3 Unix SMB/Netbios implementation.
5 SMB NT transaction handling
6 Copyright (C) Jeremy Allison 1994-1998
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 extern int DEBUGLEVEL
;
27 extern int smb_read_error
;
28 extern int global_oplock_break
;
29 extern BOOL case_sensitive
;
30 extern BOOL case_preserve
;
31 extern BOOL short_case_preserve
;
33 static char *known_nt_pipes
[] = {
51 /****************************************************************************
52 Send the required number of replies back.
53 We assume all fields other than the data fields are
54 set correctly for the type of call.
55 HACK ! Always assumes smb_setup field is zero.
56 ****************************************************************************/
58 static int send_nt_replies(char *inbuf
, char *outbuf
, int bufsize
, uint32 nt_error
, char *params
,
59 int paramsize
, char *pdata
, int datasize
)
62 int data_to_send
= datasize
;
63 int params_to_send
= paramsize
;
67 int params_sent_thistime
, data_sent_thistime
, total_sent_thistime
;
68 int alignment_offset
= 3;
69 int data_alignment_offset
= 0;
72 * Initially set the wcnt area to be 18 - this is true for all
76 set_message(outbuf
,18,0,True
);
80 SSVAL(outbuf
,smb_flg2
, SVAL(outbuf
,smb_flg2
) | FLAGS2_32_BIT_ERROR_CODES
);
86 * If there genuinely are no parameters or data to send just send
90 if(params_to_send
== 0 && data_to_send
== 0) {
91 send_smb(smbd_server_fd(),outbuf
);
96 * When sending params and data ensure that both are nicely aligned.
97 * Only do this alignment when there is also data to send - else
98 * can cause NT redirector problems.
101 if (((params_to_send
% 4) != 0) && (data_to_send
!= 0))
102 data_alignment_offset
= 4 - (params_to_send
% 4);
105 * Space is bufsize minus Netbios over TCP header minus SMB header.
106 * The alignment_offset is to align the param bytes on a four byte
107 * boundary (2 bytes for data len, one byte pad).
108 * NT needs this to work correctly.
111 useable_space
= bufsize
- ((smb_buf(outbuf
)+
112 alignment_offset
+data_alignment_offset
) -
116 * useable_space can never be more than max_send minus the
120 useable_space
= MIN(useable_space
,
121 max_send
- (alignment_offset
+data_alignment_offset
));
124 while (params_to_send
|| data_to_send
) {
127 * Calculate whether we will totally or partially fill this packet.
130 total_sent_thistime
= params_to_send
+ data_to_send
+
131 alignment_offset
+ data_alignment_offset
;
134 * We can never send more than useable_space.
137 total_sent_thistime
= MIN(total_sent_thistime
, useable_space
);
139 set_message(outbuf
, 18, total_sent_thistime
, True
);
142 * Set total params and data to be sent.
145 SIVAL(outbuf
,smb_ntr_TotalParameterCount
,paramsize
);
146 SIVAL(outbuf
,smb_ntr_TotalDataCount
,datasize
);
149 * Calculate how many parameters and data we can fit into
150 * this packet. Parameters get precedence.
153 params_sent_thistime
= MIN(params_to_send
,useable_space
);
154 data_sent_thistime
= useable_space
- params_sent_thistime
;
155 data_sent_thistime
= MIN(data_sent_thistime
,data_to_send
);
157 SIVAL(outbuf
,smb_ntr_ParameterCount
,params_sent_thistime
);
159 if(params_sent_thistime
== 0) {
160 SIVAL(outbuf
,smb_ntr_ParameterOffset
,0);
161 SIVAL(outbuf
,smb_ntr_ParameterDisplacement
,0);
164 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
165 * parameter bytes, however the first 4 bytes of outbuf are
166 * the Netbios over TCP header. Thus use smb_base() to subtract
167 * them from the calculation.
170 SIVAL(outbuf
,smb_ntr_ParameterOffset
,
171 ((smb_buf(outbuf
)+alignment_offset
) - smb_base(outbuf
)));
173 * Absolute displacement of param bytes sent in this packet.
176 SIVAL(outbuf
,smb_ntr_ParameterDisplacement
,pp
- params
);
180 * Deal with the data portion.
183 SIVAL(outbuf
,smb_ntr_DataCount
, data_sent_thistime
);
185 if(data_sent_thistime
== 0) {
186 SIVAL(outbuf
,smb_ntr_DataOffset
,0);
187 SIVAL(outbuf
,smb_ntr_DataDisplacement
, 0);
190 * The offset of the data bytes is the offset of the
191 * parameter bytes plus the number of parameters being sent this time.
194 SIVAL(outbuf
,smb_ntr_DataOffset
,((smb_buf(outbuf
)+alignment_offset
) -
195 smb_base(outbuf
)) + params_sent_thistime
+ data_alignment_offset
);
196 SIVAL(outbuf
,smb_ntr_DataDisplacement
, pd
- pdata
);
200 * Copy the param bytes into the packet.
203 if(params_sent_thistime
)
204 memcpy((smb_buf(outbuf
)+alignment_offset
),pp
,params_sent_thistime
);
207 * Copy in the data bytes
210 if(data_sent_thistime
)
211 memcpy(smb_buf(outbuf
)+alignment_offset
+params_sent_thistime
+
212 data_alignment_offset
,pd
,data_sent_thistime
);
214 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
215 params_sent_thistime
, data_sent_thistime
, useable_space
));
216 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
217 params_to_send
, data_to_send
, paramsize
, datasize
));
219 /* Send the packet */
220 send_smb(smbd_server_fd(),outbuf
);
222 pp
+= params_sent_thistime
;
223 pd
+= data_sent_thistime
;
225 params_to_send
-= params_sent_thistime
;
226 data_to_send
-= data_sent_thistime
;
232 if(params_to_send
< 0 || data_to_send
< 0) {
233 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
234 params_to_send
, data_to_send
));
242 /****************************************************************************
243 (Hopefully) temporary call to fix bugs in NT5.0beta2. This OS sends unicode
244 strings in NT calls AND DOESN'T SET THE UNICODE BIT !!!!!!!
245 ****************************************************************************/
247 static void get_filename( char *fname
, char *inbuf
, int data_offset
, int data_len
, int fname_len
)
250 * We need various heuristics here to detect a unicode string... JRA.
253 DEBUG(10,("get_filename: data_offset = %d, data_len = %d, fname_len = %d\n",
254 data_offset
, data_len
, fname_len
));
256 if(data_len
- fname_len
> 1) {
258 * NT 5.0 Beta 2 has kindly sent us a UNICODE string
259 * without bothering to set the unicode bit. How kind.
261 * Firstly - ensure that the data offset is aligned
262 * on a 2 byte boundary - add one if not.
264 fname_len
= fname_len
/2;
267 pstrcpy(fname
, dos_unistrn2((uint16
*)(inbuf
+data_offset
), fname_len
));
269 StrnCpy(fname
,inbuf
+data_offset
,fname_len
);
270 fname
[fname_len
] = '\0';
274 /****************************************************************************
275 Fix bugs in Win2000 final release. In trans calls this OS sends unicode
276 strings AND DOESN'T SET THE UNICODE BIT !!!!!!!
277 ****************************************************************************/
279 static void get_filename_transact( char *fname
, char *inbuf
, int data_offset
, int data_len
, int fname_len
)
282 * We need various heuristics here to detect a unicode string... JRA.
285 DEBUG(10,("get_filename_transact: data_offset = %d, data_len = %d, fname_len = %d\n",
286 data_offset
, data_len
, fname_len
));
289 * Win2K sends a unicode filename plus one extra alingment byte.
290 * WinNT4.x send an ascii string with multiple garbage bytes on
294 if((data_len
- fname_len
== 1) || (inbuf
[data_offset
] == '\0')) {
296 * Ensure that the data offset is aligned
297 * on a 2 byte boundary - add one if not.
299 fname_len
= fname_len
/2;
302 pstrcpy(fname
, dos_unistrn2((uint16
*)(inbuf
+data_offset
), fname_len
));
304 StrnCpy(fname
,inbuf
+data_offset
,fname_len
);
305 fname
[fname_len
] = '\0';
309 /****************************************************************************
311 ****************************************************************************/
313 static BOOL saved_case_sensitive
;
314 static BOOL saved_case_preserve
;
315 static BOOL saved_short_case_preserve
;
317 /****************************************************************************
319 ****************************************************************************/
321 static void set_posix_case_semantics(uint32 file_attributes
)
323 if(!(file_attributes
& FILE_FLAG_POSIX_SEMANTICS
))
326 saved_case_sensitive
= case_sensitive
;
327 saved_case_preserve
= case_preserve
;
328 saved_short_case_preserve
= short_case_preserve
;
331 case_sensitive
= True
;
332 case_preserve
= True
;
333 short_case_preserve
= True
;
336 /****************************************************************************
337 Restore case semantics.
338 ****************************************************************************/
340 static void restore_case_semantics(uint32 file_attributes
)
342 if(!(file_attributes
& FILE_FLAG_POSIX_SEMANTICS
))
345 case_sensitive
= saved_case_sensitive
;
346 case_preserve
= saved_case_preserve
;
347 short_case_preserve
= saved_short_case_preserve
;
350 /****************************************************************************
351 Utility function to map create disposition.
352 ****************************************************************************/
354 static int map_create_disposition( uint32 create_disposition
)
358 switch( create_disposition
) {
360 /* create if not exist, fail if exist */
361 ret
= (FILE_CREATE_IF_NOT_EXIST
|FILE_EXISTS_FAIL
);
364 case FILE_OVERWRITE_IF
:
365 /* create if not exist, trunc if exist */
366 ret
= (FILE_CREATE_IF_NOT_EXIST
|FILE_EXISTS_TRUNCATE
);
369 /* fail if not exist, open if exists */
370 ret
= (FILE_FAIL_IF_NOT_EXIST
|FILE_EXISTS_OPEN
);
373 /* create if not exist, open if exists */
374 ret
= (FILE_CREATE_IF_NOT_EXIST
|FILE_EXISTS_OPEN
);
377 /* fail if not exist, truncate if exists */
378 ret
= (FILE_FAIL_IF_NOT_EXIST
|FILE_EXISTS_TRUNCATE
);
381 DEBUG(0,("map_create_disposition: Incorrect value for create_disposition = %d\n",
382 create_disposition
));
386 DEBUG(10,("map_create_disposition: Mapped create_disposition %lx to %x\n",
387 (unsigned long)create_disposition
, ret
));
392 /****************************************************************************
393 Utility function to map share modes.
394 ****************************************************************************/
396 static int map_share_mode( BOOL
*pstat_open_only
, char *fname
,
397 uint32 desired_access
, uint32 share_access
, uint32 file_attributes
)
399 int smb_open_mode
= -1;
401 *pstat_open_only
= False
;
403 switch( desired_access
& (FILE_READ_DATA
|FILE_WRITE_DATA
|FILE_APPEND_DATA
) ) {
405 smb_open_mode
= DOS_OPEN_RDONLY
;
407 case FILE_WRITE_DATA
:
408 case FILE_APPEND_DATA
:
409 case FILE_WRITE_DATA
|FILE_APPEND_DATA
:
410 smb_open_mode
= DOS_OPEN_WRONLY
;
412 case FILE_READ_DATA
|FILE_WRITE_DATA
:
413 case FILE_READ_DATA
|FILE_WRITE_DATA
|FILE_APPEND_DATA
:
414 case FILE_READ_DATA
|FILE_APPEND_DATA
:
415 smb_open_mode
= DOS_OPEN_RDWR
;
420 * NB. For DELETE_ACCESS we should really check the
421 * directory permissions, as that is what controls
422 * delete, and for WRITE_DAC_ACCESS we should really
423 * check the ownership, as that is what controls the
424 * chmod. Note that this is *NOT* a security hole (this
425 * note is for you, Andrew) as we are not *allowing*
426 * the access at this point, the actual unlink or
427 * chown or chmod call would do this. We are just helping
428 * clients out by telling them if they have a hope
429 * of any of this succeeding. POSIX acls may still
430 * deny the real call. JRA.
433 if (smb_open_mode
== -1) {
435 if(desired_access
== WRITE_DAC_ACCESS
|| desired_access
== READ_CONTROL_ACCESS
)
436 *pstat_open_only
= True
;
438 if(desired_access
& (DELETE_ACCESS
|WRITE_DAC_ACCESS
|WRITE_OWNER_ACCESS
|
439 FILE_EXECUTE
|FILE_READ_ATTRIBUTES
|
440 FILE_READ_EA
|FILE_WRITE_EA
|SYSTEM_SECURITY_ACCESS
|
441 FILE_WRITE_ATTRIBUTES
|READ_CONTROL_ACCESS
)) {
442 smb_open_mode
= DOS_OPEN_RDONLY
;
443 } else if(desired_access
== 0) {
446 * JRA - NT seems to sometimes send desired_access as zero. play it safe
447 * and map to a stat open.
450 *pstat_open_only
= True
;
451 smb_open_mode
= DOS_OPEN_RDONLY
;
454 DEBUG(0,("map_share_mode: Incorrect value %lx for desired_access to file %s\n",
455 (unsigned long)desired_access
, fname
));
461 * Set the special bit that means allow share delete.
462 * This is held outside the normal share mode bits at 1<<15.
466 if(share_access
& FILE_SHARE_DELETE
)
467 smb_open_mode
|= ALLOW_SHARE_DELETE
;
469 /* Add in the requested share mode. */
470 switch( share_access
& (FILE_SHARE_READ
|FILE_SHARE_WRITE
)) {
471 case FILE_SHARE_READ
:
472 smb_open_mode
|= SET_DENY_MODE(DENY_WRITE
);
474 case FILE_SHARE_WRITE
:
475 smb_open_mode
|= SET_DENY_MODE(DENY_READ
);
477 case (FILE_SHARE_READ
|FILE_SHARE_WRITE
):
478 smb_open_mode
|= SET_DENY_MODE(DENY_NONE
);
480 case FILE_SHARE_NONE
:
481 smb_open_mode
|= SET_DENY_MODE(DENY_ALL
);
486 * Handle an O_SYNC request.
489 if(file_attributes
& FILE_FLAG_WRITE_THROUGH
)
490 smb_open_mode
|= FILE_SYNC_OPENMODE
;
492 DEBUG(10,("map_share_mode: Mapped desired access %lx, share access %lx, file attributes %lx \
493 to open_mode %x\n", (unsigned long)desired_access
, (unsigned long)share_access
,
494 (unsigned long)file_attributes
, smb_open_mode
));
496 return smb_open_mode
;
501 * This is a *disgusting* hack.
502 * This is *so* bad that even I'm embarrassed (and I
503 * have no shame). Here's the deal :
504 * Until we get the correct SPOOLSS code into smbd
505 * then when we're running with NT SMB support then
506 * NT makes this call with a level of zero, and then
507 * immediately follows it with an open request to
508 * the \\SRVSVC pipe. If we allow that open to
509 * succeed then NT barfs when it cannot open the
510 * \\SPOOLSS pipe immediately after and continually
511 * whines saying "Printer name is invalid" forever
512 * after. If we cause *JUST THIS NEXT OPEN* of \\SRVSVC
513 * to fail, then NT downgrades to using the downlevel code
514 * and everything works as well as before. I hate
515 * myself for adding this code.... JRA.
517 * The HACK_FAIL_TIME define allows only a 2
518 * second window for this to occur, just in
522 static BOOL fail_next_srvsvc
= False
;
523 static time_t fail_time
;
524 #define HACK_FAIL_TIME 2 /* In seconds. */
526 void fail_next_srvsvc_open(void)
528 /* Check client is WinNT proper; Win2K doesn't like Jeremy's hack - matty */
529 if (get_remote_arch() != RA_WINNT
)
532 fail_next_srvsvc
= True
;
533 fail_time
= time(NULL
);
534 DEBUG(10,("fail_next_srvsvc_open: setting up timeout close of \\srvsvc pipe for print fix.\n"));
538 * HACK alert.... see above - JRA.
541 BOOL
should_fail_next_srvsvc_open(const char *pipename
)
544 DEBUG(10,("should_fail_next_srvsvc_open: fail = %d, pipe = %s\n",
545 (int)fail_next_srvsvc
, pipename
));
547 if(fail_next_srvsvc
&& (time(NULL
) > fail_time
+ HACK_FAIL_TIME
)) {
548 fail_next_srvsvc
= False
;
549 fail_time
= (time_t)0;
550 DEBUG(10,("should_fail_next_srvsvc_open: End of timeout close of \\srvsvc pipe for print fix.\n"));
553 if(fail_next_srvsvc
&& strequal(pipename
, "srvsvc")) {
554 fail_next_srvsvc
= False
;
555 DEBUG(10,("should_fail_next_srvsvc_open: Deliberately failing open of \\srvsvc pipe for print fix.\n"));
562 /****************************************************************************
563 Reply to an NT create and X call on a pipe.
564 ****************************************************************************/
565 static int nt_open_pipe(char *fname
, connection_struct
*conn
,
566 char *inbuf
, char *outbuf
, int *ppnum
)
568 pipes_struct
*p
= NULL
;
570 uint16 vuid
= SVAL(inbuf
, smb_uid
);
573 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname
));
575 /* See if it is one we want to handle. */
576 for( i
= 0; known_nt_pipes
[i
]; i
++ )
577 if( strequal(fname
,known_nt_pipes
[i
]))
580 if ( known_nt_pipes
[i
] == NULL
)
581 return(ERROR(ERRSRV
,ERRaccess
));
583 /* Strip \\ off the name. */
587 if(should_fail_next_srvsvc_open(fname
))
588 return (ERROR(ERRSRV
,ERRaccess
));
591 DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname
));
593 p
= open_rpc_pipe_p(fname
, conn
, vuid
);
595 return(ERROR(ERRSRV
,ERRnofids
));
602 /****************************************************************************
603 Reply to an NT create and X call for pipes.
604 ****************************************************************************/
606 static int do_ntcreate_pipe_open(connection_struct
*conn
,
607 char *inbuf
,char *outbuf
,int length
,int bufsize
)
613 uint32 fname_len
= MIN(((uint32
)SVAL(inbuf
,smb_ntcreate_NameLength
)),
614 ((uint32
)sizeof(fname
)-1));
616 get_filename(fname
, inbuf
, smb_buf(inbuf
)-inbuf
,
617 smb_buflen(inbuf
),fname_len
);
618 if ((ret
= nt_open_pipe(fname
, conn
, inbuf
, outbuf
, &pnum
)) != 0)
622 * Deal with pipe return.
625 set_message(outbuf
,34,0,True
);
627 p
= outbuf
+ smb_vwv2
;
631 SIVAL(p
,0,FILE_WAS_OPENED
);
634 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
637 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
639 SSVAL(p
,2, 0x5FF); /* ? */
641 DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname
));
643 return chain_reply(inbuf
,outbuf
,length
,bufsize
);
646 /****************************************************************************
647 Reply to an NT create and X call.
648 ****************************************************************************/
650 int reply_ntcreate_and_X(connection_struct
*conn
,
651 char *inbuf
,char *outbuf
,int length
,int bufsize
)
654 uint32 flags
= IVAL(inbuf
,smb_ntcreate_Flags
);
655 uint32 desired_access
= IVAL(inbuf
,smb_ntcreate_DesiredAccess
);
656 uint32 file_attributes
= IVAL(inbuf
,smb_ntcreate_FileAttributes
);
657 uint32 share_access
= IVAL(inbuf
,smb_ntcreate_ShareAccess
);
658 uint32 create_disposition
= IVAL(inbuf
,smb_ntcreate_CreateDisposition
);
659 uint32 create_options
= IVAL(inbuf
,smb_ntcreate_CreateOptions
);
660 uint32 fname_len
= MIN(((uint32
)SVAL(inbuf
,smb_ntcreate_NameLength
)),
661 ((uint32
)sizeof(fname
)-1));
662 uint16 root_dir_fid
= (uint16
)IVAL(inbuf
,smb_ntcreate_RootDirectoryFid
);
665 int smb_attr
= (file_attributes
& SAMBA_ATTRIBUTES_MASK
);
666 /* Breakout the oplock request bits so we can set the
667 reply bits separately. */
668 int oplock_request
= 0;
671 SMB_OFF_T file_len
= 0;
672 SMB_STRUCT_STAT sbuf
;
674 BOOL bad_path
= False
;
675 files_struct
*fsp
=NULL
;
677 BOOL stat_open_only
= False
;
679 /* If it's an IPC, use the pipe handler. */
682 if (lp_nt_pipe_support())
683 return do_ntcreate_pipe_open(conn
,inbuf
,outbuf
,length
,bufsize
);
685 return(ERROR(ERRDOS
,ERRbadaccess
));
690 * We need to construct the open_and_X ofun value from the
691 * NT values, as that's what our code is structured to accept.
694 if((smb_ofun
= map_create_disposition( create_disposition
)) == -1)
695 return(ERROR(ERRDOS
,ERRbadaccess
));
701 if(root_dir_fid
!= 0) {
703 * This filename is relative to a directory fid.
705 files_struct
*dir_fsp
= file_fsp(inbuf
,smb_ntcreate_RootDirectoryFid
);
709 return(ERROR(ERRDOS
,ERRbadfid
));
711 if(!dir_fsp
->is_directory
) {
713 * Check to see if this is a mac fork of some kind.
716 get_filename(&fname
[0], inbuf
, smb_buf(inbuf
)-inbuf
,
717 smb_buflen(inbuf
),fname_len
);
719 if( fname
[0] == ':') {
720 SSVAL(outbuf
, smb_flg2
, FLAGS2_32_BIT_ERROR_CODES
);
721 return(ERROR(0, NT_STATUS_OBJECT_PATH_NOT_FOUND
));
723 return(ERROR(ERRDOS
,ERRbadfid
));
727 * Copy in the base directory name.
730 pstrcpy( fname
, dir_fsp
->fsp_name
);
731 dir_name_len
= strlen(fname
);
734 * Ensure it ends in a '\'.
737 if(fname
[dir_name_len
-1] != '\\' && fname
[dir_name_len
-1] != '/') {
738 pstrcat(fname
, "\\");
743 * This next calculation can refuse a correct filename if we're dealing
744 * with the Win2k unicode bug, but that would be rare. JRA.
747 if(fname_len
+ dir_name_len
>= sizeof(pstring
))
748 return(ERROR(ERRSRV
,ERRfilespecs
));
750 get_filename(&fname
[dir_name_len
], inbuf
, smb_buf(inbuf
)-inbuf
,
751 smb_buflen(inbuf
),fname_len
);
755 get_filename(fname
, inbuf
, smb_buf(inbuf
)-inbuf
,
756 smb_buflen(inbuf
),fname_len
);
760 * Now contruct the smb_open_mode value from the filename,
761 * desired access and the share access.
763 RESOLVE_DFSPATH(fname
, conn
, inbuf
, outbuf
);
765 if((smb_open_mode
= map_share_mode(&stat_open_only
, fname
, desired_access
,
767 file_attributes
)) == -1)
768 return(ERROR(ERRDOS
,ERRbadaccess
));
770 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
771 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
) ? BATCH_OPLOCK
: 0;
774 * Ordinary file or directory.
778 * Check if POSIX semantics are wanted.
781 set_posix_case_semantics(file_attributes
);
783 unix_convert(fname
,conn
,0,&bad_path
,NULL
);
785 unixmode
= unix_mode(conn
,smb_attr
| aARCH
, fname
);
788 * If it's a request for a directory open, deal with it separately.
791 if(create_options
& FILE_DIRECTORY_FILE
) {
794 fsp
= open_directory(conn
, fname
, smb_ofun
, unixmode
, &smb_action
);
796 restore_case_semantics(file_attributes
);
799 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
803 * Ordinary file case.
806 /* NB. We have a potential bug here. If we
807 * cause an oplock break to ourselves, then we
808 * could end up processing filename related
809 * SMB requests whilst we await the oplock
810 * break response. As we may have changed the
811 * filename case semantics to be POSIX-like,
812 * this could mean a filename request could
813 * fail when it should succeed. This is a rare
814 * condition, but eventually we must arrange
815 * to restore the correct case semantics
816 * before issuing an oplock break request to
817 * our client. JRA. */
819 fsp
= open_file_shared(conn
,fname
,smb_open_mode
,
820 smb_ofun
,unixmode
, oplock_request
,&rmode
,&smb_action
);
823 /* We cheat here. There are two cases we
824 * care about. One is a directory rename,
825 * where the NT client will attempt to
826 * open the source directory for
827 * DELETE access. Note that when the
828 * NT client does this it does *not*
829 * set the directory bit in the
830 * request packet. This is translated
831 * into a read/write open
832 * request. POSIX states that any open
833 * for write request on a directory
834 * will generate an EISDIR error, so
835 * we can catch this here and open a
836 * pseudo handle that is flagged as a
837 * directory. The second is an open
838 * for a permissions read only, which
839 * we handle in the open_file_stat case. JRA.
842 if(errno
== EISDIR
) {
845 * Fail the open if it was explicitly a non-directory file.
848 if (create_options
& FILE_NON_DIRECTORY_FILE
) {
849 restore_case_semantics(file_attributes
);
850 SSVAL(outbuf
, smb_flg2
, FLAGS2_32_BIT_ERROR_CODES
);
851 return(ERROR(0, NT_STATUS_FILE_IS_A_DIRECTORY
));
855 fsp
= open_directory(conn
, fname
, smb_ofun
, unixmode
, &smb_action
);
858 restore_case_semantics(file_attributes
);
859 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
862 } else if (((errno
== EACCES
) || (errno
== EROFS
)) && stat_open_only
) {
864 } else if (errno
== EACCES
&& stat_open_only
) {
867 * We couldn't open normally and all we want
868 * are the permissions. Try and do a stat open.
873 fsp
= open_file_stat(conn
,fname
,smb_open_mode
,&sbuf
,&smb_action
);
876 restore_case_semantics(file_attributes
);
877 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
882 if((errno
== ENOENT
) && bad_path
) {
883 unix_ERR_class
= ERRDOS
;
884 unix_ERR_code
= ERRbadpath
;
887 restore_case_semantics(file_attributes
);
889 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
894 if(fsp
->is_directory
) {
895 if(conn
->vfs_ops
.stat(conn
,dos_to_unix(fsp
->fsp_name
, False
), &sbuf
) != 0) {
896 close_file(fsp
,True
);
897 restore_case_semantics(file_attributes
);
898 return(ERROR(ERRDOS
,ERRnoaccess
));
901 if (conn
->vfs_ops
.fstat(fsp
,fsp
->fd
,&sbuf
) != 0) {
902 close_file(fsp
,False
);
903 restore_case_semantics(file_attributes
);
904 return(ERROR(ERRDOS
,ERRnoaccess
));
908 restore_case_semantics(file_attributes
);
910 file_len
= sbuf
.st_size
;
911 fmode
= dos_mode(conn
,fname
,&sbuf
);
913 fmode
= FILE_ATTRIBUTE_NORMAL
;
914 if (!fsp
->is_directory
&& (fmode
& aDIR
)) {
915 close_file(fsp
,False
);
916 return(ERROR(ERRDOS
,ERRnoaccess
));
920 * If the caller set the extended oplock request bit
921 * and we granted one (by whatever means) - set the
922 * correct bit for extended oplock reply.
925 if (oplock_request
&& lp_fake_oplocks(SNUM(conn
)))
926 smb_action
|= EXTENDED_OPLOCK_GRANTED
;
928 if(oplock_request
&& EXCLUSIVE_OPLOCK_TYPE(fsp
->oplock_type
))
929 smb_action
|= EXTENDED_OPLOCK_GRANTED
;
931 set_message(outbuf
,34,0,True
);
933 p
= outbuf
+ smb_vwv2
;
936 * Currently as we don't support level II oplocks we just report
937 * exclusive & batch here.
940 if (smb_action
& EXTENDED_OPLOCK_GRANTED
)
941 SCVAL(p
,0, BATCH_OPLOCK_RETURN
);
942 else if (LEVEL_II_OPLOCK_TYPE(fsp
->oplock_type
))
943 SCVAL(p
,0, LEVEL_II_OPLOCK_RETURN
);
945 SCVAL(p
,0,NO_OPLOCK_RETURN
);
948 SSVAL(p
,0,fsp
->fnum
);
950 SIVAL(p
,0,smb_action
);
954 put_long_date(p
,get_create_time(&sbuf
,lp_fake_dir_create_times(SNUM(conn
))));
956 put_long_date(p
,sbuf
.st_atime
); /* access time */
958 put_long_date(p
,sbuf
.st_mtime
); /* write time */
960 put_long_date(p
,sbuf
.st_mtime
); /* change time */
962 SIVAL(p
,0,fmode
); /* File Attributes. */
964 SOFF_T(p
, 0, file_len
);
966 SOFF_T(p
,0,file_len
);
968 SCVAL(p
,0,fsp
->is_directory
? 1 : 0);
970 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp
->fnum
, fsp
->fsp_name
));
972 return chain_reply(inbuf
,outbuf
,length
,bufsize
);
975 /****************************************************************************
976 Reply to a NT_TRANSACT_CREATE call to open a pipe.
977 ****************************************************************************/
979 static int do_nt_transact_create_pipe( connection_struct
*conn
,
980 char *inbuf
, char *outbuf
, int length
,
981 int bufsize
, char **ppsetup
, char **ppparams
,
986 int total_parameter_count
= (int)IVAL(inbuf
, smb_nt_TotalParameterCount
);
987 char *params
= *ppparams
;
993 * Ensure minimum number of parameters sent.
996 if(total_parameter_count
< 54) {
997 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)total_parameter_count
));
998 return(ERROR(ERRDOS
,ERRbadaccess
));
1001 fname_len
= MIN(((uint32
)IVAL(params
,44)),((uint32
)sizeof(fname
)-1));
1003 get_filename_transact(&fname
[0], params
, 53,
1004 total_parameter_count
- 53 - fname_len
, fname_len
);
1006 if ((ret
= nt_open_pipe(fname
, conn
, inbuf
, outbuf
, &pnum
)) != 0)
1009 /* Realloc the size of parameters and data we will return */
1010 params
= *ppparams
= Realloc(*ppparams
, 69);
1012 return(ERROR(ERRDOS
,ERRnomem
));
1014 memset((char *)params
,'\0',69);
1017 SCVAL(p
,0,NO_OPLOCK_RETURN
);
1022 SIVAL(p
,0,FILE_WAS_OPENED
);
1026 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
1029 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
1031 SSVAL(p
,2, 0x5FF); /* ? */
1033 DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname
));
1035 /* Send the required number of replies */
1036 send_nt_replies(inbuf
, outbuf
, bufsize
, 0, params
, 69, *ppdata
, 0);
1041 /****************************************************************************
1042 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
1043 ****************************************************************************/
1045 static int call_nt_transact_create(connection_struct
*conn
,
1046 char *inbuf
, char *outbuf
, int length
,
1047 int bufsize
, char **ppsetup
, char **ppparams
,
1051 char *params
= *ppparams
;
1052 int total_parameter_count
= (int)IVAL(inbuf
, smb_nt_TotalParameterCount
);
1053 /* Breakout the oplock request bits so we can set the
1054 reply bits separately. */
1055 int oplock_request
= 0;
1057 int fmode
=0,rmode
=0;
1058 SMB_OFF_T file_len
= 0;
1059 SMB_STRUCT_STAT sbuf
;
1061 BOOL bad_path
= False
;
1062 files_struct
*fsp
= NULL
;
1064 BOOL stat_open_only
= False
;
1066 uint32 desired_access
;
1067 uint32 file_attributes
;
1068 uint32 share_access
;
1069 uint32 create_disposition
;
1070 uint32 create_options
;
1072 uint16 root_dir_fid
;
1077 DEBUG(5,("call_nt_transact_create\n"));
1080 * If it's an IPC, use the pipe handler.
1084 if (lp_nt_pipe_support())
1085 return do_nt_transact_create_pipe(conn
, inbuf
, outbuf
, length
,
1086 bufsize
, ppsetup
, ppparams
, ppdata
);
1088 return(ERROR(ERRDOS
,ERRbadaccess
));
1092 * Ensure minimum number of parameters sent.
1095 if(total_parameter_count
< 54) {
1096 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)total_parameter_count
));
1097 return(ERROR(ERRDOS
,ERRbadaccess
));
1100 flags
= IVAL(params
,0);
1101 desired_access
= IVAL(params
,8);
1102 file_attributes
= IVAL(params
,20);
1103 share_access
= IVAL(params
,24);
1104 create_disposition
= IVAL(params
,28);
1105 create_options
= IVAL(params
,32);
1106 fname_len
= MIN(((uint32
)IVAL(params
,44)),((uint32
)sizeof(fname
)-1));
1107 root_dir_fid
= (uint16
)IVAL(params
,4);
1108 smb_attr
= (file_attributes
& SAMBA_ATTRIBUTES_MASK
);
1111 * We need to construct the open_and_X ofun value from the
1112 * NT values, as that's what our code is structured to accept.
1115 if((smb_ofun
= map_create_disposition( create_disposition
)) == -1)
1116 return(ERROR(ERRDOS
,ERRbadmem
));
1119 * Get the file name.
1122 if(root_dir_fid
!= 0) {
1124 * This filename is relative to a directory fid.
1127 files_struct
*dir_fsp
= file_fsp(params
,4);
1128 size_t dir_name_len
;
1131 return(ERROR(ERRDOS
,ERRbadfid
));
1133 if(!dir_fsp
->is_directory
) {
1135 * Check to see if this is a mac fork of some kind.
1138 get_filename_transact(&fname
[0], params
, 53,
1139 total_parameter_count
- 53 - fname_len
, fname_len
);
1141 if( fname
[0] == ':') {
1142 SSVAL(outbuf
, smb_flg2
, FLAGS2_32_BIT_ERROR_CODES
);
1143 return(ERROR(0, NT_STATUS_OBJECT_PATH_NOT_FOUND
));
1146 return(ERROR(ERRDOS
,ERRbadfid
));
1150 * Copy in the base directory name.
1153 pstrcpy( fname
, dir_fsp
->fsp_name
);
1154 dir_name_len
= strlen(fname
);
1157 * Ensure it ends in a '\'.
1160 if((fname
[dir_name_len
-1] != '\\') && (fname
[dir_name_len
-1] != '/')) {
1161 pstrcat(fname
, "\\");
1166 * This next calculation can refuse a correct filename if we're dealing
1167 * with the Win2k unicode bug, but that would be rare. JRA.
1170 if(fname_len
+ dir_name_len
>= sizeof(pstring
))
1171 return(ERROR(ERRSRV
,ERRfilespecs
));
1173 get_filename_transact(&fname
[dir_name_len
], params
, 53,
1174 total_parameter_count
- 53 - fname_len
, fname_len
);
1177 get_filename_transact(&fname
[0], params
, 53,
1178 total_parameter_count
- 53 - fname_len
, fname_len
);
1182 * Now contruct the smb_open_mode value from the desired access
1183 * and the share access.
1186 if((smb_open_mode
= map_share_mode( &stat_open_only
, fname
, desired_access
,
1187 share_access
, file_attributes
)) == -1)
1188 return(ERROR(ERRDOS
,ERRbadaccess
));
1190 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
1191 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
) ? BATCH_OPLOCK
: 0;
1194 * Check if POSIX semantics are wanted.
1197 set_posix_case_semantics(file_attributes
);
1199 RESOLVE_DFSPATH(fname
, conn
, inbuf
, outbuf
);
1201 unix_convert(fname
,conn
,0,&bad_path
,NULL
);
1203 unixmode
= unix_mode(conn
,smb_attr
| aARCH
, fname
);
1206 * If it's a request for a directory open, deal with it separately.
1209 if(create_options
& FILE_DIRECTORY_FILE
) {
1214 * We will get a create directory here if the Win32
1215 * app specified a security descriptor in the
1216 * CreateDirectory() call.
1219 fsp
= open_directory(conn
, fname
, smb_ofun
, unixmode
, &smb_action
);
1222 restore_case_semantics(file_attributes
);
1223 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1226 if(conn
->vfs_ops
.stat(conn
,dos_to_unix(fsp
->fsp_name
, False
),
1228 close_file(fsp
,True
);
1229 restore_case_semantics(file_attributes
);
1230 return(ERROR(ERRDOS
,ERRnoaccess
));
1236 * Ordinary file case.
1239 fsp
= open_file_shared(conn
,fname
,smb_open_mode
,smb_ofun
,unixmode
,
1240 oplock_request
,&rmode
,&smb_action
);
1244 if(errno
== EISDIR
) {
1247 * Fail the open if it was explicitly a non-directory file.
1250 if (create_options
& FILE_NON_DIRECTORY_FILE
) {
1251 restore_case_semantics(file_attributes
);
1252 SSVAL(outbuf
, smb_flg2
, FLAGS2_32_BIT_ERROR_CODES
);
1253 return(ERROR(0, NT_STATUS_FILE_IS_A_DIRECTORY
));
1257 fsp
= open_directory(conn
, fname
, smb_ofun
, unixmode
, &smb_action
);
1260 restore_case_semantics(file_attributes
);
1261 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1264 } else if (((errno
== EACCES
) || (errno
== EROFS
)) && stat_open_only
) {
1266 } else if (errno
== EACCES
&& stat_open_only
) {
1270 * We couldn't open normally and all we want
1271 * are the permissions. Try and do a stat open.
1276 fsp
= open_file_stat(conn
,fname
,smb_open_mode
,&sbuf
,&smb_action
);
1279 restore_case_semantics(file_attributes
);
1280 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1284 if((errno
== ENOENT
) && bad_path
) {
1285 unix_ERR_class
= ERRDOS
;
1286 unix_ERR_code
= ERRbadpath
;
1289 restore_case_semantics(file_attributes
);
1291 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1295 if(fsp
->is_directory
) {
1296 if(conn
->vfs_ops
.stat(conn
,dos_to_unix(fsp
->fsp_name
,False
), &sbuf
) != 0) {
1297 close_file(fsp
,True
);
1298 restore_case_semantics(file_attributes
);
1299 return(ERROR(ERRDOS
,ERRnoaccess
));
1302 if (!fsp
->stat_open
&& conn
->vfs_ops
.fstat(fsp
,fsp
->fd
,&sbuf
) != 0) {
1303 close_file(fsp
,False
);
1304 restore_case_semantics(file_attributes
);
1305 return(ERROR(ERRDOS
,ERRnoaccess
));
1309 file_len
= sbuf
.st_size
;
1310 fmode
= dos_mode(conn
,fname
,&sbuf
);
1312 fmode
= FILE_ATTRIBUTE_NORMAL
;
1315 close_file(fsp
,False
);
1316 restore_case_semantics(file_attributes
);
1317 return(ERROR(ERRDOS
,ERRnoaccess
));
1321 * If the caller set the extended oplock request bit
1322 * and we granted one (by whatever means) - set the
1323 * correct bit for extended oplock reply.
1326 if (oplock_request
&& lp_fake_oplocks(SNUM(conn
)))
1327 smb_action
|= EXTENDED_OPLOCK_GRANTED
;
1329 if(oplock_request
&& EXCLUSIVE_OPLOCK_TYPE(fsp
->oplock_type
))
1330 smb_action
|= EXTENDED_OPLOCK_GRANTED
;
1333 restore_case_semantics(file_attributes
);
1335 /* Realloc the size of parameters and data we will return */
1336 params
= *ppparams
= Realloc(*ppparams
, 69);
1338 return(ERROR(ERRDOS
,ERRnomem
));
1340 memset((char *)params
,'\0',69);
1343 if (smb_action
& EXTENDED_OPLOCK_GRANTED
)
1344 SCVAL(p
,0, BATCH_OPLOCK_RETURN
);
1345 else if (LEVEL_II_OPLOCK_TYPE(fsp
->oplock_type
))
1346 SCVAL(p
,0, LEVEL_II_OPLOCK_RETURN
);
1348 SCVAL(p
,0,NO_OPLOCK_RETURN
);
1351 SSVAL(p
,0,fsp
->fnum
);
1353 SIVAL(p
,0,smb_action
);
1357 put_long_date(p
,get_create_time(&sbuf
,lp_fake_dir_create_times(SNUM(conn
))));
1359 put_long_date(p
,sbuf
.st_atime
); /* access time */
1361 put_long_date(p
,sbuf
.st_mtime
); /* write time */
1363 put_long_date(p
,sbuf
.st_mtime
); /* change time */
1365 SIVAL(p
,0,fmode
); /* File Attributes. */
1367 SOFF_T(p
,0,file_len
);
1369 SOFF_T(p
,0,file_len
);
1371 DEBUG(5,("call_nt_transact_create: open name = %s\n", fname
));
1373 /* Send the required number of replies */
1374 send_nt_replies(inbuf
, outbuf
, bufsize
, 0, params
, 69, *ppdata
, 0);
1379 /****************************************************************************
1380 Reply to a NT CANCEL request.
1381 ****************************************************************************/
1382 int reply_ntcancel(connection_struct
*conn
,
1383 char *inbuf
,char *outbuf
,int length
,int bufsize
)
1386 * Go through and cancel any pending change notifies.
1389 int mid
= SVAL(inbuf
,smb_mid
);
1390 remove_pending_change_notify_requests_by_mid(mid
);
1391 remove_pending_lock_requests_by_mid(mid
);
1393 DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", mid
));
1398 /****************************************************************************
1399 Reply to an unsolicited SMBNTtranss - just ignore it!
1400 ****************************************************************************/
1401 int reply_nttranss(connection_struct
*conn
,
1402 char *inbuf
,char *outbuf
,int length
,int bufsize
)
1404 DEBUG(4,("Ignoring nttranss of length %d\n",length
));
1408 /****************************************************************************
1409 Reply to a notify change - queue the request and
1410 don't allow a directory to be opened.
1411 ****************************************************************************/
1412 static int call_nt_transact_notify_change(connection_struct
*conn
,
1413 char *inbuf
, char *outbuf
, int length
,
1416 char **ppparams
, char **ppdata
)
1418 char *setup
= *ppsetup
;
1422 fsp
= file_fsp(setup
,4);
1423 flags
= IVAL(setup
, 0);
1425 DEBUG(3,("call_nt_transact_notify_change\n"));
1428 return(ERROR(ERRDOS
,ERRbadfid
));
1430 if((!fsp
->is_directory
) || (conn
!= fsp
->conn
))
1431 return(ERROR(ERRDOS
,ERRbadfid
));
1433 if (!change_notify_set(inbuf
, fsp
, conn
, flags
)) {
1434 return(UNIXERROR(ERRDOS
,ERRbadfid
));
1437 DEBUG(3,("call_nt_transact_notify_change: notify change called on directory \
1438 name = %s\n", fsp
->fsp_name
));
1443 /****************************************************************************
1444 Reply to an NT transact rename command.
1445 ****************************************************************************/
1447 static int call_nt_transact_rename(connection_struct
*conn
,
1448 char *inbuf
, char *outbuf
, int length
,
1450 char **ppsetup
, char **ppparams
, char **ppdata
)
1452 char *params
= *ppparams
;
1454 files_struct
*fsp
= file_fsp(params
, 0);
1455 BOOL replace_if_exists
= (SVAL(params
,2) & RENAME_REPLACE_IF_EXISTS
) ? True
: False
;
1456 uint32 fname_len
= MIN((((uint32
)IVAL(inbuf
,smb_nt_TotalParameterCount
)-4)),
1457 ((uint32
)sizeof(new_name
)-1));
1460 CHECK_FSP(fsp
, conn
);
1461 StrnCpy(new_name
,params
+4,fname_len
);
1462 new_name
[fname_len
] = '\0';
1464 outsize
= rename_internals(conn
, inbuf
, outbuf
, fsp
->fsp_name
,
1465 new_name
, replace_if_exists
);
1468 * Rename was successful.
1470 send_nt_replies(inbuf
, outbuf
, bufsize
, 0, NULL
, 0, NULL
, 0);
1472 DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
1473 fsp
->fsp_name
, new_name
));
1478 * Win2k needs a changenotify request response before it will
1479 * update after a rename..
1482 process_pending_change_notify_queue((time_t)0);
1489 /****************************************************************************
1490 Reply to query a security descriptor - currently this is not implemented (it
1491 is planned to be though). Right now it just returns the same thing NT would
1492 when queried on a FAT filesystem. JRA.
1493 ****************************************************************************/
1495 static int call_nt_transact_query_security_desc(connection_struct
*conn
,
1496 char *inbuf
, char *outbuf
,
1497 int length
, int bufsize
,
1498 char **ppsetup
, char **ppparams
, char **ppdata
)
1500 uint32 max_data_count
= IVAL(inbuf
,smb_nt_MaxDataCount
);
1501 char *params
= *ppparams
;
1502 char *data
= *ppdata
;
1504 SEC_DESC
*psd
= NULL
;
1506 TALLOC_CTX
*mem_ctx
;
1508 files_struct
*fsp
= file_fsp(params
,0);
1511 return(ERROR(ERRDOS
,ERRbadfid
));
1513 DEBUG(3,("call_nt_transact_query_security_desc: file = %s\n", fsp
->fsp_name
));
1515 params
= *ppparams
= Realloc(*ppparams
, 4);
1517 return(ERROR(ERRDOS
,ERRnomem
));
1520 * Get the permissions to return.
1523 if((sd_size
= get_nt_acl(fsp
, &psd
)) == 0)
1524 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1526 DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %d.\n",(int)sd_size
));
1528 SIVAL(params
,0,(uint32
)sd_size
);
1530 if(max_data_count
< sd_size
) {
1532 free_sec_desc(&psd
);
1534 send_nt_replies(inbuf
, outbuf
, bufsize
, NT_STATUS_BUFFER_TOO_SMALL
,
1535 params
, 4, *ppdata
, 0);
1540 * Allocate the data we will point this at.
1543 data
= *ppdata
= Realloc(*ppdata
, sd_size
);
1545 free_sec_desc(&psd
);
1546 return(ERROR(ERRDOS
,ERRnomem
));
1549 memset(data
, '\0', sd_size
);
1552 * Init the parse struct we will marshall into.
1555 if ((mem_ctx
= talloc_init()) == NULL
) {
1556 DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
1557 free_sec_desc(&psd
);
1558 return(ERROR(ERRDOS
,ERRnomem
));
1561 prs_init(&pd
, 0, 4, mem_ctx
, MARSHALL
);
1564 * Setup the prs_struct to point at the memory we just
1568 prs_give_memory( &pd
, data
, (uint32
)sd_size
, False
);
1571 * Finally, linearize into the outgoing buffer.
1574 if(!sec_io_desc( "sd data", &psd
, &pd
, 1)) {
1575 free_sec_desc(&psd
);
1576 DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \
1577 security descriptor.\n"));
1579 * Return access denied for want of a better error message..
1581 talloc_destroy(mem_ctx
);
1582 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1586 * Now we can delete the security descriptor.
1589 free_sec_desc(&psd
);
1590 talloc_destroy(mem_ctx
);
1592 send_nt_replies(inbuf
, outbuf
, bufsize
, 0, params
, 4, data
, (int)sd_size
);
1596 /****************************************************************************
1597 Reply to set a security descriptor. Map to UNIX perms.
1598 ****************************************************************************/
1600 static int call_nt_transact_set_security_desc(connection_struct
*conn
,
1601 char *inbuf
, char *outbuf
, int length
,
1602 int bufsize
, char **ppsetup
,
1603 char **ppparams
, char **ppdata
)
1605 uint32 total_parameter_count
= IVAL(inbuf
, smb_nts_TotalParameterCount
);
1606 char *params
= *ppparams
;
1607 char *data
= *ppdata
;
1609 SEC_DESC
*psd
= NULL
;
1610 uint32 total_data_count
= (uint32
)IVAL(inbuf
, smb_nts_TotalDataCount
);
1611 files_struct
*fsp
= NULL
;
1612 uint32 security_info_sent
= 0;
1613 TALLOC_CTX
*mem_ctx
;
1616 if(!lp_nt_acl_support())
1617 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1619 if(total_parameter_count
< 8)
1620 return(ERROR(ERRDOS
,ERRbadfunc
));
1622 if((fsp
= file_fsp(params
,0)) == NULL
)
1623 return(ERROR(ERRDOS
,ERRbadfid
));
1625 security_info_sent
= IVAL(params
,4);
1627 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp
->fsp_name
,
1628 (unsigned int)security_info_sent
));
1631 * Init the parse struct we will unmarshall from.
1634 if ((mem_ctx
= talloc_init()) == NULL
) {
1635 DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
1636 return(ERROR(ERRDOS
,ERRnomem
));
1639 prs_init(&pd
, 0, 4, mem_ctx
, UNMARSHALL
);
1642 * Setup the prs_struct to point at the memory we just
1646 prs_give_memory( &pd
, data
, total_data_count
, False
);
1649 * Finally, unmarshall from the data buffer.
1652 if(!sec_io_desc( "sd data", &psd
, &pd
, 1)) {
1653 free_sec_desc(&psd
);
1654 DEBUG(0,("call_nt_transact_set_security_desc: Error in unmarshalling \
1655 security descriptor.\n"));
1657 * Return access denied for want of a better error message..
1659 talloc_destroy(mem_ctx
);
1660 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1663 ret
= set_nt_acl( fsp
, security_info_sent
, psd
);
1666 free_sec_desc(&psd
);
1667 talloc_destroy(mem_ctx
);
1668 return(UNIXERROR(ERRDOS
,ERRnoaccess
));
1671 free_sec_desc(&psd
);
1672 talloc_destroy(mem_ctx
);
1673 send_nt_replies(inbuf
, outbuf
, bufsize
, 0, NULL
, 0, NULL
, 0);
1677 /****************************************************************************
1678 Reply to IOCTL - not implemented - no plans.
1679 ****************************************************************************/
1680 static int call_nt_transact_ioctl(connection_struct
*conn
,
1681 char *inbuf
, char *outbuf
, int length
,
1683 char **ppsetup
, char **ppparams
, char **ppdata
)
1685 static BOOL logged_message
= False
;
1687 if(!logged_message
) {
1688 DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
1689 logged_message
= True
; /* Only print this once... */
1691 return(ERROR(ERRSRV
,ERRnosupport
));
1694 /****************************************************************************
1695 Reply to a SMBNTtrans.
1696 ****************************************************************************/
1697 int reply_nttrans(connection_struct
*conn
,
1698 char *inbuf
,char *outbuf
,int length
,int bufsize
)
1701 #if 0 /* Not used. */
1702 uint16 max_setup_count
= CVAL(inbuf
, smb_nt_MaxSetupCount
);
1703 uint32 max_parameter_count
= IVAL(inbuf
, smb_nt_MaxParameterCount
);
1704 uint32 max_data_count
= IVAL(inbuf
,smb_nt_MaxDataCount
);
1705 #endif /* Not used. */
1706 uint32 total_parameter_count
= IVAL(inbuf
, smb_nt_TotalParameterCount
);
1707 uint32 total_data_count
= IVAL(inbuf
, smb_nt_TotalDataCount
);
1708 uint32 parameter_count
= IVAL(inbuf
,smb_nt_ParameterCount
);
1709 uint32 parameter_offset
= IVAL(inbuf
,smb_nt_ParameterOffset
);
1710 uint32 data_count
= IVAL(inbuf
,smb_nt_DataCount
);
1711 uint32 data_offset
= IVAL(inbuf
,smb_nt_DataOffset
);
1712 uint16 setup_count
= 2*CVAL(inbuf
,smb_nt_SetupCount
); /* setup count is in *words* */
1713 uint16 function_code
= SVAL( inbuf
, smb_nt_Function
);
1714 char *params
= NULL
, *data
= NULL
, *setup
= NULL
;
1715 uint32 num_params_sofar
, num_data_sofar
;
1717 if(global_oplock_break
&& (function_code
== NT_TRANSACT_CREATE
)) {
1719 * Queue this open message as we are the process of an oplock break.
1722 DEBUG(2,("reply_nttrans: queueing message NT_TRANSACT_CREATE \
1723 due to being in oplock break state.\n" ));
1725 push_oplock_pending_smb_message( inbuf
, length
);
1729 if (IS_IPC(conn
) && (function_code
!= NT_TRANSACT_CREATE
))
1730 return (ERROR(ERRSRV
,ERRaccess
));
1732 outsize
= set_message(outbuf
,0,0,True
);
1735 * All nttrans messages we handle have smb_wct == 19 + setup_count.
1736 * Ensure this is so as a sanity check.
1739 if(CVAL(inbuf
, smb_wct
) != 19 + (setup_count
/2)) {
1740 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
1741 CVAL(inbuf
, smb_wct
), 19 + (setup_count
/2)));
1742 return(ERROR(ERRSRV
,ERRerror
));
1745 /* Allocate the space for the setup, the maximum needed parameters and data */
1748 setup
= (char *)malloc(setup_count
);
1749 if (total_parameter_count
> 0)
1750 params
= (char *)malloc(total_parameter_count
);
1751 if (total_data_count
> 0)
1752 data
= (char *)malloc(total_data_count
);
1754 if ((total_parameter_count
&& !params
) || (total_data_count
&& !data
) ||
1755 (setup_count
&& !setup
)) {
1756 DEBUG(0,("reply_nttrans : Out of memory\n"));
1757 return(ERROR(ERRDOS
,ERRnomem
));
1760 /* Copy the param and data bytes sent with this request into
1761 the params buffer */
1762 num_params_sofar
= parameter_count
;
1763 num_data_sofar
= data_count
;
1765 if (parameter_count
> total_parameter_count
|| data_count
> total_data_count
)
1766 exit_server("reply_nttrans: invalid sizes in packet.\n");
1769 memcpy( setup
, &inbuf
[smb_nt_SetupStart
], setup_count
);
1770 DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count
));
1771 dump_data(10, setup
, setup_count
);
1774 memcpy( params
, smb_base(inbuf
) + parameter_offset
, parameter_count
);
1775 DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count
));
1776 dump_data(10, params
, parameter_count
);
1779 memcpy( data
, smb_base(inbuf
) + data_offset
, data_count
);
1780 DEBUG(10,("reply_nttrans: data_count = %d\n",data_count
));
1781 dump_data(10, data
, data_count
);
1784 if(num_data_sofar
< total_data_count
|| num_params_sofar
< total_parameter_count
) {
1785 /* We need to send an interim response then receive the rest
1786 of the parameter/data bytes */
1787 outsize
= set_message(outbuf
,0,0,True
);
1788 send_smb(smbd_server_fd(),outbuf
);
1790 while( num_data_sofar
< total_data_count
|| num_params_sofar
< total_parameter_count
) {
1793 ret
= receive_next_smb(inbuf
,bufsize
,SMB_SECONDARY_WAIT
);
1795 if((ret
&& (CVAL(inbuf
, smb_com
) != SMBnttranss
)) || !ret
) {
1796 outsize
= set_message(outbuf
,0,0,True
);
1798 DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n"));
1800 DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
1801 (smb_read_error
== READ_ERROR
) ? "error" : "timeout" ));
1809 return(ERROR(ERRSRV
,ERRerror
));
1812 /* Revise total_params and total_data in case they have changed downwards */
1813 total_parameter_count
= IVAL(inbuf
, smb_nts_TotalParameterCount
);
1814 total_data_count
= IVAL(inbuf
, smb_nts_TotalDataCount
);
1815 num_params_sofar
+= (parameter_count
= IVAL(inbuf
,smb_nts_ParameterCount
));
1816 num_data_sofar
+= ( data_count
= IVAL(inbuf
, smb_nts_DataCount
));
1817 if (num_params_sofar
> total_parameter_count
|| num_data_sofar
> total_data_count
)
1818 exit_server("reply_nttrans2: data overflow in secondary nttrans packet\n");
1820 memcpy( ¶ms
[ IVAL(inbuf
, smb_nts_ParameterDisplacement
)],
1821 smb_base(inbuf
) + IVAL(inbuf
, smb_nts_ParameterOffset
), parameter_count
);
1822 memcpy( &data
[IVAL(inbuf
, smb_nts_DataDisplacement
)],
1823 smb_base(inbuf
)+ IVAL(inbuf
, smb_nts_DataOffset
), data_count
);
1827 if (Protocol
>= PROTOCOL_NT1
) {
1828 uint16 flg2
= SVAL(outbuf
,smb_flg2
);
1829 SSVAL(outbuf
,smb_flg2
,flg2
| 0x40); /* IS_LONG_NAME */
1832 /* Now we must call the relevant NT_TRANS function */
1833 switch(function_code
) {
1834 case NT_TRANSACT_CREATE
:
1835 outsize
= call_nt_transact_create(conn
, inbuf
, outbuf
, length
, bufsize
,
1836 &setup
, ¶ms
, &data
);
1838 case NT_TRANSACT_IOCTL
:
1839 outsize
= call_nt_transact_ioctl(conn
,
1840 inbuf
, outbuf
, length
, bufsize
,
1841 &setup
, ¶ms
, &data
);
1843 case NT_TRANSACT_SET_SECURITY_DESC
:
1844 outsize
= call_nt_transact_set_security_desc(conn
, inbuf
, outbuf
,
1846 &setup
, ¶ms
, &data
);
1848 case NT_TRANSACT_NOTIFY_CHANGE
:
1849 outsize
= call_nt_transact_notify_change(conn
, inbuf
, outbuf
,
1851 &setup
, ¶ms
, &data
);
1853 case NT_TRANSACT_RENAME
:
1854 outsize
= call_nt_transact_rename(conn
, inbuf
, outbuf
, length
,
1856 &setup
, ¶ms
, &data
);
1859 case NT_TRANSACT_QUERY_SECURITY_DESC
:
1860 outsize
= call_nt_transact_query_security_desc(conn
, inbuf
, outbuf
,
1862 &setup
, ¶ms
, &data
);
1865 /* Error in request */
1866 DEBUG(0,("reply_nttrans: Unknown request %d in nttrans call\n", function_code
));
1873 return (ERROR(ERRSRV
,ERRerror
));
1876 /* As we do not know how many data packets will need to be
1877 returned here the various call_nt_transact_xxxx calls
1878 must send their own. Thus a call_nt_transact_xxxx routine only
1879 returns a value other than -1 when it wants to send
1889 return outsize
; /* If a correct response was needed the call_nt_transact_xxxx
1890 calls have already sent it. If outsize != -1 then it is
1891 returning an error packet. */