2 Unix SMB/CIFS implementation.
3 SMB NT transaction handling
4 Copyright (C) Jeremy Allison 1994-2007
5 Copyright (C) Stefan (metze) Metzmacher 2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 extern enum protocol_types Protocol
;
25 extern struct current_user current_user
;
27 static const char *known_nt_pipes
[] = {
48 static char *nttrans_realloc(char **ptr
, size_t size
)
51 smb_panic("nttrans_realloc() called with NULL ptr");
54 *ptr
= (char *)SMB_REALLOC(*ptr
, size
);
58 memset(*ptr
,'\0',size
);
62 /****************************************************************************
63 Send the required number of replies back.
64 We assume all fields other than the data fields are
65 set correctly for the type of call.
66 HACK ! Always assumes smb_setup field is zero.
67 ****************************************************************************/
69 void send_nt_replies(struct smb_request
*req
, NTSTATUS nt_error
,
70 char *params
, int paramsize
,
71 char *pdata
, int datasize
)
73 int data_to_send
= datasize
;
74 int params_to_send
= paramsize
;
78 int params_sent_thistime
, data_sent_thistime
, total_sent_thistime
;
79 int alignment_offset
= 3;
80 int data_alignment_offset
= 0;
83 * If there genuinely are no parameters or data to send just send
87 if(params_to_send
== 0 && data_to_send
== 0) {
88 reply_outbuf(req
, 18, 0);
89 show_msg((char *)req
->outbuf
);
94 * When sending params and data ensure that both are nicely aligned.
95 * Only do this alignment when there is also data to send - else
96 * can cause NT redirector problems.
99 if (((params_to_send
% 4) != 0) && (data_to_send
!= 0)) {
100 data_alignment_offset
= 4 - (params_to_send
% 4);
104 * Space is bufsize minus Netbios over TCP header minus SMB header.
105 * The alignment_offset is to align the param bytes on a four byte
106 * boundary (2 bytes for data len, one byte pad).
107 * NT needs this to work correctly.
110 useable_space
= max_send
- (smb_size
113 + data_alignment_offset
);
116 * useable_space can never be more than max_send minus the
120 useable_space
= MIN(useable_space
,
121 max_send
- (alignment_offset
+data_alignment_offset
));
124 while (params_to_send
|| data_to_send
) {
127 * Calculate whether we will totally or partially fill this packet.
130 total_sent_thistime
= params_to_send
+ data_to_send
+
131 alignment_offset
+ data_alignment_offset
;
134 * We can never send more than useable_space.
137 total_sent_thistime
= MIN(total_sent_thistime
, useable_space
);
139 reply_outbuf(req
, 18, total_sent_thistime
);
142 * Set total params and data to be sent.
145 SIVAL(req
->outbuf
,smb_ntr_TotalParameterCount
,paramsize
);
146 SIVAL(req
->outbuf
,smb_ntr_TotalDataCount
,datasize
);
149 * Calculate how many parameters and data we can fit into
150 * this packet. Parameters get precedence.
153 params_sent_thistime
= MIN(params_to_send
,useable_space
);
154 data_sent_thistime
= useable_space
- params_sent_thistime
;
155 data_sent_thistime
= MIN(data_sent_thistime
,data_to_send
);
157 SIVAL(req
->outbuf
, smb_ntr_ParameterCount
,
158 params_sent_thistime
);
160 if(params_sent_thistime
== 0) {
161 SIVAL(req
->outbuf
,smb_ntr_ParameterOffset
,0);
162 SIVAL(req
->outbuf
,smb_ntr_ParameterDisplacement
,0);
165 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
166 * parameter bytes, however the first 4 bytes of outbuf are
167 * the Netbios over TCP header. Thus use smb_base() to subtract
168 * them from the calculation.
171 SIVAL(req
->outbuf
,smb_ntr_ParameterOffset
,
172 ((smb_buf(req
->outbuf
)+alignment_offset
)
173 - smb_base(req
->outbuf
)));
175 * Absolute displacement of param bytes sent in this packet.
178 SIVAL(req
->outbuf
, smb_ntr_ParameterDisplacement
,
183 * Deal with the data portion.
186 SIVAL(req
->outbuf
, smb_ntr_DataCount
, data_sent_thistime
);
188 if(data_sent_thistime
== 0) {
189 SIVAL(req
->outbuf
,smb_ntr_DataOffset
,0);
190 SIVAL(req
->outbuf
,smb_ntr_DataDisplacement
, 0);
193 * The offset of the data bytes is the offset of the
194 * parameter bytes plus the number of parameters being sent this time.
197 SIVAL(req
->outbuf
, smb_ntr_DataOffset
,
198 ((smb_buf(req
->outbuf
)+alignment_offset
) -
199 smb_base(req
->outbuf
))
200 + params_sent_thistime
+ data_alignment_offset
);
201 SIVAL(req
->outbuf
,smb_ntr_DataDisplacement
, pd
- pdata
);
205 * Copy the param bytes into the packet.
208 if(params_sent_thistime
) {
209 if (alignment_offset
!= 0) {
210 memset(smb_buf(req
->outbuf
), 0,
213 memcpy((smb_buf(req
->outbuf
)+alignment_offset
), pp
,
214 params_sent_thistime
);
218 * Copy in the data bytes
221 if(data_sent_thistime
) {
222 if (data_alignment_offset
!= 0) {
223 memset((smb_buf(req
->outbuf
)+alignment_offset
+
224 params_sent_thistime
), 0,
225 data_alignment_offset
);
227 memcpy(smb_buf(req
->outbuf
)+alignment_offset
228 +params_sent_thistime
+data_alignment_offset
,
229 pd
,data_sent_thistime
);
232 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
233 params_sent_thistime
, data_sent_thistime
, useable_space
));
234 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
235 params_to_send
, data_to_send
, paramsize
, datasize
));
237 if (NT_STATUS_V(nt_error
)) {
238 error_packet_set((char *)req
->outbuf
,
243 /* Send the packet */
244 show_msg((char *)req
->outbuf
);
245 if (!send_smb(smbd_server_fd(),(char *)req
->outbuf
)) {
246 exit_server_cleanly("send_nt_replies: send_smb failed.");
249 TALLOC_FREE(req
->outbuf
);
251 pp
+= params_sent_thistime
;
252 pd
+= data_sent_thistime
;
254 params_to_send
-= params_sent_thistime
;
255 data_to_send
-= data_sent_thistime
;
261 if(params_to_send
< 0 || data_to_send
< 0) {
262 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
263 params_to_send
, data_to_send
));
269 /****************************************************************************
270 Is it an NTFS stream name ?
271 ****************************************************************************/
273 bool is_ntfs_stream_name(const char *fname
)
275 if (lp_posix_pathnames()) {
278 return (strchr_m(fname
, ':') != NULL
) ? True
: False
;
281 struct case_semantics_state
{
282 connection_struct
*conn
;
285 bool short_case_preserve
;
288 /****************************************************************************
289 Restore case semantics.
290 ****************************************************************************/
291 static int restore_case_semantics(struct case_semantics_state
*state
)
293 state
->conn
->case_sensitive
= state
->case_sensitive
;
294 state
->conn
->case_preserve
= state
->case_preserve
;
295 state
->conn
->short_case_preserve
= state
->short_case_preserve
;
299 /****************************************************************************
301 ****************************************************************************/
302 static struct case_semantics_state
*set_posix_case_semantics(TALLOC_CTX
*mem_ctx
,
303 connection_struct
*conn
)
305 struct case_semantics_state
*result
;
307 if (!(result
= talloc(mem_ctx
, struct case_semantics_state
))) {
308 DEBUG(0, ("talloc failed\n"));
313 result
->case_sensitive
= conn
->case_sensitive
;
314 result
->case_preserve
= conn
->case_preserve
;
315 result
->short_case_preserve
= conn
->short_case_preserve
;
318 conn
->case_sensitive
= True
;
319 conn
->case_preserve
= True
;
320 conn
->short_case_preserve
= True
;
322 talloc_set_destructor(result
, restore_case_semantics
);
327 /****************************************************************************
328 Reply to an NT create and X call on a pipe
329 ****************************************************************************/
331 static void nt_open_pipe(char *fname
, connection_struct
*conn
,
332 struct smb_request
*req
, int *ppnum
)
334 smb_np_struct
*p
= NULL
;
337 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname
));
339 /* See if it is one we want to handle. */
341 if (lp_disable_spoolss() && strequal(fname
, "\\spoolss")) {
342 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
347 for( i
= 0; known_nt_pipes
[i
]; i
++ ) {
348 if( strequal(fname
,known_nt_pipes
[i
])) {
353 if ( known_nt_pipes
[i
] == NULL
) {
354 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
359 /* Strip \\ off the name. */
362 DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname
));
364 p
= open_rpc_pipe_p(fname
, conn
, req
->vuid
);
366 reply_doserror(req
, ERRSRV
, ERRnofids
);
370 /* TODO: Add pipe to db */
372 if ( !store_pipe_opendb( p
) ) {
373 DEBUG(3,("nt_open_pipe: failed to store %s pipe open.\n", fname
));
380 /****************************************************************************
381 Reply to an NT create and X call for pipes.
382 ****************************************************************************/
384 static void do_ntcreate_pipe_open(connection_struct
*conn
,
385 struct smb_request
*req
)
390 uint32 flags
= IVAL(req
->inbuf
,smb_ntcreate_Flags
);
391 TALLOC_CTX
*ctx
= talloc_tos();
393 srvstr_pull_buf_talloc(ctx
, (char *)req
->inbuf
, req
->flags2
, &fname
,
394 smb_buf(req
->inbuf
), STR_TERMINATE
);
397 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
401 nt_open_pipe(fname
, conn
, req
, &pnum
);
409 * Deal with pipe return.
412 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
413 /* This is very strange. We
414 * return 50 words, but only set
415 * the wcnt to 42 ? It's definately
416 * what happens on the wire....
418 reply_outbuf(req
, 50, 0);
419 SCVAL(req
->outbuf
,smb_wct
,42);
421 reply_outbuf(req
, 34, 0);
424 p
= (char *)req
->outbuf
+ smb_vwv2
;
428 SIVAL(p
,0,FILE_WAS_OPENED
);
431 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
434 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
436 SSVAL(p
,2, 0x5FF); /* ? */
439 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
441 SIVAL(p
,0,FILE_GENERIC_ALL
);
443 * For pipes W2K3 seems to return
445 * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
447 SIVAL(p
,4,(FILE_GENERIC_READ
|FILE_GENERIC_WRITE
)&~FILE_APPEND_DATA
);
450 DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname
));
455 /****************************************************************************
456 Reply to an NT create and X call for a quota file.
457 ****************************************************************************/
459 static void reply_ntcreate_and_X_quota(connection_struct
*conn
,
460 struct smb_request
*req
,
461 enum FAKE_FILE_TYPE fake_file_type
,
465 uint32 desired_access
= IVAL(req
->inbuf
,smb_ntcreate_DesiredAccess
);
469 status
= open_fake_file(conn
, fake_file_type
, fname
, desired_access
,
472 if (!NT_STATUS_IS_OK(status
)) {
473 reply_nterror(req
, status
);
477 reply_outbuf(req
, 34, 0);
479 p
= (char *)req
->outbuf
+ smb_vwv2
;
481 /* SCVAL(p,0,NO_OPLOCK_RETURN); */
483 SSVAL(p
,0,fsp
->fnum
);
485 DEBUG(5,("reply_ntcreate_and_X_quota: fnum = %d, open name = %s\n", fsp
->fnum
, fsp
->fsp_name
));
490 /****************************************************************************
491 Reply to an NT create and X call.
492 ****************************************************************************/
494 void reply_ntcreate_and_X(connection_struct
*conn
,
495 struct smb_request
*req
)
500 uint32 file_attributes
;
502 uint32 create_disposition
;
503 uint32 create_options
;
505 SMB_BIG_UINT allocation_size
;
506 /* Breakout the oplock request bits so we can set the
507 reply bits separately. */
508 int oplock_request
= 0;
510 SMB_OFF_T file_len
= 0;
511 SMB_STRUCT_STAT sbuf
;
513 files_struct
*fsp
= NULL
;
515 struct timespec c_timespec
;
516 struct timespec a_timespec
;
517 struct timespec m_timespec
;
518 bool extended_oplock_granted
= False
;
520 struct case_semantics_state
*case_state
= NULL
;
521 TALLOC_CTX
*ctx
= talloc_tos();
523 START_PROFILE(SMBntcreateX
);
526 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
530 flags
= IVAL(req
->inbuf
,smb_ntcreate_Flags
);
531 access_mask
= IVAL(req
->inbuf
,smb_ntcreate_DesiredAccess
);
532 file_attributes
= IVAL(req
->inbuf
,smb_ntcreate_FileAttributes
);
533 share_access
= IVAL(req
->inbuf
,smb_ntcreate_ShareAccess
);
534 create_disposition
= IVAL(req
->inbuf
,smb_ntcreate_CreateDisposition
);
535 create_options
= IVAL(req
->inbuf
,smb_ntcreate_CreateOptions
);
536 root_dir_fid
= (uint16
)IVAL(req
->inbuf
,smb_ntcreate_RootDirectoryFid
);
538 allocation_size
= (SMB_BIG_UINT
)IVAL(req
->inbuf
,smb_ntcreate_AllocationSize
);
539 #ifdef LARGE_SMB_OFF_T
540 allocation_size
|= (((SMB_BIG_UINT
)IVAL(req
->inbuf
,smb_ntcreate_AllocationSize
+ 4)) << 32);
543 DEBUG(10,("reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x "
544 "file_attributes = 0x%x, share_access = 0x%x, "
545 "create_disposition = 0x%x create_options = 0x%x "
546 "root_dir_fid = 0x%x\n",
548 (unsigned int)access_mask
,
549 (unsigned int)file_attributes
,
550 (unsigned int)share_access
,
551 (unsigned int)create_disposition
,
552 (unsigned int)create_options
,
553 (unsigned int)root_dir_fid
));
556 * If it's an IPC, use the pipe handler.
560 if (lp_nt_pipe_support()) {
561 do_ntcreate_pipe_open(conn
, req
);
562 END_PROFILE(SMBntcreateX
);
565 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
566 END_PROFILE(SMBntcreateX
);
571 if (create_options
& FILE_OPEN_BY_FILE_ID
) {
572 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
573 END_PROFILE(SMBntcreateX
);
581 if(root_dir_fid
!= 0) {
583 * This filename is relative to a directory fid.
585 char *rel_fname
= NULL
;
586 files_struct
*dir_fsp
= file_fsp(
587 SVAL(req
->inbuf
, smb_ntcreate_RootDirectoryFid
));
590 reply_doserror(req
, ERRDOS
, ERRbadfid
);
591 END_PROFILE(SMBntcreateX
);
595 if(!dir_fsp
->is_directory
) {
597 srvstr_get_path(ctx
, (char *)req
->inbuf
,
599 smb_buf(req
->inbuf
), 0,
600 STR_TERMINATE
, &status
);
601 if (!NT_STATUS_IS_OK(status
)) {
602 reply_nterror(req
, status
);
603 END_PROFILE(SMBntcreateX
);
608 * Check to see if this is a mac fork of some kind.
611 if( is_ntfs_stream_name(fname
)) {
613 req
, NT_STATUS_OBJECT_PATH_NOT_FOUND
);
614 END_PROFILE(SMBntcreateX
);
619 we need to handle the case when we get a
620 relative open relative to a file and the
621 pathname is blank - this is a reopen!
622 (hint from demyn plantenberg)
625 reply_doserror(req
, ERRDOS
, ERRbadfid
);
626 END_PROFILE(SMBntcreateX
);
630 if (ISDOT(dir_fsp
->fsp_name
)) {
632 * We're at the toplevel dir, the final file name
633 * must not contain ./, as this is filtered out
634 * normally by srvstr_get_path and unix_convert
635 * explicitly rejects paths containing ./.
637 fname
= talloc_strdup(ctx
,"");
639 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
640 END_PROFILE(SMBntcreateX
);
644 size_t dir_name_len
= strlen(dir_fsp
->fsp_name
);
647 * Copy in the base directory name.
650 fname
= TALLOC_ARRAY(ctx
, char, dir_name_len
+2);
653 req
, NT_STATUS_NO_MEMORY
);
654 END_PROFILE(SMBntcreateX
);
657 memcpy(fname
, dir_fsp
->fsp_name
, dir_name_len
+1);
660 * Ensure it ends in a '/'.
661 * We used TALLOC_SIZE +2 to add space for the '/'.
665 (fname
[dir_name_len
-1] != '\\') &&
666 (fname
[dir_name_len
-1] != '/')) {
667 fname
[dir_name_len
] = '/';
668 fname
[dir_name_len
+1] = '\0';
672 srvstr_get_path(ctx
, (char *)req
->inbuf
, req
->flags2
, &rel_fname
,
673 smb_buf(req
->inbuf
), 0,
674 STR_TERMINATE
, &status
);
675 if (!NT_STATUS_IS_OK(status
)) {
676 reply_nterror(req
, status
);
677 END_PROFILE(SMBntcreateX
);
680 fname
= talloc_asprintf(ctx
, "%s%s",
685 req
, NT_STATUS_NO_MEMORY
);
686 END_PROFILE(SMBntcreateX
);
690 srvstr_get_path(ctx
, (char *)req
->inbuf
, req
->flags2
, &fname
,
691 smb_buf(req
->inbuf
), 0,
692 STR_TERMINATE
, &status
);
693 if (!NT_STATUS_IS_OK(status
)) {
694 reply_nterror(req
, status
);
695 END_PROFILE(SMBntcreateX
);
700 * Check to see if this is a mac fork of some kind.
703 if( is_ntfs_stream_name(fname
)) {
704 enum FAKE_FILE_TYPE fake_file_type
= is_fake_file(fname
);
705 if (fake_file_type
!=FAKE_FILE_TYPE_NONE
) {
707 * Here we go! support for changing the disk quotas --metze
709 * We need to fake up to open this MAGIC QUOTA file
710 * and return a valid FID.
712 * w2k close this file directly after openening
713 * xp also tries a QUERY_FILE_INFO on the file and then close it
715 reply_ntcreate_and_X_quota(conn
, req
,
716 fake_file_type
, fname
);
718 reply_nterror(req
, NT_STATUS_OBJECT_PATH_NOT_FOUND
);
720 END_PROFILE(SMBntcreateX
);
726 * Now contruct the smb_open_mode value from the filename,
727 * desired access and the share access.
729 status
= resolve_dfspath(ctx
, conn
,
730 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
733 if (!NT_STATUS_IS_OK(status
)) {
734 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
735 reply_botherror(req
, NT_STATUS_PATH_NOT_COVERED
,
739 reply_nterror(req
, status
);
741 END_PROFILE(SMBntcreateX
);
745 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
746 if (oplock_request
) {
747 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
) ? BATCH_OPLOCK
: 0;
751 * Ordinary file or directory.
755 * Check if POSIX semantics are wanted.
758 if (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
759 case_state
= set_posix_case_semantics(NULL
, conn
);
760 file_attributes
&= ~FILE_FLAG_POSIX_SEMANTICS
;
763 status
= unix_convert(ctx
, conn
, fname
, False
, &fname
, NULL
, &sbuf
);
764 if (!NT_STATUS_IS_OK(status
)) {
765 TALLOC_FREE(case_state
);
766 reply_nterror(req
, status
);
767 END_PROFILE(SMBntcreateX
);
770 /* All file access must go through check_name() */
771 status
= check_name(conn
, fname
);
772 if (!NT_STATUS_IS_OK(status
)) {
773 TALLOC_FREE(case_state
);
774 reply_nterror(req
, status
);
775 END_PROFILE(SMBntcreateX
);
779 /* This is the correct thing to do (check every time) but can_delete is
780 expensive (it may have to read the parent directory permissions). So
781 for now we're not doing it unless we have a strong hint the client
782 is really going to delete this file. If the client is forcing FILE_CREATE
783 let the filesystem take care of the permissions. */
785 /* Setting FILE_SHARE_DELETE is the hint. */
787 if (lp_acl_check_permissions(SNUM(conn
))
788 && (create_disposition
!= FILE_CREATE
)
789 && (share_access
& FILE_SHARE_DELETE
)
790 && (access_mask
& DELETE_ACCESS
)) {
791 if (((dos_mode(conn
, fname
, &sbuf
) & FILE_ATTRIBUTE_READONLY
)
792 && !lp_delete_readonly(SNUM(conn
))) ||
793 !can_delete_file_in_directory(conn
, fname
)) {
794 TALLOC_FREE(case_state
);
795 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
796 END_PROFILE(SMBntcreateX
);
802 /* We need to support SeSecurityPrivilege for this. */
803 if ((access_mask
& SEC_RIGHT_SYSTEM_SECURITY
) &&
804 !user_has_privileges(current_user
.nt_user_token
,
806 TALLOC_FREE(case_state
);
807 END_PROFILE(SMBntcreateX
);
808 return ERROR_NT(NT_STATUS_PRIVILEGE_NOT_HELD
);
813 * If it's a request for a directory open, deal with it separately.
816 if(create_options
& FILE_DIRECTORY_FILE
) {
818 /* Can't open a temp directory. IFS kit test. */
819 if (file_attributes
& FILE_ATTRIBUTE_TEMPORARY
) {
820 TALLOC_FREE(case_state
);
821 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
822 END_PROFILE(SMBntcreateX
);
827 status
= open_directory(conn
, req
, fname
, &sbuf
,
838 * Ordinary file case.
841 /* NB. We have a potential bug here. If we
842 * cause an oplock break to ourselves, then we
843 * could end up processing filename related
844 * SMB requests whilst we await the oplock
845 * break response. As we may have changed the
846 * filename case semantics to be POSIX-like,
847 * this could mean a filename request could
848 * fail when it should succeed. This is a rare
849 * condition, but eventually we must arrange
850 * to restore the correct case semantics
851 * before issuing an oplock break request to
852 * our client. JRA. */
854 status
= open_file_ntcreate(conn
, req
, fname
, &sbuf
,
863 /* We cheat here. There are two cases we
864 * care about. One is a directory rename,
865 * where the NT client will attempt to
866 * open the source directory for
867 * DELETE access. Note that when the
868 * NT client does this it does *not*
869 * set the directory bit in the
870 * request packet. This is translated
871 * into a read/write open
872 * request. POSIX states that any open
873 * for write request on a directory
874 * will generate an EISDIR error, so
875 * we can catch this here and open a
876 * pseudo handle that is flagged as a
877 * directory. The second is an open
878 * for a permissions read only, which
879 * we handle in the open_file_stat case. JRA.
882 if (NT_STATUS_EQUAL(status
, NT_STATUS_FILE_IS_A_DIRECTORY
)) {
885 * Fail the open if it was explicitly a non-directory
889 if (create_options
& FILE_NON_DIRECTORY_FILE
) {
890 TALLOC_FREE(case_state
);
891 reply_force_nterror(req
,
892 NT_STATUS_FILE_IS_A_DIRECTORY
);
893 END_PROFILE(SMBntcreateX
);
898 status
= open_directory(conn
, req
, fname
,
909 TALLOC_FREE(case_state
);
911 if (!NT_STATUS_IS_OK(status
)) {
912 if (open_was_deferred(req
->mid
)) {
913 /* We have re-scheduled this call. */
914 END_PROFILE(SMBntcreateX
);
917 reply_openerror(req
, status
);
918 END_PROFILE(SMBntcreateX
);
922 file_len
= sbuf
.st_size
;
923 fattr
= dos_mode(conn
,fname
,&sbuf
);
925 fattr
= FILE_ATTRIBUTE_NORMAL
;
927 if (!fsp
->is_directory
&& (fattr
& aDIR
)) {
928 close_file(fsp
,ERROR_CLOSE
);
929 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
930 END_PROFILE(SMBntcreateX
);
934 /* Save the requested allocation size. */
935 if ((info
== FILE_WAS_CREATED
) || (info
== FILE_WAS_OVERWRITTEN
)) {
936 if (allocation_size
&& (allocation_size
> (SMB_BIG_UINT
)file_len
)) {
937 fsp
->initial_allocation_size
= smb_roundup(fsp
->conn
, allocation_size
);
938 if (fsp
->is_directory
) {
939 close_file(fsp
,ERROR_CLOSE
);
940 /* Can't set allocation size on a directory. */
941 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
942 END_PROFILE(SMBntcreateX
);
945 if (vfs_allocate_file_space(fsp
, fsp
->initial_allocation_size
) == -1) {
946 close_file(fsp
,ERROR_CLOSE
);
947 reply_nterror(req
, NT_STATUS_DISK_FULL
);
948 END_PROFILE(SMBntcreateX
);
952 fsp
->initial_allocation_size
= smb_roundup(fsp
->conn
,(SMB_BIG_UINT
)file_len
);
957 * If the caller set the extended oplock request bit
958 * and we granted one (by whatever means) - set the
959 * correct bit for extended oplock reply.
962 if (oplock_request
&& lp_fake_oplocks(SNUM(conn
))) {
963 extended_oplock_granted
= True
;
966 if(oplock_request
&& EXCLUSIVE_OPLOCK_TYPE(fsp
->oplock_type
)) {
967 extended_oplock_granted
= True
;
970 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
971 /* This is very strange. We
972 * return 50 words, but only set
973 * the wcnt to 42 ? It's definately
974 * what happens on the wire....
976 reply_outbuf(req
, 50, 0);
977 SCVAL(req
->outbuf
,smb_wct
,42);
979 reply_outbuf(req
, 34, 0);
982 p
= (char *)req
->outbuf
+ smb_vwv2
;
985 * Currently as we don't support level II oplocks we just report
986 * exclusive & batch here.
989 if (extended_oplock_granted
) {
990 if (flags
& REQUEST_BATCH_OPLOCK
) {
991 SCVAL(p
,0, BATCH_OPLOCK_RETURN
);
993 SCVAL(p
,0, EXCLUSIVE_OPLOCK_RETURN
);
995 } else if (fsp
->oplock_type
== LEVEL_II_OPLOCK
) {
996 SCVAL(p
,0, LEVEL_II_OPLOCK_RETURN
);
998 SCVAL(p
,0,NO_OPLOCK_RETURN
);
1002 SSVAL(p
,0,fsp
->fnum
);
1004 if ((create_disposition
== FILE_SUPERSEDE
) && (info
== FILE_WAS_OVERWRITTEN
)) {
1005 SIVAL(p
,0,FILE_WAS_SUPERSEDED
);
1012 c_timespec
= get_create_timespec(&sbuf
,lp_fake_dir_create_times(SNUM(conn
)));
1013 a_timespec
= get_atimespec(&sbuf
);
1014 m_timespec
= get_mtimespec(&sbuf
);
1016 if (lp_dos_filetime_resolution(SNUM(conn
))) {
1017 dos_filetime_timespec(&c_timespec
);
1018 dos_filetime_timespec(&a_timespec
);
1019 dos_filetime_timespec(&m_timespec
);
1022 put_long_date_timespec(p
, c_timespec
); /* create time. */
1024 put_long_date_timespec(p
, a_timespec
); /* access time */
1026 put_long_date_timespec(p
, m_timespec
); /* write time */
1028 put_long_date_timespec(p
, m_timespec
); /* change time */
1030 SIVAL(p
,0,fattr
); /* File Attributes. */
1032 SOFF_T(p
, 0, get_allocation_size(conn
,fsp
,&sbuf
));
1034 SOFF_T(p
,0,file_len
);
1036 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1040 SCVAL(p
,0,fsp
->is_directory
? 1 : 0);
1042 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1045 if (fsp
->is_directory
|| can_write_to_file(conn
, fname
, &sbuf
)) {
1046 perms
= FILE_GENERIC_ALL
;
1048 perms
= FILE_GENERIC_READ
|FILE_EXECUTE
;
1053 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp
->fnum
, fsp
->fsp_name
));
1056 END_PROFILE(SMBntcreateX
);
1060 /****************************************************************************
1061 Reply to a NT_TRANSACT_CREATE call to open a pipe.
1062 ****************************************************************************/
1064 static void do_nt_transact_create_pipe(connection_struct
*conn
,
1065 struct smb_request
*req
,
1066 uint16
**ppsetup
, uint32 setup_count
,
1067 char **ppparams
, uint32 parameter_count
,
1068 char **ppdata
, uint32 data_count
)
1071 char *params
= *ppparams
;
1077 TALLOC_CTX
*ctx
= talloc_tos();
1080 * Ensure minimum number of parameters sent.
1083 if(parameter_count
< 54) {
1084 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count
));
1085 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
1089 flags
= IVAL(params
,0);
1091 srvstr_get_path(ctx
, params
, req
->flags2
, &fname
, params
+53,
1092 parameter_count
-53, STR_TERMINATE
,
1094 if (!NT_STATUS_IS_OK(status
)) {
1095 reply_nterror(req
, status
);
1099 nt_open_pipe(fname
, conn
, req
, &pnum
);
1106 /* Realloc the size of parameters and data we will return */
1107 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1108 /* Extended response is 32 more byyes. */
1113 params
= nttrans_realloc(ppparams
, param_len
);
1114 if(params
== NULL
) {
1115 reply_doserror(req
, ERRDOS
, ERRnomem
);
1120 SCVAL(p
,0,NO_OPLOCK_RETURN
);
1125 SIVAL(p
,0,FILE_WAS_OPENED
);
1129 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
1132 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
1134 SSVAL(p
,2, 0x5FF); /* ? */
1137 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1139 SIVAL(p
,0,FILE_GENERIC_ALL
);
1141 * For pipes W2K3 seems to return
1143 * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
1145 SIVAL(p
,4,(FILE_GENERIC_READ
|FILE_GENERIC_WRITE
)&~FILE_APPEND_DATA
);
1148 DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname
));
1150 /* Send the required number of replies */
1151 send_nt_replies(req
, NT_STATUS_OK
, params
, param_len
, *ppdata
, 0);
1156 /****************************************************************************
1157 Internal fn to set security descriptors.
1158 ****************************************************************************/
1160 static NTSTATUS
set_sd(files_struct
*fsp
, char *data
, uint32 sd_len
, uint32 security_info_sent
)
1163 SEC_DESC
*psd
= NULL
;
1164 TALLOC_CTX
*mem_ctx
;
1167 if (sd_len
== 0 || !lp_nt_acl_support(SNUM(fsp
->conn
))) {
1168 return NT_STATUS_OK
;
1172 * Init the parse struct we will unmarshall from.
1175 if ((mem_ctx
= talloc_init("set_sd")) == NULL
) {
1176 DEBUG(0,("set_sd: talloc_init failed.\n"));
1177 return NT_STATUS_NO_MEMORY
;
1180 prs_init(&pd
, 0, mem_ctx
, UNMARSHALL
);
1183 * Setup the prs_struct to point at the memory we just
1187 prs_give_memory( &pd
, data
, sd_len
, False
);
1190 * Finally, unmarshall from the data buffer.
1193 if(!sec_io_desc( "sd data", &psd
, &pd
, 1)) {
1194 DEBUG(0,("set_sd: Error in unmarshalling security descriptor.\n"));
1196 * Return access denied for want of a better error message..
1198 talloc_destroy(mem_ctx
);
1199 return NT_STATUS_NO_MEMORY
;
1202 if (psd
->owner_sid
==0) {
1203 security_info_sent
&= ~OWNER_SECURITY_INFORMATION
;
1205 if (psd
->group_sid
==0) {
1206 security_info_sent
&= ~GROUP_SECURITY_INFORMATION
;
1209 security_info_sent
&= ~SACL_SECURITY_INFORMATION
;
1212 security_info_sent
&= ~DACL_SECURITY_INFORMATION
;
1215 status
= SMB_VFS_FSET_NT_ACL( fsp
, fsp
->fh
->fd
, security_info_sent
, psd
);
1217 talloc_destroy(mem_ctx
);
1221 /****************************************************************************
1222 Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
1223 ****************************************************************************/
1225 static struct ea_list
*read_nttrans_ea_list(TALLOC_CTX
*ctx
, const char *pdata
, size_t data_size
)
1227 struct ea_list
*ea_list_head
= NULL
;
1230 if (data_size
< 4) {
1234 while (offset
+ 4 <= data_size
) {
1235 size_t next_offset
= IVAL(pdata
,offset
);
1236 struct ea_list
*eal
= read_ea_list_entry(ctx
, pdata
+ offset
+ 4, data_size
- offset
- 4, NULL
);
1242 DLIST_ADD_END(ea_list_head
, eal
, struct ea_list
*);
1243 if (next_offset
== 0) {
1246 offset
+= next_offset
;
1249 return ea_list_head
;
1252 /****************************************************************************
1253 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
1254 ****************************************************************************/
1256 static void call_nt_transact_create(connection_struct
*conn
,
1257 struct smb_request
*req
,
1258 uint16
**ppsetup
, uint32 setup_count
,
1259 char **ppparams
, uint32 parameter_count
,
1260 char **ppdata
, uint32 data_count
,
1261 uint32 max_data_count
)
1264 char *params
= *ppparams
;
1265 char *data
= *ppdata
;
1266 /* Breakout the oplock request bits so we can set the reply bits separately. */
1267 int oplock_request
= 0;
1269 SMB_OFF_T file_len
= 0;
1270 SMB_STRUCT_STAT sbuf
;
1272 files_struct
*fsp
= NULL
;
1274 bool extended_oplock_granted
= False
;
1277 uint32 file_attributes
;
1278 uint32 share_access
;
1279 uint32 create_disposition
;
1280 uint32 create_options
;
1283 uint16 root_dir_fid
;
1284 struct timespec c_timespec
;
1285 struct timespec a_timespec
;
1286 struct timespec m_timespec
;
1287 struct ea_list
*ea_list
= NULL
;
1291 struct case_semantics_state
*case_state
= NULL
;
1292 SMB_BIG_UINT allocation_size
;
1293 TALLOC_CTX
*ctx
= talloc_tos();
1295 DEBUG(5,("call_nt_transact_create\n"));
1298 * If it's an IPC, use the pipe handler.
1302 if (lp_nt_pipe_support()) {
1303 do_nt_transact_create_pipe(
1305 ppsetup
, setup_count
,
1306 ppparams
, parameter_count
,
1307 ppdata
, data_count
);
1310 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
1316 * Ensure minimum number of parameters sent.
1319 if(parameter_count
< 54) {
1320 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)parameter_count
));
1321 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1325 flags
= IVAL(params
,0);
1326 access_mask
= IVAL(params
,8);
1327 file_attributes
= IVAL(params
,20);
1328 share_access
= IVAL(params
,24);
1329 create_disposition
= IVAL(params
,28);
1330 create_options
= IVAL(params
,32);
1331 sd_len
= IVAL(params
,36);
1332 ea_len
= IVAL(params
,40);
1333 root_dir_fid
= (uint16
)IVAL(params
,4);
1334 allocation_size
= (SMB_BIG_UINT
)IVAL(params
,12);
1335 #ifdef LARGE_SMB_OFF_T
1336 allocation_size
|= (((SMB_BIG_UINT
)IVAL(params
,16)) << 32);
1339 /* Ensure the data_len is correct for the sd and ea values given. */
1340 if ((ea_len
+ sd_len
> data_count
) ||
1341 (ea_len
> data_count
) || (sd_len
> data_count
) ||
1342 (ea_len
+ sd_len
< ea_len
) || (ea_len
+ sd_len
< sd_len
)) {
1343 DEBUG(10,("call_nt_transact_create - ea_len = %u, sd_len = %u, data_count = %u\n",
1344 (unsigned int)ea_len
, (unsigned int)sd_len
, (unsigned int)data_count
));
1345 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1350 if (!lp_ea_support(SNUM(conn
))) {
1351 DEBUG(10,("call_nt_transact_create - ea_len = %u but EA's not supported.\n",
1352 (unsigned int)ea_len
));
1353 reply_nterror(req
, NT_STATUS_EAS_NOT_SUPPORTED
);
1358 DEBUG(10,("call_nt_transact_create - ea_len = %u - too small (should be more than 10)\n",
1359 (unsigned int)ea_len
));
1360 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1365 if (create_options
& FILE_OPEN_BY_FILE_ID
) {
1366 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
1371 * Get the file name.
1374 if(root_dir_fid
!= 0) {
1376 * This filename is relative to a directory fid.
1378 char *tmpname
= NULL
;
1379 files_struct
*dir_fsp
= file_fsp(SVAL(params
,4));
1382 reply_doserror(req
, ERRDOS
, ERRbadfid
);
1386 if(!dir_fsp
->is_directory
) {
1387 srvstr_get_path(ctx
, params
, req
->flags2
, &fname
,
1389 parameter_count
-53, STR_TERMINATE
,
1391 if (!NT_STATUS_IS_OK(status
)) {
1392 reply_nterror(req
, status
);
1397 * Check to see if this is a mac fork of some kind.
1400 if( is_ntfs_stream_name(fname
)) {
1402 NT_STATUS_OBJECT_PATH_NOT_FOUND
);
1406 reply_doserror(req
, ERRDOS
, ERRbadfid
);
1410 if (ISDOT(dir_fsp
->fsp_name
)) {
1412 * We're at the toplevel dir, the final file name
1413 * must not contain ./, as this is filtered out
1414 * normally by srvstr_get_path and unix_convert
1415 * explicitly rejects paths containing ./.
1417 fname
= talloc_strdup(ctx
,"");
1419 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1423 size_t dir_name_len
= strlen(dir_fsp
->fsp_name
);
1426 * Copy in the base directory name.
1429 fname
= TALLOC_ARRAY(ctx
, char, dir_name_len
+2);
1431 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1434 memcpy(fname
, dir_fsp
->fsp_name
, dir_name_len
+1);
1437 * Ensure it ends in a '/'.
1438 * We used TALLOC_SIZE +2 to add space for the '/'.
1442 (fname
[dir_name_len
-1] != '\\') &&
1443 (fname
[dir_name_len
-1] != '/')) {
1444 fname
[dir_name_len
] = '/';
1445 fname
[dir_name_len
+1] = '\0';
1449 srvstr_get_path(ctx
, params
, req
->flags2
, &tmpname
,
1451 parameter_count
-53, STR_TERMINATE
,
1453 if (!NT_STATUS_IS_OK(status
)) {
1454 reply_nterror(req
, status
);
1457 fname
= talloc_asprintf(ctx
, "%s%s",
1462 req
, NT_STATUS_NO_MEMORY
);
1466 srvstr_get_path(ctx
, params
, req
->flags2
, &fname
, params
+53,
1468 STR_TERMINATE
, &status
);
1469 if (!NT_STATUS_IS_OK(status
)) {
1470 reply_nterror(req
, status
);
1475 * Check to see if this is a mac fork of some kind.
1478 if( is_ntfs_stream_name(fname
)) {
1479 reply_nterror(req
, NT_STATUS_OBJECT_PATH_NOT_FOUND
);
1484 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
1485 if (oplock_request
) {
1486 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
) ? BATCH_OPLOCK
: 0;
1490 * Ordinary file or directory.
1494 * Check if POSIX semantics are wanted.
1497 if (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
1498 case_state
= set_posix_case_semantics(NULL
, conn
);
1499 file_attributes
&= ~FILE_FLAG_POSIX_SEMANTICS
;
1502 status
= resolve_dfspath(ctx
, conn
,
1503 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
1506 if (!NT_STATUS_IS_OK(status
)) {
1507 TALLOC_FREE(case_state
);
1508 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
1509 reply_botherror(req
, NT_STATUS_PATH_NOT_COVERED
,
1510 ERRSRV
, ERRbadpath
);
1513 reply_nterror(req
, status
);
1517 status
= unix_convert(ctx
, conn
, fname
, False
, &fname
, NULL
, &sbuf
);
1518 if (!NT_STATUS_IS_OK(status
)) {
1519 TALLOC_FREE(case_state
);
1520 reply_nterror(req
, status
);
1523 /* All file access must go through check_name() */
1524 status
= check_name(conn
, fname
);
1525 if (!NT_STATUS_IS_OK(status
)) {
1526 TALLOC_FREE(case_state
);
1527 reply_nterror(req
, status
);
1531 /* This is the correct thing to do (check every time) but can_delete is
1532 expensive (it may have to read the parent directory permissions). So
1533 for now we're not doing it unless we have a strong hint the client
1534 is really going to delete this file. If the client is forcing FILE_CREATE
1535 let the filesystem take care of the permissions. */
1537 /* Setting FILE_SHARE_DELETE is the hint. */
1539 if (lp_acl_check_permissions(SNUM(conn
))
1540 && (create_disposition
!= FILE_CREATE
)
1541 && (share_access
& FILE_SHARE_DELETE
)
1542 && (access_mask
& DELETE_ACCESS
)) {
1543 if (((dos_mode(conn
, fname
, &sbuf
) & FILE_ATTRIBUTE_READONLY
)
1544 && !lp_delete_readonly(SNUM(conn
))) ||
1545 !can_delete_file_in_directory(conn
, fname
)) {
1546 TALLOC_FREE(case_state
);
1547 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1553 /* We need to support SeSecurityPrivilege for this. */
1554 if ((access_mask
& SEC_RIGHT_SYSTEM_SECURITY
) &&
1555 !user_has_privileges(current_user
.nt_user_token
,
1557 TALLOC_FREE(case_state
);
1558 reply_nterror(req
, NT_STATUS_PRIVILEGE_NOT_HELD
);
1564 pdata
= data
+ sd_len
;
1566 /* We have already checked that ea_len <= data_count here. */
1567 ea_list
= read_nttrans_ea_list(talloc_tos(), pdata
,
1570 TALLOC_FREE(case_state
);
1571 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1577 * If it's a request for a directory open, deal with it separately.
1580 if(create_options
& FILE_DIRECTORY_FILE
) {
1582 /* Can't open a temp directory. IFS kit test. */
1583 if (file_attributes
& FILE_ATTRIBUTE_TEMPORARY
) {
1584 TALLOC_FREE(case_state
);
1585 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1590 * We will get a create directory here if the Win32
1591 * app specified a security descriptor in the
1592 * CreateDirectory() call.
1596 status
= open_directory(conn
, req
, fname
, &sbuf
,
1606 * Ordinary file case.
1609 status
= open_file_ntcreate(conn
,req
,fname
,&sbuf
,
1618 if (NT_STATUS_EQUAL(status
, NT_STATUS_FILE_IS_A_DIRECTORY
)) {
1621 * Fail the open if it was explicitly a non-directory file.
1624 if (create_options
& FILE_NON_DIRECTORY_FILE
) {
1625 TALLOC_FREE(case_state
);
1626 reply_force_nterror(
1628 NT_STATUS_FILE_IS_A_DIRECTORY
);
1633 status
= open_directory(conn
, req
, fname
,
1644 TALLOC_FREE(case_state
);
1646 if(!NT_STATUS_IS_OK(status
)) {
1647 if (open_was_deferred(req
->mid
)) {
1648 /* We have re-scheduled this call. */
1651 reply_openerror(req
, status
);
1656 * According to the MS documentation, the only time the security
1657 * descriptor is applied to the opened file is iff we *created* the
1658 * file; an existing file stays the same.
1660 * Also, it seems (from observation) that you can open the file with
1661 * any access mask but you can still write the sd. We need to override
1662 * the granted access before we call set_sd
1663 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
1666 if (lp_nt_acl_support(SNUM(conn
)) && sd_len
&& info
== FILE_WAS_CREATED
) {
1667 uint32 saved_access_mask
= fsp
->access_mask
;
1669 /* We have already checked that sd_len <= data_count here. */
1671 fsp
->access_mask
= FILE_GENERIC_ALL
;
1673 status
= set_sd( fsp
, data
, sd_len
, ALL_SECURITY_INFORMATION
);
1674 if (!NT_STATUS_IS_OK(status
)) {
1675 close_file(fsp
,ERROR_CLOSE
);
1676 TALLOC_FREE(case_state
);
1677 reply_nterror(req
, status
);
1680 fsp
->access_mask
= saved_access_mask
;
1683 if (ea_len
&& (info
== FILE_WAS_CREATED
)) {
1684 status
= set_ea(conn
, fsp
, fname
, ea_list
);
1685 if (!NT_STATUS_IS_OK(status
)) {
1686 close_file(fsp
,ERROR_CLOSE
);
1687 TALLOC_FREE(case_state
);
1688 reply_nterror(req
, status
);
1693 TALLOC_FREE(case_state
);
1695 file_len
= sbuf
.st_size
;
1696 fattr
= dos_mode(conn
,fname
,&sbuf
);
1698 fattr
= FILE_ATTRIBUTE_NORMAL
;
1700 if (!fsp
->is_directory
&& (fattr
& aDIR
)) {
1701 close_file(fsp
,ERROR_CLOSE
);
1702 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
1706 /* Save the requested allocation size. */
1707 if ((info
== FILE_WAS_CREATED
) || (info
== FILE_WAS_OVERWRITTEN
)) {
1708 if (allocation_size
&& (allocation_size
> file_len
)) {
1709 fsp
->initial_allocation_size
= smb_roundup(fsp
->conn
, allocation_size
);
1710 if (fsp
->is_directory
) {
1711 close_file(fsp
,ERROR_CLOSE
);
1712 /* Can't set allocation size on a directory. */
1713 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1716 if (vfs_allocate_file_space(fsp
, fsp
->initial_allocation_size
) == -1) {
1717 close_file(fsp
,ERROR_CLOSE
);
1718 reply_nterror(req
, NT_STATUS_DISK_FULL
);
1722 fsp
->initial_allocation_size
= smb_roundup(fsp
->conn
, (SMB_BIG_UINT
)file_len
);
1727 * If the caller set the extended oplock request bit
1728 * and we granted one (by whatever means) - set the
1729 * correct bit for extended oplock reply.
1732 if (oplock_request
&& lp_fake_oplocks(SNUM(conn
))) {
1733 extended_oplock_granted
= True
;
1736 if(oplock_request
&& EXCLUSIVE_OPLOCK_TYPE(fsp
->oplock_type
)) {
1737 extended_oplock_granted
= True
;
1740 /* Realloc the size of parameters and data we will return */
1741 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1742 /* Extended response is 32 more byyes. */
1747 params
= nttrans_realloc(ppparams
, param_len
);
1748 if(params
== NULL
) {
1749 reply_doserror(req
, ERRDOS
, ERRnomem
);
1754 if (extended_oplock_granted
) {
1755 if (flags
& REQUEST_BATCH_OPLOCK
) {
1756 SCVAL(p
,0, BATCH_OPLOCK_RETURN
);
1758 SCVAL(p
,0, EXCLUSIVE_OPLOCK_RETURN
);
1760 } else if (fsp
->oplock_type
== LEVEL_II_OPLOCK
) {
1761 SCVAL(p
,0, LEVEL_II_OPLOCK_RETURN
);
1763 SCVAL(p
,0,NO_OPLOCK_RETURN
);
1767 SSVAL(p
,0,fsp
->fnum
);
1769 if ((create_disposition
== FILE_SUPERSEDE
) && (info
== FILE_WAS_OVERWRITTEN
)) {
1770 SIVAL(p
,0,FILE_WAS_SUPERSEDED
);
1777 c_timespec
= get_create_timespec(&sbuf
,lp_fake_dir_create_times(SNUM(conn
)));
1778 a_timespec
= get_atimespec(&sbuf
);
1779 m_timespec
= get_mtimespec(&sbuf
);
1781 if (lp_dos_filetime_resolution(SNUM(conn
))) {
1782 dos_filetime_timespec(&c_timespec
);
1783 dos_filetime_timespec(&a_timespec
);
1784 dos_filetime_timespec(&m_timespec
);
1787 put_long_date_timespec(p
, c_timespec
); /* create time. */
1789 put_long_date_timespec(p
, a_timespec
); /* access time */
1791 put_long_date_timespec(p
, m_timespec
); /* write time */
1793 put_long_date_timespec(p
, m_timespec
); /* change time */
1795 SIVAL(p
,0,fattr
); /* File Attributes. */
1797 SOFF_T(p
, 0, get_allocation_size(conn
,fsp
,&sbuf
));
1799 SOFF_T(p
,0,file_len
);
1801 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1805 SCVAL(p
,0,fsp
->is_directory
? 1 : 0);
1807 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1810 if (fsp
->is_directory
|| can_write_to_file(conn
, fname
, &sbuf
)) {
1811 perms
= FILE_GENERIC_ALL
;
1813 perms
= FILE_GENERIC_READ
|FILE_EXECUTE
;
1818 DEBUG(5,("call_nt_transact_create: open name = %s\n", fname
));
1820 /* Send the required number of replies */
1821 send_nt_replies(req
, NT_STATUS_OK
, params
, param_len
, *ppdata
, 0);
1826 /****************************************************************************
1827 Reply to a NT CANCEL request.
1828 conn POINTER CAN BE NULL HERE !
1829 ****************************************************************************/
1831 void reply_ntcancel(connection_struct
*conn
, struct smb_request
*req
)
1834 * Go through and cancel any pending change notifies.
1837 START_PROFILE(SMBntcancel
);
1838 remove_pending_change_notify_requests_by_mid(req
->mid
);
1839 remove_pending_lock_requests_by_mid(req
->mid
);
1840 srv_cancel_sign_response(req
->mid
);
1842 DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", req
->mid
));
1844 END_PROFILE(SMBntcancel
);
1848 /****************************************************************************
1850 ****************************************************************************/
1852 static NTSTATUS
copy_internals(TALLOC_CTX
*ctx
,
1853 connection_struct
*conn
,
1854 struct smb_request
*req
,
1855 const char *oldname_in
,
1856 const char *newname_in
,
1859 SMB_STRUCT_STAT sbuf1
, sbuf2
;
1860 char *oldname
= NULL
;
1861 char *newname
= NULL
;
1862 char *last_component_oldname
= NULL
;
1863 char *last_component_newname
= NULL
;
1864 files_struct
*fsp1
,*fsp2
;
1868 NTSTATUS status
= NT_STATUS_OK
;
1873 if (!CAN_WRITE(conn
)) {
1874 return NT_STATUS_MEDIA_WRITE_PROTECTED
;
1877 status
= unix_convert(ctx
, conn
, oldname_in
, False
, &oldname
,
1878 &last_component_oldname
, &sbuf1
);
1879 if (!NT_STATUS_IS_OK(status
)) {
1883 status
= check_name(conn
, oldname
);
1884 if (!NT_STATUS_IS_OK(status
)) {
1888 /* Source must already exist. */
1889 if (!VALID_STAT(sbuf1
)) {
1890 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1892 /* Ensure attributes match. */
1893 fattr
= dos_mode(conn
,oldname
,&sbuf1
);
1894 if ((fattr
& ~attrs
) & (aHIDDEN
| aSYSTEM
)) {
1895 return NT_STATUS_NO_SUCH_FILE
;
1898 status
= unix_convert(ctx
, conn
, newname_in
, False
, &newname
,
1899 &last_component_newname
, &sbuf2
);
1900 if (!NT_STATUS_IS_OK(status
)) {
1904 status
= check_name(conn
, newname
);
1905 if (!NT_STATUS_IS_OK(status
)) {
1909 /* Disallow if newname already exists. */
1910 if (VALID_STAT(sbuf2
)) {
1911 return NT_STATUS_OBJECT_NAME_COLLISION
;
1914 /* No links from a directory. */
1915 if (S_ISDIR(sbuf1
.st_mode
)) {
1916 return NT_STATUS_FILE_IS_A_DIRECTORY
;
1919 /* Ensure this is within the share. */
1920 status
= check_reduced_name(conn
, oldname
);
1921 if (!NT_STATUS_IS_OK(status
)) {
1925 DEBUG(10,("copy_internals: doing file copy %s to %s\n",
1928 status
= open_file_ntcreate(conn
, req
, oldname
, &sbuf1
,
1929 FILE_READ_DATA
, /* Read-only. */
1930 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
,
1932 0, /* No create options. */
1933 FILE_ATTRIBUTE_NORMAL
,
1937 if (!NT_STATUS_IS_OK(status
)) {
1941 status
= open_file_ntcreate(conn
, req
, newname
, &sbuf2
,
1942 FILE_WRITE_DATA
, /* Read-only. */
1943 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
,
1945 0, /* No create options. */
1950 if (!NT_STATUS_IS_OK(status
)) {
1951 close_file(fsp1
,ERROR_CLOSE
);
1955 if (sbuf1
.st_size
) {
1956 ret
= vfs_transfer_file(fsp1
, fsp2
, sbuf1
.st_size
);
1960 * As we are opening fsp1 read-only we only expect
1961 * an error on close on fsp2 if we are out of space.
1962 * Thus we don't look at the error return from the
1965 close_file(fsp1
,NORMAL_CLOSE
);
1967 /* Ensure the modtime is set correctly on the destination file. */
1968 fsp_set_pending_modtime(fsp2
, get_mtimespec(&sbuf1
));
1970 status
= close_file(fsp2
,NORMAL_CLOSE
);
1972 /* Grrr. We have to do this as open_file_ntcreate adds aARCH when it
1973 creates the file. This isn't the correct thing to do in the copy
1975 file_set_dosmode(conn
, newname
, fattr
, &sbuf2
,
1976 parent_dirname(newname
),false);
1978 if (ret
< (SMB_OFF_T
)sbuf1
.st_size
) {
1979 return NT_STATUS_DISK_FULL
;
1982 if (!NT_STATUS_IS_OK(status
)) {
1983 DEBUG(3,("copy_internals: Error %s copy file %s to %s\n",
1984 nt_errstr(status
), oldname
, newname
));
1989 /****************************************************************************
1990 Reply to a NT rename request.
1991 ****************************************************************************/
1993 void reply_ntrename(connection_struct
*conn
, struct smb_request
*req
)
1995 char *oldname
= NULL
;
1996 char *newname
= NULL
;
1999 bool src_has_wcard
= False
;
2000 bool dest_has_wcard
= False
;
2003 TALLOC_CTX
*ctx
= talloc_tos();
2005 START_PROFILE(SMBntrename
);
2008 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2009 END_PROFILE(SMBntrename
);
2013 attrs
= SVAL(req
->inbuf
,smb_vwv0
);
2014 rename_type
= SVAL(req
->inbuf
,smb_vwv1
);
2016 p
= smb_buf(req
->inbuf
) + 1;
2017 p
+= srvstr_get_path_wcard(ctx
, (char *)req
->inbuf
, req
->flags2
, &oldname
, p
,
2018 0, STR_TERMINATE
, &status
,
2020 if (!NT_STATUS_IS_OK(status
)) {
2021 reply_nterror(req
, status
);
2022 END_PROFILE(SMBntrename
);
2026 if( is_ntfs_stream_name(oldname
)) {
2027 /* Can't rename a stream. */
2028 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
2029 END_PROFILE(SMBntrename
);
2033 if (ms_has_wild(oldname
)) {
2034 reply_nterror(req
, NT_STATUS_OBJECT_PATH_SYNTAX_BAD
);
2035 END_PROFILE(SMBntrename
);
2040 p
+= srvstr_get_path_wcard(ctx
, (char *)req
->inbuf
, req
->flags2
, &newname
, p
,
2041 0, STR_TERMINATE
, &status
,
2043 if (!NT_STATUS_IS_OK(status
)) {
2044 reply_nterror(req
, status
);
2045 END_PROFILE(SMBntrename
);
2049 status
= resolve_dfspath(ctx
, conn
,
2050 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
2053 if (!NT_STATUS_IS_OK(status
)) {
2054 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
2055 reply_botherror(req
, NT_STATUS_PATH_NOT_COVERED
,
2056 ERRSRV
, ERRbadpath
);
2057 END_PROFILE(SMBntrename
);
2060 reply_nterror(req
, status
);
2061 END_PROFILE(SMBntrename
);
2065 status
= resolve_dfspath(ctx
, conn
,
2066 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
2069 if (!NT_STATUS_IS_OK(status
)) {
2070 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
2071 reply_botherror(req
, NT_STATUS_PATH_NOT_COVERED
,
2072 ERRSRV
, ERRbadpath
);
2073 END_PROFILE(SMBntrename
);
2076 reply_nterror(req
, status
);
2077 END_PROFILE(SMBntrename
);
2081 DEBUG(3,("reply_ntrename : %s -> %s\n",oldname
,newname
));
2083 switch(rename_type
) {
2084 case RENAME_FLAG_RENAME
:
2085 status
= rename_internals(ctx
, conn
, req
, oldname
,
2086 newname
, attrs
, False
, src_has_wcard
,
2089 case RENAME_FLAG_HARD_LINK
:
2090 if (src_has_wcard
|| dest_has_wcard
) {
2092 status
= NT_STATUS_OBJECT_PATH_SYNTAX_BAD
;
2094 status
= hardlink_internals(ctx
,
2100 case RENAME_FLAG_COPY
:
2101 if (src_has_wcard
|| dest_has_wcard
) {
2103 status
= NT_STATUS_OBJECT_PATH_SYNTAX_BAD
;
2105 status
= copy_internals(ctx
, conn
, req
, oldname
,
2109 case RENAME_FLAG_MOVE_CLUSTER_INFORMATION
:
2110 status
= NT_STATUS_INVALID_PARAMETER
;
2113 status
= NT_STATUS_ACCESS_DENIED
; /* Default error. */
2117 if (!NT_STATUS_IS_OK(status
)) {
2118 if (open_was_deferred(req
->mid
)) {
2119 /* We have re-scheduled this call. */
2120 END_PROFILE(SMBntrename
);
2124 reply_nterror(req
, status
);
2125 END_PROFILE(SMBntrename
);
2129 reply_outbuf(req
, 0, 0);
2131 END_PROFILE(SMBntrename
);
2135 /****************************************************************************
2136 Reply to a notify change - queue the request and
2137 don't allow a directory to be opened.
2138 ****************************************************************************/
2140 static void call_nt_transact_notify_change(connection_struct
*conn
,
2141 struct smb_request
*req
,
2145 uint32 parameter_count
,
2146 char **ppdata
, uint32 data_count
,
2147 uint32 max_data_count
,
2148 uint32 max_param_count
)
2150 uint16
*setup
= *ppsetup
;
2156 if(setup_count
< 6) {
2157 reply_doserror(req
, ERRDOS
, ERRbadfunc
);
2161 fsp
= file_fsp(SVAL(setup
,4));
2162 filter
= IVAL(setup
, 0);
2163 recursive
= (SVAL(setup
, 6) != 0) ? True
: False
;
2165 DEBUG(3,("call_nt_transact_notify_change\n"));
2168 reply_doserror(req
, ERRDOS
, ERRbadfid
);
2173 char *filter_string
;
2175 if (!(filter_string
= notify_filter_string(NULL
, filter
))) {
2176 reply_nterror(req
,NT_STATUS_NO_MEMORY
);
2180 DEBUG(3,("call_nt_transact_notify_change: notify change "
2181 "called on %s, filter = %s, recursive = %d\n",
2182 fsp
->fsp_name
, filter_string
, recursive
));
2184 TALLOC_FREE(filter_string
);
2187 if((!fsp
->is_directory
) || (conn
!= fsp
->conn
)) {
2188 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2192 if (fsp
->notify
== NULL
) {
2194 status
= change_notify_create(fsp
, filter
, recursive
);
2196 if (!NT_STATUS_IS_OK(status
)) {
2197 DEBUG(10, ("change_notify_create returned %s\n",
2198 nt_errstr(status
)));
2199 reply_nterror(req
, status
);
2204 if (fsp
->notify
->num_changes
!= 0) {
2207 * We've got changes pending, respond immediately
2211 * TODO: write a torture test to check the filtering behaviour
2215 change_notify_reply(req
->inbuf
, max_param_count
, fsp
->notify
);
2218 * change_notify_reply() above has independently sent its
2225 * No changes pending, queue the request
2228 status
= change_notify_add_request(req
->inbuf
, max_param_count
, filter
,
2230 if (!NT_STATUS_IS_OK(status
)) {
2231 reply_nterror(req
, status
);
2236 /****************************************************************************
2237 Reply to an NT transact rename command.
2238 ****************************************************************************/
2240 static void call_nt_transact_rename(connection_struct
*conn
,
2241 struct smb_request
*req
,
2242 uint16
**ppsetup
, uint32 setup_count
,
2243 char **ppparams
, uint32 parameter_count
,
2244 char **ppdata
, uint32 data_count
,
2245 uint32 max_data_count
)
2247 char *params
= *ppparams
;
2248 char *new_name
= NULL
;
2249 files_struct
*fsp
= NULL
;
2250 bool replace_if_exists
= False
;
2251 bool dest_has_wcard
= False
;
2253 TALLOC_CTX
*ctx
= talloc_tos();
2255 if(parameter_count
< 5) {
2256 reply_doserror(req
, ERRDOS
, ERRbadfunc
);
2260 fsp
= file_fsp(SVAL(params
, 0));
2261 replace_if_exists
= (SVAL(params
,2) & RENAME_REPLACE_IF_EXISTS
) ? True
: False
;
2262 if (!check_fsp(conn
, req
, fsp
, ¤t_user
)) {
2265 srvstr_get_path_wcard(ctx
, params
, req
->flags2
, &new_name
, params
+4,
2266 parameter_count
- 4,
2267 STR_TERMINATE
, &status
, &dest_has_wcard
);
2268 if (!NT_STATUS_IS_OK(status
)) {
2269 reply_nterror(req
, status
);
2273 status
= rename_internals(ctx
,
2283 if (!NT_STATUS_IS_OK(status
)) {
2284 if (open_was_deferred(req
->mid
)) {
2285 /* We have re-scheduled this call. */
2288 reply_nterror(req
, status
);
2293 * Rename was successful.
2295 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2297 DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
2298 fsp
->fsp_name
, new_name
));
2303 /******************************************************************************
2304 Fake up a completely empty SD.
2305 *******************************************************************************/
2307 static NTSTATUS
get_null_nt_acl(TALLOC_CTX
*mem_ctx
, SEC_DESC
**ppsd
)
2311 *ppsd
= make_standard_sec_desc( mem_ctx
, &global_sid_World
, &global_sid_World
, NULL
, &sd_size
);
2313 DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
2314 return NT_STATUS_NO_MEMORY
;
2317 return NT_STATUS_OK
;
2320 /****************************************************************************
2321 Reply to query a security descriptor.
2322 ****************************************************************************/
2324 static void call_nt_transact_query_security_desc(connection_struct
*conn
,
2325 struct smb_request
*req
,
2329 uint32 parameter_count
,
2332 uint32 max_data_count
)
2334 char *params
= *ppparams
;
2335 char *data
= *ppdata
;
2337 SEC_DESC
*psd
= NULL
;
2339 uint32 security_info_wanted
;
2340 TALLOC_CTX
*mem_ctx
;
2341 files_struct
*fsp
= NULL
;
2344 if(parameter_count
< 8) {
2345 reply_doserror(req
, ERRDOS
, ERRbadfunc
);
2349 fsp
= file_fsp(SVAL(params
,0));
2351 reply_doserror(req
, ERRDOS
, ERRbadfid
);
2355 security_info_wanted
= IVAL(params
,4);
2357 DEBUG(3,("call_nt_transact_query_security_desc: file = %s, info_wanted = 0x%x\n", fsp
->fsp_name
,
2358 (unsigned int)security_info_wanted
));
2360 params
= nttrans_realloc(ppparams
, 4);
2361 if(params
== NULL
) {
2362 reply_doserror(req
, ERRDOS
, ERRnomem
);
2366 if ((mem_ctx
= talloc_init("call_nt_transact_query_security_desc")) == NULL
) {
2367 DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
2368 reply_doserror(req
, ERRDOS
, ERRnomem
);
2373 * Get the permissions to return.
2376 if (!lp_nt_acl_support(SNUM(conn
))) {
2377 status
= get_null_nt_acl(mem_ctx
, &psd
);
2379 status
= SMB_VFS_FGET_NT_ACL(fsp
, fsp
->fh
->fd
,
2380 security_info_wanted
, &psd
);
2383 if (!NT_STATUS_IS_OK(status
)) {
2384 talloc_destroy(mem_ctx
);
2385 reply_nterror(req
, status
);
2389 sd_size
= sec_desc_size(psd
);
2391 DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size
));
2393 SIVAL(params
,0,(uint32
)sd_size
);
2395 if(max_data_count
< sd_size
) {
2397 send_nt_replies(req
, NT_STATUS_BUFFER_TOO_SMALL
,
2398 params
, 4, *ppdata
, 0);
2399 talloc_destroy(mem_ctx
);
2404 * Allocate the data we will point this at.
2407 data
= nttrans_realloc(ppdata
, sd_size
);
2409 talloc_destroy(mem_ctx
);
2410 reply_doserror(req
, ERRDOS
, ERRnomem
);
2415 * Init the parse struct we will marshall into.
2418 prs_init(&pd
, 0, mem_ctx
, MARSHALL
);
2421 * Setup the prs_struct to point at the memory we just
2425 prs_give_memory( &pd
, data
, (uint32
)sd_size
, False
);
2428 * Finally, linearize into the outgoing buffer.
2431 if(!sec_io_desc( "sd data", &psd
, &pd
, 1)) {
2432 DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \
2433 security descriptor.\n"));
2435 * Return access denied for want of a better error message..
2437 talloc_destroy(mem_ctx
);
2438 reply_unixerror(req
, ERRDOS
, ERRnoaccess
);
2443 * Now we can delete the security descriptor.
2446 talloc_destroy(mem_ctx
);
2448 send_nt_replies(req
, NT_STATUS_OK
, params
, 4, data
, (int)sd_size
);
2452 /****************************************************************************
2453 Reply to set a security descriptor. Map to UNIX perms or POSIX ACLs.
2454 ****************************************************************************/
2456 static void call_nt_transact_set_security_desc(connection_struct
*conn
,
2457 struct smb_request
*req
,
2461 uint32 parameter_count
,
2464 uint32 max_data_count
)
2466 char *params
= *ppparams
;
2467 char *data
= *ppdata
;
2468 files_struct
*fsp
= NULL
;
2469 uint32 security_info_sent
= 0;
2472 if(parameter_count
< 8) {
2473 reply_doserror(req
, ERRDOS
, ERRbadfunc
);
2477 if((fsp
= file_fsp(SVAL(params
,0))) == NULL
) {
2478 reply_doserror(req
, ERRDOS
, ERRbadfid
);
2482 if(!lp_nt_acl_support(SNUM(conn
))) {
2486 security_info_sent
= IVAL(params
,4);
2488 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp
->fsp_name
,
2489 (unsigned int)security_info_sent
));
2491 if (data_count
== 0) {
2492 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
2496 if (!NT_STATUS_IS_OK(nt_status
= set_sd( fsp
, data
, data_count
, security_info_sent
))) {
2497 reply_nterror(req
, nt_status
);
2503 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2507 /****************************************************************************
2509 ****************************************************************************/
2511 static void call_nt_transact_ioctl(connection_struct
*conn
,
2512 struct smb_request
*req
,
2513 uint16
**ppsetup
, uint32 setup_count
,
2514 char **ppparams
, uint32 parameter_count
,
2515 char **ppdata
, uint32 data_count
,
2516 uint32 max_data_count
)
2523 static bool logged_message
;
2524 char *pdata
= *ppdata
;
2526 if (setup_count
!= 8) {
2527 DEBUG(3,("call_nt_transact_ioctl: invalid setup count %d\n", setup_count
));
2528 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2532 function
= IVAL(*ppsetup
, 0);
2533 fidnum
= SVAL(*ppsetup
, 4);
2534 isFSctl
= CVAL(*ppsetup
, 6);
2535 compfilter
= CVAL(*ppsetup
, 7);
2537 DEBUG(10,("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n",
2538 function
, fidnum
, isFSctl
, compfilter
));
2540 fsp
=file_fsp(fidnum
);
2541 /* this check is done in each implemented function case for now
2542 because I don't want to break anything... --metze
2543 FSP_BELONGS_CONN(fsp,conn);*/
2546 case FSCTL_SET_SPARSE
:
2547 /* pretend this succeeded - tho strictly we should
2548 mark the file sparse (if the local fs supports it)
2549 so we can know if we need to pre-allocate or not */
2551 DEBUG(10,("FSCTL_SET_SPARSE: called on FID[0x%04X](but not implemented)\n", fidnum
));
2552 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2555 case FSCTL_CREATE_OR_GET_OBJECT_ID
:
2557 unsigned char objid
[16];
2559 /* This should return the object-id on this file.
2560 * I think I'll make this be the inode+dev. JRA.
2563 DEBUG(10,("FSCTL_CREATE_OR_GET_OBJECT_ID: called on FID[0x%04X]\n",fidnum
));
2565 if (!fsp_belongs_conn(conn
, req
, fsp
, ¤t_user
)) {
2570 pdata
= nttrans_realloc(ppdata
, data_count
);
2571 if (pdata
== NULL
) {
2572 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2575 push_file_id_16(pdata
, &fsp
->file_id
);
2576 memcpy(pdata
+16,create_volume_objectid(conn
,objid
),16);
2577 push_file_id_16(pdata
+32, &fsp
->file_id
);
2578 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0,
2583 case FSCTL_GET_REPARSE_POINT
:
2584 /* pretend this fail - my winXP does it like this
2588 DEBUG(10,("FSCTL_GET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum
));
2589 reply_nterror(req
, NT_STATUS_NOT_A_REPARSE_POINT
);
2592 case FSCTL_SET_REPARSE_POINT
:
2593 /* pretend this fail - I'm assuming this because of the FSCTL_GET_REPARSE_POINT case.
2597 DEBUG(10,("FSCTL_SET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum
));
2598 reply_nterror(req
, NT_STATUS_NOT_A_REPARSE_POINT
);
2601 case FSCTL_GET_SHADOW_COPY_DATA
: /* don't know if this name is right...*/
2604 * This is called to retrieve the number of Shadow Copies (a.k.a. snapshots)
2605 * and return their volume names. If max_data_count is 16, then it is just
2606 * asking for the number of volumes and length of the combined names.
2608 * pdata is the data allocated by our caller, but that uses
2609 * total_data_count (which is 0 in our case) rather than max_data_count.
2610 * Allocate the correct amount and return the pointer to let
2611 * it be deallocated when we return.
2613 SHADOW_COPY_DATA
*shadow_data
= NULL
;
2614 TALLOC_CTX
*shadow_mem_ctx
= NULL
;
2615 bool labels
= False
;
2616 uint32 labels_data_count
= 0;
2620 if (!fsp_belongs_conn(conn
, req
, fsp
, ¤t_user
)) {
2624 if (max_data_count
< 16) {
2625 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) < 16 is invalid!\n",
2627 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2631 if (max_data_count
> 16) {
2635 shadow_mem_ctx
= talloc_init("SHADOW_COPY_DATA");
2636 if (shadow_mem_ctx
== NULL
) {
2637 DEBUG(0,("talloc_init(SHADOW_COPY_DATA) failed!\n"));
2638 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2642 shadow_data
= TALLOC_ZERO_P(shadow_mem_ctx
,SHADOW_COPY_DATA
);
2643 if (shadow_data
== NULL
) {
2644 DEBUG(0,("TALLOC_ZERO() failed!\n"));
2645 talloc_destroy(shadow_mem_ctx
);
2646 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2650 shadow_data
->mem_ctx
= shadow_mem_ctx
;
2653 * Call the VFS routine to actually do the work.
2655 if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp
, shadow_data
, labels
)!=0) {
2656 talloc_destroy(shadow_data
->mem_ctx
);
2657 if (errno
== ENOSYS
) {
2658 DEBUG(5,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, not supported.\n",
2659 conn
->connectpath
));
2660 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2663 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, failed.\n",
2664 conn
->connectpath
));
2665 reply_nterror(req
, NT_STATUS_UNSUCCESSFUL
);
2670 labels_data_count
= (shadow_data
->num_volumes
*2*sizeof(SHADOW_COPY_LABEL
))+2;
2675 data_count
= 12+labels_data_count
+4;
2678 if (max_data_count
<data_count
) {
2679 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) too small (%u) bytes needed!\n",
2680 max_data_count
,data_count
));
2681 talloc_destroy(shadow_data
->mem_ctx
);
2682 reply_nterror(req
, NT_STATUS_BUFFER_TOO_SMALL
);
2686 pdata
= nttrans_realloc(ppdata
, data_count
);
2687 if (pdata
== NULL
) {
2688 talloc_destroy(shadow_data
->mem_ctx
);
2689 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2695 /* num_volumes 4 bytes */
2696 SIVAL(pdata
,0,shadow_data
->num_volumes
);
2699 /* num_labels 4 bytes */
2700 SIVAL(pdata
,4,shadow_data
->num_volumes
);
2703 /* needed_data_count 4 bytes */
2704 SIVAL(pdata
,8,labels_data_count
);
2708 DEBUG(10,("FSCTL_GET_SHADOW_COPY_DATA: %u volumes for path[%s].\n",
2709 shadow_data
->num_volumes
,fsp
->fsp_name
));
2710 if (labels
&& shadow_data
->labels
) {
2711 for (i
=0;i
<shadow_data
->num_volumes
;i
++) {
2712 srvstr_push(pdata
, req
->flags2
,
2713 cur_pdata
, shadow_data
->labels
[i
],
2714 2*sizeof(SHADOW_COPY_LABEL
),
2715 STR_UNICODE
|STR_TERMINATE
);
2716 cur_pdata
+=2*sizeof(SHADOW_COPY_LABEL
);
2717 DEBUGADD(10,("Label[%u]: '%s'\n",i
,shadow_data
->labels
[i
]));
2721 talloc_destroy(shadow_data
->mem_ctx
);
2723 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0,
2729 case FSCTL_FIND_FILES_BY_SID
: /* I hope this name is right */
2731 /* pretend this succeeded -
2733 * we have to send back a list with all files owned by this SID
2735 * but I have to check that --metze
2739 size_t sid_len
= MIN(data_count
-4,SID_MAX_SIZE
);
2741 DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum
));
2743 if (!fsp_belongs_conn(conn
, req
, fsp
, ¤t_user
)) {
2747 /* unknown 4 bytes: this is not the length of the sid :-( */
2748 /*unknown = IVAL(pdata,0);*/
2750 sid_parse(pdata
+4,sid_len
,&sid
);
2751 DEBUGADD(10,("for SID: %s\n",sid_string_static(&sid
)));
2753 if (!sid_to_uid(&sid
, &uid
)) {
2754 DEBUG(0,("sid_to_uid: failed, sid[%s] sid_len[%lu]\n",
2755 sid_string_static(&sid
),(unsigned long)sid_len
));
2759 /* we can take a look at the find source :-)
2761 * find ./ -uid $uid -name '*' is what we need here
2764 * and send 4bytes len and then NULL terminated unicode strings
2767 * but I don't know how to deal with the paged results
2768 * (maybe we can hang the result anywhere in the fsp struct)
2770 * we don't send all files at once
2771 * and at the next we should *not* start from the beginning,
2772 * so we have to cache the result
2777 /* this works for now... */
2778 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2782 if (!logged_message
) {
2783 logged_message
= True
; /* Only print this once... */
2784 DEBUG(0,("call_nt_transact_ioctl(0x%x): Currently not implemented.\n",
2789 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2793 #ifdef HAVE_SYS_QUOTAS
2794 /****************************************************************************
2795 Reply to get user quota
2796 ****************************************************************************/
2798 static void call_nt_transact_get_user_quota(connection_struct
*conn
,
2799 struct smb_request
*req
,
2803 uint32 parameter_count
,
2806 uint32 max_data_count
)
2808 NTSTATUS nt_status
= NT_STATUS_OK
;
2809 char *params
= *ppparams
;
2810 char *pdata
= *ppdata
;
2812 int data_len
=0,param_len
=0;
2815 files_struct
*fsp
= NULL
;
2819 bool start_enum
= True
;
2820 SMB_NTQUOTA_STRUCT qt
;
2821 SMB_NTQUOTA_LIST
*tmp_list
;
2822 SMB_NTQUOTA_HANDLE
*qt_handle
= NULL
;
2827 if (current_user
.ut
.uid
!= 0) {
2828 DEBUG(1,("get_user_quota: access_denied service [%s] user [%s]\n",
2829 lp_servicename(SNUM(conn
)),conn
->user
));
2830 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
2835 * Ensure minimum number of parameters sent.
2838 if (parameter_count
< 4) {
2839 DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count
));
2840 reply_doserror(req
, ERRDOS
, ERRinvalidparam
);
2844 /* maybe we can check the quota_fnum */
2845 fsp
= file_fsp(SVAL(params
,0));
2846 if (!CHECK_NTQUOTA_HANDLE_OK(fsp
,conn
)) {
2847 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2848 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
2852 /* the NULL pointer checking for fsp->fake_file_handle->pd
2853 * is done by CHECK_NTQUOTA_HANDLE_OK()
2855 qt_handle
= (SMB_NTQUOTA_HANDLE
*)fsp
->fake_file_handle
->pd
;
2857 level
= SVAL(params
,2);
2859 /* unknown 12 bytes leading in params */
2862 case TRANSACT_GET_USER_QUOTA_LIST_CONTINUE
:
2863 /* seems that we should continue with the enum here --metze */
2865 if (qt_handle
->quota_list
!=NULL
&&
2866 qt_handle
->tmp_list
==NULL
) {
2869 free_ntquota_list(&(qt_handle
->quota_list
));
2871 /* Realloc the size of parameters and data we will return */
2873 params
= nttrans_realloc(ppparams
, param_len
);
2874 if(params
== NULL
) {
2875 reply_doserror(req
, ERRDOS
, ERRnomem
);
2880 SIVAL(params
,0,data_len
);
2887 case TRANSACT_GET_USER_QUOTA_LIST_START
:
2889 if (qt_handle
->quota_list
==NULL
&&
2890 qt_handle
->tmp_list
==NULL
) {
2894 if (start_enum
&& vfs_get_user_ntquota_list(fsp
,&(qt_handle
->quota_list
))!=0) {
2895 reply_doserror(req
, ERRSRV
, ERRerror
);
2899 /* Realloc the size of parameters and data we will return */
2901 params
= nttrans_realloc(ppparams
, param_len
);
2902 if(params
== NULL
) {
2903 reply_doserror(req
, ERRDOS
, ERRnomem
);
2907 /* we should not trust the value in max_data_count*/
2908 max_data_count
= MIN(max_data_count
,2048);
2910 pdata
= nttrans_realloc(ppdata
, max_data_count
);/* should be max data count from client*/
2912 reply_doserror(req
, ERRDOS
, ERRnomem
);
2918 /* set params Size of returned Quota Data 4 bytes*/
2919 /* but set it later when we know it */
2921 /* for each entry push the data */
2924 qt_handle
->tmp_list
= qt_handle
->quota_list
;
2927 tmp_list
= qt_handle
->tmp_list
;
2929 for (;((tmp_list
!=NULL
)&&((qt_len
+40+SID_MAX_SIZE
)<max_data_count
));
2930 tmp_list
=tmp_list
->next
,entry
+=entry_len
,qt_len
+=entry_len
) {
2932 sid_len
= sid_size(&tmp_list
->quotas
->sid
);
2933 entry_len
= 40 + sid_len
;
2935 /* nextoffset entry 4 bytes */
2936 SIVAL(entry
,0,entry_len
);
2938 /* then the len of the SID 4 bytes */
2939 SIVAL(entry
,4,sid_len
);
2941 /* unknown data 8 bytes SMB_BIG_UINT */
2942 SBIG_UINT(entry
,8,(SMB_BIG_UINT
)0); /* this is not 0 in windows...-metze*/
2944 /* the used disk space 8 bytes SMB_BIG_UINT */
2945 SBIG_UINT(entry
,16,tmp_list
->quotas
->usedspace
);
2947 /* the soft quotas 8 bytes SMB_BIG_UINT */
2948 SBIG_UINT(entry
,24,tmp_list
->quotas
->softlim
);
2950 /* the hard quotas 8 bytes SMB_BIG_UINT */
2951 SBIG_UINT(entry
,32,tmp_list
->quotas
->hardlim
);
2953 /* and now the SID */
2954 sid_linearize(entry
+40, sid_len
, &tmp_list
->quotas
->sid
);
2957 qt_handle
->tmp_list
= tmp_list
;
2959 /* overwrite the offset of the last entry */
2960 SIVAL(entry
-entry_len
,0,0);
2962 data_len
= 4+qt_len
;
2963 /* overwrite the params quota_data_len */
2964 SIVAL(params
,0,data_len
);
2968 case TRANSACT_GET_USER_QUOTA_FOR_SID
:
2970 /* unknown 4 bytes IVAL(pdata,0) */
2972 if (data_count
< 8) {
2973 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count
,8));
2974 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
2978 sid_len
= IVAL(pdata
,4);
2979 /* Ensure this is less than 1mb. */
2980 if (sid_len
> (1024*1024)) {
2981 reply_doserror(req
, ERRDOS
, ERRnomem
);
2985 if (data_count
< 8+sid_len
) {
2986 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count
,(unsigned long)(8+sid_len
)));
2987 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
2991 data_len
= 4+40+sid_len
;
2993 if (max_data_count
< data_len
) {
2994 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: max_data_count(%d) < data_len(%d)\n",
2995 max_data_count
, data_len
));
2997 SIVAL(params
,0,data_len
);
2999 nt_status
= NT_STATUS_BUFFER_TOO_SMALL
;
3003 sid_parse(pdata
+8,sid_len
,&sid
);
3005 if (vfs_get_ntquota(fsp
, SMB_USER_QUOTA_TYPE
, &sid
, &qt
)!=0) {
3008 * we have to return zero's in all fields
3009 * instead of returning an error here
3014 /* Realloc the size of parameters and data we will return */
3016 params
= nttrans_realloc(ppparams
, param_len
);
3017 if(params
== NULL
) {
3018 reply_doserror(req
, ERRDOS
, ERRnomem
);
3022 pdata
= nttrans_realloc(ppdata
, data_len
);
3024 reply_doserror(req
, ERRDOS
, ERRnomem
);
3030 /* set params Size of returned Quota Data 4 bytes*/
3031 SIVAL(params
,0,data_len
);
3033 /* nextoffset entry 4 bytes */
3036 /* then the len of the SID 4 bytes */
3037 SIVAL(entry
,4,sid_len
);
3039 /* unknown data 8 bytes SMB_BIG_UINT */
3040 SBIG_UINT(entry
,8,(SMB_BIG_UINT
)0); /* this is not 0 in windows...-mezte*/
3042 /* the used disk space 8 bytes SMB_BIG_UINT */
3043 SBIG_UINT(entry
,16,qt
.usedspace
);
3045 /* the soft quotas 8 bytes SMB_BIG_UINT */
3046 SBIG_UINT(entry
,24,qt
.softlim
);
3048 /* the hard quotas 8 bytes SMB_BIG_UINT */
3049 SBIG_UINT(entry
,32,qt
.hardlim
);
3051 /* and now the SID */
3052 sid_linearize(entry
+40, sid_len
, &sid
);
3057 DEBUG(0,("do_nt_transact_get_user_quota: fnum %d unknown level 0x%04hX\n",fsp
->fnum
,level
));
3058 reply_doserror(req
, ERRSRV
, ERRerror
);
3063 send_nt_replies(req
, nt_status
, params
, param_len
,
3067 /****************************************************************************
3068 Reply to set user quota
3069 ****************************************************************************/
3071 static void call_nt_transact_set_user_quota(connection_struct
*conn
,
3072 struct smb_request
*req
,
3076 uint32 parameter_count
,
3079 uint32 max_data_count
)
3081 char *params
= *ppparams
;
3082 char *pdata
= *ppdata
;
3083 int data_len
=0,param_len
=0;
3084 SMB_NTQUOTA_STRUCT qt
;
3087 files_struct
*fsp
= NULL
;
3092 if (current_user
.ut
.uid
!= 0) {
3093 DEBUG(1,("set_user_quota: access_denied service [%s] user [%s]\n",
3094 lp_servicename(SNUM(conn
)),conn
->user
));
3095 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
3100 * Ensure minimum number of parameters sent.
3103 if (parameter_count
< 2) {
3104 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count
));
3105 reply_doserror(req
, ERRDOS
, ERRinvalidparam
);
3109 /* maybe we can check the quota_fnum */
3110 fsp
= file_fsp(SVAL(params
,0));
3111 if (!CHECK_NTQUOTA_HANDLE_OK(fsp
,conn
)) {
3112 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
3113 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
3117 if (data_count
< 40) {
3118 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count
,40));
3119 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3123 /* offset to next quota record.
3124 * 4 bytes IVAL(pdata,0)
3129 sid_len
= IVAL(pdata
,4);
3131 if (data_count
< 40+sid_len
) {
3132 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count
,(unsigned long)40+sid_len
));
3133 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3137 /* unknown 8 bytes in pdata
3138 * maybe its the change time in NTTIME
3141 /* the used space 8 bytes (SMB_BIG_UINT)*/
3142 qt
.usedspace
= (SMB_BIG_UINT
)IVAL(pdata
,16);
3143 #ifdef LARGE_SMB_OFF_T
3144 qt
.usedspace
|= (((SMB_BIG_UINT
)IVAL(pdata
,20)) << 32);
3145 #else /* LARGE_SMB_OFF_T */
3146 if ((IVAL(pdata
,20) != 0)&&
3147 ((qt
.usedspace
!= 0xFFFFFFFF)||
3148 (IVAL(pdata
,20)!=0xFFFFFFFF))) {
3149 /* more than 32 bits? */
3150 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3153 #endif /* LARGE_SMB_OFF_T */
3155 /* the soft quotas 8 bytes (SMB_BIG_UINT)*/
3156 qt
.softlim
= (SMB_BIG_UINT
)IVAL(pdata
,24);
3157 #ifdef LARGE_SMB_OFF_T
3158 qt
.softlim
|= (((SMB_BIG_UINT
)IVAL(pdata
,28)) << 32);
3159 #else /* LARGE_SMB_OFF_T */
3160 if ((IVAL(pdata
,28) != 0)&&
3161 ((qt
.softlim
!= 0xFFFFFFFF)||
3162 (IVAL(pdata
,28)!=0xFFFFFFFF))) {
3163 /* more than 32 bits? */
3164 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3167 #endif /* LARGE_SMB_OFF_T */
3169 /* the hard quotas 8 bytes (SMB_BIG_UINT)*/
3170 qt
.hardlim
= (SMB_BIG_UINT
)IVAL(pdata
,32);
3171 #ifdef LARGE_SMB_OFF_T
3172 qt
.hardlim
|= (((SMB_BIG_UINT
)IVAL(pdata
,36)) << 32);
3173 #else /* LARGE_SMB_OFF_T */
3174 if ((IVAL(pdata
,36) != 0)&&
3175 ((qt
.hardlim
!= 0xFFFFFFFF)||
3176 (IVAL(pdata
,36)!=0xFFFFFFFF))) {
3177 /* more than 32 bits? */
3178 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3181 #endif /* LARGE_SMB_OFF_T */
3183 sid_parse(pdata
+40,sid_len
,&sid
);
3184 DEBUGADD(8,("SID: %s\n",sid_string_static(&sid
)));
3186 /* 44 unknown bytes left... */
3188 if (vfs_set_ntquota(fsp
, SMB_USER_QUOTA_TYPE
, &sid
, &qt
)!=0) {
3189 reply_doserror(req
, ERRSRV
, ERRerror
);
3193 send_nt_replies(req
, NT_STATUS_OK
, params
, param_len
,
3196 #endif /* HAVE_SYS_QUOTAS */
3198 static void handle_nttrans(connection_struct
*conn
,
3199 struct trans_state
*state
,
3200 struct smb_request
*req
)
3202 if (Protocol
>= PROTOCOL_NT1
) {
3203 req
->flags2
|= 0x40; /* IS_LONG_NAME */
3204 SSVAL(req
->inbuf
,smb_flg2
,req
->flags2
);
3207 /* Now we must call the relevant NT_TRANS function */
3208 switch(state
->call
) {
3209 case NT_TRANSACT_CREATE
:
3211 START_PROFILE(NT_transact_create
);
3212 call_nt_transact_create(
3214 &state
->setup
, state
->setup_count
,
3215 &state
->param
, state
->total_param
,
3216 &state
->data
, state
->total_data
,
3217 state
->max_data_return
);
3218 END_PROFILE(NT_transact_create
);
3222 case NT_TRANSACT_IOCTL
:
3224 START_PROFILE(NT_transact_ioctl
);
3225 call_nt_transact_ioctl(
3227 &state
->setup
, state
->setup_count
,
3228 &state
->param
, state
->total_param
,
3229 &state
->data
, state
->total_data
,
3230 state
->max_data_return
);
3231 END_PROFILE(NT_transact_ioctl
);
3235 case NT_TRANSACT_SET_SECURITY_DESC
:
3237 START_PROFILE(NT_transact_set_security_desc
);
3238 call_nt_transact_set_security_desc(
3240 &state
->setup
, state
->setup_count
,
3241 &state
->param
, state
->total_param
,
3242 &state
->data
, state
->total_data
,
3243 state
->max_data_return
);
3244 END_PROFILE(NT_transact_set_security_desc
);
3248 case NT_TRANSACT_NOTIFY_CHANGE
:
3250 START_PROFILE(NT_transact_notify_change
);
3251 call_nt_transact_notify_change(
3253 &state
->setup
, state
->setup_count
,
3254 &state
->param
, state
->total_param
,
3255 &state
->data
, state
->total_data
,
3256 state
->max_data_return
,
3257 state
->max_param_return
);
3258 END_PROFILE(NT_transact_notify_change
);
3262 case NT_TRANSACT_RENAME
:
3264 START_PROFILE(NT_transact_rename
);
3265 call_nt_transact_rename(
3267 &state
->setup
, state
->setup_count
,
3268 &state
->param
, state
->total_param
,
3269 &state
->data
, state
->total_data
,
3270 state
->max_data_return
);
3271 END_PROFILE(NT_transact_rename
);
3275 case NT_TRANSACT_QUERY_SECURITY_DESC
:
3277 START_PROFILE(NT_transact_query_security_desc
);
3278 call_nt_transact_query_security_desc(
3280 &state
->setup
, state
->setup_count
,
3281 &state
->param
, state
->total_param
,
3282 &state
->data
, state
->total_data
,
3283 state
->max_data_return
);
3284 END_PROFILE(NT_transact_query_security_desc
);
3288 #ifdef HAVE_SYS_QUOTAS
3289 case NT_TRANSACT_GET_USER_QUOTA
:
3291 START_PROFILE(NT_transact_get_user_quota
);
3292 call_nt_transact_get_user_quota(
3294 &state
->setup
, state
->setup_count
,
3295 &state
->param
, state
->total_param
,
3296 &state
->data
, state
->total_data
,
3297 state
->max_data_return
);
3298 END_PROFILE(NT_transact_get_user_quota
);
3302 case NT_TRANSACT_SET_USER_QUOTA
:
3304 START_PROFILE(NT_transact_set_user_quota
);
3305 call_nt_transact_set_user_quota(
3307 &state
->setup
, state
->setup_count
,
3308 &state
->param
, state
->total_param
,
3309 &state
->data
, state
->total_data
,
3310 state
->max_data_return
);
3311 END_PROFILE(NT_transact_set_user_quota
);
3314 #endif /* HAVE_SYS_QUOTAS */
3317 /* Error in request */
3318 DEBUG(0,("handle_nttrans: Unknown request %d in "
3319 "nttrans call\n", state
->call
));
3320 reply_doserror(req
, ERRSRV
, ERRerror
);
3326 /****************************************************************************
3327 Reply to a SMBNTtrans.
3328 ****************************************************************************/
3330 void reply_nttrans(connection_struct
*conn
, struct smb_request
*req
)
3336 uint16 function_code
;
3338 struct trans_state
*state
;
3341 START_PROFILE(SMBnttrans
);
3343 if (req
->wct
< 19) {
3344 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3345 END_PROFILE(SMBnttrans
);
3349 size
= smb_len(req
->inbuf
) + 4;
3350 pscnt
= IVAL(req
->inbuf
,smb_nt_ParameterCount
);
3351 psoff
= IVAL(req
->inbuf
,smb_nt_ParameterOffset
);
3352 dscnt
= IVAL(req
->inbuf
,smb_nt_DataCount
);
3353 dsoff
= IVAL(req
->inbuf
,smb_nt_DataOffset
);
3354 function_code
= SVAL(req
->inbuf
, smb_nt_Function
);
3356 if (IS_IPC(conn
) && (function_code
!= NT_TRANSACT_CREATE
)) {
3357 reply_doserror(req
, ERRSRV
, ERRaccess
);
3358 END_PROFILE(SMBnttrans
);
3362 result
= allow_new_trans(conn
->pending_trans
, req
->mid
);
3363 if (!NT_STATUS_IS_OK(result
)) {
3364 DEBUG(2, ("Got invalid nttrans request: %s\n", nt_errstr(result
)));
3365 reply_nterror(req
, result
);
3366 END_PROFILE(SMBnttrans
);
3370 if ((state
= TALLOC_P(conn
->mem_ctx
, struct trans_state
)) == NULL
) {
3371 reply_doserror(req
, ERRSRV
, ERRaccess
);
3372 END_PROFILE(SMBnttrans
);
3376 state
->cmd
= SMBnttrans
;
3378 state
->mid
= req
->mid
;
3379 state
->vuid
= req
->vuid
;
3380 state
->total_data
= IVAL(req
->inbuf
, smb_nt_TotalDataCount
);
3382 state
->total_param
= IVAL(req
->inbuf
, smb_nt_TotalParameterCount
);
3383 state
->param
= NULL
;
3384 state
->max_data_return
= IVAL(req
->inbuf
,smb_nt_MaxDataCount
);
3385 state
->max_param_return
= IVAL(req
->inbuf
,smb_nt_MaxParameterCount
);
3387 /* setup count is in *words* */
3388 state
->setup_count
= 2*CVAL(req
->inbuf
,smb_nt_SetupCount
);
3389 state
->setup
= NULL
;
3390 state
->call
= function_code
;
3393 * All nttrans messages we handle have smb_wct == 19 +
3394 * state->setup_count. Ensure this is so as a sanity check.
3397 if(req
->wct
!= 19 + (state
->setup_count
/2)) {
3398 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
3399 req
->wct
, 19 + (state
->setup_count
/2)));
3403 /* Don't allow more than 128mb for each value. */
3404 if ((state
->total_data
> (1024*1024*128)) ||
3405 (state
->total_param
> (1024*1024*128))) {
3406 reply_doserror(req
, ERRDOS
, ERRnomem
);
3407 END_PROFILE(SMBnttrans
);
3411 if ((dscnt
> state
->total_data
) || (pscnt
> state
->total_param
))
3414 if (state
->total_data
) {
3415 /* Can't use talloc here, the core routines do realloc on the
3416 * params and data. */
3417 if ((state
->data
= (char *)SMB_MALLOC(state
->total_data
)) == NULL
) {
3418 DEBUG(0,("reply_nttrans: data malloc fail for %u "
3419 "bytes !\n", (unsigned int)state
->total_data
));
3421 reply_doserror(req
, ERRDOS
, ERRnomem
);
3422 END_PROFILE(SMBnttrans
);
3425 if ((dsoff
+dscnt
< dsoff
) || (dsoff
+dscnt
< dscnt
))
3427 if ((smb_base(req
->inbuf
)+dsoff
+dscnt
3428 > (char *)req
->inbuf
+ size
) ||
3429 (smb_base(req
->inbuf
)+dsoff
+dscnt
< smb_base(req
->inbuf
)))
3432 memcpy(state
->data
,smb_base(req
->inbuf
)+dsoff
,dscnt
);
3435 if (state
->total_param
) {
3436 /* Can't use talloc here, the core routines do realloc on the
3437 * params and data. */
3438 if ((state
->param
= (char *)SMB_MALLOC(state
->total_param
)) == NULL
) {
3439 DEBUG(0,("reply_nttrans: param malloc fail for %u "
3440 "bytes !\n", (unsigned int)state
->total_param
));
3441 SAFE_FREE(state
->data
);
3443 reply_doserror(req
, ERRDOS
, ERRnomem
);
3444 END_PROFILE(SMBnttrans
);
3447 if ((psoff
+pscnt
< psoff
) || (psoff
+pscnt
< pscnt
))
3449 if ((smb_base(req
->inbuf
)+psoff
+pscnt
3450 > (char *)req
->inbuf
+ size
) ||
3451 (smb_base(req
->inbuf
)+psoff
+pscnt
< smb_base(req
->inbuf
)))
3454 memcpy(state
->param
,smb_base(req
->inbuf
)+psoff
,pscnt
);
3457 state
->received_data
= dscnt
;
3458 state
->received_param
= pscnt
;
3460 if(state
->setup_count
> 0) {
3461 DEBUG(10,("reply_nttrans: state->setup_count = %d\n",
3462 state
->setup_count
));
3463 state
->setup
= (uint16
*)TALLOC(state
, state
->setup_count
);
3464 if (state
->setup
== NULL
) {
3465 DEBUG(0,("reply_nttrans : Out of memory\n"));
3466 SAFE_FREE(state
->data
);
3467 SAFE_FREE(state
->param
);
3469 reply_doserror(req
, ERRDOS
, ERRnomem
);
3470 END_PROFILE(SMBnttrans
);
3474 if ((smb_nt_SetupStart
+ state
->setup_count
< smb_nt_SetupStart
) ||
3475 (smb_nt_SetupStart
+ state
->setup_count
< state
->setup_count
)) {
3478 if (smb_nt_SetupStart
+ state
->setup_count
> size
) {
3482 memcpy( state
->setup
, &req
->inbuf
[smb_nt_SetupStart
],
3483 state
->setup_count
);
3484 dump_data(10, (uint8
*)state
->setup
, state
->setup_count
);
3487 if ((state
->received_data
== state
->total_data
) &&
3488 (state
->received_param
== state
->total_param
)) {
3489 handle_nttrans(conn
, state
, req
);
3490 SAFE_FREE(state
->param
);
3491 SAFE_FREE(state
->data
);
3493 END_PROFILE(SMBnttrans
);
3497 DLIST_ADD(conn
->pending_trans
, state
);
3499 /* We need to send an interim response then receive the rest
3500 of the parameter/data bytes */
3501 reply_outbuf(req
, 0, 0);
3502 show_msg((char *)req
->outbuf
);
3503 END_PROFILE(SMBnttrans
);
3508 DEBUG(0,("reply_nttrans: invalid trans parameters\n"));
3509 SAFE_FREE(state
->data
);
3510 SAFE_FREE(state
->param
);
3512 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3513 END_PROFILE(SMBnttrans
);
3517 /****************************************************************************
3518 Reply to a SMBnttranss
3519 ****************************************************************************/
3521 void reply_nttranss(connection_struct
*conn
, struct smb_request
*req
)
3523 unsigned int pcnt
,poff
,dcnt
,doff
,pdisp
,ddisp
;
3524 struct trans_state
*state
;
3528 START_PROFILE(SMBnttranss
);
3530 show_msg((char *)req
->inbuf
);
3532 if (req
->wct
< 18) {
3533 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3534 END_PROFILE(SMBnttranss
);
3538 for (state
= conn
->pending_trans
; state
!= NULL
;
3539 state
= state
->next
) {
3540 if (state
->mid
== req
->mid
) {
3545 if ((state
== NULL
) || (state
->cmd
!= SMBnttrans
)) {
3546 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3547 END_PROFILE(SMBnttranss
);
3551 /* Revise state->total_param and state->total_data in case they have
3552 changed downwards */
3553 if (IVAL(req
->inbuf
, smb_nts_TotalParameterCount
)
3554 < state
->total_param
) {
3555 state
->total_param
= IVAL(req
->inbuf
,
3556 smb_nts_TotalParameterCount
);
3558 if (IVAL(req
->inbuf
, smb_nts_TotalDataCount
) < state
->total_data
) {
3559 state
->total_data
= IVAL(req
->inbuf
, smb_nts_TotalDataCount
);
3562 size
= smb_len(req
->inbuf
) + 4;
3564 pcnt
= IVAL(req
->inbuf
,smb_nts_ParameterCount
);
3565 poff
= IVAL(req
->inbuf
, smb_nts_ParameterOffset
);
3566 pdisp
= IVAL(req
->inbuf
, smb_nts_ParameterDisplacement
);
3568 dcnt
= IVAL(req
->inbuf
, smb_nts_DataCount
);
3569 ddisp
= IVAL(req
->inbuf
, smb_nts_DataDisplacement
);
3570 doff
= IVAL(req
->inbuf
, smb_nts_DataOffset
);
3572 state
->received_param
+= pcnt
;
3573 state
->received_data
+= dcnt
;
3575 if ((state
->received_data
> state
->total_data
) ||
3576 (state
->received_param
> state
->total_param
))
3580 if (pdisp
+pcnt
> state
->total_param
)
3582 if ((pdisp
+pcnt
< pdisp
) || (pdisp
+pcnt
< pcnt
))
3584 if (pdisp
> state
->total_param
)
3586 if ((smb_base(req
->inbuf
) + poff
+ pcnt
3587 > (char *)req
->inbuf
+ size
) ||
3588 (smb_base(req
->inbuf
) + poff
+ pcnt
3589 < smb_base(req
->inbuf
)))
3591 if (state
->param
+ pdisp
< state
->param
)
3594 memcpy(state
->param
+pdisp
, smb_base(req
->inbuf
)+poff
,
3599 if (ddisp
+dcnt
> state
->total_data
)
3601 if ((ddisp
+dcnt
< ddisp
) || (ddisp
+dcnt
< dcnt
))
3603 if (ddisp
> state
->total_data
)
3605 if ((smb_base(req
->inbuf
) + doff
+ dcnt
3606 > (char *)req
->inbuf
+ size
) ||
3607 (smb_base(req
->inbuf
) + doff
+ dcnt
3608 < smb_base(req
->inbuf
)))
3610 if (state
->data
+ ddisp
< state
->data
)
3613 memcpy(state
->data
+ddisp
, smb_base(req
->inbuf
)+doff
,
3617 if ((state
->received_param
< state
->total_param
) ||
3618 (state
->received_data
< state
->total_data
)) {
3619 END_PROFILE(SMBnttranss
);
3624 * construct_reply_common will copy smb_com from inbuf to
3625 * outbuf. SMBnttranss is wrong here.
3627 SCVAL(req
->inbuf
,smb_com
,SMBnttrans
);
3629 handle_nttrans(conn
, state
, req
);
3631 DLIST_REMOVE(conn
->pending_trans
, state
);
3632 SAFE_FREE(state
->data
);
3633 SAFE_FREE(state
->param
);
3635 END_PROFILE(SMBnttranss
);
3640 DEBUG(0,("reply_nttranss: invalid trans parameters\n"));
3641 DLIST_REMOVE(conn
->pending_trans
, state
);
3642 SAFE_FREE(state
->data
);
3643 SAFE_FREE(state
->param
);
3645 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3646 END_PROFILE(SMBnttranss
);