search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ndr: add ndr_pull_charset_to_null()
[Samba.git] / source3 / smbd / reply.c
blobb86ccd3699b7268f9bc1db1fd227cb5f710388c1
1 /*
2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22 /*
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
25 */
26
27 #include "includes.h"
28 #include "system/filesys.h"
29 #include "printing.h"
30 #include "smbd/smbd.h"
31 #include "smbd/globals.h"
32 #include "fake_file.h"
33 #include "rpc_client/rpc_client.h"
34 #include "../librpc/gen_ndr/ndr_spoolss_c.h"
35 #include "rpc_client/cli_spoolss.h"
36 #include "rpc_client/init_spoolss.h"
37 #include "rpc_server/rpc_ncacn_np.h"
38 #include "libcli/security/security.h"
39 #include "libsmb/nmblib.h"
40 #include "auth.h"
41 #include "smbprofile.h"
42
43 /****************************************************************************
44 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
45 path or anything including wildcards.
46 We're assuming here that '/' is not the second byte in any multibyte char
47 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
48 set.
49 ****************************************************************************/
50
51 /* Custom version for processing POSIX paths. */
52 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
53
54 static NTSTATUS check_path_syntax_internal(char *path,
55 bool posix_path,
56 bool *p_last_component_contains_wcard)
57 {
58 char *d = path;
59 const char *s = path;
60 NTSTATUS ret = NT_STATUS_OK;
61 bool start_of_name_component = True;
62 bool stream_started = false;
63
64 *p_last_component_contains_wcard = False;
65
66 while (*s) {
67 if (stream_started) {
68 switch (*s) {
69 case '/':
70 case '\\':
71 return NT_STATUS_OBJECT_NAME_INVALID;
72 case ':':
73 if (s[1] == '\0') {
74 return NT_STATUS_OBJECT_NAME_INVALID;
75 }
76 if (strchr_m(&s[1], ':')) {
77 return NT_STATUS_OBJECT_NAME_INVALID;
78 }
79 break;
80 }
81 }
82
83 if ((*s == ':') && !posix_path && !stream_started) {
84 if (*p_last_component_contains_wcard) {
85 return NT_STATUS_OBJECT_NAME_INVALID;
86 }
87 /* Stream names allow more characters than file names.
88 We're overloading posix_path here to allow a wider
89 range of characters. If stream_started is true this
90 is still a Windows path even if posix_path is true.
91 JRA.
92 */
93 stream_started = true;
94 start_of_name_component = false;
95 posix_path = true;
96
97 if (s[1] == '\0') {
98 return NT_STATUS_OBJECT_NAME_INVALID;
99 }
100 }
101
102 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
103 /*
104 * Safe to assume is not the second part of a mb char
105 * as this is handled below.
106 */
107 /* Eat multiple '/' or '\\' */
108 while (IS_PATH_SEP(*s,posix_path)) {
109 s++;
110 }
111 if ((d != path) && (*s != '\0')) {
112 /* We only care about non-leading or trailing '/' or '\\' */
113 *d++ = '/';
114 }
115
116 start_of_name_component = True;
117 /* New component. */
118 *p_last_component_contains_wcard = False;
119 continue;
120 }
121
122 if (start_of_name_component) {
123 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
124 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
125
126 /*
127 * No mb char starts with '.' so we're safe checking the directory separator here.
128 */
129
130 /* If we just added a '/' - delete it */
131 if ((d > path) && (*(d-1) == '/')) {
132 *(d-1) = '\0';
133 d--;
134 }
135
136 /* Are we at the start ? Can't go back further if so. */
137 if (d <= path) {
138 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
139 break;
140 }
141 /* Go back one level... */
142 /* We know this is safe as '/' cannot be part of a mb sequence. */
143 /* NOTE - if this assumption is invalid we are not in good shape... */
144 /* Decrement d first as d points to the *next* char to write into. */
145 for (d--; d > path; d--) {
146 if (*d == '/')
147 break;
148 }
149 s += 2; /* Else go past the .. */
150 /* We're still at the start of a name component, just the previous one. */
151 continue;
152
153 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
154 if (posix_path) {
155 /* Eat the '.' */
156 s++;
157 continue;
158 }
159 }
160
161 }
162
163 if (!(*s & 0x80)) {
164 if (!posix_path) {
165 if (*s <= 0x1f || *s == '|') {
166 return NT_STATUS_OBJECT_NAME_INVALID;
167 }
168 switch (*s) {
169 case '*':
170 case '?':
171 case '<':
172 case '>':
173 case '"':
174 *p_last_component_contains_wcard = True;
175 break;
176 default:
177 break;
178 }
179 }
180 *d++ = *s++;
181 } else {
182 size_t siz;
183 /* Get the size of the next MB character. */
184 next_codepoint(s,&siz);
185 switch(siz) {
186 case 5:
187 *d++ = *s++;
188 /*fall through*/
189 case 4:
190 *d++ = *s++;
191 /*fall through*/
192 case 3:
193 *d++ = *s++;
194 /*fall through*/
195 case 2:
196 *d++ = *s++;
197 /*fall through*/
198 case 1:
199 *d++ = *s++;
200 break;
201 default:
202 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
203 *d = '\0';
204 return NT_STATUS_INVALID_PARAMETER;
205 }
206 }
207 start_of_name_component = False;
208 }
209
210 *d = '\0';
211
212 return ret;
213 }
214
215 /****************************************************************************
216 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
217 No wildcards allowed.
218 ****************************************************************************/
219
220 NTSTATUS check_path_syntax(char *path)
221 {
222 bool ignore;
223 return check_path_syntax_internal(path, False, &ignore);
224 }
225
226 /****************************************************************************
227 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
228 Wildcards allowed - p_contains_wcard returns true if the last component contained
229 a wildcard.
230 ****************************************************************************/
231
232 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
233 {
234 return check_path_syntax_internal(path, False, p_contains_wcard);
235 }
236
237 /****************************************************************************
238 Check the path for a POSIX client.
239 We're assuming here that '/' is not the second byte in any multibyte char
240 set (a safe assumption).
241 ****************************************************************************/
242
243 NTSTATUS check_path_syntax_posix(char *path)
244 {
245 bool ignore;
246 return check_path_syntax_internal(path, True, &ignore);
247 }
248
249 /****************************************************************************
250 Pull a string and check the path allowing a wilcard - provide for error return.
251 ****************************************************************************/
252
253 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
254 const char *base_ptr,
255 uint16 smb_flags2,
256 char **pp_dest,
257 const char *src,
258 size_t src_len,
259 int flags,
260 NTSTATUS *err,
261 bool *contains_wcard)
262 {
263 size_t ret;
264
265 *pp_dest = NULL;
266
267 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
268 src_len, flags);
269
270 if (!*pp_dest) {
271 *err = NT_STATUS_INVALID_PARAMETER;
272 return ret;
273 }
274
275 *contains_wcard = False;
276
277 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
278 /*
279 * For a DFS path the function parse_dfs_path()
280 * will do the path processing, just make a copy.
281 */
282 *err = NT_STATUS_OK;
283 return ret;
284 }
285
286 if (lp_posix_pathnames()) {
287 *err = check_path_syntax_posix(*pp_dest);
288 } else {
289 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
290 }
291
292 return ret;
293 }
294
295 /****************************************************************************
296 Pull a string and check the path - provide for error return.
297 ****************************************************************************/
298
299 size_t srvstr_get_path(TALLOC_CTX *ctx,
300 const char *base_ptr,
301 uint16 smb_flags2,
302 char **pp_dest,
303 const char *src,
304 size_t src_len,
305 int flags,
306 NTSTATUS *err)
307 {
308 bool ignore;
309 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
310 src_len, flags, err, &ignore);
311 }
312
313 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
314 char **pp_dest, const char *src, int flags,
315 NTSTATUS *err, bool *contains_wcard)
316 {
317 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
318 pp_dest, src, smbreq_bufrem(req, src),
319 flags, err, contains_wcard);
320 }
321
322 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
323 char **pp_dest, const char *src, int flags,
324 NTSTATUS *err)
325 {
326 bool ignore;
327 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
328 flags, err, &ignore);
329 }
330
331 /****************************************************************************
332 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
333 ****************************************************************************/
334
335 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
336 files_struct *fsp)
337 {
338 if ((fsp == NULL) || (conn == NULL)) {
339 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
340 return False;
341 }
342 if ((conn != fsp->conn) || (req->vuid != fsp->vuid)) {
343 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
344 return False;
345 }
346 return True;
347 }
348
349 /****************************************************************************
350 Check if we have a correct fsp pointing to a file.
351 ****************************************************************************/
352
353 bool check_fsp(connection_struct *conn, struct smb_request *req,
354 files_struct *fsp)
355 {
356 if (!check_fsp_open(conn, req, fsp)) {
357 return False;
358 }
359 if (fsp->is_directory) {
360 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
361 return False;
362 }
363 if (fsp->fh->fd == -1) {
364 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
365 return False;
366 }
367 fsp->num_smb_operations++;
368 return True;
369 }
370
371 /****************************************************************************
372 Check if we have a correct fsp pointing to a quota fake file. Replacement for
373 the CHECK_NTQUOTA_HANDLE_OK macro.
374 ****************************************************************************/
375
376 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
377 files_struct *fsp)
378 {
379 if (!check_fsp_open(conn, req, fsp)) {
380 return false;
381 }
382
383 if (fsp->is_directory) {
384 return false;
385 }
386
387 if (fsp->fake_file_handle == NULL) {
388 return false;
389 }
390
391 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
392 return false;
393 }
394
395 if (fsp->fake_file_handle->private_data == NULL) {
396 return false;
397 }
398
399 return true;
400 }
401
402 static bool netbios_session_retarget(struct smbd_server_connection *sconn,
403 const char *name, int name_type)
404 {
405 char *trim_name;
406 char *trim_name_type;
407 const char *retarget_parm;
408 char *retarget;
409 char *p;
410 int retarget_type = 0x20;
411 int retarget_port = 139;
412 struct sockaddr_storage retarget_addr;
413 struct sockaddr_in *in_addr;
414 bool ret = false;
415 uint8_t outbuf[10];
416
417 if (get_socket_port(sconn->sock) != 139) {
418 return false;
419 }
420
421 trim_name = talloc_strdup(talloc_tos(), name);
422 if (trim_name == NULL) {
423 goto fail;
424 }
425 trim_char(trim_name, ' ', ' ');
426
427 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
428 name_type);
429 if (trim_name_type == NULL) {
430 goto fail;
431 }
432
433 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
434 trim_name_type, NULL);
435 if (retarget_parm == NULL) {
436 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
437 trim_name, NULL);
438 }
439 if (retarget_parm == NULL) {
440 goto fail;
441 }
442
443 retarget = talloc_strdup(trim_name, retarget_parm);
444 if (retarget == NULL) {
445 goto fail;
446 }
447
448 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
449
450 p = strchr(retarget, ':');
451 if (p != NULL) {
452 *p++ = '\0';
453 retarget_port = atoi(p);
454 }
455
456 p = strchr_m(retarget, '#');
457 if (p != NULL) {
458 *p++ = '\0';
459 if (sscanf(p, "%x", &retarget_type) != 1) {
460 goto fail;
461 }
462 }
463
464 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
465 if (!ret) {
466 DEBUG(10, ("could not resolve %s\n", retarget));
467 goto fail;
468 }
469
470 if (retarget_addr.ss_family != AF_INET) {
471 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
472 goto fail;
473 }
474
475 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
476
477 _smb_setlen(outbuf, 6);
478 SCVAL(outbuf, 0, 0x84);
479 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
480 *(uint16_t *)(outbuf+8) = htons(retarget_port);
481
482 if (!srv_send_smb(sconn, (char *)outbuf, false, 0, false,
483 NULL)) {
484 exit_server_cleanly("netbios_session_regarget: srv_send_smb "
485 "failed.");
486 }
487
488 ret = true;
489 fail:
490 TALLOC_FREE(trim_name);
491 return ret;
492 }
493
494 /****************************************************************************
495 Reply to a (netbios-level) special message.
496 ****************************************************************************/
497
498 void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inbuf_size)
499 {
500 int msg_type = CVAL(inbuf,0);
501 int msg_flags = CVAL(inbuf,1);
502 /*
503 * We only really use 4 bytes of the outbuf, but for the smb_setlen
504 * calculation & friends (srv_send_smb uses that) we need the full smb
505 * header.
506 */
507 char outbuf[smb_size];
508
509 memset(outbuf, '\0', sizeof(outbuf));
510
511 smb_setlen(outbuf,0);
512
513 switch (msg_type) {
514 case 0x81: /* session request */
515 {
516 /* inbuf_size is guarenteed to be at least 4. */
517 fstring name1,name2;
518 int name_type1, name_type2;
519 int name_len1, name_len2;
520
521 *name1 = *name2 = 0;
522
523 if (sconn->nbt.got_session) {
524 exit_server_cleanly("multiple session request not permitted");
525 }
526
527 SCVAL(outbuf,0,0x82);
528 SCVAL(outbuf,3,0);
529
530 /* inbuf_size is guaranteed to be at least 4. */
531 name_len1 = name_len((unsigned char *)(inbuf+4),inbuf_size - 4);
532 if (name_len1 <= 0 || name_len1 > inbuf_size - 4) {
533 DEBUG(0,("Invalid name length in session request\n"));
534 break;
535 }
536 name_len2 = name_len((unsigned char *)(inbuf+4+name_len1),inbuf_size - 4 - name_len1);
537 if (name_len2 <= 0 || name_len2 > inbuf_size - 4 - name_len1) {
538 DEBUG(0,("Invalid name length in session request\n"));
539 break;
540 }
541
542 name_type1 = name_extract((unsigned char *)inbuf,
543 inbuf_size,(unsigned int)4,name1);
544 name_type2 = name_extract((unsigned char *)inbuf,
545 inbuf_size,(unsigned int)(4 + name_len1),name2);
546
547 if (name_type1 == -1 || name_type2 == -1) {
548 DEBUG(0,("Invalid name type in session request\n"));
549 break;
550 }
551
552 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
553 name1, name_type1, name2, name_type2));
554
555 if (netbios_session_retarget(sconn, name1, name_type1)) {
556 exit_server_cleanly("retargeted client");
557 }
558
559 /*
560 * Windows NT/2k uses "*SMBSERVER" and XP uses
561 * "*SMBSERV" arrggg!!!
562 */
563 if (strequal(name1, "*SMBSERVER ")
564 || strequal(name1, "*SMBSERV ")) {
565 fstrcpy(name1, sconn->client_id.addr);
566 }
567
568 set_local_machine_name(name1, True);
569 set_remote_machine_name(name2, True);
570
571 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
572 get_local_machine_name(), get_remote_machine_name(),
573 name_type2));
574
575 if (name_type2 == 'R') {
576 /* We are being asked for a pathworks session ---
577 no thanks! */
578 SCVAL(outbuf, 0,0x83);
579 break;
580 }
581
582 /* only add the client's machine name to the list
583 of possibly valid usernames if we are operating
584 in share mode security */
585 if (lp_security() == SEC_SHARE) {
586 add_session_user(sconn, get_remote_machine_name());
587 }
588
589 reload_services(sconn->msg_ctx, sconn->sock, True);
590 reopen_logs();
591
592 sconn->nbt.got_session = true;
593 break;
594 }
595
596 case 0x89: /* session keepalive request
597 (some old clients produce this?) */
598 SCVAL(outbuf,0,SMBkeepalive);
599 SCVAL(outbuf,3,0);
600 break;
601
602 case 0x82: /* positive session response */
603 case 0x83: /* negative session response */
604 case 0x84: /* retarget session response */
605 DEBUG(0,("Unexpected session response\n"));
606 break;
607
608 case SMBkeepalive: /* session keepalive */
609 default:
610 return;
611 }
612
613 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
614 msg_type, msg_flags));
615
616 srv_send_smb(sconn, outbuf, false, 0, false, NULL);
617 return;
618 }
619
620 /****************************************************************************
621 Reply to a tcon.
622 conn POINTER CAN BE NULL HERE !
623 ****************************************************************************/
624
625 void reply_tcon(struct smb_request *req)
626 {
627 connection_struct *conn = req->conn;
628 const char *service;
629 char *service_buf = NULL;
630 char *password = NULL;
631 char *dev = NULL;
632 int pwlen=0;
633 NTSTATUS nt_status;
634 const char *p;
635 DATA_BLOB password_blob;
636 TALLOC_CTX *ctx = talloc_tos();
637 struct smbd_server_connection *sconn = req->sconn;
638
639 START_PROFILE(SMBtcon);
640
641 if (req->buflen < 4) {
642 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
643 END_PROFILE(SMBtcon);
644 return;
645 }
646
647 p = (const char *)req->buf + 1;
648 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
649 p += 1;
650 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
651 p += pwlen+1;
652 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
653 p += 1;
654
655 if (service_buf == NULL || password == NULL || dev == NULL) {
656 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
657 END_PROFILE(SMBtcon);
658 return;
659 }
660 p = strrchr_m(service_buf,'\\');
661 if (p) {
662 service = p+1;
663 } else {
664 service = service_buf;
665 }
666
667 password_blob = data_blob(password, pwlen+1);
668
669 conn = make_connection(sconn,service,password_blob,dev,
670 req->vuid,&nt_status);
671 req->conn = conn;
672
673 data_blob_clear_free(&password_blob);
674
675 if (!conn) {
676 reply_nterror(req, nt_status);
677 END_PROFILE(SMBtcon);
678 return;
679 }
680
681 reply_outbuf(req, 2, 0);
682 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
683 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
684 SSVAL(req->outbuf,smb_tid,conn->cnum);
685
686 DEBUG(3,("tcon service=%s cnum=%d\n",
687 service, conn->cnum));
688
689 END_PROFILE(SMBtcon);
690 return;
691 }
692
693 /****************************************************************************
694 Reply to a tcon and X.
695 conn POINTER CAN BE NULL HERE !
696 ****************************************************************************/
697
698 void reply_tcon_and_X(struct smb_request *req)
699 {
700 connection_struct *conn = req->conn;
701 const char *service = NULL;
702 DATA_BLOB password;
703 TALLOC_CTX *ctx = talloc_tos();
704 /* what the cleint thinks the device is */
705 char *client_devicetype = NULL;
706 /* what the server tells the client the share represents */
707 const char *server_devicetype;
708 NTSTATUS nt_status;
709 int passlen;
710 char *path = NULL;
711 const char *p, *q;
712 uint16 tcon_flags;
713 struct smbd_server_connection *sconn = req->sconn;
714
715 START_PROFILE(SMBtconX);
716
717 if (req->wct < 4) {
718 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
719 END_PROFILE(SMBtconX);
720 return;
721 }
722
723 passlen = SVAL(req->vwv+3, 0);
724 tcon_flags = SVAL(req->vwv+2, 0);
725
726 /* we might have to close an old one */
727 if ((tcon_flags & 0x1) && conn) {
728 close_cnum(conn,req->vuid);
729 req->conn = NULL;
730 conn = NULL;
731 }
732
733 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
734 reply_force_doserror(req, ERRDOS, ERRbuftoosmall);
735 END_PROFILE(SMBtconX);
736 return;
737 }
738
739 if (sconn->smb1.negprot.encrypted_passwords) {
740 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
741 if (lp_security() == SEC_SHARE) {
742 /*
743 * Security = share always has a pad byte
744 * after the password.
745 */
746 p = (const char *)req->buf + passlen + 1;
747 } else {
748 p = (const char *)req->buf + passlen;
749 }
750 } else {
751 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
752 /* Ensure correct termination */
753 password.data[passlen]=0;
754 p = (const char *)req->buf + passlen + 1;
755 }
756
757 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
758
759 if (path == NULL) {
760 data_blob_clear_free(&password);
761 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
762 END_PROFILE(SMBtconX);
763 return;
764 }
765
766 /*
767 * the service name can be either: \\server\share
768 * or share directly like on the DELL PowerVault 705
769 */
770 if (*path=='\\') {
771 q = strchr_m(path+2,'\\');
772 if (!q) {
773 data_blob_clear_free(&password);
774 reply_nterror(req, NT_STATUS_BAD_NETWORK_NAME);
775 END_PROFILE(SMBtconX);
776 return;
777 }
778 service = q+1;
779 } else {
780 service = path;
781 }
782
783 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
784 &client_devicetype, p,
785 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
786
787 if (client_devicetype == NULL) {
788 data_blob_clear_free(&password);
789 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
790 END_PROFILE(SMBtconX);
791 return;
792 }
793
794 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
795
796 conn = make_connection(sconn, service, password, client_devicetype,
797 req->vuid, &nt_status);
798 req->conn =conn;
799
800 data_blob_clear_free(&password);
801
802 if (!conn) {
803 reply_nterror(req, nt_status);
804 END_PROFILE(SMBtconX);
805 return;
806 }
807
808 if ( IS_IPC(conn) )
809 server_devicetype = "IPC";
810 else if ( IS_PRINT(conn) )
811 server_devicetype = "LPT1:";
812 else
813 server_devicetype = "A:";
814
815 if (get_Protocol() < PROTOCOL_NT1) {
816 reply_outbuf(req, 2, 0);
817 if (message_push_string(&req->outbuf, server_devicetype,
818 STR_TERMINATE|STR_ASCII) == -1) {
819 reply_nterror(req, NT_STATUS_NO_MEMORY);
820 END_PROFILE(SMBtconX);
821 return;
822 }
823 } else {
824 /* NT sets the fstype of IPC$ to the null string */
825 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
826
827 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
828 /* Return permissions. */
829 uint32 perm1 = 0;
830 uint32 perm2 = 0;
831
832 reply_outbuf(req, 7, 0);
833
834 if (IS_IPC(conn)) {
835 perm1 = FILE_ALL_ACCESS;
836 perm2 = FILE_ALL_ACCESS;
837 } else {
838 perm1 = conn->share_access;
839 }
840
841 SIVAL(req->outbuf, smb_vwv3, perm1);
842 SIVAL(req->outbuf, smb_vwv5, perm2);
843 } else {
844 reply_outbuf(req, 3, 0);
845 }
846
847 if ((message_push_string(&req->outbuf, server_devicetype,
848 STR_TERMINATE|STR_ASCII) == -1)
849 || (message_push_string(&req->outbuf, fstype,
850 STR_TERMINATE) == -1)) {
851 reply_nterror(req, NT_STATUS_NO_MEMORY);
852 END_PROFILE(SMBtconX);
853 return;
854 }
855
856 /* what does setting this bit do? It is set by NT4 and
857 may affect the ability to autorun mounted cdroms */
858 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
859 (lp_csc_policy(SNUM(conn)) << 2));
860
861 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
862 DEBUG(2,("Serving %s as a Dfs root\n",
863 lp_servicename(SNUM(conn)) ));
864 SSVAL(req->outbuf, smb_vwv2,
865 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
866 }
867 }
868
869
870 DEBUG(3,("tconX service=%s \n",
871 service));
872
873 /* set the incoming and outgoing tid to the just created one */
874 SSVAL(req->inbuf,smb_tid,conn->cnum);
875 SSVAL(req->outbuf,smb_tid,conn->cnum);
876
877 END_PROFILE(SMBtconX);
878
879 req->tid = conn->cnum;
880 chain_reply(req);
881 return;
882 }
883
884 /****************************************************************************
885 Reply to an unknown type.
886 ****************************************************************************/
887
888 void reply_unknown_new(struct smb_request *req, uint8 type)
889 {
890 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
891 smb_fn_name(type), type, type));
892 reply_force_doserror(req, ERRSRV, ERRunknownsmb);
893 return;
894 }
895
896 /****************************************************************************
897 Reply to an ioctl.
898 conn POINTER CAN BE NULL HERE !
899 ****************************************************************************/
900
901 void reply_ioctl(struct smb_request *req)
902 {
903 connection_struct *conn = req->conn;
904 uint16 device;
905 uint16 function;
906 uint32 ioctl_code;
907 int replysize;
908 char *p;
909
910 START_PROFILE(SMBioctl);
911
912 if (req->wct < 3) {
913 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
914 END_PROFILE(SMBioctl);
915 return;
916 }
917
918 device = SVAL(req->vwv+1, 0);
919 function = SVAL(req->vwv+2, 0);
920 ioctl_code = (device << 16) + function;
921
922 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
923
924 switch (ioctl_code) {
925 case IOCTL_QUERY_JOB_INFO:
926 replysize = 32;
927 break;
928 default:
929 reply_force_doserror(req, ERRSRV, ERRnosupport);
930 END_PROFILE(SMBioctl);
931 return;
932 }
933
934 reply_outbuf(req, 8, replysize+1);
935 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
936 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
937 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
938 p = smb_buf(req->outbuf);
939 memset(p, '\0', replysize+1); /* valgrind-safe. */
940 p += 1; /* Allow for alignment */
941
942 switch (ioctl_code) {
943 case IOCTL_QUERY_JOB_INFO:
944 {
945 files_struct *fsp = file_fsp(
946 req, SVAL(req->vwv+0, 0));
947 if (!fsp) {
948 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
949 END_PROFILE(SMBioctl);
950 return;
951 }
952 /* Job number */
953 if (fsp->print_file) {
954 SSVAL(p, 0, fsp->print_file->rap_jobid);
955 } else {
956 SSVAL(p, 0, 0);
957 }
958 srvstr_push((char *)req->outbuf, req->flags2, p+2,
959 global_myname(), 15,
960 STR_TERMINATE|STR_ASCII);
961 if (conn) {
962 srvstr_push((char *)req->outbuf, req->flags2,
963 p+18, lp_servicename(SNUM(conn)),
964 13, STR_TERMINATE|STR_ASCII);
965 } else {
966 memset(p+18, 0, 13);
967 }
968 break;
969 }
970 }
971
972 END_PROFILE(SMBioctl);
973 return;
974 }
975
976 /****************************************************************************
977 Strange checkpath NTSTATUS mapping.
978 ****************************************************************************/
979
980 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
981 {
982 /* Strange DOS error code semantics only for checkpath... */
983 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
984 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
985 /* We need to map to ERRbadpath */
986 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
987 }
988 }
989 return status;
990 }
991
992 /****************************************************************************
993 Reply to a checkpath.
994 ****************************************************************************/
995
996 void reply_checkpath(struct smb_request *req)
997 {
998 connection_struct *conn = req->conn;
999 struct smb_filename *smb_fname = NULL;
1000 char *name = NULL;
1001 NTSTATUS status;
1002 TALLOC_CTX *ctx = talloc_tos();
1003
1004 START_PROFILE(SMBcheckpath);
1005
1006 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
1007 STR_TERMINATE, &status);
1008
1009 if (!NT_STATUS_IS_OK(status)) {
1010 status = map_checkpath_error(req->flags2, status);
1011 reply_nterror(req, status);
1012 END_PROFILE(SMBcheckpath);
1013 return;
1014 }
1015
1016 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
1017
1018 status = filename_convert(ctx,
1019 conn,
1020 req->flags2 & FLAGS2_DFS_PATHNAMES,
1021 name,
1022 0,
1023 NULL,
1024 &smb_fname);
1025
1026 if (!NT_STATUS_IS_OK(status)) {
1027 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1028 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1029 ERRSRV, ERRbadpath);
1030 END_PROFILE(SMBcheckpath);
1031 return;
1032 }
1033 goto path_err;
1034 }
1035
1036 if (!VALID_STAT(smb_fname->st) &&
1037 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1038 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1039 smb_fname_str_dbg(smb_fname), strerror(errno)));
1040 status = map_nt_error_from_unix(errno);
1041 goto path_err;
1042 }
1043
1044 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1045 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1046 ERRDOS, ERRbadpath);
1047 goto out;
1048 }
1049
1050 reply_outbuf(req, 0, 0);
1051
1052 path_err:
1053 /* We special case this - as when a Windows machine
1054 is parsing a path is steps through the components
1055 one at a time - if a component fails it expects
1056 ERRbadpath, not ERRbadfile.
1057 */
1058 status = map_checkpath_error(req->flags2, status);
1059 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1060 /*
1061 * Windows returns different error codes if
1062 * the parent directory is valid but not the
1063 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1064 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1065 * if the path is invalid.
1066 */
1067 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1068 ERRDOS, ERRbadpath);
1069 goto out;
1070 }
1071
1072 reply_nterror(req, status);
1073
1074 out:
1075 TALLOC_FREE(smb_fname);
1076 END_PROFILE(SMBcheckpath);
1077 return;
1078 }
1079
1080 /****************************************************************************
1081 Reply to a getatr.
1082 ****************************************************************************/
1083
1084 void reply_getatr(struct smb_request *req)
1085 {
1086 connection_struct *conn = req->conn;
1087 struct smb_filename *smb_fname = NULL;
1088 char *fname = NULL;
1089 int mode=0;
1090 SMB_OFF_T size=0;
1091 time_t mtime=0;
1092 const char *p;
1093 NTSTATUS status;
1094 TALLOC_CTX *ctx = talloc_tos();
1095 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1096
1097 START_PROFILE(SMBgetatr);
1098
1099 p = (const char *)req->buf + 1;
1100 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1101 if (!NT_STATUS_IS_OK(status)) {
1102 reply_nterror(req, status);
1103 goto out;
1104 }
1105
1106 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1107 under WfWg - weird! */
1108 if (*fname == '\0') {
1109 mode = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY;
1110 if (!CAN_WRITE(conn)) {
1111 mode |= FILE_ATTRIBUTE_READONLY;
1112 }
1113 size = 0;
1114 mtime = 0;
1115 } else {
1116 status = filename_convert(ctx,
1117 conn,
1118 req->flags2 & FLAGS2_DFS_PATHNAMES,
1119 fname,
1120 0,
1121 NULL,
1122 &smb_fname);
1123 if (!NT_STATUS_IS_OK(status)) {
1124 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1125 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1126 ERRSRV, ERRbadpath);
1127 goto out;
1128 }
1129 reply_nterror(req, status);
1130 goto out;
1131 }
1132 if (!VALID_STAT(smb_fname->st) &&
1133 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1134 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1135 smb_fname_str_dbg(smb_fname),
1136 strerror(errno)));
1137 reply_nterror(req, map_nt_error_from_unix(errno));
1138 goto out;
1139 }
1140
1141 mode = dos_mode(conn, smb_fname);
1142 size = smb_fname->st.st_ex_size;
1143
1144 if (ask_sharemode) {
1145 struct timespec write_time_ts;
1146 struct file_id fileid;
1147
1148 ZERO_STRUCT(write_time_ts);
1149 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1150 get_file_infos(fileid, 0, NULL, &write_time_ts);
1151 if (!null_timespec(write_time_ts)) {
1152 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1153 }
1154 }
1155
1156 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1157 if (mode & FILE_ATTRIBUTE_DIRECTORY) {
1158 size = 0;
1159 }
1160 }
1161
1162 reply_outbuf(req, 10, 0);
1163
1164 SSVAL(req->outbuf,smb_vwv0,mode);
1165 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1166 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1167 } else {
1168 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1169 }
1170 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1171
1172 if (get_Protocol() >= PROTOCOL_NT1) {
1173 SSVAL(req->outbuf, smb_flg2,
1174 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1175 }
1176
1177 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1178 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1179
1180 out:
1181 TALLOC_FREE(smb_fname);
1182 TALLOC_FREE(fname);
1183 END_PROFILE(SMBgetatr);
1184 return;
1185 }
1186
1187 /****************************************************************************
1188 Reply to a setatr.
1189 ****************************************************************************/
1190
1191 void reply_setatr(struct smb_request *req)
1192 {
1193 struct smb_file_time ft;
1194 connection_struct *conn = req->conn;
1195 struct smb_filename *smb_fname = NULL;
1196 char *fname = NULL;
1197 int mode;
1198 time_t mtime;
1199 const char *p;
1200 NTSTATUS status;
1201 TALLOC_CTX *ctx = talloc_tos();
1202
1203 START_PROFILE(SMBsetatr);
1204
1205 ZERO_STRUCT(ft);
1206
1207 if (req->wct < 2) {
1208 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1209 goto out;
1210 }
1211
1212 p = (const char *)req->buf + 1;
1213 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1214 if (!NT_STATUS_IS_OK(status)) {
1215 reply_nterror(req, status);
1216 goto out;
1217 }
1218
1219 status = filename_convert(ctx,
1220 conn,
1221 req->flags2 & FLAGS2_DFS_PATHNAMES,
1222 fname,
1223 0,
1224 NULL,
1225 &smb_fname);
1226 if (!NT_STATUS_IS_OK(status)) {
1227 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1228 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1229 ERRSRV, ERRbadpath);
1230 goto out;
1231 }
1232 reply_nterror(req, status);
1233 goto out;
1234 }
1235
1236 if (smb_fname->base_name[0] == '.' &&
1237 smb_fname->base_name[1] == '\0') {
1238 /*
1239 * Not sure here is the right place to catch this
1240 * condition. Might be moved to somewhere else later -- vl
1241 */
1242 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1243 goto out;
1244 }
1245
1246 mode = SVAL(req->vwv+0, 0);
1247 mtime = srv_make_unix_date3(req->vwv+1);
1248
1249 ft.mtime = convert_time_t_to_timespec(mtime);
1250 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1251 if (!NT_STATUS_IS_OK(status)) {
1252 reply_nterror(req, status);
1253 goto out;
1254 }
1255
1256 if (mode != FILE_ATTRIBUTE_NORMAL) {
1257 if (VALID_STAT_OF_DIR(smb_fname->st))
1258 mode |= FILE_ATTRIBUTE_DIRECTORY;
1259 else
1260 mode &= ~FILE_ATTRIBUTE_DIRECTORY;
1261
1262 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1263 false) != 0) {
1264 reply_nterror(req, map_nt_error_from_unix(errno));
1265 goto out;
1266 }
1267 }
1268
1269 reply_outbuf(req, 0, 0);
1270
1271 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1272 mode));
1273 out:
1274 TALLOC_FREE(smb_fname);
1275 END_PROFILE(SMBsetatr);
1276 return;
1277 }
1278
1279 /****************************************************************************
1280 Reply to a dskattr.
1281 ****************************************************************************/
1282
1283 void reply_dskattr(struct smb_request *req)
1284 {
1285 connection_struct *conn = req->conn;
1286 uint64_t dfree,dsize,bsize;
1287 START_PROFILE(SMBdskattr);
1288
1289 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1290 reply_nterror(req, map_nt_error_from_unix(errno));
1291 END_PROFILE(SMBdskattr);
1292 return;
1293 }
1294
1295 reply_outbuf(req, 5, 0);
1296
1297 if (get_Protocol() <= PROTOCOL_LANMAN2) {
1298 double total_space, free_space;
1299 /* we need to scale this to a number that DOS6 can handle. We
1300 use floating point so we can handle large drives on systems
1301 that don't have 64 bit integers
1302
1303 we end up displaying a maximum of 2G to DOS systems
1304 */
1305 total_space = dsize * (double)bsize;
1306 free_space = dfree * (double)bsize;
1307
1308 dsize = (uint64_t)((total_space+63*512) / (64*512));
1309 dfree = (uint64_t)((free_space+63*512) / (64*512));
1310
1311 if (dsize > 0xFFFF) dsize = 0xFFFF;
1312 if (dfree > 0xFFFF) dfree = 0xFFFF;
1313
1314 SSVAL(req->outbuf,smb_vwv0,dsize);
1315 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1316 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1317 SSVAL(req->outbuf,smb_vwv3,dfree);
1318 } else {
1319 SSVAL(req->outbuf,smb_vwv0,dsize);
1320 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1321 SSVAL(req->outbuf,smb_vwv2,512);
1322 SSVAL(req->outbuf,smb_vwv3,dfree);
1323 }
1324
1325 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1326
1327 END_PROFILE(SMBdskattr);
1328 return;
1329 }
1330
1331 /*
1332 * Utility function to split the filename from the directory.
1333 */
1334 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1335 char **fname_dir_out,
1336 char **fname_mask_out)
1337 {
1338 const char *p = NULL;
1339 char *fname_dir = NULL;
1340 char *fname_mask = NULL;
1341
1342 p = strrchr_m(fname_in, '/');
1343 if (!p) {
1344 fname_dir = talloc_strdup(ctx, ".");
1345 fname_mask = talloc_strdup(ctx, fname_in);
1346 } else {
1347 fname_dir = talloc_strndup(ctx, fname_in,
1348 PTR_DIFF(p, fname_in));
1349 fname_mask = talloc_strdup(ctx, p+1);
1350 }
1351
1352 if (!fname_dir || !fname_mask) {
1353 TALLOC_FREE(fname_dir);
1354 TALLOC_FREE(fname_mask);
1355 return NT_STATUS_NO_MEMORY;
1356 }
1357
1358 *fname_dir_out = fname_dir;
1359 *fname_mask_out = fname_mask;
1360 return NT_STATUS_OK;
1361 }
1362
1363 /****************************************************************************
1364 Reply to a search.
1365 Can be called from SMBsearch, SMBffirst or SMBfunique.
1366 ****************************************************************************/
1367
1368 void reply_search(struct smb_request *req)
1369 {
1370 connection_struct *conn = req->conn;
1371 char *path = NULL;
1372 const char *mask = NULL;
1373 char *directory = NULL;
1374 struct smb_filename *smb_fname = NULL;
1375 char *fname = NULL;
1376 SMB_OFF_T size;
1377 uint32 mode;
1378 struct timespec date;
1379 uint32 dirtype;
1380 unsigned int numentries = 0;
1381 unsigned int maxentries = 0;
1382 bool finished = False;
1383 const char *p;
1384 int status_len;
1385 char status[21];
1386 int dptr_num= -1;
1387 bool check_descend = False;
1388 bool expect_close = False;
1389 NTSTATUS nt_status;
1390 bool mask_contains_wcard = False;
1391 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1392 TALLOC_CTX *ctx = talloc_tos();
1393 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1394 struct dptr_struct *dirptr = NULL;
1395 struct smbd_server_connection *sconn = req->sconn;
1396
1397 START_PROFILE(SMBsearch);
1398
1399 if (req->wct < 2) {
1400 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1401 goto out;
1402 }
1403
1404 if (lp_posix_pathnames()) {
1405 reply_unknown_new(req, req->cmd);
1406 goto out;
1407 }
1408
1409 /* If we were called as SMBffirst then we must expect close. */
1410 if(req->cmd == SMBffirst) {
1411 expect_close = True;
1412 }
1413
1414 reply_outbuf(req, 1, 3);
1415 maxentries = SVAL(req->vwv+0, 0);
1416 dirtype = SVAL(req->vwv+1, 0);
1417 p = (const char *)req->buf + 1;
1418 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1419 &nt_status, &mask_contains_wcard);
1420 if (!NT_STATUS_IS_OK(nt_status)) {
1421 reply_nterror(req, nt_status);
1422 goto out;
1423 }
1424
1425 p++;
1426 status_len = SVAL(p, 0);
1427 p += 2;
1428
1429 /* dirtype &= ~FILE_ATTRIBUTE_DIRECTORY; */
1430
1431 if (status_len == 0) {
1432 nt_status = filename_convert(ctx, conn,
1433 req->flags2 & FLAGS2_DFS_PATHNAMES,
1434 path,
1435 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1436 &mask_contains_wcard,
1437 &smb_fname);
1438 if (!NT_STATUS_IS_OK(nt_status)) {
1439 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1440 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1441 ERRSRV, ERRbadpath);
1442 goto out;
1443 }
1444 reply_nterror(req, nt_status);
1445 goto out;
1446 }
1447
1448 directory = smb_fname->base_name;
1449
1450 p = strrchr_m(directory,'/');
1451 if ((p != NULL) && (*directory != '/')) {
1452 mask = p + 1;
1453 directory = talloc_strndup(ctx, directory,
1454 PTR_DIFF(p, directory));
1455 } else {
1456 mask = directory;
1457 directory = talloc_strdup(ctx,".");
1458 }
1459
1460 if (!directory) {
1461 reply_nterror(req, NT_STATUS_NO_MEMORY);
1462 goto out;
1463 }
1464
1465 memset((char *)status,'\0',21);
1466 SCVAL(status,0,(dirtype & 0x1F));
1467
1468 nt_status = dptr_create(conn,
1469 NULL, /* fsp */
1470 directory,
1471 True,
1472 expect_close,
1473 req->smbpid,
1474 mask,
1475 mask_contains_wcard,
1476 dirtype,
1477 &dirptr);
1478 if (!NT_STATUS_IS_OK(nt_status)) {
1479 reply_nterror(req, nt_status);
1480 goto out;
1481 }
1482 dptr_num = dptr_dnum(dirptr);
1483 } else {
1484 int status_dirtype;
1485 const char *dirpath;
1486
1487 memcpy(status,p,21);
1488 status_dirtype = CVAL(status,0) & 0x1F;
1489 if (status_dirtype != (dirtype & 0x1F)) {
1490 dirtype = status_dirtype;
1491 }
1492
1493 dirptr = dptr_fetch(sconn, status+12,&dptr_num);
1494 if (!dirptr) {
1495 goto SearchEmpty;
1496 }
1497 dirpath = dptr_path(sconn, dptr_num);
1498 directory = talloc_strdup(ctx, dirpath);
1499 if (!directory) {
1500 reply_nterror(req, NT_STATUS_NO_MEMORY);
1501 goto out;
1502 }
1503
1504 mask = dptr_wcard(sconn, dptr_num);
1505 if (!mask) {
1506 goto SearchEmpty;
1507 }
1508 /*
1509 * For a 'continue' search we have no string. So
1510 * check from the initial saved string.
1511 */
1512 mask_contains_wcard = ms_has_wild(mask);
1513 dirtype = dptr_attr(sconn, dptr_num);
1514 }
1515
1516 DEBUG(4,("dptr_num is %d\n",dptr_num));
1517
1518 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1519 dptr_init_search_op(dirptr);
1520
1521 if ((dirtype&0x1F) == FILE_ATTRIBUTE_VOLUME) {
1522 char buf[DIR_STRUCT_SIZE];
1523 memcpy(buf,status,21);
1524 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1525 0,FILE_ATTRIBUTE_VOLUME,0,!allow_long_path_components)) {
1526 reply_nterror(req, NT_STATUS_NO_MEMORY);
1527 goto out;
1528 }
1529 dptr_fill(sconn, buf+12,dptr_num);
1530 if (dptr_zero(buf+12) && (status_len==0)) {
1531 numentries = 1;
1532 } else {
1533 numentries = 0;
1534 }
1535 if (message_push_blob(&req->outbuf,
1536 data_blob_const(buf, sizeof(buf)))
1537 == -1) {
1538 reply_nterror(req, NT_STATUS_NO_MEMORY);
1539 goto out;
1540 }
1541 } else {
1542 unsigned int i;
1543 maxentries = MIN(
1544 maxentries,
1545 ((BUFFER_SIZE -
1546 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1547 /DIR_STRUCT_SIZE));
1548
1549 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1550 directory,lp_dontdescend(SNUM(conn))));
1551 if (in_list(directory, lp_dontdescend(SNUM(conn)),True)) {
1552 check_descend = True;
1553 }
1554
1555 for (i=numentries;(i<maxentries) && !finished;i++) {
1556 finished = !get_dir_entry(ctx,
1557 dirptr,
1558 mask,
1559 dirtype,
1560 &fname,
1561 &size,
1562 &mode,
1563 &date,
1564 check_descend,
1565 ask_sharemode);
1566 if (!finished) {
1567 char buf[DIR_STRUCT_SIZE];
1568 memcpy(buf,status,21);
1569 if (!make_dir_struct(ctx,
1570 buf,
1571 mask,
1572 fname,
1573 size,
1574 mode,
1575 convert_timespec_to_time_t(date),
1576 !allow_long_path_components)) {
1577 reply_nterror(req, NT_STATUS_NO_MEMORY);
1578 goto out;
1579 }
1580 if (!dptr_fill(sconn, buf+12,dptr_num)) {
1581 break;
1582 }
1583 if (message_push_blob(&req->outbuf,
1584 data_blob_const(buf, sizeof(buf)))
1585 == -1) {
1586 reply_nterror(req, NT_STATUS_NO_MEMORY);
1587 goto out;
1588 }
1589 numentries++;
1590 }
1591 }
1592 }
1593
1594 SearchEmpty:
1595
1596 /* If we were called as SMBffirst with smb_search_id == NULL
1597 and no entries were found then return error and close dirptr
1598 (X/Open spec) */
1599
1600 if (numentries == 0) {
1601 dptr_close(sconn, &dptr_num);
1602 } else if(expect_close && status_len == 0) {
1603 /* Close the dptr - we know it's gone */
1604 dptr_close(sconn, &dptr_num);
1605 }
1606
1607 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1608 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1609 dptr_close(sconn, &dptr_num);
1610 }
1611
1612 if ((numentries == 0) && !mask_contains_wcard) {
1613 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1614 goto out;
1615 }
1616
1617 SSVAL(req->outbuf,smb_vwv0,numentries);
1618 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1619 SCVAL(smb_buf(req->outbuf),0,5);
1620 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1621
1622 /* The replies here are never long name. */
1623 SSVAL(req->outbuf, smb_flg2,
1624 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1625 if (!allow_long_path_components) {
1626 SSVAL(req->outbuf, smb_flg2,
1627 SVAL(req->outbuf, smb_flg2)
1628 & (~FLAGS2_LONG_PATH_COMPONENTS));
1629 }
1630
1631 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1632 SSVAL(req->outbuf, smb_flg2,
1633 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1634
1635 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1636 smb_fn_name(req->cmd),
1637 mask,
1638 directory,
1639 dirtype,
1640 numentries,
1641 maxentries ));
1642 out:
1643 TALLOC_FREE(directory);
1644 TALLOC_FREE(smb_fname);
1645 END_PROFILE(SMBsearch);
1646 return;
1647 }
1648
1649 /****************************************************************************
1650 Reply to a fclose (stop directory search).
1651 ****************************************************************************/
1652
1653 void reply_fclose(struct smb_request *req)
1654 {
1655 int status_len;
1656 char status[21];
1657 int dptr_num= -2;
1658 const char *p;
1659 char *path = NULL;
1660 NTSTATUS err;
1661 bool path_contains_wcard = False;
1662 TALLOC_CTX *ctx = talloc_tos();
1663 struct smbd_server_connection *sconn = req->sconn;
1664
1665 START_PROFILE(SMBfclose);
1666
1667 if (lp_posix_pathnames()) {
1668 reply_unknown_new(req, req->cmd);
1669 END_PROFILE(SMBfclose);
1670 return;
1671 }
1672
1673 p = (const char *)req->buf + 1;
1674 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1675 &err, &path_contains_wcard);
1676 if (!NT_STATUS_IS_OK(err)) {
1677 reply_nterror(req, err);
1678 END_PROFILE(SMBfclose);
1679 return;
1680 }
1681 p++;
1682 status_len = SVAL(p,0);
1683 p += 2;
1684
1685 if (status_len == 0) {
1686 reply_force_doserror(req, ERRSRV, ERRsrverror);
1687 END_PROFILE(SMBfclose);
1688 return;
1689 }
1690
1691 memcpy(status,p,21);
1692
1693 if(dptr_fetch(sconn, status+12,&dptr_num)) {
1694 /* Close the dptr - we know it's gone */
1695 dptr_close(sconn, &dptr_num);
1696 }
1697
1698 reply_outbuf(req, 1, 0);
1699 SSVAL(req->outbuf,smb_vwv0,0);
1700
1701 DEBUG(3,("search close\n"));
1702
1703 END_PROFILE(SMBfclose);
1704 return;
1705 }
1706
1707 /****************************************************************************
1708 Reply to an open.
1709 ****************************************************************************/
1710
1711 void reply_open(struct smb_request *req)
1712 {
1713 connection_struct *conn = req->conn;
1714 struct smb_filename *smb_fname = NULL;
1715 char *fname = NULL;
1716 uint32 fattr=0;
1717 SMB_OFF_T size = 0;
1718 time_t mtime=0;
1719 int info;
1720 files_struct *fsp;
1721 int oplock_request;
1722 int deny_mode;
1723 uint32 dos_attr;
1724 uint32 access_mask;
1725 uint32 share_mode;
1726 uint32 create_disposition;
1727 uint32 create_options = 0;
1728 uint32_t private_flags = 0;
1729 NTSTATUS status;
1730 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1731 TALLOC_CTX *ctx = talloc_tos();
1732
1733 START_PROFILE(SMBopen);
1734
1735 if (req->wct < 2) {
1736 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1737 goto out;
1738 }
1739
1740 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1741 deny_mode = SVAL(req->vwv+0, 0);
1742 dos_attr = SVAL(req->vwv+1, 0);
1743
1744 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1745 STR_TERMINATE, &status);
1746 if (!NT_STATUS_IS_OK(status)) {
1747 reply_nterror(req, status);
1748 goto out;
1749 }
1750
1751 status = filename_convert(ctx,
1752 conn,
1753 req->flags2 & FLAGS2_DFS_PATHNAMES,
1754 fname,
1755 0,
1756 NULL,
1757 &smb_fname);
1758 if (!NT_STATUS_IS_OK(status)) {
1759 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1760 reply_botherror(req,
1761 NT_STATUS_PATH_NOT_COVERED,
1762 ERRSRV, ERRbadpath);
1763 goto out;
1764 }
1765 reply_nterror(req, status);
1766 goto out;
1767 }
1768
1769 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
1770 OPENX_FILE_EXISTS_OPEN, &access_mask,
1771 &share_mode, &create_disposition,
1772 &create_options, &private_flags)) {
1773 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1774 goto out;
1775 }
1776
1777 status = SMB_VFS_CREATE_FILE(
1778 conn, /* conn */
1779 req, /* req */
1780 0, /* root_dir_fid */
1781 smb_fname, /* fname */
1782 access_mask, /* access_mask */
1783 share_mode, /* share_access */
1784 create_disposition, /* create_disposition*/
1785 create_options, /* create_options */
1786 dos_attr, /* file_attributes */
1787 oplock_request, /* oplock_request */
1788 0, /* allocation_size */
1789 private_flags,
1790 NULL, /* sd */
1791 NULL, /* ea_list */
1792 &fsp, /* result */
1793 &info); /* pinfo */
1794
1795 if (!NT_STATUS_IS_OK(status)) {
1796 if (open_was_deferred(req->mid)) {
1797 /* We have re-scheduled this call. */
1798 goto out;
1799 }
1800 reply_openerror(req, status);
1801 goto out;
1802 }
1803
1804 size = smb_fname->st.st_ex_size;
1805 fattr = dos_mode(conn, smb_fname);
1806
1807 /* Deal with other possible opens having a modified
1808 write time. JRA. */
1809 if (ask_sharemode) {
1810 struct timespec write_time_ts;
1811
1812 ZERO_STRUCT(write_time_ts);
1813 get_file_infos(fsp->file_id, 0, NULL, &write_time_ts);
1814 if (!null_timespec(write_time_ts)) {
1815 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1816 }
1817 }
1818
1819 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1820
1821 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
1822 DEBUG(3,("attempt to open a directory %s\n",
1823 fsp_str_dbg(fsp)));
1824 close_file(req, fsp, ERROR_CLOSE);
1825 reply_botherror(req, NT_STATUS_ACCESS_DENIED,
1826 ERRDOS, ERRnoaccess);
1827 goto out;
1828 }
1829
1830 reply_outbuf(req, 7, 0);
1831 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1832 SSVAL(req->outbuf,smb_vwv1,fattr);
1833 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1834 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1835 } else {
1836 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1837 }
1838 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1839 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1840
1841 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1842 SCVAL(req->outbuf,smb_flg,
1843 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1844 }
1845
1846 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1847 SCVAL(req->outbuf,smb_flg,
1848 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1849 }
1850 out:
1851 TALLOC_FREE(smb_fname);
1852 END_PROFILE(SMBopen);
1853 return;
1854 }
1855
1856 /****************************************************************************
1857 Reply to an open and X.
1858 ****************************************************************************/
1859
1860 void reply_open_and_X(struct smb_request *req)
1861 {
1862 connection_struct *conn = req->conn;
1863 struct smb_filename *smb_fname = NULL;
1864 char *fname = NULL;
1865 uint16 open_flags;
1866 int deny_mode;
1867 uint32 smb_attr;
1868 /* Breakout the oplock request bits so we can set the
1869 reply bits separately. */
1870 int ex_oplock_request;
1871 int core_oplock_request;
1872 int oplock_request;
1873 #if 0
1874 int smb_sattr = SVAL(req->vwv+4, 0);
1875 uint32 smb_time = make_unix_date3(req->vwv+6);
1876 #endif
1877 int smb_ofun;
1878 uint32 fattr=0;
1879 int mtime=0;
1880 int smb_action = 0;
1881 files_struct *fsp;
1882 NTSTATUS status;
1883 uint64_t allocation_size;
1884 ssize_t retval = -1;
1885 uint32 access_mask;
1886 uint32 share_mode;
1887 uint32 create_disposition;
1888 uint32 create_options = 0;
1889 uint32_t private_flags = 0;
1890 TALLOC_CTX *ctx = talloc_tos();
1891
1892 START_PROFILE(SMBopenX);
1893
1894 if (req->wct < 15) {
1895 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1896 goto out;
1897 }
1898
1899 open_flags = SVAL(req->vwv+2, 0);
1900 deny_mode = SVAL(req->vwv+3, 0);
1901 smb_attr = SVAL(req->vwv+5, 0);
1902 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1903 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1904 oplock_request = ex_oplock_request | core_oplock_request;
1905 smb_ofun = SVAL(req->vwv+8, 0);
1906 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1907
1908 /* If it's an IPC, pass off the pipe handler. */
1909 if (IS_IPC(conn)) {
1910 if (lp_nt_pipe_support()) {
1911 reply_open_pipe_and_X(conn, req);
1912 } else {
1913 reply_nterror(req, NT_STATUS_NETWORK_ACCESS_DENIED);
1914 }
1915 goto out;
1916 }
1917
1918 /* XXXX we need to handle passed times, sattr and flags */
1919 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1920 STR_TERMINATE, &status);
1921 if (!NT_STATUS_IS_OK(status)) {
1922 reply_nterror(req, status);
1923 goto out;
1924 }
1925
1926 status = filename_convert(ctx,
1927 conn,
1928 req->flags2 & FLAGS2_DFS_PATHNAMES,
1929 fname,
1930 0,
1931 NULL,
1932 &smb_fname);
1933 if (!NT_STATUS_IS_OK(status)) {
1934 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1935 reply_botherror(req,
1936 NT_STATUS_PATH_NOT_COVERED,
1937 ERRSRV, ERRbadpath);
1938 goto out;
1939 }
1940 reply_nterror(req, status);
1941 goto out;
1942 }
1943
1944 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
1945 smb_ofun,
1946 &access_mask, &share_mode,
1947 &create_disposition,
1948 &create_options,
1949 &private_flags)) {
1950 reply_force_doserror(req, ERRDOS, ERRbadaccess);
1951 goto out;
1952 }
1953
1954 status = SMB_VFS_CREATE_FILE(
1955 conn, /* conn */
1956 req, /* req */
1957 0, /* root_dir_fid */
1958 smb_fname, /* fname */
1959 access_mask, /* access_mask */
1960 share_mode, /* share_access */
1961 create_disposition, /* create_disposition*/
1962 create_options, /* create_options */
1963 smb_attr, /* file_attributes */
1964 oplock_request, /* oplock_request */
1965 0, /* allocation_size */
1966 private_flags,
1967 NULL, /* sd */
1968 NULL, /* ea_list */
1969 &fsp, /* result */
1970 &smb_action); /* pinfo */
1971
1972 if (!NT_STATUS_IS_OK(status)) {
1973 if (open_was_deferred(req->mid)) {
1974 /* We have re-scheduled this call. */
1975 goto out;
1976 }
1977 reply_openerror(req, status);
1978 goto out;
1979 }
1980
1981 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1982 if the file is truncated or created. */
1983 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1984 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1985 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1986 close_file(req, fsp, ERROR_CLOSE);
1987 reply_nterror(req, NT_STATUS_DISK_FULL);
1988 goto out;
1989 }
1990 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1991 if (retval < 0) {
1992 close_file(req, fsp, ERROR_CLOSE);
1993 reply_nterror(req, NT_STATUS_DISK_FULL);
1994 goto out;
1995 }
1996 status = vfs_stat_fsp(fsp);
1997 if (!NT_STATUS_IS_OK(status)) {
1998 close_file(req, fsp, ERROR_CLOSE);
1999 reply_nterror(req, status);
2000 goto out;
2001 }
2002 }
2003
2004 fattr = dos_mode(conn, fsp->fsp_name);
2005 mtime = convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime);
2006 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2007 close_file(req, fsp, ERROR_CLOSE);
2008 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
2009 goto out;
2010 }
2011
2012 /* If the caller set the extended oplock request bit
2013 and we granted one (by whatever means) - set the
2014 correct bit for extended oplock reply.
2015 */
2016
2017 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2018 smb_action |= EXTENDED_OPLOCK_GRANTED;
2019 }
2020
2021 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2022 smb_action |= EXTENDED_OPLOCK_GRANTED;
2023 }
2024
2025 /* If the caller set the core oplock request bit
2026 and we granted one (by whatever means) - set the
2027 correct bit for core oplock reply.
2028 */
2029
2030 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2031 reply_outbuf(req, 19, 0);
2032 } else {
2033 reply_outbuf(req, 15, 0);
2034 }
2035
2036 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
2037 SCVAL(req->outbuf, smb_flg,
2038 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2039 }
2040
2041 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2042 SCVAL(req->outbuf, smb_flg,
2043 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2044 }
2045
2046 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2047 SSVAL(req->outbuf,smb_vwv3,fattr);
2048 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2049 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2050 } else {
2051 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2052 }
2053 SIVAL(req->outbuf,smb_vwv6,(uint32)fsp->fsp_name->st.st_ex_size);
2054 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2055 SSVAL(req->outbuf,smb_vwv11,smb_action);
2056
2057 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2058 SIVAL(req->outbuf, smb_vwv15, SEC_STD_ALL);
2059 }
2060
2061 chain_reply(req);
2062 out:
2063 TALLOC_FREE(smb_fname);
2064 END_PROFILE(SMBopenX);
2065 return;
2066 }
2067
2068 /****************************************************************************
2069 Reply to a SMBulogoffX.
2070 ****************************************************************************/
2071
2072 void reply_ulogoffX(struct smb_request *req)
2073 {
2074 struct smbd_server_connection *sconn = req->sconn;
2075 user_struct *vuser;
2076
2077 START_PROFILE(SMBulogoffX);
2078
2079 vuser = get_valid_user_struct(sconn, req->vuid);
2080
2081 if(vuser == NULL) {
2082 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
2083 req->vuid));
2084 }
2085
2086 /* in user level security we are supposed to close any files
2087 open by this user */
2088 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
2089 file_close_user(sconn, req->vuid);
2090 }
2091
2092 invalidate_vuid(sconn, req->vuid);
2093
2094 reply_outbuf(req, 2, 0);
2095
2096 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
2097
2098 END_PROFILE(SMBulogoffX);
2099 req->vuid = UID_FIELD_INVALID;
2100 chain_reply(req);
2101 }
2102
2103 /****************************************************************************
2104 Reply to a mknew or a create.
2105 ****************************************************************************/
2106
2107 void reply_mknew(struct smb_request *req)
2108 {
2109 connection_struct *conn = req->conn;
2110 struct smb_filename *smb_fname = NULL;
2111 char *fname = NULL;
2112 uint32 fattr = 0;
2113 struct smb_file_time ft;
2114 files_struct *fsp;
2115 int oplock_request = 0;
2116 NTSTATUS status;
2117 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2118 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2119 uint32 create_disposition;
2120 uint32 create_options = 0;
2121 TALLOC_CTX *ctx = talloc_tos();
2122
2123 START_PROFILE(SMBcreate);
2124 ZERO_STRUCT(ft);
2125
2126 if (req->wct < 3) {
2127 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2128 goto out;
2129 }
2130
2131 fattr = SVAL(req->vwv+0, 0);
2132 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2133
2134 /* mtime. */
2135 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2136
2137 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2138 STR_TERMINATE, &status);
2139 if (!NT_STATUS_IS_OK(status)) {
2140 reply_nterror(req, status);
2141 goto out;
2142 }
2143
2144 status = filename_convert(ctx,
2145 conn,
2146 req->flags2 & FLAGS2_DFS_PATHNAMES,
2147 fname,
2148 0,
2149 NULL,
2150 &smb_fname);
2151 if (!NT_STATUS_IS_OK(status)) {
2152 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2153 reply_botherror(req,
2154 NT_STATUS_PATH_NOT_COVERED,
2155 ERRSRV, ERRbadpath);
2156 goto out;
2157 }
2158 reply_nterror(req, status);
2159 goto out;
2160 }
2161
2162 if (fattr & FILE_ATTRIBUTE_VOLUME) {
2163 DEBUG(0,("Attempt to create file (%s) with volid set - "
2164 "please report this\n",
2165 smb_fname_str_dbg(smb_fname)));
2166 }
2167
2168 if(req->cmd == SMBmknew) {
2169 /* We should fail if file exists. */
2170 create_disposition = FILE_CREATE;
2171 } else {
2172 /* Create if file doesn't exist, truncate if it does. */
2173 create_disposition = FILE_OVERWRITE_IF;
2174 }
2175
2176 status = SMB_VFS_CREATE_FILE(
2177 conn, /* conn */
2178 req, /* req */
2179 0, /* root_dir_fid */
2180 smb_fname, /* fname */
2181 access_mask, /* access_mask */
2182 share_mode, /* share_access */
2183 create_disposition, /* create_disposition*/
2184 create_options, /* create_options */
2185 fattr, /* file_attributes */
2186 oplock_request, /* oplock_request */
2187 0, /* allocation_size */
2188 0, /* private_flags */
2189 NULL, /* sd */
2190 NULL, /* ea_list */
2191 &fsp, /* result */
2192 NULL); /* pinfo */
2193
2194 if (!NT_STATUS_IS_OK(status)) {
2195 if (open_was_deferred(req->mid)) {
2196 /* We have re-scheduled this call. */
2197 goto out;
2198 }
2199 reply_openerror(req, status);
2200 goto out;
2201 }
2202
2203 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2204 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2205 if (!NT_STATUS_IS_OK(status)) {
2206 END_PROFILE(SMBcreate);
2207 goto out;
2208 }
2209
2210 reply_outbuf(req, 1, 0);
2211 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2212
2213 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2214 SCVAL(req->outbuf,smb_flg,
2215 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2216 }
2217
2218 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2219 SCVAL(req->outbuf,smb_flg,
2220 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2221 }
2222
2223 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2224 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2225 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2226 (unsigned int)fattr));
2227
2228 out:
2229 TALLOC_FREE(smb_fname);
2230 END_PROFILE(SMBcreate);
2231 return;
2232 }
2233
2234 /****************************************************************************
2235 Reply to a create temporary file.
2236 ****************************************************************************/
2237
2238 void reply_ctemp(struct smb_request *req)
2239 {
2240 connection_struct *conn = req->conn;
2241 struct smb_filename *smb_fname = NULL;
2242 char *fname = NULL;
2243 uint32 fattr;
2244 files_struct *fsp;
2245 int oplock_request;
2246 int tmpfd;
2247 char *s;
2248 NTSTATUS status;
2249 TALLOC_CTX *ctx = talloc_tos();
2250
2251 START_PROFILE(SMBctemp);
2252
2253 if (req->wct < 3) {
2254 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2255 goto out;
2256 }
2257
2258 fattr = SVAL(req->vwv+0, 0);
2259 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2260
2261 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2262 STR_TERMINATE, &status);
2263 if (!NT_STATUS_IS_OK(status)) {
2264 reply_nterror(req, status);
2265 goto out;
2266 }
2267 if (*fname) {
2268 fname = talloc_asprintf(ctx,
2269 "%s/TMXXXXXX",
2270 fname);
2271 } else {
2272 fname = talloc_strdup(ctx, "TMXXXXXX");
2273 }
2274
2275 if (!fname) {
2276 reply_nterror(req, NT_STATUS_NO_MEMORY);
2277 goto out;
2278 }
2279
2280 status = filename_convert(ctx, conn,
2281 req->flags2 & FLAGS2_DFS_PATHNAMES,
2282 fname,
2283 0,
2284 NULL,
2285 &smb_fname);
2286 if (!NT_STATUS_IS_OK(status)) {
2287 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2288 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2289 ERRSRV, ERRbadpath);
2290 goto out;
2291 }
2292 reply_nterror(req, status);
2293 goto out;
2294 }
2295
2296 tmpfd = mkstemp(smb_fname->base_name);
2297 if (tmpfd == -1) {
2298 reply_nterror(req, map_nt_error_from_unix(errno));
2299 goto out;
2300 }
2301
2302 SMB_VFS_STAT(conn, smb_fname);
2303
2304 /* We should fail if file does not exist. */
2305 status = SMB_VFS_CREATE_FILE(
2306 conn, /* conn */
2307 req, /* req */
2308 0, /* root_dir_fid */
2309 smb_fname, /* fname */
2310 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2311 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2312 FILE_OPEN, /* create_disposition*/
2313 0, /* create_options */
2314 fattr, /* file_attributes */
2315 oplock_request, /* oplock_request */
2316 0, /* allocation_size */
2317 0, /* private_flags */
2318 NULL, /* sd */
2319 NULL, /* ea_list */
2320 &fsp, /* result */
2321 NULL); /* pinfo */
2322
2323 /* close fd from mkstemp() */
2324 close(tmpfd);
2325
2326 if (!NT_STATUS_IS_OK(status)) {
2327 if (open_was_deferred(req->mid)) {
2328 /* We have re-scheduled this call. */
2329 goto out;
2330 }
2331 reply_openerror(req, status);
2332 goto out;
2333 }
2334
2335 reply_outbuf(req, 1, 0);
2336 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2337
2338 /* the returned filename is relative to the directory */
2339 s = strrchr_m(fsp->fsp_name->base_name, '/');
2340 if (!s) {
2341 s = fsp->fsp_name->base_name;
2342 } else {
2343 s++;
2344 }
2345
2346 #if 0
2347 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2348 thing in the byte section. JRA */
2349 SSVALS(p, 0, -1); /* what is this? not in spec */
2350 #endif
2351 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2352 == -1) {
2353 reply_nterror(req, NT_STATUS_NO_MEMORY);
2354 goto out;
2355 }
2356
2357 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2358 SCVAL(req->outbuf, smb_flg,
2359 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2360 }
2361
2362 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2363 SCVAL(req->outbuf, smb_flg,
2364 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2365 }
2366
2367 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2368 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2369 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2370 out:
2371 TALLOC_FREE(smb_fname);
2372 END_PROFILE(SMBctemp);
2373 return;
2374 }
2375
2376 /*******************************************************************
2377 Check if a user is allowed to rename a file.
2378 ********************************************************************/
2379
2380 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2381 uint16 dirtype)
2382 {
2383 if (!CAN_WRITE(conn)) {
2384 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2385 }
2386
2387 if ((dirtype & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) !=
2388 (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
2389 /* Only bother to read the DOS attribute if we might deny the
2390 rename on the grounds of attribute missmatch. */
2391 uint32_t fmode = dos_mode(conn, fsp->fsp_name);
2392 if ((fmode & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) {
2393 return NT_STATUS_NO_SUCH_FILE;
2394 }
2395 }
2396
2397 if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
2398 if (fsp->posix_open) {
2399 return NT_STATUS_OK;
2400 }
2401
2402 /* If no pathnames are open below this
2403 directory, allow the rename. */
2404
2405 if (file_find_subpath(fsp)) {
2406 return NT_STATUS_ACCESS_DENIED;
2407 }
2408 return NT_STATUS_OK;
2409 }
2410
2411 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2412 return NT_STATUS_OK;
2413 }
2414
2415 return NT_STATUS_ACCESS_DENIED;
2416 }
2417
2418 /*******************************************************************
2419 * unlink a file with all relevant access checks
2420 *******************************************************************/
2421
2422 static NTSTATUS do_unlink(connection_struct *conn,
2423 struct smb_request *req,
2424 struct smb_filename *smb_fname,
2425 uint32 dirtype)
2426 {
2427 uint32 fattr;
2428 files_struct *fsp;
2429 uint32 dirtype_orig = dirtype;
2430 NTSTATUS status;
2431 int ret;
2432 bool posix_paths = lp_posix_pathnames();
2433
2434 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2435 smb_fname_str_dbg(smb_fname),
2436 dirtype));
2437
2438 if (!CAN_WRITE(conn)) {
2439 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2440 }
2441
2442 if (posix_paths) {
2443 ret = SMB_VFS_LSTAT(conn, smb_fname);
2444 } else {
2445 ret = SMB_VFS_STAT(conn, smb_fname);
2446 }
2447 if (ret != 0) {
2448 return map_nt_error_from_unix(errno);
2449 }
2450
2451 fattr = dos_mode(conn, smb_fname);
2452
2453 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2454 dirtype = FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY;
2455 }
2456
2457 dirtype &= (FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM);
2458 if (!dirtype) {
2459 return NT_STATUS_NO_SUCH_FILE;
2460 }
2461
2462 if (!dir_check_ftype(conn, fattr, dirtype)) {
2463 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2464 return NT_STATUS_FILE_IS_A_DIRECTORY;
2465 }
2466 return NT_STATUS_NO_SUCH_FILE;
2467 }
2468
2469 if (dirtype_orig & 0x8000) {
2470 /* These will never be set for POSIX. */
2471 return NT_STATUS_NO_SUCH_FILE;
2472 }
2473
2474 #if 0
2475 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2476 return NT_STATUS_FILE_IS_A_DIRECTORY;
2477 }
2478
2479 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2480 return NT_STATUS_NO_SUCH_FILE;
2481 }
2482
2483 if (dirtype & 0xFF00) {
2484 /* These will never be set for POSIX. */
2485 return NT_STATUS_NO_SUCH_FILE;
2486 }
2487
2488 dirtype &= 0xFF;
2489 if (!dirtype) {
2490 return NT_STATUS_NO_SUCH_FILE;
2491 }
2492
2493 /* Can't delete a directory. */
2494 if (fattr & FILE_ATTRIBUTE_DIRECTORY) {
2495 return NT_STATUS_FILE_IS_A_DIRECTORY;
2496 }
2497 #endif
2498
2499 #if 0 /* JRATEST */
2500 else if (dirtype & FILE_ATTRIBUTE_DIRECTORY) /* Asked for a directory and it isn't. */
2501 return NT_STATUS_OBJECT_NAME_INVALID;
2502 #endif /* JRATEST */
2503
2504 /* On open checks the open itself will check the share mode, so
2505 don't do it here as we'll get it wrong. */
2506
2507 status = SMB_VFS_CREATE_FILE
2508 (conn, /* conn */
2509 req, /* req */
2510 0, /* root_dir_fid */
2511 smb_fname, /* fname */
2512 DELETE_ACCESS, /* access_mask */
2513 FILE_SHARE_NONE, /* share_access */
2514 FILE_OPEN, /* create_disposition*/
2515 FILE_NON_DIRECTORY_FILE, /* create_options */
2516 /* file_attributes */
2517 posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777 :
2518 FILE_ATTRIBUTE_NORMAL,
2519 0, /* oplock_request */
2520 0, /* allocation_size */
2521 0, /* private_flags */
2522 NULL, /* sd */
2523 NULL, /* ea_list */
2524 &fsp, /* result */
2525 NULL); /* pinfo */
2526
2527 if (!NT_STATUS_IS_OK(status)) {
2528 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2529 nt_errstr(status)));
2530 return status;
2531 }
2532
2533 status = can_set_delete_on_close(fsp, fattr);
2534 if (!NT_STATUS_IS_OK(status)) {
2535 DEBUG(10, ("do_unlink can_set_delete_on_close for file %s - "
2536 "(%s)\n",
2537 smb_fname_str_dbg(smb_fname),
2538 nt_errstr(status)));
2539 close_file(req, fsp, NORMAL_CLOSE);
2540 return status;
2541 }
2542
2543 /* The set is across all open files on this dev/inode pair. */
2544 if (!set_delete_on_close(fsp, True, &conn->session_info->utok)) {
2545 close_file(req, fsp, NORMAL_CLOSE);
2546 return NT_STATUS_ACCESS_DENIED;
2547 }
2548
2549 return close_file(req, fsp, NORMAL_CLOSE);
2550 }
2551
2552 /****************************************************************************
2553 The guts of the unlink command, split out so it may be called by the NT SMB
2554 code.
2555 ****************************************************************************/
2556
2557 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2558 uint32 dirtype, struct smb_filename *smb_fname,
2559 bool has_wild)
2560 {
2561 char *fname_dir = NULL;
2562 char *fname_mask = NULL;
2563 int count=0;
2564 NTSTATUS status = NT_STATUS_OK;
2565 TALLOC_CTX *ctx = talloc_tos();
2566
2567 /* Split up the directory from the filename/mask. */
2568 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2569 &fname_dir, &fname_mask);
2570 if (!NT_STATUS_IS_OK(status)) {
2571 goto out;
2572 }
2573
2574 /*
2575 * We should only check the mangled cache
2576 * here if unix_convert failed. This means
2577 * that the path in 'mask' doesn't exist
2578 * on the file system and so we need to look
2579 * for a possible mangle. This patch from
2580 * Tine Smukavec <valentin.smukavec@hermes.si>.
2581 */
2582
2583 if (!VALID_STAT(smb_fname->st) &&
2584 mangle_is_mangled(fname_mask, conn->params)) {
2585 char *new_mask = NULL;
2586 mangle_lookup_name_from_8_3(ctx, fname_mask,
2587 &new_mask, conn->params);
2588 if (new_mask) {
2589 TALLOC_FREE(fname_mask);
2590 fname_mask = new_mask;
2591 }
2592 }
2593
2594 if (!has_wild) {
2595
2596 /*
2597 * Only one file needs to be unlinked. Append the mask back
2598 * onto the directory.
2599 */
2600 TALLOC_FREE(smb_fname->base_name);
2601 if (ISDOT(fname_dir)) {
2602 /* Ensure we use canonical names on open. */
2603 smb_fname->base_name = talloc_asprintf(smb_fname,
2604 "%s",
2605 fname_mask);
2606 } else {
2607 smb_fname->base_name = talloc_asprintf(smb_fname,
2608 "%s/%s",
2609 fname_dir,
2610 fname_mask);
2611 }
2612 if (!smb_fname->base_name) {
2613 status = NT_STATUS_NO_MEMORY;
2614 goto out;
2615 }
2616 if (dirtype == 0) {
2617 dirtype = FILE_ATTRIBUTE_NORMAL;
2618 }
2619
2620 status = check_name(conn, smb_fname->base_name);
2621 if (!NT_STATUS_IS_OK(status)) {
2622 goto out;
2623 }
2624
2625 status = do_unlink(conn, req, smb_fname, dirtype);
2626 if (!NT_STATUS_IS_OK(status)) {
2627 goto out;
2628 }
2629
2630 count++;
2631 } else {
2632 struct smb_Dir *dir_hnd = NULL;
2633 long offset = 0;
2634 const char *dname = NULL;
2635 char *talloced = NULL;
2636
2637 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == FILE_ATTRIBUTE_DIRECTORY) {
2638 status = NT_STATUS_OBJECT_NAME_INVALID;
2639 goto out;
2640 }
2641
2642 if (strequal(fname_mask,"????????.???")) {
2643 TALLOC_FREE(fname_mask);
2644 fname_mask = talloc_strdup(ctx, "*");
2645 if (!fname_mask) {
2646 status = NT_STATUS_NO_MEMORY;
2647 goto out;
2648 }
2649 }
2650
2651 status = check_name(conn, fname_dir);
2652 if (!NT_STATUS_IS_OK(status)) {
2653 goto out;
2654 }
2655
2656 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2657 dirtype);
2658 if (dir_hnd == NULL) {
2659 status = map_nt_error_from_unix(errno);
2660 goto out;
2661 }
2662
2663 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2664 the pattern matches against the long name, otherwise the short name
2665 We don't implement this yet XXXX
2666 */
2667
2668 status = NT_STATUS_NO_SUCH_FILE;
2669
2670 while ((dname = ReadDirName(dir_hnd, &offset,
2671 &smb_fname->st, &talloced))) {
2672 TALLOC_CTX *frame = talloc_stackframe();
2673
2674 if (!is_visible_file(conn, fname_dir, dname,
2675 &smb_fname->st, true)) {
2676 TALLOC_FREE(frame);
2677 TALLOC_FREE(talloced);
2678 continue;
2679 }
2680
2681 /* Quick check for "." and ".." */
2682 if (ISDOT(dname) || ISDOTDOT(dname)) {
2683 TALLOC_FREE(frame);
2684 TALLOC_FREE(talloced);
2685 continue;
2686 }
2687
2688 if(!mask_match(dname, fname_mask,
2689 conn->case_sensitive)) {
2690 TALLOC_FREE(frame);
2691 TALLOC_FREE(talloced);
2692 continue;
2693 }
2694
2695 TALLOC_FREE(smb_fname->base_name);
2696 if (ISDOT(fname_dir)) {
2697 /* Ensure we use canonical names on open. */
2698 smb_fname->base_name =
2699 talloc_asprintf(smb_fname, "%s",
2700 dname);
2701 } else {
2702 smb_fname->base_name =
2703 talloc_asprintf(smb_fname, "%s/%s",
2704 fname_dir, dname);
2705 }
2706
2707 if (!smb_fname->base_name) {
2708 TALLOC_FREE(dir_hnd);
2709 status = NT_STATUS_NO_MEMORY;
2710 TALLOC_FREE(frame);
2711 TALLOC_FREE(talloced);
2712 goto out;
2713 }
2714
2715 status = check_name(conn, smb_fname->base_name);
2716 if (!NT_STATUS_IS_OK(status)) {
2717 TALLOC_FREE(dir_hnd);
2718 TALLOC_FREE(frame);
2719 TALLOC_FREE(talloced);
2720 goto out;
2721 }
2722
2723 status = do_unlink(conn, req, smb_fname, dirtype);
2724 if (!NT_STATUS_IS_OK(status)) {
2725 TALLOC_FREE(frame);
2726 TALLOC_FREE(talloced);
2727 continue;
2728 }
2729
2730 count++;
2731 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2732 smb_fname->base_name));
2733
2734 TALLOC_FREE(frame);
2735 TALLOC_FREE(talloced);
2736 }
2737 TALLOC_FREE(dir_hnd);
2738 }
2739
2740 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2741 status = map_nt_error_from_unix(errno);
2742 }
2743
2744 out:
2745 TALLOC_FREE(fname_dir);
2746 TALLOC_FREE(fname_mask);
2747 return status;
2748 }
2749
2750 /****************************************************************************
2751 Reply to a unlink
2752 ****************************************************************************/
2753
2754 void reply_unlink(struct smb_request *req)
2755 {
2756 connection_struct *conn = req->conn;
2757 char *name = NULL;
2758 struct smb_filename *smb_fname = NULL;
2759 uint32 dirtype;
2760 NTSTATUS status;
2761 bool path_contains_wcard = False;
2762 TALLOC_CTX *ctx = talloc_tos();
2763
2764 START_PROFILE(SMBunlink);
2765
2766 if (req->wct < 1) {
2767 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2768 goto out;
2769 }
2770
2771 dirtype = SVAL(req->vwv+0, 0);
2772
2773 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2774 STR_TERMINATE, &status,
2775 &path_contains_wcard);
2776 if (!NT_STATUS_IS_OK(status)) {
2777 reply_nterror(req, status);
2778 goto out;
2779 }
2780
2781 status = filename_convert(ctx, conn,
2782 req->flags2 & FLAGS2_DFS_PATHNAMES,
2783 name,
2784 UCF_COND_ALLOW_WCARD_LCOMP,
2785 &path_contains_wcard,
2786 &smb_fname);
2787 if (!NT_STATUS_IS_OK(status)) {
2788 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2789 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2790 ERRSRV, ERRbadpath);
2791 goto out;
2792 }
2793 reply_nterror(req, status);
2794 goto out;
2795 }
2796
2797 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2798
2799 status = unlink_internals(conn, req, dirtype, smb_fname,
2800 path_contains_wcard);
2801 if (!NT_STATUS_IS_OK(status)) {
2802 if (open_was_deferred(req->mid)) {
2803 /* We have re-scheduled this call. */
2804 goto out;
2805 }
2806 reply_nterror(req, status);
2807 goto out;
2808 }
2809
2810 reply_outbuf(req, 0, 0);
2811 out:
2812 TALLOC_FREE(smb_fname);
2813 END_PROFILE(SMBunlink);
2814 return;
2815 }
2816
2817 /****************************************************************************
2818 Fail for readbraw.
2819 ****************************************************************************/
2820
2821 static void fail_readraw(void)
2822 {
2823 const char *errstr = talloc_asprintf(talloc_tos(),
2824 "FAIL ! reply_readbraw: socket write fail (%s)",
2825 strerror(errno));
2826 if (!errstr) {
2827 errstr = "";
2828 }
2829 exit_server_cleanly(errstr);
2830 }
2831
2832 /****************************************************************************
2833 Fake (read/write) sendfile. Returns -1 on read or write fail.
2834 ****************************************************************************/
2835
2836 ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos, size_t nread)
2837 {
2838 size_t bufsize;
2839 size_t tosend = nread;
2840 char *buf;
2841
2842 if (nread == 0) {
2843 return 0;
2844 }
2845
2846 bufsize = MIN(nread, 65536);
2847
2848 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2849 return -1;
2850 }
2851
2852 while (tosend > 0) {
2853 ssize_t ret;
2854 size_t cur_read;
2855
2856 if (tosend > bufsize) {
2857 cur_read = bufsize;
2858 } else {
2859 cur_read = tosend;
2860 }
2861 ret = read_file(fsp,buf,startpos,cur_read);
2862 if (ret == -1) {
2863 SAFE_FREE(buf);
2864 return -1;
2865 }
2866
2867 /* If we had a short read, fill with zeros. */
2868 if (ret < cur_read) {
2869 memset(buf + ret, '\0', cur_read - ret);
2870 }
2871
2872 if (write_data(fsp->conn->sconn->sock, buf, cur_read)
2873 != cur_read) {
2874 char addr[INET6_ADDRSTRLEN];
2875 /*
2876 * Try and give an error message saying what
2877 * client failed.
2878 */
2879 DEBUG(0, ("write_data failed for client %s. "
2880 "Error %s\n",
2881 get_peer_addr(fsp->conn->sconn->sock, addr,
2882 sizeof(addr)),
2883 strerror(errno)));
2884 SAFE_FREE(buf);
2885 return -1;
2886 }
2887 tosend -= cur_read;
2888 startpos += cur_read;
2889 }
2890
2891 SAFE_FREE(buf);
2892 return (ssize_t)nread;
2893 }
2894
2895 /****************************************************************************
2896 Deal with the case of sendfile reading less bytes from the file than
2897 requested. Fill with zeros (all we can do).
2898 ****************************************************************************/
2899
2900 void sendfile_short_send(files_struct *fsp,
2901 ssize_t nread,
2902 size_t headersize,
2903 size_t smb_maxcnt)
2904 {
2905 #define SHORT_SEND_BUFSIZE 1024
2906 if (nread < headersize) {
2907 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2908 "header for file %s (%s). Terminating\n",
2909 fsp_str_dbg(fsp), strerror(errno)));
2910 exit_server_cleanly("sendfile_short_send failed");
2911 }
2912
2913 nread -= headersize;
2914
2915 if (nread < smb_maxcnt) {
2916 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
2917 if (!buf) {
2918 exit_server_cleanly("sendfile_short_send: "
2919 "malloc failed");
2920 }
2921
2922 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2923 "with zeros !\n", fsp_str_dbg(fsp)));
2924
2925 while (nread < smb_maxcnt) {
2926 /*
2927 * We asked for the real file size and told sendfile
2928 * to not go beyond the end of the file. But it can
2929 * happen that in between our fstat call and the
2930 * sendfile call the file was truncated. This is very
2931 * bad because we have already announced the larger
2932 * number of bytes to the client.
2933 *
2934 * The best we can do now is to send 0-bytes, just as
2935 * a read from a hole in a sparse file would do.
2936 *
2937 * This should happen rarely enough that I don't care
2938 * about efficiency here :-)
2939 */
2940 size_t to_write;
2941
2942 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
2943 if (write_data(fsp->conn->sconn->sock, buf, to_write)
2944 != to_write) {
2945 char addr[INET6_ADDRSTRLEN];
2946 /*
2947 * Try and give an error message saying what
2948 * client failed.
2949 */
2950 DEBUG(0, ("write_data failed for client %s. "
2951 "Error %s\n",
2952 get_peer_addr(
2953 fsp->conn->sconn->sock, addr,
2954 sizeof(addr)),
2955 strerror(errno)));
2956 exit_server_cleanly("sendfile_short_send: "
2957 "write_data failed");
2958 }
2959 nread += to_write;
2960 }
2961 SAFE_FREE(buf);
2962 }
2963 }
2964
2965 /****************************************************************************
2966 Return a readbraw error (4 bytes of zero).
2967 ****************************************************************************/
2968
2969 static void reply_readbraw_error(struct smbd_server_connection *sconn)
2970 {
2971 char header[4];
2972
2973 SIVAL(header,0,0);
2974
2975 smbd_lock_socket(sconn);
2976 if (write_data(sconn->sock,header,4) != 4) {
2977 char addr[INET6_ADDRSTRLEN];
2978 /*
2979 * Try and give an error message saying what
2980 * client failed.
2981 */
2982 DEBUG(0, ("write_data failed for client %s. "
2983 "Error %s\n",
2984 get_peer_addr(sconn->sock, addr, sizeof(addr)),
2985 strerror(errno)));
2986
2987 fail_readraw();
2988 }
2989 smbd_unlock_socket(sconn);
2990 }
2991
2992 /****************************************************************************
2993 Use sendfile in readbraw.
2994 ****************************************************************************/
2995
2996 static void send_file_readbraw(connection_struct *conn,
2997 struct smb_request *req,
2998 files_struct *fsp,
2999 SMB_OFF_T startpos,
3000 size_t nread,
3001 ssize_t mincount)
3002 {
3003 struct smbd_server_connection *sconn = req->sconn;
3004 char *outbuf = NULL;
3005 ssize_t ret=0;
3006
3007 /*
3008 * We can only use sendfile on a non-chained packet
3009 * but we can use on a non-oplocked file. tridge proved this
3010 * on a train in Germany :-). JRA.
3011 * reply_readbraw has already checked the length.
3012 */
3013
3014 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
3015 (fsp->wcp == NULL) &&
3016 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
3017 ssize_t sendfile_read = -1;
3018 char header[4];
3019 DATA_BLOB header_blob;
3020
3021 _smb_setlen(header,nread);
3022 header_blob = data_blob_const(header, 4);
3023
3024 sendfile_read = SMB_VFS_SENDFILE(sconn->sock, fsp,
3025 &header_blob, startpos,
3026 nread);
3027 if (sendfile_read == -1) {
3028 /* Returning ENOSYS means no data at all was sent.
3029 * Do this as a normal read. */
3030 if (errno == ENOSYS) {
3031 goto normal_readbraw;
3032 }
3033
3034 /*
3035 * Special hack for broken Linux with no working sendfile. If we
3036 * return EINTR we sent the header but not the rest of the data.
3037 * Fake this up by doing read/write calls.
3038 */
3039 if (errno == EINTR) {
3040 /* Ensure we don't do this again. */
3041 set_use_sendfile(SNUM(conn), False);
3042 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
3043
3044 if (fake_sendfile(fsp, startpos, nread) == -1) {
3045 DEBUG(0,("send_file_readbraw: "
3046 "fake_sendfile failed for "
3047 "file %s (%s).\n",
3048 fsp_str_dbg(fsp),
3049 strerror(errno)));
3050 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
3051 }
3052 return;
3053 }
3054
3055 DEBUG(0,("send_file_readbraw: sendfile failed for "
3056 "file %s (%s). Terminating\n",
3057 fsp_str_dbg(fsp), strerror(errno)));
3058 exit_server_cleanly("send_file_readbraw sendfile failed");
3059 } else if (sendfile_read == 0) {
3060 /*
3061 * Some sendfile implementations return 0 to indicate
3062 * that there was a short read, but nothing was
3063 * actually written to the socket. In this case,
3064 * fallback to the normal read path so the header gets
3065 * the correct byte count.
3066 */
3067 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
3068 "bytes falling back to the normal read: "
3069 "%s\n", fsp_str_dbg(fsp)));
3070 goto normal_readbraw;
3071 }
3072
3073 /* Deal with possible short send. */
3074 if (sendfile_read != 4+nread) {
3075 sendfile_short_send(fsp, sendfile_read, 4, nread);
3076 }
3077 return;
3078 }
3079
3080 normal_readbraw:
3081
3082 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
3083 if (!outbuf) {
3084 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
3085 (unsigned)(nread+4)));
3086 reply_readbraw_error(sconn);
3087 return;
3088 }
3089
3090 if (nread > 0) {
3091 ret = read_file(fsp,outbuf+4,startpos,nread);
3092 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3093 if (ret < mincount)
3094 ret = 0;
3095 #else
3096 if (ret < nread)
3097 ret = 0;
3098 #endif
3099 }
3100
3101 _smb_setlen(outbuf,ret);
3102 if (write_data(sconn->sock, outbuf, 4+ret) != 4+ret) {
3103 char addr[INET6_ADDRSTRLEN];
3104 /*
3105 * Try and give an error message saying what
3106 * client failed.
3107 */
3108 DEBUG(0, ("write_data failed for client %s. "
3109 "Error %s\n",
3110 get_peer_addr(fsp->conn->sconn->sock, addr,
3111 sizeof(addr)),
3112 strerror(errno)));
3113
3114 fail_readraw();
3115 }
3116
3117 TALLOC_FREE(outbuf);
3118 }
3119
3120 /****************************************************************************
3121 Reply to a readbraw (core+ protocol).
3122 ****************************************************************************/
3123
3124 void reply_readbraw(struct smb_request *req)
3125 {
3126 connection_struct *conn = req->conn;
3127 struct smbd_server_connection *sconn = req->sconn;
3128 ssize_t maxcount,mincount;
3129 size_t nread = 0;
3130 SMB_OFF_T startpos;
3131 files_struct *fsp;
3132 struct lock_struct lock;
3133 SMB_OFF_T size = 0;
3134
3135 START_PROFILE(SMBreadbraw);
3136
3137 if (srv_is_signing_active(sconn) ||
3138 is_encrypted_packet(req->inbuf)) {
3139 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3140 "raw reads/writes are disallowed.");
3141 }
3142
3143 if (req->wct < 8) {
3144 reply_readbraw_error(sconn);
3145 END_PROFILE(SMBreadbraw);
3146 return;
3147 }
3148
3149 if (sconn->smb1.echo_handler.trusted_fde) {
3150 DEBUG(2,("SMBreadbraw rejected with NOT_SUPPORTED because of "
3151 "'async smb echo handler = yes'\n"));
3152 reply_readbraw_error(sconn);
3153 END_PROFILE(SMBreadbraw);
3154 return;
3155 }
3156
3157 /*
3158 * Special check if an oplock break has been issued
3159 * and the readraw request croses on the wire, we must
3160 * return a zero length response here.
3161 */
3162
3163 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3164
3165 /*
3166 * We have to do a check_fsp by hand here, as
3167 * we must always return 4 zero bytes on error,
3168 * not a NTSTATUS.
3169 */
3170
3171 if (!fsp || !conn || conn != fsp->conn ||
3172 req->vuid != fsp->vuid ||
3173 fsp->is_directory || fsp->fh->fd == -1) {
3174 /*
3175 * fsp could be NULL here so use the value from the packet. JRA.
3176 */
3177 DEBUG(3,("reply_readbraw: fnum %d not valid "
3178 "- cache prime?\n",
3179 (int)SVAL(req->vwv+0, 0)));
3180 reply_readbraw_error(sconn);
3181 END_PROFILE(SMBreadbraw);
3182 return;
3183 }
3184
3185 /* Do a "by hand" version of CHECK_READ. */
3186 if (!(fsp->can_read ||
3187 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3188 (fsp->access_mask & FILE_EXECUTE)))) {
3189 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3190 (int)SVAL(req->vwv+0, 0)));
3191 reply_readbraw_error(sconn);
3192 END_PROFILE(SMBreadbraw);
3193 return;
3194 }
3195
3196 flush_write_cache(fsp, READRAW_FLUSH);
3197
3198 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3199 if(req->wct == 10) {
3200 /*
3201 * This is a large offset (64 bit) read.
3202 */
3203 #ifdef LARGE_SMB_OFF_T
3204
3205 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
3206
3207 #else /* !LARGE_SMB_OFF_T */
3208
3209 /*
3210 * Ensure we haven't been sent a >32 bit offset.
3211 */
3212
3213 if(IVAL(req->vwv+8, 0) != 0) {
3214 DEBUG(0,("reply_readbraw: large offset "
3215 "(%x << 32) used and we don't support "
3216 "64 bit offsets.\n",
3217 (unsigned int)IVAL(req->vwv+8, 0) ));
3218 reply_readbraw_error(sconn);
3219 END_PROFILE(SMBreadbraw);
3220 return;
3221 }
3222
3223 #endif /* LARGE_SMB_OFF_T */
3224
3225 if(startpos < 0) {
3226 DEBUG(0,("reply_readbraw: negative 64 bit "
3227 "readraw offset (%.0f) !\n",
3228 (double)startpos ));
3229 reply_readbraw_error(sconn);
3230 END_PROFILE(SMBreadbraw);
3231 return;
3232 }
3233 }
3234
3235 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3236 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3237
3238 /* ensure we don't overrun the packet size */
3239 maxcount = MIN(65535,maxcount);
3240
3241 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3242 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3243 &lock);
3244
3245 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3246 reply_readbraw_error(sconn);
3247 END_PROFILE(SMBreadbraw);
3248 return;
3249 }
3250
3251 if (fsp_stat(fsp) == 0) {
3252 size = fsp->fsp_name->st.st_ex_size;
3253 }
3254
3255 if (startpos >= size) {
3256 nread = 0;
3257 } else {
3258 nread = MIN(maxcount,(size - startpos));
3259 }
3260
3261 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3262 if (nread < mincount)
3263 nread = 0;
3264 #endif
3265
3266 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3267 "min=%lu nread=%lu\n",
3268 fsp->fnum, (double)startpos,
3269 (unsigned long)maxcount,
3270 (unsigned long)mincount,
3271 (unsigned long)nread ) );
3272
3273 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3274
3275 DEBUG(5,("reply_readbraw finished\n"));
3276
3277 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3278
3279 END_PROFILE(SMBreadbraw);
3280 return;
3281 }
3282
3283 #undef DBGC_CLASS
3284 #define DBGC_CLASS DBGC_LOCKING
3285
3286 /****************************************************************************
3287 Reply to a lockread (core+ protocol).
3288 ****************************************************************************/
3289
3290 void reply_lockread(struct smb_request *req)
3291 {
3292 connection_struct *conn = req->conn;
3293 ssize_t nread = -1;
3294 char *data;
3295 SMB_OFF_T startpos;
3296 size_t numtoread;
3297 NTSTATUS status;
3298 files_struct *fsp;
3299 struct byte_range_lock *br_lck = NULL;
3300 char *p = NULL;
3301 struct smbd_server_connection *sconn = req->sconn;
3302
3303 START_PROFILE(SMBlockread);
3304
3305 if (req->wct < 5) {
3306 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3307 END_PROFILE(SMBlockread);
3308 return;
3309 }
3310
3311 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3312
3313 if (!check_fsp(conn, req, fsp)) {
3314 END_PROFILE(SMBlockread);
3315 return;
3316 }
3317
3318 if (!CHECK_READ(fsp,req)) {
3319 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3320 END_PROFILE(SMBlockread);
3321 return;
3322 }
3323
3324 numtoread = SVAL(req->vwv+1, 0);
3325 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3326
3327 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3328
3329 reply_outbuf(req, 5, numtoread + 3);
3330
3331 data = smb_buf(req->outbuf) + 3;
3332
3333 /*
3334 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3335 * protocol request that predates the read/write lock concept.
3336 * Thus instead of asking for a read lock here we need to ask
3337 * for a write lock. JRA.
3338 * Note that the requested lock size is unaffected by max_recv.
3339 */
3340
3341 br_lck = do_lock(req->sconn->msg_ctx,
3342 fsp,
3343 (uint64_t)req->smbpid,
3344 (uint64_t)numtoread,
3345 (uint64_t)startpos,
3346 WRITE_LOCK,
3347 WINDOWS_LOCK,
3348 False, /* Non-blocking lock. */
3349 &status,
3350 NULL,
3351 NULL);
3352 TALLOC_FREE(br_lck);
3353
3354 if (NT_STATUS_V(status)) {
3355 reply_nterror(req, status);
3356 END_PROFILE(SMBlockread);
3357 return;
3358 }
3359
3360 /*
3361 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3362 */
3363
3364 if (numtoread > sconn->smb1.negprot.max_recv) {
3365 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3366 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3367 (unsigned int)numtoread,
3368 (unsigned int)sconn->smb1.negprot.max_recv));
3369 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3370 }
3371 nread = read_file(fsp,data,startpos,numtoread);
3372
3373 if (nread < 0) {
3374 reply_nterror(req, map_nt_error_from_unix(errno));
3375 END_PROFILE(SMBlockread);
3376 return;
3377 }
3378
3379 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3380
3381 SSVAL(req->outbuf,smb_vwv0,nread);
3382 SSVAL(req->outbuf,smb_vwv5,nread+3);
3383 p = smb_buf(req->outbuf);
3384 SCVAL(p,0,0); /* pad byte. */
3385 SSVAL(p,1,nread);
3386
3387 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3388 fsp->fnum, (int)numtoread, (int)nread));
3389
3390 END_PROFILE(SMBlockread);
3391 return;
3392 }
3393
3394 #undef DBGC_CLASS
3395 #define DBGC_CLASS DBGC_ALL
3396
3397 /****************************************************************************
3398 Reply to a read.
3399 ****************************************************************************/
3400
3401 void reply_read(struct smb_request *req)
3402 {
3403 connection_struct *conn = req->conn;
3404 size_t numtoread;
3405 ssize_t nread = 0;
3406 char *data;
3407 SMB_OFF_T startpos;
3408 int outsize = 0;
3409 files_struct *fsp;
3410 struct lock_struct lock;
3411 struct smbd_server_connection *sconn = req->sconn;
3412
3413 START_PROFILE(SMBread);
3414
3415 if (req->wct < 3) {
3416 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3417 END_PROFILE(SMBread);
3418 return;
3419 }
3420
3421 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3422
3423 if (!check_fsp(conn, req, fsp)) {
3424 END_PROFILE(SMBread);
3425 return;
3426 }
3427
3428 if (!CHECK_READ(fsp,req)) {
3429 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3430 END_PROFILE(SMBread);
3431 return;
3432 }
3433
3434 numtoread = SVAL(req->vwv+1, 0);
3435 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3436
3437 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3438
3439 /*
3440 * The requested read size cannot be greater than max_recv. JRA.
3441 */
3442 if (numtoread > sconn->smb1.negprot.max_recv) {
3443 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3444 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3445 (unsigned int)numtoread,
3446 (unsigned int)sconn->smb1.negprot.max_recv));
3447 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3448 }
3449
3450 reply_outbuf(req, 5, numtoread+3);
3451
3452 data = smb_buf(req->outbuf) + 3;
3453
3454 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3455 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3456 &lock);
3457
3458 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3459 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3460 END_PROFILE(SMBread);
3461 return;
3462 }
3463
3464 if (numtoread > 0)
3465 nread = read_file(fsp,data,startpos,numtoread);
3466
3467 if (nread < 0) {
3468 reply_nterror(req, map_nt_error_from_unix(errno));
3469 goto strict_unlock;
3470 }
3471
3472 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3473
3474 SSVAL(req->outbuf,smb_vwv0,nread);
3475 SSVAL(req->outbuf,smb_vwv5,nread+3);
3476 SCVAL(smb_buf(req->outbuf),0,1);
3477 SSVAL(smb_buf(req->outbuf),1,nread);
3478
3479 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3480 fsp->fnum, (int)numtoread, (int)nread ) );
3481
3482 strict_unlock:
3483 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3484
3485 END_PROFILE(SMBread);
3486 return;
3487 }
3488
3489 /****************************************************************************
3490 Setup readX header.
3491 ****************************************************************************/
3492
3493 static int setup_readX_header(struct smb_request *req, char *outbuf,
3494 size_t smb_maxcnt)
3495 {
3496 int outsize;
3497 char *data;
3498
3499 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3500 data = smb_buf(outbuf);
3501
3502 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3503
3504 SCVAL(outbuf,smb_vwv0,0xFF);
3505 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3506 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3507 SSVAL(outbuf,smb_vwv6,
3508 req_wct_ofs(req)
3509 + 1 /* the wct field */
3510 + 12 * sizeof(uint16_t) /* vwv */
3511 + 2); /* the buflen field */
3512 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3513 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3514 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3515 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3516 return outsize;
3517 }
3518
3519 /****************************************************************************
3520 Reply to a read and X - possibly using sendfile.
3521 ****************************************************************************/
3522
3523 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3524 files_struct *fsp, SMB_OFF_T startpos,
3525 size_t smb_maxcnt)
3526 {
3527 ssize_t nread = -1;
3528 struct lock_struct lock;
3529 int saved_errno = 0;
3530
3531 if(fsp_stat(fsp) == -1) {
3532 reply_nterror(req, map_nt_error_from_unix(errno));
3533 return;
3534 }
3535
3536 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3537 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3538 &lock);
3539
3540 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3541 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3542 return;
3543 }
3544
3545 if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
3546 (startpos > fsp->fsp_name->st.st_ex_size)
3547 || (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
3548 /*
3549 * We already know that we would do a short read, so don't
3550 * try the sendfile() path.
3551 */
3552 goto nosendfile_read;
3553 }
3554
3555 /*
3556 * We can only use sendfile on a non-chained packet
3557 * but we can use on a non-oplocked file. tridge proved this
3558 * on a train in Germany :-). JRA.
3559 */
3560
3561 if (!req_is_in_chain(req) &&
3562 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3563 (fsp->wcp == NULL) &&
3564 lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
3565 uint8 headerbuf[smb_size + 12 * 2];
3566 DATA_BLOB header;
3567
3568 /*
3569 * Set up the packet header before send. We
3570 * assume here the sendfile will work (get the
3571 * correct amount of data).
3572 */
3573
3574 header = data_blob_const(headerbuf, sizeof(headerbuf));
3575
3576 construct_reply_common_req(req, (char *)headerbuf);
3577 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3578
3579 nread = SMB_VFS_SENDFILE(req->sconn->sock, fsp, &header,
3580 startpos, smb_maxcnt);
3581 if (nread == -1) {
3582 /* Returning ENOSYS means no data at all was sent.
3583 Do this as a normal read. */
3584 if (errno == ENOSYS) {
3585 goto normal_read;
3586 }
3587
3588 /*
3589 * Special hack for broken Linux with no working sendfile. If we
3590 * return EINTR we sent the header but not the rest of the data.
3591 * Fake this up by doing read/write calls.
3592 */
3593
3594 if (errno == EINTR) {
3595 /* Ensure we don't do this again. */
3596 set_use_sendfile(SNUM(conn), False);
3597 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3598 nread = fake_sendfile(fsp, startpos,
3599 smb_maxcnt);
3600 if (nread == -1) {
3601 DEBUG(0,("send_file_readX: "
3602 "fake_sendfile failed for "
3603 "file %s (%s).\n",
3604 fsp_str_dbg(fsp),
3605 strerror(errno)));
3606 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3607 }
3608 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3609 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3610 /* No outbuf here means successful sendfile. */
3611 goto strict_unlock;
3612 }
3613
3614 DEBUG(0,("send_file_readX: sendfile failed for file "
3615 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3616 strerror(errno)));
3617 exit_server_cleanly("send_file_readX sendfile failed");
3618 } else if (nread == 0) {
3619 /*
3620 * Some sendfile implementations return 0 to indicate
3621 * that there was a short read, but nothing was
3622 * actually written to the socket. In this case,
3623 * fallback to the normal read path so the header gets
3624 * the correct byte count.
3625 */
3626 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3627 "falling back to the normal read: %s\n",
3628 fsp_str_dbg(fsp)));
3629 goto normal_read;
3630 }
3631
3632 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3633 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3634
3635 /* Deal with possible short send. */
3636 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3637 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3638 }
3639 /* No outbuf here means successful sendfile. */
3640 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3641 SMB_PERFCOUNT_END(&req->pcd);
3642 goto strict_unlock;
3643 }
3644
3645 normal_read:
3646
3647 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3648 uint8 headerbuf[smb_size + 2*12];
3649
3650 construct_reply_common_req(req, (char *)headerbuf);
3651 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3652
3653 /* Send out the header. */
3654 if (write_data(req->sconn->sock, (char *)headerbuf,
3655 sizeof(headerbuf)) != sizeof(headerbuf)) {
3656
3657 char addr[INET6_ADDRSTRLEN];
3658 /*
3659 * Try and give an error message saying what
3660 * client failed.
3661 */
3662 DEBUG(0, ("write_data failed for client %s. "
3663 "Error %s\n",
3664 get_peer_addr(req->sconn->sock, addr,
3665 sizeof(addr)),
3666 strerror(errno)));
3667
3668 DEBUG(0,("send_file_readX: write_data failed for file "
3669 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3670 strerror(errno)));
3671 exit_server_cleanly("send_file_readX sendfile failed");
3672 }
3673 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3674 if (nread == -1) {
3675 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3676 "file %s (%s).\n", fsp_str_dbg(fsp),
3677 strerror(errno)));
3678 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3679 }
3680 goto strict_unlock;
3681 }
3682
3683 nosendfile_read:
3684
3685 reply_outbuf(req, 12, smb_maxcnt);
3686
3687 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3688 saved_errno = errno;
3689
3690 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3691
3692 if (nread < 0) {
3693 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3694 return;
3695 }
3696
3697 setup_readX_header(req, (char *)req->outbuf, nread);
3698
3699 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3700 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3701
3702 chain_reply(req);
3703 return;
3704
3705 strict_unlock:
3706 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3707 TALLOC_FREE(req->outbuf);
3708 return;
3709 }
3710
3711 /****************************************************************************
3712 Reply to a read and X.
3713 ****************************************************************************/
3714
3715 void reply_read_and_X(struct smb_request *req)
3716 {
3717 connection_struct *conn = req->conn;
3718 files_struct *fsp;
3719 SMB_OFF_T startpos;
3720 size_t smb_maxcnt;
3721 bool big_readX = False;
3722 #if 0
3723 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3724 #endif
3725
3726 START_PROFILE(SMBreadX);
3727
3728 if ((req->wct != 10) && (req->wct != 12)) {
3729 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3730 return;
3731 }
3732
3733 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3734 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3735 smb_maxcnt = SVAL(req->vwv+5, 0);
3736
3737 /* If it's an IPC, pass off the pipe handler. */
3738 if (IS_IPC(conn)) {
3739 reply_pipe_read_and_X(req);
3740 END_PROFILE(SMBreadX);
3741 return;
3742 }
3743
3744 if (!check_fsp(conn, req, fsp)) {
3745 END_PROFILE(SMBreadX);
3746 return;
3747 }
3748
3749 if (!CHECK_READ(fsp,req)) {
3750 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3751 END_PROFILE(SMBreadX);
3752 return;
3753 }
3754
3755 if (global_client_caps & CAP_LARGE_READX) {
3756 size_t upper_size = SVAL(req->vwv+7, 0);
3757 smb_maxcnt |= (upper_size<<16);
3758 if (upper_size > 1) {
3759 /* Can't do this on a chained packet. */
3760 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3761 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3762 END_PROFILE(SMBreadX);
3763 return;
3764 }
3765 /* We currently don't do this on signed or sealed data. */
3766 if (srv_is_signing_active(req->sconn) ||
3767 is_encrypted_packet(req->inbuf)) {
3768 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3769 END_PROFILE(SMBreadX);
3770 return;
3771 }
3772 /* Is there room in the reply for this data ? */
3773 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3774 reply_nterror(req,
3775 NT_STATUS_INVALID_PARAMETER);
3776 END_PROFILE(SMBreadX);
3777 return;
3778 }
3779 big_readX = True;
3780 }
3781 }
3782
3783 if (req->wct == 12) {
3784 #ifdef LARGE_SMB_OFF_T
3785 /*
3786 * This is a large offset (64 bit) read.
3787 */
3788 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3789
3790 #else /* !LARGE_SMB_OFF_T */
3791
3792 /*
3793 * Ensure we haven't been sent a >32 bit offset.
3794 */
3795
3796 if(IVAL(req->vwv+10, 0) != 0) {
3797 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3798 "used and we don't support 64 bit offsets.\n",
3799 (unsigned int)IVAL(req->vwv+10, 0) ));
3800 END_PROFILE(SMBreadX);
3801 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3802 return;
3803 }
3804
3805 #endif /* LARGE_SMB_OFF_T */
3806
3807 }
3808
3809 if (!big_readX) {
3810 NTSTATUS status = schedule_aio_read_and_X(conn,
3811 req,
3812 fsp,
3813 startpos,
3814 smb_maxcnt);
3815 if (NT_STATUS_IS_OK(status)) {
3816 /* Read scheduled - we're done. */
3817 goto out;
3818 }
3819 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
3820 /* Real error - report to client. */
3821 END_PROFILE(SMBreadX);
3822 reply_nterror(req, status);
3823 return;
3824 }
3825 /* NT_STATUS_RETRY - fall back to sync read. */
3826 }
3827
3828 smbd_lock_socket(req->sconn);
3829 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3830 smbd_unlock_socket(req->sconn);
3831
3832 out:
3833 END_PROFILE(SMBreadX);
3834 return;
3835 }
3836
3837 /****************************************************************************
3838 Error replies to writebraw must have smb_wct == 1. Fix this up.
3839 ****************************************************************************/
3840
3841 void error_to_writebrawerr(struct smb_request *req)
3842 {
3843 uint8 *old_outbuf = req->outbuf;
3844
3845 reply_outbuf(req, 1, 0);
3846
3847 memcpy(req->outbuf, old_outbuf, smb_size);
3848 TALLOC_FREE(old_outbuf);
3849 }
3850
3851 /****************************************************************************
3852 Read 4 bytes of a smb packet and return the smb length of the packet.
3853 Store the result in the buffer. This version of the function will
3854 never return a session keepalive (length of zero).
3855 Timeout is in milliseconds.
3856 ****************************************************************************/
3857
3858 static NTSTATUS read_smb_length(int fd, char *inbuf, unsigned int timeout,
3859 size_t *len)
3860 {
3861 uint8_t msgtype = SMBkeepalive;
3862
3863 while (msgtype == SMBkeepalive) {
3864 NTSTATUS status;
3865
3866 status = read_smb_length_return_keepalive(fd, inbuf, timeout,
3867 len);
3868 if (!NT_STATUS_IS_OK(status)) {
3869 char addr[INET6_ADDRSTRLEN];
3870 /* Try and give an error message
3871 * saying what client failed. */
3872 DEBUG(0, ("read_fd_with_timeout failed for "
3873 "client %s read error = %s.\n",
3874 get_peer_addr(fd,addr,sizeof(addr)),
3875 nt_errstr(status)));
3876 return status;
3877 }
3878
3879 msgtype = CVAL(inbuf, 0);
3880 }
3881
3882 DEBUG(10,("read_smb_length: got smb length of %lu\n",
3883 (unsigned long)len));
3884
3885 return NT_STATUS_OK;
3886 }
3887
3888 /****************************************************************************
3889 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3890 ****************************************************************************/
3891
3892 void reply_writebraw(struct smb_request *req)
3893 {
3894 connection_struct *conn = req->conn;
3895 char *buf = NULL;
3896 ssize_t nwritten=0;
3897 ssize_t total_written=0;
3898 size_t numtowrite=0;
3899 size_t tcount;
3900 SMB_OFF_T startpos;
3901 char *data=NULL;
3902 bool write_through;
3903 files_struct *fsp;
3904 struct lock_struct lock;
3905 NTSTATUS status;
3906
3907 START_PROFILE(SMBwritebraw);
3908
3909 /*
3910 * If we ever reply with an error, it must have the SMB command
3911 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3912 * we're finished.
3913 */
3914 SCVAL(req->inbuf,smb_com,SMBwritec);
3915
3916 if (srv_is_signing_active(req->sconn)) {
3917 END_PROFILE(SMBwritebraw);
3918 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3919 "raw reads/writes are disallowed.");
3920 }
3921
3922 if (req->wct < 12) {
3923 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3924 error_to_writebrawerr(req);
3925 END_PROFILE(SMBwritebraw);
3926 return;
3927 }
3928
3929 if (req->sconn->smb1.echo_handler.trusted_fde) {
3930 DEBUG(2,("SMBwritebraw rejected with NOT_SUPPORTED because of "
3931 "'async smb echo handler = yes'\n"));
3932 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3933 error_to_writebrawerr(req);
3934 END_PROFILE(SMBwritebraw);
3935 return;
3936 }
3937
3938 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3939 if (!check_fsp(conn, req, fsp)) {
3940 error_to_writebrawerr(req);
3941 END_PROFILE(SMBwritebraw);
3942 return;
3943 }
3944
3945 if (!CHECK_WRITE(fsp)) {
3946 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
3947 error_to_writebrawerr(req);
3948 END_PROFILE(SMBwritebraw);
3949 return;
3950 }
3951
3952 tcount = IVAL(req->vwv+1, 0);
3953 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3954 write_through = BITSETW(req->vwv+7,0);
3955
3956 /* We have to deal with slightly different formats depending
3957 on whether we are using the core+ or lanman1.0 protocol */
3958
3959 if(get_Protocol() <= PROTOCOL_COREPLUS) {
3960 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3961 data = smb_buf(req->inbuf);
3962 } else {
3963 numtowrite = SVAL(req->vwv+10, 0);
3964 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3965 }
3966
3967 /* Ensure we don't write bytes past the end of this packet. */
3968 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3969 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3970 error_to_writebrawerr(req);
3971 END_PROFILE(SMBwritebraw);
3972 return;
3973 }
3974
3975 if (!fsp->print_file) {
3976 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
3977 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3978 &lock);
3979
3980 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3981 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
3982 error_to_writebrawerr(req);
3983 END_PROFILE(SMBwritebraw);
3984 return;
3985 }
3986 }
3987
3988 if (numtowrite>0) {
3989 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3990 }
3991
3992 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3993 "wrote=%d sync=%d\n",
3994 fsp->fnum, (double)startpos, (int)numtowrite,
3995 (int)nwritten, (int)write_through));
3996
3997 if (nwritten < (ssize_t)numtowrite) {
3998 reply_nterror(req, NT_STATUS_DISK_FULL);
3999 error_to_writebrawerr(req);
4000 goto strict_unlock;
4001 }
4002
4003 total_written = nwritten;
4004
4005 /* Allocate a buffer of 64k + length. */
4006 buf = TALLOC_ARRAY(NULL, char, 65540);
4007 if (!buf) {
4008 reply_nterror(req, NT_STATUS_NO_MEMORY);
4009 error_to_writebrawerr(req);
4010 goto strict_unlock;
4011 }
4012
4013 /* Return a SMBwritebraw message to the redirector to tell
4014 * it to send more bytes */
4015
4016 memcpy(buf, req->inbuf, smb_size);
4017 srv_set_message(buf,get_Protocol()>PROTOCOL_COREPLUS?1:0,0,True);
4018 SCVAL(buf,smb_com,SMBwritebraw);
4019 SSVALS(buf,smb_vwv0,0xFFFF);
4020 show_msg(buf);
4021 if (!srv_send_smb(req->sconn,
4022 buf,
4023 false, 0, /* no signing */
4024 IS_CONN_ENCRYPTED(conn),
4025 &req->pcd)) {
4026 exit_server_cleanly("reply_writebraw: srv_send_smb "
4027 "failed.");
4028 }
4029
4030 /* Now read the raw data into the buffer and write it */
4031 status = read_smb_length(req->sconn->sock, buf, SMB_SECONDARY_WAIT,
4032 &numtowrite);
4033 if (!NT_STATUS_IS_OK(status)) {
4034 exit_server_cleanly("secondary writebraw failed");
4035 }
4036
4037 /* Set up outbuf to return the correct size */
4038 reply_outbuf(req, 1, 0);
4039
4040 if (numtowrite != 0) {
4041
4042 if (numtowrite > 0xFFFF) {
4043 DEBUG(0,("reply_writebraw: Oversize secondary write "
4044 "raw requested (%u). Terminating\n",
4045 (unsigned int)numtowrite ));
4046 exit_server_cleanly("secondary writebraw failed");
4047 }
4048
4049 if (tcount > nwritten+numtowrite) {
4050 DEBUG(3,("reply_writebraw: Client overestimated the "
4051 "write %d %d %d\n",
4052 (int)tcount,(int)nwritten,(int)numtowrite));
4053 }
4054
4055 status = read_data(req->sconn->sock, buf+4, numtowrite);
4056
4057 if (!NT_STATUS_IS_OK(status)) {
4058 char addr[INET6_ADDRSTRLEN];
4059 /* Try and give an error message
4060 * saying what client failed. */
4061 DEBUG(0, ("reply_writebraw: Oversize secondary write "
4062 "raw read failed (%s) for client %s. "
4063 "Terminating\n", nt_errstr(status),
4064 get_peer_addr(req->sconn->sock, addr,
4065 sizeof(addr))));
4066 exit_server_cleanly("secondary writebraw failed");
4067 }
4068
4069 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
4070 if (nwritten == -1) {
4071 TALLOC_FREE(buf);
4072 reply_nterror(req, map_nt_error_from_unix(errno));
4073 error_to_writebrawerr(req);
4074 goto strict_unlock;
4075 }
4076
4077 if (nwritten < (ssize_t)numtowrite) {
4078 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4079 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4080 }
4081
4082 if (nwritten > 0) {
4083 total_written += nwritten;
4084 }
4085 }
4086
4087 TALLOC_FREE(buf);
4088 SSVAL(req->outbuf,smb_vwv0,total_written);
4089
4090 status = sync_file(conn, fsp, write_through);
4091 if (!NT_STATUS_IS_OK(status)) {
4092 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
4093 fsp_str_dbg(fsp), nt_errstr(status)));
4094 reply_nterror(req, status);
4095 error_to_writebrawerr(req);
4096 goto strict_unlock;
4097 }
4098
4099 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
4100 "wrote=%d\n",
4101 fsp->fnum, (double)startpos, (int)numtowrite,
4102 (int)total_written));
4103
4104 if (!fsp->print_file) {
4105 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4106 }
4107
4108 /* We won't return a status if write through is not selected - this
4109 * follows what WfWg does */
4110 END_PROFILE(SMBwritebraw);
4111
4112 if (!write_through && total_written==tcount) {
4113
4114 #if RABBIT_PELLET_FIX
4115 /*
4116 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
4117 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
4118 * JRA.
4119 */
4120 if (!send_keepalive(req->sconn->sock)) {
4121 exit_server_cleanly("reply_writebraw: send of "
4122 "keepalive failed");
4123 }
4124 #endif
4125 TALLOC_FREE(req->outbuf);
4126 }
4127 return;
4128
4129 strict_unlock:
4130 if (!fsp->print_file) {
4131 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4132 }
4133
4134 END_PROFILE(SMBwritebraw);
4135 return;
4136 }
4137
4138 #undef DBGC_CLASS
4139 #define DBGC_CLASS DBGC_LOCKING
4140
4141 /****************************************************************************
4142 Reply to a writeunlock (core+).
4143 ****************************************************************************/
4144
4145 void reply_writeunlock(struct smb_request *req)
4146 {
4147 connection_struct *conn = req->conn;
4148 ssize_t nwritten = -1;
4149 size_t numtowrite;
4150 SMB_OFF_T startpos;
4151 const char *data;
4152 NTSTATUS status = NT_STATUS_OK;
4153 files_struct *fsp;
4154 struct lock_struct lock;
4155 int saved_errno = 0;
4156
4157 START_PROFILE(SMBwriteunlock);
4158
4159 if (req->wct < 5) {
4160 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4161 END_PROFILE(SMBwriteunlock);
4162 return;
4163 }
4164
4165 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4166
4167 if (!check_fsp(conn, req, fsp)) {
4168 END_PROFILE(SMBwriteunlock);
4169 return;
4170 }
4171
4172 if (!CHECK_WRITE(fsp)) {
4173 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4174 END_PROFILE(SMBwriteunlock);
4175 return;
4176 }
4177
4178 numtowrite = SVAL(req->vwv+1, 0);
4179 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4180 data = (const char *)req->buf + 3;
4181
4182 if (!fsp->print_file && numtowrite > 0) {
4183 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4184 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4185 &lock);
4186
4187 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4188 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4189 END_PROFILE(SMBwriteunlock);
4190 return;
4191 }
4192 }
4193
4194 /* The special X/Open SMB protocol handling of
4195 zero length writes is *NOT* done for
4196 this call */
4197 if(numtowrite == 0) {
4198 nwritten = 0;
4199 } else {
4200 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4201 saved_errno = errno;
4202 }
4203
4204 status = sync_file(conn, fsp, False /* write through */);
4205 if (!NT_STATUS_IS_OK(status)) {
4206 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4207 fsp_str_dbg(fsp), nt_errstr(status)));
4208 reply_nterror(req, status);
4209 goto strict_unlock;
4210 }
4211
4212 if(nwritten < 0) {
4213 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4214 goto strict_unlock;
4215 }
4216
4217 if((nwritten < numtowrite) && (numtowrite != 0)) {
4218 reply_nterror(req, NT_STATUS_DISK_FULL);
4219 goto strict_unlock;
4220 }
4221
4222 if (numtowrite && !fsp->print_file) {
4223 status = do_unlock(req->sconn->msg_ctx,
4224 fsp,
4225 (uint64_t)req->smbpid,
4226 (uint64_t)numtowrite,
4227 (uint64_t)startpos,
4228 WINDOWS_LOCK);
4229
4230 if (NT_STATUS_V(status)) {
4231 reply_nterror(req, status);
4232 goto strict_unlock;
4233 }
4234 }
4235
4236 reply_outbuf(req, 1, 0);
4237
4238 SSVAL(req->outbuf,smb_vwv0,nwritten);
4239
4240 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
4241 fsp->fnum, (int)numtowrite, (int)nwritten));
4242
4243 strict_unlock:
4244 if (numtowrite && !fsp->print_file) {
4245 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4246 }
4247
4248 END_PROFILE(SMBwriteunlock);
4249 return;
4250 }
4251
4252 #undef DBGC_CLASS
4253 #define DBGC_CLASS DBGC_ALL
4254
4255 /****************************************************************************
4256 Reply to a write.
4257 ****************************************************************************/
4258
4259 void reply_write(struct smb_request *req)
4260 {
4261 connection_struct *conn = req->conn;
4262 size_t numtowrite;
4263 ssize_t nwritten = -1;
4264 SMB_OFF_T startpos;
4265 const char *data;
4266 files_struct *fsp;
4267 struct lock_struct lock;
4268 NTSTATUS status;
4269 int saved_errno = 0;
4270
4271 START_PROFILE(SMBwrite);
4272
4273 if (req->wct < 5) {
4274 END_PROFILE(SMBwrite);
4275 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4276 return;
4277 }
4278
4279 /* If it's an IPC, pass off the pipe handler. */
4280 if (IS_IPC(conn)) {
4281 reply_pipe_write(req);
4282 END_PROFILE(SMBwrite);
4283 return;
4284 }
4285
4286 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4287
4288 if (!check_fsp(conn, req, fsp)) {
4289 END_PROFILE(SMBwrite);
4290 return;
4291 }
4292
4293 if (!CHECK_WRITE(fsp)) {
4294 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4295 END_PROFILE(SMBwrite);
4296 return;
4297 }
4298
4299 numtowrite = SVAL(req->vwv+1, 0);
4300 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4301 data = (const char *)req->buf + 3;
4302
4303 if (!fsp->print_file) {
4304 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4305 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4306 &lock);
4307
4308 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4309 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4310 END_PROFILE(SMBwrite);
4311 return;
4312 }
4313 }
4314
4315 /*
4316 * X/Open SMB protocol says that if smb_vwv1 is
4317 * zero then the file size should be extended or
4318 * truncated to the size given in smb_vwv[2-3].
4319 */
4320
4321 if(numtowrite == 0) {
4322 /*
4323 * This is actually an allocate call, and set EOF. JRA.
4324 */
4325 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
4326 if (nwritten < 0) {
4327 reply_nterror(req, NT_STATUS_DISK_FULL);
4328 goto strict_unlock;
4329 }
4330 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
4331 if (nwritten < 0) {
4332 reply_nterror(req, NT_STATUS_DISK_FULL);
4333 goto strict_unlock;
4334 }
4335 trigger_write_time_update_immediate(fsp);
4336 } else {
4337 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4338 }
4339
4340 status = sync_file(conn, fsp, False);
4341 if (!NT_STATUS_IS_OK(status)) {
4342 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4343 fsp_str_dbg(fsp), nt_errstr(status)));
4344 reply_nterror(req, status);
4345 goto strict_unlock;
4346 }
4347
4348 if(nwritten < 0) {
4349 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4350 goto strict_unlock;
4351 }
4352
4353 if((nwritten == 0) && (numtowrite != 0)) {
4354 reply_nterror(req, NT_STATUS_DISK_FULL);
4355 goto strict_unlock;
4356 }
4357
4358 reply_outbuf(req, 1, 0);
4359
4360 SSVAL(req->outbuf,smb_vwv0,nwritten);
4361
4362 if (nwritten < (ssize_t)numtowrite) {
4363 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4364 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4365 }
4366
4367 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
4368
4369 strict_unlock:
4370 if (!fsp->print_file) {
4371 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4372 }
4373
4374 END_PROFILE(SMBwrite);
4375 return;
4376 }
4377
4378 /****************************************************************************
4379 Ensure a buffer is a valid writeX for recvfile purposes.
4380 ****************************************************************************/
4381
4382 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4383 (2*14) + /* word count (including bcc) */ \
4384 1 /* pad byte */)
4385
4386 bool is_valid_writeX_buffer(struct smbd_server_connection *sconn,
4387 const uint8_t *inbuf)
4388 {
4389 size_t numtowrite;
4390 connection_struct *conn = NULL;
4391 unsigned int doff = 0;
4392 size_t len = smb_len_large(inbuf);
4393
4394 if (is_encrypted_packet(inbuf)) {
4395 /* Can't do this on encrypted
4396 * connections. */
4397 return false;
4398 }
4399
4400 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4401 return false;
4402 }
4403
4404 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4405 CVAL(inbuf,smb_wct) != 14) {
4406 DEBUG(10,("is_valid_writeX_buffer: chained or "
4407 "invalid word length.\n"));
4408 return false;
4409 }
4410
4411 conn = conn_find(sconn, SVAL(inbuf, smb_tid));
4412 if (conn == NULL) {
4413 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4414 return false;
4415 }
4416 if (IS_IPC(conn)) {
4417 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4418 return false;
4419 }
4420 if (IS_PRINT(conn)) {
4421 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4422 return false;
4423 }
4424 doff = SVAL(inbuf,smb_vwv11);
4425
4426 numtowrite = SVAL(inbuf,smb_vwv10);
4427
4428 if (len > doff && len - doff > 0xFFFF) {
4429 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4430 }
4431
4432 if (numtowrite == 0) {
4433 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4434 return false;
4435 }
4436
4437 /* Ensure the sizes match up. */
4438 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4439 /* no pad byte...old smbclient :-( */
4440 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4441 (unsigned int)doff,
4442 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4443 return false;
4444 }
4445
4446 if (len - doff != numtowrite) {
4447 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4448 "len = %u, doff = %u, numtowrite = %u\n",
4449 (unsigned int)len,
4450 (unsigned int)doff,
4451 (unsigned int)numtowrite ));
4452 return false;
4453 }
4454
4455 DEBUG(10,("is_valid_writeX_buffer: true "
4456 "len = %u, doff = %u, numtowrite = %u\n",
4457 (unsigned int)len,
4458 (unsigned int)doff,
4459 (unsigned int)numtowrite ));
4460
4461 return true;
4462 }
4463
4464 /****************************************************************************
4465 Reply to a write and X.
4466 ****************************************************************************/
4467
4468 void reply_write_and_X(struct smb_request *req)
4469 {
4470 connection_struct *conn = req->conn;
4471 files_struct *fsp;
4472 struct lock_struct lock;
4473 SMB_OFF_T startpos;
4474 size_t numtowrite;
4475 bool write_through;
4476 ssize_t nwritten;
4477 unsigned int smb_doff;
4478 unsigned int smblen;
4479 char *data;
4480 NTSTATUS status;
4481 int saved_errno = 0;
4482
4483 START_PROFILE(SMBwriteX);
4484
4485 if ((req->wct != 12) && (req->wct != 14)) {
4486 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4487 END_PROFILE(SMBwriteX);
4488 return;
4489 }
4490
4491 numtowrite = SVAL(req->vwv+10, 0);
4492 smb_doff = SVAL(req->vwv+11, 0);
4493 smblen = smb_len(req->inbuf);
4494
4495 if (req->unread_bytes > 0xFFFF ||
4496 (smblen > smb_doff &&
4497 smblen - smb_doff > 0xFFFF)) {
4498 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4499 }
4500
4501 if (req->unread_bytes) {
4502 /* Can't do a recvfile write on IPC$ */
4503 if (IS_IPC(conn)) {
4504 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4505 END_PROFILE(SMBwriteX);
4506 return;
4507 }
4508 if (numtowrite != req->unread_bytes) {
4509 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4510 END_PROFILE(SMBwriteX);
4511 return;
4512 }
4513 } else {
4514 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4515 smb_doff + numtowrite > smblen) {
4516 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4517 END_PROFILE(SMBwriteX);
4518 return;
4519 }
4520 }
4521
4522 /* If it's an IPC, pass off the pipe handler. */
4523 if (IS_IPC(conn)) {
4524 if (req->unread_bytes) {
4525 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4526 END_PROFILE(SMBwriteX);
4527 return;
4528 }
4529 reply_pipe_write_and_X(req);
4530 END_PROFILE(SMBwriteX);
4531 return;
4532 }
4533
4534 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4535 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4536 write_through = BITSETW(req->vwv+7,0);
4537
4538 if (!check_fsp(conn, req, fsp)) {
4539 END_PROFILE(SMBwriteX);
4540 return;
4541 }
4542
4543 if (!CHECK_WRITE(fsp)) {
4544 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4545 END_PROFILE(SMBwriteX);
4546 return;
4547 }
4548
4549 data = smb_base(req->inbuf) + smb_doff;
4550
4551 if(req->wct == 14) {
4552 #ifdef LARGE_SMB_OFF_T
4553 /*
4554 * This is a large offset (64 bit) write.
4555 */
4556 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4557
4558 #else /* !LARGE_SMB_OFF_T */
4559
4560 /*
4561 * Ensure we haven't been sent a >32 bit offset.
4562 */
4563
4564 if(IVAL(req->vwv+12, 0) != 0) {
4565 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4566 "used and we don't support 64 bit offsets.\n",
4567 (unsigned int)IVAL(req->vwv+12, 0) ));
4568 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4569 END_PROFILE(SMBwriteX);
4570 return;
4571 }
4572
4573 #endif /* LARGE_SMB_OFF_T */
4574 }
4575
4576 /* X/Open SMB protocol says that, unlike SMBwrite
4577 if the length is zero then NO truncation is
4578 done, just a write of zero. To truncate a file,
4579 use SMBwrite. */
4580
4581 if(numtowrite == 0) {
4582 nwritten = 0;
4583 } else {
4584 if (req->unread_bytes == 0) {
4585 status = schedule_aio_write_and_X(conn,
4586 req,
4587 fsp,
4588 data,
4589 startpos,
4590 numtowrite);
4591
4592 if (NT_STATUS_IS_OK(status)) {
4593 /* write scheduled - we're done. */
4594 goto out;
4595 }
4596 if (!NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
4597 /* Real error - report to client. */
4598 reply_nterror(req, status);
4599 goto out;
4600 }
4601 /* NT_STATUS_RETRY - fall through to sync write. */
4602 }
4603
4604 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4605 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4606 &lock);
4607
4608 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4609 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4610 goto out;
4611 }
4612
4613 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4614 saved_errno = errno;
4615
4616 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4617 }
4618
4619 if(nwritten < 0) {
4620 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4621 goto out;
4622 }
4623
4624 if((nwritten == 0) && (numtowrite != 0)) {
4625 reply_nterror(req, NT_STATUS_DISK_FULL);
4626 goto out;
4627 }
4628
4629 reply_outbuf(req, 6, 0);
4630 SSVAL(req->outbuf,smb_vwv2,nwritten);
4631 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4632
4633 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4634 fsp->fnum, (int)numtowrite, (int)nwritten));
4635
4636 status = sync_file(conn, fsp, write_through);
4637 if (!NT_STATUS_IS_OK(status)) {
4638 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4639 fsp_str_dbg(fsp), nt_errstr(status)));
4640 reply_nterror(req, status);
4641 goto out;
4642 }
4643
4644 END_PROFILE(SMBwriteX);
4645 chain_reply(req);
4646 return;
4647
4648 out:
4649 END_PROFILE(SMBwriteX);
4650 return;
4651 }
4652
4653 /****************************************************************************
4654 Reply to a lseek.
4655 ****************************************************************************/
4656
4657 void reply_lseek(struct smb_request *req)
4658 {
4659 connection_struct *conn = req->conn;
4660 SMB_OFF_T startpos;
4661 SMB_OFF_T res= -1;
4662 int mode,umode;
4663 files_struct *fsp;
4664
4665 START_PROFILE(SMBlseek);
4666
4667 if (req->wct < 4) {
4668 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4669 END_PROFILE(SMBlseek);
4670 return;
4671 }
4672
4673 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4674
4675 if (!check_fsp(conn, req, fsp)) {
4676 return;
4677 }
4678
4679 flush_write_cache(fsp, SEEK_FLUSH);
4680
4681 mode = SVAL(req->vwv+1, 0) & 3;
4682 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4683 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4684
4685 switch (mode) {
4686 case 0:
4687 umode = SEEK_SET;
4688 res = startpos;
4689 break;
4690 case 1:
4691 umode = SEEK_CUR;
4692 res = fsp->fh->pos + startpos;
4693 break;
4694 case 2:
4695 umode = SEEK_END;
4696 break;
4697 default:
4698 umode = SEEK_SET;
4699 res = startpos;
4700 break;
4701 }
4702
4703 if (umode == SEEK_END) {
4704 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4705 if(errno == EINVAL) {
4706 SMB_OFF_T current_pos = startpos;
4707
4708 if(fsp_stat(fsp) == -1) {
4709 reply_nterror(req,
4710 map_nt_error_from_unix(errno));
4711 END_PROFILE(SMBlseek);
4712 return;
4713 }
4714
4715 current_pos += fsp->fsp_name->st.st_ex_size;
4716 if(current_pos < 0)
4717 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4718 }
4719 }
4720
4721 if(res == -1) {
4722 reply_nterror(req, map_nt_error_from_unix(errno));
4723 END_PROFILE(SMBlseek);
4724 return;
4725 }
4726 }
4727
4728 fsp->fh->pos = res;
4729
4730 reply_outbuf(req, 2, 0);
4731 SIVAL(req->outbuf,smb_vwv0,res);
4732
4733 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4734 fsp->fnum, (double)startpos, (double)res, mode));
4735
4736 END_PROFILE(SMBlseek);
4737 return;
4738 }
4739
4740 /****************************************************************************
4741 Reply to a flush.
4742 ****************************************************************************/
4743
4744 void reply_flush(struct smb_request *req)
4745 {
4746 connection_struct *conn = req->conn;
4747 uint16 fnum;
4748 files_struct *fsp;
4749
4750 START_PROFILE(SMBflush);
4751
4752 if (req->wct < 1) {
4753 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4754 return;
4755 }
4756
4757 fnum = SVAL(req->vwv+0, 0);
4758 fsp = file_fsp(req, fnum);
4759
4760 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4761 return;
4762 }
4763
4764 if (!fsp) {
4765 file_sync_all(conn);
4766 } else {
4767 NTSTATUS status = sync_file(conn, fsp, True);
4768 if (!NT_STATUS_IS_OK(status)) {
4769 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4770 fsp_str_dbg(fsp), nt_errstr(status)));
4771 reply_nterror(req, status);
4772 END_PROFILE(SMBflush);
4773 return;
4774 }
4775 }
4776
4777 reply_outbuf(req, 0, 0);
4778
4779 DEBUG(3,("flush\n"));
4780 END_PROFILE(SMBflush);
4781 return;
4782 }
4783
4784 /****************************************************************************
4785 Reply to a exit.
4786 conn POINTER CAN BE NULL HERE !
4787 ****************************************************************************/
4788
4789 void reply_exit(struct smb_request *req)
4790 {
4791 START_PROFILE(SMBexit);
4792
4793 file_close_pid(req->sconn, req->smbpid, req->vuid);
4794
4795 reply_outbuf(req, 0, 0);
4796
4797 DEBUG(3,("exit\n"));
4798
4799 END_PROFILE(SMBexit);
4800 return;
4801 }
4802
4803 /****************************************************************************
4804 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4805 ****************************************************************************/
4806
4807 void reply_close(struct smb_request *req)
4808 {
4809 connection_struct *conn = req->conn;
4810 NTSTATUS status = NT_STATUS_OK;
4811 files_struct *fsp = NULL;
4812 START_PROFILE(SMBclose);
4813
4814 if (req->wct < 3) {
4815 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4816 END_PROFILE(SMBclose);
4817 return;
4818 }
4819
4820 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4821
4822 /*
4823 * We can only use check_fsp if we know it's not a directory.
4824 */
4825
4826 if (!check_fsp_open(conn, req, fsp)) {
4827 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
4828 END_PROFILE(SMBclose);
4829 return;
4830 }
4831
4832 if(fsp->is_directory) {
4833 /*
4834 * Special case - close NT SMB directory handle.
4835 */
4836 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4837 status = close_file(req, fsp, NORMAL_CLOSE);
4838 } else {
4839 time_t t;
4840 /*
4841 * Close ordinary file.
4842 */
4843
4844 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4845 fsp->fh->fd, fsp->fnum,
4846 conn->num_files_open));
4847
4848 /*
4849 * Take care of any time sent in the close.
4850 */
4851
4852 t = srv_make_unix_date3(req->vwv+1);
4853 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4854
4855 /*
4856 * close_file() returns the unix errno if an error
4857 * was detected on close - normally this is due to
4858 * a disk full error. If not then it was probably an I/O error.
4859 */
4860
4861 status = close_file(req, fsp, NORMAL_CLOSE);
4862 }
4863
4864 if (!NT_STATUS_IS_OK(status)) {
4865 reply_nterror(req, status);
4866 END_PROFILE(SMBclose);
4867 return;
4868 }
4869
4870 reply_outbuf(req, 0, 0);
4871 END_PROFILE(SMBclose);
4872 return;
4873 }
4874
4875 /****************************************************************************
4876 Reply to a writeclose (Core+ protocol).
4877 ****************************************************************************/
4878
4879 void reply_writeclose(struct smb_request *req)
4880 {
4881 connection_struct *conn = req->conn;
4882 size_t numtowrite;
4883 ssize_t nwritten = -1;
4884 NTSTATUS close_status = NT_STATUS_OK;
4885 SMB_OFF_T startpos;
4886 const char *data;
4887 struct timespec mtime;
4888 files_struct *fsp;
4889 struct lock_struct lock;
4890
4891 START_PROFILE(SMBwriteclose);
4892
4893 if (req->wct < 6) {
4894 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4895 END_PROFILE(SMBwriteclose);
4896 return;
4897 }
4898
4899 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4900
4901 if (!check_fsp(conn, req, fsp)) {
4902 END_PROFILE(SMBwriteclose);
4903 return;
4904 }
4905 if (!CHECK_WRITE(fsp)) {
4906 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
4907 END_PROFILE(SMBwriteclose);
4908 return;
4909 }
4910
4911 numtowrite = SVAL(req->vwv+1, 0);
4912 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4913 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4914 data = (const char *)req->buf + 1;
4915
4916 if (!fsp->print_file) {
4917 init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
4918 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4919 &lock);
4920
4921 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4922 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
4923 END_PROFILE(SMBwriteclose);
4924 return;
4925 }
4926 }
4927
4928 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4929
4930 set_close_write_time(fsp, mtime);
4931
4932 /*
4933 * More insanity. W2K only closes the file if writelen > 0.
4934 * JRA.
4935 */
4936
4937 if (numtowrite) {
4938 DEBUG(3,("reply_writeclose: zero length write doesn't close "
4939 "file %s\n", fsp_str_dbg(fsp)));
4940 close_status = close_file(req, fsp, NORMAL_CLOSE);
4941 }
4942
4943 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4944 fsp->fnum, (int)numtowrite, (int)nwritten,
4945 conn->num_files_open));
4946
4947 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4948 reply_nterror(req, NT_STATUS_DISK_FULL);
4949 goto strict_unlock;
4950 }
4951
4952 if(!NT_STATUS_IS_OK(close_status)) {
4953 reply_nterror(req, close_status);
4954 goto strict_unlock;
4955 }
4956
4957 reply_outbuf(req, 1, 0);
4958
4959 SSVAL(req->outbuf,smb_vwv0,nwritten);
4960
4961 strict_unlock:
4962 if (numtowrite && !fsp->print_file) {
4963 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4964 }
4965
4966 END_PROFILE(SMBwriteclose);
4967 return;
4968 }
4969
4970 #undef DBGC_CLASS
4971 #define DBGC_CLASS DBGC_LOCKING
4972
4973 /****************************************************************************
4974 Reply to a lock.
4975 ****************************************************************************/
4976
4977 void reply_lock(struct smb_request *req)
4978 {
4979 connection_struct *conn = req->conn;
4980 uint64_t count,offset;
4981 NTSTATUS status;
4982 files_struct *fsp;
4983 struct byte_range_lock *br_lck = NULL;
4984
4985 START_PROFILE(SMBlock);
4986
4987 if (req->wct < 5) {
4988 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4989 END_PROFILE(SMBlock);
4990 return;
4991 }
4992
4993 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4994
4995 if (!check_fsp(conn, req, fsp)) {
4996 END_PROFILE(SMBlock);
4997 return;
4998 }
4999
5000 count = (uint64_t)IVAL(req->vwv+1, 0);
5001 offset = (uint64_t)IVAL(req->vwv+3, 0);
5002
5003 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
5004 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
5005
5006 br_lck = do_lock(req->sconn->msg_ctx,
5007 fsp,
5008 (uint64_t)req->smbpid,
5009 count,
5010 offset,
5011 WRITE_LOCK,
5012 WINDOWS_LOCK,
5013 False, /* Non-blocking lock. */
5014 &status,
5015 NULL,
5016 NULL);
5017
5018 TALLOC_FREE(br_lck);
5019
5020 if (NT_STATUS_V(status)) {
5021 reply_nterror(req, status);
5022 END_PROFILE(SMBlock);
5023 return;
5024 }
5025
5026 reply_outbuf(req, 0, 0);
5027
5028 END_PROFILE(SMBlock);
5029 return;
5030 }
5031
5032 /****************************************************************************
5033 Reply to a unlock.
5034 ****************************************************************************/
5035
5036 void reply_unlock(struct smb_request *req)
5037 {
5038 connection_struct *conn = req->conn;
5039 uint64_t count,offset;
5040 NTSTATUS status;
5041 files_struct *fsp;
5042
5043 START_PROFILE(SMBunlock);
5044
5045 if (req->wct < 5) {
5046 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5047 END_PROFILE(SMBunlock);
5048 return;
5049 }
5050
5051 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5052
5053 if (!check_fsp(conn, req, fsp)) {
5054 END_PROFILE(SMBunlock);
5055 return;
5056 }
5057
5058 count = (uint64_t)IVAL(req->vwv+1, 0);
5059 offset = (uint64_t)IVAL(req->vwv+3, 0);
5060
5061 status = do_unlock(req->sconn->msg_ctx,
5062 fsp,
5063 (uint64_t)req->smbpid,
5064 count,
5065 offset,
5066 WINDOWS_LOCK);
5067
5068 if (NT_STATUS_V(status)) {
5069 reply_nterror(req, status);
5070 END_PROFILE(SMBunlock);
5071 return;
5072 }
5073
5074 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
5075 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
5076
5077 reply_outbuf(req, 0, 0);
5078
5079 END_PROFILE(SMBunlock);
5080 return;
5081 }
5082
5083 #undef DBGC_CLASS
5084 #define DBGC_CLASS DBGC_ALL
5085
5086 /****************************************************************************
5087 Reply to a tdis.
5088 conn POINTER CAN BE NULL HERE !
5089 ****************************************************************************/
5090
5091 void reply_tdis(struct smb_request *req)
5092 {
5093 connection_struct *conn = req->conn;
5094 START_PROFILE(SMBtdis);
5095
5096 if (!conn) {
5097 DEBUG(4,("Invalid connection in tdis\n"));
5098 reply_nterror(req, NT_STATUS_NETWORK_NAME_DELETED);
5099 END_PROFILE(SMBtdis);
5100 return;
5101 }
5102
5103 conn->used = False;
5104
5105 close_cnum(conn,req->vuid);
5106 req->conn = NULL;
5107
5108 reply_outbuf(req, 0, 0);
5109 END_PROFILE(SMBtdis);
5110 return;
5111 }
5112
5113 /****************************************************************************
5114 Reply to a echo.
5115 conn POINTER CAN BE NULL HERE !
5116 ****************************************************************************/
5117
5118 void reply_echo(struct smb_request *req)
5119 {
5120 connection_struct *conn = req->conn;
5121 struct smb_perfcount_data local_pcd;
5122 struct smb_perfcount_data *cur_pcd;
5123 int smb_reverb;
5124 int seq_num;
5125
5126 START_PROFILE(SMBecho);
5127
5128 smb_init_perfcount_data(&local_pcd);
5129
5130 if (req->wct < 1) {
5131 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5132 END_PROFILE(SMBecho);
5133 return;
5134 }
5135
5136 smb_reverb = SVAL(req->vwv+0, 0);
5137
5138 reply_outbuf(req, 1, req->buflen);
5139
5140 /* copy any incoming data back out */
5141 if (req->buflen > 0) {
5142 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
5143 }
5144
5145 if (smb_reverb > 100) {
5146 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
5147 smb_reverb = 100;
5148 }
5149
5150 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
5151
5152 /* this makes sure we catch the request pcd */
5153 if (seq_num == smb_reverb) {
5154 cur_pcd = &req->pcd;
5155 } else {
5156 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
5157 cur_pcd = &local_pcd;
5158 }
5159
5160 SSVAL(req->outbuf,smb_vwv0,seq_num);
5161
5162 show_msg((char *)req->outbuf);
5163 if (!srv_send_smb(req->sconn,
5164 (char *)req->outbuf,
5165 true, req->seqnum+1,
5166 IS_CONN_ENCRYPTED(conn)||req->encrypted,
5167 cur_pcd))
5168 exit_server_cleanly("reply_echo: srv_send_smb failed.");
5169 }
5170
5171 DEBUG(3,("echo %d times\n", smb_reverb));
5172
5173 TALLOC_FREE(req->outbuf);
5174
5175 END_PROFILE(SMBecho);
5176 return;
5177 }
5178
5179 /****************************************************************************
5180 Reply to a printopen.
5181 ****************************************************************************/
5182
5183 void reply_printopen(struct smb_request *req)
5184 {
5185 connection_struct *conn = req->conn;
5186 files_struct *fsp;
5187 NTSTATUS status;
5188
5189 START_PROFILE(SMBsplopen);
5190
5191 if (req->wct < 2) {
5192 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5193 END_PROFILE(SMBsplopen);
5194 return;
5195 }
5196
5197 if (!CAN_PRINT(conn)) {
5198 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5199 END_PROFILE(SMBsplopen);
5200 return;
5201 }
5202
5203 status = file_new(req, conn, &fsp);
5204 if(!NT_STATUS_IS_OK(status)) {
5205 reply_nterror(req, status);
5206 END_PROFILE(SMBsplopen);
5207 return;
5208 }
5209
5210 /* Open for exclusive use, write only. */
5211 status = print_spool_open(fsp, NULL, req->vuid);
5212
5213 if (!NT_STATUS_IS_OK(status)) {
5214 file_free(req, fsp);
5215 reply_nterror(req, status);
5216 END_PROFILE(SMBsplopen);
5217 return;
5218 }
5219
5220 reply_outbuf(req, 1, 0);
5221 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5222
5223 DEBUG(3,("openprint fd=%d fnum=%d\n",
5224 fsp->fh->fd, fsp->fnum));
5225
5226 END_PROFILE(SMBsplopen);
5227 return;
5228 }
5229
5230 /****************************************************************************
5231 Reply to a printclose.
5232 ****************************************************************************/
5233
5234 void reply_printclose(struct smb_request *req)
5235 {
5236 connection_struct *conn = req->conn;
5237 files_struct *fsp;
5238 NTSTATUS status;
5239
5240 START_PROFILE(SMBsplclose);
5241
5242 if (req->wct < 1) {
5243 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5244 END_PROFILE(SMBsplclose);
5245 return;
5246 }
5247
5248 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5249
5250 if (!check_fsp(conn, req, fsp)) {
5251 END_PROFILE(SMBsplclose);
5252 return;
5253 }
5254
5255 if (!CAN_PRINT(conn)) {
5256 reply_force_doserror(req, ERRSRV, ERRerror);
5257 END_PROFILE(SMBsplclose);
5258 return;
5259 }
5260
5261 DEBUG(3,("printclose fd=%d fnum=%d\n",
5262 fsp->fh->fd,fsp->fnum));
5263
5264 status = close_file(req, fsp, NORMAL_CLOSE);
5265
5266 if(!NT_STATUS_IS_OK(status)) {
5267 reply_nterror(req, status);
5268 END_PROFILE(SMBsplclose);
5269 return;
5270 }
5271
5272 reply_outbuf(req, 0, 0);
5273
5274 END_PROFILE(SMBsplclose);
5275 return;
5276 }
5277
5278 /****************************************************************************
5279 Reply to a printqueue.
5280 ****************************************************************************/
5281
5282 void reply_printqueue(struct smb_request *req)
5283 {
5284 connection_struct *conn = req->conn;
5285 int max_count;
5286 int start_index;
5287
5288 START_PROFILE(SMBsplretq);
5289
5290 if (req->wct < 2) {
5291 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5292 END_PROFILE(SMBsplretq);
5293 return;
5294 }
5295
5296 max_count = SVAL(req->vwv+0, 0);
5297 start_index = SVAL(req->vwv+1, 0);
5298
5299 /* we used to allow the client to get the cnum wrong, but that
5300 is really quite gross and only worked when there was only
5301 one printer - I think we should now only accept it if they
5302 get it right (tridge) */
5303 if (!CAN_PRINT(conn)) {
5304 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5305 END_PROFILE(SMBsplretq);
5306 return;
5307 }
5308
5309 reply_outbuf(req, 2, 3);
5310 SSVAL(req->outbuf,smb_vwv0,0);
5311 SSVAL(req->outbuf,smb_vwv1,0);
5312 SCVAL(smb_buf(req->outbuf),0,1);
5313 SSVAL(smb_buf(req->outbuf),1,0);
5314
5315 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5316 start_index, max_count));
5317
5318 {
5319 TALLOC_CTX *mem_ctx = talloc_tos();
5320 NTSTATUS status;
5321 WERROR werr;
5322 const char *sharename = lp_servicename(SNUM(conn));
5323 struct rpc_pipe_client *cli = NULL;
5324 struct dcerpc_binding_handle *b = NULL;
5325 struct policy_handle handle;
5326 struct spoolss_DevmodeContainer devmode_ctr;
5327 union spoolss_JobInfo *info;
5328 uint32_t count;
5329 uint32_t num_to_get;
5330 uint32_t first;
5331 uint32_t i;
5332
5333 ZERO_STRUCT(handle);
5334
5335 status = rpc_pipe_open_interface(conn,
5336 &ndr_table_spoolss.syntax_id,
5337 conn->session_info,
5338 &conn->sconn->client_id,
5339 conn->sconn->msg_ctx,
5340 &cli);
5341 if (!NT_STATUS_IS_OK(status)) {
5342 DEBUG(0, ("reply_printqueue: "
5343 "could not connect to spoolss: %s\n",
5344 nt_errstr(status)));
5345 reply_nterror(req, status);
5346 goto out;
5347 }
5348 b = cli->binding_handle;
5349
5350 ZERO_STRUCT(devmode_ctr);
5351
5352 status = dcerpc_spoolss_OpenPrinter(b, mem_ctx,
5353 sharename,
5354 NULL, devmode_ctr,
5355 SEC_FLAG_MAXIMUM_ALLOWED,
5356 &handle,
5357 &werr);
5358 if (!NT_STATUS_IS_OK(status)) {
5359 reply_nterror(req, status);
5360 goto out;
5361 }
5362 if (!W_ERROR_IS_OK(werr)) {
5363 reply_nterror(req, werror_to_ntstatus(werr));
5364 goto out;
5365 }
5366
5367 werr = rpccli_spoolss_enumjobs(cli, mem_ctx,
5368 &handle,
5369 0, /* firstjob */
5370 0xff, /* numjobs */
5371 2, /* level */
5372 0, /* offered */
5373 &count,
5374 &info);
5375 if (!W_ERROR_IS_OK(werr)) {
5376 reply_nterror(req, werror_to_ntstatus(werr));
5377 goto out;
5378 }
5379
5380 if (max_count > 0) {
5381 first = start_index;
5382 } else {
5383 first = start_index + max_count + 1;
5384 }
5385
5386 if (first >= count) {
5387 num_to_get = first;
5388 } else {
5389 num_to_get = first + MIN(ABS(max_count), count - first);
5390 }
5391
5392 for (i = first; i < num_to_get; i++) {
5393 char blob[28];
5394 char *p = blob;
5395 time_t qtime = spoolss_Time_to_time_t(&info[i].info2.submitted);
5396 int qstatus;
5397 uint16_t qrapjobid = pjobid_to_rap(sharename,
5398 info[i].info2.job_id);
5399
5400 if (info[i].info2.status == JOB_STATUS_PRINTING) {
5401 qstatus = 2;
5402 } else {
5403 qstatus = 3;
5404 }
5405
5406 srv_put_dos_date2(p, 0, qtime);
5407 SCVAL(p, 4, qstatus);
5408 SSVAL(p, 5, qrapjobid);
5409 SIVAL(p, 7, info[i].info2.size);
5410 SCVAL(p, 11, 0);
5411 srvstr_push(blob, req->flags2, p+12,
5412 info[i].info2.notify_name, 16, STR_ASCII);
5413
5414 if (message_push_blob(
5415 &req->outbuf,
5416 data_blob_const(
5417 blob, sizeof(blob))) == -1) {
5418 reply_nterror(req, NT_STATUS_NO_MEMORY);
5419 goto out;
5420 }
5421 }
5422
5423 if (count > 0) {
5424 SSVAL(req->outbuf,smb_vwv0,count);
5425 SSVAL(req->outbuf,smb_vwv1,
5426 (max_count>0?first+count:first-1));
5427 SCVAL(smb_buf(req->outbuf),0,1);
5428 SSVAL(smb_buf(req->outbuf),1,28*count);
5429 }
5430
5431
5432 DEBUG(3, ("%u entries returned in queue\n",
5433 (unsigned)count));
5434
5435 out:
5436 if (b && is_valid_policy_hnd(&handle)) {
5437 dcerpc_spoolss_ClosePrinter(b, mem_ctx, &handle, &werr);
5438 }
5439
5440 }
5441
5442 END_PROFILE(SMBsplretq);
5443 return;
5444 }
5445
5446 /****************************************************************************
5447 Reply to a printwrite.
5448 ****************************************************************************/
5449
5450 void reply_printwrite(struct smb_request *req)
5451 {
5452 connection_struct *conn = req->conn;
5453 int numtowrite;
5454 const char *data;
5455 files_struct *fsp;
5456
5457 START_PROFILE(SMBsplwr);
5458
5459 if (req->wct < 1) {
5460 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5461 END_PROFILE(SMBsplwr);
5462 return;
5463 }
5464
5465 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5466
5467 if (!check_fsp(conn, req, fsp)) {
5468 END_PROFILE(SMBsplwr);
5469 return;
5470 }
5471
5472 if (!fsp->print_file) {
5473 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5474 END_PROFILE(SMBsplwr);
5475 return;
5476 }
5477
5478 if (!CHECK_WRITE(fsp)) {
5479 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5480 END_PROFILE(SMBsplwr);
5481 return;
5482 }
5483
5484 numtowrite = SVAL(req->buf, 1);
5485
5486 if (req->buflen < numtowrite + 3) {
5487 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5488 END_PROFILE(SMBsplwr);
5489 return;
5490 }
5491
5492 data = (const char *)req->buf + 3;
5493
5494 if (write_file(req,fsp,data,(SMB_OFF_T)-1,numtowrite) != numtowrite) {
5495 reply_nterror(req, map_nt_error_from_unix(errno));
5496 END_PROFILE(SMBsplwr);
5497 return;
5498 }
5499
5500 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5501
5502 END_PROFILE(SMBsplwr);
5503 return;
5504 }
5505
5506 /****************************************************************************
5507 Reply to a mkdir.
5508 ****************************************************************************/
5509
5510 void reply_mkdir(struct smb_request *req)
5511 {
5512 connection_struct *conn = req->conn;
5513 struct smb_filename *smb_dname = NULL;
5514 char *directory = NULL;
5515 NTSTATUS status;
5516 TALLOC_CTX *ctx = talloc_tos();
5517
5518 START_PROFILE(SMBmkdir);
5519
5520 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5521 STR_TERMINATE, &status);
5522 if (!NT_STATUS_IS_OK(status)) {
5523 reply_nterror(req, status);
5524 goto out;
5525 }
5526
5527 status = filename_convert(ctx, conn,
5528 req->flags2 & FLAGS2_DFS_PATHNAMES,
5529 directory,
5530 0,
5531 NULL,
5532 &smb_dname);
5533 if (!NT_STATUS_IS_OK(status)) {
5534 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5535 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5536 ERRSRV, ERRbadpath);
5537 goto out;
5538 }
5539 reply_nterror(req, status);
5540 goto out;
5541 }
5542
5543 status = create_directory(conn, req, smb_dname);
5544
5545 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5546
5547 if (!NT_STATUS_IS_OK(status)) {
5548
5549 if (!use_nt_status()
5550 && NT_STATUS_EQUAL(status,
5551 NT_STATUS_OBJECT_NAME_COLLISION)) {
5552 /*
5553 * Yes, in the DOS error code case we get a
5554 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5555 * samba4 torture test.
5556 */
5557 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5558 }
5559
5560 reply_nterror(req, status);
5561 goto out;
5562 }
5563
5564 reply_outbuf(req, 0, 0);
5565
5566 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5567 out:
5568 TALLOC_FREE(smb_dname);
5569 END_PROFILE(SMBmkdir);
5570 return;
5571 }
5572
5573 /****************************************************************************
5574 Reply to a rmdir.
5575 ****************************************************************************/
5576
5577 void reply_rmdir(struct smb_request *req)
5578 {
5579 connection_struct *conn = req->conn;
5580 struct smb_filename *smb_dname = NULL;
5581 char *directory = NULL;
5582 NTSTATUS status;
5583 TALLOC_CTX *ctx = talloc_tos();
5584 files_struct *fsp = NULL;
5585 int info = 0;
5586 struct smbd_server_connection *sconn = req->sconn;
5587
5588 START_PROFILE(SMBrmdir);
5589
5590 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5591 STR_TERMINATE, &status);
5592 if (!NT_STATUS_IS_OK(status)) {
5593 reply_nterror(req, status);
5594 goto out;
5595 }
5596
5597 status = filename_convert(ctx, conn,
5598 req->flags2 & FLAGS2_DFS_PATHNAMES,
5599 directory,
5600 0,
5601 NULL,
5602 &smb_dname);
5603 if (!NT_STATUS_IS_OK(status)) {
5604 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5605 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5606 ERRSRV, ERRbadpath);
5607 goto out;
5608 }
5609 reply_nterror(req, status);
5610 goto out;
5611 }
5612
5613 if (is_ntfs_stream_smb_fname(smb_dname)) {
5614 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5615 goto out;
5616 }
5617
5618 status = SMB_VFS_CREATE_FILE(
5619 conn, /* conn */
5620 req, /* req */
5621 0, /* root_dir_fid */
5622 smb_dname, /* fname */
5623 DELETE_ACCESS, /* access_mask */
5624 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
5625 FILE_SHARE_DELETE),
5626 FILE_OPEN, /* create_disposition*/
5627 FILE_DIRECTORY_FILE, /* create_options */
5628 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
5629 0, /* oplock_request */
5630 0, /* allocation_size */
5631 0, /* private_flags */
5632 NULL, /* sd */
5633 NULL, /* ea_list */
5634 &fsp, /* result */
5635 &info); /* pinfo */
5636
5637 if (!NT_STATUS_IS_OK(status)) {
5638 if (open_was_deferred(req->mid)) {
5639 /* We have re-scheduled this call. */
5640 goto out;
5641 }
5642 reply_nterror(req, status);
5643 goto out;
5644 }
5645
5646 status = can_set_delete_on_close(fsp, FILE_ATTRIBUTE_DIRECTORY);
5647 if (!NT_STATUS_IS_OK(status)) {
5648 close_file(req, fsp, ERROR_CLOSE);
5649 reply_nterror(req, status);
5650 goto out;
5651 }
5652
5653 if (!set_delete_on_close(fsp, true, &conn->session_info->utok)) {
5654 close_file(req, fsp, ERROR_CLOSE);
5655 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
5656 goto out;
5657 }
5658
5659 status = close_file(req, fsp, NORMAL_CLOSE);
5660 if (!NT_STATUS_IS_OK(status)) {
5661 reply_nterror(req, status);
5662 } else {
5663 reply_outbuf(req, 0, 0);
5664 }
5665
5666 dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
5667
5668 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5669 out:
5670 TALLOC_FREE(smb_dname);
5671 END_PROFILE(SMBrmdir);
5672 return;
5673 }
5674
5675 /*******************************************************************
5676 Resolve wildcards in a filename rename.
5677 ********************************************************************/
5678
5679 static bool resolve_wildcards(TALLOC_CTX *ctx,
5680 const char *name1,
5681 const char *name2,
5682 char **pp_newname)
5683 {
5684 char *name2_copy = NULL;
5685 char *root1 = NULL;
5686 char *root2 = NULL;
5687 char *ext1 = NULL;
5688 char *ext2 = NULL;
5689 char *p,*p2, *pname1, *pname2;
5690
5691 name2_copy = talloc_strdup(ctx, name2);
5692 if (!name2_copy) {
5693 return False;
5694 }
5695
5696 pname1 = strrchr_m(name1,'/');
5697 pname2 = strrchr_m(name2_copy,'/');
5698
5699 if (!pname1 || !pname2) {
5700 return False;
5701 }
5702
5703 /* Truncate the copy of name2 at the last '/' */
5704 *pname2 = '\0';
5705
5706 /* Now go past the '/' */
5707 pname1++;
5708 pname2++;
5709
5710 root1 = talloc_strdup(ctx, pname1);
5711 root2 = talloc_strdup(ctx, pname2);
5712
5713 if (!root1 || !root2) {
5714 return False;
5715 }
5716
5717 p = strrchr_m(root1,'.');
5718 if (p) {
5719 *p = 0;
5720 ext1 = talloc_strdup(ctx, p+1);
5721 } else {
5722 ext1 = talloc_strdup(ctx, "");
5723 }
5724 p = strrchr_m(root2,'.');
5725 if (p) {
5726 *p = 0;
5727 ext2 = talloc_strdup(ctx, p+1);
5728 } else {
5729 ext2 = talloc_strdup(ctx, "");
5730 }
5731
5732 if (!ext1 || !ext2) {
5733 return False;
5734 }
5735
5736 p = root1;
5737 p2 = root2;
5738 while (*p2) {
5739 if (*p2 == '?') {
5740 /* Hmmm. Should this be mb-aware ? */
5741 *p2 = *p;
5742 p2++;
5743 } else if (*p2 == '*') {
5744 *p2 = '\0';
5745 root2 = talloc_asprintf(ctx, "%s%s",
5746 root2,
5747 p);
5748 if (!root2) {
5749 return False;
5750 }
5751 break;
5752 } else {
5753 p2++;
5754 }
5755 if (*p) {
5756 p++;
5757 }
5758 }
5759
5760 p = ext1;
5761 p2 = ext2;
5762 while (*p2) {
5763 if (*p2 == '?') {
5764 /* Hmmm. Should this be mb-aware ? */
5765 *p2 = *p;
5766 p2++;
5767 } else if (*p2 == '*') {
5768 *p2 = '\0';
5769 ext2 = talloc_asprintf(ctx, "%s%s",
5770 ext2,
5771 p);
5772 if (!ext2) {
5773 return False;
5774 }
5775 break;
5776 } else {
5777 p2++;
5778 }
5779 if (*p) {
5780 p++;
5781 }
5782 }
5783
5784 if (*ext2) {
5785 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5786 name2_copy,
5787 root2,
5788 ext2);
5789 } else {
5790 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5791 name2_copy,
5792 root2);
5793 }
5794
5795 if (!*pp_newname) {
5796 return False;
5797 }
5798
5799 return True;
5800 }
5801
5802 /****************************************************************************
5803 Ensure open files have their names updated. Updated to notify other smbd's
5804 asynchronously.
5805 ****************************************************************************/
5806
5807 static void rename_open_files(connection_struct *conn,
5808 struct share_mode_lock *lck,
5809 uint32_t orig_name_hash,
5810 const struct smb_filename *smb_fname_dst)
5811 {
5812 files_struct *fsp;
5813 bool did_rename = False;
5814 NTSTATUS status;
5815 uint32_t new_name_hash;
5816
5817 for(fsp = file_find_di_first(conn->sconn, lck->id); fsp;
5818 fsp = file_find_di_next(fsp)) {
5819 /* fsp_name is a relative path under the fsp. To change this for other
5820 sharepaths we need to manipulate relative paths. */
5821 /* TODO - create the absolute path and manipulate the newname
5822 relative to the sharepath. */
5823 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5824 continue;
5825 }
5826 if (fsp->name_hash != orig_name_hash) {
5827 continue;
5828 }
5829 DEBUG(10, ("rename_open_files: renaming file fnum %d "
5830 "(file_id %s) from %s -> %s\n", fsp->fnum,
5831 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
5832 smb_fname_str_dbg(smb_fname_dst)));
5833
5834 status = fsp_set_smb_fname(fsp, smb_fname_dst);
5835 if (NT_STATUS_IS_OK(status)) {
5836 did_rename = True;
5837 new_name_hash = fsp->name_hash;
5838 }
5839 }
5840
5841 if (!did_rename) {
5842 DEBUG(10, ("rename_open_files: no open files on file_id %s "
5843 "for %s\n", file_id_string_tos(&lck->id),
5844 smb_fname_str_dbg(smb_fname_dst)));
5845 }
5846
5847 /* Send messages to all smbd's (not ourself) that the name has changed. */
5848 rename_share_filename(conn->sconn->msg_ctx, lck, conn->connectpath,
5849 orig_name_hash, new_name_hash,
5850 smb_fname_dst);
5851
5852 }
5853
5854 /****************************************************************************
5855 We need to check if the source path is a parent directory of the destination
5856 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5857 refuse the rename with a sharing violation. Under UNIX the above call can
5858 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5859 probably need to check that the client is a Windows one before disallowing
5860 this as a UNIX client (one with UNIX extensions) can know the source is a
5861 symlink and make this decision intelligently. Found by an excellent bug
5862 report from <AndyLiebman@aol.com>.
5863 ****************************************************************************/
5864
5865 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
5866 const struct smb_filename *smb_fname_dst)
5867 {
5868 const char *psrc = smb_fname_src->base_name;
5869 const char *pdst = smb_fname_dst->base_name;
5870 size_t slen;
5871
5872 if (psrc[0] == '.' && psrc[1] == '/') {
5873 psrc += 2;
5874 }
5875 if (pdst[0] == '.' && pdst[1] == '/') {
5876 pdst += 2;
5877 }
5878 if ((slen = strlen(psrc)) > strlen(pdst)) {
5879 return False;
5880 }
5881 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5882 }
5883
5884 /*
5885 * Do the notify calls from a rename
5886 */
5887
5888 static void notify_rename(connection_struct *conn, bool is_dir,
5889 const struct smb_filename *smb_fname_src,
5890 const struct smb_filename *smb_fname_dst)
5891 {
5892 char *parent_dir_src = NULL;
5893 char *parent_dir_dst = NULL;
5894 uint32 mask;
5895
5896 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5897 : FILE_NOTIFY_CHANGE_FILE_NAME;
5898
5899 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
5900 &parent_dir_src, NULL) ||
5901 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
5902 &parent_dir_dst, NULL)) {
5903 goto out;
5904 }
5905
5906 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
5907 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
5908 smb_fname_src->base_name);
5909 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
5910 smb_fname_dst->base_name);
5911 }
5912 else {
5913 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
5914 smb_fname_src->base_name);
5915 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
5916 smb_fname_dst->base_name);
5917 }
5918
5919 /* this is a strange one. w2k3 gives an additional event for
5920 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5921 files, but not directories */
5922 if (!is_dir) {
5923 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5924 FILE_NOTIFY_CHANGE_ATTRIBUTES
5925 |FILE_NOTIFY_CHANGE_CREATION,
5926 smb_fname_dst->base_name);
5927 }
5928 out:
5929 TALLOC_FREE(parent_dir_src);
5930 TALLOC_FREE(parent_dir_dst);
5931 }
5932
5933 /****************************************************************************
5934 Returns an error if the parent directory for a filename is open in an
5935 incompatible way.
5936 ****************************************************************************/
5937
5938 static NTSTATUS parent_dirname_compatible_open(connection_struct *conn,
5939 const struct smb_filename *smb_fname_dst_in)
5940 {
5941 char *parent_dir = NULL;
5942 struct smb_filename smb_fname_parent;
5943 struct file_id id;
5944 files_struct *fsp = NULL;
5945 int ret;
5946
5947 if (!parent_dirname(talloc_tos(), smb_fname_dst_in->base_name,
5948 &parent_dir, NULL)) {
5949 return NT_STATUS_NO_MEMORY;
5950 }
5951 ZERO_STRUCT(smb_fname_parent);
5952 smb_fname_parent.base_name = parent_dir;
5953
5954 ret = SMB_VFS_LSTAT(conn, &smb_fname_parent);
5955 if (ret == -1) {
5956 return map_nt_error_from_unix(errno);
5957 }
5958
5959 /*
5960 * We're only checking on this smbd here, mostly good
5961 * enough.. and will pass tests.
5962 */
5963
5964 id = vfs_file_id_from_sbuf(conn, &smb_fname_parent.st);
5965 for (fsp = file_find_di_first(conn->sconn, id); fsp;
5966 fsp = file_find_di_next(fsp)) {
5967 if (fsp->access_mask & DELETE_ACCESS) {
5968 return NT_STATUS_SHARING_VIOLATION;
5969 }
5970 }
5971 return NT_STATUS_OK;
5972 }
5973
5974 /****************************************************************************
5975 Rename an open file - given an fsp.
5976 ****************************************************************************/
5977
5978 NTSTATUS rename_internals_fsp(connection_struct *conn,
5979 files_struct *fsp,
5980 const struct smb_filename *smb_fname_dst_in,
5981 uint32 attrs,
5982 bool replace_if_exists)
5983 {
5984 TALLOC_CTX *ctx = talloc_tos();
5985 struct smb_filename *smb_fname_dst = NULL;
5986 NTSTATUS status = NT_STATUS_OK;
5987 struct share_mode_lock *lck = NULL;
5988 bool dst_exists, old_is_stream, new_is_stream;
5989
5990 status = check_name(conn, smb_fname_dst_in->base_name);
5991 if (!NT_STATUS_IS_OK(status)) {
5992 return status;
5993 }
5994
5995 status = parent_dirname_compatible_open(conn, smb_fname_dst_in);
5996 if (!NT_STATUS_IS_OK(status)) {
5997 return status;
5998 }
5999
6000 /* Make a copy of the dst smb_fname structs */
6001
6002 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
6003 if (!NT_STATUS_IS_OK(status)) {
6004 goto out;
6005 }
6006
6007 /*
6008 * Check for special case with case preserving and not
6009 * case sensitive. If the old last component differs from the original
6010 * last component only by case, then we should allow
6011 * the rename (user is trying to change the case of the
6012 * filename).
6013 */
6014 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
6015 strequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
6016 strequal(fsp->fsp_name->stream_name, smb_fname_dst->stream_name)) {
6017 char *last_slash;
6018 char *fname_dst_lcomp_base_mod = NULL;
6019 struct smb_filename *smb_fname_orig_lcomp = NULL;
6020
6021 /*
6022 * Get the last component of the destination name.
6023 */
6024 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
6025 if (last_slash) {
6026 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
6027 } else {
6028 fname_dst_lcomp_base_mod = talloc_strdup(ctx, smb_fname_dst->base_name);
6029 }
6030 if (!fname_dst_lcomp_base_mod) {
6031 status = NT_STATUS_NO_MEMORY;
6032 goto out;
6033 }
6034
6035 /*
6036 * Create an smb_filename struct using the original last
6037 * component of the destination.
6038 */
6039 status = create_synthetic_smb_fname_split(ctx,
6040 smb_fname_dst->original_lcomp, NULL,
6041 &smb_fname_orig_lcomp);
6042 if (!NT_STATUS_IS_OK(status)) {
6043 TALLOC_FREE(fname_dst_lcomp_base_mod);
6044 goto out;
6045 }
6046
6047 /* If the base names only differ by case, use original. */
6048 if(!strcsequal(fname_dst_lcomp_base_mod,
6049 smb_fname_orig_lcomp->base_name)) {
6050 char *tmp;
6051 /*
6052 * Replace the modified last component with the
6053 * original.
6054 */
6055 if (last_slash) {
6056 *last_slash = '\0'; /* Truncate at the '/' */
6057 tmp = talloc_asprintf(smb_fname_dst,
6058 "%s/%s",
6059 smb_fname_dst->base_name,
6060 smb_fname_orig_lcomp->base_name);
6061 } else {
6062 tmp = talloc_asprintf(smb_fname_dst,
6063 "%s",
6064 smb_fname_orig_lcomp->base_name);
6065 }
6066 if (tmp == NULL) {
6067 status = NT_STATUS_NO_MEMORY;
6068 TALLOC_FREE(fname_dst_lcomp_base_mod);
6069 TALLOC_FREE(smb_fname_orig_lcomp);
6070 goto out;
6071 }
6072 TALLOC_FREE(smb_fname_dst->base_name);
6073 smb_fname_dst->base_name = tmp;
6074 }
6075
6076 /* If the stream_names only differ by case, use original. */
6077 if(!strcsequal(smb_fname_dst->stream_name,
6078 smb_fname_orig_lcomp->stream_name)) {
6079 char *tmp = NULL;
6080 /* Use the original stream. */
6081 tmp = talloc_strdup(smb_fname_dst,
6082 smb_fname_orig_lcomp->stream_name);
6083 if (tmp == NULL) {
6084 status = NT_STATUS_NO_MEMORY;
6085 TALLOC_FREE(fname_dst_lcomp_base_mod);
6086 TALLOC_FREE(smb_fname_orig_lcomp);
6087 goto out;
6088 }
6089 TALLOC_FREE(smb_fname_dst->stream_name);
6090 smb_fname_dst->stream_name = tmp;
6091 }
6092 TALLOC_FREE(fname_dst_lcomp_base_mod);
6093 TALLOC_FREE(smb_fname_orig_lcomp);
6094 }
6095
6096 /*
6097 * If the src and dest names are identical - including case,
6098 * don't do the rename, just return success.
6099 */
6100
6101 if (strcsequal(fsp->fsp_name->base_name, smb_fname_dst->base_name) &&
6102 strcsequal(fsp->fsp_name->stream_name,
6103 smb_fname_dst->stream_name)) {
6104 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
6105 "- returning success\n",
6106 smb_fname_str_dbg(smb_fname_dst)));
6107 status = NT_STATUS_OK;
6108 goto out;
6109 }
6110
6111 old_is_stream = is_ntfs_stream_smb_fname(fsp->fsp_name);
6112 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
6113
6114 /* Return the correct error code if both names aren't streams. */
6115 if (!old_is_stream && new_is_stream) {
6116 status = NT_STATUS_OBJECT_NAME_INVALID;
6117 goto out;
6118 }
6119
6120 if (old_is_stream && !new_is_stream) {
6121 status = NT_STATUS_INVALID_PARAMETER;
6122 goto out;
6123 }
6124
6125 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
6126
6127 if(!replace_if_exists && dst_exists) {
6128 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
6129 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6130 smb_fname_str_dbg(smb_fname_dst)));
6131 status = NT_STATUS_OBJECT_NAME_COLLISION;
6132 goto out;
6133 }
6134
6135 if (dst_exists) {
6136 struct file_id fileid = vfs_file_id_from_sbuf(conn,
6137 &smb_fname_dst->st);
6138 files_struct *dst_fsp = file_find_di_first(conn->sconn,
6139 fileid);
6140 /* The file can be open when renaming a stream */
6141 if (dst_fsp && !new_is_stream) {
6142 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
6143 status = NT_STATUS_ACCESS_DENIED;
6144 goto out;
6145 }
6146 }
6147
6148 /* Ensure we have a valid stat struct for the source. */
6149 status = vfs_stat_fsp(fsp);
6150 if (!NT_STATUS_IS_OK(status)) {
6151 goto out;
6152 }
6153
6154 status = can_rename(conn, fsp, attrs);
6155
6156 if (!NT_STATUS_IS_OK(status)) {
6157 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6158 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6159 smb_fname_str_dbg(smb_fname_dst)));
6160 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
6161 status = NT_STATUS_ACCESS_DENIED;
6162 goto out;
6163 }
6164
6165 if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
6166 status = NT_STATUS_ACCESS_DENIED;
6167 }
6168
6169 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
6170 NULL);
6171
6172 /*
6173 * We have the file open ourselves, so not being able to get the
6174 * corresponding share mode lock is a fatal error.
6175 */
6176
6177 SMB_ASSERT(lck != NULL);
6178
6179 if(SMB_VFS_RENAME(conn, fsp->fsp_name, smb_fname_dst) == 0) {
6180 uint32 create_options = fsp->fh->private_options;
6181
6182 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
6183 "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
6184 smb_fname_str_dbg(smb_fname_dst)));
6185
6186 if (!lp_posix_pathnames() &&
6187 (lp_map_archive(SNUM(conn)) ||
6188 lp_store_dos_attributes(SNUM(conn)))) {
6189 /* We must set the archive bit on the newly
6190 renamed file. */
6191 if (SMB_VFS_STAT(conn, smb_fname_dst) == 0) {
6192 uint32_t old_dosmode = dos_mode(conn,
6193 smb_fname_dst);
6194 file_set_dosmode(conn,
6195 smb_fname_dst,
6196 old_dosmode | FILE_ATTRIBUTE_ARCHIVE,
6197 NULL,
6198 true);
6199 }
6200 }
6201
6202 notify_rename(conn, fsp->is_directory, fsp->fsp_name,
6203 smb_fname_dst);
6204
6205 rename_open_files(conn, lck, fsp->name_hash, smb_fname_dst);
6206
6207 /*
6208 * A rename acts as a new file create w.r.t. allowing an initial delete
6209 * on close, probably because in Windows there is a new handle to the
6210 * new file. If initial delete on close was requested but not
6211 * originally set, we need to set it here. This is probably not 100% correct,
6212 * but will work for the CIFSFS client which in non-posix mode
6213 * depends on these semantics. JRA.
6214 */
6215
6216 if (create_options & FILE_DELETE_ON_CLOSE) {
6217 status = can_set_delete_on_close(fsp, 0);
6218
6219 if (NT_STATUS_IS_OK(status)) {
6220 /* Note that here we set the *inital* delete on close flag,
6221 * not the regular one. The magic gets handled in close. */
6222 fsp->initial_delete_on_close = True;
6223 }
6224 }
6225 TALLOC_FREE(lck);
6226 status = NT_STATUS_OK;
6227 goto out;
6228 }
6229
6230 TALLOC_FREE(lck);
6231
6232 if (errno == ENOTDIR || errno == EISDIR) {
6233 status = NT_STATUS_OBJECT_NAME_COLLISION;
6234 } else {
6235 status = map_nt_error_from_unix(errno);
6236 }
6237
6238 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6239 nt_errstr(status), smb_fname_str_dbg(fsp->fsp_name),
6240 smb_fname_str_dbg(smb_fname_dst)));
6241
6242 out:
6243 TALLOC_FREE(smb_fname_dst);
6244
6245 return status;
6246 }
6247
6248 /****************************************************************************
6249 The guts of the rename command, split out so it may be called by the NT SMB
6250 code.
6251 ****************************************************************************/
6252
6253 NTSTATUS rename_internals(TALLOC_CTX *ctx,
6254 connection_struct *conn,
6255 struct smb_request *req,
6256 struct smb_filename *smb_fname_src,
6257 struct smb_filename *smb_fname_dst,
6258 uint32 attrs,
6259 bool replace_if_exists,
6260 bool src_has_wild,
6261 bool dest_has_wild,
6262 uint32_t access_mask)
6263 {
6264 char *fname_src_dir = NULL;
6265 char *fname_src_mask = NULL;
6266 int count=0;
6267 NTSTATUS status = NT_STATUS_OK;
6268 struct smb_Dir *dir_hnd = NULL;
6269 const char *dname = NULL;
6270 char *talloced = NULL;
6271 long offset = 0;
6272 int create_options = 0;
6273 bool posix_pathnames = lp_posix_pathnames();
6274
6275 /*
6276 * Split the old name into directory and last component
6277 * strings. Note that unix_convert may have stripped off a
6278 * leading ./ from both name and newname if the rename is
6279 * at the root of the share. We need to make sure either both
6280 * name and newname contain a / character or neither of them do
6281 * as this is checked in resolve_wildcards().
6282 */
6283
6284 /* Split up the directory from the filename/mask. */
6285 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6286 &fname_src_dir, &fname_src_mask);
6287 if (!NT_STATUS_IS_OK(status)) {
6288 status = NT_STATUS_NO_MEMORY;
6289 goto out;
6290 }
6291
6292 /*
6293 * We should only check the mangled cache
6294 * here if unix_convert failed. This means
6295 * that the path in 'mask' doesn't exist
6296 * on the file system and so we need to look
6297 * for a possible mangle. This patch from
6298 * Tine Smukavec <valentin.smukavec@hermes.si>.
6299 */
6300
6301 if (!VALID_STAT(smb_fname_src->st) &&
6302 mangle_is_mangled(fname_src_mask, conn->params)) {
6303 char *new_mask = NULL;
6304 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
6305 conn->params);
6306 if (new_mask) {
6307 TALLOC_FREE(fname_src_mask);
6308 fname_src_mask = new_mask;
6309 }
6310 }
6311
6312 if (!src_has_wild) {
6313 files_struct *fsp;
6314
6315 /*
6316 * Only one file needs to be renamed. Append the mask back
6317 * onto the directory.
6318 */
6319 TALLOC_FREE(smb_fname_src->base_name);
6320 if (ISDOT(fname_src_dir)) {
6321 /* Ensure we use canonical names on open. */
6322 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6323 "%s",
6324 fname_src_mask);
6325 } else {
6326 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6327 "%s/%s",
6328 fname_src_dir,
6329 fname_src_mask);
6330 }
6331 if (!smb_fname_src->base_name) {
6332 status = NT_STATUS_NO_MEMORY;
6333 goto out;
6334 }
6335
6336 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6337 "case_preserve = %d, short case preserve = %d, "
6338 "directory = %s, newname = %s, "
6339 "last_component_dest = %s\n",
6340 conn->case_sensitive, conn->case_preserve,
6341 conn->short_case_preserve,
6342 smb_fname_str_dbg(smb_fname_src),
6343 smb_fname_str_dbg(smb_fname_dst),
6344 smb_fname_dst->original_lcomp));
6345
6346 /* The dest name still may have wildcards. */
6347 if (dest_has_wild) {
6348 char *fname_dst_mod = NULL;
6349 if (!resolve_wildcards(smb_fname_dst,
6350 smb_fname_src->base_name,
6351 smb_fname_dst->base_name,
6352 &fname_dst_mod)) {
6353 DEBUG(6, ("rename_internals: resolve_wildcards "
6354 "%s %s failed\n",
6355 smb_fname_src->base_name,
6356 smb_fname_dst->base_name));
6357 status = NT_STATUS_NO_MEMORY;
6358 goto out;
6359 }
6360 TALLOC_FREE(smb_fname_dst->base_name);
6361 smb_fname_dst->base_name = fname_dst_mod;
6362 }
6363
6364 ZERO_STRUCT(smb_fname_src->st);
6365 if (posix_pathnames) {
6366 SMB_VFS_LSTAT(conn, smb_fname_src);
6367 } else {
6368 SMB_VFS_STAT(conn, smb_fname_src);
6369 }
6370
6371 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6372 create_options |= FILE_DIRECTORY_FILE;
6373 }
6374
6375 status = SMB_VFS_CREATE_FILE(
6376 conn, /* conn */
6377 req, /* req */
6378 0, /* root_dir_fid */
6379 smb_fname_src, /* fname */
6380 access_mask, /* access_mask */
6381 (FILE_SHARE_READ | /* share_access */
6382 FILE_SHARE_WRITE),
6383 FILE_OPEN, /* create_disposition*/
6384 create_options, /* create_options */
6385 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6386 0, /* oplock_request */
6387 0, /* allocation_size */
6388 0, /* private_flags */
6389 NULL, /* sd */
6390 NULL, /* ea_list */
6391 &fsp, /* result */
6392 NULL); /* pinfo */
6393
6394 if (!NT_STATUS_IS_OK(status)) {
6395 DEBUG(3, ("Could not open rename source %s: %s\n",
6396 smb_fname_str_dbg(smb_fname_src),
6397 nt_errstr(status)));
6398 goto out;
6399 }
6400
6401 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6402 attrs, replace_if_exists);
6403
6404 close_file(req, fsp, NORMAL_CLOSE);
6405
6406 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6407 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6408 smb_fname_str_dbg(smb_fname_dst)));
6409
6410 goto out;
6411 }
6412
6413 /*
6414 * Wildcards - process each file that matches.
6415 */
6416 if (strequal(fname_src_mask, "????????.???")) {
6417 TALLOC_FREE(fname_src_mask);
6418 fname_src_mask = talloc_strdup(ctx, "*");
6419 if (!fname_src_mask) {
6420 status = NT_STATUS_NO_MEMORY;
6421 goto out;
6422 }
6423 }
6424
6425 status = check_name(conn, fname_src_dir);
6426 if (!NT_STATUS_IS_OK(status)) {
6427 goto out;
6428 }
6429
6430 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6431 attrs);
6432 if (dir_hnd == NULL) {
6433 status = map_nt_error_from_unix(errno);
6434 goto out;
6435 }
6436
6437 status = NT_STATUS_NO_SUCH_FILE;
6438 /*
6439 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6440 * - gentest fix. JRA
6441 */
6442
6443 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st,
6444 &talloced))) {
6445 files_struct *fsp = NULL;
6446 char *destname = NULL;
6447 bool sysdir_entry = False;
6448
6449 /* Quick check for "." and ".." */
6450 if (ISDOT(dname) || ISDOTDOT(dname)) {
6451 if (attrs & FILE_ATTRIBUTE_DIRECTORY) {
6452 sysdir_entry = True;
6453 } else {
6454 TALLOC_FREE(talloced);
6455 continue;
6456 }
6457 }
6458
6459 if (!is_visible_file(conn, fname_src_dir, dname,
6460 &smb_fname_src->st, false)) {
6461 TALLOC_FREE(talloced);
6462 continue;
6463 }
6464
6465 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6466 TALLOC_FREE(talloced);
6467 continue;
6468 }
6469
6470 if (sysdir_entry) {
6471 status = NT_STATUS_OBJECT_NAME_INVALID;
6472 break;
6473 }
6474
6475 TALLOC_FREE(smb_fname_src->base_name);
6476 if (ISDOT(fname_src_dir)) {
6477 /* Ensure we use canonical names on open. */
6478 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6479 "%s",
6480 dname);
6481 } else {
6482 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6483 "%s/%s",
6484 fname_src_dir,
6485 dname);
6486 }
6487 if (!smb_fname_src->base_name) {
6488 status = NT_STATUS_NO_MEMORY;
6489 goto out;
6490 }
6491
6492 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6493 smb_fname_dst->base_name,
6494 &destname)) {
6495 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6496 smb_fname_src->base_name, destname));
6497 TALLOC_FREE(talloced);
6498 continue;
6499 }
6500 if (!destname) {
6501 status = NT_STATUS_NO_MEMORY;
6502 goto out;
6503 }
6504
6505 TALLOC_FREE(smb_fname_dst->base_name);
6506 smb_fname_dst->base_name = destname;
6507
6508 ZERO_STRUCT(smb_fname_src->st);
6509 if (posix_pathnames) {
6510 SMB_VFS_LSTAT(conn, smb_fname_src);
6511 } else {
6512 SMB_VFS_STAT(conn, smb_fname_src);
6513 }
6514
6515 create_options = 0;
6516
6517 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6518 create_options |= FILE_DIRECTORY_FILE;
6519 }
6520
6521 status = SMB_VFS_CREATE_FILE(
6522 conn, /* conn */
6523 req, /* req */
6524 0, /* root_dir_fid */
6525 smb_fname_src, /* fname */
6526 access_mask, /* access_mask */
6527 (FILE_SHARE_READ | /* share_access */
6528 FILE_SHARE_WRITE),
6529 FILE_OPEN, /* create_disposition*/
6530 create_options, /* create_options */
6531 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6532 0, /* oplock_request */
6533 0, /* allocation_size */
6534 0, /* private_flags */
6535 NULL, /* sd */
6536 NULL, /* ea_list */
6537 &fsp, /* result */
6538 NULL); /* pinfo */
6539
6540 if (!NT_STATUS_IS_OK(status)) {
6541 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6542 "returned %s rename %s -> %s\n",
6543 nt_errstr(status),
6544 smb_fname_str_dbg(smb_fname_src),
6545 smb_fname_str_dbg(smb_fname_dst)));
6546 break;
6547 }
6548
6549 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6550 dname);
6551 if (!smb_fname_dst->original_lcomp) {
6552 status = NT_STATUS_NO_MEMORY;
6553 goto out;
6554 }
6555
6556 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6557 attrs, replace_if_exists);
6558
6559 close_file(req, fsp, NORMAL_CLOSE);
6560
6561 if (!NT_STATUS_IS_OK(status)) {
6562 DEBUG(3, ("rename_internals_fsp returned %s for "
6563 "rename %s -> %s\n", nt_errstr(status),
6564 smb_fname_str_dbg(smb_fname_src),
6565 smb_fname_str_dbg(smb_fname_dst)));
6566 break;
6567 }
6568
6569 count++;
6570
6571 DEBUG(3,("rename_internals: doing rename on %s -> "
6572 "%s\n", smb_fname_str_dbg(smb_fname_src),
6573 smb_fname_str_dbg(smb_fname_src)));
6574 TALLOC_FREE(talloced);
6575 }
6576 TALLOC_FREE(dir_hnd);
6577
6578 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6579 status = map_nt_error_from_unix(errno);
6580 }
6581
6582 out:
6583 TALLOC_FREE(talloced);
6584 TALLOC_FREE(fname_src_dir);
6585 TALLOC_FREE(fname_src_mask);
6586 return status;
6587 }
6588
6589 /****************************************************************************
6590 Reply to a mv.
6591 ****************************************************************************/
6592
6593 void reply_mv(struct smb_request *req)
6594 {
6595 connection_struct *conn = req->conn;
6596 char *name = NULL;
6597 char *newname = NULL;
6598 const char *p;
6599 uint32 attrs;
6600 NTSTATUS status;
6601 bool src_has_wcard = False;
6602 bool dest_has_wcard = False;
6603 TALLOC_CTX *ctx = talloc_tos();
6604 struct smb_filename *smb_fname_src = NULL;
6605 struct smb_filename *smb_fname_dst = NULL;
6606 bool stream_rename = false;
6607
6608 START_PROFILE(SMBmv);
6609
6610 if (req->wct < 1) {
6611 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6612 goto out;
6613 }
6614
6615 attrs = SVAL(req->vwv+0, 0);
6616
6617 p = (const char *)req->buf + 1;
6618 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6619 &status, &src_has_wcard);
6620 if (!NT_STATUS_IS_OK(status)) {
6621 reply_nterror(req, status);
6622 goto out;
6623 }
6624 p++;
6625 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6626 &status, &dest_has_wcard);
6627 if (!NT_STATUS_IS_OK(status)) {
6628 reply_nterror(req, status);
6629 goto out;
6630 }
6631
6632 if (!lp_posix_pathnames()) {
6633 /* The newname must begin with a ':' if the
6634 name contains a ':'. */
6635 if (strchr_m(name, ':')) {
6636 if (newname[0] != ':') {
6637 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6638 goto out;
6639 }
6640 stream_rename = true;
6641 }
6642 }
6643
6644 status = filename_convert(ctx,
6645 conn,
6646 req->flags2 & FLAGS2_DFS_PATHNAMES,
6647 name,
6648 UCF_COND_ALLOW_WCARD_LCOMP,
6649 &src_has_wcard,
6650 &smb_fname_src);
6651
6652 if (!NT_STATUS_IS_OK(status)) {
6653 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6654 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6655 ERRSRV, ERRbadpath);
6656 goto out;
6657 }
6658 reply_nterror(req, status);
6659 goto out;
6660 }
6661
6662 status = filename_convert(ctx,
6663 conn,
6664 req->flags2 & FLAGS2_DFS_PATHNAMES,
6665 newname,
6666 UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP,
6667 &dest_has_wcard,
6668 &smb_fname_dst);
6669
6670 if (!NT_STATUS_IS_OK(status)) {
6671 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6672 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6673 ERRSRV, ERRbadpath);
6674 goto out;
6675 }
6676 reply_nterror(req, status);
6677 goto out;
6678 }
6679
6680 if (stream_rename) {
6681 /* smb_fname_dst->base_name must be the same as
6682 smb_fname_src->base_name. */
6683 TALLOC_FREE(smb_fname_dst->base_name);
6684 smb_fname_dst->base_name = talloc_strdup(smb_fname_dst,
6685 smb_fname_src->base_name);
6686 if (!smb_fname_dst->base_name) {
6687 reply_nterror(req, NT_STATUS_NO_MEMORY);
6688 goto out;
6689 }
6690 }
6691
6692 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6693 smb_fname_str_dbg(smb_fname_dst)));
6694
6695 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6696 attrs, False, src_has_wcard, dest_has_wcard,
6697 DELETE_ACCESS);
6698 if (!NT_STATUS_IS_OK(status)) {
6699 if (open_was_deferred(req->mid)) {
6700 /* We have re-scheduled this call. */
6701 goto out;
6702 }
6703 reply_nterror(req, status);
6704 goto out;
6705 }
6706
6707 reply_outbuf(req, 0, 0);
6708 out:
6709 TALLOC_FREE(smb_fname_src);
6710 TALLOC_FREE(smb_fname_dst);
6711 END_PROFILE(SMBmv);
6712 return;
6713 }
6714
6715 /*******************************************************************
6716 Copy a file as part of a reply_copy.
6717 ******************************************************************/
6718
6719 /*
6720 * TODO: check error codes on all callers
6721 */
6722
6723 NTSTATUS copy_file(TALLOC_CTX *ctx,
6724 connection_struct *conn,
6725 struct smb_filename *smb_fname_src,
6726 struct smb_filename *smb_fname_dst,
6727 int ofun,
6728 int count,
6729 bool target_is_directory)
6730 {
6731 struct smb_filename *smb_fname_dst_tmp = NULL;
6732 SMB_OFF_T ret=-1;
6733 files_struct *fsp1,*fsp2;
6734 uint32 dosattrs;
6735 uint32 new_create_disposition;
6736 NTSTATUS status;
6737
6738
6739 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
6740 if (!NT_STATUS_IS_OK(status)) {
6741 return status;
6742 }
6743
6744 /*
6745 * If the target is a directory, extract the last component from the
6746 * src filename and append it to the dst filename
6747 */
6748 if (target_is_directory) {
6749 const char *p;
6750
6751 /* dest/target can't be a stream if it's a directory. */
6752 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
6753
6754 p = strrchr_m(smb_fname_src->base_name,'/');
6755 if (p) {
6756 p++;
6757 } else {
6758 p = smb_fname_src->base_name;
6759 }
6760 smb_fname_dst_tmp->base_name =
6761 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
6762 p);
6763 if (!smb_fname_dst_tmp->base_name) {
6764 status = NT_STATUS_NO_MEMORY;
6765 goto out;
6766 }
6767 }
6768
6769 status = vfs_file_exist(conn, smb_fname_src);
6770 if (!NT_STATUS_IS_OK(status)) {
6771 goto out;
6772 }
6773
6774 if (!target_is_directory && count) {
6775 new_create_disposition = FILE_OPEN;
6776 } else {
6777 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp->base_name,
6778 0, ofun,
6779 NULL, NULL,
6780 &new_create_disposition,
6781 NULL,
6782 NULL)) {
6783 status = NT_STATUS_INVALID_PARAMETER;
6784 goto out;
6785 }
6786 }
6787
6788 /* Open the src file for reading. */
6789 status = SMB_VFS_CREATE_FILE(
6790 conn, /* conn */
6791 NULL, /* req */
6792 0, /* root_dir_fid */
6793 smb_fname_src, /* fname */
6794 FILE_GENERIC_READ, /* access_mask */
6795 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6796 FILE_OPEN, /* create_disposition*/
6797 0, /* create_options */
6798 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6799 INTERNAL_OPEN_ONLY, /* oplock_request */
6800 0, /* allocation_size */
6801 0, /* private_flags */
6802 NULL, /* sd */
6803 NULL, /* ea_list */
6804 &fsp1, /* result */
6805 NULL); /* psbuf */
6806
6807 if (!NT_STATUS_IS_OK(status)) {
6808 goto out;
6809 }
6810
6811 dosattrs = dos_mode(conn, smb_fname_src);
6812
6813 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
6814 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
6815 }
6816
6817 /* Open the dst file for writing. */
6818 status = SMB_VFS_CREATE_FILE(
6819 conn, /* conn */
6820 NULL, /* req */
6821 0, /* root_dir_fid */
6822 smb_fname_dst, /* fname */
6823 FILE_GENERIC_WRITE, /* access_mask */
6824 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6825 new_create_disposition, /* create_disposition*/
6826 0, /* create_options */
6827 dosattrs, /* file_attributes */
6828 INTERNAL_OPEN_ONLY, /* oplock_request */
6829 0, /* allocation_size */
6830 0, /* private_flags */
6831 NULL, /* sd */
6832 NULL, /* ea_list */
6833 &fsp2, /* result */
6834 NULL); /* psbuf */
6835
6836 if (!NT_STATUS_IS_OK(status)) {
6837 close_file(NULL, fsp1, ERROR_CLOSE);
6838 goto out;
6839 }
6840
6841 if (ofun & OPENX_FILE_EXISTS_OPEN) {
6842 ret = SMB_VFS_LSEEK(fsp2, 0, SEEK_END);
6843 if (ret == -1) {
6844 DEBUG(0, ("error - vfs lseek returned error %s\n",
6845 strerror(errno)));
6846 status = map_nt_error_from_unix(errno);
6847 close_file(NULL, fsp1, ERROR_CLOSE);
6848 close_file(NULL, fsp2, ERROR_CLOSE);
6849 goto out;
6850 }
6851 }
6852
6853 /* Do the actual copy. */
6854 if (smb_fname_src->st.st_ex_size) {
6855 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
6856 } else {
6857 ret = 0;
6858 }
6859
6860 close_file(NULL, fsp1, NORMAL_CLOSE);
6861
6862 /* Ensure the modtime is set correctly on the destination file. */
6863 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
6864
6865 /*
6866 * As we are opening fsp1 read-only we only expect
6867 * an error on close on fsp2 if we are out of space.
6868 * Thus we don't look at the error return from the
6869 * close of fsp1.
6870 */
6871 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6872
6873 if (!NT_STATUS_IS_OK(status)) {
6874 goto out;
6875 }
6876
6877 if (ret != (SMB_OFF_T)smb_fname_src->st.st_ex_size) {
6878 status = NT_STATUS_DISK_FULL;
6879 goto out;
6880 }
6881
6882 status = NT_STATUS_OK;
6883
6884 out:
6885 TALLOC_FREE(smb_fname_dst_tmp);
6886 return status;
6887 }
6888
6889 /****************************************************************************
6890 Reply to a file copy.
6891 ****************************************************************************/
6892
6893 void reply_copy(struct smb_request *req)
6894 {
6895 connection_struct *conn = req->conn;
6896 struct smb_filename *smb_fname_src = NULL;
6897 struct smb_filename *smb_fname_dst = NULL;
6898 char *fname_src = NULL;
6899 char *fname_dst = NULL;
6900 char *fname_src_mask = NULL;
6901 char *fname_src_dir = NULL;
6902 const char *p;
6903 int count=0;
6904 int error = ERRnoaccess;
6905 int tid2;
6906 int ofun;
6907 int flags;
6908 bool target_is_directory=False;
6909 bool source_has_wild = False;
6910 bool dest_has_wild = False;
6911 NTSTATUS status;
6912 TALLOC_CTX *ctx = talloc_tos();
6913
6914 START_PROFILE(SMBcopy);
6915
6916 if (req->wct < 3) {
6917 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6918 goto out;
6919 }
6920
6921 tid2 = SVAL(req->vwv+0, 0);
6922 ofun = SVAL(req->vwv+1, 0);
6923 flags = SVAL(req->vwv+2, 0);
6924
6925 p = (const char *)req->buf;
6926 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
6927 &status, &source_has_wild);
6928 if (!NT_STATUS_IS_OK(status)) {
6929 reply_nterror(req, status);
6930 goto out;
6931 }
6932 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
6933 &status, &dest_has_wild);
6934 if (!NT_STATUS_IS_OK(status)) {
6935 reply_nterror(req, status);
6936 goto out;
6937 }
6938
6939 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
6940
6941 if (tid2 != conn->cnum) {
6942 /* can't currently handle inter share copies XXXX */
6943 DEBUG(3,("Rejecting inter-share copy\n"));
6944 reply_nterror(req, NT_STATUS_BAD_DEVICE_TYPE);
6945 goto out;
6946 }
6947
6948 status = filename_convert(ctx, conn,
6949 req->flags2 & FLAGS2_DFS_PATHNAMES,
6950 fname_src,
6951 UCF_COND_ALLOW_WCARD_LCOMP,
6952 &source_has_wild,
6953 &smb_fname_src);
6954 if (!NT_STATUS_IS_OK(status)) {
6955 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6956 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6957 ERRSRV, ERRbadpath);
6958 goto out;
6959 }
6960 reply_nterror(req, status);
6961 goto out;
6962 }
6963
6964 status = filename_convert(ctx, conn,
6965 req->flags2 & FLAGS2_DFS_PATHNAMES,
6966 fname_dst,
6967 UCF_COND_ALLOW_WCARD_LCOMP,
6968 &dest_has_wild,
6969 &smb_fname_dst);
6970 if (!NT_STATUS_IS_OK(status)) {
6971 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6972 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6973 ERRSRV, ERRbadpath);
6974 goto out;
6975 }
6976 reply_nterror(req, status);
6977 goto out;
6978 }
6979
6980 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
6981
6982 if ((flags&1) && target_is_directory) {
6983 reply_nterror(req, NT_STATUS_NO_SUCH_FILE);
6984 goto out;
6985 }
6986
6987 if ((flags&2) && !target_is_directory) {
6988 reply_nterror(req, NT_STATUS_OBJECT_PATH_NOT_FOUND);
6989 goto out;
6990 }
6991
6992 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
6993 /* wants a tree copy! XXXX */
6994 DEBUG(3,("Rejecting tree copy\n"));
6995 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6996 goto out;
6997 }
6998
6999 /* Split up the directory from the filename/mask. */
7000 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
7001 &fname_src_dir, &fname_src_mask);
7002 if (!NT_STATUS_IS_OK(status)) {
7003 reply_nterror(req, NT_STATUS_NO_MEMORY);
7004 goto out;
7005 }
7006
7007 /*
7008 * We should only check the mangled cache
7009 * here if unix_convert failed. This means
7010 * that the path in 'mask' doesn't exist
7011 * on the file system and so we need to look
7012 * for a possible mangle. This patch from
7013 * Tine Smukavec <valentin.smukavec@hermes.si>.
7014 */
7015 if (!VALID_STAT(smb_fname_src->st) &&
7016 mangle_is_mangled(fname_src_mask, conn->params)) {
7017 char *new_mask = NULL;
7018 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
7019 &new_mask, conn->params);
7020
7021 /* Use demangled name if one was successfully found. */
7022 if (new_mask) {
7023 TALLOC_FREE(fname_src_mask);
7024 fname_src_mask = new_mask;
7025 }
7026 }
7027
7028 if (!source_has_wild) {
7029
7030 /*
7031 * Only one file needs to be copied. Append the mask back onto
7032 * the directory.
7033 */
7034 TALLOC_FREE(smb_fname_src->base_name);
7035 if (ISDOT(fname_src_dir)) {
7036 /* Ensure we use canonical names on open. */
7037 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
7038 "%s",
7039 fname_src_mask);
7040 } else {
7041 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
7042 "%s/%s",
7043 fname_src_dir,
7044 fname_src_mask);
7045 }
7046 if (!smb_fname_src->base_name) {
7047 reply_nterror(req, NT_STATUS_NO_MEMORY);
7048 goto out;
7049 }
7050
7051 if (dest_has_wild) {
7052 char *fname_dst_mod = NULL;
7053 if (!resolve_wildcards(smb_fname_dst,
7054 smb_fname_src->base_name,
7055 smb_fname_dst->base_name,
7056 &fname_dst_mod)) {
7057 reply_nterror(req, NT_STATUS_NO_MEMORY);
7058 goto out;
7059 }
7060 TALLOC_FREE(smb_fname_dst->base_name);
7061 smb_fname_dst->base_name = fname_dst_mod;
7062 }
7063
7064 status = check_name(conn, smb_fname_src->base_name);
7065 if (!NT_STATUS_IS_OK(status)) {
7066 reply_nterror(req, status);
7067 goto out;
7068 }
7069
7070 status = check_name(conn, smb_fname_dst->base_name);
7071 if (!NT_STATUS_IS_OK(status)) {
7072 reply_nterror(req, status);
7073 goto out;
7074 }
7075
7076 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
7077 ofun, count, target_is_directory);
7078
7079 if(!NT_STATUS_IS_OK(status)) {
7080 reply_nterror(req, status);
7081 goto out;
7082 } else {
7083 count++;
7084 }
7085 } else {
7086 struct smb_Dir *dir_hnd = NULL;
7087 const char *dname = NULL;
7088 char *talloced = NULL;
7089 long offset = 0;
7090
7091 /*
7092 * There is a wildcard that requires us to actually read the
7093 * src dir and copy each file matching the mask to the dst.
7094 * Right now streams won't be copied, but this could
7095 * presumably be added with a nested loop for reach dir entry.
7096 */
7097 SMB_ASSERT(!smb_fname_src->stream_name);
7098 SMB_ASSERT(!smb_fname_dst->stream_name);
7099
7100 smb_fname_src->stream_name = NULL;
7101 smb_fname_dst->stream_name = NULL;
7102
7103 if (strequal(fname_src_mask,"????????.???")) {
7104 TALLOC_FREE(fname_src_mask);
7105 fname_src_mask = talloc_strdup(ctx, "*");
7106 if (!fname_src_mask) {
7107 reply_nterror(req, NT_STATUS_NO_MEMORY);
7108 goto out;
7109 }
7110 }
7111
7112 status = check_name(conn, fname_src_dir);
7113 if (!NT_STATUS_IS_OK(status)) {
7114 reply_nterror(req, status);
7115 goto out;
7116 }
7117
7118 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
7119 if (dir_hnd == NULL) {
7120 status = map_nt_error_from_unix(errno);
7121 reply_nterror(req, status);
7122 goto out;
7123 }
7124
7125 error = ERRbadfile;
7126
7127 /* Iterate over the src dir copying each entry to the dst. */
7128 while ((dname = ReadDirName(dir_hnd, &offset,
7129 &smb_fname_src->st, &talloced))) {
7130 char *destname = NULL;
7131
7132 if (ISDOT(dname) || ISDOTDOT(dname)) {
7133 TALLOC_FREE(talloced);
7134 continue;
7135 }
7136
7137 if (!is_visible_file(conn, fname_src_dir, dname,
7138 &smb_fname_src->st, false)) {
7139 TALLOC_FREE(talloced);
7140 continue;
7141 }
7142
7143 if(!mask_match(dname, fname_src_mask,
7144 conn->case_sensitive)) {
7145 TALLOC_FREE(talloced);
7146 continue;
7147 }
7148
7149 error = ERRnoaccess;
7150
7151 /* Get the src smb_fname struct setup. */
7152 TALLOC_FREE(smb_fname_src->base_name);
7153 if (ISDOT(fname_src_dir)) {
7154 /* Ensure we use canonical names on open. */
7155 smb_fname_src->base_name =
7156 talloc_asprintf(smb_fname_src, "%s",
7157 dname);
7158 } else {
7159 smb_fname_src->base_name =
7160 talloc_asprintf(smb_fname_src, "%s/%s",
7161 fname_src_dir, dname);
7162 }
7163
7164 if (!smb_fname_src->base_name) {
7165 TALLOC_FREE(dir_hnd);
7166 TALLOC_FREE(talloced);
7167 reply_nterror(req, NT_STATUS_NO_MEMORY);
7168 goto out;
7169 }
7170
7171 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
7172 smb_fname_dst->base_name,
7173 &destname)) {
7174 TALLOC_FREE(talloced);
7175 continue;
7176 }
7177 if (!destname) {
7178 TALLOC_FREE(dir_hnd);
7179 TALLOC_FREE(talloced);
7180 reply_nterror(req, NT_STATUS_NO_MEMORY);
7181 goto out;
7182 }
7183
7184 TALLOC_FREE(smb_fname_dst->base_name);
7185 smb_fname_dst->base_name = destname;
7186
7187 status = check_name(conn, smb_fname_src->base_name);
7188 if (!NT_STATUS_IS_OK(status)) {
7189 TALLOC_FREE(dir_hnd);
7190 TALLOC_FREE(talloced);
7191 reply_nterror(req, status);
7192 goto out;
7193 }
7194
7195 status = check_name(conn, smb_fname_dst->base_name);
7196 if (!NT_STATUS_IS_OK(status)) {
7197 TALLOC_FREE(dir_hnd);
7198 TALLOC_FREE(talloced);
7199 reply_nterror(req, status);
7200 goto out;
7201 }
7202
7203 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
7204 smb_fname_src->base_name,
7205 smb_fname_dst->base_name));
7206
7207 status = copy_file(ctx, conn, smb_fname_src,
7208 smb_fname_dst, ofun, count,
7209 target_is_directory);
7210 if (NT_STATUS_IS_OK(status)) {
7211 count++;
7212 }
7213
7214 TALLOC_FREE(talloced);
7215 }
7216 TALLOC_FREE(dir_hnd);
7217 }
7218
7219 if (count == 0) {
7220 reply_nterror(req, dos_to_ntstatus(ERRDOS, error));
7221 goto out;
7222 }
7223
7224 reply_outbuf(req, 1, 0);
7225 SSVAL(req->outbuf,smb_vwv0,count);
7226 out:
7227 TALLOC_FREE(smb_fname_src);
7228 TALLOC_FREE(smb_fname_dst);
7229 TALLOC_FREE(fname_src);
7230 TALLOC_FREE(fname_dst);
7231 TALLOC_FREE(fname_src_mask);
7232 TALLOC_FREE(fname_src_dir);
7233
7234 END_PROFILE(SMBcopy);
7235 return;
7236 }
7237
7238 #undef DBGC_CLASS
7239 #define DBGC_CLASS DBGC_LOCKING
7240
7241 /****************************************************************************
7242 Get a lock pid, dealing with large count requests.
7243 ****************************************************************************/
7244
7245 uint64_t get_lock_pid(const uint8_t *data, int data_offset,
7246 bool large_file_format)
7247 {
7248 if(!large_file_format)
7249 return (uint64_t)SVAL(data,SMB_LPID_OFFSET(data_offset));
7250 else
7251 return (uint64_t)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
7252 }
7253
7254 /****************************************************************************
7255 Get a lock count, dealing with large count requests.
7256 ****************************************************************************/
7257
7258 uint64_t get_lock_count(const uint8_t *data, int data_offset,
7259 bool large_file_format)
7260 {
7261 uint64_t count = 0;
7262
7263 if(!large_file_format) {
7264 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
7265 } else {
7266
7267 #if defined(HAVE_LONGLONG)
7268 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
7269 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
7270 #else /* HAVE_LONGLONG */
7271
7272 /*
7273 * NT4.x seems to be broken in that it sends large file (64 bit)
7274 * lockingX calls even if the CAP_LARGE_FILES was *not*
7275 * negotiated. For boxes without large unsigned ints truncate the
7276 * lock count by dropping the top 32 bits.
7277 */
7278
7279 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
7280 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
7281 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
7282 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
7283 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
7284 }
7285
7286 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
7287 #endif /* HAVE_LONGLONG */
7288 }
7289
7290 return count;
7291 }
7292
7293 #if !defined(HAVE_LONGLONG)
7294 /****************************************************************************
7295 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
7296 ****************************************************************************/
7297
7298 static uint32 map_lock_offset(uint32 high, uint32 low)
7299 {
7300 unsigned int i;
7301 uint32 mask = 0;
7302 uint32 highcopy = high;
7303
7304 /*
7305 * Try and find out how many significant bits there are in high.
7306 */
7307
7308 for(i = 0; highcopy; i++)
7309 highcopy >>= 1;
7310
7311 /*
7312 * We use 31 bits not 32 here as POSIX
7313 * lock offsets may not be negative.
7314 */
7315
7316 mask = (~0) << (31 - i);
7317
7318 if(low & mask)
7319 return 0; /* Fail. */
7320
7321 high <<= (31 - i);
7322
7323 return (high|low);
7324 }
7325 #endif /* !defined(HAVE_LONGLONG) */
7326
7327 /****************************************************************************
7328 Get a lock offset, dealing with large offset requests.
7329 ****************************************************************************/
7330
7331 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
7332 bool large_file_format, bool *err)
7333 {
7334 uint64_t offset = 0;
7335
7336 *err = False;
7337
7338 if(!large_file_format) {
7339 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
7340 } else {
7341
7342 #if defined(HAVE_LONGLONG)
7343 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
7344 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
7345 #else /* HAVE_LONGLONG */
7346
7347 /*
7348 * NT4.x seems to be broken in that it sends large file (64 bit)
7349 * lockingX calls even if the CAP_LARGE_FILES was *not*
7350 * negotiated. For boxes without large unsigned ints mangle the
7351 * lock offset by mapping the top 32 bits onto the lower 32.
7352 */
7353
7354 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
7355 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7356 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
7357 uint32 new_low = 0;
7358
7359 if((new_low = map_lock_offset(high, low)) == 0) {
7360 *err = True;
7361 return (uint64_t)-1;
7362 }
7363
7364 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
7365 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
7366 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
7367 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
7368 }
7369
7370 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7371 #endif /* HAVE_LONGLONG */
7372 }
7373
7374 return offset;
7375 }
7376
7377 NTSTATUS smbd_do_locking(struct smb_request *req,
7378 files_struct *fsp,
7379 uint8_t type,
7380 int32_t timeout,
7381 uint16_t num_ulocks,
7382 struct smbd_lock_element *ulocks,
7383 uint16_t num_locks,
7384 struct smbd_lock_element *locks,
7385 bool *async)
7386 {
7387 connection_struct *conn = req->conn;
7388 int i;
7389 NTSTATUS status = NT_STATUS_OK;
7390
7391 *async = false;
7392
7393 /* Data now points at the beginning of the list
7394 of smb_unlkrng structs */
7395 for(i = 0; i < (int)num_ulocks; i++) {
7396 struct smbd_lock_element *e = &ulocks[i];
7397
7398 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
7399 "pid %u, file %s\n",
7400 (double)e->offset,
7401 (double)e->count,
7402 (unsigned int)e->smblctx,
7403 fsp_str_dbg(fsp)));
7404
7405 if (e->brltype != UNLOCK_LOCK) {
7406 /* this can only happen with SMB2 */
7407 return NT_STATUS_INVALID_PARAMETER;
7408 }
7409
7410 status = do_unlock(req->sconn->msg_ctx,
7411 fsp,
7412 e->smblctx,
7413 e->count,
7414 e->offset,
7415 WINDOWS_LOCK);
7416
7417 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7418 nt_errstr(status)));
7419
7420 if (!NT_STATUS_IS_OK(status)) {
7421 return status;
7422 }
7423 }
7424
7425 /* Setup the timeout in seconds. */
7426
7427 if (!lp_blocking_locks(SNUM(conn))) {
7428 timeout = 0;
7429 }
7430
7431 /* Data now points at the beginning of the list
7432 of smb_lkrng structs */
7433
7434 for(i = 0; i < (int)num_locks; i++) {
7435 struct smbd_lock_element *e = &locks[i];
7436
7437 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for smblctx "
7438 "%llu, file %s timeout = %d\n",
7439 (double)e->offset,
7440 (double)e->count,
7441 (unsigned long long)e->smblctx,
7442 fsp_str_dbg(fsp),
7443 (int)timeout));
7444
7445 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7446 struct blocking_lock_record *blr = NULL;
7447
7448 if (num_locks > 1) {
7449 /*
7450 * MS-CIFS (2.2.4.32.1) states that a cancel is honored if and only
7451 * if the lock vector contains one entry. When given mutliple cancel
7452 * requests in a single PDU we expect the server to return an
7453 * error. Windows servers seem to accept the request but only
7454 * cancel the first lock.
7455 * JRA - Do what Windows does (tm) :-).
7456 */
7457
7458 #if 0
7459 /* MS-CIFS (2.2.4.32.1) behavior. */
7460 return NT_STATUS_DOS(ERRDOS,
7461 ERRcancelviolation);
7462 #else
7463 /* Windows behavior. */
7464 if (i != 0) {
7465 DEBUG(10,("smbd_do_locking: ignoring subsequent "
7466 "cancel request\n"));
7467 continue;
7468 }
7469 #endif
7470 }
7471
7472 if (lp_blocking_locks(SNUM(conn))) {
7473
7474 /* Schedule a message to ourselves to
7475 remove the blocking lock record and
7476 return the right error. */
7477
7478 blr = blocking_lock_cancel_smb1(fsp,
7479 e->smblctx,
7480 e->offset,
7481 e->count,
7482 WINDOWS_LOCK,
7483 type,
7484 NT_STATUS_FILE_LOCK_CONFLICT);
7485 if (blr == NULL) {
7486 return NT_STATUS_DOS(
7487 ERRDOS,
7488 ERRcancelviolation);
7489 }
7490 }
7491 /* Remove a matching pending lock. */
7492 status = do_lock_cancel(fsp,
7493 e->smblctx,
7494 e->count,
7495 e->offset,
7496 WINDOWS_LOCK,
7497 blr);
7498 } else {
7499 bool blocking_lock = timeout ? true : false;
7500 bool defer_lock = false;
7501 struct byte_range_lock *br_lck;
7502 uint64_t block_smblctx;
7503
7504 br_lck = do_lock(req->sconn->msg_ctx,
7505 fsp,
7506 e->smblctx,
7507 e->count,
7508 e->offset,
7509 e->brltype,
7510 WINDOWS_LOCK,
7511 blocking_lock,
7512 &status,
7513 &block_smblctx,
7514 NULL);
7515
7516 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7517 /* Windows internal resolution for blocking locks seems
7518 to be about 200ms... Don't wait for less than that. JRA. */
7519 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7520 timeout = lp_lock_spin_time();
7521 }
7522 defer_lock = true;
7523 }
7524
7525 /* If a lock sent with timeout of zero would fail, and
7526 * this lock has been requested multiple times,
7527 * according to brl_lock_failed() we convert this
7528 * request to a blocking lock with a timeout of between
7529 * 150 - 300 milliseconds.
7530 *
7531 * If lp_lock_spin_time() has been set to 0, we skip
7532 * this blocking retry and fail immediately.
7533 *
7534 * Replacement for do_lock_spin(). JRA. */
7535
7536 if (!req->sconn->using_smb2 &&
7537 br_lck && lp_blocking_locks(SNUM(conn)) &&
7538 lp_lock_spin_time() && !blocking_lock &&
7539 NT_STATUS_EQUAL((status),
7540 NT_STATUS_FILE_LOCK_CONFLICT))
7541 {
7542 defer_lock = true;
7543 timeout = lp_lock_spin_time();
7544 }
7545
7546 if (br_lck && defer_lock) {
7547 /*
7548 * A blocking lock was requested. Package up
7549 * this smb into a queued request and push it
7550 * onto the blocking lock queue.
7551 */
7552 if(push_blocking_lock_request(br_lck,
7553 req,
7554 fsp,
7555 timeout,
7556 i,
7557 e->smblctx,
7558 e->brltype,
7559 WINDOWS_LOCK,
7560 e->offset,
7561 e->count,
7562 block_smblctx)) {
7563 TALLOC_FREE(br_lck);
7564 *async = true;
7565 return NT_STATUS_OK;
7566 }
7567 }
7568
7569 TALLOC_FREE(br_lck);
7570 }
7571
7572 if (!NT_STATUS_IS_OK(status)) {
7573 break;
7574 }
7575 }
7576
7577 /* If any of the above locks failed, then we must unlock
7578 all of the previous locks (X/Open spec). */
7579
7580 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7581
7582 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7583 i = -1; /* we want to skip the for loop */
7584 }
7585
7586 /*
7587 * Ensure we don't do a remove on the lock that just failed,
7588 * as under POSIX rules, if we have a lock already there, we
7589 * will delete it (and we shouldn't) .....
7590 */
7591 for(i--; i >= 0; i--) {
7592 struct smbd_lock_element *e = &locks[i];
7593
7594 do_unlock(req->sconn->msg_ctx,
7595 fsp,
7596 e->smblctx,
7597 e->count,
7598 e->offset,
7599 WINDOWS_LOCK);
7600 }
7601 return status;
7602 }
7603
7604 DEBUG(3, ("smbd_do_locking: fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7605 fsp->fnum, (unsigned int)type, num_locks, num_ulocks));
7606
7607 return NT_STATUS_OK;
7608 }
7609
7610 /****************************************************************************
7611 Reply to a lockingX request.
7612 ****************************************************************************/
7613
7614 void reply_lockingX(struct smb_request *req)
7615 {
7616 connection_struct *conn = req->conn;
7617 files_struct *fsp;
7618 unsigned char locktype;
7619 unsigned char oplocklevel;
7620 uint16 num_ulocks;
7621 uint16 num_locks;
7622 int32 lock_timeout;
7623 int i;
7624 const uint8_t *data;
7625 bool large_file_format;
7626 bool err;
7627 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7628 struct smbd_lock_element *ulocks;
7629 struct smbd_lock_element *locks;
7630 bool async = false;
7631
7632 START_PROFILE(SMBlockingX);
7633
7634 if (req->wct < 8) {
7635 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7636 END_PROFILE(SMBlockingX);
7637 return;
7638 }
7639
7640 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7641 locktype = CVAL(req->vwv+3, 0);
7642 oplocklevel = CVAL(req->vwv+3, 1);
7643 num_ulocks = SVAL(req->vwv+6, 0);
7644 num_locks = SVAL(req->vwv+7, 0);
7645 lock_timeout = IVAL(req->vwv+4, 0);
7646 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7647
7648 if (!check_fsp(conn, req, fsp)) {
7649 END_PROFILE(SMBlockingX);
7650 return;
7651 }
7652
7653 data = req->buf;
7654
7655 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7656 /* we don't support these - and CANCEL_LOCK makes w2k
7657 and XP reboot so I don't really want to be
7658 compatible! (tridge) */
7659 reply_force_doserror(req, ERRDOS, ERRnoatomiclocks);
7660 END_PROFILE(SMBlockingX);
7661 return;
7662 }
7663
7664 /* Check if this is an oplock break on a file
7665 we have granted an oplock on.
7666 */
7667 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7668 /* Client can insist on breaking to none. */
7669 bool break_to_none = (oplocklevel == 0);
7670 bool result;
7671
7672 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7673 "for fnum = %d\n", (unsigned int)oplocklevel,
7674 fsp->fnum ));
7675
7676 /*
7677 * Make sure we have granted an exclusive or batch oplock on
7678 * this file.
7679 */
7680
7681 if (fsp->oplock_type == 0) {
7682
7683 /* The Samba4 nbench simulator doesn't understand
7684 the difference between break to level2 and break
7685 to none from level2 - it sends oplock break
7686 replies in both cases. Don't keep logging an error
7687 message here - just ignore it. JRA. */
7688
7689 DEBUG(5,("reply_lockingX: Error : oplock break from "
7690 "client for fnum = %d (oplock=%d) and no "
7691 "oplock granted on this file (%s).\n",
7692 fsp->fnum, fsp->oplock_type,
7693 fsp_str_dbg(fsp)));
7694
7695 /* if this is a pure oplock break request then don't
7696 * send a reply */
7697 if (num_locks == 0 && num_ulocks == 0) {
7698 END_PROFILE(SMBlockingX);
7699 return;
7700 } else {
7701 END_PROFILE(SMBlockingX);
7702 reply_nterror(req, NT_STATUS_FILE_LOCK_CONFLICT);
7703 return;
7704 }
7705 }
7706
7707 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7708 (break_to_none)) {
7709 result = remove_oplock(fsp);
7710 } else {
7711 result = downgrade_oplock(fsp);
7712 }
7713
7714 if (!result) {
7715 DEBUG(0, ("reply_lockingX: error in removing "
7716 "oplock on file %s\n", fsp_str_dbg(fsp)));
7717 /* Hmmm. Is this panic justified? */
7718 smb_panic("internal tdb error");
7719 }
7720
7721 reply_to_oplock_break_requests(fsp);
7722
7723 /* if this is a pure oplock break request then don't send a
7724 * reply */
7725 if (num_locks == 0 && num_ulocks == 0) {
7726 /* Sanity check - ensure a pure oplock break is not a
7727 chained request. */
7728 if(CVAL(req->vwv+0, 0) != 0xff)
7729 DEBUG(0,("reply_lockingX: Error : pure oplock "
7730 "break is a chained %d request !\n",
7731 (unsigned int)CVAL(req->vwv+0, 0)));
7732 END_PROFILE(SMBlockingX);
7733 return;
7734 }
7735 }
7736
7737 if (req->buflen <
7738 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
7739 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7740 END_PROFILE(SMBlockingX);
7741 return;
7742 }
7743
7744 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
7745 if (ulocks == NULL) {
7746 reply_nterror(req, NT_STATUS_NO_MEMORY);
7747 END_PROFILE(SMBlockingX);
7748 return;
7749 }
7750
7751 locks = talloc_array(req, struct smbd_lock_element, num_locks);
7752 if (locks == NULL) {
7753 reply_nterror(req, NT_STATUS_NO_MEMORY);
7754 END_PROFILE(SMBlockingX);
7755 return;
7756 }
7757
7758 /* Data now points at the beginning of the list
7759 of smb_unlkrng structs */
7760 for(i = 0; i < (int)num_ulocks; i++) {
7761 ulocks[i].smblctx = get_lock_pid(data, i, large_file_format);
7762 ulocks[i].count = get_lock_count(data, i, large_file_format);
7763 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7764 ulocks[i].brltype = UNLOCK_LOCK;
7765
7766 /*
7767 * There is no error code marked "stupid client bug".... :-).
7768 */
7769 if(err) {
7770 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7771 END_PROFILE(SMBlockingX);
7772 return;
7773 }
7774 }
7775
7776 /* Now do any requested locks */
7777 data += ((large_file_format ? 20 : 10)*num_ulocks);
7778
7779 /* Data now points at the beginning of the list
7780 of smb_lkrng structs */
7781
7782 for(i = 0; i < (int)num_locks; i++) {
7783 locks[i].smblctx = get_lock_pid(data, i, large_file_format);
7784 locks[i].count = get_lock_count(data, i, large_file_format);
7785 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7786
7787 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
7788 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7789 locks[i].brltype = PENDING_READ_LOCK;
7790 } else {
7791 locks[i].brltype = READ_LOCK;
7792 }
7793 } else {
7794 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7795 locks[i].brltype = PENDING_WRITE_LOCK;
7796 } else {
7797 locks[i].brltype = WRITE_LOCK;
7798 }
7799 }
7800
7801 /*
7802 * There is no error code marked "stupid client bug".... :-).
7803 */
7804 if(err) {
7805 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
7806 END_PROFILE(SMBlockingX);
7807 return;
7808 }
7809 }
7810
7811 status = smbd_do_locking(req, fsp,
7812 locktype, lock_timeout,
7813 num_ulocks, ulocks,
7814 num_locks, locks,
7815 &async);
7816 if (!NT_STATUS_IS_OK(status)) {
7817 END_PROFILE(SMBlockingX);
7818 reply_nterror(req, status);
7819 return;
7820 }
7821 if (async) {
7822 END_PROFILE(SMBlockingX);
7823 return;
7824 }
7825
7826 reply_outbuf(req, 2, 0);
7827
7828 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7829 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7830
7831 END_PROFILE(SMBlockingX);
7832 chain_reply(req);
7833 }
7834
7835 #undef DBGC_CLASS
7836 #define DBGC_CLASS DBGC_ALL
7837
7838 /****************************************************************************
7839 Reply to a SMBreadbmpx (read block multiplex) request.
7840 Always reply with an error, if someone has a platform really needs this,
7841 please contact vl@samba.org
7842 ****************************************************************************/
7843
7844 void reply_readbmpx(struct smb_request *req)
7845 {
7846 START_PROFILE(SMBreadBmpx);
7847 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7848 END_PROFILE(SMBreadBmpx);
7849 return;
7850 }
7851
7852 /****************************************************************************
7853 Reply to a SMBreadbs (read block multiplex secondary) request.
7854 Always reply with an error, if someone has a platform really needs this,
7855 please contact vl@samba.org
7856 ****************************************************************************/
7857
7858 void reply_readbs(struct smb_request *req)
7859 {
7860 START_PROFILE(SMBreadBs);
7861 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7862 END_PROFILE(SMBreadBs);
7863 return;
7864 }
7865
7866 /****************************************************************************
7867 Reply to a SMBsetattrE.
7868 ****************************************************************************/
7869
7870 void reply_setattrE(struct smb_request *req)
7871 {
7872 connection_struct *conn = req->conn;
7873 struct smb_file_time ft;
7874 files_struct *fsp;
7875 NTSTATUS status;
7876
7877 START_PROFILE(SMBsetattrE);
7878 ZERO_STRUCT(ft);
7879
7880 if (req->wct < 7) {
7881 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7882 goto out;
7883 }
7884
7885 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7886
7887 if(!fsp || (fsp->conn != conn)) {
7888 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7889 goto out;
7890 }
7891
7892 /*
7893 * Convert the DOS times into unix times.
7894 */
7895
7896 ft.atime = convert_time_t_to_timespec(
7897 srv_make_unix_date2(req->vwv+3));
7898 ft.mtime = convert_time_t_to_timespec(
7899 srv_make_unix_date2(req->vwv+5));
7900 ft.create_time = convert_time_t_to_timespec(
7901 srv_make_unix_date2(req->vwv+1));
7902
7903 reply_outbuf(req, 0, 0);
7904
7905 /*
7906 * Patch from Ray Frush <frush@engr.colostate.edu>
7907 * Sometimes times are sent as zero - ignore them.
7908 */
7909
7910 /* Ensure we have a valid stat struct for the source. */
7911 status = vfs_stat_fsp(fsp);
7912 if (!NT_STATUS_IS_OK(status)) {
7913 reply_nterror(req, status);
7914 goto out;
7915 }
7916
7917 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
7918 if (!NT_STATUS_IS_OK(status)) {
7919 reply_nterror(req, status);
7920 goto out;
7921 }
7922
7923 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7924 " createtime=%u\n",
7925 fsp->fnum,
7926 (unsigned int)ft.atime.tv_sec,
7927 (unsigned int)ft.mtime.tv_sec,
7928 (unsigned int)ft.create_time.tv_sec
7929 ));
7930 out:
7931 END_PROFILE(SMBsetattrE);
7932 return;
7933 }
7934
7935
7936 /* Back from the dead for OS/2..... JRA. */
7937
7938 /****************************************************************************
7939 Reply to a SMBwritebmpx (write block multiplex primary) request.
7940 Always reply with an error, if someone has a platform really needs this,
7941 please contact vl@samba.org
7942 ****************************************************************************/
7943
7944 void reply_writebmpx(struct smb_request *req)
7945 {
7946 START_PROFILE(SMBwriteBmpx);
7947 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7948 END_PROFILE(SMBwriteBmpx);
7949 return;
7950 }
7951
7952 /****************************************************************************
7953 Reply to a SMBwritebs (write block multiplex secondary) request.
7954 Always reply with an error, if someone has a platform really needs this,
7955 please contact vl@samba.org
7956 ****************************************************************************/
7957
7958 void reply_writebs(struct smb_request *req)
7959 {
7960 START_PROFILE(SMBwriteBs);
7961 reply_force_doserror(req, ERRSRV, ERRuseSTD);
7962 END_PROFILE(SMBwriteBs);
7963 return;
7964 }
7965
7966 /****************************************************************************
7967 Reply to a SMBgetattrE.
7968 ****************************************************************************/
7969
7970 void reply_getattrE(struct smb_request *req)
7971 {
7972 connection_struct *conn = req->conn;
7973 int mode;
7974 files_struct *fsp;
7975 struct timespec create_ts;
7976
7977 START_PROFILE(SMBgetattrE);
7978
7979 if (req->wct < 1) {
7980 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7981 END_PROFILE(SMBgetattrE);
7982 return;
7983 }
7984
7985 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7986
7987 if(!fsp || (fsp->conn != conn)) {
7988 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
7989 END_PROFILE(SMBgetattrE);
7990 return;
7991 }
7992
7993 /* Do an fstat on this file */
7994 if(fsp_stat(fsp)) {
7995 reply_nterror(req, map_nt_error_from_unix(errno));
7996 END_PROFILE(SMBgetattrE);
7997 return;
7998 }
7999
8000 mode = dos_mode(conn, fsp->fsp_name);
8001
8002 /*
8003 * Convert the times into dos times. Set create
8004 * date to be last modify date as UNIX doesn't save
8005 * this.
8006 */
8007
8008 reply_outbuf(req, 11, 0);
8009
8010 create_ts = get_create_timespec(conn, fsp, fsp->fsp_name);
8011 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
8012 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
8013 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_atime));
8014 /* Should we check pending modtime here ? JRA */
8015 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
8016 convert_timespec_to_time_t(fsp->fsp_name->st.st_ex_mtime));
8017
8018 if (mode & FILE_ATTRIBUTE_DIRECTORY) {
8019 SIVAL(req->outbuf, smb_vwv6, 0);
8020 SIVAL(req->outbuf, smb_vwv8, 0);
8021 } else {
8022 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &fsp->fsp_name->st);
8023 SIVAL(req->outbuf, smb_vwv6, (uint32)fsp->fsp_name->st.st_ex_size);
8024 SIVAL(req->outbuf, smb_vwv8, allocation_size);
8025 }
8026 SSVAL(req->outbuf,smb_vwv10, mode);
8027
8028 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
8029
8030 END_PROFILE(SMBgetattrE);
8031 return;
8032 }
Samba GIT mirror