2 Unix SMB/CIFS implementation.
3 SMB NT transaction handling
4 Copyright (C) Jeremy Allison 1994-2007
5 Copyright (C) Stefan (metze) Metzmacher 2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "system/filesys.h"
23 #include "smbd/smbd.h"
24 #include "smbd/globals.h"
25 #include "fake_file.h"
26 #include "../libcli/security/security.h"
27 #include "../librpc/gen_ndr/ndr_security.h"
28 #include "passdb/lookup_sid.h"
30 #include "smbprofile.h"
31 #include "libsmb/libsmb.h"
33 extern const struct generic_mapping file_generic_mapping
;
35 static char *nttrans_realloc(char **ptr
, size_t size
)
38 smb_panic("nttrans_realloc() called with NULL ptr");
41 *ptr
= (char *)SMB_REALLOC(*ptr
, size
);
45 memset(*ptr
,'\0',size
);
49 /****************************************************************************
50 Send the required number of replies back.
51 We assume all fields other than the data fields are
52 set correctly for the type of call.
53 HACK ! Always assumes smb_setup field is zero.
54 ****************************************************************************/
56 static void send_nt_replies(connection_struct
*conn
,
57 struct smb_request
*req
, NTSTATUS nt_error
,
58 char *params
, int paramsize
,
59 char *pdata
, int datasize
)
61 int data_to_send
= datasize
;
62 int params_to_send
= paramsize
;
66 int params_sent_thistime
, data_sent_thistime
, total_sent_thistime
;
67 int alignment_offset
= 1;
68 int data_alignment_offset
= 0;
69 struct smbd_server_connection
*sconn
= req
->sconn
;
70 int max_send
= sconn
->smb1
.sessions
.max_send
;
73 * If there genuinely are no parameters or data to send just send
77 if(params_to_send
== 0 && data_to_send
== 0) {
78 reply_outbuf(req
, 18, 0);
79 if (NT_STATUS_V(nt_error
)) {
80 error_packet_set((char *)req
->outbuf
,
84 show_msg((char *)req
->outbuf
);
85 if (!srv_send_smb(sconn
,
88 IS_CONN_ENCRYPTED(conn
),
90 exit_server_cleanly("send_nt_replies: srv_send_smb failed.");
92 TALLOC_FREE(req
->outbuf
);
97 * When sending params and data ensure that both are nicely aligned.
98 * Only do this alignment when there is also data to send - else
99 * can cause NT redirector problems.
102 if (((params_to_send
% 4) != 0) && (data_to_send
!= 0)) {
103 data_alignment_offset
= 4 - (params_to_send
% 4);
107 * Space is bufsize minus Netbios over TCP header minus SMB header.
108 * The alignment_offset is to align the param bytes on a four byte
109 * boundary (2 bytes for data len, one byte pad).
110 * NT needs this to work correctly.
113 useable_space
= max_send
- (smb_size
116 + data_alignment_offset
);
118 if (useable_space
< 0) {
119 char *msg
= talloc_asprintf(
121 "send_nt_replies failed sanity useable_space = %d!!!",
123 DEBUG(0, ("%s\n", msg
));
124 exit_server_cleanly(msg
);
127 while (params_to_send
|| data_to_send
) {
130 * Calculate whether we will totally or partially fill this packet.
133 total_sent_thistime
= params_to_send
+ data_to_send
;
136 * We can never send more than useable_space.
139 total_sent_thistime
= MIN(total_sent_thistime
, useable_space
);
141 reply_outbuf(req
, 18,
142 total_sent_thistime
+ alignment_offset
143 + data_alignment_offset
);
146 * Set total params and data to be sent.
149 SIVAL(req
->outbuf
,smb_ntr_TotalParameterCount
,paramsize
);
150 SIVAL(req
->outbuf
,smb_ntr_TotalDataCount
,datasize
);
153 * Calculate how many parameters and data we can fit into
154 * this packet. Parameters get precedence.
157 params_sent_thistime
= MIN(params_to_send
,useable_space
);
158 data_sent_thistime
= useable_space
- params_sent_thistime
;
159 data_sent_thistime
= MIN(data_sent_thistime
,data_to_send
);
161 SIVAL(req
->outbuf
, smb_ntr_ParameterCount
,
162 params_sent_thistime
);
164 if(params_sent_thistime
== 0) {
165 SIVAL(req
->outbuf
,smb_ntr_ParameterOffset
,0);
166 SIVAL(req
->outbuf
,smb_ntr_ParameterDisplacement
,0);
169 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
170 * parameter bytes, however the first 4 bytes of outbuf are
171 * the Netbios over TCP header. Thus use smb_base() to subtract
172 * them from the calculation.
175 SIVAL(req
->outbuf
,smb_ntr_ParameterOffset
,
176 ((smb_buf(req
->outbuf
)+alignment_offset
)
177 - smb_base(req
->outbuf
)));
179 * Absolute displacement of param bytes sent in this packet.
182 SIVAL(req
->outbuf
, smb_ntr_ParameterDisplacement
,
187 * Deal with the data portion.
190 SIVAL(req
->outbuf
, smb_ntr_DataCount
, data_sent_thistime
);
192 if(data_sent_thistime
== 0) {
193 SIVAL(req
->outbuf
,smb_ntr_DataOffset
,0);
194 SIVAL(req
->outbuf
,smb_ntr_DataDisplacement
, 0);
197 * The offset of the data bytes is the offset of the
198 * parameter bytes plus the number of parameters being sent this time.
201 SIVAL(req
->outbuf
, smb_ntr_DataOffset
,
202 ((smb_buf(req
->outbuf
)+alignment_offset
) -
203 smb_base(req
->outbuf
))
204 + params_sent_thistime
+ data_alignment_offset
);
205 SIVAL(req
->outbuf
,smb_ntr_DataDisplacement
, pd
- pdata
);
209 * Copy the param bytes into the packet.
212 if(params_sent_thistime
) {
213 if (alignment_offset
!= 0) {
214 memset(smb_buf(req
->outbuf
), 0,
217 memcpy((smb_buf(req
->outbuf
)+alignment_offset
), pp
,
218 params_sent_thistime
);
222 * Copy in the data bytes
225 if(data_sent_thistime
) {
226 if (data_alignment_offset
!= 0) {
227 memset((smb_buf(req
->outbuf
)+alignment_offset
+
228 params_sent_thistime
), 0,
229 data_alignment_offset
);
231 memcpy(smb_buf(req
->outbuf
)+alignment_offset
232 +params_sent_thistime
+data_alignment_offset
,
233 pd
,data_sent_thistime
);
236 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
237 params_sent_thistime
, data_sent_thistime
, useable_space
));
238 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
239 params_to_send
, data_to_send
, paramsize
, datasize
));
241 if (NT_STATUS_V(nt_error
)) {
242 error_packet_set((char *)req
->outbuf
,
247 /* Send the packet */
248 show_msg((char *)req
->outbuf
);
249 if (!srv_send_smb(sconn
,
252 IS_CONN_ENCRYPTED(conn
),
254 exit_server_cleanly("send_nt_replies: srv_send_smb failed.");
257 TALLOC_FREE(req
->outbuf
);
259 pp
+= params_sent_thistime
;
260 pd
+= data_sent_thistime
;
262 params_to_send
-= params_sent_thistime
;
263 data_to_send
-= data_sent_thistime
;
269 if(params_to_send
< 0 || data_to_send
< 0) {
270 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
271 params_to_send
, data_to_send
));
272 exit_server_cleanly("send_nt_replies: internal error");
277 /****************************************************************************
278 Reply to an NT create and X call on a pipe
279 ****************************************************************************/
281 static void nt_open_pipe(char *fname
, connection_struct
*conn
,
282 struct smb_request
*req
, uint16_t *ppnum
)
287 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname
));
289 /* Strip \\ off the name if present. */
290 while (fname
[0] == '\\') {
294 status
= open_np_file(req
, fname
, &fsp
);
295 if (!NT_STATUS_IS_OK(status
)) {
296 if (NT_STATUS_EQUAL(status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
)) {
297 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
301 reply_nterror(req
, status
);
309 /****************************************************************************
310 Reply to an NT create and X call for pipes.
311 ****************************************************************************/
313 static void do_ntcreate_pipe_open(connection_struct
*conn
,
314 struct smb_request
*req
)
317 uint16_t pnum
= FNUM_FIELD_INVALID
;
319 uint32 flags
= IVAL(req
->vwv
+3, 1);
320 TALLOC_CTX
*ctx
= talloc_tos();
322 srvstr_pull_req_talloc(ctx
, req
, &fname
, req
->buf
, STR_TERMINATE
);
325 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
329 nt_open_pipe(fname
, conn
, req
, &pnum
);
337 * Deal with pipe return.
340 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
341 /* This is very strange. We
342 * return 50 words, but only set
343 * the wcnt to 42 ? It's definitely
344 * what happens on the wire....
346 reply_outbuf(req
, 50, 0);
347 SCVAL(req
->outbuf
,smb_wct
,42);
349 reply_outbuf(req
, 34, 0);
352 SSVAL(req
->outbuf
, smb_vwv0
, 0xff); /* andx chain ends */
353 SSVAL(req
->outbuf
, smb_vwv1
, 0); /* no andx offset */
355 p
= (char *)req
->outbuf
+ smb_vwv2
;
359 SIVAL(p
,0,FILE_WAS_OPENED
);
362 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
365 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
367 SSVAL(p
,2, 0x5FF); /* ? */
370 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
372 SIVAL(p
,0,FILE_GENERIC_ALL
);
374 * For pipes W2K3 seems to return
376 * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
378 SIVAL(p
,4,(FILE_GENERIC_READ
|FILE_GENERIC_WRITE
)&~FILE_APPEND_DATA
);
381 DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname
));
384 struct case_semantics_state
{
385 connection_struct
*conn
;
388 bool short_case_preserve
;
391 /****************************************************************************
392 Restore case semantics.
393 ****************************************************************************/
395 static int restore_case_semantics(struct case_semantics_state
*state
)
397 state
->conn
->case_sensitive
= state
->case_sensitive
;
398 state
->conn
->case_preserve
= state
->case_preserve
;
399 state
->conn
->short_case_preserve
= state
->short_case_preserve
;
403 /****************************************************************************
405 ****************************************************************************/
407 static struct case_semantics_state
*set_posix_case_semantics(TALLOC_CTX
*mem_ctx
,
408 connection_struct
*conn
)
410 struct case_semantics_state
*result
;
412 if (!(result
= talloc(mem_ctx
, struct case_semantics_state
))) {
417 result
->case_sensitive
= conn
->case_sensitive
;
418 result
->case_preserve
= conn
->case_preserve
;
419 result
->short_case_preserve
= conn
->short_case_preserve
;
422 conn
->case_sensitive
= True
;
423 conn
->case_preserve
= True
;
424 conn
->short_case_preserve
= True
;
426 talloc_set_destructor(result
, restore_case_semantics
);
431 /****************************************************************************
432 Reply to an NT create and X call.
433 ****************************************************************************/
435 void reply_ntcreate_and_X(struct smb_request
*req
)
437 connection_struct
*conn
= req
->conn
;
438 struct smb_filename
*smb_fname
= NULL
;
442 uint32 file_attributes
;
444 uint32 create_disposition
;
445 uint32 create_options
;
447 uint64_t allocation_size
;
448 /* Breakout the oplock request bits so we can set the
449 reply bits separately. */
453 files_struct
*fsp
= NULL
;
455 struct timespec create_timespec
;
456 struct timespec c_timespec
;
457 struct timespec a_timespec
;
458 struct timespec m_timespec
;
459 struct timespec write_time_ts
;
462 uint8_t oplock_granted
= NO_OPLOCK_RETURN
;
463 struct case_semantics_state
*case_state
= NULL
;
464 TALLOC_CTX
*ctx
= talloc_tos();
466 START_PROFILE(SMBntcreateX
);
469 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
473 flags
= IVAL(req
->vwv
+3, 1);
474 access_mask
= IVAL(req
->vwv
+7, 1);
475 file_attributes
= IVAL(req
->vwv
+13, 1);
476 share_access
= IVAL(req
->vwv
+15, 1);
477 create_disposition
= IVAL(req
->vwv
+17, 1);
478 create_options
= IVAL(req
->vwv
+19, 1);
479 root_dir_fid
= (uint16
)IVAL(req
->vwv
+5, 1);
481 allocation_size
= BVAL(req
->vwv
+9, 1);
483 srvstr_get_path_req(ctx
, req
, &fname
, (const char *)req
->buf
,
484 STR_TERMINATE
, &status
);
486 if (!NT_STATUS_IS_OK(status
)) {
487 reply_nterror(req
, status
);
491 DEBUG(10,("reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x "
492 "file_attributes = 0x%x, share_access = 0x%x, "
493 "create_disposition = 0x%x create_options = 0x%x "
494 "root_dir_fid = 0x%x, fname = %s\n",
496 (unsigned int)access_mask
,
497 (unsigned int)file_attributes
,
498 (unsigned int)share_access
,
499 (unsigned int)create_disposition
,
500 (unsigned int)create_options
,
501 (unsigned int)root_dir_fid
,
505 * we need to remove ignored bits when they come directly from the client
506 * because we reuse some of them for internal stuff
508 create_options
&= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK
;
511 * If it's an IPC, use the pipe handler.
515 if (lp_nt_pipe_support()) {
516 do_ntcreate_pipe_open(conn
, req
);
519 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
523 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
524 if (oplock_request
) {
525 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
)
529 if (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
530 case_state
= set_posix_case_semantics(ctx
, conn
);
532 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
537 status
= filename_convert(ctx
,
539 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
541 (create_disposition
== FILE_CREATE
)
542 ? UCF_PREP_CREATEFILE
: 0,
546 TALLOC_FREE(case_state
);
548 if (!NT_STATUS_IS_OK(status
)) {
549 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
551 NT_STATUS_PATH_NOT_COVERED
,
555 reply_nterror(req
, status
);
560 * Bug #6898 - clients using Windows opens should
561 * never be able to set this attribute into the
564 file_attributes
&= ~FILE_FLAG_POSIX_SEMANTICS
;
566 status
= SMB_VFS_CREATE_FILE(
569 root_dir_fid
, /* root_dir_fid */
570 smb_fname
, /* fname */
571 access_mask
, /* access_mask */
572 share_access
, /* share_access */
573 create_disposition
, /* create_disposition*/
574 create_options
, /* create_options */
575 file_attributes
, /* file_attributes */
576 oplock_request
, /* oplock_request */
577 allocation_size
, /* allocation_size */
578 0, /* private_flags */
584 if (!NT_STATUS_IS_OK(status
)) {
585 if (open_was_deferred(req
->sconn
, req
->mid
)) {
586 /* We have re-scheduled this call, no error. */
589 reply_openerror(req
, status
);
593 /* Ensure we're pointing at the correct stat struct. */
594 TALLOC_FREE(smb_fname
);
595 smb_fname
= fsp
->fsp_name
;
598 * If the caller set the extended oplock request bit
599 * and we granted one (by whatever means) - set the
600 * correct bit for extended oplock reply.
603 if (oplock_request
&&
604 (lp_fake_oplocks(SNUM(conn
))
605 || EXCLUSIVE_OPLOCK_TYPE(fsp
->oplock_type
))) {
608 * Exclusive oplock granted
611 if (flags
& REQUEST_BATCH_OPLOCK
) {
612 oplock_granted
= BATCH_OPLOCK_RETURN
;
614 oplock_granted
= EXCLUSIVE_OPLOCK_RETURN
;
616 } else if (fsp
->oplock_type
== LEVEL_II_OPLOCK
) {
617 oplock_granted
= LEVEL_II_OPLOCK_RETURN
;
619 oplock_granted
= NO_OPLOCK_RETURN
;
622 file_len
= smb_fname
->st
.st_ex_size
;
624 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
625 /* This is very strange. We
626 * return 50 words, but only set
627 * the wcnt to 42 ? It's definitely
628 * what happens on the wire....
630 reply_outbuf(req
, 50, 0);
631 SCVAL(req
->outbuf
,smb_wct
,42);
633 reply_outbuf(req
, 34, 0);
636 SSVAL(req
->outbuf
, smb_vwv0
, 0xff); /* andx chain ends */
637 SSVAL(req
->outbuf
, smb_vwv1
, 0); /* no andx offset */
639 p
= (char *)req
->outbuf
+ smb_vwv2
;
641 SCVAL(p
, 0, oplock_granted
);
644 SSVAL(p
,0,fsp
->fnum
);
646 if ((create_disposition
== FILE_SUPERSEDE
)
647 && (info
== FILE_WAS_OVERWRITTEN
)) {
648 SIVAL(p
,0,FILE_WAS_SUPERSEDED
);
654 fattr
= dos_mode(conn
, smb_fname
);
656 fattr
= FILE_ATTRIBUTE_NORMAL
;
659 /* Deal with other possible opens having a modified
661 ZERO_STRUCT(write_time_ts
);
662 get_file_infos(fsp
->file_id
, 0, NULL
, &write_time_ts
);
663 if (!null_timespec(write_time_ts
)) {
664 update_stat_ex_mtime(&smb_fname
->st
, write_time_ts
);
668 create_timespec
= get_create_timespec(conn
, fsp
, smb_fname
);
669 a_timespec
= smb_fname
->st
.st_ex_atime
;
670 m_timespec
= smb_fname
->st
.st_ex_mtime
;
671 c_timespec
= get_change_timespec(conn
, fsp
, smb_fname
);
673 if (lp_dos_filetime_resolution(SNUM(conn
))) {
674 dos_filetime_timespec(&create_timespec
);
675 dos_filetime_timespec(&a_timespec
);
676 dos_filetime_timespec(&m_timespec
);
677 dos_filetime_timespec(&c_timespec
);
680 put_long_date_timespec(conn
->ts_res
, p
, create_timespec
); /* create time. */
682 put_long_date_timespec(conn
->ts_res
, p
, a_timespec
); /* access time */
684 put_long_date_timespec(conn
->ts_res
, p
, m_timespec
); /* write time */
686 put_long_date_timespec(conn
->ts_res
, p
, c_timespec
); /* change time */
688 SIVAL(p
,0,fattr
); /* File Attributes. */
690 SOFF_T(p
, 0, SMB_VFS_GET_ALLOC_SIZE(conn
,fsp
,&smb_fname
->st
));
692 SOFF_T(p
,0,file_len
);
694 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
695 uint16_t file_status
= (NO_EAS
|NO_SUBSTREAMS
|NO_REPARSETAG
);
696 size_t num_names
= 0;
697 unsigned int num_streams
= 0;
698 struct stream_struct
*streams
= NULL
;
700 /* Do we have any EA's ? */
701 status
= get_ea_names_from_file(ctx
, conn
, fsp
,
702 smb_fname
->base_name
, NULL
, &num_names
);
703 if (NT_STATUS_IS_OK(status
) && num_names
) {
704 file_status
&= ~NO_EAS
;
706 status
= vfs_streaminfo(conn
, NULL
, smb_fname
->base_name
, ctx
,
707 &num_streams
, &streams
);
708 /* There is always one stream, ::$DATA. */
709 if (NT_STATUS_IS_OK(status
) && num_streams
> 1) {
710 file_status
&= ~NO_SUBSTREAMS
;
712 TALLOC_FREE(streams
);
713 SSVAL(p
,2,file_status
);
716 SCVAL(p
,0,fsp
->is_directory
? 1 : 0);
718 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
721 if (fsp
->is_directory
||
722 can_write_to_file(conn
, smb_fname
)) {
723 perms
= FILE_GENERIC_ALL
;
725 perms
= FILE_GENERIC_READ
|FILE_EXECUTE
;
730 DEBUG(5,("reply_ntcreate_and_X: %s, open name = %s\n",
731 fsp_fnum_dbg(fsp
), smb_fname_str_dbg(smb_fname
)));
734 END_PROFILE(SMBntcreateX
);
738 /****************************************************************************
739 Reply to a NT_TRANSACT_CREATE call to open a pipe.
740 ****************************************************************************/
742 static void do_nt_transact_create_pipe(connection_struct
*conn
,
743 struct smb_request
*req
,
744 uint16
**ppsetup
, uint32 setup_count
,
745 char **ppparams
, uint32 parameter_count
,
746 char **ppdata
, uint32 data_count
)
749 char *params
= *ppparams
;
750 uint16_t pnum
= FNUM_FIELD_INVALID
;
755 TALLOC_CTX
*ctx
= talloc_tos();
758 * Ensure minimum number of parameters sent.
761 if(parameter_count
< 54) {
762 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count
));
763 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
767 flags
= IVAL(params
,0);
769 srvstr_get_path(ctx
, params
, req
->flags2
, &fname
, params
+53,
770 parameter_count
-53, STR_TERMINATE
,
772 if (!NT_STATUS_IS_OK(status
)) {
773 reply_nterror(req
, status
);
777 nt_open_pipe(fname
, conn
, req
, &pnum
);
784 /* Realloc the size of parameters and data we will return */
785 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
786 /* Extended response is 32 more byyes. */
791 params
= nttrans_realloc(ppparams
, param_len
);
793 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
798 SCVAL(p
,0,NO_OPLOCK_RETURN
);
803 SIVAL(p
,0,FILE_WAS_OPENED
);
807 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
810 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
812 SSVAL(p
,2, 0x5FF); /* ? */
815 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
817 SIVAL(p
,0,FILE_GENERIC_ALL
);
819 * For pipes W2K3 seems to return
821 * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
823 SIVAL(p
,4,(FILE_GENERIC_READ
|FILE_GENERIC_WRITE
)&~FILE_APPEND_DATA
);
826 DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname
));
828 /* Send the required number of replies */
829 send_nt_replies(conn
, req
, NT_STATUS_OK
, params
, param_len
, *ppdata
, 0);
834 /*********************************************************************
835 Windows seems to do canonicalization of inheritance bits. Do the
837 *********************************************************************/
839 static void canonicalize_inheritance_bits(struct security_descriptor
*psd
)
841 bool set_auto_inherited
= false;
844 * We need to filter out the
845 * SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
846 * bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
847 * as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
848 * when an ACE is inherited. Otherwise we zero these bits out.
851 * http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531
856 if ((psd
->type
& (SEC_DESC_DACL_AUTO_INHERITED
|SEC_DESC_DACL_AUTO_INHERIT_REQ
))
857 == (SEC_DESC_DACL_AUTO_INHERITED
|SEC_DESC_DACL_AUTO_INHERIT_REQ
)) {
858 set_auto_inherited
= true;
861 psd
->type
&= ~(SEC_DESC_DACL_AUTO_INHERITED
|SEC_DESC_DACL_AUTO_INHERIT_REQ
);
862 if (set_auto_inherited
) {
863 psd
->type
|= SEC_DESC_DACL_AUTO_INHERITED
;
867 /****************************************************************************
868 Internal fn to set security descriptors.
869 ****************************************************************************/
871 NTSTATUS
set_sd(files_struct
*fsp
, struct security_descriptor
*psd
,
872 uint32_t security_info_sent
)
876 if (!CAN_WRITE(fsp
->conn
)) {
877 return NT_STATUS_ACCESS_DENIED
;
880 if (!lp_nt_acl_support(SNUM(fsp
->conn
))) {
884 if (psd
->owner_sid
== NULL
) {
885 security_info_sent
&= ~SECINFO_OWNER
;
887 if (psd
->group_sid
== NULL
) {
888 security_info_sent
&= ~SECINFO_GROUP
;
891 /* Ensure we have at least one thing set. */
892 if ((security_info_sent
& (SECINFO_OWNER
|SECINFO_GROUP
|SECINFO_DACL
|SECINFO_SACL
)) == 0) {
897 /* Ensure we have the rights to do this. */
898 if (security_info_sent
& SECINFO_OWNER
) {
899 if (!(fsp
->access_mask
& SEC_STD_WRITE_OWNER
)) {
900 return NT_STATUS_ACCESS_DENIED
;
904 if (security_info_sent
& SECINFO_GROUP
) {
905 if (!(fsp
->access_mask
& SEC_STD_WRITE_OWNER
)) {
906 return NT_STATUS_ACCESS_DENIED
;
910 if (security_info_sent
& SECINFO_DACL
) {
911 if (!(fsp
->access_mask
& SEC_STD_WRITE_DAC
)) {
912 return NT_STATUS_ACCESS_DENIED
;
914 /* Convert all the generic bits. */
916 security_acl_map_generic(psd
->dacl
, &file_generic_mapping
);
920 if (security_info_sent
& SECINFO_SACL
) {
921 if (!(fsp
->access_mask
& SEC_FLAG_SYSTEM_SECURITY
)) {
922 return NT_STATUS_ACCESS_DENIED
;
924 /* Convert all the generic bits. */
926 security_acl_map_generic(psd
->sacl
, &file_generic_mapping
);
930 canonicalize_inheritance_bits(psd
);
932 if (DEBUGLEVEL
>= 10) {
933 DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp
)));
934 NDR_PRINT_DEBUG(security_descriptor
, psd
);
937 status
= SMB_VFS_FSET_NT_ACL(fsp
, security_info_sent
, psd
);
944 /****************************************************************************
945 Internal fn to set security descriptors from a data blob.
946 ****************************************************************************/
948 NTSTATUS
set_sd_blob(files_struct
*fsp
, uint8_t *data
, uint32_t sd_len
,
949 uint32_t security_info_sent
)
951 struct security_descriptor
*psd
= NULL
;
955 return NT_STATUS_INVALID_PARAMETER
;
958 status
= unmarshall_sec_desc(talloc_tos(), data
, sd_len
, &psd
);
960 if (!NT_STATUS_IS_OK(status
)) {
964 return set_sd(fsp
, psd
, security_info_sent
);
967 /****************************************************************************
968 Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
969 ****************************************************************************/
971 struct ea_list
*read_nttrans_ea_list(TALLOC_CTX
*ctx
, const char *pdata
, size_t data_size
)
973 struct ea_list
*ea_list_head
= NULL
;
980 while (offset
+ 4 <= data_size
) {
981 size_t next_offset
= IVAL(pdata
,offset
);
982 struct ea_list
*eal
= read_ea_list_entry(ctx
, pdata
+ offset
+ 4, data_size
- offset
- 4, NULL
);
988 DLIST_ADD_END(ea_list_head
, eal
, struct ea_list
*);
989 if (next_offset
== 0) {
993 /* Integer wrap protection for the increment. */
994 if (offset
+ next_offset
< offset
) {
998 offset
+= next_offset
;
1000 /* Integer wrap protection for while loop. */
1001 if (offset
+ 4 < offset
) {
1007 return ea_list_head
;
1010 /****************************************************************************
1011 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
1012 ****************************************************************************/
1014 static void call_nt_transact_create(connection_struct
*conn
,
1015 struct smb_request
*req
,
1016 uint16
**ppsetup
, uint32 setup_count
,
1017 char **ppparams
, uint32 parameter_count
,
1018 char **ppdata
, uint32 data_count
,
1019 uint32 max_data_count
)
1021 struct smb_filename
*smb_fname
= NULL
;
1023 char *params
= *ppparams
;
1024 char *data
= *ppdata
;
1025 /* Breakout the oplock request bits so we can set the reply bits separately. */
1029 files_struct
*fsp
= NULL
;
1033 uint32 file_attributes
;
1034 uint32 share_access
;
1035 uint32 create_disposition
;
1036 uint32 create_options
;
1038 struct security_descriptor
*sd
= NULL
;
1040 uint16 root_dir_fid
;
1041 struct timespec create_timespec
;
1042 struct timespec c_timespec
;
1043 struct timespec a_timespec
;
1044 struct timespec m_timespec
;
1045 struct timespec write_time_ts
;
1046 struct ea_list
*ea_list
= NULL
;
1049 uint64_t allocation_size
;
1051 uint8_t oplock_granted
;
1052 struct case_semantics_state
*case_state
= NULL
;
1053 TALLOC_CTX
*ctx
= talloc_tos();
1055 DEBUG(5,("call_nt_transact_create\n"));
1058 * If it's an IPC, use the pipe handler.
1062 if (lp_nt_pipe_support()) {
1063 do_nt_transact_create_pipe(
1065 ppsetup
, setup_count
,
1066 ppparams
, parameter_count
,
1067 ppdata
, data_count
);
1070 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1075 * Ensure minimum number of parameters sent.
1078 if(parameter_count
< 54) {
1079 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)parameter_count
));
1080 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1084 flags
= IVAL(params
,0);
1085 access_mask
= IVAL(params
,8);
1086 file_attributes
= IVAL(params
,20);
1087 share_access
= IVAL(params
,24);
1088 create_disposition
= IVAL(params
,28);
1089 create_options
= IVAL(params
,32);
1090 sd_len
= IVAL(params
,36);
1091 ea_len
= IVAL(params
,40);
1092 root_dir_fid
= (uint16
)IVAL(params
,4);
1093 allocation_size
= BVAL(params
,12);
1096 * we need to remove ignored bits when they come directly from the client
1097 * because we reuse some of them for internal stuff
1099 create_options
&= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK
;
1101 srvstr_get_path(ctx
, params
, req
->flags2
, &fname
,
1102 params
+53, parameter_count
-53,
1103 STR_TERMINATE
, &status
);
1104 if (!NT_STATUS_IS_OK(status
)) {
1105 reply_nterror(req
, status
);
1109 if (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
1110 case_state
= set_posix_case_semantics(ctx
, conn
);
1112 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1117 status
= filename_convert(ctx
,
1119 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
1121 (create_disposition
== FILE_CREATE
)
1122 ? UCF_PREP_CREATEFILE
: 0,
1126 TALLOC_FREE(case_state
);
1128 if (!NT_STATUS_IS_OK(status
)) {
1129 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
1130 reply_botherror(req
,
1131 NT_STATUS_PATH_NOT_COVERED
,
1132 ERRSRV
, ERRbadpath
);
1135 reply_nterror(req
, status
);
1139 /* Ensure the data_len is correct for the sd and ea values given. */
1140 if ((ea_len
+ sd_len
> data_count
)
1141 || (ea_len
> data_count
) || (sd_len
> data_count
)
1142 || (ea_len
+ sd_len
< ea_len
) || (ea_len
+ sd_len
< sd_len
)) {
1143 DEBUG(10, ("call_nt_transact_create - ea_len = %u, sd_len = "
1144 "%u, data_count = %u\n", (unsigned int)ea_len
,
1145 (unsigned int)sd_len
, (unsigned int)data_count
));
1146 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1151 DEBUG(10, ("call_nt_transact_create - sd_len = %d\n",
1154 status
= unmarshall_sec_desc(ctx
, (uint8_t *)data
, sd_len
,
1156 if (!NT_STATUS_IS_OK(status
)) {
1157 DEBUG(10, ("call_nt_transact_create: "
1158 "unmarshall_sec_desc failed: %s\n",
1159 nt_errstr(status
)));
1160 reply_nterror(req
, status
);
1166 if (!lp_ea_support(SNUM(conn
))) {
1167 DEBUG(10, ("call_nt_transact_create - ea_len = %u but "
1168 "EA's not supported.\n",
1169 (unsigned int)ea_len
));
1170 reply_nterror(req
, NT_STATUS_EAS_NOT_SUPPORTED
);
1175 DEBUG(10,("call_nt_transact_create - ea_len = %u - "
1176 "too small (should be more than 10)\n",
1177 (unsigned int)ea_len
));
1178 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1182 /* We have already checked that ea_len <= data_count here. */
1183 ea_list
= read_nttrans_ea_list(talloc_tos(), data
+ sd_len
,
1185 if (ea_list
== NULL
) {
1186 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1190 if (ea_list_has_invalid_name(ea_list
)) {
1191 /* Realloc the size of parameters and data we will return */
1192 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1193 /* Extended response is 32 more byyes. */
1198 params
= nttrans_realloc(ppparams
, param_len
);
1199 if(params
== NULL
) {
1200 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1204 memset(params
, '\0', param_len
);
1205 send_nt_replies(conn
, req
, STATUS_INVALID_EA_NAME
,
1206 params
, param_len
, NULL
, 0);
1211 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
1212 if (oplock_request
) {
1213 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
)
1218 * Bug #6898 - clients using Windows opens should
1219 * never be able to set this attribute into the
1222 file_attributes
&= ~FILE_FLAG_POSIX_SEMANTICS
;
1224 status
= SMB_VFS_CREATE_FILE(
1227 root_dir_fid
, /* root_dir_fid */
1228 smb_fname
, /* fname */
1229 access_mask
, /* access_mask */
1230 share_access
, /* share_access */
1231 create_disposition
, /* create_disposition*/
1232 create_options
, /* create_options */
1233 file_attributes
, /* file_attributes */
1234 oplock_request
, /* oplock_request */
1235 allocation_size
, /* allocation_size */
1236 0, /* private_flags */
1238 ea_list
, /* ea_list */
1242 if(!NT_STATUS_IS_OK(status
)) {
1243 if (open_was_deferred(req
->sconn
, req
->mid
)) {
1244 /* We have re-scheduled this call, no error. */
1247 reply_openerror(req
, status
);
1251 /* Ensure we're pointing at the correct stat struct. */
1252 TALLOC_FREE(smb_fname
);
1253 smb_fname
= fsp
->fsp_name
;
1256 * If the caller set the extended oplock request bit
1257 * and we granted one (by whatever means) - set the
1258 * correct bit for extended oplock reply.
1261 if (oplock_request
&&
1262 (lp_fake_oplocks(SNUM(conn
))
1263 || EXCLUSIVE_OPLOCK_TYPE(fsp
->oplock_type
))) {
1266 * Exclusive oplock granted
1269 if (flags
& REQUEST_BATCH_OPLOCK
) {
1270 oplock_granted
= BATCH_OPLOCK_RETURN
;
1272 oplock_granted
= EXCLUSIVE_OPLOCK_RETURN
;
1274 } else if (fsp
->oplock_type
== LEVEL_II_OPLOCK
) {
1275 oplock_granted
= LEVEL_II_OPLOCK_RETURN
;
1277 oplock_granted
= NO_OPLOCK_RETURN
;
1280 file_len
= smb_fname
->st
.st_ex_size
;
1282 /* Realloc the size of parameters and data we will return */
1283 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1284 /* Extended response is 32 more byyes. */
1289 params
= nttrans_realloc(ppparams
, param_len
);
1290 if(params
== NULL
) {
1291 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1296 SCVAL(p
, 0, oplock_granted
);
1299 SSVAL(p
,0,fsp
->fnum
);
1301 if ((create_disposition
== FILE_SUPERSEDE
)
1302 && (info
== FILE_WAS_OVERWRITTEN
)) {
1303 SIVAL(p
,0,FILE_WAS_SUPERSEDED
);
1309 fattr
= dos_mode(conn
, smb_fname
);
1311 fattr
= FILE_ATTRIBUTE_NORMAL
;
1314 /* Deal with other possible opens having a modified
1316 ZERO_STRUCT(write_time_ts
);
1317 get_file_infos(fsp
->file_id
, 0, NULL
, &write_time_ts
);
1318 if (!null_timespec(write_time_ts
)) {
1319 update_stat_ex_mtime(&smb_fname
->st
, write_time_ts
);
1323 create_timespec
= get_create_timespec(conn
, fsp
, smb_fname
);
1324 a_timespec
= smb_fname
->st
.st_ex_atime
;
1325 m_timespec
= smb_fname
->st
.st_ex_mtime
;
1326 c_timespec
= get_change_timespec(conn
, fsp
, smb_fname
);
1328 if (lp_dos_filetime_resolution(SNUM(conn
))) {
1329 dos_filetime_timespec(&create_timespec
);
1330 dos_filetime_timespec(&a_timespec
);
1331 dos_filetime_timespec(&m_timespec
);
1332 dos_filetime_timespec(&c_timespec
);
1335 put_long_date_timespec(conn
->ts_res
, p
, create_timespec
); /* create time. */
1337 put_long_date_timespec(conn
->ts_res
, p
, a_timespec
); /* access time */
1339 put_long_date_timespec(conn
->ts_res
, p
, m_timespec
); /* write time */
1341 put_long_date_timespec(conn
->ts_res
, p
, c_timespec
); /* change time */
1343 SIVAL(p
,0,fattr
); /* File Attributes. */
1345 SOFF_T(p
, 0, SMB_VFS_GET_ALLOC_SIZE(conn
, fsp
, &smb_fname
->st
));
1347 SOFF_T(p
,0,file_len
);
1349 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1350 uint16_t file_status
= (NO_EAS
|NO_SUBSTREAMS
|NO_REPARSETAG
);
1351 size_t num_names
= 0;
1352 unsigned int num_streams
= 0;
1353 struct stream_struct
*streams
= NULL
;
1355 /* Do we have any EA's ? */
1356 status
= get_ea_names_from_file(ctx
, conn
, fsp
,
1357 smb_fname
->base_name
, NULL
, &num_names
);
1358 if (NT_STATUS_IS_OK(status
) && num_names
) {
1359 file_status
&= ~NO_EAS
;
1361 status
= vfs_streaminfo(conn
, NULL
, smb_fname
->base_name
, ctx
,
1362 &num_streams
, &streams
);
1363 /* There is always one stream, ::$DATA. */
1364 if (NT_STATUS_IS_OK(status
) && num_streams
> 1) {
1365 file_status
&= ~NO_SUBSTREAMS
;
1367 TALLOC_FREE(streams
);
1368 SSVAL(p
,2,file_status
);
1371 SCVAL(p
,0,fsp
->is_directory
? 1 : 0);
1373 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1376 if (fsp
->is_directory
||
1377 can_write_to_file(conn
, smb_fname
)) {
1378 perms
= FILE_GENERIC_ALL
;
1380 perms
= FILE_GENERIC_READ
|FILE_EXECUTE
;
1385 DEBUG(5,("call_nt_transact_create: open name = %s\n",
1386 smb_fname_str_dbg(smb_fname
)));
1388 /* Send the required number of replies */
1389 send_nt_replies(conn
, req
, NT_STATUS_OK
, params
, param_len
, *ppdata
, 0);
1394 /****************************************************************************
1395 Reply to a NT CANCEL request.
1396 conn POINTER CAN BE NULL HERE !
1397 ****************************************************************************/
1399 void reply_ntcancel(struct smb_request
*req
)
1402 * Go through and cancel any pending change notifies.
1405 START_PROFILE(SMBntcancel
);
1406 srv_cancel_sign_response(req
->sconn
);
1407 remove_pending_change_notify_requests_by_mid(req
->sconn
, req
->mid
);
1408 remove_pending_lock_requests_by_mid_smb1(req
->sconn
, req
->mid
);
1410 DEBUG(3,("reply_ntcancel: cancel called on mid = %llu.\n",
1411 (unsigned long long)req
->mid
));
1413 END_PROFILE(SMBntcancel
);
1417 /****************************************************************************
1419 ****************************************************************************/
1421 static NTSTATUS
copy_internals(TALLOC_CTX
*ctx
,
1422 connection_struct
*conn
,
1423 struct smb_request
*req
,
1424 struct smb_filename
*smb_fname_src
,
1425 struct smb_filename
*smb_fname_dst
,
1428 files_struct
*fsp1
,*fsp2
;
1432 NTSTATUS status
= NT_STATUS_OK
;
1435 if (!CAN_WRITE(conn
)) {
1436 status
= NT_STATUS_MEDIA_WRITE_PROTECTED
;
1440 /* Source must already exist. */
1441 if (!VALID_STAT(smb_fname_src
->st
)) {
1442 status
= NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1446 /* Ensure attributes match. */
1447 fattr
= dos_mode(conn
, smb_fname_src
);
1448 if ((fattr
& ~attrs
) & (FILE_ATTRIBUTE_HIDDEN
| FILE_ATTRIBUTE_SYSTEM
)) {
1449 status
= NT_STATUS_NO_SUCH_FILE
;
1453 /* Disallow if dst file already exists. */
1454 if (VALID_STAT(smb_fname_dst
->st
)) {
1455 status
= NT_STATUS_OBJECT_NAME_COLLISION
;
1459 /* No links from a directory. */
1460 if (S_ISDIR(smb_fname_src
->st
.st_ex_mode
)) {
1461 status
= NT_STATUS_FILE_IS_A_DIRECTORY
;
1465 DEBUG(10,("copy_internals: doing file copy %s to %s\n",
1466 smb_fname_str_dbg(smb_fname_src
),
1467 smb_fname_str_dbg(smb_fname_dst
)));
1469 status
= SMB_VFS_CREATE_FILE(
1472 0, /* root_dir_fid */
1473 smb_fname_src
, /* fname */
1474 FILE_READ_DATA
|FILE_READ_ATTRIBUTES
|
1475 FILE_READ_EA
, /* access_mask */
1476 (FILE_SHARE_READ
| FILE_SHARE_WRITE
| /* share_access */
1478 FILE_OPEN
, /* create_disposition*/
1479 0, /* create_options */
1480 FILE_ATTRIBUTE_NORMAL
, /* file_attributes */
1481 NO_OPLOCK
, /* oplock_request */
1482 0, /* allocation_size */
1483 0, /* private_flags */
1489 if (!NT_STATUS_IS_OK(status
)) {
1493 status
= SMB_VFS_CREATE_FILE(
1496 0, /* root_dir_fid */
1497 smb_fname_dst
, /* fname */
1498 FILE_WRITE_DATA
|FILE_WRITE_ATTRIBUTES
|
1499 FILE_WRITE_EA
, /* access_mask */
1500 (FILE_SHARE_READ
| FILE_SHARE_WRITE
| /* share_access */
1502 FILE_CREATE
, /* create_disposition*/
1503 0, /* create_options */
1504 fattr
, /* file_attributes */
1505 NO_OPLOCK
, /* oplock_request */
1506 0, /* allocation_size */
1507 0, /* private_flags */
1513 if (!NT_STATUS_IS_OK(status
)) {
1514 close_file(NULL
, fsp1
, ERROR_CLOSE
);
1518 if (smb_fname_src
->st
.st_ex_size
) {
1519 ret
= vfs_transfer_file(fsp1
, fsp2
, smb_fname_src
->st
.st_ex_size
);
1523 * As we are opening fsp1 read-only we only expect
1524 * an error on close on fsp2 if we are out of space.
1525 * Thus we don't look at the error return from the
1528 close_file(NULL
, fsp1
, NORMAL_CLOSE
);
1530 /* Ensure the modtime is set correctly on the destination file. */
1531 set_close_write_time(fsp2
, smb_fname_src
->st
.st_ex_mtime
);
1533 status
= close_file(NULL
, fsp2
, NORMAL_CLOSE
);
1535 /* Grrr. We have to do this as open_file_ntcreate adds FILE_ATTRIBUTE_ARCHIVE when it
1536 creates the file. This isn't the correct thing to do in the copy
1538 if (!parent_dirname(talloc_tos(), smb_fname_dst
->base_name
, &parent
,
1540 status
= NT_STATUS_NO_MEMORY
;
1543 file_set_dosmode(conn
, smb_fname_dst
, fattr
, parent
, false);
1544 TALLOC_FREE(parent
);
1546 if (ret
< (off_t
)smb_fname_src
->st
.st_ex_size
) {
1547 status
= NT_STATUS_DISK_FULL
;
1551 if (!NT_STATUS_IS_OK(status
)) {
1552 DEBUG(3,("copy_internals: Error %s copy file %s to %s\n",
1553 nt_errstr(status
), smb_fname_str_dbg(smb_fname_src
),
1554 smb_fname_str_dbg(smb_fname_dst
)));
1560 /****************************************************************************
1561 Reply to a NT rename request.
1562 ****************************************************************************/
1564 void reply_ntrename(struct smb_request
*req
)
1566 connection_struct
*conn
= req
->conn
;
1567 struct smb_filename
*smb_fname_old
= NULL
;
1568 struct smb_filename
*smb_fname_new
= NULL
;
1569 char *oldname
= NULL
;
1570 char *newname
= NULL
;
1573 bool src_has_wcard
= False
;
1574 bool dest_has_wcard
= False
;
1576 uint32_t ucf_flags_src
= 0;
1577 uint32_t ucf_flags_dst
= 0;
1579 TALLOC_CTX
*ctx
= talloc_tos();
1580 bool stream_rename
= false;
1582 START_PROFILE(SMBntrename
);
1585 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1589 attrs
= SVAL(req
->vwv
+0, 0);
1590 rename_type
= SVAL(req
->vwv
+1, 0);
1592 p
= (const char *)req
->buf
+ 1;
1593 p
+= srvstr_get_path_req_wcard(ctx
, req
, &oldname
, p
, STR_TERMINATE
,
1594 &status
, &src_has_wcard
);
1595 if (!NT_STATUS_IS_OK(status
)) {
1596 reply_nterror(req
, status
);
1600 if (ms_has_wild(oldname
)) {
1601 reply_nterror(req
, NT_STATUS_OBJECT_PATH_SYNTAX_BAD
);
1606 p
+= srvstr_get_path_req_wcard(ctx
, req
, &newname
, p
, STR_TERMINATE
,
1607 &status
, &dest_has_wcard
);
1608 if (!NT_STATUS_IS_OK(status
)) {
1609 reply_nterror(req
, status
);
1613 if (!lp_posix_pathnames()) {
1614 /* The newname must begin with a ':' if the
1615 oldname contains a ':'. */
1616 if (strchr_m(oldname
, ':')) {
1617 if (newname
[0] != ':') {
1618 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1621 stream_rename
= true;
1626 * If this is a rename operation, allow wildcards and save the
1627 * destination's last component.
1629 if (rename_type
== RENAME_FLAG_RENAME
) {
1630 ucf_flags_src
= UCF_COND_ALLOW_WCARD_LCOMP
;
1631 ucf_flags_dst
= UCF_COND_ALLOW_WCARD_LCOMP
| UCF_SAVE_LCOMP
;
1634 /* rename_internals() calls unix_convert(), so don't call it here. */
1635 status
= filename_convert(ctx
, conn
,
1636 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
1641 if (!NT_STATUS_IS_OK(status
)) {
1642 if (NT_STATUS_EQUAL(status
,
1643 NT_STATUS_PATH_NOT_COVERED
)) {
1644 reply_botherror(req
,
1645 NT_STATUS_PATH_NOT_COVERED
,
1646 ERRSRV
, ERRbadpath
);
1649 reply_nterror(req
, status
);
1653 status
= filename_convert(ctx
, conn
,
1654 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
1659 if (!NT_STATUS_IS_OK(status
)) {
1660 if (NT_STATUS_EQUAL(status
,
1661 NT_STATUS_PATH_NOT_COVERED
)) {
1662 reply_botherror(req
,
1663 NT_STATUS_PATH_NOT_COVERED
,
1664 ERRSRV
, ERRbadpath
);
1667 reply_nterror(req
, status
);
1671 if (stream_rename
) {
1672 /* smb_fname_new must be the same as smb_fname_old. */
1673 TALLOC_FREE(smb_fname_new
->base_name
);
1674 smb_fname_new
->base_name
= talloc_strdup(smb_fname_new
,
1675 smb_fname_old
->base_name
);
1676 if (!smb_fname_new
->base_name
) {
1677 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1682 DEBUG(3,("reply_ntrename: %s -> %s\n",
1683 smb_fname_str_dbg(smb_fname_old
),
1684 smb_fname_str_dbg(smb_fname_new
)));
1686 switch(rename_type
) {
1687 case RENAME_FLAG_RENAME
:
1688 status
= rename_internals(ctx
, conn
, req
,
1689 smb_fname_old
, smb_fname_new
,
1690 attrs
, False
, src_has_wcard
,
1694 case RENAME_FLAG_HARD_LINK
:
1695 if (src_has_wcard
|| dest_has_wcard
) {
1697 status
= NT_STATUS_OBJECT_PATH_SYNTAX_BAD
;
1699 status
= hardlink_internals(ctx
, conn
,
1706 case RENAME_FLAG_COPY
:
1707 if (src_has_wcard
|| dest_has_wcard
) {
1709 status
= NT_STATUS_OBJECT_PATH_SYNTAX_BAD
;
1711 status
= copy_internals(ctx
, conn
, req
,
1717 case RENAME_FLAG_MOVE_CLUSTER_INFORMATION
:
1718 status
= NT_STATUS_INVALID_PARAMETER
;
1721 status
= NT_STATUS_ACCESS_DENIED
; /* Default error. */
1725 if (!NT_STATUS_IS_OK(status
)) {
1726 if (open_was_deferred(req
->sconn
, req
->mid
)) {
1727 /* We have re-scheduled this call. */
1731 reply_nterror(req
, status
);
1735 reply_outbuf(req
, 0, 0);
1737 END_PROFILE(SMBntrename
);
1741 /****************************************************************************
1742 Reply to a notify change - queue the request and
1743 don't allow a directory to be opened.
1744 ****************************************************************************/
1746 static void smbd_smb1_notify_reply(struct smb_request
*req
,
1747 NTSTATUS error_code
,
1748 uint8_t *buf
, size_t len
)
1750 send_nt_replies(req
->conn
, req
, error_code
, (char *)buf
, len
, NULL
, 0);
1753 static void call_nt_transact_notify_change(connection_struct
*conn
,
1754 struct smb_request
*req
,
1758 uint32 parameter_count
,
1759 char **ppdata
, uint32 data_count
,
1760 uint32 max_data_count
,
1761 uint32 max_param_count
)
1763 uint16
*setup
= *ppsetup
;
1769 if(setup_count
< 6) {
1770 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1774 fsp
= file_fsp(req
, SVAL(setup
,4));
1775 filter
= IVAL(setup
, 0);
1776 recursive
= (SVAL(setup
, 6) != 0) ? True
: False
;
1778 DEBUG(3,("call_nt_transact_notify_change\n"));
1781 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
1786 char *filter_string
;
1788 if (!(filter_string
= notify_filter_string(NULL
, filter
))) {
1789 reply_nterror(req
,NT_STATUS_NO_MEMORY
);
1793 DEBUG(3,("call_nt_transact_notify_change: notify change "
1794 "called on %s, filter = %s, recursive = %d\n",
1795 fsp_str_dbg(fsp
), filter_string
, recursive
));
1797 TALLOC_FREE(filter_string
);
1800 if((!fsp
->is_directory
) || (conn
!= fsp
->conn
)) {
1801 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1805 if (fsp
->notify
== NULL
) {
1807 status
= change_notify_create(fsp
, filter
, recursive
);
1809 if (!NT_STATUS_IS_OK(status
)) {
1810 DEBUG(10, ("change_notify_create returned %s\n",
1811 nt_errstr(status
)));
1812 reply_nterror(req
, status
);
1817 if (change_notify_fsp_has_changes(fsp
)) {
1820 * We've got changes pending, respond immediately
1824 * TODO: write a torture test to check the filtering behaviour
1828 change_notify_reply(req
,
1832 smbd_smb1_notify_reply
);
1835 * change_notify_reply() above has independently sent its
1842 * No changes pending, queue the request
1845 status
= change_notify_add_request(req
,
1849 smbd_smb1_notify_reply
);
1850 if (!NT_STATUS_IS_OK(status
)) {
1851 reply_nterror(req
, status
);
1856 /****************************************************************************
1857 Reply to an NT transact rename command.
1858 ****************************************************************************/
1860 static void call_nt_transact_rename(connection_struct
*conn
,
1861 struct smb_request
*req
,
1862 uint16
**ppsetup
, uint32 setup_count
,
1863 char **ppparams
, uint32 parameter_count
,
1864 char **ppdata
, uint32 data_count
,
1865 uint32 max_data_count
)
1867 char *params
= *ppparams
;
1868 char *new_name
= NULL
;
1869 files_struct
*fsp
= NULL
;
1870 bool dest_has_wcard
= False
;
1872 TALLOC_CTX
*ctx
= talloc_tos();
1874 if(parameter_count
< 5) {
1875 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1879 fsp
= file_fsp(req
, SVAL(params
, 0));
1880 if (!check_fsp(conn
, req
, fsp
)) {
1883 srvstr_get_path_wcard(ctx
, params
, req
->flags2
, &new_name
, params
+4,
1884 parameter_count
- 4,
1885 STR_TERMINATE
, &status
, &dest_has_wcard
);
1886 if (!NT_STATUS_IS_OK(status
)) {
1887 reply_nterror(req
, status
);
1892 * W2K3 ignores this request as the RAW-RENAME test
1893 * demonstrates, so we do.
1895 send_nt_replies(conn
, req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
1897 DEBUG(3,("nt transact rename from = %s, to = %s ignored!\n",
1898 fsp_str_dbg(fsp
), new_name
));
1903 /******************************************************************************
1904 Fake up a completely empty SD.
1905 *******************************************************************************/
1907 static NTSTATUS
get_null_nt_acl(TALLOC_CTX
*mem_ctx
, struct security_descriptor
**ppsd
)
1911 *ppsd
= make_standard_sec_desc( mem_ctx
, &global_sid_World
, &global_sid_World
, NULL
, &sd_size
);
1913 DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
1914 return NT_STATUS_NO_MEMORY
;
1917 return NT_STATUS_OK
;
1920 /****************************************************************************
1921 Reply to query a security descriptor.
1922 Callable from SMB2 and SMB2.
1923 If it returns NT_STATUS_BUFFER_TOO_SMALL, pdata_size is initialized with
1925 ****************************************************************************/
1927 NTSTATUS
smbd_do_query_security_desc(connection_struct
*conn
,
1928 TALLOC_CTX
*mem_ctx
,
1930 uint32_t security_info_wanted
,
1931 uint32_t max_data_count
,
1932 uint8_t **ppmarshalled_sd
,
1936 struct security_descriptor
*psd
= NULL
;
1937 TALLOC_CTX
*frame
= talloc_stackframe();
1940 * Get the permissions to return.
1943 if ((security_info_wanted
& SECINFO_SACL
) &&
1944 !(fsp
->access_mask
& SEC_FLAG_SYSTEM_SECURITY
)) {
1945 DEBUG(10, ("Access to SACL denied.\n"));
1947 return NT_STATUS_ACCESS_DENIED
;
1950 if ((security_info_wanted
& (SECINFO_DACL
|SECINFO_OWNER
|SECINFO_GROUP
)) &&
1951 !(fsp
->access_mask
& SEC_STD_READ_CONTROL
)) {
1952 DEBUG(10, ("Access to DACL, OWNER, or GROUP denied.\n"));
1954 return NT_STATUS_ACCESS_DENIED
;
1957 if (security_info_wanted
& (SECINFO_DACL
|SECINFO_OWNER
|
1958 SECINFO_GROUP
|SECINFO_SACL
)) {
1959 /* Don't return SECINFO_LABEL if anything else was
1960 requested. See bug #8458. */
1961 security_info_wanted
&= ~SECINFO_LABEL
;
1964 if (!lp_nt_acl_support(SNUM(conn
))) {
1965 status
= get_null_nt_acl(frame
, &psd
);
1966 } else if (security_info_wanted
& SECINFO_LABEL
) {
1967 /* Like W2K3 return a null object. */
1968 status
= get_null_nt_acl(frame
, &psd
);
1970 status
= SMB_VFS_FGET_NT_ACL(
1971 fsp
, security_info_wanted
, frame
, &psd
);
1973 if (!NT_STATUS_IS_OK(status
)) {
1978 if (!(security_info_wanted
& SECINFO_OWNER
)) {
1979 psd
->owner_sid
= NULL
;
1981 if (!(security_info_wanted
& SECINFO_GROUP
)) {
1982 psd
->group_sid
= NULL
;
1984 if (!(security_info_wanted
& SECINFO_DACL
)) {
1985 psd
->type
&= ~SEC_DESC_DACL_PRESENT
;
1988 if (!(security_info_wanted
& SECINFO_SACL
)) {
1989 psd
->type
&= ~SEC_DESC_SACL_PRESENT
;
1993 /* If the SACL/DACL is NULL, but was requested, we mark that it is
1994 * present in the reply to match Windows behavior */
1995 if (psd
->sacl
== NULL
&&
1996 security_info_wanted
& SECINFO_SACL
)
1997 psd
->type
|= SEC_DESC_SACL_PRESENT
;
1998 if (psd
->dacl
== NULL
&&
1999 security_info_wanted
& SECINFO_DACL
)
2000 psd
->type
|= SEC_DESC_DACL_PRESENT
;
2002 if (security_info_wanted
& SECINFO_LABEL
) {
2003 /* Like W2K3 return a null object. */
2004 psd
->owner_sid
= NULL
;
2005 psd
->group_sid
= NULL
;
2008 psd
->type
&= ~(SEC_DESC_DACL_PRESENT
|SEC_DESC_SACL_PRESENT
);
2011 *psd_size
= ndr_size_security_descriptor(psd
, 0);
2013 DEBUG(3,("smbd_do_query_security_desc: sd_size = %lu.\n",
2014 (unsigned long)*psd_size
));
2016 if (DEBUGLEVEL
>= 10) {
2017 DEBUG(10,("smbd_do_query_security_desc for file %s\n",
2019 NDR_PRINT_DEBUG(security_descriptor
, psd
);
2022 if (max_data_count
< *psd_size
) {
2024 return NT_STATUS_BUFFER_TOO_SMALL
;
2027 status
= marshall_sec_desc(mem_ctx
, psd
,
2028 ppmarshalled_sd
, psd_size
);
2030 if (!NT_STATUS_IS_OK(status
)) {
2036 return NT_STATUS_OK
;
2039 /****************************************************************************
2040 SMB1 reply to query a security descriptor.
2041 ****************************************************************************/
2043 static void call_nt_transact_query_security_desc(connection_struct
*conn
,
2044 struct smb_request
*req
,
2048 uint32 parameter_count
,
2051 uint32 max_data_count
)
2053 char *params
= *ppparams
;
2054 char *data
= *ppdata
;
2056 uint32 security_info_wanted
;
2057 files_struct
*fsp
= NULL
;
2059 uint8_t *marshalled_sd
= NULL
;
2061 if(parameter_count
< 8) {
2062 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2066 fsp
= file_fsp(req
, SVAL(params
,0));
2068 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
2072 security_info_wanted
= IVAL(params
,4);
2074 DEBUG(3,("call_nt_transact_query_security_desc: file = %s, "
2075 "info_wanted = 0x%x\n", fsp_str_dbg(fsp
),
2076 (unsigned int)security_info_wanted
));
2078 params
= nttrans_realloc(ppparams
, 4);
2079 if(params
== NULL
) {
2080 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2085 * Get the permissions to return.
2088 status
= smbd_do_query_security_desc(conn
,
2091 security_info_wanted
,
2096 if (NT_STATUS_EQUAL(status
, NT_STATUS_BUFFER_TOO_SMALL
)) {
2097 SIVAL(params
,0,(uint32_t)sd_size
);
2098 send_nt_replies(conn
, req
, NT_STATUS_BUFFER_TOO_SMALL
,
2099 params
, 4, NULL
, 0);
2103 if (!NT_STATUS_IS_OK(status
)) {
2104 reply_nterror(req
, status
);
2108 SMB_ASSERT(sd_size
> 0);
2110 SIVAL(params
,0,(uint32_t)sd_size
);
2112 if (max_data_count
< sd_size
) {
2113 send_nt_replies(conn
, req
, NT_STATUS_BUFFER_TOO_SMALL
,
2114 params
, 4, NULL
, 0);
2119 * Allocate the data we will return.
2122 data
= nttrans_realloc(ppdata
, sd_size
);
2124 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2128 memcpy(data
, marshalled_sd
, sd_size
);
2130 send_nt_replies(conn
, req
, NT_STATUS_OK
, params
, 4, data
, (int)sd_size
);
2135 /****************************************************************************
2136 Reply to set a security descriptor. Map to UNIX perms or POSIX ACLs.
2137 ****************************************************************************/
2139 static void call_nt_transact_set_security_desc(connection_struct
*conn
,
2140 struct smb_request
*req
,
2144 uint32 parameter_count
,
2147 uint32 max_data_count
)
2149 char *params
= *ppparams
;
2150 char *data
= *ppdata
;
2151 files_struct
*fsp
= NULL
;
2152 uint32 security_info_sent
= 0;
2155 if(parameter_count
< 8) {
2156 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2160 if((fsp
= file_fsp(req
, SVAL(params
,0))) == NULL
) {
2161 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
2165 if (!CAN_WRITE(fsp
->conn
)) {
2166 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
2170 if(!lp_nt_acl_support(SNUM(conn
))) {
2174 security_info_sent
= IVAL(params
,4);
2176 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n",
2177 fsp_str_dbg(fsp
), (unsigned int)security_info_sent
));
2179 if (data_count
== 0) {
2180 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2184 status
= set_sd_blob(fsp
, (uint8
*)data
, data_count
, security_info_sent
);
2186 if (!NT_STATUS_IS_OK(status
)) {
2187 reply_nterror(req
, status
);
2192 send_nt_replies(conn
, req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2196 /****************************************************************************
2198 ****************************************************************************/
2200 static void call_nt_transact_ioctl(connection_struct
*conn
,
2201 struct smb_request
*req
,
2202 uint16
**ppsetup
, uint32 setup_count
,
2203 char **ppparams
, uint32 parameter_count
,
2204 char **ppdata
, uint32 data_count
,
2205 uint32 max_data_count
)
2213 char *out_data
= NULL
;
2214 uint32 out_data_len
= 0;
2215 char *pdata
= *ppdata
;
2216 TALLOC_CTX
*ctx
= talloc_tos();
2218 if (setup_count
!= 8) {
2219 DEBUG(3,("call_nt_transact_ioctl: invalid setup count %d\n", setup_count
));
2220 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2224 function
= IVAL(*ppsetup
, 0);
2225 fidnum
= SVAL(*ppsetup
, 4);
2226 isFSctl
= CVAL(*ppsetup
, 6);
2227 compfilter
= CVAL(*ppsetup
, 7);
2229 DEBUG(10, ("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n",
2230 function
, fidnum
, isFSctl
, compfilter
));
2232 fsp
=file_fsp(req
, fidnum
);
2235 * We don't really implement IOCTLs, especially on files.
2238 DEBUG(10, ("isFSctl: 0x%02X indicates IOCTL, not FSCTL!\n",
2240 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2244 /* Has to be for an open file! */
2245 if (!check_fsp_open(conn
, req
, fsp
)) {
2249 SMB_PERFCOUNT_SET_IOCTL(&req
->pcd
, function
);
2252 * out_data might be allocated by the VFS module, but talloc should be
2253 * used, and should be cleaned up when the request ends.
2255 status
= SMB_VFS_FSCTL(fsp
,
2261 (uint8_t **)&out_data
,
2264 if (!NT_STATUS_IS_OK(status
)) {
2265 reply_nterror(req
, status
);
2267 send_nt_replies(conn
, req
, NT_STATUS_OK
, NULL
, 0, out_data
, out_data_len
);
2272 #ifdef HAVE_SYS_QUOTAS
2273 /****************************************************************************
2274 Reply to get user quota
2275 ****************************************************************************/
2277 static void call_nt_transact_get_user_quota(connection_struct
*conn
,
2278 struct smb_request
*req
,
2282 uint32 parameter_count
,
2285 uint32 max_data_count
)
2287 NTSTATUS nt_status
= NT_STATUS_OK
;
2288 char *params
= *ppparams
;
2289 char *pdata
= *ppdata
;
2291 int data_len
=0,param_len
=0;
2294 files_struct
*fsp
= NULL
;
2298 bool start_enum
= True
;
2299 SMB_NTQUOTA_STRUCT qt
;
2300 SMB_NTQUOTA_LIST
*tmp_list
;
2301 SMB_NTQUOTA_HANDLE
*qt_handle
= NULL
;
2306 if (get_current_uid(conn
) != 0) {
2307 DEBUG(1,("get_user_quota: access_denied service [%s] user "
2308 "[%s]\n", lp_servicename(talloc_tos(), SNUM(conn
)),
2309 conn
->session_info
->unix_info
->unix_name
));
2310 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
2315 * Ensure minimum number of parameters sent.
2318 if (parameter_count
< 4) {
2319 DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count
));
2320 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2324 /* maybe we can check the quota_fnum */
2325 fsp
= file_fsp(req
, SVAL(params
,0));
2326 if (!check_fsp_ntquota_handle(conn
, req
, fsp
)) {
2327 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2328 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
2332 /* the NULL pointer checking for fsp->fake_file_handle->pd
2333 * is done by CHECK_NTQUOTA_HANDLE_OK()
2335 qt_handle
= (SMB_NTQUOTA_HANDLE
*)fsp
->fake_file_handle
->private_data
;
2337 level
= SVAL(params
,2);
2339 /* unknown 12 bytes leading in params */
2342 case TRANSACT_GET_USER_QUOTA_LIST_CONTINUE
:
2343 /* seems that we should continue with the enum here --metze */
2345 if (qt_handle
->quota_list
!=NULL
&&
2346 qt_handle
->tmp_list
==NULL
) {
2349 free_ntquota_list(&(qt_handle
->quota_list
));
2351 /* Realloc the size of parameters and data we will return */
2353 params
= nttrans_realloc(ppparams
, param_len
);
2354 if(params
== NULL
) {
2355 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2360 SIVAL(params
,0,data_len
);
2367 case TRANSACT_GET_USER_QUOTA_LIST_START
:
2369 if (qt_handle
->quota_list
==NULL
&&
2370 qt_handle
->tmp_list
==NULL
) {
2374 if (start_enum
&& vfs_get_user_ntquota_list(fsp
,&(qt_handle
->quota_list
))!=0) {
2375 reply_nterror(req
, NT_STATUS_INTERNAL_ERROR
);
2379 /* Realloc the size of parameters and data we will return */
2381 params
= nttrans_realloc(ppparams
, param_len
);
2382 if(params
== NULL
) {
2383 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2387 /* we should not trust the value in max_data_count*/
2388 max_data_count
= MIN(max_data_count
,2048);
2390 pdata
= nttrans_realloc(ppdata
, max_data_count
);/* should be max data count from client*/
2392 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2398 /* set params Size of returned Quota Data 4 bytes*/
2399 /* but set it later when we know it */
2401 /* for each entry push the data */
2404 qt_handle
->tmp_list
= qt_handle
->quota_list
;
2407 tmp_list
= qt_handle
->tmp_list
;
2409 for (;((tmp_list
!=NULL
)&&((qt_len
+40+SID_MAX_SIZE
)<max_data_count
));
2410 tmp_list
=tmp_list
->next
,entry
+=entry_len
,qt_len
+=entry_len
) {
2412 sid_len
= ndr_size_dom_sid(
2413 &tmp_list
->quotas
->sid
, 0);
2414 entry_len
= 40 + sid_len
;
2416 /* nextoffset entry 4 bytes */
2417 SIVAL(entry
,0,entry_len
);
2419 /* then the len of the SID 4 bytes */
2420 SIVAL(entry
,4,sid_len
);
2422 /* unknown data 8 bytes uint64_t */
2423 SBIG_UINT(entry
,8,(uint64_t)0); /* this is not 0 in windows...-metze*/
2425 /* the used disk space 8 bytes uint64_t */
2426 SBIG_UINT(entry
,16,tmp_list
->quotas
->usedspace
);
2428 /* the soft quotas 8 bytes uint64_t */
2429 SBIG_UINT(entry
,24,tmp_list
->quotas
->softlim
);
2431 /* the hard quotas 8 bytes uint64_t */
2432 SBIG_UINT(entry
,32,tmp_list
->quotas
->hardlim
);
2434 /* and now the SID */
2435 sid_linearize(entry
+40, sid_len
, &tmp_list
->quotas
->sid
);
2438 qt_handle
->tmp_list
= tmp_list
;
2440 /* overwrite the offset of the last entry */
2441 SIVAL(entry
-entry_len
,0,0);
2443 data_len
= 4+qt_len
;
2444 /* overwrite the params quota_data_len */
2445 SIVAL(params
,0,data_len
);
2449 case TRANSACT_GET_USER_QUOTA_FOR_SID
:
2451 /* unknown 4 bytes IVAL(pdata,0) */
2453 if (data_count
< 8) {
2454 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count
,8));
2455 reply_nterror(req
, NT_STATUS_INVALID_LEVEL
);
2459 sid_len
= IVAL(pdata
,4);
2460 /* Ensure this is less than 1mb. */
2461 if (sid_len
> (1024*1024)) {
2462 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2466 if (data_count
< 8+sid_len
) {
2467 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count
,(unsigned long)(8+sid_len
)));
2468 reply_nterror(req
, NT_STATUS_INVALID_LEVEL
);
2472 data_len
= 4+40+sid_len
;
2474 if (max_data_count
< data_len
) {
2475 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: max_data_count(%d) < data_len(%d)\n",
2476 max_data_count
, data_len
));
2478 SIVAL(params
,0,data_len
);
2480 nt_status
= NT_STATUS_BUFFER_TOO_SMALL
;
2484 if (!sid_parse(pdata
+8,sid_len
,&sid
)) {
2485 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2489 if (vfs_get_ntquota(fsp
, SMB_USER_QUOTA_TYPE
, &sid
, &qt
)!=0) {
2492 * we have to return zero's in all fields
2493 * instead of returning an error here
2498 /* Realloc the size of parameters and data we will return */
2500 params
= nttrans_realloc(ppparams
, param_len
);
2501 if(params
== NULL
) {
2502 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2506 pdata
= nttrans_realloc(ppdata
, data_len
);
2508 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2514 /* set params Size of returned Quota Data 4 bytes*/
2515 SIVAL(params
,0,data_len
);
2517 /* nextoffset entry 4 bytes */
2520 /* then the len of the SID 4 bytes */
2521 SIVAL(entry
,4,sid_len
);
2523 /* unknown data 8 bytes uint64_t */
2524 SBIG_UINT(entry
,8,(uint64_t)0); /* this is not 0 in windows...-mezte*/
2526 /* the used disk space 8 bytes uint64_t */
2527 SBIG_UINT(entry
,16,qt
.usedspace
);
2529 /* the soft quotas 8 bytes uint64_t */
2530 SBIG_UINT(entry
,24,qt
.softlim
);
2532 /* the hard quotas 8 bytes uint64_t */
2533 SBIG_UINT(entry
,32,qt
.hardlim
);
2535 /* and now the SID */
2536 sid_linearize(entry
+40, sid_len
, &sid
);
2541 DEBUG(0, ("do_nt_transact_get_user_quota: %s: unknown "
2543 fsp_fnum_dbg(fsp
), level
));
2544 reply_nterror(req
, NT_STATUS_INVALID_LEVEL
);
2549 send_nt_replies(conn
, req
, nt_status
, params
, param_len
,
2553 /****************************************************************************
2554 Reply to set user quota
2555 ****************************************************************************/
2557 static void call_nt_transact_set_user_quota(connection_struct
*conn
,
2558 struct smb_request
*req
,
2562 uint32 parameter_count
,
2565 uint32 max_data_count
)
2567 char *params
= *ppparams
;
2568 char *pdata
= *ppdata
;
2569 int data_len
=0,param_len
=0;
2570 SMB_NTQUOTA_STRUCT qt
;
2573 files_struct
*fsp
= NULL
;
2578 if (get_current_uid(conn
) != 0) {
2579 DEBUG(1,("set_user_quota: access_denied service [%s] user "
2580 "[%s]\n", lp_servicename(talloc_tos(), SNUM(conn
)),
2581 conn
->session_info
->unix_info
->unix_name
));
2582 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
2587 * Ensure minimum number of parameters sent.
2590 if (parameter_count
< 2) {
2591 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count
));
2592 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2596 /* maybe we can check the quota_fnum */
2597 fsp
= file_fsp(req
, SVAL(params
,0));
2598 if (!check_fsp_ntquota_handle(conn
, req
, fsp
)) {
2599 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2600 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
2604 if (data_count
< 40) {
2605 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count
,40));
2606 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2610 /* offset to next quota record.
2611 * 4 bytes IVAL(pdata,0)
2616 sid_len
= IVAL(pdata
,4);
2618 if (data_count
< 40+sid_len
|| (40+sid_len
< sid_len
)) {
2619 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count
,(unsigned long)40+sid_len
));
2620 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2624 /* unknown 8 bytes in pdata
2625 * maybe its the change time in NTTIME
2628 /* the used space 8 bytes (uint64_t)*/
2629 qt
.usedspace
= BVAL(pdata
,16);
2631 /* the soft quotas 8 bytes (uint64_t)*/
2632 qt
.softlim
= BVAL(pdata
,24);
2634 /* the hard quotas 8 bytes (uint64_t)*/
2635 qt
.hardlim
= BVAL(pdata
,32);
2637 if (!sid_parse(pdata
+40,sid_len
,&sid
)) {
2638 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2642 DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid
)));
2644 /* 44 unknown bytes left... */
2646 if (vfs_set_ntquota(fsp
, SMB_USER_QUOTA_TYPE
, &sid
, &qt
)!=0) {
2647 reply_nterror(req
, NT_STATUS_INTERNAL_ERROR
);
2651 send_nt_replies(conn
, req
, NT_STATUS_OK
, params
, param_len
,
2654 #endif /* HAVE_SYS_QUOTAS */
2656 static void handle_nttrans(connection_struct
*conn
,
2657 struct trans_state
*state
,
2658 struct smb_request
*req
)
2660 if (get_Protocol() >= PROTOCOL_NT1
) {
2661 req
->flags2
|= 0x40; /* IS_LONG_NAME */
2662 SSVAL(discard_const_p(uint8_t, req
->inbuf
),smb_flg2
,req
->flags2
);
2666 SMB_PERFCOUNT_SET_SUBOP(&req
->pcd
, state
->call
);
2668 /* Now we must call the relevant NT_TRANS function */
2669 switch(state
->call
) {
2670 case NT_TRANSACT_CREATE
:
2672 START_PROFILE(NT_transact_create
);
2673 call_nt_transact_create(
2675 &state
->setup
, state
->setup_count
,
2676 &state
->param
, state
->total_param
,
2677 &state
->data
, state
->total_data
,
2678 state
->max_data_return
);
2679 END_PROFILE(NT_transact_create
);
2683 case NT_TRANSACT_IOCTL
:
2685 START_PROFILE(NT_transact_ioctl
);
2686 call_nt_transact_ioctl(
2688 &state
->setup
, state
->setup_count
,
2689 &state
->param
, state
->total_param
,
2690 &state
->data
, state
->total_data
,
2691 state
->max_data_return
);
2692 END_PROFILE(NT_transact_ioctl
);
2696 case NT_TRANSACT_SET_SECURITY_DESC
:
2698 START_PROFILE(NT_transact_set_security_desc
);
2699 call_nt_transact_set_security_desc(
2701 &state
->setup
, state
->setup_count
,
2702 &state
->param
, state
->total_param
,
2703 &state
->data
, state
->total_data
,
2704 state
->max_data_return
);
2705 END_PROFILE(NT_transact_set_security_desc
);
2709 case NT_TRANSACT_NOTIFY_CHANGE
:
2711 START_PROFILE(NT_transact_notify_change
);
2712 call_nt_transact_notify_change(
2714 &state
->setup
, state
->setup_count
,
2715 &state
->param
, state
->total_param
,
2716 &state
->data
, state
->total_data
,
2717 state
->max_data_return
,
2718 state
->max_param_return
);
2719 END_PROFILE(NT_transact_notify_change
);
2723 case NT_TRANSACT_RENAME
:
2725 START_PROFILE(NT_transact_rename
);
2726 call_nt_transact_rename(
2728 &state
->setup
, state
->setup_count
,
2729 &state
->param
, state
->total_param
,
2730 &state
->data
, state
->total_data
,
2731 state
->max_data_return
);
2732 END_PROFILE(NT_transact_rename
);
2736 case NT_TRANSACT_QUERY_SECURITY_DESC
:
2738 START_PROFILE(NT_transact_query_security_desc
);
2739 call_nt_transact_query_security_desc(
2741 &state
->setup
, state
->setup_count
,
2742 &state
->param
, state
->total_param
,
2743 &state
->data
, state
->total_data
,
2744 state
->max_data_return
);
2745 END_PROFILE(NT_transact_query_security_desc
);
2749 #ifdef HAVE_SYS_QUOTAS
2750 case NT_TRANSACT_GET_USER_QUOTA
:
2752 START_PROFILE(NT_transact_get_user_quota
);
2753 call_nt_transact_get_user_quota(
2755 &state
->setup
, state
->setup_count
,
2756 &state
->param
, state
->total_param
,
2757 &state
->data
, state
->total_data
,
2758 state
->max_data_return
);
2759 END_PROFILE(NT_transact_get_user_quota
);
2763 case NT_TRANSACT_SET_USER_QUOTA
:
2765 START_PROFILE(NT_transact_set_user_quota
);
2766 call_nt_transact_set_user_quota(
2768 &state
->setup
, state
->setup_count
,
2769 &state
->param
, state
->total_param
,
2770 &state
->data
, state
->total_data
,
2771 state
->max_data_return
);
2772 END_PROFILE(NT_transact_set_user_quota
);
2775 #endif /* HAVE_SYS_QUOTAS */
2778 /* Error in request */
2779 DEBUG(0,("handle_nttrans: Unknown request %d in "
2780 "nttrans call\n", state
->call
));
2781 reply_nterror(req
, NT_STATUS_INVALID_LEVEL
);
2787 /****************************************************************************
2788 Reply to a SMBNTtrans.
2789 ****************************************************************************/
2791 void reply_nttrans(struct smb_request
*req
)
2793 connection_struct
*conn
= req
->conn
;
2798 uint16 function_code
;
2800 struct trans_state
*state
;
2802 START_PROFILE(SMBnttrans
);
2804 if (req
->wct
< 19) {
2805 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2806 END_PROFILE(SMBnttrans
);
2810 pscnt
= IVAL(req
->vwv
+9, 1);
2811 psoff
= IVAL(req
->vwv
+11, 1);
2812 dscnt
= IVAL(req
->vwv
+13, 1);
2813 dsoff
= IVAL(req
->vwv
+15, 1);
2814 function_code
= SVAL(req
->vwv
+18, 0);
2816 if (IS_IPC(conn
) && (function_code
!= NT_TRANSACT_CREATE
)) {
2817 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
2818 END_PROFILE(SMBnttrans
);
2822 result
= allow_new_trans(conn
->pending_trans
, req
->mid
);
2823 if (!NT_STATUS_IS_OK(result
)) {
2824 DEBUG(2, ("Got invalid nttrans request: %s\n", nt_errstr(result
)));
2825 reply_nterror(req
, result
);
2826 END_PROFILE(SMBnttrans
);
2830 if ((state
= talloc(conn
, struct trans_state
)) == NULL
) {
2831 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2832 END_PROFILE(SMBnttrans
);
2836 state
->cmd
= SMBnttrans
;
2838 state
->mid
= req
->mid
;
2839 state
->vuid
= req
->vuid
;
2840 state
->total_data
= IVAL(req
->vwv
+3, 1);
2842 state
->total_param
= IVAL(req
->vwv
+1, 1);
2843 state
->param
= NULL
;
2844 state
->max_data_return
= IVAL(req
->vwv
+7, 1);
2845 state
->max_param_return
= IVAL(req
->vwv
+5, 1);
2847 /* setup count is in *words* */
2848 state
->setup_count
= 2*CVAL(req
->vwv
+17, 1);
2849 state
->setup
= NULL
;
2850 state
->call
= function_code
;
2852 DEBUG(10, ("num_setup=%u, "
2853 "param_total=%u, this_param=%u, max_param=%u, "
2854 "data_total=%u, this_data=%u, max_data=%u, "
2855 "param_offset=%u, data_offset=%u\n",
2856 (unsigned)state
->setup_count
,
2857 (unsigned)state
->total_param
, (unsigned)pscnt
,
2858 (unsigned)state
->max_param_return
,
2859 (unsigned)state
->total_data
, (unsigned)dscnt
,
2860 (unsigned)state
->max_data_return
,
2861 (unsigned)psoff
, (unsigned)dsoff
));
2864 * All nttrans messages we handle have smb_wct == 19 +
2865 * state->setup_count. Ensure this is so as a sanity check.
2868 if(req
->wct
!= 19 + (state
->setup_count
/2)) {
2869 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
2870 req
->wct
, 19 + (state
->setup_count
/2)));
2874 /* Don't allow more than 128mb for each value. */
2875 if ((state
->total_data
> (1024*1024*128)) ||
2876 (state
->total_param
> (1024*1024*128))) {
2877 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2878 END_PROFILE(SMBnttrans
);
2882 if ((dscnt
> state
->total_data
) || (pscnt
> state
->total_param
))
2885 if (state
->total_data
) {
2887 if (trans_oob(state
->total_data
, 0, dscnt
)
2888 || trans_oob(smb_len(req
->inbuf
), dsoff
, dscnt
)) {
2892 /* Can't use talloc here, the core routines do realloc on the
2893 * params and data. */
2894 if ((state
->data
= (char *)SMB_MALLOC(state
->total_data
)) == NULL
) {
2895 DEBUG(0,("reply_nttrans: data malloc fail for %u "
2896 "bytes !\n", (unsigned int)state
->total_data
));
2898 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2899 END_PROFILE(SMBnttrans
);
2903 memcpy(state
->data
,smb_base(req
->inbuf
)+dsoff
,dscnt
);
2906 if (state
->total_param
) {
2908 if (trans_oob(state
->total_param
, 0, pscnt
)
2909 || trans_oob(smb_len(req
->inbuf
), psoff
, pscnt
)) {
2913 /* Can't use talloc here, the core routines do realloc on the
2914 * params and data. */
2915 if ((state
->param
= (char *)SMB_MALLOC(state
->total_param
)) == NULL
) {
2916 DEBUG(0,("reply_nttrans: param malloc fail for %u "
2917 "bytes !\n", (unsigned int)state
->total_param
));
2918 SAFE_FREE(state
->data
);
2920 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2921 END_PROFILE(SMBnttrans
);
2925 memcpy(state
->param
,smb_base(req
->inbuf
)+psoff
,pscnt
);
2928 state
->received_data
= dscnt
;
2929 state
->received_param
= pscnt
;
2931 if(state
->setup_count
> 0) {
2932 DEBUG(10,("reply_nttrans: state->setup_count = %d\n",
2933 state
->setup_count
));
2936 * No overflow possible here, state->setup_count is an
2937 * unsigned int, being filled by a single byte from
2938 * CVAL(req->vwv+13, 0) above. The cast in the comparison
2939 * below is not necessary, it's here to clarify things. The
2940 * validity of req->vwv and req->wct has been checked in
2941 * init_smb_request already.
2943 if ((state
->setup_count
/2) + 19 > (unsigned int)req
->wct
) {
2947 state
->setup
= (uint16
*)TALLOC(state
, state
->setup_count
);
2948 if (state
->setup
== NULL
) {
2949 DEBUG(0,("reply_nttrans : Out of memory\n"));
2950 SAFE_FREE(state
->data
);
2951 SAFE_FREE(state
->param
);
2953 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2954 END_PROFILE(SMBnttrans
);
2958 memcpy(state
->setup
, req
->vwv
+19, state
->setup_count
);
2959 dump_data(10, (uint8
*)state
->setup
, state
->setup_count
);
2962 if ((state
->received_data
== state
->total_data
) &&
2963 (state
->received_param
== state
->total_param
)) {
2964 handle_nttrans(conn
, state
, req
);
2965 SAFE_FREE(state
->param
);
2966 SAFE_FREE(state
->data
);
2968 END_PROFILE(SMBnttrans
);
2972 DLIST_ADD(conn
->pending_trans
, state
);
2974 /* We need to send an interim response then receive the rest
2975 of the parameter/data bytes */
2976 reply_outbuf(req
, 0, 0);
2977 show_msg((char *)req
->outbuf
);
2978 END_PROFILE(SMBnttrans
);
2983 DEBUG(0,("reply_nttrans: invalid trans parameters\n"));
2984 SAFE_FREE(state
->data
);
2985 SAFE_FREE(state
->param
);
2987 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2988 END_PROFILE(SMBnttrans
);
2992 /****************************************************************************
2993 Reply to a SMBnttranss
2994 ****************************************************************************/
2996 void reply_nttranss(struct smb_request
*req
)
2998 connection_struct
*conn
= req
->conn
;
2999 uint32_t pcnt
,poff
,dcnt
,doff
,pdisp
,ddisp
;
3000 struct trans_state
*state
;
3002 START_PROFILE(SMBnttranss
);
3004 show_msg((const char *)req
->inbuf
);
3006 /* Windows clients expect all replies to
3007 an NT transact secondary (SMBnttranss 0xA1)
3008 to have a command code of NT transact
3009 (SMBnttrans 0xA0). See bug #8989 for details. */
3010 req
->cmd
= SMBnttrans
;
3012 if (req
->wct
< 18) {
3013 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3014 END_PROFILE(SMBnttranss
);
3018 for (state
= conn
->pending_trans
; state
!= NULL
;
3019 state
= state
->next
) {
3020 if (state
->mid
== req
->mid
) {
3025 if ((state
== NULL
) || (state
->cmd
!= SMBnttrans
)) {
3026 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3027 END_PROFILE(SMBnttranss
);
3031 /* Revise state->total_param and state->total_data in case they have
3032 changed downwards */
3033 if (IVAL(req
->vwv
+1, 1) < state
->total_param
) {
3034 state
->total_param
= IVAL(req
->vwv
+1, 1);
3036 if (IVAL(req
->vwv
+3, 1) < state
->total_data
) {
3037 state
->total_data
= IVAL(req
->vwv
+3, 1);
3040 pcnt
= IVAL(req
->vwv
+5, 1);
3041 poff
= IVAL(req
->vwv
+7, 1);
3042 pdisp
= IVAL(req
->vwv
+9, 1);
3044 dcnt
= IVAL(req
->vwv
+11, 1);
3045 doff
= IVAL(req
->vwv
+13, 1);
3046 ddisp
= IVAL(req
->vwv
+15, 1);
3048 state
->received_param
+= pcnt
;
3049 state
->received_data
+= dcnt
;
3051 if ((state
->received_data
> state
->total_data
) ||
3052 (state
->received_param
> state
->total_param
))
3056 if (trans_oob(state
->total_param
, pdisp
, pcnt
)
3057 || trans_oob(smb_len(req
->inbuf
), poff
, pcnt
)) {
3060 memcpy(state
->param
+pdisp
, smb_base(req
->inbuf
)+poff
,pcnt
);
3064 if (trans_oob(state
->total_data
, ddisp
, dcnt
)
3065 || trans_oob(smb_len(req
->inbuf
), doff
, dcnt
)) {
3068 memcpy(state
->data
+ddisp
, smb_base(req
->inbuf
)+doff
,dcnt
);
3071 if ((state
->received_param
< state
->total_param
) ||
3072 (state
->received_data
< state
->total_data
)) {
3073 END_PROFILE(SMBnttranss
);
3077 handle_nttrans(conn
, state
, req
);
3079 DLIST_REMOVE(conn
->pending_trans
, state
);
3080 SAFE_FREE(state
->data
);
3081 SAFE_FREE(state
->param
);
3083 END_PROFILE(SMBnttranss
);
3088 DEBUG(0,("reply_nttranss: invalid trans parameters\n"));
3089 DLIST_REMOVE(conn
->pending_trans
, state
);
3090 SAFE_FREE(state
->data
);
3091 SAFE_FREE(state
->param
);
3093 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3094 END_PROFILE(SMBnttranss
);