742 tevent_req_set_callback(subreq
, fetch_write_time_done
, req
);
750 static void fetch_write_time_done(struct tevent_req
*subreq
)
752 struct tevent_req
*req
= tevent_req_callback_data(
753 subreq
, struct tevent_req
);
754 struct fetch_write_time_state
*state
= tevent_req_data(
755 req
, struct fetch_write_time_state
);
756 struct timespec write_time
;
757 struct share_mode_lock
*lck
= NULL
;
761 status
= fetch_share_mode_recv(subreq
, state
, &lck
);
763 if (NT_STATUS_EQUAL(status
, NT_STATUS_NOT_FOUND
)) {
764 tevent_req_done(req
);
767 if (!NT_STATUS_IS_OK(status
)) {
768 tevent_req_nterror(req
, status
);
772 write_time
= get_share_mode_write_time(lck
);
775 if (null_timespec(write_time
)) {
776 tevent_req_done(req
);
780 switch (state
->info_level
) {
781 case SMB_FIND_FILE_DIRECTORY_INFO
:
782 case SMB_FIND_FILE_FULL_DIRECTORY_INFO
:
783 case SMB_FIND_FILE_BOTH_DIRECTORY_INFO
:
784 case SMB_FIND_ID_FULL_DIRECTORY_INFO
:
785 case SMB_FIND_ID_BOTH_DIRECTORY_INFO
:
790 DBG_ERR("Unsupported info_level [%d]\n", state
->info_level
);
791 tevent_req_nterror(req
, NT_STATUS_INVALID_LEVEL
);
795 put_long_date_timespec(state
->conn
->ts_res
,
796 state
->entry_marshall_buf
+ off
,
799 tevent_req_done(req
);
803 static NTSTATUS
fetch_write_time_recv(struct tevent_req
*req
)
807 if (tevent_req_is_nterror(req
, &status
)) {
808 tevent_req_received(req
);
812 tevent_req_received(req
);