search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Restructuring of vfs layer to include a "this" pointer - can be an fsp or
[Samba.git] / source / smbd / nttrans.c
blob86b85ea766e57a7a48652613b9210f573a4a6ebe
1 #define OLD_NTDOMAIN 1
2 /*
3 Unix SMB/Netbios implementation.
4 Version 1.9.
5 SMB NT transaction handling
6 Copyright (C) Jeremy Allison 1994-1998
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24
25 extern int DEBUGLEVEL;
26 extern int Protocol;
27 extern int smb_read_error;
28 extern int global_oplock_break;
29 extern BOOL case_sensitive;
30 extern BOOL case_preserve;
31 extern BOOL short_case_preserve;
32
33 static char *known_nt_pipes[] = {
34 "\\LANMAN",
35 "\\srvsvc",
36 "\\samr",
37 "\\wkssvc",
38 "\\NETLOGON",
39 "\\ntlsa",
40 "\\ntsvcs",
41 "\\lsass",
42 "\\lsarpc",
43 "\\winreg",
44 "\\spoolss",
45 #ifdef WITH_MSDFS
46 "\\netdfs",
47 #endif
48 NULL
49 };
50
51 /****************************************************************************
52 Send the required number of replies back.
53 We assume all fields other than the data fields are
54 set correctly for the type of call.
55 HACK ! Always assumes smb_setup field is zero.
56 ****************************************************************************/
57
58 static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, uint32 nt_error, char *params,
59 int paramsize, char *pdata, int datasize)
60 {
61 extern int max_send;
62 int data_to_send = datasize;
63 int params_to_send = paramsize;
64 int useable_space;
65 char *pp = params;
66 char *pd = pdata;
67 int params_sent_thistime, data_sent_thistime, total_sent_thistime;
68 int alignment_offset = 3;
69 int data_alignment_offset = 0;
70
71 /*
72 * Initially set the wcnt area to be 18 - this is true for all
73 * transNT replies.
74 */
75
76 set_message(outbuf,18,0,True);
77
78 if(nt_error != 0) {
79 /* NT Error. */
80 SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
81
82 ERROR(0,nt_error);
83 }
84
85 /*
86 * If there genuinely are no parameters or data to send just send
87 * the empty packet.
88 */
89
90 if(params_to_send == 0 && data_to_send == 0) {
91 send_smb(smbd_server_fd(),outbuf);
92 return 0;
93 }
94
95 /*
96 * When sending params and data ensure that both are nicely aligned.
97 * Only do this alignment when there is also data to send - else
98 * can cause NT redirector problems.
99 */
100
101 if (((params_to_send % 4) != 0) && (data_to_send != 0))
102 data_alignment_offset = 4 - (params_to_send % 4);
103
104 /*
105 * Space is bufsize minus Netbios over TCP header minus SMB header.
106 * The alignment_offset is to align the param bytes on a four byte
107 * boundary (2 bytes for data len, one byte pad).
108 * NT needs this to work correctly.
109 */
110
111 useable_space = bufsize - ((smb_buf(outbuf)+
112 alignment_offset+data_alignment_offset) -
113 outbuf);
114
115 /*
116 * useable_space can never be more than max_send minus the
117 * alignment offset.
118 */
119
120 useable_space = MIN(useable_space,
121 max_send - (alignment_offset+data_alignment_offset));
122
123
124 while (params_to_send || data_to_send) {
125
126 /*
127 * Calculate whether we will totally or partially fill this packet.
128 */
129
130 total_sent_thistime = params_to_send + data_to_send +
131 alignment_offset + data_alignment_offset;
132
133 /*
134 * We can never send more than useable_space.
135 */
136
137 total_sent_thistime = MIN(total_sent_thistime, useable_space);
138
139 set_message(outbuf, 18, total_sent_thistime, True);
140
141 /*
142 * Set total params and data to be sent.
143 */
144
145 SIVAL(outbuf,smb_ntr_TotalParameterCount,paramsize);
146 SIVAL(outbuf,smb_ntr_TotalDataCount,datasize);
147
148 /*
149 * Calculate how many parameters and data we can fit into
150 * this packet. Parameters get precedence.
151 */
152
153 params_sent_thistime = MIN(params_to_send,useable_space);
154 data_sent_thistime = useable_space - params_sent_thistime;
155 data_sent_thistime = MIN(data_sent_thistime,data_to_send);
156
157 SIVAL(outbuf,smb_ntr_ParameterCount,params_sent_thistime);
158
159 if(params_sent_thistime == 0) {
160 SIVAL(outbuf,smb_ntr_ParameterOffset,0);
161 SIVAL(outbuf,smb_ntr_ParameterDisplacement,0);
162 } else {
163 /*
164 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
165 * parameter bytes, however the first 4 bytes of outbuf are
166 * the Netbios over TCP header. Thus use smb_base() to subtract
167 * them from the calculation.
168 */
169
170 SIVAL(outbuf,smb_ntr_ParameterOffset,
171 ((smb_buf(outbuf)+alignment_offset) - smb_base(outbuf)));
172 /*
173 * Absolute displacement of param bytes sent in this packet.
174 */
175
176 SIVAL(outbuf,smb_ntr_ParameterDisplacement,pp - params);
177 }
178
179 /*
180 * Deal with the data portion.
181 */
182
183 SIVAL(outbuf,smb_ntr_DataCount, data_sent_thistime);
184
185 if(data_sent_thistime == 0) {
186 SIVAL(outbuf,smb_ntr_DataOffset,0);
187 SIVAL(outbuf,smb_ntr_DataDisplacement, 0);
188 } else {
189 /*
190 * The offset of the data bytes is the offset of the
191 * parameter bytes plus the number of parameters being sent this time.
192 */
193
194 SIVAL(outbuf,smb_ntr_DataOffset,((smb_buf(outbuf)+alignment_offset) -
195 smb_base(outbuf)) + params_sent_thistime + data_alignment_offset);
196 SIVAL(outbuf,smb_ntr_DataDisplacement, pd - pdata);
197 }
198
199 /*
200 * Copy the param bytes into the packet.
201 */
202
203 if(params_sent_thistime)
204 memcpy((smb_buf(outbuf)+alignment_offset),pp,params_sent_thistime);
205
206 /*
207 * Copy in the data bytes
208 */
209
210 if(data_sent_thistime)
211 memcpy(smb_buf(outbuf)+alignment_offset+params_sent_thistime+
212 data_alignment_offset,pd,data_sent_thistime);
213
214 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
215 params_sent_thistime, data_sent_thistime, useable_space));
216 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
217 params_to_send, data_to_send, paramsize, datasize));
218
219 /* Send the packet */
220 send_smb(smbd_server_fd(),outbuf);
221
222 pp += params_sent_thistime;
223 pd += data_sent_thistime;
224
225 params_to_send -= params_sent_thistime;
226 data_to_send -= data_sent_thistime;
227
228 /*
229 * Sanity check
230 */
231
232 if(params_to_send < 0 || data_to_send < 0) {
233 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
234 params_to_send, data_to_send));
235 return -1;
236 }
237 }
238
239 return 0;
240 }
241
242 /****************************************************************************
243 (Hopefully) temporary call to fix bugs in NT5.0beta2. This OS sends unicode
244 strings in NT calls AND DOESN'T SET THE UNICODE BIT !!!!!!!
245 ****************************************************************************/
246
247 static void get_filename( char *fname, char *inbuf, int data_offset, int data_len, int fname_len)
248 {
249 /*
250 * We need various heuristics here to detect a unicode string... JRA.
251 */
252
253 DEBUG(10,("get_filename: data_offset = %d, data_len = %d, fname_len = %d\n",
254 data_offset, data_len, fname_len ));
255
256 if(data_len - fname_len > 1) {
257 /*
258 * NT 5.0 Beta 2 has kindly sent us a UNICODE string
259 * without bothering to set the unicode bit. How kind.
260 *
261 * Firstly - ensure that the data offset is aligned
262 * on a 2 byte boundary - add one if not.
263 */
264 fname_len = fname_len/2;
265 if(data_offset & 1)
266 data_offset++;
267 pstrcpy(fname, dos_unistrn2((uint16 *)(inbuf+data_offset), fname_len));
268 } else {
269 StrnCpy(fname,inbuf+data_offset,fname_len);
270 fname[fname_len] = '\0';
271 }
272 }
273
274 /****************************************************************************
275 Fix bugs in Win2000 final release. In trans calls this OS sends unicode
276 strings AND DOESN'T SET THE UNICODE BIT !!!!!!!
277 ****************************************************************************/
278
279 static void get_filename_transact( char *fname, char *inbuf, int data_offset, int data_len, int fname_len)
280 {
281 /*
282 * We need various heuristics here to detect a unicode string... JRA.
283 */
284
285 DEBUG(10,("get_filename_transact: data_offset = %d, data_len = %d, fname_len = %d\n",
286 data_offset, data_len, fname_len ));
287
288 /*
289 * Win2K sends a unicode filename plus one extra alingment byte.
290 * WinNT4.x send an ascii string with multiple garbage bytes on
291 * the end here.
292 */
293
294 if((data_len - fname_len == 1) || (inbuf[data_offset] == '\0')) {
295 /*
296 * Ensure that the data offset is aligned
297 * on a 2 byte boundary - add one if not.
298 */
299 fname_len = fname_len/2;
300 if(data_offset & 1)
301 data_offset++;
302 pstrcpy(fname, dos_unistrn2((uint16 *)(inbuf+data_offset), fname_len));
303 } else {
304 StrnCpy(fname,inbuf+data_offset,fname_len);
305 fname[fname_len] = '\0';
306 }
307 }
308
309 /****************************************************************************
310 Save case statics.
311 ****************************************************************************/
312
313 static BOOL saved_case_sensitive;
314 static BOOL saved_case_preserve;
315 static BOOL saved_short_case_preserve;
316
317 /****************************************************************************
318 Save case semantics.
319 ****************************************************************************/
320
321 static void set_posix_case_semantics(uint32 file_attributes)
322 {
323 if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS))
324 return;
325
326 saved_case_sensitive = case_sensitive;
327 saved_case_preserve = case_preserve;
328 saved_short_case_preserve = short_case_preserve;
329
330 /* Set to POSIX. */
331 case_sensitive = True;
332 case_preserve = True;
333 short_case_preserve = True;
334 }
335
336 /****************************************************************************
337 Restore case semantics.
338 ****************************************************************************/
339
340 static void restore_case_semantics(uint32 file_attributes)
341 {
342 if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS))
343 return;
344
345 case_sensitive = saved_case_sensitive;
346 case_preserve = saved_case_preserve;
347 short_case_preserve = saved_short_case_preserve;
348 }
349
350 /****************************************************************************
351 Utility function to map create disposition.
352 ****************************************************************************/
353
354 static int map_create_disposition( uint32 create_disposition)
355 {
356 int ret;
357
358 switch( create_disposition ) {
359 case FILE_CREATE:
360 /* create if not exist, fail if exist */
361 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_FAIL);
362 break;
363 case FILE_SUPERSEDE:
364 case FILE_OVERWRITE_IF:
365 /* create if not exist, trunc if exist */
366 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE);
367 break;
368 case FILE_OPEN:
369 /* fail if not exist, open if exists */
370 ret = (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN);
371 break;
372 case FILE_OPEN_IF:
373 /* create if not exist, open if exists */
374 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_OPEN);
375 break;
376 case FILE_OVERWRITE:
377 /* fail if not exist, truncate if exists */
378 ret = (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE);
379 break;
380 default:
381 DEBUG(0,("map_create_disposition: Incorrect value for create_disposition = %d\n",
382 create_disposition ));
383 return -1;
384 }
385
386 DEBUG(10,("map_create_disposition: Mapped create_disposition %lx to %x\n",
387 (unsigned long)create_disposition, ret ));
388
389 return ret;
390 }
391
392 /****************************************************************************
393 Utility function to map share modes.
394 ****************************************************************************/
395
396 static int map_share_mode( BOOL *pstat_open_only, char *fname,
397 uint32 desired_access, uint32 share_access, uint32 file_attributes)
398 {
399 int smb_open_mode = -1;
400
401 *pstat_open_only = False;
402
403 switch( desired_access & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA) ) {
404 case FILE_READ_DATA:
405 smb_open_mode = DOS_OPEN_RDONLY;
406 break;
407 case FILE_WRITE_DATA:
408 case FILE_APPEND_DATA:
409 case FILE_WRITE_DATA|FILE_APPEND_DATA:
410 smb_open_mode = DOS_OPEN_WRONLY;
411 break;
412 case FILE_READ_DATA|FILE_WRITE_DATA:
413 case FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA:
414 case FILE_READ_DATA|FILE_APPEND_DATA:
415 smb_open_mode = DOS_OPEN_RDWR;
416 break;
417 }
418
419 /*
420 * NB. For DELETE_ACCESS we should really check the
421 * directory permissions, as that is what controls
422 * delete, and for WRITE_DAC_ACCESS we should really
423 * check the ownership, as that is what controls the
424 * chmod. Note that this is *NOT* a security hole (this
425 * note is for you, Andrew) as we are not *allowing*
426 * the access at this point, the actual unlink or
427 * chown or chmod call would do this. We are just helping
428 * clients out by telling them if they have a hope
429 * of any of this succeeding. POSIX acls may still
430 * deny the real call. JRA.
431 */
432
433 if (smb_open_mode == -1) {
434
435 if(desired_access == WRITE_DAC_ACCESS || desired_access == READ_CONTROL_ACCESS)
436 *pstat_open_only = True;
437
438 if(desired_access & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|
439 FILE_EXECUTE|FILE_READ_ATTRIBUTES|
440 FILE_READ_EA|FILE_WRITE_EA|SYSTEM_SECURITY_ACCESS|
441 FILE_WRITE_ATTRIBUTES|READ_CONTROL_ACCESS)) {
442 smb_open_mode = DOS_OPEN_RDONLY;
443 } else if(desired_access == 0) {
444
445 /*
446 * JRA - NT seems to sometimes send desired_access as zero. play it safe
447 * and map to a stat open.
448 */
449
450 *pstat_open_only = True;
451 smb_open_mode = DOS_OPEN_RDONLY;
452
453 } else {
454 DEBUG(0,("map_share_mode: Incorrect value %lx for desired_access to file %s\n",
455 (unsigned long)desired_access, fname));
456 return -1;
457 }
458 }
459
460 /*
461 * Set the special bit that means allow share delete.
462 * This is held outside the normal share mode bits at 1<<15.
463 * JRA.
464 */
465
466 if(share_access & FILE_SHARE_DELETE)
467 smb_open_mode |= ALLOW_SHARE_DELETE;
468
469 /* Add in the requested share mode. */
470 switch( share_access & (FILE_SHARE_READ|FILE_SHARE_WRITE)) {
471 case FILE_SHARE_READ:
472 smb_open_mode |= SET_DENY_MODE(DENY_WRITE);
473 break;
474 case FILE_SHARE_WRITE:
475 smb_open_mode |= SET_DENY_MODE(DENY_READ);
476 break;
477 case (FILE_SHARE_READ|FILE_SHARE_WRITE):
478 smb_open_mode |= SET_DENY_MODE(DENY_NONE);
479 break;
480 case FILE_SHARE_NONE:
481 smb_open_mode |= SET_DENY_MODE(DENY_ALL);
482 break;
483 }
484
485 /*
486 * Handle an O_SYNC request.
487 */
488
489 if(file_attributes & FILE_FLAG_WRITE_THROUGH)
490 smb_open_mode |= FILE_SYNC_OPENMODE;
491
492 DEBUG(10,("map_share_mode: Mapped desired access %lx, share access %lx, file attributes %lx \
493 to open_mode %x\n", (unsigned long)desired_access, (unsigned long)share_access,
494 (unsigned long)file_attributes, smb_open_mode ));
495
496 return smb_open_mode;
497 }
498
499 #if 0
500 /*
501 * This is a *disgusting* hack.
502 * This is *so* bad that even I'm embarrassed (and I
503 * have no shame). Here's the deal :
504 * Until we get the correct SPOOLSS code into smbd
505 * then when we're running with NT SMB support then
506 * NT makes this call with a level of zero, and then
507 * immediately follows it with an open request to
508 * the \\SRVSVC pipe. If we allow that open to
509 * succeed then NT barfs when it cannot open the
510 * \\SPOOLSS pipe immediately after and continually
511 * whines saying "Printer name is invalid" forever
512 * after. If we cause *JUST THIS NEXT OPEN* of \\SRVSVC
513 * to fail, then NT downgrades to using the downlevel code
514 * and everything works as well as before. I hate
515 * myself for adding this code.... JRA.
516 *
517 * The HACK_FAIL_TIME define allows only a 2
518 * second window for this to occur, just in
519 * case...
520 */
521
522 static BOOL fail_next_srvsvc = False;
523 static time_t fail_time;
524 #define HACK_FAIL_TIME 2 /* In seconds. */
525
526 void fail_next_srvsvc_open(void)
527 {
528 /* Check client is WinNT proper; Win2K doesn't like Jeremy's hack - matty */
529 if (get_remote_arch() != RA_WINNT)
530 return;
531
532 fail_next_srvsvc = True;
533 fail_time = time(NULL);
534 DEBUG(10,("fail_next_srvsvc_open: setting up timeout close of \\srvsvc pipe for print fix.\n"));
535 }
536
537 /*
538 * HACK alert.... see above - JRA.
539 */
540
541 BOOL should_fail_next_srvsvc_open(const char *pipename)
542 {
543
544 DEBUG(10,("should_fail_next_srvsvc_open: fail = %d, pipe = %s\n",
545 (int)fail_next_srvsvc, pipename));
546
547 if(fail_next_srvsvc && (time(NULL) > fail_time + HACK_FAIL_TIME)) {
548 fail_next_srvsvc = False;
549 fail_time = (time_t)0;
550 DEBUG(10,("should_fail_next_srvsvc_open: End of timeout close of \\srvsvc pipe for print fix.\n"));
551 }
552
553 if(fail_next_srvsvc && strequal(pipename, "srvsvc")) {
554 fail_next_srvsvc = False;
555 DEBUG(10,("should_fail_next_srvsvc_open: Deliberately failing open of \\srvsvc pipe for print fix.\n"));
556 return True;
557 }
558 return False;
559 }
560 #endif
561
562 /****************************************************************************
563 Reply to an NT create and X call on a pipe.
564 ****************************************************************************/
565 static int nt_open_pipe(char *fname, connection_struct *conn,
566 char *inbuf, char *outbuf, int *ppnum)
567 {
568 pipes_struct *p = NULL;
569
570 uint16 vuid = SVAL(inbuf, smb_uid);
571 int i;
572
573 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
574
575 /* See if it is one we want to handle. */
576 for( i = 0; known_nt_pipes[i]; i++ )
577 if( strequal(fname,known_nt_pipes[i]))
578 break;
579
580 if ( known_nt_pipes[i] == NULL )
581 return(ERROR(ERRSRV,ERRaccess));
582
583 /* Strip \\ off the name. */
584 fname++;
585
586 #if 0
587 if(should_fail_next_srvsvc_open(fname))
588 return (ERROR(ERRSRV,ERRaccess));
589 #endif
590
591 DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
592
593 p = open_rpc_pipe_p(fname, conn, vuid);
594 if (!p)
595 return(ERROR(ERRSRV,ERRnofids));
596
597 *ppnum = p->pnum;
598
599 return 0;
600 }
601
602 /****************************************************************************
603 Reply to an NT create and X call for pipes.
604 ****************************************************************************/
605
606 static int do_ntcreate_pipe_open(connection_struct *conn,
607 char *inbuf,char *outbuf,int length,int bufsize)
608 {
609 pstring fname;
610 int ret;
611 int pnum = -1;
612 char *p = NULL;
613 uint32 fname_len = MIN(((uint32)SVAL(inbuf,smb_ntcreate_NameLength)),
614 ((uint32)sizeof(fname)-1));
615
616 get_filename(fname, inbuf, smb_buf(inbuf)-inbuf,
617 smb_buflen(inbuf),fname_len);
618 if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0)
619 return ret;
620
621 /*
622 * Deal with pipe return.
623 */
624
625 set_message(outbuf,34,0,True);
626
627 p = outbuf + smb_vwv2;
628 p++;
629 SSVAL(p,0,pnum);
630 p += 2;
631 SIVAL(p,0,FILE_WAS_OPENED);
632 p += 4;
633 p += 32;
634 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
635 p += 20;
636 /* File type. */
637 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
638 /* Device state. */
639 SSVAL(p,2, 0x5FF); /* ? */
640
641 DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname));
642
643 return chain_reply(inbuf,outbuf,length,bufsize);
644 }
645
646 /****************************************************************************
647 Reply to an NT create and X call.
648 ****************************************************************************/
649
650 int reply_ntcreate_and_X(connection_struct *conn,
651 char *inbuf,char *outbuf,int length,int bufsize)
652 {
653 pstring fname;
654 uint32 flags = IVAL(inbuf,smb_ntcreate_Flags);
655 uint32 desired_access = IVAL(inbuf,smb_ntcreate_DesiredAccess);
656 uint32 file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
657 uint32 share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
658 uint32 create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
659 uint32 create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
660 uint32 fname_len = MIN(((uint32)SVAL(inbuf,smb_ntcreate_NameLength)),
661 ((uint32)sizeof(fname)-1));
662 uint16 root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
663 int smb_ofun;
664 int smb_open_mode;
665 int smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK);
666 /* Breakout the oplock request bits so we can set the
667 reply bits separately. */
668 int oplock_request = 0;
669 mode_t unixmode;
670 int fmode=0,rmode=0;
671 SMB_OFF_T file_len = 0;
672 SMB_STRUCT_STAT sbuf;
673 int smb_action = 0;
674 BOOL bad_path = False;
675 files_struct *fsp=NULL;
676 char *p = NULL;
677 BOOL stat_open_only = False;
678
679 /* If it's an IPC, use the pipe handler. */
680
681 if (IS_IPC(conn)) {
682 if (lp_nt_pipe_support())
683 return do_ntcreate_pipe_open(conn,inbuf,outbuf,length,bufsize);
684 else
685 return(ERROR(ERRDOS,ERRbadaccess));
686 }
687
688
689 /*
690 * We need to construct the open_and_X ofun value from the
691 * NT values, as that's what our code is structured to accept.
692 */
693
694 if((smb_ofun = map_create_disposition( create_disposition )) == -1)
695 return(ERROR(ERRDOS,ERRbadaccess));
696
697 /*
698 * Get the file name.
699 */
700
701 if(root_dir_fid != 0) {
702 /*
703 * This filename is relative to a directory fid.
704 */
705 files_struct *dir_fsp = file_fsp(inbuf,smb_ntcreate_RootDirectoryFid);
706 size_t dir_name_len;
707
708 if(!dir_fsp)
709 return(ERROR(ERRDOS,ERRbadfid));
710
711 if(!dir_fsp->is_directory) {
712 /*
713 * Check to see if this is a mac fork of some kind.
714 */
715
716 get_filename(&fname[0], inbuf, smb_buf(inbuf)-inbuf,
717 smb_buflen(inbuf),fname_len);
718
719 if( fname[0] == ':') {
720 SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
721 return(ERROR(0, NT_STATUS_OBJECT_PATH_NOT_FOUND));
722 }
723 return(ERROR(ERRDOS,ERRbadfid));
724 }
725
726 /*
727 * Copy in the base directory name.
728 */
729
730 pstrcpy( fname, dir_fsp->fsp_name );
731 dir_name_len = strlen(fname);
732
733 /*
734 * Ensure it ends in a '\'.
735 */
736
737 if(fname[dir_name_len-1] != '\\' && fname[dir_name_len-1] != '/') {
738 pstrcat(fname, "\\");
739 dir_name_len++;
740 }
741
742 /*
743 * This next calculation can refuse a correct filename if we're dealing
744 * with the Win2k unicode bug, but that would be rare. JRA.
745 */
746
747 if(fname_len + dir_name_len >= sizeof(pstring))
748 return(ERROR(ERRSRV,ERRfilespecs));
749
750 get_filename(&fname[dir_name_len], inbuf, smb_buf(inbuf)-inbuf,
751 smb_buflen(inbuf),fname_len);
752
753 } else {
754
755 get_filename(fname, inbuf, smb_buf(inbuf)-inbuf,
756 smb_buflen(inbuf),fname_len);
757 }
758
759 /*
760 * Now contruct the smb_open_mode value from the filename,
761 * desired access and the share access.
762 */
763 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
764
765 if((smb_open_mode = map_share_mode(&stat_open_only, fname, desired_access,
766 share_access,
767 file_attributes)) == -1)
768 return(ERROR(ERRDOS,ERRbadaccess));
769
770 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
771 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
772
773 /*
774 * Ordinary file or directory.
775 */
776
777 /*
778 * Check if POSIX semantics are wanted.
779 */
780
781 set_posix_case_semantics(file_attributes);
782
783 unix_convert(fname,conn,0,&bad_path,NULL);
784
785 unixmode = unix_mode(conn,smb_attr | aARCH, fname);
786
787 /*
788 * If it's a request for a directory open, deal with it separately.
789 */
790
791 if(create_options & FILE_DIRECTORY_FILE) {
792 oplock_request = 0;
793
794 fsp = open_directory(conn, fname, smb_ofun, unixmode, &smb_action);
795
796 restore_case_semantics(file_attributes);
797
798 if(!fsp) {
799 return(UNIXERROR(ERRDOS,ERRnoaccess));
800 }
801 } else {
802 /*
803 * Ordinary file case.
804 */
805
806 /* NB. We have a potential bug here. If we
807 * cause an oplock break to ourselves, then we
808 * could end up processing filename related
809 * SMB requests whilst we await the oplock
810 * break response. As we may have changed the
811 * filename case semantics to be POSIX-like,
812 * this could mean a filename request could
813 * fail when it should succeed. This is a rare
814 * condition, but eventually we must arrange
815 * to restore the correct case semantics
816 * before issuing an oplock break request to
817 * our client. JRA. */
818
819 fsp = open_file_shared(conn,fname,smb_open_mode,
820 smb_ofun,unixmode, oplock_request,&rmode,&smb_action);
821
822 if (!fsp) {
823 /* We cheat here. There are two cases we
824 * care about. One is a directory rename,
825 * where the NT client will attempt to
826 * open the source directory for
827 * DELETE access. Note that when the
828 * NT client does this it does *not*
829 * set the directory bit in the
830 * request packet. This is translated
831 * into a read/write open
832 * request. POSIX states that any open
833 * for write request on a directory
834 * will generate an EISDIR error, so
835 * we can catch this here and open a
836 * pseudo handle that is flagged as a
837 * directory. The second is an open
838 * for a permissions read only, which
839 * we handle in the open_file_stat case. JRA.
840 */
841
842 if(errno == EISDIR) {
843
844 /*
845 * Fail the open if it was explicitly a non-directory file.
846 */
847
848 if (create_options & FILE_NON_DIRECTORY_FILE) {
849 restore_case_semantics(file_attributes);
850 SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
851 return(ERROR(0, NT_STATUS_FILE_IS_A_DIRECTORY));
852 }
853
854 oplock_request = 0;
855 fsp = open_directory(conn, fname, smb_ofun, unixmode, &smb_action);
856
857 if(!fsp) {
858 restore_case_semantics(file_attributes);
859 return(UNIXERROR(ERRDOS,ERRnoaccess));
860 }
861 #ifdef EROFS
862 } else if (((errno == EACCES) || (errno == EROFS)) && stat_open_only) {
863 #else /* !EROFS */
864 } else if (errno == EACCES && stat_open_only) {
865 #endif
866 /*
867 * We couldn't open normally and all we want
868 * are the permissions. Try and do a stat open.
869 */
870
871 oplock_request = 0;
872
873 fsp = open_file_stat(conn,fname,smb_open_mode,&sbuf,&smb_action);
874
875 if(!fsp) {
876 restore_case_semantics(file_attributes);
877 return(UNIXERROR(ERRDOS,ERRnoaccess));
878 }
879
880 } else {
881
882 if((errno == ENOENT) && bad_path) {
883 unix_ERR_class = ERRDOS;
884 unix_ERR_code = ERRbadpath;
885 }
886
887 restore_case_semantics(file_attributes);
888
889 return(UNIXERROR(ERRDOS,ERRnoaccess));
890 }
891 }
892 }
893
894 if(fsp->is_directory) {
895 if(conn->vfs_ops.stat(conn,dos_to_unix(fsp->fsp_name, False), &sbuf) != 0) {
896 close_file(fsp,True);
897 restore_case_semantics(file_attributes);
898 return(ERROR(ERRDOS,ERRnoaccess));
899 }
900 } else {
901 if (conn->vfs_ops.fstat(fsp,fsp->fd,&sbuf) != 0) {
902 close_file(fsp,False);
903 restore_case_semantics(file_attributes);
904 return(ERROR(ERRDOS,ERRnoaccess));
905 }
906 }
907
908 restore_case_semantics(file_attributes);
909
910 file_len = sbuf.st_size;
911 fmode = dos_mode(conn,fname,&sbuf);
912 if(fmode == 0)
913 fmode = FILE_ATTRIBUTE_NORMAL;
914 if (!fsp->is_directory && (fmode & aDIR)) {
915 close_file(fsp,False);
916 return(ERROR(ERRDOS,ERRnoaccess));
917 }
918
919 /*
920 * If the caller set the extended oplock request bit
921 * and we granted one (by whatever means) - set the
922 * correct bit for extended oplock reply.
923 */
924
925 if (oplock_request && lp_fake_oplocks(SNUM(conn)))
926 smb_action |= EXTENDED_OPLOCK_GRANTED;
927
928 if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
929 smb_action |= EXTENDED_OPLOCK_GRANTED;
930
931 set_message(outbuf,34,0,True);
932
933 p = outbuf + smb_vwv2;
934
935 /*
936 * Currently as we don't support level II oplocks we just report
937 * exclusive & batch here.
938 */
939
940 if (smb_action & EXTENDED_OPLOCK_GRANTED)
941 SCVAL(p,0, BATCH_OPLOCK_RETURN);
942 else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type))
943 SCVAL(p,0, LEVEL_II_OPLOCK_RETURN);
944 else
945 SCVAL(p,0,NO_OPLOCK_RETURN);
946
947 p++;
948 SSVAL(p,0,fsp->fnum);
949 p += 2;
950 SIVAL(p,0,smb_action);
951 p += 4;
952
953 /* Create time. */
954 put_long_date(p,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
955 p += 8;
956 put_long_date(p,sbuf.st_atime); /* access time */
957 p += 8;
958 put_long_date(p,sbuf.st_mtime); /* write time */
959 p += 8;
960 put_long_date(p,sbuf.st_mtime); /* change time */
961 p += 8;
962 SIVAL(p,0,fmode); /* File Attributes. */
963 p += 4;
964 SOFF_T(p, 0, file_len);
965 p += 8;
966 SOFF_T(p,0,file_len);
967 p += 12;
968 SCVAL(p,0,fsp->is_directory ? 1 : 0);
969
970 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp->fnum, fsp->fsp_name));
971
972 return chain_reply(inbuf,outbuf,length,bufsize);
973 }
974
975 /****************************************************************************
976 Reply to a NT_TRANSACT_CREATE call to open a pipe.
977 ****************************************************************************/
978
979 static int do_nt_transact_create_pipe( connection_struct *conn,
980 char *inbuf, char *outbuf, int length,
981 int bufsize, char **ppsetup, char **ppparams,
982 char **ppdata)
983 {
984 pstring fname;
985 uint32 fname_len;
986 int total_parameter_count = (int)IVAL(inbuf, smb_nt_TotalParameterCount);
987 char *params = *ppparams;
988 int ret;
989 int pnum = -1;
990 char *p = NULL;
991
992 /*
993 * Ensure minimum number of parameters sent.
994 */
995
996 if(total_parameter_count < 54) {
997 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)total_parameter_count));
998 return(ERROR(ERRDOS,ERRbadaccess));
999 }
1000
1001 fname_len = MIN(((uint32)IVAL(params,44)),((uint32)sizeof(fname)-1));
1002
1003 get_filename_transact(&fname[0], params, 53,
1004 total_parameter_count - 53 - fname_len, fname_len);
1005
1006 if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0)
1007 return ret;
1008
1009 /* Realloc the size of parameters and data we will return */
1010 params = *ppparams = Realloc(*ppparams, 69);
1011 if(params == NULL)
1012 return(ERROR(ERRDOS,ERRnomem));
1013
1014 memset((char *)params,'\0',69);
1015
1016 p = params;
1017 SCVAL(p,0,NO_OPLOCK_RETURN);
1018
1019 p += 2;
1020 SSVAL(p,0,pnum);
1021 p += 2;
1022 SIVAL(p,0,FILE_WAS_OPENED);
1023 p += 8;
1024
1025 p += 32;
1026 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
1027 p += 20;
1028 /* File type. */
1029 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
1030 /* Device state. */
1031 SSVAL(p,2, 0x5FF); /* ? */
1032
1033 DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname));
1034
1035 /* Send the required number of replies */
1036 send_nt_replies(inbuf, outbuf, bufsize, 0, params, 69, *ppdata, 0);
1037
1038 return -1;
1039 }
1040
1041 /****************************************************************************
1042 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
1043 ****************************************************************************/
1044
1045 static int call_nt_transact_create(connection_struct *conn,
1046 char *inbuf, char *outbuf, int length,
1047 int bufsize, char **ppsetup, char **ppparams,
1048 char **ppdata)
1049 {
1050 pstring fname;
1051 char *params = *ppparams;
1052 int total_parameter_count = (int)IVAL(inbuf, smb_nt_TotalParameterCount);
1053 /* Breakout the oplock request bits so we can set the
1054 reply bits separately. */
1055 int oplock_request = 0;
1056 mode_t unixmode;
1057 int fmode=0,rmode=0;
1058 SMB_OFF_T file_len = 0;
1059 SMB_STRUCT_STAT sbuf;
1060 int smb_action = 0;
1061 BOOL bad_path = False;
1062 files_struct *fsp = NULL;
1063 char *p = NULL;
1064 BOOL stat_open_only = False;
1065 uint32 flags;
1066 uint32 desired_access;
1067 uint32 file_attributes;
1068 uint32 share_access;
1069 uint32 create_disposition;
1070 uint32 create_options;
1071 uint32 fname_len;
1072 uint16 root_dir_fid;
1073 int smb_ofun;
1074 int smb_open_mode;
1075 int smb_attr;
1076
1077 DEBUG(5,("call_nt_transact_create\n"));
1078
1079 /*
1080 * If it's an IPC, use the pipe handler.
1081 */
1082
1083 if (IS_IPC(conn)) {
1084 if (lp_nt_pipe_support())
1085 return do_nt_transact_create_pipe(conn, inbuf, outbuf, length,
1086 bufsize, ppsetup, ppparams, ppdata);
1087 else
1088 return(ERROR(ERRDOS,ERRbadaccess));
1089 }
1090
1091 /*
1092 * Ensure minimum number of parameters sent.
1093 */
1094
1095 if(total_parameter_count < 54) {
1096 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)total_parameter_count));
1097 return(ERROR(ERRDOS,ERRbadaccess));
1098 }
1099
1100 flags = IVAL(params,0);
1101 desired_access = IVAL(params,8);
1102 file_attributes = IVAL(params,20);
1103 share_access = IVAL(params,24);
1104 create_disposition = IVAL(params,28);
1105 create_options = IVAL(params,32);
1106 fname_len = MIN(((uint32)IVAL(params,44)),((uint32)sizeof(fname)-1));
1107 root_dir_fid = (uint16)IVAL(params,4);
1108 smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK);
1109
1110 /*
1111 * We need to construct the open_and_X ofun value from the
1112 * NT values, as that's what our code is structured to accept.
1113 */
1114
1115 if((smb_ofun = map_create_disposition( create_disposition )) == -1)
1116 return(ERROR(ERRDOS,ERRbadmem));
1117
1118 /*
1119 * Get the file name.
1120 */
1121
1122 if(root_dir_fid != 0) {
1123 /*
1124 * This filename is relative to a directory fid.
1125 */
1126
1127 files_struct *dir_fsp = file_fsp(params,4);
1128 size_t dir_name_len;
1129
1130 if(!dir_fsp)
1131 return(ERROR(ERRDOS,ERRbadfid));
1132
1133 if(!dir_fsp->is_directory) {
1134 /*
1135 * Check to see if this is a mac fork of some kind.
1136 */
1137
1138 get_filename_transact(&fname[0], params, 53,
1139 total_parameter_count - 53 - fname_len, fname_len);
1140
1141 if( fname[0] == ':') {
1142 SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
1143 return(ERROR(0, NT_STATUS_OBJECT_PATH_NOT_FOUND));
1144 }
1145
1146 return(ERROR(ERRDOS,ERRbadfid));
1147 }
1148
1149 /*
1150 * Copy in the base directory name.
1151 */
1152
1153 pstrcpy( fname, dir_fsp->fsp_name );
1154 dir_name_len = strlen(fname);
1155
1156 /*
1157 * Ensure it ends in a '\'.
1158 */
1159
1160 if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) {
1161 pstrcat(fname, "\\");
1162 dir_name_len++;
1163 }
1164
1165 /*
1166 * This next calculation can refuse a correct filename if we're dealing
1167 * with the Win2k unicode bug, but that would be rare. JRA.
1168 */
1169
1170 if(fname_len + dir_name_len >= sizeof(pstring))
1171 return(ERROR(ERRSRV,ERRfilespecs));
1172
1173 get_filename_transact(&fname[dir_name_len], params, 53,
1174 total_parameter_count - 53 - fname_len, fname_len);
1175
1176 } else {
1177 get_filename_transact(&fname[0], params, 53,
1178 total_parameter_count - 53 - fname_len, fname_len);
1179 }
1180
1181 /*
1182 * Now contruct the smb_open_mode value from the desired access
1183 * and the share access.
1184 */
1185
1186 if((smb_open_mode = map_share_mode( &stat_open_only, fname, desired_access,
1187 share_access, file_attributes)) == -1)
1188 return(ERROR(ERRDOS,ERRbadaccess));
1189
1190 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
1191 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
1192
1193 /*
1194 * Check if POSIX semantics are wanted.
1195 */
1196
1197 set_posix_case_semantics(file_attributes);
1198
1199 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1200
1201 unix_convert(fname,conn,0,&bad_path,NULL);
1202
1203 unixmode = unix_mode(conn,smb_attr | aARCH, fname);
1204
1205 /*
1206 * If it's a request for a directory open, deal with it separately.
1207 */
1208
1209 if(create_options & FILE_DIRECTORY_FILE) {
1210
1211 oplock_request = 0;
1212
1213 /*
1214 * We will get a create directory here if the Win32
1215 * app specified a security descriptor in the
1216 * CreateDirectory() call.
1217 */
1218
1219 fsp = open_directory(conn, fname, smb_ofun, unixmode, &smb_action);
1220
1221 if(!fsp) {
1222 restore_case_semantics(file_attributes);
1223 return(UNIXERROR(ERRDOS,ERRnoaccess));
1224 }
1225
1226 if(conn->vfs_ops.stat(conn,dos_to_unix(fsp->fsp_name, False),
1227 &sbuf) != 0) {
1228 close_file(fsp,True);
1229 restore_case_semantics(file_attributes);
1230 return(ERROR(ERRDOS,ERRnoaccess));
1231 }
1232
1233 } else {
1234
1235 /*
1236 * Ordinary file case.
1237 */
1238
1239 fsp = open_file_shared(conn,fname,smb_open_mode,smb_ofun,unixmode,
1240 oplock_request,&rmode,&smb_action);
1241
1242 if (!fsp) {
1243
1244 if(errno == EISDIR) {
1245
1246 /*
1247 * Fail the open if it was explicitly a non-directory file.
1248 */
1249
1250 if (create_options & FILE_NON_DIRECTORY_FILE) {
1251 restore_case_semantics(file_attributes);
1252 SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
1253 return(ERROR(0, NT_STATUS_FILE_IS_A_DIRECTORY));
1254 }
1255
1256 oplock_request = 0;
1257 fsp = open_directory(conn, fname, smb_ofun, unixmode, &smb_action);
1258
1259 if(!fsp) {
1260 restore_case_semantics(file_attributes);
1261 return(UNIXERROR(ERRDOS,ERRnoaccess));
1262 }
1263 #ifdef EROFS
1264 } else if (((errno == EACCES) || (errno == EROFS)) && stat_open_only) {
1265 #else /* !EROFS */
1266 } else if (errno == EACCES && stat_open_only) {
1267 #endif
1268
1269 /*
1270 * We couldn't open normally and all we want
1271 * are the permissions. Try and do a stat open.
1272 */
1273
1274 oplock_request = 0;
1275
1276 fsp = open_file_stat(conn,fname,smb_open_mode,&sbuf,&smb_action);
1277
1278 if(!fsp) {
1279 restore_case_semantics(file_attributes);
1280 return(UNIXERROR(ERRDOS,ERRnoaccess));
1281 }
1282 } else {
1283
1284 if((errno == ENOENT) && bad_path) {
1285 unix_ERR_class = ERRDOS;
1286 unix_ERR_code = ERRbadpath;
1287 }
1288
1289 restore_case_semantics(file_attributes);
1290
1291 return(UNIXERROR(ERRDOS,ERRnoaccess));
1292 }
1293 }
1294
1295 if(fsp->is_directory) {
1296 if(conn->vfs_ops.stat(conn,dos_to_unix(fsp->fsp_name,False), &sbuf) != 0) {
1297 close_file(fsp,True);
1298 restore_case_semantics(file_attributes);
1299 return(ERROR(ERRDOS,ERRnoaccess));
1300 }
1301 } else {
1302 if (!fsp->stat_open && conn->vfs_ops.fstat(fsp,fsp->fd,&sbuf) != 0) {
1303 close_file(fsp,False);
1304 restore_case_semantics(file_attributes);
1305 return(ERROR(ERRDOS,ERRnoaccess));
1306 }
1307 }
1308
1309 file_len = sbuf.st_size;
1310 fmode = dos_mode(conn,fname,&sbuf);
1311 if(fmode == 0)
1312 fmode = FILE_ATTRIBUTE_NORMAL;
1313
1314 if (fmode & aDIR) {
1315 close_file(fsp,False);
1316 restore_case_semantics(file_attributes);
1317 return(ERROR(ERRDOS,ERRnoaccess));
1318 }
1319
1320 /*
1321 * If the caller set the extended oplock request bit
1322 * and we granted one (by whatever means) - set the
1323 * correct bit for extended oplock reply.
1324 */
1325
1326 if (oplock_request && lp_fake_oplocks(SNUM(conn)))
1327 smb_action |= EXTENDED_OPLOCK_GRANTED;
1328
1329 if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
1330 smb_action |= EXTENDED_OPLOCK_GRANTED;
1331 }
1332
1333 restore_case_semantics(file_attributes);
1334
1335 /* Realloc the size of parameters and data we will return */
1336 params = *ppparams = Realloc(*ppparams, 69);
1337 if(params == NULL)
1338 return(ERROR(ERRDOS,ERRnomem));
1339
1340 memset((char *)params,'\0',69);
1341
1342 p = params;
1343 if (smb_action & EXTENDED_OPLOCK_GRANTED)
1344 SCVAL(p,0, BATCH_OPLOCK_RETURN);
1345 else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type))
1346 SCVAL(p,0, LEVEL_II_OPLOCK_RETURN);
1347 else
1348 SCVAL(p,0,NO_OPLOCK_RETURN);
1349
1350 p += 2;
1351 SSVAL(p,0,fsp->fnum);
1352 p += 2;
1353 SIVAL(p,0,smb_action);
1354 p += 8;
1355
1356 /* Create time. */
1357 put_long_date(p,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
1358 p += 8;
1359 put_long_date(p,sbuf.st_atime); /* access time */
1360 p += 8;
1361 put_long_date(p,sbuf.st_mtime); /* write time */
1362 p += 8;
1363 put_long_date(p,sbuf.st_mtime); /* change time */
1364 p += 8;
1365 SIVAL(p,0,fmode); /* File Attributes. */
1366 p += 4;
1367 SOFF_T(p,0,file_len);
1368 p += 8;
1369 SOFF_T(p,0,file_len);
1370
1371 DEBUG(5,("call_nt_transact_create: open name = %s\n", fname));
1372
1373 /* Send the required number of replies */
1374 send_nt_replies(inbuf, outbuf, bufsize, 0, params, 69, *ppdata, 0);
1375
1376 return -1;
1377 }
1378
1379 /****************************************************************************
1380 Reply to a NT CANCEL request.
1381 ****************************************************************************/
1382 int reply_ntcancel(connection_struct *conn,
1383 char *inbuf,char *outbuf,int length,int bufsize)
1384 {
1385 /*
1386 * Go through and cancel any pending change notifies.
1387 */
1388
1389 int mid = SVAL(inbuf,smb_mid);
1390 remove_pending_change_notify_requests_by_mid(mid);
1391 remove_pending_lock_requests_by_mid(mid);
1392
1393 DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", mid));
1394
1395 return(-1);
1396 }
1397
1398 /****************************************************************************
1399 Reply to an unsolicited SMBNTtranss - just ignore it!
1400 ****************************************************************************/
1401 int reply_nttranss(connection_struct *conn,
1402 char *inbuf,char *outbuf,int length,int bufsize)
1403 {
1404 DEBUG(4,("Ignoring nttranss of length %d\n",length));
1405 return(-1);
1406 }
1407
1408 /****************************************************************************
1409 Reply to a notify change - queue the request and
1410 don't allow a directory to be opened.
1411 ****************************************************************************/
1412 static int call_nt_transact_notify_change(connection_struct *conn,
1413 char *inbuf, char *outbuf, int length,
1414 int bufsize,
1415 char **ppsetup,
1416 char **ppparams, char **ppdata)
1417 {
1418 char *setup = *ppsetup;
1419 files_struct *fsp;
1420 uint32 flags;
1421
1422 fsp = file_fsp(setup,4);
1423 flags = IVAL(setup, 0);
1424
1425 DEBUG(3,("call_nt_transact_notify_change\n"));
1426
1427 if(!fsp)
1428 return(ERROR(ERRDOS,ERRbadfid));
1429
1430 if((!fsp->is_directory) || (conn != fsp->conn))
1431 return(ERROR(ERRDOS,ERRbadfid));
1432
1433 if (!change_notify_set(inbuf, fsp, conn, flags)) {
1434 return(UNIXERROR(ERRDOS,ERRbadfid));
1435 }
1436
1437 DEBUG(3,("call_nt_transact_notify_change: notify change called on directory \
1438 name = %s\n", fsp->fsp_name ));
1439
1440 return -1;
1441 }
1442
1443 /****************************************************************************
1444 Reply to an NT transact rename command.
1445 ****************************************************************************/
1446
1447 static int call_nt_transact_rename(connection_struct *conn,
1448 char *inbuf, char *outbuf, int length,
1449 int bufsize,
1450 char **ppsetup, char **ppparams, char **ppdata)
1451 {
1452 char *params = *ppparams;
1453 pstring new_name;
1454 files_struct *fsp = file_fsp(params, 0);
1455 BOOL replace_if_exists = (SVAL(params,2) & RENAME_REPLACE_IF_EXISTS) ? True : False;
1456 uint32 fname_len = MIN((((uint32)IVAL(inbuf,smb_nt_TotalParameterCount)-4)),
1457 ((uint32)sizeof(new_name)-1));
1458 int outsize = 0;
1459
1460 CHECK_FSP(fsp, conn);
1461 StrnCpy(new_name,params+4,fname_len);
1462 new_name[fname_len] = '\0';
1463
1464 outsize = rename_internals(conn, inbuf, outbuf, fsp->fsp_name,
1465 new_name, replace_if_exists);
1466 if(outsize == 0) {
1467 /*
1468 * Rename was successful.
1469 */
1470 send_nt_replies(inbuf, outbuf, bufsize, 0, NULL, 0, NULL, 0);
1471
1472 DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
1473 fsp->fsp_name, new_name));
1474
1475 outsize = -1;
1476
1477 /*
1478 * Win2k needs a changenotify request response before it will
1479 * update after a rename..
1480 */
1481
1482 process_pending_change_notify_queue((time_t)0);
1483 }
1484
1485 return(outsize);
1486 }
1487
1488
1489 /****************************************************************************
1490 Reply to query a security descriptor - currently this is not implemented (it
1491 is planned to be though). Right now it just returns the same thing NT would
1492 when queried on a FAT filesystem. JRA.
1493 ****************************************************************************/
1494
1495 static int call_nt_transact_query_security_desc(connection_struct *conn,
1496 char *inbuf, char *outbuf,
1497 int length, int bufsize,
1498 char **ppsetup, char **ppparams, char **ppdata)
1499 {
1500 uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount);
1501 char *params = *ppparams;
1502 char *data = *ppdata;
1503 prs_struct pd;
1504 SEC_DESC *psd = NULL;
1505 size_t sd_size;
1506 TALLOC_CTX *mem_ctx;
1507
1508 files_struct *fsp = file_fsp(params,0);
1509
1510 if(!fsp)
1511 return(ERROR(ERRDOS,ERRbadfid));
1512
1513 DEBUG(3,("call_nt_transact_query_security_desc: file = %s\n", fsp->fsp_name ));
1514
1515 params = *ppparams = Realloc(*ppparams, 4);
1516 if(params == NULL)
1517 return(ERROR(ERRDOS,ERRnomem));
1518
1519 /*
1520 * Get the permissions to return.
1521 */
1522
1523 if((sd_size = get_nt_acl(fsp, &psd)) == 0)
1524 return(UNIXERROR(ERRDOS,ERRnoaccess));
1525
1526 DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %d.\n",(int)sd_size));
1527
1528 SIVAL(params,0,(uint32)sd_size);
1529
1530 if(max_data_count < sd_size) {
1531
1532 free_sec_desc(&psd);
1533
1534 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_BUFFER_TOO_SMALL,
1535 params, 4, *ppdata, 0);
1536 return -1;
1537 }
1538
1539 /*
1540 * Allocate the data we will point this at.
1541 */
1542
1543 data = *ppdata = Realloc(*ppdata, sd_size);
1544 if(data == NULL) {
1545 free_sec_desc(&psd);
1546 return(ERROR(ERRDOS,ERRnomem));
1547 }
1548
1549 memset(data, '\0', sd_size);
1550
1551 /*
1552 * Init the parse struct we will marshall into.
1553 */
1554
1555 if ((mem_ctx = talloc_init()) == NULL) {
1556 DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
1557 free_sec_desc(&psd);
1558 return(ERROR(ERRDOS,ERRnomem));
1559 }
1560
1561 prs_init(&pd, 0, 4, mem_ctx, MARSHALL);
1562
1563 /*
1564 * Setup the prs_struct to point at the memory we just
1565 * allocated.
1566 */
1567
1568 prs_give_memory( &pd, data, (uint32)sd_size, False);
1569
1570 /*
1571 * Finally, linearize into the outgoing buffer.
1572 */
1573
1574 if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
1575 free_sec_desc(&psd);
1576 DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \
1577 security descriptor.\n"));
1578 /*
1579 * Return access denied for want of a better error message..
1580 */
1581 talloc_destroy(mem_ctx);
1582 return(UNIXERROR(ERRDOS,ERRnoaccess));
1583 }
1584
1585 /*
1586 * Now we can delete the security descriptor.
1587 */
1588
1589 free_sec_desc(&psd);
1590 talloc_destroy(mem_ctx);
1591
1592 send_nt_replies(inbuf, outbuf, bufsize, 0, params, 4, data, (int)sd_size);
1593 return -1;
1594 }
1595
1596 /****************************************************************************
1597 Reply to set a security descriptor. Map to UNIX perms.
1598 ****************************************************************************/
1599
1600 static int call_nt_transact_set_security_desc(connection_struct *conn,
1601 char *inbuf, char *outbuf, int length,
1602 int bufsize, char **ppsetup,
1603 char **ppparams, char **ppdata)
1604 {
1605 uint32 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
1606 char *params= *ppparams;
1607 char *data = *ppdata;
1608 prs_struct pd;
1609 SEC_DESC *psd = NULL;
1610 uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount);
1611 files_struct *fsp = NULL;
1612 uint32 security_info_sent = 0;
1613 TALLOC_CTX *mem_ctx;
1614 BOOL ret;
1615
1616 if(!lp_nt_acl_support())
1617 return(UNIXERROR(ERRDOS,ERRnoaccess));
1618
1619 if(total_parameter_count < 8)
1620 return(ERROR(ERRDOS,ERRbadfunc));
1621
1622 if((fsp = file_fsp(params,0)) == NULL)
1623 return(ERROR(ERRDOS,ERRbadfid));
1624
1625 security_info_sent = IVAL(params,4);
1626
1627 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
1628 (unsigned int)security_info_sent ));
1629
1630 /*
1631 * Init the parse struct we will unmarshall from.
1632 */
1633
1634 if ((mem_ctx = talloc_init()) == NULL) {
1635 DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
1636 return(ERROR(ERRDOS,ERRnomem));
1637 }
1638
1639 prs_init(&pd, 0, 4, mem_ctx, UNMARSHALL);
1640
1641 /*
1642 * Setup the prs_struct to point at the memory we just
1643 * allocated.
1644 */
1645
1646 prs_give_memory( &pd, data, total_data_count, False);
1647
1648 /*
1649 * Finally, unmarshall from the data buffer.
1650 */
1651
1652 if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
1653 free_sec_desc(&psd);
1654 DEBUG(0,("call_nt_transact_set_security_desc: Error in unmarshalling \
1655 security descriptor.\n"));
1656 /*
1657 * Return access denied for want of a better error message..
1658 */
1659 talloc_destroy(mem_ctx);
1660 return(UNIXERROR(ERRDOS,ERRnoaccess));
1661 }
1662
1663 ret = set_nt_acl( fsp, security_info_sent, psd);
1664
1665 if (!ret) {
1666 free_sec_desc(&psd);
1667 talloc_destroy(mem_ctx);
1668 return(UNIXERROR(ERRDOS,ERRnoaccess));
1669 }
1670
1671 free_sec_desc(&psd);
1672 talloc_destroy(mem_ctx);
1673 send_nt_replies(inbuf, outbuf, bufsize, 0, NULL, 0, NULL, 0);
1674 return -1;
1675 }
1676
1677 /****************************************************************************
1678 Reply to IOCTL - not implemented - no plans.
1679 ****************************************************************************/
1680 static int call_nt_transact_ioctl(connection_struct *conn,
1681 char *inbuf, char *outbuf, int length,
1682 int bufsize,
1683 char **ppsetup, char **ppparams, char **ppdata)
1684 {
1685 static BOOL logged_message = False;
1686
1687 if(!logged_message) {
1688 DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
1689 logged_message = True; /* Only print this once... */
1690 }
1691 return(ERROR(ERRSRV,ERRnosupport));
1692 }
1693
1694 /****************************************************************************
1695 Reply to a SMBNTtrans.
1696 ****************************************************************************/
1697 int reply_nttrans(connection_struct *conn,
1698 char *inbuf,char *outbuf,int length,int bufsize)
1699 {
1700 int outsize = 0;
1701 #if 0 /* Not used. */
1702 uint16 max_setup_count = CVAL(inbuf, smb_nt_MaxSetupCount);
1703 uint32 max_parameter_count = IVAL(inbuf, smb_nt_MaxParameterCount);
1704 uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount);
1705 #endif /* Not used. */
1706 uint32 total_parameter_count = IVAL(inbuf, smb_nt_TotalParameterCount);
1707 uint32 total_data_count = IVAL(inbuf, smb_nt_TotalDataCount);
1708 uint32 parameter_count = IVAL(inbuf,smb_nt_ParameterCount);
1709 uint32 parameter_offset = IVAL(inbuf,smb_nt_ParameterOffset);
1710 uint32 data_count = IVAL(inbuf,smb_nt_DataCount);
1711 uint32 data_offset = IVAL(inbuf,smb_nt_DataOffset);
1712 uint16 setup_count = 2*CVAL(inbuf,smb_nt_SetupCount); /* setup count is in *words* */
1713 uint16 function_code = SVAL( inbuf, smb_nt_Function);
1714 char *params = NULL, *data = NULL, *setup = NULL;
1715 uint32 num_params_sofar, num_data_sofar;
1716
1717 if(global_oplock_break && (function_code == NT_TRANSACT_CREATE)) {
1718 /*
1719 * Queue this open message as we are the process of an oplock break.
1720 */
1721
1722 DEBUG(2,("reply_nttrans: queueing message NT_TRANSACT_CREATE \
1723 due to being in oplock break state.\n" ));
1724
1725 push_oplock_pending_smb_message( inbuf, length);
1726 return -1;
1727 }
1728
1729 if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE))
1730 return (ERROR(ERRSRV,ERRaccess));
1731
1732 outsize = set_message(outbuf,0,0,True);
1733
1734 /*
1735 * All nttrans messages we handle have smb_wct == 19 + setup_count.
1736 * Ensure this is so as a sanity check.
1737 */
1738
1739 if(CVAL(inbuf, smb_wct) != 19 + (setup_count/2)) {
1740 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
1741 CVAL(inbuf, smb_wct), 19 + (setup_count/2)));
1742 return(ERROR(ERRSRV,ERRerror));
1743 }
1744
1745 /* Allocate the space for the setup, the maximum needed parameters and data */
1746
1747 if(setup_count > 0)
1748 setup = (char *)malloc(setup_count);
1749 if (total_parameter_count > 0)
1750 params = (char *)malloc(total_parameter_count);
1751 if (total_data_count > 0)
1752 data = (char *)malloc(total_data_count);
1753
1754 if ((total_parameter_count && !params) || (total_data_count && !data) ||
1755 (setup_count && !setup)) {
1756 DEBUG(0,("reply_nttrans : Out of memory\n"));
1757 return(ERROR(ERRDOS,ERRnomem));
1758 }
1759
1760 /* Copy the param and data bytes sent with this request into
1761 the params buffer */
1762 num_params_sofar = parameter_count;
1763 num_data_sofar = data_count;
1764
1765 if (parameter_count > total_parameter_count || data_count > total_data_count)
1766 exit_server("reply_nttrans: invalid sizes in packet.\n");
1767
1768 if(setup) {
1769 memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count);
1770 DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count));
1771 dump_data(10, setup, setup_count);
1772 }
1773 if(params) {
1774 memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count);
1775 DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count));
1776 dump_data(10, params, parameter_count);
1777 }
1778 if(data) {
1779 memcpy( data, smb_base(inbuf) + data_offset, data_count);
1780 DEBUG(10,("reply_nttrans: data_count = %d\n",data_count));
1781 dump_data(10, data, data_count);
1782 }
1783
1784 if(num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
1785 /* We need to send an interim response then receive the rest
1786 of the parameter/data bytes */
1787 outsize = set_message(outbuf,0,0,True);
1788 send_smb(smbd_server_fd(),outbuf);
1789
1790 while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
1791 BOOL ret;
1792
1793 ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
1794
1795 if((ret && (CVAL(inbuf, smb_com) != SMBnttranss)) || !ret) {
1796 outsize = set_message(outbuf,0,0,True);
1797 if(ret) {
1798 DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n"));
1799 } else {
1800 DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
1801 (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
1802 }
1803 if(params)
1804 free(params);
1805 if(data)
1806 free(data);
1807 if(setup)
1808 free(setup);
1809 return(ERROR(ERRSRV,ERRerror));
1810 }
1811
1812 /* Revise total_params and total_data in case they have changed downwards */
1813 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
1814 total_data_count = IVAL(inbuf, smb_nts_TotalDataCount);
1815 num_params_sofar += (parameter_count = IVAL(inbuf,smb_nts_ParameterCount));
1816 num_data_sofar += ( data_count = IVAL(inbuf, smb_nts_DataCount));
1817 if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count)
1818 exit_server("reply_nttrans2: data overflow in secondary nttrans packet\n");
1819
1820 memcpy( &params[ IVAL(inbuf, smb_nts_ParameterDisplacement)],
1821 smb_base(inbuf) + IVAL(inbuf, smb_nts_ParameterOffset), parameter_count);
1822 memcpy( &data[IVAL(inbuf, smb_nts_DataDisplacement)],
1823 smb_base(inbuf)+ IVAL(inbuf, smb_nts_DataOffset), data_count);
1824 }
1825 }
1826
1827 if (Protocol >= PROTOCOL_NT1) {
1828 uint16 flg2 = SVAL(outbuf,smb_flg2);
1829 SSVAL(outbuf,smb_flg2,flg2 | 0x40); /* IS_LONG_NAME */
1830 }
1831
1832 /* Now we must call the relevant NT_TRANS function */
1833 switch(function_code) {
1834 case NT_TRANSACT_CREATE:
1835 outsize = call_nt_transact_create(conn, inbuf, outbuf, length, bufsize,
1836 &setup, &params, &data);
1837 break;
1838 case NT_TRANSACT_IOCTL:
1839 outsize = call_nt_transact_ioctl(conn,
1840 inbuf, outbuf, length, bufsize,
1841 &setup, &params, &data);
1842 break;
1843 case NT_TRANSACT_SET_SECURITY_DESC:
1844 outsize = call_nt_transact_set_security_desc(conn, inbuf, outbuf,
1845 length, bufsize,
1846 &setup, &params, &data);
1847 break;
1848 case NT_TRANSACT_NOTIFY_CHANGE:
1849 outsize = call_nt_transact_notify_change(conn, inbuf, outbuf,
1850 length, bufsize,
1851 &setup, &params, &data);
1852 break;
1853 case NT_TRANSACT_RENAME:
1854 outsize = call_nt_transact_rename(conn, inbuf, outbuf, length,
1855 bufsize,
1856 &setup, &params, &data);
1857 break;
1858
1859 case NT_TRANSACT_QUERY_SECURITY_DESC:
1860 outsize = call_nt_transact_query_security_desc(conn, inbuf, outbuf,
1861 length, bufsize,
1862 &setup, &params, &data);
1863 break;
1864 default:
1865 /* Error in request */
1866 DEBUG(0,("reply_nttrans: Unknown request %d in nttrans call\n", function_code));
1867 if(setup)
1868 free(setup);
1869 if(params)
1870 free(params);
1871 if(data)
1872 free(data);
1873 return (ERROR(ERRSRV,ERRerror));
1874 }
1875
1876 /* As we do not know how many data packets will need to be
1877 returned here the various call_nt_transact_xxxx calls
1878 must send their own. Thus a call_nt_transact_xxxx routine only
1879 returns a value other than -1 when it wants to send
1880 an error packet.
1881 */
1882
1883 if(setup)
1884 free(setup);
1885 if(params)
1886 free(params);
1887 if(data)
1888 free(data);
1889 return outsize; /* If a correct response was needed the call_nt_transact_xxxx
1890 calls have already sent it. If outsize != -1 then it is
1891 returning an error packet. */
1892 }
1893 #undef OLD_NTDOMAIN
Samba GIT mirror