search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Ensure we never enter VFS_CREATE without having initialized
[Samba.git] / source3 / smbd / reply.c
blob1ee4708dcef1c2171e232ffeab2ae340758abb32
1 /*
2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22 /*
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
25 */
26
27 #include "includes.h"
28 #include "smbd/globals.h"
29
30 extern enum protocol_types Protocol;
31
32 /****************************************************************************
33 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
34 path or anything including wildcards.
35 We're assuming here that '/' is not the second byte in any multibyte char
36 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
37 set.
38 ****************************************************************************/
39
40 /* Custom version for processing POSIX paths. */
41 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
42
43 static NTSTATUS check_path_syntax_internal(char *path,
44 bool posix_path,
45 bool *p_last_component_contains_wcard)
46 {
47 char *d = path;
48 const char *s = path;
49 NTSTATUS ret = NT_STATUS_OK;
50 bool start_of_name_component = True;
51 bool stream_started = false;
52
53 *p_last_component_contains_wcard = False;
54
55 while (*s) {
56 if (stream_started) {
57 switch (*s) {
58 case '/':
59 case '\\':
60 return NT_STATUS_OBJECT_NAME_INVALID;
61 case ':':
62 if (s[1] == '\0') {
63 return NT_STATUS_OBJECT_NAME_INVALID;
64 }
65 if (strchr_m(&s[1], ':')) {
66 return NT_STATUS_OBJECT_NAME_INVALID;
67 }
68 if (StrCaseCmp(s, ":$DATA") != 0) {
69 return NT_STATUS_INVALID_PARAMETER;
70 }
71 break;
72 }
73 }
74
75 if (!posix_path && !stream_started && *s == ':') {
76 if (*p_last_component_contains_wcard) {
77 return NT_STATUS_OBJECT_NAME_INVALID;
78 }
79 /* Stream names allow more characters than file names.
80 We're overloading posix_path here to allow a wider
81 range of characters. If stream_started is true this
82 is still a Windows path even if posix_path is true.
83 JRA.
84 */
85 stream_started = true;
86 start_of_name_component = false;
87 posix_path = true;
88
89 if (s[1] == '\0') {
90 return NT_STATUS_OBJECT_NAME_INVALID;
91 }
92 }
93
94 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
95 /*
96 * Safe to assume is not the second part of a mb char
97 * as this is handled below.
98 */
99 /* Eat multiple '/' or '\\' */
100 while (IS_PATH_SEP(*s,posix_path)) {
101 s++;
102 }
103 if ((d != path) && (*s != '\0')) {
104 /* We only care about non-leading or trailing '/' or '\\' */
105 *d++ = '/';
106 }
107
108 start_of_name_component = True;
109 /* New component. */
110 *p_last_component_contains_wcard = False;
111 continue;
112 }
113
114 if (start_of_name_component) {
115 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
116 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
117
118 /*
119 * No mb char starts with '.' so we're safe checking the directory separator here.
120 */
121
122 /* If we just added a '/' - delete it */
123 if ((d > path) && (*(d-1) == '/')) {
124 *(d-1) = '\0';
125 d--;
126 }
127
128 /* Are we at the start ? Can't go back further if so. */
129 if (d <= path) {
130 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
131 break;
132 }
133 /* Go back one level... */
134 /* We know this is safe as '/' cannot be part of a mb sequence. */
135 /* NOTE - if this assumption is invalid we are not in good shape... */
136 /* Decrement d first as d points to the *next* char to write into. */
137 for (d--; d > path; d--) {
138 if (*d == '/')
139 break;
140 }
141 s += 2; /* Else go past the .. */
142 /* We're still at the start of a name component, just the previous one. */
143 continue;
144
145 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
146 if (posix_path) {
147 /* Eat the '.' */
148 s++;
149 continue;
150 }
151 }
152
153 }
154
155 if (!(*s & 0x80)) {
156 if (!posix_path) {
157 if (*s <= 0x1f || *s == '|') {
158 return NT_STATUS_OBJECT_NAME_INVALID;
159 }
160 switch (*s) {
161 case '*':
162 case '?':
163 case '<':
164 case '>':
165 case '"':
166 *p_last_component_contains_wcard = True;
167 break;
168 default:
169 break;
170 }
171 }
172 *d++ = *s++;
173 } else {
174 size_t siz;
175 /* Get the size of the next MB character. */
176 next_codepoint(s,&siz);
177 switch(siz) {
178 case 5:
179 *d++ = *s++;
180 /*fall through*/
181 case 4:
182 *d++ = *s++;
183 /*fall through*/
184 case 3:
185 *d++ = *s++;
186 /*fall through*/
187 case 2:
188 *d++ = *s++;
189 /*fall through*/
190 case 1:
191 *d++ = *s++;
192 break;
193 default:
194 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
195 *d = '\0';
196 return NT_STATUS_INVALID_PARAMETER;
197 }
198 }
199 start_of_name_component = False;
200 }
201
202 *d = '\0';
203
204 return ret;
205 }
206
207 /****************************************************************************
208 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
209 No wildcards allowed.
210 ****************************************************************************/
211
212 NTSTATUS check_path_syntax(char *path)
213 {
214 bool ignore;
215 return check_path_syntax_internal(path, False, &ignore);
216 }
217
218 /****************************************************************************
219 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
220 Wildcards allowed - p_contains_wcard returns true if the last component contained
221 a wildcard.
222 ****************************************************************************/
223
224 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
225 {
226 return check_path_syntax_internal(path, False, p_contains_wcard);
227 }
228
229 /****************************************************************************
230 Check the path for a POSIX client.
231 We're assuming here that '/' is not the second byte in any multibyte char
232 set (a safe assumption).
233 ****************************************************************************/
234
235 NTSTATUS check_path_syntax_posix(char *path)
236 {
237 bool ignore;
238 return check_path_syntax_internal(path, True, &ignore);
239 }
240
241 /****************************************************************************
242 Pull a string and check the path allowing a wilcard - provide for error return.
243 ****************************************************************************/
244
245 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
246 const char *base_ptr,
247 uint16 smb_flags2,
248 char **pp_dest,
249 const char *src,
250 size_t src_len,
251 int flags,
252 NTSTATUS *err,
253 bool *contains_wcard)
254 {
255 size_t ret;
256
257 *pp_dest = NULL;
258
259 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
260 src_len, flags);
261
262 if (!*pp_dest) {
263 *err = NT_STATUS_INVALID_PARAMETER;
264 return ret;
265 }
266
267 *contains_wcard = False;
268
269 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
270 /*
271 * For a DFS path the function parse_dfs_path()
272 * will do the path processing, just make a copy.
273 */
274 *err = NT_STATUS_OK;
275 return ret;
276 }
277
278 if (lp_posix_pathnames()) {
279 *err = check_path_syntax_posix(*pp_dest);
280 } else {
281 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
282 }
283
284 return ret;
285 }
286
287 /****************************************************************************
288 Pull a string and check the path - provide for error return.
289 ****************************************************************************/
290
291 size_t srvstr_get_path(TALLOC_CTX *ctx,
292 const char *base_ptr,
293 uint16 smb_flags2,
294 char **pp_dest,
295 const char *src,
296 size_t src_len,
297 int flags,
298 NTSTATUS *err)
299 {
300 bool ignore;
301 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
302 src_len, flags, err, &ignore);
303 }
304
305 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
306 char **pp_dest, const char *src, int flags,
307 NTSTATUS *err, bool *contains_wcard)
308 {
309 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
310 pp_dest, src, smbreq_bufrem(req, src),
311 flags, err, contains_wcard);
312 }
313
314 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
315 char **pp_dest, const char *src, int flags,
316 NTSTATUS *err)
317 {
318 bool ignore;
319 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
320 flags, err, &ignore);
321 }
322
323 /****************************************************************************
324 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
325 ****************************************************************************/
326
327 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
328 files_struct *fsp)
329 {
330 if (!(fsp) || !(conn)) {
331 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
332 return False;
333 }
334 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
335 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
336 return False;
337 }
338 return True;
339 }
340
341 /****************************************************************************
342 Check if we have a correct fsp pointing to a file.
343 ****************************************************************************/
344
345 bool check_fsp(connection_struct *conn, struct smb_request *req,
346 files_struct *fsp)
347 {
348 if (!check_fsp_open(conn, req, fsp)) {
349 return False;
350 }
351 if ((fsp)->is_directory) {
352 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
353 return False;
354 }
355 if ((fsp)->fh->fd == -1) {
356 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
357 return False;
358 }
359 (fsp)->num_smb_operations++;
360 return True;
361 }
362
363 /****************************************************************************
364 Check if we have a correct fsp pointing to a quota fake file. Replacement for
365 the CHECK_NTQUOTA_HANDLE_OK macro.
366 ****************************************************************************/
367
368 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
369 files_struct *fsp)
370 {
371 if (!check_fsp_open(conn, req, fsp)) {
372 return false;
373 }
374
375 if (fsp->is_directory) {
376 return false;
377 }
378
379 if (fsp->fake_file_handle == NULL) {
380 return false;
381 }
382
383 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
384 return false;
385 }
386
387 if (fsp->fake_file_handle->private_data == NULL) {
388 return false;
389 }
390
391 return true;
392 }
393
394 /****************************************************************************
395 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
396 ****************************************************************************/
397
398 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
399 files_struct *fsp)
400 {
401 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
402 && (req->vuid == (fsp)->vuid)) {
403 return True;
404 }
405
406 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
407 return False;
408 }
409
410 /****************************************************************************
411 Reply to a (netbios-level) special message.
412 ****************************************************************************/
413
414 void reply_special(char *inbuf)
415 {
416 int msg_type = CVAL(inbuf,0);
417 int msg_flags = CVAL(inbuf,1);
418 fstring name1,name2;
419 char name_type = 0;
420
421 /*
422 * We only really use 4 bytes of the outbuf, but for the smb_setlen
423 * calculation & friends (srv_send_smb uses that) we need the full smb
424 * header.
425 */
426 char outbuf[smb_size];
427
428 *name1 = *name2 = 0;
429
430 memset(outbuf, '\0', sizeof(outbuf));
431
432 smb_setlen(outbuf,0);
433
434 switch (msg_type) {
435 case 0x81: /* session request */
436
437 if (already_got_session) {
438 exit_server_cleanly("multiple session request not permitted");
439 }
440
441 SCVAL(outbuf,0,0x82);
442 SCVAL(outbuf,3,0);
443 if (name_len(inbuf+4) > 50 ||
444 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
445 DEBUG(0,("Invalid name length in session request\n"));
446 return;
447 }
448 name_extract(inbuf,4,name1);
449 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
450 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
451 name1,name2));
452
453 set_local_machine_name(name1, True);
454 set_remote_machine_name(name2, True);
455
456 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
457 get_local_machine_name(), get_remote_machine_name(),
458 name_type));
459
460 if (name_type == 'R') {
461 /* We are being asked for a pathworks session ---
462 no thanks! */
463 SCVAL(outbuf, 0,0x83);
464 break;
465 }
466
467 /* only add the client's machine name to the list
468 of possibly valid usernames if we are operating
469 in share mode security */
470 if (lp_security() == SEC_SHARE) {
471 add_session_user(get_remote_machine_name());
472 }
473
474 reload_services(True);
475 reopen_logs();
476
477 already_got_session = True;
478 break;
479
480 case 0x89: /* session keepalive request
481 (some old clients produce this?) */
482 SCVAL(outbuf,0,SMBkeepalive);
483 SCVAL(outbuf,3,0);
484 break;
485
486 case 0x82: /* positive session response */
487 case 0x83: /* negative session response */
488 case 0x84: /* retarget session response */
489 DEBUG(0,("Unexpected session response\n"));
490 break;
491
492 case SMBkeepalive: /* session keepalive */
493 default:
494 return;
495 }
496
497 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
498 msg_type, msg_flags));
499
500 srv_send_smb(smbd_server_fd(), outbuf, false, NULL);
501 return;
502 }
503
504 /****************************************************************************
505 Reply to a tcon.
506 conn POINTER CAN BE NULL HERE !
507 ****************************************************************************/
508
509 void reply_tcon(struct smb_request *req)
510 {
511 connection_struct *conn = req->conn;
512 const char *service;
513 char *service_buf = NULL;
514 char *password = NULL;
515 char *dev = NULL;
516 int pwlen=0;
517 NTSTATUS nt_status;
518 const char *p;
519 DATA_BLOB password_blob;
520 TALLOC_CTX *ctx = talloc_tos();
521
522 START_PROFILE(SMBtcon);
523
524 if (req->buflen < 4) {
525 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
526 END_PROFILE(SMBtcon);
527 return;
528 }
529
530 p = (const char *)req->buf + 1;
531 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
532 p += 1;
533 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
534 p += pwlen+1;
535 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
536 p += 1;
537
538 if (service_buf == NULL || password == NULL || dev == NULL) {
539 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
540 END_PROFILE(SMBtcon);
541 return;
542 }
543 p = strrchr_m(service_buf,'\\');
544 if (p) {
545 service = p+1;
546 } else {
547 service = service_buf;
548 }
549
550 password_blob = data_blob(password, pwlen+1);
551
552 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
553 req->conn = conn;
554
555 data_blob_clear_free(&password_blob);
556
557 if (!conn) {
558 reply_nterror(req, nt_status);
559 END_PROFILE(SMBtcon);
560 return;
561 }
562
563 reply_outbuf(req, 2, 0);
564 SSVAL(req->outbuf,smb_vwv0,max_recv);
565 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
566 SSVAL(req->outbuf,smb_tid,conn->cnum);
567
568 DEBUG(3,("tcon service=%s cnum=%d\n",
569 service, conn->cnum));
570
571 END_PROFILE(SMBtcon);
572 return;
573 }
574
575 /****************************************************************************
576 Reply to a tcon and X.
577 conn POINTER CAN BE NULL HERE !
578 ****************************************************************************/
579
580 void reply_tcon_and_X(struct smb_request *req)
581 {
582 connection_struct *conn = req->conn;
583 const char *service = NULL;
584 DATA_BLOB password;
585 TALLOC_CTX *ctx = talloc_tos();
586 /* what the cleint thinks the device is */
587 char *client_devicetype = NULL;
588 /* what the server tells the client the share represents */
589 const char *server_devicetype;
590 NTSTATUS nt_status;
591 int passlen;
592 char *path = NULL;
593 const char *p, *q;
594 uint16 tcon_flags;
595
596 START_PROFILE(SMBtconX);
597
598 if (req->wct < 4) {
599 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
600 END_PROFILE(SMBtconX);
601 return;
602 }
603
604 passlen = SVAL(req->vwv+3, 0);
605 tcon_flags = SVAL(req->vwv+2, 0);
606
607 /* we might have to close an old one */
608 if ((tcon_flags & 0x1) && conn) {
609 close_cnum(conn,req->vuid);
610 req->conn = NULL;
611 conn = NULL;
612 }
613
614 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
615 reply_doserror(req, ERRDOS, ERRbuftoosmall);
616 END_PROFILE(SMBtconX);
617 return;
618 }
619
620 if (global_encrypted_passwords_negotiated) {
621 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
622 if (lp_security() == SEC_SHARE) {
623 /*
624 * Security = share always has a pad byte
625 * after the password.
626 */
627 p = (const char *)req->buf + passlen + 1;
628 } else {
629 p = (const char *)req->buf + passlen;
630 }
631 } else {
632 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
633 /* Ensure correct termination */
634 password.data[passlen]=0;
635 p = (const char *)req->buf + passlen + 1;
636 }
637
638 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
639
640 if (path == NULL) {
641 data_blob_clear_free(&password);
642 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
643 END_PROFILE(SMBtconX);
644 return;
645 }
646
647 /*
648 * the service name can be either: \\server\share
649 * or share directly like on the DELL PowerVault 705
650 */
651 if (*path=='\\') {
652 q = strchr_m(path+2,'\\');
653 if (!q) {
654 data_blob_clear_free(&password);
655 reply_doserror(req, ERRDOS, ERRnosuchshare);
656 END_PROFILE(SMBtconX);
657 return;
658 }
659 service = q+1;
660 } else {
661 service = path;
662 }
663
664 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
665 &client_devicetype, p,
666 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
667
668 if (client_devicetype == NULL) {
669 data_blob_clear_free(&password);
670 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
671 END_PROFILE(SMBtconX);
672 return;
673 }
674
675 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
676
677 conn = make_connection(service, password, client_devicetype,
678 req->vuid, &nt_status);
679 req->conn =conn;
680
681 data_blob_clear_free(&password);
682
683 if (!conn) {
684 reply_nterror(req, nt_status);
685 END_PROFILE(SMBtconX);
686 return;
687 }
688
689 if ( IS_IPC(conn) )
690 server_devicetype = "IPC";
691 else if ( IS_PRINT(conn) )
692 server_devicetype = "LPT1:";
693 else
694 server_devicetype = "A:";
695
696 if (Protocol < PROTOCOL_NT1) {
697 reply_outbuf(req, 2, 0);
698 if (message_push_string(&req->outbuf, server_devicetype,
699 STR_TERMINATE|STR_ASCII) == -1) {
700 reply_nterror(req, NT_STATUS_NO_MEMORY);
701 END_PROFILE(SMBtconX);
702 return;
703 }
704 } else {
705 /* NT sets the fstype of IPC$ to the null string */
706 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
707
708 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
709 /* Return permissions. */
710 uint32 perm1 = 0;
711 uint32 perm2 = 0;
712
713 reply_outbuf(req, 7, 0);
714
715 if (IS_IPC(conn)) {
716 perm1 = FILE_ALL_ACCESS;
717 perm2 = FILE_ALL_ACCESS;
718 } else {
719 perm1 = CAN_WRITE(conn) ?
720 SHARE_ALL_ACCESS :
721 SHARE_READ_ONLY;
722 }
723
724 SIVAL(req->outbuf, smb_vwv3, perm1);
725 SIVAL(req->outbuf, smb_vwv5, perm2);
726 } else {
727 reply_outbuf(req, 3, 0);
728 }
729
730 if ((message_push_string(&req->outbuf, server_devicetype,
731 STR_TERMINATE|STR_ASCII) == -1)
732 || (message_push_string(&req->outbuf, fstype,
733 STR_TERMINATE) == -1)) {
734 reply_nterror(req, NT_STATUS_NO_MEMORY);
735 END_PROFILE(SMBtconX);
736 return;
737 }
738
739 /* what does setting this bit do? It is set by NT4 and
740 may affect the ability to autorun mounted cdroms */
741 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
742 (lp_csc_policy(SNUM(conn)) << 2));
743
744 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
745 DEBUG(2,("Serving %s as a Dfs root\n",
746 lp_servicename(SNUM(conn)) ));
747 SSVAL(req->outbuf, smb_vwv2,
748 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
749 }
750 }
751
752
753 DEBUG(3,("tconX service=%s \n",
754 service));
755
756 /* set the incoming and outgoing tid to the just created one */
757 SSVAL(req->inbuf,smb_tid,conn->cnum);
758 SSVAL(req->outbuf,smb_tid,conn->cnum);
759
760 END_PROFILE(SMBtconX);
761
762 chain_reply(req);
763 return;
764 }
765
766 /****************************************************************************
767 Reply to an unknown type.
768 ****************************************************************************/
769
770 void reply_unknown_new(struct smb_request *req, uint8 type)
771 {
772 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
773 smb_fn_name(type), type, type));
774 reply_doserror(req, ERRSRV, ERRunknownsmb);
775 return;
776 }
777
778 /****************************************************************************
779 Reply to an ioctl.
780 conn POINTER CAN BE NULL HERE !
781 ****************************************************************************/
782
783 void reply_ioctl(struct smb_request *req)
784 {
785 connection_struct *conn = req->conn;
786 uint16 device;
787 uint16 function;
788 uint32 ioctl_code;
789 int replysize;
790 char *p;
791
792 START_PROFILE(SMBioctl);
793
794 if (req->wct < 3) {
795 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
796 END_PROFILE(SMBioctl);
797 return;
798 }
799
800 device = SVAL(req->vwv+1, 0);
801 function = SVAL(req->vwv+2, 0);
802 ioctl_code = (device << 16) + function;
803
804 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
805
806 switch (ioctl_code) {
807 case IOCTL_QUERY_JOB_INFO:
808 replysize = 32;
809 break;
810 default:
811 reply_doserror(req, ERRSRV, ERRnosupport);
812 END_PROFILE(SMBioctl);
813 return;
814 }
815
816 reply_outbuf(req, 8, replysize+1);
817 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
818 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
819 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
820 p = smb_buf(req->outbuf);
821 memset(p, '\0', replysize+1); /* valgrind-safe. */
822 p += 1; /* Allow for alignment */
823
824 switch (ioctl_code) {
825 case IOCTL_QUERY_JOB_INFO:
826 {
827 files_struct *fsp = file_fsp(
828 req, SVAL(req->vwv+0, 0));
829 if (!fsp) {
830 reply_doserror(req, ERRDOS, ERRbadfid);
831 END_PROFILE(SMBioctl);
832 return;
833 }
834 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
835 srvstr_push((char *)req->outbuf, req->flags2, p+2,
836 global_myname(), 15,
837 STR_TERMINATE|STR_ASCII);
838 if (conn) {
839 srvstr_push((char *)req->outbuf, req->flags2,
840 p+18, lp_servicename(SNUM(conn)),
841 13, STR_TERMINATE|STR_ASCII);
842 } else {
843 memset(p+18, 0, 13);
844 }
845 break;
846 }
847 }
848
849 END_PROFILE(SMBioctl);
850 return;
851 }
852
853 /****************************************************************************
854 Strange checkpath NTSTATUS mapping.
855 ****************************************************************************/
856
857 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
858 {
859 /* Strange DOS error code semantics only for checkpath... */
860 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
861 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
862 /* We need to map to ERRbadpath */
863 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
864 }
865 }
866 return status;
867 }
868
869 /****************************************************************************
870 Reply to a checkpath.
871 ****************************************************************************/
872
873 void reply_checkpath(struct smb_request *req)
874 {
875 connection_struct *conn = req->conn;
876 char *name = NULL;
877 SMB_STRUCT_STAT sbuf;
878 NTSTATUS status;
879 TALLOC_CTX *ctx = talloc_tos();
880
881 START_PROFILE(SMBcheckpath);
882
883 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
884 STR_TERMINATE, &status);
885
886 if (!NT_STATUS_IS_OK(status)) {
887 status = map_checkpath_error(req->flags2, status);
888 reply_nterror(req, status);
889 END_PROFILE(SMBcheckpath);
890 return;
891 }
892
893 status = resolve_dfspath(ctx, conn,
894 req->flags2 & FLAGS2_DFS_PATHNAMES,
895 name,
896 &name);
897 if (!NT_STATUS_IS_OK(status)) {
898 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
899 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
900 ERRSRV, ERRbadpath);
901 END_PROFILE(SMBcheckpath);
902 return;
903 }
904 goto path_err;
905 }
906
907 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
908
909 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
910 if (!NT_STATUS_IS_OK(status)) {
911 goto path_err;
912 }
913
914 status = check_name(conn, name);
915 if (!NT_STATUS_IS_OK(status)) {
916 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
917 goto path_err;
918 }
919
920 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
921 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
922 status = map_nt_error_from_unix(errno);
923 goto path_err;
924 }
925
926 if (!S_ISDIR(sbuf.st_mode)) {
927 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
928 ERRDOS, ERRbadpath);
929 END_PROFILE(SMBcheckpath);
930 return;
931 }
932
933 reply_outbuf(req, 0, 0);
934
935 END_PROFILE(SMBcheckpath);
936 return;
937
938 path_err:
939
940 END_PROFILE(SMBcheckpath);
941
942 /* We special case this - as when a Windows machine
943 is parsing a path is steps through the components
944 one at a time - if a component fails it expects
945 ERRbadpath, not ERRbadfile.
946 */
947 status = map_checkpath_error(req->flags2, status);
948 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
949 /*
950 * Windows returns different error codes if
951 * the parent directory is valid but not the
952 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
953 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
954 * if the path is invalid.
955 */
956 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
957 ERRDOS, ERRbadpath);
958 return;
959 }
960
961 reply_nterror(req, status);
962 }
963
964 /****************************************************************************
965 Reply to a getatr.
966 ****************************************************************************/
967
968 void reply_getatr(struct smb_request *req)
969 {
970 connection_struct *conn = req->conn;
971 char *fname = NULL;
972 SMB_STRUCT_STAT sbuf;
973 int mode=0;
974 SMB_OFF_T size=0;
975 time_t mtime=0;
976 const char *p;
977 NTSTATUS status;
978 TALLOC_CTX *ctx = talloc_tos();
979
980 START_PROFILE(SMBgetatr);
981
982 p = (const char *)req->buf + 1;
983 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
984 if (!NT_STATUS_IS_OK(status)) {
985 reply_nterror(req, status);
986 END_PROFILE(SMBgetatr);
987 return;
988 }
989
990 status = resolve_dfspath(ctx, conn,
991 req->flags2 & FLAGS2_DFS_PATHNAMES,
992 fname,
993 &fname);
994 if (!NT_STATUS_IS_OK(status)) {
995 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
996 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
997 ERRSRV, ERRbadpath);
998 END_PROFILE(SMBgetatr);
999 return;
1000 }
1001 reply_nterror(req, status);
1002 END_PROFILE(SMBgetatr);
1003 return;
1004 }
1005
1006 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1007 under WfWg - weird! */
1008 if (*fname == '\0') {
1009 mode = aHIDDEN | aDIR;
1010 if (!CAN_WRITE(conn)) {
1011 mode |= aRONLY;
1012 }
1013 size = 0;
1014 mtime = 0;
1015 } else {
1016 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
1017 if (!NT_STATUS_IS_OK(status)) {
1018 reply_nterror(req, status);
1019 END_PROFILE(SMBgetatr);
1020 return;
1021 }
1022 status = check_name(conn, fname);
1023 if (!NT_STATUS_IS_OK(status)) {
1024 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
1025 reply_nterror(req, status);
1026 END_PROFILE(SMBgetatr);
1027 return;
1028 }
1029 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1030 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1031 reply_unixerror(req, ERRDOS,ERRbadfile);
1032 END_PROFILE(SMBgetatr);
1033 return;
1034 }
1035
1036 mode = dos_mode(conn,fname,&sbuf);
1037 size = sbuf.st_size;
1038 mtime = sbuf.st_mtime;
1039 if (mode & aDIR) {
1040 size = 0;
1041 }
1042 }
1043
1044 reply_outbuf(req, 10, 0);
1045
1046 SSVAL(req->outbuf,smb_vwv0,mode);
1047 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1048 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1049 } else {
1050 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1051 }
1052 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1053
1054 if (Protocol >= PROTOCOL_NT1) {
1055 SSVAL(req->outbuf, smb_flg2,
1056 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1057 }
1058
1059 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1060
1061 END_PROFILE(SMBgetatr);
1062 return;
1063 }
1064
1065 /****************************************************************************
1066 Reply to a setatr.
1067 ****************************************************************************/
1068
1069 void reply_setatr(struct smb_request *req)
1070 {
1071 struct smb_file_time ft;
1072 connection_struct *conn = req->conn;
1073 char *fname = NULL;
1074 int mode;
1075 time_t mtime;
1076 SMB_STRUCT_STAT sbuf;
1077 const char *p;
1078 NTSTATUS status;
1079 TALLOC_CTX *ctx = talloc_tos();
1080
1081 START_PROFILE(SMBsetatr);
1082
1083 ZERO_STRUCT(ft);
1084
1085 if (req->wct < 2) {
1086 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1087 return;
1088 }
1089
1090 p = (const char *)req->buf + 1;
1091 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1092 if (!NT_STATUS_IS_OK(status)) {
1093 reply_nterror(req, status);
1094 END_PROFILE(SMBsetatr);
1095 return;
1096 }
1097
1098 status = resolve_dfspath(ctx, conn,
1099 req->flags2 & FLAGS2_DFS_PATHNAMES,
1100 fname,
1101 &fname);
1102 if (!NT_STATUS_IS_OK(status)) {
1103 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1104 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1105 ERRSRV, ERRbadpath);
1106 END_PROFILE(SMBsetatr);
1107 return;
1108 }
1109 reply_nterror(req, status);
1110 END_PROFILE(SMBsetatr);
1111 return;
1112 }
1113
1114 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1115 if (!NT_STATUS_IS_OK(status)) {
1116 reply_nterror(req, status);
1117 END_PROFILE(SMBsetatr);
1118 return;
1119 }
1120
1121 status = check_name(conn, fname);
1122 if (!NT_STATUS_IS_OK(status)) {
1123 reply_nterror(req, status);
1124 END_PROFILE(SMBsetatr);
1125 return;
1126 }
1127
1128 if (fname[0] == '.' && fname[1] == '\0') {
1129 /*
1130 * Not sure here is the right place to catch this
1131 * condition. Might be moved to somewhere else later -- vl
1132 */
1133 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1134 END_PROFILE(SMBsetatr);
1135 return;
1136 }
1137
1138 mode = SVAL(req->vwv+0, 0);
1139 mtime = srv_make_unix_date3(req->vwv+1);
1140
1141 ft.mtime = convert_time_t_to_timespec(mtime);
1142 status = smb_set_file_time(conn, NULL, fname,
1143 &sbuf, &ft, true);
1144 if (!NT_STATUS_IS_OK(status)) {
1145 reply_unixerror(req, ERRDOS, ERRnoaccess);
1146 END_PROFILE(SMBsetatr);
1147 return;
1148 }
1149
1150 if (mode != FILE_ATTRIBUTE_NORMAL) {
1151 if (VALID_STAT_OF_DIR(sbuf))
1152 mode |= aDIR;
1153 else
1154 mode &= ~aDIR;
1155
1156 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1157 reply_unixerror(req, ERRDOS, ERRnoaccess);
1158 END_PROFILE(SMBsetatr);
1159 return;
1160 }
1161 }
1162
1163 reply_outbuf(req, 0, 0);
1164
1165 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1166
1167 END_PROFILE(SMBsetatr);
1168 return;
1169 }
1170
1171 /****************************************************************************
1172 Reply to a dskattr.
1173 ****************************************************************************/
1174
1175 void reply_dskattr(struct smb_request *req)
1176 {
1177 connection_struct *conn = req->conn;
1178 uint64_t dfree,dsize,bsize;
1179 START_PROFILE(SMBdskattr);
1180
1181 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1182 reply_unixerror(req, ERRHRD, ERRgeneral);
1183 END_PROFILE(SMBdskattr);
1184 return;
1185 }
1186
1187 reply_outbuf(req, 5, 0);
1188
1189 if (Protocol <= PROTOCOL_LANMAN2) {
1190 double total_space, free_space;
1191 /* we need to scale this to a number that DOS6 can handle. We
1192 use floating point so we can handle large drives on systems
1193 that don't have 64 bit integers
1194
1195 we end up displaying a maximum of 2G to DOS systems
1196 */
1197 total_space = dsize * (double)bsize;
1198 free_space = dfree * (double)bsize;
1199
1200 dsize = (uint64_t)((total_space+63*512) / (64*512));
1201 dfree = (uint64_t)((free_space+63*512) / (64*512));
1202
1203 if (dsize > 0xFFFF) dsize = 0xFFFF;
1204 if (dfree > 0xFFFF) dfree = 0xFFFF;
1205
1206 SSVAL(req->outbuf,smb_vwv0,dsize);
1207 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1208 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1209 SSVAL(req->outbuf,smb_vwv3,dfree);
1210 } else {
1211 SSVAL(req->outbuf,smb_vwv0,dsize);
1212 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1213 SSVAL(req->outbuf,smb_vwv2,512);
1214 SSVAL(req->outbuf,smb_vwv3,dfree);
1215 }
1216
1217 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1218
1219 END_PROFILE(SMBdskattr);
1220 return;
1221 }
1222
1223 /****************************************************************************
1224 Reply to a search.
1225 Can be called from SMBsearch, SMBffirst or SMBfunique.
1226 ****************************************************************************/
1227
1228 void reply_search(struct smb_request *req)
1229 {
1230 connection_struct *conn = req->conn;
1231 const char *mask = NULL;
1232 char *directory = NULL;
1233 char *fname = NULL;
1234 SMB_OFF_T size;
1235 uint32 mode;
1236 time_t date;
1237 uint32 dirtype;
1238 unsigned int numentries = 0;
1239 unsigned int maxentries = 0;
1240 bool finished = False;
1241 const char *p;
1242 int status_len;
1243 char *path = NULL;
1244 char status[21];
1245 int dptr_num= -1;
1246 bool check_descend = False;
1247 bool expect_close = False;
1248 NTSTATUS nt_status;
1249 bool mask_contains_wcard = False;
1250 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1251 TALLOC_CTX *ctx = talloc_tos();
1252 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1253
1254 START_PROFILE(SMBsearch);
1255
1256 if (req->wct < 2) {
1257 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1258 END_PROFILE(SMBsearch);
1259 return;
1260 }
1261
1262 if (lp_posix_pathnames()) {
1263 reply_unknown_new(req, req->cmd);
1264 END_PROFILE(SMBsearch);
1265 return;
1266 }
1267
1268 /* If we were called as SMBffirst then we must expect close. */
1269 if(req->cmd == SMBffirst) {
1270 expect_close = True;
1271 }
1272
1273 reply_outbuf(req, 1, 3);
1274 maxentries = SVAL(req->vwv+0, 0);
1275 dirtype = SVAL(req->vwv+1, 0);
1276 p = (const char *)req->buf + 1;
1277 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1278 &nt_status, &mask_contains_wcard);
1279 if (!NT_STATUS_IS_OK(nt_status)) {
1280 reply_nterror(req, nt_status);
1281 END_PROFILE(SMBsearch);
1282 return;
1283 }
1284
1285 nt_status = resolve_dfspath_wcard(ctx, conn,
1286 req->flags2 & FLAGS2_DFS_PATHNAMES,
1287 path,
1288 &path,
1289 &mask_contains_wcard);
1290 if (!NT_STATUS_IS_OK(nt_status)) {
1291 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1292 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1293 ERRSRV, ERRbadpath);
1294 END_PROFILE(SMBsearch);
1295 return;
1296 }
1297 reply_nterror(req, nt_status);
1298 END_PROFILE(SMBsearch);
1299 return;
1300 }
1301
1302 p++;
1303 status_len = SVAL(p, 0);
1304 p += 2;
1305
1306 /* dirtype &= ~aDIR; */
1307
1308 if (status_len == 0) {
1309 SMB_STRUCT_STAT sbuf;
1310
1311 nt_status = unix_convert(ctx, conn, path, True,
1312 &directory, NULL, &sbuf);
1313 if (!NT_STATUS_IS_OK(nt_status)) {
1314 reply_nterror(req, nt_status);
1315 END_PROFILE(SMBsearch);
1316 return;
1317 }
1318
1319 nt_status = check_name(conn, directory);
1320 if (!NT_STATUS_IS_OK(nt_status)) {
1321 reply_nterror(req, nt_status);
1322 END_PROFILE(SMBsearch);
1323 return;
1324 }
1325
1326 p = strrchr_m(directory,'/');
1327 if ((p != NULL) && (*directory != '/')) {
1328 mask = p + 1;
1329 directory = talloc_strndup(ctx, directory,
1330 PTR_DIFF(p, directory));
1331 } else {
1332 mask = directory;
1333 directory = talloc_strdup(ctx,".");
1334 }
1335
1336 if (!directory) {
1337 reply_nterror(req, NT_STATUS_NO_MEMORY);
1338 END_PROFILE(SMBsearch);
1339 return;
1340 }
1341
1342 memset((char *)status,'\0',21);
1343 SCVAL(status,0,(dirtype & 0x1F));
1344
1345 nt_status = dptr_create(conn,
1346 directory,
1347 True,
1348 expect_close,
1349 req->smbpid,
1350 mask,
1351 mask_contains_wcard,
1352 dirtype,
1353 &conn->dirptr);
1354 if (!NT_STATUS_IS_OK(nt_status)) {
1355 reply_nterror(req, nt_status);
1356 END_PROFILE(SMBsearch);
1357 return;
1358 }
1359 dptr_num = dptr_dnum(conn->dirptr);
1360 } else {
1361 int status_dirtype;
1362
1363 memcpy(status,p,21);
1364 status_dirtype = CVAL(status,0) & 0x1F;
1365 if (status_dirtype != (dirtype & 0x1F)) {
1366 dirtype = status_dirtype;
1367 }
1368
1369 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1370 if (!conn->dirptr) {
1371 goto SearchEmpty;
1372 }
1373 string_set(&conn->dirpath,dptr_path(dptr_num));
1374 mask = dptr_wcard(dptr_num);
1375 if (!mask) {
1376 goto SearchEmpty;
1377 }
1378 /*
1379 * For a 'continue' search we have no string. So
1380 * check from the initial saved string.
1381 */
1382 mask_contains_wcard = ms_has_wild(mask);
1383 dirtype = dptr_attr(dptr_num);
1384 }
1385
1386 DEBUG(4,("dptr_num is %d\n",dptr_num));
1387
1388 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1389 dptr_init_search_op(conn->dirptr);
1390
1391 if ((dirtype&0x1F) == aVOLID) {
1392 char buf[DIR_STRUCT_SIZE];
1393 memcpy(buf,status,21);
1394 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1395 0,aVOLID,0,!allow_long_path_components)) {
1396 reply_nterror(req, NT_STATUS_NO_MEMORY);
1397 END_PROFILE(SMBsearch);
1398 return;
1399 }
1400 dptr_fill(buf+12,dptr_num);
1401 if (dptr_zero(buf+12) && (status_len==0)) {
1402 numentries = 1;
1403 } else {
1404 numentries = 0;
1405 }
1406 if (message_push_blob(&req->outbuf,
1407 data_blob_const(buf, sizeof(buf)))
1408 == -1) {
1409 reply_nterror(req, NT_STATUS_NO_MEMORY);
1410 END_PROFILE(SMBsearch);
1411 return;
1412 }
1413 } else {
1414 unsigned int i;
1415 maxentries = MIN(
1416 maxentries,
1417 ((BUFFER_SIZE -
1418 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1419 /DIR_STRUCT_SIZE));
1420
1421 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1422 conn->dirpath,lp_dontdescend(SNUM(conn))));
1423 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1424 check_descend = True;
1425 }
1426
1427 for (i=numentries;(i<maxentries) && !finished;i++) {
1428 finished = !get_dir_entry(ctx,
1429 conn,
1430 mask,
1431 dirtype,
1432 &fname,
1433 &size,
1434 &mode,
1435 &date,
1436 check_descend,
1437 ask_sharemode);
1438 if (!finished) {
1439 char buf[DIR_STRUCT_SIZE];
1440 memcpy(buf,status,21);
1441 if (!make_dir_struct(ctx,
1442 buf,
1443 mask,
1444 fname,
1445 size,
1446 mode,
1447 date,
1448 !allow_long_path_components)) {
1449 reply_nterror(req, NT_STATUS_NO_MEMORY);
1450 END_PROFILE(SMBsearch);
1451 return;
1452 }
1453 if (!dptr_fill(buf+12,dptr_num)) {
1454 break;
1455 }
1456 if (message_push_blob(&req->outbuf,
1457 data_blob_const(buf, sizeof(buf)))
1458 == -1) {
1459 reply_nterror(req, NT_STATUS_NO_MEMORY);
1460 END_PROFILE(SMBsearch);
1461 return;
1462 }
1463 numentries++;
1464 }
1465 }
1466 }
1467
1468 SearchEmpty:
1469
1470 /* If we were called as SMBffirst with smb_search_id == NULL
1471 and no entries were found then return error and close dirptr
1472 (X/Open spec) */
1473
1474 if (numentries == 0) {
1475 dptr_close(&dptr_num);
1476 } else if(expect_close && status_len == 0) {
1477 /* Close the dptr - we know it's gone */
1478 dptr_close(&dptr_num);
1479 }
1480
1481 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1482 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1483 dptr_close(&dptr_num);
1484 }
1485
1486 if ((numentries == 0) && !mask_contains_wcard) {
1487 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1488 END_PROFILE(SMBsearch);
1489 return;
1490 }
1491
1492 SSVAL(req->outbuf,smb_vwv0,numentries);
1493 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1494 SCVAL(smb_buf(req->outbuf),0,5);
1495 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1496
1497 /* The replies here are never long name. */
1498 SSVAL(req->outbuf, smb_flg2,
1499 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1500 if (!allow_long_path_components) {
1501 SSVAL(req->outbuf, smb_flg2,
1502 SVAL(req->outbuf, smb_flg2)
1503 & (~FLAGS2_LONG_PATH_COMPONENTS));
1504 }
1505
1506 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1507 SSVAL(req->outbuf, smb_flg2,
1508 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1509
1510 if (!directory) {
1511 directory = dptr_path(dptr_num);
1512 }
1513
1514 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1515 smb_fn_name(req->cmd),
1516 mask,
1517 directory ? directory : "./",
1518 dirtype,
1519 numentries,
1520 maxentries ));
1521
1522 END_PROFILE(SMBsearch);
1523 return;
1524 }
1525
1526 /****************************************************************************
1527 Reply to a fclose (stop directory search).
1528 ****************************************************************************/
1529
1530 void reply_fclose(struct smb_request *req)
1531 {
1532 int status_len;
1533 char status[21];
1534 int dptr_num= -2;
1535 const char *p;
1536 char *path = NULL;
1537 NTSTATUS err;
1538 bool path_contains_wcard = False;
1539 TALLOC_CTX *ctx = talloc_tos();
1540
1541 START_PROFILE(SMBfclose);
1542
1543 if (lp_posix_pathnames()) {
1544 reply_unknown_new(req, req->cmd);
1545 END_PROFILE(SMBfclose);
1546 return;
1547 }
1548
1549 p = (const char *)req->buf + 1;
1550 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1551 &err, &path_contains_wcard);
1552 if (!NT_STATUS_IS_OK(err)) {
1553 reply_nterror(req, err);
1554 END_PROFILE(SMBfclose);
1555 return;
1556 }
1557 p++;
1558 status_len = SVAL(p,0);
1559 p += 2;
1560
1561 if (status_len == 0) {
1562 reply_doserror(req, ERRSRV, ERRsrverror);
1563 END_PROFILE(SMBfclose);
1564 return;
1565 }
1566
1567 memcpy(status,p,21);
1568
1569 if(dptr_fetch(status+12,&dptr_num)) {
1570 /* Close the dptr - we know it's gone */
1571 dptr_close(&dptr_num);
1572 }
1573
1574 reply_outbuf(req, 1, 0);
1575 SSVAL(req->outbuf,smb_vwv0,0);
1576
1577 DEBUG(3,("search close\n"));
1578
1579 END_PROFILE(SMBfclose);
1580 return;
1581 }
1582
1583 /****************************************************************************
1584 Reply to an open.
1585 ****************************************************************************/
1586
1587 void reply_open(struct smb_request *req)
1588 {
1589 connection_struct *conn = req->conn;
1590 char *fname = NULL;
1591 uint32 fattr=0;
1592 SMB_OFF_T size = 0;
1593 time_t mtime=0;
1594 int info;
1595 SMB_STRUCT_STAT sbuf;
1596 files_struct *fsp;
1597 int oplock_request;
1598 int deny_mode;
1599 uint32 dos_attr;
1600 uint32 access_mask;
1601 uint32 share_mode;
1602 uint32 create_disposition;
1603 uint32 create_options = 0;
1604 NTSTATUS status;
1605 TALLOC_CTX *ctx = talloc_tos();
1606
1607 START_PROFILE(SMBopen);
1608
1609 SET_STAT_INVALID(sbuf);
1610
1611 if (req->wct < 2) {
1612 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1613 END_PROFILE(SMBopen);
1614 return;
1615 }
1616
1617 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1618 deny_mode = SVAL(req->vwv+0, 0);
1619 dos_attr = SVAL(req->vwv+1, 0);
1620
1621 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1622 STR_TERMINATE, &status);
1623 if (!NT_STATUS_IS_OK(status)) {
1624 reply_nterror(req, status);
1625 END_PROFILE(SMBopen);
1626 return;
1627 }
1628
1629 if (!map_open_params_to_ntcreate(
1630 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1631 &share_mode, &create_disposition, &create_options)) {
1632 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1633 END_PROFILE(SMBopen);
1634 return;
1635 }
1636
1637 status = SMB_VFS_CREATE_FILE(
1638 conn, /* conn */
1639 req, /* req */
1640 0, /* root_dir_fid */
1641 fname, /* fname */
1642 CFF_DOS_PATH, /* create_file_flags */
1643 access_mask, /* access_mask */
1644 share_mode, /* share_access */
1645 create_disposition, /* create_disposition*/
1646 create_options, /* create_options */
1647 dos_attr, /* file_attributes */
1648 oplock_request, /* oplock_request */
1649 0, /* allocation_size */
1650 NULL, /* sd */
1651 NULL, /* ea_list */
1652 &fsp, /* result */
1653 &info, /* pinfo */
1654 &sbuf); /* psbuf */
1655
1656 if (!NT_STATUS_IS_OK(status)) {
1657 if (open_was_deferred(req->mid)) {
1658 /* We have re-scheduled this call. */
1659 END_PROFILE(SMBopen);
1660 return;
1661 }
1662 reply_openerror(req, status);
1663 END_PROFILE(SMBopen);
1664 return;
1665 }
1666
1667 size = sbuf.st_size;
1668 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1669 mtime = sbuf.st_mtime;
1670
1671 if (fattr & aDIR) {
1672 DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
1673 close_file(req, fsp, ERROR_CLOSE);
1674 reply_doserror(req, ERRDOS,ERRnoaccess);
1675 END_PROFILE(SMBopen);
1676 return;
1677 }
1678
1679 reply_outbuf(req, 7, 0);
1680 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1681 SSVAL(req->outbuf,smb_vwv1,fattr);
1682 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1683 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1684 } else {
1685 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1686 }
1687 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1688 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1689
1690 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1691 SCVAL(req->outbuf,smb_flg,
1692 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1693 }
1694
1695 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1696 SCVAL(req->outbuf,smb_flg,
1697 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1698 }
1699 END_PROFILE(SMBopen);
1700 return;
1701 }
1702
1703 /****************************************************************************
1704 Reply to an open and X.
1705 ****************************************************************************/
1706
1707 void reply_open_and_X(struct smb_request *req)
1708 {
1709 connection_struct *conn = req->conn;
1710 char *fname = NULL;
1711 uint16 open_flags;
1712 int deny_mode;
1713 uint32 smb_attr;
1714 /* Breakout the oplock request bits so we can set the
1715 reply bits separately. */
1716 int ex_oplock_request;
1717 int core_oplock_request;
1718 int oplock_request;
1719 #if 0
1720 int smb_sattr = SVAL(req->vwv+4, 0);
1721 uint32 smb_time = make_unix_date3(req->vwv+6);
1722 #endif
1723 int smb_ofun;
1724 uint32 fattr=0;
1725 int mtime=0;
1726 SMB_STRUCT_STAT sbuf;
1727 int smb_action = 0;
1728 files_struct *fsp;
1729 NTSTATUS status;
1730 uint64_t allocation_size;
1731 ssize_t retval = -1;
1732 uint32 access_mask;
1733 uint32 share_mode;
1734 uint32 create_disposition;
1735 uint32 create_options = 0;
1736 TALLOC_CTX *ctx = talloc_tos();
1737
1738 START_PROFILE(SMBopenX);
1739
1740 if (req->wct < 15) {
1741 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1742 END_PROFILE(SMBopenX);
1743 return;
1744 }
1745
1746 SET_STAT_INVALID(sbuf);
1747
1748 open_flags = SVAL(req->vwv+2, 0);
1749 deny_mode = SVAL(req->vwv+3, 0);
1750 smb_attr = SVAL(req->vwv+5, 0);
1751 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1752 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1753 oplock_request = ex_oplock_request | core_oplock_request;
1754 smb_ofun = SVAL(req->vwv+8, 0);
1755 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1756
1757 /* If it's an IPC, pass off the pipe handler. */
1758 if (IS_IPC(conn)) {
1759 if (lp_nt_pipe_support()) {
1760 reply_open_pipe_and_X(conn, req);
1761 } else {
1762 reply_doserror(req, ERRSRV, ERRaccess);
1763 }
1764 END_PROFILE(SMBopenX);
1765 return;
1766 }
1767
1768 /* XXXX we need to handle passed times, sattr and flags */
1769 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1770 STR_TERMINATE, &status);
1771 if (!NT_STATUS_IS_OK(status)) {
1772 reply_nterror(req, status);
1773 END_PROFILE(SMBopenX);
1774 return;
1775 }
1776
1777 if (!map_open_params_to_ntcreate(
1778 fname, deny_mode, smb_ofun, &access_mask,
1779 &share_mode, &create_disposition, &create_options)) {
1780 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1781 END_PROFILE(SMBopenX);
1782 return;
1783 }
1784
1785 status = SMB_VFS_CREATE_FILE(
1786 conn, /* conn */
1787 req, /* req */
1788 0, /* root_dir_fid */
1789 fname, /* fname */
1790 CFF_DOS_PATH, /* create_file_flags */
1791 access_mask, /* access_mask */
1792 share_mode, /* share_access */
1793 create_disposition, /* create_disposition*/
1794 create_options, /* create_options */
1795 smb_attr, /* file_attributes */
1796 oplock_request, /* oplock_request */
1797 0, /* allocation_size */
1798 NULL, /* sd */
1799 NULL, /* ea_list */
1800 &fsp, /* result */
1801 &smb_action, /* pinfo */
1802 &sbuf); /* psbuf */
1803
1804 if (!NT_STATUS_IS_OK(status)) {
1805 END_PROFILE(SMBopenX);
1806 if (open_was_deferred(req->mid)) {
1807 /* We have re-scheduled this call. */
1808 return;
1809 }
1810 reply_openerror(req, status);
1811 return;
1812 }
1813
1814 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1815 if the file is truncated or created. */
1816 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1817 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1818 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1819 close_file(req, fsp, ERROR_CLOSE);
1820 reply_nterror(req, NT_STATUS_DISK_FULL);
1821 END_PROFILE(SMBopenX);
1822 return;
1823 }
1824 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1825 if (retval < 0) {
1826 close_file(req, fsp, ERROR_CLOSE);
1827 reply_nterror(req, NT_STATUS_DISK_FULL);
1828 END_PROFILE(SMBopenX);
1829 return;
1830 }
1831 sbuf.st_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&sbuf);
1832 }
1833
1834 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1835 mtime = sbuf.st_mtime;
1836 if (fattr & aDIR) {
1837 close_file(req, fsp, ERROR_CLOSE);
1838 reply_doserror(req, ERRDOS, ERRnoaccess);
1839 END_PROFILE(SMBopenX);
1840 return;
1841 }
1842
1843 /* If the caller set the extended oplock request bit
1844 and we granted one (by whatever means) - set the
1845 correct bit for extended oplock reply.
1846 */
1847
1848 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1849 smb_action |= EXTENDED_OPLOCK_GRANTED;
1850 }
1851
1852 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1853 smb_action |= EXTENDED_OPLOCK_GRANTED;
1854 }
1855
1856 /* If the caller set the core oplock request bit
1857 and we granted one (by whatever means) - set the
1858 correct bit for core oplock reply.
1859 */
1860
1861 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1862 reply_outbuf(req, 19, 0);
1863 } else {
1864 reply_outbuf(req, 15, 0);
1865 }
1866
1867 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1868 SCVAL(req->outbuf, smb_flg,
1869 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1870 }
1871
1872 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1873 SCVAL(req->outbuf, smb_flg,
1874 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1875 }
1876
1877 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1878 SSVAL(req->outbuf,smb_vwv3,fattr);
1879 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1880 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1881 } else {
1882 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1883 }
1884 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1885 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1886 SSVAL(req->outbuf,smb_vwv11,smb_action);
1887
1888 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1889 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1890 }
1891
1892 END_PROFILE(SMBopenX);
1893 chain_reply(req);
1894 return;
1895 }
1896
1897 /****************************************************************************
1898 Reply to a SMBulogoffX.
1899 ****************************************************************************/
1900
1901 void reply_ulogoffX(struct smb_request *req)
1902 {
1903 user_struct *vuser;
1904
1905 START_PROFILE(SMBulogoffX);
1906
1907 vuser = get_valid_user_struct(req->vuid);
1908
1909 if(vuser == NULL) {
1910 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1911 req->vuid));
1912 }
1913
1914 /* in user level security we are supposed to close any files
1915 open by this user */
1916 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1917 file_close_user(req->vuid);
1918 }
1919
1920 invalidate_vuid(req->vuid);
1921
1922 reply_outbuf(req, 2, 0);
1923
1924 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1925
1926 END_PROFILE(SMBulogoffX);
1927 chain_reply(req);
1928 }
1929
1930 /****************************************************************************
1931 Reply to a mknew or a create.
1932 ****************************************************************************/
1933
1934 void reply_mknew(struct smb_request *req)
1935 {
1936 connection_struct *conn = req->conn;
1937 char *fname = NULL;
1938 uint32 fattr = 0;
1939 struct smb_file_time ft;
1940 files_struct *fsp;
1941 int oplock_request = 0;
1942 SMB_STRUCT_STAT sbuf;
1943 NTSTATUS status;
1944 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1945 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1946 uint32 create_disposition;
1947 uint32 create_options = 0;
1948 TALLOC_CTX *ctx = talloc_tos();
1949
1950 START_PROFILE(SMBcreate);
1951 ZERO_STRUCT(ft);
1952 SET_STAT_INVALID(sbuf);
1953
1954 if (req->wct < 3) {
1955 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1956 END_PROFILE(SMBcreate);
1957 return;
1958 }
1959
1960 fattr = SVAL(req->vwv+0, 0);
1961 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1962
1963 /* mtime. */
1964 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
1965
1966 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
1967 STR_TERMINATE, &status);
1968 if (!NT_STATUS_IS_OK(status)) {
1969 reply_nterror(req, status);
1970 END_PROFILE(SMBcreate);
1971 return;
1972 }
1973
1974 if (fattr & aVOLID) {
1975 DEBUG(0,("Attempt to create file (%s) with volid set - "
1976 "please report this\n", fname));
1977 }
1978
1979 if(req->cmd == SMBmknew) {
1980 /* We should fail if file exists. */
1981 create_disposition = FILE_CREATE;
1982 } else {
1983 /* Create if file doesn't exist, truncate if it does. */
1984 create_disposition = FILE_OVERWRITE_IF;
1985 }
1986
1987 status = SMB_VFS_CREATE_FILE(
1988 conn, /* conn */
1989 req, /* req */
1990 0, /* root_dir_fid */
1991 fname, /* fname */
1992 CFF_DOS_PATH, /* create_file_flags */
1993 access_mask, /* access_mask */
1994 share_mode, /* share_access */
1995 create_disposition, /* create_disposition*/
1996 create_options, /* create_options */
1997 fattr, /* file_attributes */
1998 oplock_request, /* oplock_request */
1999 0, /* allocation_size */
2000 NULL, /* sd */
2001 NULL, /* ea_list */
2002 &fsp, /* result */
2003 NULL, /* pinfo */
2004 &sbuf); /* psbuf */
2005
2006 if (!NT_STATUS_IS_OK(status)) {
2007 END_PROFILE(SMBcreate);
2008 if (open_was_deferred(req->mid)) {
2009 /* We have re-scheduled this call. */
2010 return;
2011 }
2012 reply_openerror(req, status);
2013 return;
2014 }
2015
2016 ft.atime = get_atimespec(&sbuf); /* atime. */
2017 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &sbuf, &ft, true);
2018 if (!NT_STATUS_IS_OK(status)) {
2019 END_PROFILE(SMBcreate);
2020 reply_openerror(req, status);
2021 return;
2022 }
2023
2024 reply_outbuf(req, 1, 0);
2025 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2026
2027 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2028 SCVAL(req->outbuf,smb_flg,
2029 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2030 }
2031
2032 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2033 SCVAL(req->outbuf,smb_flg,
2034 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2035 }
2036
2037 DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
2038 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2039 fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
2040
2041 END_PROFILE(SMBcreate);
2042 return;
2043 }
2044
2045 /****************************************************************************
2046 Reply to a create temporary file.
2047 ****************************************************************************/
2048
2049 void reply_ctemp(struct smb_request *req)
2050 {
2051 connection_struct *conn = req->conn;
2052 char *fname = NULL;
2053 uint32 fattr;
2054 files_struct *fsp;
2055 int oplock_request;
2056 int tmpfd;
2057 SMB_STRUCT_STAT sbuf;
2058 char *s;
2059 NTSTATUS status;
2060 TALLOC_CTX *ctx = talloc_tos();
2061
2062 START_PROFILE(SMBctemp);
2063
2064 if (req->wct < 3) {
2065 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2066 END_PROFILE(SMBctemp);
2067 return;
2068 }
2069
2070 fattr = SVAL(req->vwv+0, 0);
2071 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2072
2073 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2074 STR_TERMINATE, &status);
2075 if (!NT_STATUS_IS_OK(status)) {
2076 reply_nterror(req, status);
2077 END_PROFILE(SMBctemp);
2078 return;
2079 }
2080 if (*fname) {
2081 fname = talloc_asprintf(ctx,
2082 "%s/TMXXXXXX",
2083 fname);
2084 } else {
2085 fname = talloc_strdup(ctx, "TMXXXXXX");
2086 }
2087
2088 if (!fname) {
2089 reply_nterror(req, NT_STATUS_NO_MEMORY);
2090 END_PROFILE(SMBctemp);
2091 return;
2092 }
2093
2094 status = resolve_dfspath(ctx, conn,
2095 req->flags2 & FLAGS2_DFS_PATHNAMES,
2096 fname,
2097 &fname);
2098 if (!NT_STATUS_IS_OK(status)) {
2099 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2100 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2101 ERRSRV, ERRbadpath);
2102 END_PROFILE(SMBctemp);
2103 return;
2104 }
2105 reply_nterror(req, status);
2106 END_PROFILE(SMBctemp);
2107 return;
2108 }
2109
2110 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2111 if (!NT_STATUS_IS_OK(status)) {
2112 reply_nterror(req, status);
2113 END_PROFILE(SMBctemp);
2114 return;
2115 }
2116
2117 status = check_name(conn, fname);
2118 if (!NT_STATUS_IS_OK(status)) {
2119 reply_nterror(req, status);
2120 END_PROFILE(SMBctemp);
2121 return;
2122 }
2123
2124 tmpfd = smb_mkstemp(fname);
2125 if (tmpfd == -1) {
2126 reply_unixerror(req, ERRDOS, ERRnoaccess);
2127 END_PROFILE(SMBctemp);
2128 return;
2129 }
2130
2131 SET_STAT_INVALID(sbuf);
2132 SMB_VFS_STAT(conn,fname,&sbuf);
2133
2134 /* We should fail if file does not exist. */
2135 status = SMB_VFS_CREATE_FILE(
2136 conn, /* conn */
2137 req, /* req */
2138 0, /* root_dir_fid */
2139 fname, /* fname */
2140 0, /* create_file_flags */
2141 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2142 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2143 FILE_OPEN, /* create_disposition*/
2144 0, /* create_options */
2145 fattr, /* file_attributes */
2146 oplock_request, /* oplock_request */
2147 0, /* allocation_size */
2148 NULL, /* sd */
2149 NULL, /* ea_list */
2150 &fsp, /* result */
2151 NULL, /* pinfo */
2152 &sbuf); /* psbuf */
2153
2154 /* close fd from smb_mkstemp() */
2155 close(tmpfd);
2156
2157 if (!NT_STATUS_IS_OK(status)) {
2158 if (open_was_deferred(req->mid)) {
2159 /* We have re-scheduled this call. */
2160 END_PROFILE(SMBctemp);
2161 return;
2162 }
2163 reply_openerror(req, status);
2164 END_PROFILE(SMBctemp);
2165 return;
2166 }
2167
2168 reply_outbuf(req, 1, 0);
2169 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2170
2171 /* the returned filename is relative to the directory */
2172 s = strrchr_m(fsp->fsp_name, '/');
2173 if (!s) {
2174 s = fsp->fsp_name;
2175 } else {
2176 s++;
2177 }
2178
2179 #if 0
2180 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2181 thing in the byte section. JRA */
2182 SSVALS(p, 0, -1); /* what is this? not in spec */
2183 #endif
2184 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2185 == -1) {
2186 reply_nterror(req, NT_STATUS_NO_MEMORY);
2187 END_PROFILE(SMBctemp);
2188 return;
2189 }
2190
2191 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2192 SCVAL(req->outbuf, smb_flg,
2193 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2194 }
2195
2196 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2197 SCVAL(req->outbuf, smb_flg,
2198 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2199 }
2200
2201 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
2202 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
2203 fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
2204
2205 END_PROFILE(SMBctemp);
2206 return;
2207 }
2208
2209 /*******************************************************************
2210 Check if a user is allowed to rename a file.
2211 ********************************************************************/
2212
2213 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2214 uint16 dirtype, SMB_STRUCT_STAT *pst)
2215 {
2216 uint32 fmode;
2217
2218 if (!CAN_WRITE(conn)) {
2219 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2220 }
2221
2222 fmode = dos_mode(conn, fsp->fsp_name, pst);
2223 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2224 return NT_STATUS_NO_SUCH_FILE;
2225 }
2226
2227 if (S_ISDIR(pst->st_mode)) {
2228 if (fsp->posix_open) {
2229 return NT_STATUS_OK;
2230 }
2231
2232 /* If no pathnames are open below this
2233 directory, allow the rename. */
2234
2235 if (file_find_subpath(fsp)) {
2236 return NT_STATUS_ACCESS_DENIED;
2237 }
2238 return NT_STATUS_OK;
2239 }
2240
2241 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2242 return NT_STATUS_OK;
2243 }
2244
2245 return NT_STATUS_ACCESS_DENIED;
2246 }
2247
2248 /*******************************************************************
2249 * unlink a file with all relevant access checks
2250 *******************************************************************/
2251
2252 static NTSTATUS do_unlink(connection_struct *conn,
2253 struct smb_request *req,
2254 const char *fname,
2255 uint32 dirtype)
2256 {
2257 SMB_STRUCT_STAT sbuf;
2258 uint32 fattr;
2259 files_struct *fsp;
2260 uint32 dirtype_orig = dirtype;
2261 NTSTATUS status;
2262
2263 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2264
2265 if (!CAN_WRITE(conn)) {
2266 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2267 }
2268
2269 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2270 return map_nt_error_from_unix(errno);
2271 }
2272
2273 fattr = dos_mode(conn,fname,&sbuf);
2274
2275 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2276 dirtype = aDIR|aARCH|aRONLY;
2277 }
2278
2279 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2280 if (!dirtype) {
2281 return NT_STATUS_NO_SUCH_FILE;
2282 }
2283
2284 if (!dir_check_ftype(conn, fattr, dirtype)) {
2285 if (fattr & aDIR) {
2286 return NT_STATUS_FILE_IS_A_DIRECTORY;
2287 }
2288 return NT_STATUS_NO_SUCH_FILE;
2289 }
2290
2291 if (dirtype_orig & 0x8000) {
2292 /* These will never be set for POSIX. */
2293 return NT_STATUS_NO_SUCH_FILE;
2294 }
2295
2296 #if 0
2297 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2298 return NT_STATUS_FILE_IS_A_DIRECTORY;
2299 }
2300
2301 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2302 return NT_STATUS_NO_SUCH_FILE;
2303 }
2304
2305 if (dirtype & 0xFF00) {
2306 /* These will never be set for POSIX. */
2307 return NT_STATUS_NO_SUCH_FILE;
2308 }
2309
2310 dirtype &= 0xFF;
2311 if (!dirtype) {
2312 return NT_STATUS_NO_SUCH_FILE;
2313 }
2314
2315 /* Can't delete a directory. */
2316 if (fattr & aDIR) {
2317 return NT_STATUS_FILE_IS_A_DIRECTORY;
2318 }
2319 #endif
2320
2321 #if 0 /* JRATEST */
2322 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2323 return NT_STATUS_OBJECT_NAME_INVALID;
2324 #endif /* JRATEST */
2325
2326 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2327
2328 On a Windows share, a file with read-only dosmode can be opened with
2329 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2330 fails with NT_STATUS_CANNOT_DELETE error.
2331
2332 This semantic causes a problem that a user can not
2333 rename a file with read-only dosmode on a Samba share
2334 from a Windows command prompt (i.e. cmd.exe, but can rename
2335 from Windows Explorer).
2336 */
2337
2338 if (!lp_delete_readonly(SNUM(conn))) {
2339 if (fattr & aRONLY) {
2340 return NT_STATUS_CANNOT_DELETE;
2341 }
2342 }
2343
2344 /* On open checks the open itself will check the share mode, so
2345 don't do it here as we'll get it wrong. */
2346
2347 status = SMB_VFS_CREATE_FILE
2348 (conn, /* conn */
2349 req, /* req */
2350 0, /* root_dir_fid */
2351 fname, /* fname */
2352 0, /* create_file_flags */
2353 DELETE_ACCESS, /* access_mask */
2354 FILE_SHARE_NONE, /* share_access */
2355 FILE_OPEN, /* create_disposition*/
2356 FILE_NON_DIRECTORY_FILE, /* create_options */
2357 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2358 0, /* oplock_request */
2359 0, /* allocation_size */
2360 NULL, /* sd */
2361 NULL, /* ea_list */
2362 &fsp, /* result */
2363 NULL, /* pinfo */
2364 &sbuf); /* psbuf */
2365
2366 if (!NT_STATUS_IS_OK(status)) {
2367 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2368 nt_errstr(status)));
2369 return status;
2370 }
2371
2372 /* The set is across all open files on this dev/inode pair. */
2373 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2374 close_file(req, fsp, NORMAL_CLOSE);
2375 return NT_STATUS_ACCESS_DENIED;
2376 }
2377
2378 return close_file(req, fsp, NORMAL_CLOSE);
2379 }
2380
2381 /****************************************************************************
2382 The guts of the unlink command, split out so it may be called by the NT SMB
2383 code.
2384 ****************************************************************************/
2385
2386 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2387 uint32 dirtype, const char *name_in, bool has_wild)
2388 {
2389 const char *directory = NULL;
2390 char *mask = NULL;
2391 char *name = NULL;
2392 char *p = NULL;
2393 int count=0;
2394 NTSTATUS status = NT_STATUS_OK;
2395 SMB_STRUCT_STAT sbuf, st;
2396 TALLOC_CTX *ctx = talloc_tos();
2397
2398 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2399 if (!NT_STATUS_IS_OK(status)) {
2400 return status;
2401 }
2402
2403 p = strrchr_m(name,'/');
2404 if (!p) {
2405 directory = talloc_strdup(ctx, ".");
2406 if (!directory) {
2407 return NT_STATUS_NO_MEMORY;
2408 }
2409 mask = name;
2410 } else {
2411 *p = 0;
2412 directory = name;
2413 mask = p+1;
2414 }
2415
2416 /*
2417 * We should only check the mangled cache
2418 * here if unix_convert failed. This means
2419 * that the path in 'mask' doesn't exist
2420 * on the file system and so we need to look
2421 * for a possible mangle. This patch from
2422 * Tine Smukavec <valentin.smukavec@hermes.si>.
2423 */
2424
2425 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2426 char *new_mask = NULL;
2427 mangle_lookup_name_from_8_3(ctx,
2428 mask,
2429 &new_mask,
2430 conn->params );
2431 if (new_mask) {
2432 mask = new_mask;
2433 }
2434 }
2435
2436 if (!has_wild) {
2437 directory = talloc_asprintf(ctx,
2438 "%s/%s",
2439 directory,
2440 mask);
2441 if (!directory) {
2442 return NT_STATUS_NO_MEMORY;
2443 }
2444 if (dirtype == 0) {
2445 dirtype = FILE_ATTRIBUTE_NORMAL;
2446 }
2447
2448 status = check_name(conn, directory);
2449 if (!NT_STATUS_IS_OK(status)) {
2450 return status;
2451 }
2452
2453 status = do_unlink(conn, req, directory, dirtype);
2454 if (!NT_STATUS_IS_OK(status)) {
2455 return status;
2456 }
2457
2458 count++;
2459 } else {
2460 struct smb_Dir *dir_hnd = NULL;
2461 long offset = 0;
2462 const char *dname;
2463
2464 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2465 return NT_STATUS_OBJECT_NAME_INVALID;
2466 }
2467
2468 if (strequal(mask,"????????.???")) {
2469 mask[0] = '*';
2470 mask[1] = '\0';
2471 }
2472
2473 status = check_name(conn, directory);
2474 if (!NT_STATUS_IS_OK(status)) {
2475 return status;
2476 }
2477
2478 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2479 dirtype);
2480 if (dir_hnd == NULL) {
2481 return map_nt_error_from_unix(errno);
2482 }
2483
2484 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2485 the pattern matches against the long name, otherwise the short name
2486 We don't implement this yet XXXX
2487 */
2488
2489 status = NT_STATUS_NO_SUCH_FILE;
2490
2491 while ((dname = ReadDirName(dir_hnd, &offset, &st))) {
2492 char *fname = NULL;
2493
2494 if (!is_visible_file(conn, directory, dname, &st,
2495 true))
2496 {
2497 continue;
2498 }
2499
2500 /* Quick check for "." and ".." */
2501 if (ISDOT(dname) || ISDOTDOT(dname)) {
2502 continue;
2503 }
2504
2505 if(!mask_match(dname, mask, conn->case_sensitive)) {
2506 continue;
2507 }
2508
2509 fname = talloc_asprintf(ctx, "%s/%s",
2510 directory,
2511 dname);
2512 if (!fname) {
2513 return NT_STATUS_NO_MEMORY;
2514 }
2515
2516 status = check_name(conn, fname);
2517 if (!NT_STATUS_IS_OK(status)) {
2518 TALLOC_FREE(dir_hnd);
2519 return status;
2520 }
2521
2522 status = do_unlink(conn, req, fname, dirtype);
2523 if (!NT_STATUS_IS_OK(status)) {
2524 TALLOC_FREE(fname);
2525 continue;
2526 }
2527
2528 count++;
2529 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2530 fname));
2531
2532 TALLOC_FREE(fname);
2533 }
2534 TALLOC_FREE(dir_hnd);
2535 }
2536
2537 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2538 status = map_nt_error_from_unix(errno);
2539 }
2540
2541 return status;
2542 }
2543
2544 /****************************************************************************
2545 Reply to a unlink
2546 ****************************************************************************/
2547
2548 void reply_unlink(struct smb_request *req)
2549 {
2550 connection_struct *conn = req->conn;
2551 char *name = NULL;
2552 uint32 dirtype;
2553 NTSTATUS status;
2554 bool path_contains_wcard = False;
2555 TALLOC_CTX *ctx = talloc_tos();
2556
2557 START_PROFILE(SMBunlink);
2558
2559 if (req->wct < 1) {
2560 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2561 END_PROFILE(SMBunlink);
2562 return;
2563 }
2564
2565 dirtype = SVAL(req->vwv+0, 0);
2566
2567 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2568 STR_TERMINATE, &status,
2569 &path_contains_wcard);
2570 if (!NT_STATUS_IS_OK(status)) {
2571 reply_nterror(req, status);
2572 END_PROFILE(SMBunlink);
2573 return;
2574 }
2575
2576 status = resolve_dfspath_wcard(ctx, conn,
2577 req->flags2 & FLAGS2_DFS_PATHNAMES,
2578 name,
2579 &name,
2580 &path_contains_wcard);
2581 if (!NT_STATUS_IS_OK(status)) {
2582 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2583 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2584 ERRSRV, ERRbadpath);
2585 END_PROFILE(SMBunlink);
2586 return;
2587 }
2588 reply_nterror(req, status);
2589 END_PROFILE(SMBunlink);
2590 return;
2591 }
2592
2593 DEBUG(3,("reply_unlink : %s\n",name));
2594
2595 status = unlink_internals(conn, req, dirtype, name,
2596 path_contains_wcard);
2597 if (!NT_STATUS_IS_OK(status)) {
2598 if (open_was_deferred(req->mid)) {
2599 /* We have re-scheduled this call. */
2600 END_PROFILE(SMBunlink);
2601 return;
2602 }
2603 reply_nterror(req, status);
2604 END_PROFILE(SMBunlink);
2605 return;
2606 }
2607
2608 reply_outbuf(req, 0, 0);
2609 END_PROFILE(SMBunlink);
2610
2611 return;
2612 }
2613
2614 /****************************************************************************
2615 Fail for readbraw.
2616 ****************************************************************************/
2617
2618 static void fail_readraw(void)
2619 {
2620 const char *errstr = talloc_asprintf(talloc_tos(),
2621 "FAIL ! reply_readbraw: socket write fail (%s)",
2622 strerror(errno));
2623 if (!errstr) {
2624 errstr = "";
2625 }
2626 exit_server_cleanly(errstr);
2627 }
2628
2629 /****************************************************************************
2630 Fake (read/write) sendfile. Returns -1 on read or write fail.
2631 ****************************************************************************/
2632
2633 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2634 size_t nread)
2635 {
2636 size_t bufsize;
2637 size_t tosend = nread;
2638 char *buf;
2639
2640 if (nread == 0) {
2641 return 0;
2642 }
2643
2644 bufsize = MIN(nread, 65536);
2645
2646 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2647 return -1;
2648 }
2649
2650 while (tosend > 0) {
2651 ssize_t ret;
2652 size_t cur_read;
2653
2654 if (tosend > bufsize) {
2655 cur_read = bufsize;
2656 } else {
2657 cur_read = tosend;
2658 }
2659 ret = read_file(fsp,buf,startpos,cur_read);
2660 if (ret == -1) {
2661 SAFE_FREE(buf);
2662 return -1;
2663 }
2664
2665 /* If we had a short read, fill with zeros. */
2666 if (ret < cur_read) {
2667 memset(buf, '\0', cur_read - ret);
2668 }
2669
2670 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2671 SAFE_FREE(buf);
2672 return -1;
2673 }
2674 tosend -= cur_read;
2675 startpos += cur_read;
2676 }
2677
2678 SAFE_FREE(buf);
2679 return (ssize_t)nread;
2680 }
2681
2682 /****************************************************************************
2683 Deal with the case of sendfile reading less bytes from the file than
2684 requested. Fill with zeros (all we can do).
2685 ****************************************************************************/
2686
2687 static void sendfile_short_send(files_struct *fsp,
2688 ssize_t nread,
2689 size_t headersize,
2690 size_t smb_maxcnt)
2691 {
2692 if (nread < headersize) {
2693 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2694 "header for file %s (%s). Terminating\n",
2695 fsp->fsp_name, strerror(errno) ));
2696 exit_server_cleanly("sendfile_short_send failed");
2697 }
2698
2699 nread -= headersize;
2700
2701 if (nread < smb_maxcnt) {
2702 char *buf = SMB_CALLOC_ARRAY(char, 1024);
2703 if (!buf) {
2704 exit_server_cleanly("sendfile_short_send: "
2705 "malloc failed");
2706 }
2707
2708 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2709 "with zeros !\n", fsp->fsp_name));
2710
2711 while (nread < smb_maxcnt) {
2712 /*
2713 * We asked for the real file size and told sendfile
2714 * to not go beyond the end of the file. But it can
2715 * happen that in between our fstat call and the
2716 * sendfile call the file was truncated. This is very
2717 * bad because we have already announced the larger
2718 * number of bytes to the client.
2719 *
2720 * The best we can do now is to send 0-bytes, just as
2721 * a read from a hole in a sparse file would do.
2722 *
2723 * This should happen rarely enough that I don't care
2724 * about efficiency here :-)
2725 */
2726 size_t to_write;
2727
2728 to_write = MIN(sizeof(buf), smb_maxcnt - nread);
2729 if (write_data(smbd_server_fd(), buf, to_write) != to_write) {
2730 exit_server_cleanly("sendfile_short_send: "
2731 "write_data failed");
2732 }
2733 nread += to_write;
2734 }
2735 SAFE_FREE(buf);
2736 }
2737 }
2738
2739 /****************************************************************************
2740 Return a readbraw error (4 bytes of zero).
2741 ****************************************************************************/
2742
2743 static void reply_readbraw_error(void)
2744 {
2745 char header[4];
2746 SIVAL(header,0,0);
2747 if (write_data(smbd_server_fd(),header,4) != 4) {
2748 fail_readraw();
2749 }
2750 }
2751
2752 /****************************************************************************
2753 Use sendfile in readbraw.
2754 ****************************************************************************/
2755
2756 static void send_file_readbraw(connection_struct *conn,
2757 struct smb_request *req,
2758 files_struct *fsp,
2759 SMB_OFF_T startpos,
2760 size_t nread,
2761 ssize_t mincount)
2762 {
2763 char *outbuf = NULL;
2764 ssize_t ret=0;
2765
2766 #if defined(WITH_SENDFILE)
2767 /*
2768 * We can only use sendfile on a non-chained packet
2769 * but we can use on a non-oplocked file. tridge proved this
2770 * on a train in Germany :-). JRA.
2771 * reply_readbraw has already checked the length.
2772 */
2773
2774 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2775 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2776 ssize_t sendfile_read = -1;
2777 char header[4];
2778 DATA_BLOB header_blob;
2779
2780 _smb_setlen(header,nread);
2781 header_blob = data_blob_const(header, 4);
2782
2783 if ((sendfile_read = SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2784 &header_blob, startpos, nread)) == -1) {
2785 /* Returning ENOSYS means no data at all was sent.
2786 * Do this as a normal read. */
2787 if (errno == ENOSYS) {
2788 goto normal_readbraw;
2789 }
2790
2791 /*
2792 * Special hack for broken Linux with no working sendfile. If we
2793 * return EINTR we sent the header but not the rest of the data.
2794 * Fake this up by doing read/write calls.
2795 */
2796 if (errno == EINTR) {
2797 /* Ensure we don't do this again. */
2798 set_use_sendfile(SNUM(conn), False);
2799 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2800
2801 if (fake_sendfile(fsp, startpos, nread) == -1) {
2802 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2803 fsp->fsp_name, strerror(errno) ));
2804 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2805 }
2806 return;
2807 }
2808
2809 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2810 fsp->fsp_name, strerror(errno) ));
2811 exit_server_cleanly("send_file_readbraw sendfile failed");
2812 } else if (sendfile_read == 0) {
2813 /*
2814 * Some sendfile implementations return 0 to indicate
2815 * that there was a short read, but nothing was
2816 * actually written to the socket. In this case,
2817 * fallback to the normal read path so the header gets
2818 * the correct byte count.
2819 */
2820 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
2821 "bytes falling back to the normal read: "
2822 "%s\n", fsp->fsp_name));
2823 goto normal_readbraw;
2824 }
2825
2826 /* Deal with possible short send. */
2827 if (sendfile_read != 4+nread) {
2828 sendfile_short_send(fsp, sendfile_read, 4, nread);
2829 }
2830 return;
2831 }
2832
2833 normal_readbraw:
2834 #endif
2835
2836 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2837 if (!outbuf) {
2838 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2839 (unsigned)(nread+4)));
2840 reply_readbraw_error();
2841 return;
2842 }
2843
2844 if (nread > 0) {
2845 ret = read_file(fsp,outbuf+4,startpos,nread);
2846 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2847 if (ret < mincount)
2848 ret = 0;
2849 #else
2850 if (ret < nread)
2851 ret = 0;
2852 #endif
2853 }
2854
2855 _smb_setlen(outbuf,ret);
2856 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2857 fail_readraw();
2858
2859 TALLOC_FREE(outbuf);
2860 }
2861
2862 /****************************************************************************
2863 Reply to a readbraw (core+ protocol).
2864 ****************************************************************************/
2865
2866 void reply_readbraw(struct smb_request *req)
2867 {
2868 connection_struct *conn = req->conn;
2869 ssize_t maxcount,mincount;
2870 size_t nread = 0;
2871 SMB_OFF_T startpos;
2872 files_struct *fsp;
2873 struct lock_struct lock;
2874 SMB_STRUCT_STAT st;
2875 SMB_OFF_T size = 0;
2876
2877 START_PROFILE(SMBreadbraw);
2878
2879 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2880 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2881 "raw reads/writes are disallowed.");
2882 }
2883
2884 if (req->wct < 8) {
2885 reply_readbraw_error();
2886 END_PROFILE(SMBreadbraw);
2887 return;
2888 }
2889
2890 /*
2891 * Special check if an oplock break has been issued
2892 * and the readraw request croses on the wire, we must
2893 * return a zero length response here.
2894 */
2895
2896 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2897
2898 /*
2899 * We have to do a check_fsp by hand here, as
2900 * we must always return 4 zero bytes on error,
2901 * not a NTSTATUS.
2902 */
2903
2904 if (!fsp || !conn || conn != fsp->conn ||
2905 req->vuid != fsp->vuid ||
2906 fsp->is_directory || fsp->fh->fd == -1) {
2907 /*
2908 * fsp could be NULL here so use the value from the packet. JRA.
2909 */
2910 DEBUG(3,("reply_readbraw: fnum %d not valid "
2911 "- cache prime?\n",
2912 (int)SVAL(req->vwv+0, 0)));
2913 reply_readbraw_error();
2914 END_PROFILE(SMBreadbraw);
2915 return;
2916 }
2917
2918 /* Do a "by hand" version of CHECK_READ. */
2919 if (!(fsp->can_read ||
2920 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2921 (fsp->access_mask & FILE_EXECUTE)))) {
2922 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2923 (int)SVAL(req->vwv+0, 0)));
2924 reply_readbraw_error();
2925 END_PROFILE(SMBreadbraw);
2926 return;
2927 }
2928
2929 flush_write_cache(fsp, READRAW_FLUSH);
2930
2931 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
2932 if(req->wct == 10) {
2933 /*
2934 * This is a large offset (64 bit) read.
2935 */
2936 #ifdef LARGE_SMB_OFF_T
2937
2938 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
2939
2940 #else /* !LARGE_SMB_OFF_T */
2941
2942 /*
2943 * Ensure we haven't been sent a >32 bit offset.
2944 */
2945
2946 if(IVAL(req->vwv+8, 0) != 0) {
2947 DEBUG(0,("reply_readbraw: large offset "
2948 "(%x << 32) used and we don't support "
2949 "64 bit offsets.\n",
2950 (unsigned int)IVAL(req->vwv+8, 0) ));
2951 reply_readbraw_error();
2952 END_PROFILE(SMBreadbraw);
2953 return;
2954 }
2955
2956 #endif /* LARGE_SMB_OFF_T */
2957
2958 if(startpos < 0) {
2959 DEBUG(0,("reply_readbraw: negative 64 bit "
2960 "readraw offset (%.0f) !\n",
2961 (double)startpos ));
2962 reply_readbraw_error();
2963 END_PROFILE(SMBreadbraw);
2964 return;
2965 }
2966 }
2967
2968 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
2969 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
2970
2971 /* ensure we don't overrun the packet size */
2972 maxcount = MIN(65535,maxcount);
2973
2974 init_strict_lock_struct(fsp, (uint32)req->smbpid,
2975 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
2976 &lock);
2977
2978 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
2979 reply_readbraw_error();
2980 END_PROFILE(SMBreadbraw);
2981 return;
2982 }
2983
2984 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2985 size = st.st_size;
2986 }
2987
2988 if (startpos >= size) {
2989 nread = 0;
2990 } else {
2991 nread = MIN(maxcount,(size - startpos));
2992 }
2993
2994 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2995 if (nread < mincount)
2996 nread = 0;
2997 #endif
2998
2999 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3000 "min=%lu nread=%lu\n",
3001 fsp->fnum, (double)startpos,
3002 (unsigned long)maxcount,
3003 (unsigned long)mincount,
3004 (unsigned long)nread ) );
3005
3006 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3007
3008 DEBUG(5,("reply_readbraw finished\n"));
3009
3010 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3011
3012 END_PROFILE(SMBreadbraw);
3013 return;
3014 }
3015
3016 #undef DBGC_CLASS
3017 #define DBGC_CLASS DBGC_LOCKING
3018
3019 /****************************************************************************
3020 Reply to a lockread (core+ protocol).
3021 ****************************************************************************/
3022
3023 void reply_lockread(struct smb_request *req)
3024 {
3025 connection_struct *conn = req->conn;
3026 ssize_t nread = -1;
3027 char *data;
3028 SMB_OFF_T startpos;
3029 size_t numtoread;
3030 NTSTATUS status;
3031 files_struct *fsp;
3032 struct byte_range_lock *br_lck = NULL;
3033 char *p = NULL;
3034
3035 START_PROFILE(SMBlockread);
3036
3037 if (req->wct < 5) {
3038 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3039 END_PROFILE(SMBlockread);
3040 return;
3041 }
3042
3043 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3044
3045 if (!check_fsp(conn, req, fsp)) {
3046 END_PROFILE(SMBlockread);
3047 return;
3048 }
3049
3050 if (!CHECK_READ(fsp,req)) {
3051 reply_doserror(req, ERRDOS, ERRbadaccess);
3052 END_PROFILE(SMBlockread);
3053 return;
3054 }
3055
3056 numtoread = SVAL(req->vwv+1, 0);
3057 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3058
3059 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3060
3061 reply_outbuf(req, 5, numtoread + 3);
3062
3063 data = smb_buf(req->outbuf) + 3;
3064
3065 /*
3066 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3067 * protocol request that predates the read/write lock concept.
3068 * Thus instead of asking for a read lock here we need to ask
3069 * for a write lock. JRA.
3070 * Note that the requested lock size is unaffected by max_recv.
3071 */
3072
3073 br_lck = do_lock(smbd_messaging_context(),
3074 fsp,
3075 req->smbpid,
3076 (uint64_t)numtoread,
3077 (uint64_t)startpos,
3078 WRITE_LOCK,
3079 WINDOWS_LOCK,
3080 False, /* Non-blocking lock. */
3081 &status,
3082 NULL,
3083 NULL);
3084 TALLOC_FREE(br_lck);
3085
3086 if (NT_STATUS_V(status)) {
3087 reply_nterror(req, status);
3088 END_PROFILE(SMBlockread);
3089 return;
3090 }
3091
3092 /*
3093 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3094 */
3095
3096 if (numtoread > max_recv) {
3097 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3098 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3099 (unsigned int)numtoread, (unsigned int)max_recv ));
3100 numtoread = MIN(numtoread,max_recv);
3101 }
3102 nread = read_file(fsp,data,startpos,numtoread);
3103
3104 if (nread < 0) {
3105 reply_unixerror(req, ERRDOS, ERRnoaccess);
3106 END_PROFILE(SMBlockread);
3107 return;
3108 }
3109
3110 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3111
3112 SSVAL(req->outbuf,smb_vwv0,nread);
3113 SSVAL(req->outbuf,smb_vwv5,nread+3);
3114 p = smb_buf(req->outbuf);
3115 SCVAL(p,0,0); /* pad byte. */
3116 SSVAL(p,1,nread);
3117
3118 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3119 fsp->fnum, (int)numtoread, (int)nread));
3120
3121 END_PROFILE(SMBlockread);
3122 return;
3123 }
3124
3125 #undef DBGC_CLASS
3126 #define DBGC_CLASS DBGC_ALL
3127
3128 /****************************************************************************
3129 Reply to a read.
3130 ****************************************************************************/
3131
3132 void reply_read(struct smb_request *req)
3133 {
3134 connection_struct *conn = req->conn;
3135 size_t numtoread;
3136 ssize_t nread = 0;
3137 char *data;
3138 SMB_OFF_T startpos;
3139 int outsize = 0;
3140 files_struct *fsp;
3141 struct lock_struct lock;
3142
3143 START_PROFILE(SMBread);
3144
3145 if (req->wct < 3) {
3146 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3147 END_PROFILE(SMBread);
3148 return;
3149 }
3150
3151 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3152
3153 if (!check_fsp(conn, req, fsp)) {
3154 END_PROFILE(SMBread);
3155 return;
3156 }
3157
3158 if (!CHECK_READ(fsp,req)) {
3159 reply_doserror(req, ERRDOS, ERRbadaccess);
3160 END_PROFILE(SMBread);
3161 return;
3162 }
3163
3164 numtoread = SVAL(req->vwv+1, 0);
3165 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3166
3167 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3168
3169 /*
3170 * The requested read size cannot be greater than max_recv. JRA.
3171 */
3172 if (numtoread > max_recv) {
3173 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3174 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3175 (unsigned int)numtoread, (unsigned int)max_recv ));
3176 numtoread = MIN(numtoread,max_recv);
3177 }
3178
3179 reply_outbuf(req, 5, numtoread+3);
3180
3181 data = smb_buf(req->outbuf) + 3;
3182
3183 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3184 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3185 &lock);
3186
3187 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3188 reply_doserror(req, ERRDOS,ERRlock);
3189 END_PROFILE(SMBread);
3190 return;
3191 }
3192
3193 if (numtoread > 0)
3194 nread = read_file(fsp,data,startpos,numtoread);
3195
3196 if (nread < 0) {
3197 reply_unixerror(req, ERRDOS,ERRnoaccess);
3198 goto strict_unlock;
3199 }
3200
3201 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3202
3203 SSVAL(req->outbuf,smb_vwv0,nread);
3204 SSVAL(req->outbuf,smb_vwv5,nread+3);
3205 SCVAL(smb_buf(req->outbuf),0,1);
3206 SSVAL(smb_buf(req->outbuf),1,nread);
3207
3208 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3209 fsp->fnum, (int)numtoread, (int)nread ) );
3210
3211 strict_unlock:
3212 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3213
3214 END_PROFILE(SMBread);
3215 return;
3216 }
3217
3218 /****************************************************************************
3219 Setup readX header.
3220 ****************************************************************************/
3221
3222 static int setup_readX_header(struct smb_request *req, char *outbuf,
3223 size_t smb_maxcnt)
3224 {
3225 int outsize;
3226 char *data;
3227
3228 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3229 data = smb_buf(outbuf);
3230
3231 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3232
3233 SCVAL(outbuf,smb_vwv0,0xFF);
3234 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3235 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3236 SSVAL(outbuf,smb_vwv6,
3237 req_wct_ofs(req)
3238 + 1 /* the wct field */
3239 + 12 * sizeof(uint16_t) /* vwv */
3240 + 2); /* the buflen field */
3241 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3242 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3243 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3244 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3245 return outsize;
3246 }
3247
3248 /****************************************************************************
3249 Reply to a read and X - possibly using sendfile.
3250 ****************************************************************************/
3251
3252 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3253 files_struct *fsp, SMB_OFF_T startpos,
3254 size_t smb_maxcnt)
3255 {
3256 SMB_STRUCT_STAT sbuf;
3257 ssize_t nread = -1;
3258
3259 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3260 reply_unixerror(req, ERRDOS, ERRnoaccess);
3261 return;
3262 }
3263
3264 if (startpos > sbuf.st_size) {
3265 smb_maxcnt = 0;
3266 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3267 smb_maxcnt = (sbuf.st_size - startpos);
3268 }
3269
3270 if (smb_maxcnt == 0) {
3271 goto normal_read;
3272 }
3273
3274 #if defined(WITH_SENDFILE)
3275 /*
3276 * We can only use sendfile on a non-chained packet
3277 * but we can use on a non-oplocked file. tridge proved this
3278 * on a train in Germany :-). JRA.
3279 */
3280
3281 if (!req_is_in_chain(req) &&
3282 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3283 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3284 uint8 headerbuf[smb_size + 12 * 2];
3285 DATA_BLOB header;
3286
3287 /*
3288 * Set up the packet header before send. We
3289 * assume here the sendfile will work (get the
3290 * correct amount of data).
3291 */
3292
3293 header = data_blob_const(headerbuf, sizeof(headerbuf));
3294
3295 construct_reply_common_req(req, (char *)headerbuf);
3296 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3297
3298 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3299 /* Returning ENOSYS means no data at all was sent.
3300 Do this as a normal read. */
3301 if (errno == ENOSYS) {
3302 goto normal_read;
3303 }
3304
3305 /*
3306 * Special hack for broken Linux with no working sendfile. If we
3307 * return EINTR we sent the header but not the rest of the data.
3308 * Fake this up by doing read/write calls.
3309 */
3310
3311 if (errno == EINTR) {
3312 /* Ensure we don't do this again. */
3313 set_use_sendfile(SNUM(conn), False);
3314 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3315 nread = fake_sendfile(fsp, startpos,
3316 smb_maxcnt);
3317 if (nread == -1) {
3318 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3319 fsp->fsp_name, strerror(errno) ));
3320 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3321 }
3322 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3323 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3324 /* No outbuf here means successful sendfile. */
3325 TALLOC_FREE(req->outbuf);
3326 return;
3327 }
3328
3329 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3330 fsp->fsp_name, strerror(errno) ));
3331 exit_server_cleanly("send_file_readX sendfile failed");
3332 } else if (nread == 0) {
3333 /*
3334 * Some sendfile implementations return 0 to indicate
3335 * that there was a short read, but nothing was
3336 * actually written to the socket. In this case,
3337 * fallback to the normal read path so the header gets
3338 * the correct byte count.
3339 */
3340 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3341 "falling back to the normal read: %s\n",
3342 fsp->fsp_name));
3343 goto normal_read;
3344 }
3345
3346 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3347 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3348
3349 /* Deal with possible short send. */
3350 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3351 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3352 }
3353
3354 /* No outbuf here means successful sendfile. */
3355 TALLOC_FREE(req->outbuf);
3356 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3357 SMB_PERFCOUNT_END(&req->pcd);
3358 return;
3359 }
3360 #endif
3361
3362 normal_read:
3363
3364 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3365 uint8 headerbuf[smb_size + 2*12];
3366
3367 construct_reply_common_req(req, (char *)headerbuf);
3368 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3369
3370 /* Send out the header. */
3371 if (write_data(smbd_server_fd(), (char *)headerbuf,
3372 sizeof(headerbuf)) != sizeof(headerbuf)) {
3373 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3374 fsp->fsp_name, strerror(errno) ));
3375 exit_server_cleanly("send_file_readX sendfile failed");
3376 }
3377 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3378 if (nread == -1) {
3379 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3380 fsp->fsp_name, strerror(errno) ));
3381 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3382 }
3383 TALLOC_FREE(req->outbuf);
3384 return;
3385 }
3386
3387 reply_outbuf(req, 12, smb_maxcnt);
3388
3389 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3390 if (nread < 0) {
3391 reply_unixerror(req, ERRDOS, ERRnoaccess);
3392 return;
3393 }
3394
3395 setup_readX_header(req, (char *)req->outbuf, nread);
3396
3397 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3398 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3399
3400 chain_reply(req);
3401 }
3402
3403 /****************************************************************************
3404 Reply to a read and X.
3405 ****************************************************************************/
3406
3407 void reply_read_and_X(struct smb_request *req)
3408 {
3409 connection_struct *conn = req->conn;
3410 files_struct *fsp;
3411 SMB_OFF_T startpos;
3412 size_t smb_maxcnt;
3413 struct lock_struct lock;
3414 bool big_readX = False;
3415 #if 0
3416 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3417 #endif
3418
3419 START_PROFILE(SMBreadX);
3420
3421 if ((req->wct != 10) && (req->wct != 12)) {
3422 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3423 return;
3424 }
3425
3426 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3427 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3428 smb_maxcnt = SVAL(req->vwv+5, 0);
3429
3430 /* If it's an IPC, pass off the pipe handler. */
3431 if (IS_IPC(conn)) {
3432 reply_pipe_read_and_X(req);
3433 END_PROFILE(SMBreadX);
3434 return;
3435 }
3436
3437 if (!check_fsp(conn, req, fsp)) {
3438 END_PROFILE(SMBreadX);
3439 return;
3440 }
3441
3442 if (!CHECK_READ(fsp,req)) {
3443 reply_doserror(req, ERRDOS,ERRbadaccess);
3444 END_PROFILE(SMBreadX);
3445 return;
3446 }
3447
3448 if (global_client_caps & CAP_LARGE_READX) {
3449 size_t upper_size = SVAL(req->vwv+7, 0);
3450 smb_maxcnt |= (upper_size<<16);
3451 if (upper_size > 1) {
3452 /* Can't do this on a chained packet. */
3453 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3454 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3455 END_PROFILE(SMBreadX);
3456 return;
3457 }
3458 /* We currently don't do this on signed or sealed data. */
3459 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3460 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3461 END_PROFILE(SMBreadX);
3462 return;
3463 }
3464 /* Is there room in the reply for this data ? */
3465 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3466 reply_nterror(req,
3467 NT_STATUS_INVALID_PARAMETER);
3468 END_PROFILE(SMBreadX);
3469 return;
3470 }
3471 big_readX = True;
3472 }
3473 }
3474
3475 if (req->wct == 12) {
3476 #ifdef LARGE_SMB_OFF_T
3477 /*
3478 * This is a large offset (64 bit) read.
3479 */
3480 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3481
3482 #else /* !LARGE_SMB_OFF_T */
3483
3484 /*
3485 * Ensure we haven't been sent a >32 bit offset.
3486 */
3487
3488 if(IVAL(req->vwv+10, 0) != 0) {
3489 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3490 "used and we don't support 64 bit offsets.\n",
3491 (unsigned int)IVAL(req->vwv+10, 0) ));
3492 END_PROFILE(SMBreadX);
3493 reply_doserror(req, ERRDOS, ERRbadaccess);
3494 return;
3495 }
3496
3497 #endif /* LARGE_SMB_OFF_T */
3498
3499 }
3500
3501 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3502 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3503 &lock);
3504
3505 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3506 END_PROFILE(SMBreadX);
3507 reply_doserror(req, ERRDOS, ERRlock);
3508 return;
3509 }
3510
3511 if (!big_readX &&
3512 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3513 goto strict_unlock;
3514 }
3515
3516 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3517
3518 strict_unlock:
3519 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3520
3521 END_PROFILE(SMBreadX);
3522 return;
3523 }
3524
3525 /****************************************************************************
3526 Error replies to writebraw must have smb_wct == 1. Fix this up.
3527 ****************************************************************************/
3528
3529 void error_to_writebrawerr(struct smb_request *req)
3530 {
3531 uint8 *old_outbuf = req->outbuf;
3532
3533 reply_outbuf(req, 1, 0);
3534
3535 memcpy(req->outbuf, old_outbuf, smb_size);
3536 TALLOC_FREE(old_outbuf);
3537 }
3538
3539 /****************************************************************************
3540 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3541 ****************************************************************************/
3542
3543 void reply_writebraw(struct smb_request *req)
3544 {
3545 connection_struct *conn = req->conn;
3546 char *buf = NULL;
3547 ssize_t nwritten=0;
3548 ssize_t total_written=0;
3549 size_t numtowrite=0;
3550 size_t tcount;
3551 SMB_OFF_T startpos;
3552 char *data=NULL;
3553 bool write_through;
3554 files_struct *fsp;
3555 struct lock_struct lock;
3556 NTSTATUS status;
3557
3558 START_PROFILE(SMBwritebraw);
3559
3560 /*
3561 * If we ever reply with an error, it must have the SMB command
3562 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3563 * we're finished.
3564 */
3565 SCVAL(req->inbuf,smb_com,SMBwritec);
3566
3567 if (srv_is_signing_active()) {
3568 END_PROFILE(SMBwritebraw);
3569 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3570 "raw reads/writes are disallowed.");
3571 }
3572
3573 if (req->wct < 12) {
3574 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3575 error_to_writebrawerr(req);
3576 END_PROFILE(SMBwritebraw);
3577 return;
3578 }
3579
3580 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3581 if (!check_fsp(conn, req, fsp)) {
3582 error_to_writebrawerr(req);
3583 END_PROFILE(SMBwritebraw);
3584 return;
3585 }
3586
3587 if (!CHECK_WRITE(fsp)) {
3588 reply_doserror(req, ERRDOS, ERRbadaccess);
3589 error_to_writebrawerr(req);
3590 END_PROFILE(SMBwritebraw);
3591 return;
3592 }
3593
3594 tcount = IVAL(req->vwv+1, 0);
3595 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3596 write_through = BITSETW(req->vwv+7,0);
3597
3598 /* We have to deal with slightly different formats depending
3599 on whether we are using the core+ or lanman1.0 protocol */
3600
3601 if(Protocol <= PROTOCOL_COREPLUS) {
3602 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3603 data = smb_buf(req->inbuf);
3604 } else {
3605 numtowrite = SVAL(req->vwv+10, 0);
3606 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3607 }
3608
3609 /* Ensure we don't write bytes past the end of this packet. */
3610 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3611 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3612 error_to_writebrawerr(req);
3613 END_PROFILE(SMBwritebraw);
3614 return;
3615 }
3616
3617 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3618 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3619 &lock);
3620
3621 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3622 reply_doserror(req, ERRDOS, ERRlock);
3623 error_to_writebrawerr(req);
3624 END_PROFILE(SMBwritebraw);
3625 return;
3626 }
3627
3628 if (numtowrite>0) {
3629 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3630 }
3631
3632 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3633 "wrote=%d sync=%d\n",
3634 fsp->fnum, (double)startpos, (int)numtowrite,
3635 (int)nwritten, (int)write_through));
3636
3637 if (nwritten < (ssize_t)numtowrite) {
3638 reply_unixerror(req, ERRHRD, ERRdiskfull);
3639 error_to_writebrawerr(req);
3640 goto strict_unlock;
3641 }
3642
3643 total_written = nwritten;
3644
3645 /* Allocate a buffer of 64k + length. */
3646 buf = TALLOC_ARRAY(NULL, char, 65540);
3647 if (!buf) {
3648 reply_doserror(req, ERRDOS, ERRnomem);
3649 error_to_writebrawerr(req);
3650 goto strict_unlock;
3651 }
3652
3653 /* Return a SMBwritebraw message to the redirector to tell
3654 * it to send more bytes */
3655
3656 memcpy(buf, req->inbuf, smb_size);
3657 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3658 SCVAL(buf,smb_com,SMBwritebraw);
3659 SSVALS(buf,smb_vwv0,0xFFFF);
3660 show_msg(buf);
3661 if (!srv_send_smb(smbd_server_fd(),
3662 buf,
3663 IS_CONN_ENCRYPTED(conn),
3664 &req->pcd)) {
3665 exit_server_cleanly("reply_writebraw: srv_send_smb "
3666 "failed.");
3667 }
3668
3669 /* Now read the raw data into the buffer and write it */
3670 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3671 &numtowrite);
3672 if (!NT_STATUS_IS_OK(status)) {
3673 exit_server_cleanly("secondary writebraw failed");
3674 }
3675
3676 /* Set up outbuf to return the correct size */
3677 reply_outbuf(req, 1, 0);
3678
3679 if (numtowrite != 0) {
3680
3681 if (numtowrite > 0xFFFF) {
3682 DEBUG(0,("reply_writebraw: Oversize secondary write "
3683 "raw requested (%u). Terminating\n",
3684 (unsigned int)numtowrite ));
3685 exit_server_cleanly("secondary writebraw failed");
3686 }
3687
3688 if (tcount > nwritten+numtowrite) {
3689 DEBUG(3,("reply_writebraw: Client overestimated the "
3690 "write %d %d %d\n",
3691 (int)tcount,(int)nwritten,(int)numtowrite));
3692 }
3693
3694 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3695
3696 if (!NT_STATUS_IS_OK(status)) {
3697 DEBUG(0,("reply_writebraw: Oversize secondary write "
3698 "raw read failed (%s). Terminating\n",
3699 nt_errstr(status)));
3700 exit_server_cleanly("secondary writebraw failed");
3701 }
3702
3703 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3704 if (nwritten == -1) {
3705 TALLOC_FREE(buf);
3706 reply_unixerror(req, ERRHRD, ERRdiskfull);
3707 error_to_writebrawerr(req);
3708 goto strict_unlock;
3709 }
3710
3711 if (nwritten < (ssize_t)numtowrite) {
3712 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3713 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3714 }
3715
3716 if (nwritten > 0) {
3717 total_written += nwritten;
3718 }
3719 }
3720
3721 TALLOC_FREE(buf);
3722 SSVAL(req->outbuf,smb_vwv0,total_written);
3723
3724 status = sync_file(conn, fsp, write_through);
3725 if (!NT_STATUS_IS_OK(status)) {
3726 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3727 fsp->fsp_name, nt_errstr(status) ));
3728 reply_nterror(req, status);
3729 error_to_writebrawerr(req);
3730 goto strict_unlock;
3731 }
3732
3733 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3734 "wrote=%d\n",
3735 fsp->fnum, (double)startpos, (int)numtowrite,
3736 (int)total_written));
3737
3738 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3739
3740 /* We won't return a status if write through is not selected - this
3741 * follows what WfWg does */
3742 END_PROFILE(SMBwritebraw);
3743
3744 if (!write_through && total_written==tcount) {
3745
3746 #if RABBIT_PELLET_FIX
3747 /*
3748 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3749 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3750 * JRA.
3751 */
3752 if (!send_keepalive(smbd_server_fd())) {
3753 exit_server_cleanly("reply_writebraw: send of "
3754 "keepalive failed");
3755 }
3756 #endif
3757 TALLOC_FREE(req->outbuf);
3758 }
3759 return;
3760
3761 strict_unlock:
3762 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3763
3764 END_PROFILE(SMBwritebraw);
3765 return;
3766 }
3767
3768 #undef DBGC_CLASS
3769 #define DBGC_CLASS DBGC_LOCKING
3770
3771 /****************************************************************************
3772 Reply to a writeunlock (core+).
3773 ****************************************************************************/
3774
3775 void reply_writeunlock(struct smb_request *req)
3776 {
3777 connection_struct *conn = req->conn;
3778 ssize_t nwritten = -1;
3779 size_t numtowrite;
3780 SMB_OFF_T startpos;
3781 const char *data;
3782 NTSTATUS status = NT_STATUS_OK;
3783 files_struct *fsp;
3784 struct lock_struct lock;
3785
3786 START_PROFILE(SMBwriteunlock);
3787
3788 if (req->wct < 5) {
3789 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3790 END_PROFILE(SMBwriteunlock);
3791 return;
3792 }
3793
3794 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3795
3796 if (!check_fsp(conn, req, fsp)) {
3797 END_PROFILE(SMBwriteunlock);
3798 return;
3799 }
3800
3801 if (!CHECK_WRITE(fsp)) {
3802 reply_doserror(req, ERRDOS,ERRbadaccess);
3803 END_PROFILE(SMBwriteunlock);
3804 return;
3805 }
3806
3807 numtowrite = SVAL(req->vwv+1, 0);
3808 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3809 data = (const char *)req->buf + 3;
3810
3811 if (numtowrite) {
3812 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3813 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3814 &lock);
3815
3816 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3817 reply_doserror(req, ERRDOS, ERRlock);
3818 END_PROFILE(SMBwriteunlock);
3819 return;
3820 }
3821 }
3822
3823 /* The special X/Open SMB protocol handling of
3824 zero length writes is *NOT* done for
3825 this call */
3826 if(numtowrite == 0) {
3827 nwritten = 0;
3828 } else {
3829 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3830 }
3831
3832 status = sync_file(conn, fsp, False /* write through */);
3833 if (!NT_STATUS_IS_OK(status)) {
3834 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3835 fsp->fsp_name, nt_errstr(status) ));
3836 reply_nterror(req, status);
3837 goto strict_unlock;
3838 }
3839
3840 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3841 reply_unixerror(req, ERRHRD, ERRdiskfull);
3842 goto strict_unlock;
3843 }
3844
3845 if (numtowrite) {
3846 status = do_unlock(smbd_messaging_context(),
3847 fsp,
3848 req->smbpid,
3849 (uint64_t)numtowrite,
3850 (uint64_t)startpos,
3851 WINDOWS_LOCK);
3852
3853 if (NT_STATUS_V(status)) {
3854 reply_nterror(req, status);
3855 goto strict_unlock;
3856 }
3857 }
3858
3859 reply_outbuf(req, 1, 0);
3860
3861 SSVAL(req->outbuf,smb_vwv0,nwritten);
3862
3863 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3864 fsp->fnum, (int)numtowrite, (int)nwritten));
3865
3866 strict_unlock:
3867 if (numtowrite) {
3868 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3869 }
3870
3871 END_PROFILE(SMBwriteunlock);
3872 return;
3873 }
3874
3875 #undef DBGC_CLASS
3876 #define DBGC_CLASS DBGC_ALL
3877
3878 /****************************************************************************
3879 Reply to a write.
3880 ****************************************************************************/
3881
3882 void reply_write(struct smb_request *req)
3883 {
3884 connection_struct *conn = req->conn;
3885 size_t numtowrite;
3886 ssize_t nwritten = -1;
3887 SMB_OFF_T startpos;
3888 const char *data;
3889 files_struct *fsp;
3890 struct lock_struct lock;
3891 NTSTATUS status;
3892
3893 START_PROFILE(SMBwrite);
3894
3895 if (req->wct < 5) {
3896 END_PROFILE(SMBwrite);
3897 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3898 return;
3899 }
3900
3901 /* If it's an IPC, pass off the pipe handler. */
3902 if (IS_IPC(conn)) {
3903 reply_pipe_write(req);
3904 END_PROFILE(SMBwrite);
3905 return;
3906 }
3907
3908 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3909
3910 if (!check_fsp(conn, req, fsp)) {
3911 END_PROFILE(SMBwrite);
3912 return;
3913 }
3914
3915 if (!CHECK_WRITE(fsp)) {
3916 reply_doserror(req, ERRDOS, ERRbadaccess);
3917 END_PROFILE(SMBwrite);
3918 return;
3919 }
3920
3921 numtowrite = SVAL(req->vwv+1, 0);
3922 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3923 data = (const char *)req->buf + 3;
3924
3925 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3926 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3927 &lock);
3928
3929 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3930 reply_doserror(req, ERRDOS, ERRlock);
3931 END_PROFILE(SMBwrite);
3932 return;
3933 }
3934
3935 /*
3936 * X/Open SMB protocol says that if smb_vwv1 is
3937 * zero then the file size should be extended or
3938 * truncated to the size given in smb_vwv[2-3].
3939 */
3940
3941 if(numtowrite == 0) {
3942 /*
3943 * This is actually an allocate call, and set EOF. JRA.
3944 */
3945 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3946 if (nwritten < 0) {
3947 reply_nterror(req, NT_STATUS_DISK_FULL);
3948 goto strict_unlock;
3949 }
3950 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3951 if (nwritten < 0) {
3952 reply_nterror(req, NT_STATUS_DISK_FULL);
3953 goto strict_unlock;
3954 }
3955 trigger_write_time_update_immediate(fsp);
3956 } else {
3957 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3958 }
3959
3960 status = sync_file(conn, fsp, False);
3961 if (!NT_STATUS_IS_OK(status)) {
3962 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3963 fsp->fsp_name, nt_errstr(status) ));
3964 reply_nterror(req, status);
3965 goto strict_unlock;
3966 }
3967
3968 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3969 reply_unixerror(req, ERRHRD, ERRdiskfull);
3970 goto strict_unlock;
3971 }
3972
3973 reply_outbuf(req, 1, 0);
3974
3975 SSVAL(req->outbuf,smb_vwv0,nwritten);
3976
3977 if (nwritten < (ssize_t)numtowrite) {
3978 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3979 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3980 }
3981
3982 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3983
3984 strict_unlock:
3985 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3986
3987 END_PROFILE(SMBwrite);
3988 return;
3989 }
3990
3991 /****************************************************************************
3992 Ensure a buffer is a valid writeX for recvfile purposes.
3993 ****************************************************************************/
3994
3995 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3996 (2*14) + /* word count (including bcc) */ \
3997 1 /* pad byte */)
3998
3999 bool is_valid_writeX_buffer(const uint8_t *inbuf)
4000 {
4001 size_t numtowrite;
4002 connection_struct *conn = NULL;
4003 unsigned int doff = 0;
4004 size_t len = smb_len_large(inbuf);
4005
4006 if (is_encrypted_packet(inbuf)) {
4007 /* Can't do this on encrypted
4008 * connections. */
4009 return false;
4010 }
4011
4012 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4013 return false;
4014 }
4015
4016 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4017 CVAL(inbuf,smb_wct) != 14) {
4018 DEBUG(10,("is_valid_writeX_buffer: chained or "
4019 "invalid word length.\n"));
4020 return false;
4021 }
4022
4023 conn = conn_find(SVAL(inbuf, smb_tid));
4024 if (conn == NULL) {
4025 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4026 return false;
4027 }
4028 if (IS_IPC(conn)) {
4029 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4030 return false;
4031 }
4032 if (IS_PRINT(conn)) {
4033 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4034 return false;
4035 }
4036 doff = SVAL(inbuf,smb_vwv11);
4037
4038 numtowrite = SVAL(inbuf,smb_vwv10);
4039
4040 if (len > doff && len - doff > 0xFFFF) {
4041 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4042 }
4043
4044 if (numtowrite == 0) {
4045 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4046 return false;
4047 }
4048
4049 /* Ensure the sizes match up. */
4050 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4051 /* no pad byte...old smbclient :-( */
4052 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4053 (unsigned int)doff,
4054 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4055 return false;
4056 }
4057
4058 if (len - doff != numtowrite) {
4059 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4060 "len = %u, doff = %u, numtowrite = %u\n",
4061 (unsigned int)len,
4062 (unsigned int)doff,
4063 (unsigned int)numtowrite ));
4064 return false;
4065 }
4066
4067 DEBUG(10,("is_valid_writeX_buffer: true "
4068 "len = %u, doff = %u, numtowrite = %u\n",
4069 (unsigned int)len,
4070 (unsigned int)doff,
4071 (unsigned int)numtowrite ));
4072
4073 return true;
4074 }
4075
4076 /****************************************************************************
4077 Reply to a write and X.
4078 ****************************************************************************/
4079
4080 void reply_write_and_X(struct smb_request *req)
4081 {
4082 connection_struct *conn = req->conn;
4083 files_struct *fsp;
4084 struct lock_struct lock;
4085 SMB_OFF_T startpos;
4086 size_t numtowrite;
4087 bool write_through;
4088 ssize_t nwritten;
4089 unsigned int smb_doff;
4090 unsigned int smblen;
4091 char *data;
4092 NTSTATUS status;
4093
4094 START_PROFILE(SMBwriteX);
4095
4096 if ((req->wct != 12) && (req->wct != 14)) {
4097 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4098 END_PROFILE(SMBwriteX);
4099 return;
4100 }
4101
4102 numtowrite = SVAL(req->vwv+10, 0);
4103 smb_doff = SVAL(req->vwv+11, 0);
4104 smblen = smb_len(req->inbuf);
4105
4106 if (req->unread_bytes > 0xFFFF ||
4107 (smblen > smb_doff &&
4108 smblen - smb_doff > 0xFFFF)) {
4109 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4110 }
4111
4112 if (req->unread_bytes) {
4113 /* Can't do a recvfile write on IPC$ */
4114 if (IS_IPC(conn)) {
4115 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4116 END_PROFILE(SMBwriteX);
4117 return;
4118 }
4119 if (numtowrite != req->unread_bytes) {
4120 reply_doserror(req, ERRDOS, ERRbadmem);
4121 END_PROFILE(SMBwriteX);
4122 return;
4123 }
4124 } else {
4125 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4126 smb_doff + numtowrite > smblen) {
4127 reply_doserror(req, ERRDOS, ERRbadmem);
4128 END_PROFILE(SMBwriteX);
4129 return;
4130 }
4131 }
4132
4133 /* If it's an IPC, pass off the pipe handler. */
4134 if (IS_IPC(conn)) {
4135 if (req->unread_bytes) {
4136 reply_doserror(req, ERRDOS, ERRbadmem);
4137 END_PROFILE(SMBwriteX);
4138 return;
4139 }
4140 reply_pipe_write_and_X(req);
4141 END_PROFILE(SMBwriteX);
4142 return;
4143 }
4144
4145 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4146 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4147 write_through = BITSETW(req->vwv+7,0);
4148
4149 if (!check_fsp(conn, req, fsp)) {
4150 END_PROFILE(SMBwriteX);
4151 return;
4152 }
4153
4154 if (!CHECK_WRITE(fsp)) {
4155 reply_doserror(req, ERRDOS, ERRbadaccess);
4156 END_PROFILE(SMBwriteX);
4157 return;
4158 }
4159
4160 data = smb_base(req->inbuf) + smb_doff;
4161
4162 if(req->wct == 14) {
4163 #ifdef LARGE_SMB_OFF_T
4164 /*
4165 * This is a large offset (64 bit) write.
4166 */
4167 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4168
4169 #else /* !LARGE_SMB_OFF_T */
4170
4171 /*
4172 * Ensure we haven't been sent a >32 bit offset.
4173 */
4174
4175 if(IVAL(req->vwv+12, 0) != 0) {
4176 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4177 "used and we don't support 64 bit offsets.\n",
4178 (unsigned int)IVAL(req->vwv+12, 0) ));
4179 reply_doserror(req, ERRDOS, ERRbadaccess);
4180 END_PROFILE(SMBwriteX);
4181 return;
4182 }
4183
4184 #endif /* LARGE_SMB_OFF_T */
4185 }
4186
4187 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4188 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4189 &lock);
4190
4191 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4192 reply_doserror(req, ERRDOS, ERRlock);
4193 END_PROFILE(SMBwriteX);
4194 return;
4195 }
4196
4197 /* X/Open SMB protocol says that, unlike SMBwrite
4198 if the length is zero then NO truncation is
4199 done, just a write of zero. To truncate a file,
4200 use SMBwrite. */
4201
4202 if(numtowrite == 0) {
4203 nwritten = 0;
4204 } else {
4205
4206 if ((req->unread_bytes == 0) &&
4207 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4208 numtowrite)) {
4209 goto strict_unlock;
4210 }
4211
4212 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4213 }
4214
4215 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4216 reply_unixerror(req, ERRHRD, ERRdiskfull);
4217 goto strict_unlock;
4218 }
4219
4220 reply_outbuf(req, 6, 0);
4221 SSVAL(req->outbuf,smb_vwv2,nwritten);
4222 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4223
4224 if (nwritten < (ssize_t)numtowrite) {
4225 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4226 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4227 }
4228
4229 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4230 fsp->fnum, (int)numtowrite, (int)nwritten));
4231
4232 status = sync_file(conn, fsp, write_through);
4233 if (!NT_STATUS_IS_OK(status)) {
4234 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4235 fsp->fsp_name, nt_errstr(status) ));
4236 reply_nterror(req, status);
4237 goto strict_unlock;
4238 }
4239
4240 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4241
4242 END_PROFILE(SMBwriteX);
4243 chain_reply(req);
4244 return;
4245
4246 strict_unlock:
4247 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4248
4249 END_PROFILE(SMBwriteX);
4250 return;
4251 }
4252
4253 /****************************************************************************
4254 Reply to a lseek.
4255 ****************************************************************************/
4256
4257 void reply_lseek(struct smb_request *req)
4258 {
4259 connection_struct *conn = req->conn;
4260 SMB_OFF_T startpos;
4261 SMB_OFF_T res= -1;
4262 int mode,umode;
4263 files_struct *fsp;
4264
4265 START_PROFILE(SMBlseek);
4266
4267 if (req->wct < 4) {
4268 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4269 END_PROFILE(SMBlseek);
4270 return;
4271 }
4272
4273 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4274
4275 if (!check_fsp(conn, req, fsp)) {
4276 return;
4277 }
4278
4279 flush_write_cache(fsp, SEEK_FLUSH);
4280
4281 mode = SVAL(req->vwv+1, 0) & 3;
4282 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4283 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4284
4285 switch (mode) {
4286 case 0:
4287 umode = SEEK_SET;
4288 res = startpos;
4289 break;
4290 case 1:
4291 umode = SEEK_CUR;
4292 res = fsp->fh->pos + startpos;
4293 break;
4294 case 2:
4295 umode = SEEK_END;
4296 break;
4297 default:
4298 umode = SEEK_SET;
4299 res = startpos;
4300 break;
4301 }
4302
4303 if (umode == SEEK_END) {
4304 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4305 if(errno == EINVAL) {
4306 SMB_OFF_T current_pos = startpos;
4307 SMB_STRUCT_STAT sbuf;
4308
4309 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4310 reply_unixerror(req, ERRDOS,
4311 ERRnoaccess);
4312 END_PROFILE(SMBlseek);
4313 return;
4314 }
4315
4316 current_pos += sbuf.st_size;
4317 if(current_pos < 0)
4318 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4319 }
4320 }
4321
4322 if(res == -1) {
4323 reply_unixerror(req, ERRDOS, ERRnoaccess);
4324 END_PROFILE(SMBlseek);
4325 return;
4326 }
4327 }
4328
4329 fsp->fh->pos = res;
4330
4331 reply_outbuf(req, 2, 0);
4332 SIVAL(req->outbuf,smb_vwv0,res);
4333
4334 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4335 fsp->fnum, (double)startpos, (double)res, mode));
4336
4337 END_PROFILE(SMBlseek);
4338 return;
4339 }
4340
4341 /****************************************************************************
4342 Reply to a flush.
4343 ****************************************************************************/
4344
4345 void reply_flush(struct smb_request *req)
4346 {
4347 connection_struct *conn = req->conn;
4348 uint16 fnum;
4349 files_struct *fsp;
4350
4351 START_PROFILE(SMBflush);
4352
4353 if (req->wct < 1) {
4354 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4355 return;
4356 }
4357
4358 fnum = SVAL(req->vwv+0, 0);
4359 fsp = file_fsp(req, fnum);
4360
4361 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4362 return;
4363 }
4364
4365 if (!fsp) {
4366 file_sync_all(conn);
4367 } else {
4368 NTSTATUS status = sync_file(conn, fsp, True);
4369 if (!NT_STATUS_IS_OK(status)) {
4370 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4371 fsp->fsp_name, nt_errstr(status) ));
4372 reply_nterror(req, status);
4373 END_PROFILE(SMBflush);
4374 return;
4375 }
4376 }
4377
4378 reply_outbuf(req, 0, 0);
4379
4380 DEBUG(3,("flush\n"));
4381 END_PROFILE(SMBflush);
4382 return;
4383 }
4384
4385 /****************************************************************************
4386 Reply to a exit.
4387 conn POINTER CAN BE NULL HERE !
4388 ****************************************************************************/
4389
4390 void reply_exit(struct smb_request *req)
4391 {
4392 START_PROFILE(SMBexit);
4393
4394 file_close_pid(req->smbpid, req->vuid);
4395
4396 reply_outbuf(req, 0, 0);
4397
4398 DEBUG(3,("exit\n"));
4399
4400 END_PROFILE(SMBexit);
4401 return;
4402 }
4403
4404 /****************************************************************************
4405 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4406 ****************************************************************************/
4407
4408 void reply_close(struct smb_request *req)
4409 {
4410 connection_struct *conn = req->conn;
4411 NTSTATUS status = NT_STATUS_OK;
4412 files_struct *fsp = NULL;
4413 START_PROFILE(SMBclose);
4414
4415 if (req->wct < 3) {
4416 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4417 END_PROFILE(SMBclose);
4418 return;
4419 }
4420
4421 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4422
4423 /*
4424 * We can only use check_fsp if we know it's not a directory.
4425 */
4426
4427 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4428 reply_doserror(req, ERRDOS, ERRbadfid);
4429 END_PROFILE(SMBclose);
4430 return;
4431 }
4432
4433 if(fsp->is_directory) {
4434 /*
4435 * Special case - close NT SMB directory handle.
4436 */
4437 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4438 status = close_file(req, fsp, NORMAL_CLOSE);
4439 } else {
4440 time_t t;
4441 /*
4442 * Close ordinary file.
4443 */
4444
4445 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4446 fsp->fh->fd, fsp->fnum,
4447 conn->num_files_open));
4448
4449 /*
4450 * Take care of any time sent in the close.
4451 */
4452
4453 t = srv_make_unix_date3(req->vwv+1);
4454 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4455
4456 /*
4457 * close_file() returns the unix errno if an error
4458 * was detected on close - normally this is due to
4459 * a disk full error. If not then it was probably an I/O error.
4460 */
4461
4462 status = close_file(req, fsp, NORMAL_CLOSE);
4463 }
4464
4465 if (!NT_STATUS_IS_OK(status)) {
4466 reply_nterror(req, status);
4467 END_PROFILE(SMBclose);
4468 return;
4469 }
4470
4471 reply_outbuf(req, 0, 0);
4472 END_PROFILE(SMBclose);
4473 return;
4474 }
4475
4476 /****************************************************************************
4477 Reply to a writeclose (Core+ protocol).
4478 ****************************************************************************/
4479
4480 void reply_writeclose(struct smb_request *req)
4481 {
4482 connection_struct *conn = req->conn;
4483 size_t numtowrite;
4484 ssize_t nwritten = -1;
4485 NTSTATUS close_status = NT_STATUS_OK;
4486 SMB_OFF_T startpos;
4487 const char *data;
4488 struct timespec mtime;
4489 files_struct *fsp;
4490 struct lock_struct lock;
4491
4492 START_PROFILE(SMBwriteclose);
4493
4494 if (req->wct < 6) {
4495 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4496 END_PROFILE(SMBwriteclose);
4497 return;
4498 }
4499
4500 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4501
4502 if (!check_fsp(conn, req, fsp)) {
4503 END_PROFILE(SMBwriteclose);
4504 return;
4505 }
4506 if (!CHECK_WRITE(fsp)) {
4507 reply_doserror(req, ERRDOS,ERRbadaccess);
4508 END_PROFILE(SMBwriteclose);
4509 return;
4510 }
4511
4512 numtowrite = SVAL(req->vwv+1, 0);
4513 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4514 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4515 data = (const char *)req->buf + 1;
4516
4517 if (numtowrite) {
4518 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4519 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4520 &lock);
4521
4522 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4523 reply_doserror(req, ERRDOS,ERRlock);
4524 END_PROFILE(SMBwriteclose);
4525 return;
4526 }
4527 }
4528
4529 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4530
4531 set_close_write_time(fsp, mtime);
4532
4533 /*
4534 * More insanity. W2K only closes the file if writelen > 0.
4535 * JRA.
4536 */
4537
4538 if (numtowrite) {
4539 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4540 fsp->fsp_name ));
4541 close_status = close_file(req, fsp, NORMAL_CLOSE);
4542 }
4543
4544 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4545 fsp->fnum, (int)numtowrite, (int)nwritten,
4546 conn->num_files_open));
4547
4548 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4549 reply_doserror(req, ERRHRD, ERRdiskfull);
4550 goto strict_unlock;
4551 }
4552
4553 if(!NT_STATUS_IS_OK(close_status)) {
4554 reply_nterror(req, close_status);
4555 goto strict_unlock;
4556 }
4557
4558 reply_outbuf(req, 1, 0);
4559
4560 SSVAL(req->outbuf,smb_vwv0,nwritten);
4561
4562 strict_unlock:
4563 if (numtowrite) {
4564 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4565 }
4566
4567 END_PROFILE(SMBwriteclose);
4568 return;
4569 }
4570
4571 #undef DBGC_CLASS
4572 #define DBGC_CLASS DBGC_LOCKING
4573
4574 /****************************************************************************
4575 Reply to a lock.
4576 ****************************************************************************/
4577
4578 void reply_lock(struct smb_request *req)
4579 {
4580 connection_struct *conn = req->conn;
4581 uint64_t count,offset;
4582 NTSTATUS status;
4583 files_struct *fsp;
4584 struct byte_range_lock *br_lck = NULL;
4585
4586 START_PROFILE(SMBlock);
4587
4588 if (req->wct < 5) {
4589 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4590 END_PROFILE(SMBlock);
4591 return;
4592 }
4593
4594 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4595
4596 if (!check_fsp(conn, req, fsp)) {
4597 END_PROFILE(SMBlock);
4598 return;
4599 }
4600
4601 count = (uint64_t)IVAL(req->vwv+1, 0);
4602 offset = (uint64_t)IVAL(req->vwv+3, 0);
4603
4604 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4605 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4606
4607 br_lck = do_lock(smbd_messaging_context(),
4608 fsp,
4609 req->smbpid,
4610 count,
4611 offset,
4612 WRITE_LOCK,
4613 WINDOWS_LOCK,
4614 False, /* Non-blocking lock. */
4615 &status,
4616 NULL,
4617 NULL);
4618
4619 TALLOC_FREE(br_lck);
4620
4621 if (NT_STATUS_V(status)) {
4622 reply_nterror(req, status);
4623 END_PROFILE(SMBlock);
4624 return;
4625 }
4626
4627 reply_outbuf(req, 0, 0);
4628
4629 END_PROFILE(SMBlock);
4630 return;
4631 }
4632
4633 /****************************************************************************
4634 Reply to a unlock.
4635 ****************************************************************************/
4636
4637 void reply_unlock(struct smb_request *req)
4638 {
4639 connection_struct *conn = req->conn;
4640 uint64_t count,offset;
4641 NTSTATUS status;
4642 files_struct *fsp;
4643
4644 START_PROFILE(SMBunlock);
4645
4646 if (req->wct < 5) {
4647 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4648 END_PROFILE(SMBunlock);
4649 return;
4650 }
4651
4652 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4653
4654 if (!check_fsp(conn, req, fsp)) {
4655 END_PROFILE(SMBunlock);
4656 return;
4657 }
4658
4659 count = (uint64_t)IVAL(req->vwv+1, 0);
4660 offset = (uint64_t)IVAL(req->vwv+3, 0);
4661
4662 status = do_unlock(smbd_messaging_context(),
4663 fsp,
4664 req->smbpid,
4665 count,
4666 offset,
4667 WINDOWS_LOCK);
4668
4669 if (NT_STATUS_V(status)) {
4670 reply_nterror(req, status);
4671 END_PROFILE(SMBunlock);
4672 return;
4673 }
4674
4675 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4676 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4677
4678 reply_outbuf(req, 0, 0);
4679
4680 END_PROFILE(SMBunlock);
4681 return;
4682 }
4683
4684 #undef DBGC_CLASS
4685 #define DBGC_CLASS DBGC_ALL
4686
4687 /****************************************************************************
4688 Reply to a tdis.
4689 conn POINTER CAN BE NULL HERE !
4690 ****************************************************************************/
4691
4692 void reply_tdis(struct smb_request *req)
4693 {
4694 connection_struct *conn = req->conn;
4695 START_PROFILE(SMBtdis);
4696
4697 if (!conn) {
4698 DEBUG(4,("Invalid connection in tdis\n"));
4699 reply_doserror(req, ERRSRV, ERRinvnid);
4700 END_PROFILE(SMBtdis);
4701 return;
4702 }
4703
4704 conn->used = False;
4705
4706 close_cnum(conn,req->vuid);
4707 req->conn = NULL;
4708
4709 reply_outbuf(req, 0, 0);
4710 END_PROFILE(SMBtdis);
4711 return;
4712 }
4713
4714 /****************************************************************************
4715 Reply to a echo.
4716 conn POINTER CAN BE NULL HERE !
4717 ****************************************************************************/
4718
4719 void reply_echo(struct smb_request *req)
4720 {
4721 connection_struct *conn = req->conn;
4722 struct smb_perfcount_data local_pcd;
4723 struct smb_perfcount_data *cur_pcd;
4724 int smb_reverb;
4725 int seq_num;
4726
4727 START_PROFILE(SMBecho);
4728
4729 smb_init_perfcount_data(&local_pcd);
4730
4731 if (req->wct < 1) {
4732 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4733 END_PROFILE(SMBecho);
4734 return;
4735 }
4736
4737 smb_reverb = SVAL(req->vwv+0, 0);
4738
4739 reply_outbuf(req, 1, req->buflen);
4740
4741 /* copy any incoming data back out */
4742 if (req->buflen > 0) {
4743 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4744 }
4745
4746 if (smb_reverb > 100) {
4747 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4748 smb_reverb = 100;
4749 }
4750
4751 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
4752
4753 /* this makes sure we catch the request pcd */
4754 if (seq_num == smb_reverb) {
4755 cur_pcd = &req->pcd;
4756 } else {
4757 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
4758 cur_pcd = &local_pcd;
4759 }
4760
4761 SSVAL(req->outbuf,smb_vwv0,seq_num);
4762
4763 show_msg((char *)req->outbuf);
4764 if (!srv_send_smb(smbd_server_fd(),
4765 (char *)req->outbuf,
4766 IS_CONN_ENCRYPTED(conn)||req->encrypted,
4767 cur_pcd))
4768 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4769 }
4770
4771 DEBUG(3,("echo %d times\n", smb_reverb));
4772
4773 TALLOC_FREE(req->outbuf);
4774
4775 END_PROFILE(SMBecho);
4776 return;
4777 }
4778
4779 /****************************************************************************
4780 Reply to a printopen.
4781 ****************************************************************************/
4782
4783 void reply_printopen(struct smb_request *req)
4784 {
4785 connection_struct *conn = req->conn;
4786 files_struct *fsp;
4787 SMB_STRUCT_STAT sbuf;
4788 NTSTATUS status;
4789
4790 START_PROFILE(SMBsplopen);
4791
4792 if (req->wct < 2) {
4793 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4794 END_PROFILE(SMBsplopen);
4795 return;
4796 }
4797
4798 if (!CAN_PRINT(conn)) {
4799 reply_doserror(req, ERRDOS, ERRnoaccess);
4800 END_PROFILE(SMBsplopen);
4801 return;
4802 }
4803
4804 status = file_new(req, conn, &fsp);
4805 if(!NT_STATUS_IS_OK(status)) {
4806 reply_nterror(req, status);
4807 END_PROFILE(SMBsplopen);
4808 return;
4809 }
4810
4811 /* Open for exclusive use, write only. */
4812 status = print_fsp_open(req, conn, NULL, req->vuid, fsp, &sbuf);
4813
4814 if (!NT_STATUS_IS_OK(status)) {
4815 reply_nterror(req, status);
4816 END_PROFILE(SMBsplopen);
4817 return;
4818 }
4819
4820 reply_outbuf(req, 1, 0);
4821 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4822
4823 DEBUG(3,("openprint fd=%d fnum=%d\n",
4824 fsp->fh->fd, fsp->fnum));
4825
4826 END_PROFILE(SMBsplopen);
4827 return;
4828 }
4829
4830 /****************************************************************************
4831 Reply to a printclose.
4832 ****************************************************************************/
4833
4834 void reply_printclose(struct smb_request *req)
4835 {
4836 connection_struct *conn = req->conn;
4837 files_struct *fsp;
4838 NTSTATUS status;
4839
4840 START_PROFILE(SMBsplclose);
4841
4842 if (req->wct < 1) {
4843 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4844 END_PROFILE(SMBsplclose);
4845 return;
4846 }
4847
4848 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4849
4850 if (!check_fsp(conn, req, fsp)) {
4851 END_PROFILE(SMBsplclose);
4852 return;
4853 }
4854
4855 if (!CAN_PRINT(conn)) {
4856 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4857 END_PROFILE(SMBsplclose);
4858 return;
4859 }
4860
4861 DEBUG(3,("printclose fd=%d fnum=%d\n",
4862 fsp->fh->fd,fsp->fnum));
4863
4864 status = close_file(req, fsp, NORMAL_CLOSE);
4865
4866 if(!NT_STATUS_IS_OK(status)) {
4867 reply_nterror(req, status);
4868 END_PROFILE(SMBsplclose);
4869 return;
4870 }
4871
4872 reply_outbuf(req, 0, 0);
4873
4874 END_PROFILE(SMBsplclose);
4875 return;
4876 }
4877
4878 /****************************************************************************
4879 Reply to a printqueue.
4880 ****************************************************************************/
4881
4882 void reply_printqueue(struct smb_request *req)
4883 {
4884 connection_struct *conn = req->conn;
4885 int max_count;
4886 int start_index;
4887
4888 START_PROFILE(SMBsplretq);
4889
4890 if (req->wct < 2) {
4891 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4892 END_PROFILE(SMBsplretq);
4893 return;
4894 }
4895
4896 max_count = SVAL(req->vwv+0, 0);
4897 start_index = SVAL(req->vwv+1, 0);
4898
4899 /* we used to allow the client to get the cnum wrong, but that
4900 is really quite gross and only worked when there was only
4901 one printer - I think we should now only accept it if they
4902 get it right (tridge) */
4903 if (!CAN_PRINT(conn)) {
4904 reply_doserror(req, ERRDOS, ERRnoaccess);
4905 END_PROFILE(SMBsplretq);
4906 return;
4907 }
4908
4909 reply_outbuf(req, 2, 3);
4910 SSVAL(req->outbuf,smb_vwv0,0);
4911 SSVAL(req->outbuf,smb_vwv1,0);
4912 SCVAL(smb_buf(req->outbuf),0,1);
4913 SSVAL(smb_buf(req->outbuf),1,0);
4914
4915 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4916 start_index, max_count));
4917
4918 {
4919 print_queue_struct *queue = NULL;
4920 print_status_struct status;
4921 int count = print_queue_status(SNUM(conn), &queue, &status);
4922 int num_to_get = ABS(max_count);
4923 int first = (max_count>0?start_index:start_index+max_count+1);
4924 int i;
4925
4926 if (first >= count)
4927 num_to_get = 0;
4928 else
4929 num_to_get = MIN(num_to_get,count-first);
4930
4931
4932 for (i=first;i<first+num_to_get;i++) {
4933 char blob[28];
4934 char *p = blob;
4935
4936 srv_put_dos_date2(p,0,queue[i].time);
4937 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4938 SSVAL(p,5, queue[i].job);
4939 SIVAL(p,7,queue[i].size);
4940 SCVAL(p,11,0);
4941 srvstr_push(blob, req->flags2, p+12,
4942 queue[i].fs_user, 16, STR_ASCII);
4943
4944 if (message_push_blob(
4945 &req->outbuf,
4946 data_blob_const(
4947 blob, sizeof(blob))) == -1) {
4948 reply_nterror(req, NT_STATUS_NO_MEMORY);
4949 END_PROFILE(SMBsplretq);
4950 return;
4951 }
4952 }
4953
4954 if (count > 0) {
4955 SSVAL(req->outbuf,smb_vwv0,count);
4956 SSVAL(req->outbuf,smb_vwv1,
4957 (max_count>0?first+count:first-1));
4958 SCVAL(smb_buf(req->outbuf),0,1);
4959 SSVAL(smb_buf(req->outbuf),1,28*count);
4960 }
4961
4962 SAFE_FREE(queue);
4963
4964 DEBUG(3,("%d entries returned in queue\n",count));
4965 }
4966
4967 END_PROFILE(SMBsplretq);
4968 return;
4969 }
4970
4971 /****************************************************************************
4972 Reply to a printwrite.
4973 ****************************************************************************/
4974
4975 void reply_printwrite(struct smb_request *req)
4976 {
4977 connection_struct *conn = req->conn;
4978 int numtowrite;
4979 const char *data;
4980 files_struct *fsp;
4981
4982 START_PROFILE(SMBsplwr);
4983
4984 if (req->wct < 1) {
4985 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4986 END_PROFILE(SMBsplwr);
4987 return;
4988 }
4989
4990 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4991
4992 if (!check_fsp(conn, req, fsp)) {
4993 END_PROFILE(SMBsplwr);
4994 return;
4995 }
4996
4997 if (!CAN_PRINT(conn)) {
4998 reply_doserror(req, ERRDOS, ERRnoaccess);
4999 END_PROFILE(SMBsplwr);
5000 return;
5001 }
5002
5003 if (!CHECK_WRITE(fsp)) {
5004 reply_doserror(req, ERRDOS, ERRbadaccess);
5005 END_PROFILE(SMBsplwr);
5006 return;
5007 }
5008
5009 numtowrite = SVAL(req->buf, 1);
5010
5011 if (req->buflen < numtowrite + 3) {
5012 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5013 END_PROFILE(SMBsplwr);
5014 return;
5015 }
5016
5017 data = (const char *)req->buf + 3;
5018
5019 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
5020 reply_unixerror(req, ERRHRD, ERRdiskfull);
5021 END_PROFILE(SMBsplwr);
5022 return;
5023 }
5024
5025 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5026
5027 END_PROFILE(SMBsplwr);
5028 return;
5029 }
5030
5031 /****************************************************************************
5032 Reply to a mkdir.
5033 ****************************************************************************/
5034
5035 void reply_mkdir(struct smb_request *req)
5036 {
5037 connection_struct *conn = req->conn;
5038 char *directory = NULL;
5039 NTSTATUS status;
5040 SMB_STRUCT_STAT sbuf;
5041 TALLOC_CTX *ctx = talloc_tos();
5042
5043 START_PROFILE(SMBmkdir);
5044
5045 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5046 STR_TERMINATE, &status);
5047 if (!NT_STATUS_IS_OK(status)) {
5048 reply_nterror(req, status);
5049 END_PROFILE(SMBmkdir);
5050 return;
5051 }
5052
5053 status = resolve_dfspath(ctx, conn,
5054 req->flags2 & FLAGS2_DFS_PATHNAMES,
5055 directory,
5056 &directory);
5057 if (!NT_STATUS_IS_OK(status)) {
5058 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5059 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5060 ERRSRV, ERRbadpath);
5061 END_PROFILE(SMBmkdir);
5062 return;
5063 }
5064 reply_nterror(req, status);
5065 END_PROFILE(SMBmkdir);
5066 return;
5067 }
5068
5069 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
5070 if (!NT_STATUS_IS_OK(status)) {
5071 reply_nterror(req, status);
5072 END_PROFILE(SMBmkdir);
5073 return;
5074 }
5075
5076 status = check_name(conn, directory);
5077 if (!NT_STATUS_IS_OK(status)) {
5078 reply_nterror(req, status);
5079 END_PROFILE(SMBmkdir);
5080 return;
5081 }
5082
5083 status = create_directory(conn, req, directory);
5084
5085 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5086
5087 if (!NT_STATUS_IS_OK(status)) {
5088
5089 if (!use_nt_status()
5090 && NT_STATUS_EQUAL(status,
5091 NT_STATUS_OBJECT_NAME_COLLISION)) {
5092 /*
5093 * Yes, in the DOS error code case we get a
5094 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5095 * samba4 torture test.
5096 */
5097 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5098 }
5099
5100 reply_nterror(req, status);
5101 END_PROFILE(SMBmkdir);
5102 return;
5103 }
5104
5105 reply_outbuf(req, 0, 0);
5106
5107 DEBUG( 3, ( "mkdir %s\n", directory ) );
5108
5109 END_PROFILE(SMBmkdir);
5110 return;
5111 }
5112
5113 /****************************************************************************
5114 Static function used by reply_rmdir to delete an entire directory
5115 tree recursively. Return True on ok, False on fail.
5116 ****************************************************************************/
5117
5118 static bool recursive_rmdir(TALLOC_CTX *ctx,
5119 connection_struct *conn,
5120 char *directory)
5121 {
5122 const char *dname = NULL;
5123 bool ret = True;
5124 long offset = 0;
5125 SMB_STRUCT_STAT st;
5126 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
5127 NULL, 0);
5128
5129 if(dir_hnd == NULL)
5130 return False;
5131
5132 while((dname = ReadDirName(dir_hnd, &offset, &st))) {
5133 char *fullname = NULL;
5134
5135 if (ISDOT(dname) || ISDOTDOT(dname)) {
5136 continue;
5137 }
5138
5139 if (!is_visible_file(conn, directory, dname, &st, False)) {
5140 continue;
5141 }
5142
5143 /* Construct the full name. */
5144 fullname = talloc_asprintf(ctx,
5145 "%s/%s",
5146 directory,
5147 dname);
5148 if (!fullname) {
5149 errno = ENOMEM;
5150 ret = False;
5151 break;
5152 }
5153
5154 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5155 ret = False;
5156 break;
5157 }
5158
5159 if(st.st_mode & S_IFDIR) {
5160 if(!recursive_rmdir(ctx, conn, fullname)) {
5161 ret = False;
5162 break;
5163 }
5164 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5165 ret = False;
5166 break;
5167 }
5168 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5169 ret = False;
5170 break;
5171 }
5172 TALLOC_FREE(fullname);
5173 }
5174 TALLOC_FREE(dir_hnd);
5175 return ret;
5176 }
5177
5178 /****************************************************************************
5179 The internals of the rmdir code - called elsewhere.
5180 ****************************************************************************/
5181
5182 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
5183 connection_struct *conn,
5184 const char *directory)
5185 {
5186 int ret;
5187 SMB_STRUCT_STAT st;
5188
5189 /* Might be a symlink. */
5190 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
5191 return map_nt_error_from_unix(errno);
5192 }
5193
5194 if (S_ISLNK(st.st_mode)) {
5195 /* Is what it points to a directory ? */
5196 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
5197 return map_nt_error_from_unix(errno);
5198 }
5199 if (!(S_ISDIR(st.st_mode))) {
5200 return NT_STATUS_NOT_A_DIRECTORY;
5201 }
5202 ret = SMB_VFS_UNLINK(conn,directory);
5203 } else {
5204 ret = SMB_VFS_RMDIR(conn,directory);
5205 }
5206 if (ret == 0) {
5207 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5208 FILE_NOTIFY_CHANGE_DIR_NAME,
5209 directory);
5210 return NT_STATUS_OK;
5211 }
5212
5213 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
5214 /*
5215 * Check to see if the only thing in this directory are
5216 * vetoed files/directories. If so then delete them and
5217 * retry. If we fail to delete any of them (and we *don't*
5218 * do a recursive delete) then fail the rmdir.
5219 */
5220 const char *dname;
5221 long dirpos = 0;
5222 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5223 directory, NULL, 0);
5224
5225 if(dir_hnd == NULL) {
5226 errno = ENOTEMPTY;
5227 goto err;
5228 }
5229
5230 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5231 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5232 continue;
5233 if (!is_visible_file(conn, directory, dname, &st, False))
5234 continue;
5235 if(!IS_VETO_PATH(conn, dname)) {
5236 TALLOC_FREE(dir_hnd);
5237 errno = ENOTEMPTY;
5238 goto err;
5239 }
5240 }
5241
5242 /* We only have veto files/directories.
5243 * Are we allowed to delete them ? */
5244
5245 if(!lp_recursive_veto_delete(SNUM(conn))) {
5246 TALLOC_FREE(dir_hnd);
5247 errno = ENOTEMPTY;
5248 goto err;
5249 }
5250
5251 /* Do a recursive delete. */
5252 RewindDir(dir_hnd,&dirpos);
5253 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5254 char *fullname = NULL;
5255
5256 if (ISDOT(dname) || ISDOTDOT(dname)) {
5257 continue;
5258 }
5259 if (!is_visible_file(conn, directory, dname, &st, False)) {
5260 continue;
5261 }
5262
5263 fullname = talloc_asprintf(ctx,
5264 "%s/%s",
5265 directory,
5266 dname);
5267
5268 if(!fullname) {
5269 errno = ENOMEM;
5270 break;
5271 }
5272
5273 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5274 break;
5275 }
5276 if(st.st_mode & S_IFDIR) {
5277 if(!recursive_rmdir(ctx, conn, fullname)) {
5278 break;
5279 }
5280 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5281 break;
5282 }
5283 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5284 break;
5285 }
5286 TALLOC_FREE(fullname);
5287 }
5288 TALLOC_FREE(dir_hnd);
5289 /* Retry the rmdir */
5290 ret = SMB_VFS_RMDIR(conn,directory);
5291 }
5292
5293 err:
5294
5295 if (ret != 0) {
5296 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5297 "%s\n", directory,strerror(errno)));
5298 return map_nt_error_from_unix(errno);
5299 }
5300
5301 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5302 FILE_NOTIFY_CHANGE_DIR_NAME,
5303 directory);
5304
5305 return NT_STATUS_OK;
5306 }
5307
5308 /****************************************************************************
5309 Reply to a rmdir.
5310 ****************************************************************************/
5311
5312 void reply_rmdir(struct smb_request *req)
5313 {
5314 connection_struct *conn = req->conn;
5315 char *directory = NULL;
5316 SMB_STRUCT_STAT sbuf;
5317 NTSTATUS status;
5318 TALLOC_CTX *ctx = talloc_tos();
5319
5320 START_PROFILE(SMBrmdir);
5321
5322 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5323 STR_TERMINATE, &status);
5324 if (!NT_STATUS_IS_OK(status)) {
5325 reply_nterror(req, status);
5326 END_PROFILE(SMBrmdir);
5327 return;
5328 }
5329
5330 status = resolve_dfspath(ctx, conn,
5331 req->flags2 & FLAGS2_DFS_PATHNAMES,
5332 directory,
5333 &directory);
5334 if (!NT_STATUS_IS_OK(status)) {
5335 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5336 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5337 ERRSRV, ERRbadpath);
5338 END_PROFILE(SMBrmdir);
5339 return;
5340 }
5341 reply_nterror(req, status);
5342 END_PROFILE(SMBrmdir);
5343 return;
5344 }
5345
5346 status = unix_convert(ctx, conn, directory, False, &directory,
5347 NULL, &sbuf);
5348 if (!NT_STATUS_IS_OK(status)) {
5349 reply_nterror(req, status);
5350 END_PROFILE(SMBrmdir);
5351 return;
5352 }
5353
5354 status = check_name(conn, directory);
5355 if (!NT_STATUS_IS_OK(status)) {
5356 reply_nterror(req, status);
5357 END_PROFILE(SMBrmdir);
5358 return;
5359 }
5360
5361 dptr_closepath(directory, req->smbpid);
5362 status = rmdir_internals(ctx, conn, directory);
5363 if (!NT_STATUS_IS_OK(status)) {
5364 reply_nterror(req, status);
5365 END_PROFILE(SMBrmdir);
5366 return;
5367 }
5368
5369 reply_outbuf(req, 0, 0);
5370
5371 DEBUG( 3, ( "rmdir %s\n", directory ) );
5372
5373 END_PROFILE(SMBrmdir);
5374 return;
5375 }
5376
5377 /*******************************************************************
5378 Resolve wildcards in a filename rename.
5379 ********************************************************************/
5380
5381 static bool resolve_wildcards(TALLOC_CTX *ctx,
5382 const char *name1,
5383 const char *name2,
5384 char **pp_newname)
5385 {
5386 char *name2_copy = NULL;
5387 char *root1 = NULL;
5388 char *root2 = NULL;
5389 char *ext1 = NULL;
5390 char *ext2 = NULL;
5391 char *p,*p2, *pname1, *pname2;
5392
5393 name2_copy = talloc_strdup(ctx, name2);
5394 if (!name2_copy) {
5395 return False;
5396 }
5397
5398 pname1 = strrchr_m(name1,'/');
5399 pname2 = strrchr_m(name2_copy,'/');
5400
5401 if (!pname1 || !pname2) {
5402 return False;
5403 }
5404
5405 /* Truncate the copy of name2 at the last '/' */
5406 *pname2 = '\0';
5407
5408 /* Now go past the '/' */
5409 pname1++;
5410 pname2++;
5411
5412 root1 = talloc_strdup(ctx, pname1);
5413 root2 = talloc_strdup(ctx, pname2);
5414
5415 if (!root1 || !root2) {
5416 return False;
5417 }
5418
5419 p = strrchr_m(root1,'.');
5420 if (p) {
5421 *p = 0;
5422 ext1 = talloc_strdup(ctx, p+1);
5423 } else {
5424 ext1 = talloc_strdup(ctx, "");
5425 }
5426 p = strrchr_m(root2,'.');
5427 if (p) {
5428 *p = 0;
5429 ext2 = talloc_strdup(ctx, p+1);
5430 } else {
5431 ext2 = talloc_strdup(ctx, "");
5432 }
5433
5434 if (!ext1 || !ext2) {
5435 return False;
5436 }
5437
5438 p = root1;
5439 p2 = root2;
5440 while (*p2) {
5441 if (*p2 == '?') {
5442 /* Hmmm. Should this be mb-aware ? */
5443 *p2 = *p;
5444 p2++;
5445 } else if (*p2 == '*') {
5446 *p2 = '\0';
5447 root2 = talloc_asprintf(ctx, "%s%s",
5448 root2,
5449 p);
5450 if (!root2) {
5451 return False;
5452 }
5453 break;
5454 } else {
5455 p2++;
5456 }
5457 if (*p) {
5458 p++;
5459 }
5460 }
5461
5462 p = ext1;
5463 p2 = ext2;
5464 while (*p2) {
5465 if (*p2 == '?') {
5466 /* Hmmm. Should this be mb-aware ? */
5467 *p2 = *p;
5468 p2++;
5469 } else if (*p2 == '*') {
5470 *p2 = '\0';
5471 ext2 = talloc_asprintf(ctx, "%s%s",
5472 ext2,
5473 p);
5474 if (!ext2) {
5475 return False;
5476 }
5477 break;
5478 } else {
5479 p2++;
5480 }
5481 if (*p) {
5482 p++;
5483 }
5484 }
5485
5486 if (*ext2) {
5487 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5488 name2_copy,
5489 root2,
5490 ext2);
5491 } else {
5492 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5493 name2_copy,
5494 root2);
5495 }
5496
5497 if (!*pp_newname) {
5498 return False;
5499 }
5500
5501 return True;
5502 }
5503
5504 /****************************************************************************
5505 Ensure open files have their names updated. Updated to notify other smbd's
5506 asynchronously.
5507 ****************************************************************************/
5508
5509 static void rename_open_files(connection_struct *conn,
5510 struct share_mode_lock *lck,
5511 const char *newname)
5512 {
5513 files_struct *fsp;
5514 bool did_rename = False;
5515
5516 for(fsp = file_find_di_first(lck->id); fsp;
5517 fsp = file_find_di_next(fsp)) {
5518 /* fsp_name is a relative path under the fsp. To change this for other
5519 sharepaths we need to manipulate relative paths. */
5520 /* TODO - create the absolute path and manipulate the newname
5521 relative to the sharepath. */
5522 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5523 continue;
5524 }
5525 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5526 fsp->fnum, file_id_string_tos(&fsp->file_id),
5527 fsp->fsp_name, newname ));
5528 string_set(&fsp->fsp_name, newname);
5529 did_rename = True;
5530 }
5531
5532 if (!did_rename) {
5533 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5534 file_id_string_tos(&lck->id), newname ));
5535 }
5536
5537 /* Send messages to all smbd's (not ourself) that the name has changed. */
5538 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5539 newname);
5540 }
5541
5542 /****************************************************************************
5543 We need to check if the source path is a parent directory of the destination
5544 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5545 refuse the rename with a sharing violation. Under UNIX the above call can
5546 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5547 probably need to check that the client is a Windows one before disallowing
5548 this as a UNIX client (one with UNIX extensions) can know the source is a
5549 symlink and make this decision intelligently. Found by an excellent bug
5550 report from <AndyLiebman@aol.com>.
5551 ****************************************************************************/
5552
5553 static bool rename_path_prefix_equal(const char *src, const char *dest)
5554 {
5555 const char *psrc = src;
5556 const char *pdst = dest;
5557 size_t slen;
5558
5559 if (psrc[0] == '.' && psrc[1] == '/') {
5560 psrc += 2;
5561 }
5562 if (pdst[0] == '.' && pdst[1] == '/') {
5563 pdst += 2;
5564 }
5565 if ((slen = strlen(psrc)) > strlen(pdst)) {
5566 return False;
5567 }
5568 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5569 }
5570
5571 /*
5572 * Do the notify calls from a rename
5573 */
5574
5575 static void notify_rename(connection_struct *conn, bool is_dir,
5576 const char *oldpath, const char *newpath)
5577 {
5578 char *olddir, *newdir;
5579 const char *oldname, *newname;
5580 uint32 mask;
5581
5582 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5583 : FILE_NOTIFY_CHANGE_FILE_NAME;
5584
5585 if (!parent_dirname(talloc_tos(), oldpath, &olddir, &oldname)
5586 || !parent_dirname(talloc_tos(), newpath, &newdir, &newname)) {
5587 TALLOC_FREE(olddir);
5588 return;
5589 }
5590
5591 if (strcmp(olddir, newdir) == 0) {
5592 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5593 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5594 }
5595 else {
5596 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5597 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5598 }
5599 TALLOC_FREE(olddir);
5600 TALLOC_FREE(newdir);
5601
5602 /* this is a strange one. w2k3 gives an additional event for
5603 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5604 files, but not directories */
5605 if (!is_dir) {
5606 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5607 FILE_NOTIFY_CHANGE_ATTRIBUTES
5608 |FILE_NOTIFY_CHANGE_CREATION,
5609 newpath);
5610 }
5611 }
5612
5613 /****************************************************************************
5614 Rename an open file - given an fsp.
5615 ****************************************************************************/
5616
5617 NTSTATUS rename_internals_fsp(connection_struct *conn,
5618 files_struct *fsp,
5619 char *newname,
5620 const char *newname_last_component,
5621 uint32 attrs,
5622 bool replace_if_exists)
5623 {
5624 TALLOC_CTX *ctx = talloc_tos();
5625 SMB_STRUCT_STAT sbuf, sbuf1;
5626 NTSTATUS status = NT_STATUS_OK;
5627 struct share_mode_lock *lck = NULL;
5628 bool dst_exists, old_is_stream, new_is_stream;
5629
5630 ZERO_STRUCT(sbuf);
5631
5632 status = check_name(conn, newname);
5633 if (!NT_STATUS_IS_OK(status)) {
5634 return status;
5635 }
5636
5637 /* Ensure newname contains a '/' */
5638 if(strrchr_m(newname,'/') == 0) {
5639 newname = talloc_asprintf(ctx,
5640 "./%s",
5641 newname);
5642 if (!newname) {
5643 return NT_STATUS_NO_MEMORY;
5644 }
5645 }
5646
5647 /*
5648 * Check for special case with case preserving and not
5649 * case sensitive. If the old last component differs from the original
5650 * last component only by case, then we should allow
5651 * the rename (user is trying to change the case of the
5652 * filename).
5653 */
5654
5655 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5656 strequal(newname, fsp->fsp_name)) {
5657 char *p;
5658 char *newname_modified_last_component = NULL;
5659
5660 /*
5661 * Get the last component of the modified name.
5662 * Note that we guarantee that newname contains a '/'
5663 * character above.
5664 */
5665 p = strrchr_m(newname,'/');
5666 newname_modified_last_component = talloc_strdup(ctx,
5667 p+1);
5668 if (!newname_modified_last_component) {
5669 return NT_STATUS_NO_MEMORY;
5670 }
5671
5672 if(strcsequal(newname_modified_last_component,
5673 newname_last_component) == False) {
5674 /*
5675 * Replace the modified last component with
5676 * the original.
5677 */
5678 *p = '\0'; /* Truncate at the '/' */
5679 newname = talloc_asprintf(ctx,
5680 "%s/%s",
5681 newname,
5682 newname_last_component);
5683 }
5684 }
5685
5686 /*
5687 * If the src and dest names are identical - including case,
5688 * don't do the rename, just return success.
5689 */
5690
5691 if (strcsequal(fsp->fsp_name, newname)) {
5692 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5693 newname));
5694 return NT_STATUS_OK;
5695 }
5696
5697 old_is_stream = is_ntfs_stream_name(fsp->fsp_name);
5698 new_is_stream = is_ntfs_stream_name(newname);
5699
5700 /* Return the correct error code if both names aren't streams. */
5701 if (!old_is_stream && new_is_stream) {
5702 return NT_STATUS_OBJECT_NAME_INVALID;
5703 }
5704
5705 if (old_is_stream && !new_is_stream) {
5706 return NT_STATUS_INVALID_PARAMETER;
5707 }
5708
5709 /*
5710 * Have vfs_object_exist also fill sbuf1
5711 */
5712 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5713
5714 if(!replace_if_exists && dst_exists) {
5715 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5716 fsp->fsp_name,newname));
5717 return NT_STATUS_OBJECT_NAME_COLLISION;
5718 }
5719
5720 if (dst_exists) {
5721 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5722 files_struct *dst_fsp = file_find_di_first(fileid);
5723 /* The file can be open when renaming a stream */
5724 if (dst_fsp && !new_is_stream) {
5725 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5726 return NT_STATUS_ACCESS_DENIED;
5727 }
5728 }
5729
5730 /* Ensure we have a valid stat struct for the source. */
5731 if (fsp->fh->fd != -1) {
5732 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5733 return map_nt_error_from_unix(errno);
5734 }
5735 } else {
5736 int ret = -1;
5737 if (fsp->posix_open) {
5738 ret = SMB_VFS_LSTAT(conn,fsp->fsp_name,&sbuf);
5739 } else {
5740 ret = SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf);
5741 }
5742 if (ret == -1) {
5743 return map_nt_error_from_unix(errno);
5744 }
5745 }
5746
5747 status = can_rename(conn, fsp, attrs, &sbuf);
5748
5749 if (!NT_STATUS_IS_OK(status)) {
5750 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5751 nt_errstr(status), fsp->fsp_name,newname));
5752 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5753 status = NT_STATUS_ACCESS_DENIED;
5754 return status;
5755 }
5756
5757 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5758 return NT_STATUS_ACCESS_DENIED;
5759 }
5760
5761 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5762 NULL);
5763
5764 /*
5765 * We have the file open ourselves, so not being able to get the
5766 * corresponding share mode lock is a fatal error.
5767 */
5768
5769 SMB_ASSERT(lck != NULL);
5770
5771 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5772 uint32 create_options = fsp->fh->private_options;
5773
5774 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5775 fsp->fsp_name,newname));
5776
5777 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5778
5779 rename_open_files(conn, lck, newname);
5780
5781 /*
5782 * A rename acts as a new file create w.r.t. allowing an initial delete
5783 * on close, probably because in Windows there is a new handle to the
5784 * new file. If initial delete on close was requested but not
5785 * originally set, we need to set it here. This is probably not 100% correct,
5786 * but will work for the CIFSFS client which in non-posix mode
5787 * depends on these semantics. JRA.
5788 */
5789
5790 if (create_options & FILE_DELETE_ON_CLOSE) {
5791 status = can_set_delete_on_close(fsp, True, 0);
5792
5793 if (NT_STATUS_IS_OK(status)) {
5794 /* Note that here we set the *inital* delete on close flag,
5795 * not the regular one. The magic gets handled in close. */
5796 fsp->initial_delete_on_close = True;
5797 }
5798 }
5799 TALLOC_FREE(lck);
5800 return NT_STATUS_OK;
5801 }
5802
5803 TALLOC_FREE(lck);
5804
5805 if (errno == ENOTDIR || errno == EISDIR) {
5806 status = NT_STATUS_OBJECT_NAME_COLLISION;
5807 } else {
5808 status = map_nt_error_from_unix(errno);
5809 }
5810
5811 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5812 nt_errstr(status), fsp->fsp_name,newname));
5813
5814 return status;
5815 }
5816
5817 /****************************************************************************
5818 The guts of the rename command, split out so it may be called by the NT SMB
5819 code.
5820 ****************************************************************************/
5821
5822 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5823 connection_struct *conn,
5824 struct smb_request *req,
5825 const char *name_in,
5826 const char *newname_in,
5827 uint32 attrs,
5828 bool replace_if_exists,
5829 bool src_has_wild,
5830 bool dest_has_wild,
5831 uint32_t access_mask)
5832 {
5833 char *directory = NULL;
5834 char *mask = NULL;
5835 char *last_component_src = NULL;
5836 char *last_component_dest = NULL;
5837 char *name = NULL;
5838 char *newname = NULL;
5839 char *p;
5840 int count=0;
5841 NTSTATUS status = NT_STATUS_OK;
5842 SMB_STRUCT_STAT sbuf1, sbuf2;
5843 struct smb_Dir *dir_hnd = NULL;
5844 const char *dname;
5845 long offset = 0;
5846 int create_options = 0;
5847 bool posix_pathnames = lp_posix_pathnames();
5848
5849 ZERO_STRUCT(sbuf1);
5850 ZERO_STRUCT(sbuf2);
5851
5852 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5853 &last_component_src, &sbuf1);
5854 if (!NT_STATUS_IS_OK(status)) {
5855 return status;
5856 }
5857
5858 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5859 &last_component_dest, &sbuf2);
5860 if (!NT_STATUS_IS_OK(status)) {
5861 return status;
5862 }
5863
5864 /*
5865 * Split the old name into directory and last component
5866 * strings. Note that unix_convert may have stripped off a
5867 * leading ./ from both name and newname if the rename is
5868 * at the root of the share. We need to make sure either both
5869 * name and newname contain a / character or neither of them do
5870 * as this is checked in resolve_wildcards().
5871 */
5872
5873 p = strrchr_m(name,'/');
5874 if (!p) {
5875 directory = talloc_strdup(ctx, ".");
5876 if (!directory) {
5877 return NT_STATUS_NO_MEMORY;
5878 }
5879 mask = name;
5880 } else {
5881 *p = 0;
5882 directory = talloc_strdup(ctx, name);
5883 if (!directory) {
5884 return NT_STATUS_NO_MEMORY;
5885 }
5886 mask = p+1;
5887 *p = '/'; /* Replace needed for exceptional test below. */
5888 }
5889
5890 /*
5891 * We should only check the mangled cache
5892 * here if unix_convert failed. This means
5893 * that the path in 'mask' doesn't exist
5894 * on the file system and so we need to look
5895 * for a possible mangle. This patch from
5896 * Tine Smukavec <valentin.smukavec@hermes.si>.
5897 */
5898
5899 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5900 char *new_mask = NULL;
5901 mangle_lookup_name_from_8_3(ctx,
5902 mask,
5903 &new_mask,
5904 conn->params );
5905 if (new_mask) {
5906 mask = new_mask;
5907 }
5908 }
5909
5910 if (!src_has_wild) {
5911 files_struct *fsp;
5912
5913 /*
5914 * No wildcards - just process the one file.
5915 */
5916 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5917
5918 /* Add a terminating '/' to the directory name. */
5919 directory = talloc_asprintf_append(directory,
5920 "/%s",
5921 mask);
5922 if (!directory) {
5923 return NT_STATUS_NO_MEMORY;
5924 }
5925
5926 /* Ensure newname contains a '/' also */
5927 if(strrchr_m(newname,'/') == 0) {
5928 newname = talloc_asprintf(ctx,
5929 "./%s",
5930 newname);
5931 if (!newname) {
5932 return NT_STATUS_NO_MEMORY;
5933 }
5934 }
5935
5936 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5937 "case_preserve = %d, short case preserve = %d, "
5938 "directory = %s, newname = %s, "
5939 "last_component_dest = %s, is_8_3 = %d\n",
5940 conn->case_sensitive, conn->case_preserve,
5941 conn->short_case_preserve, directory,
5942 newname, last_component_dest, is_short_name));
5943
5944 /* The dest name still may have wildcards. */
5945 if (dest_has_wild) {
5946 char *mod_newname = NULL;
5947 if (!resolve_wildcards(ctx,
5948 directory,newname,&mod_newname)) {
5949 DEBUG(6, ("rename_internals: resolve_wildcards "
5950 "%s %s failed\n",
5951 directory,
5952 newname));
5953 return NT_STATUS_NO_MEMORY;
5954 }
5955 newname = mod_newname;
5956 }
5957
5958 ZERO_STRUCT(sbuf1);
5959 if (posix_pathnames) {
5960 SMB_VFS_LSTAT(conn, directory, &sbuf1);
5961 } else {
5962 SMB_VFS_STAT(conn, directory, &sbuf1);
5963 }
5964
5965 if (S_ISDIR(sbuf1.st_mode)) {
5966 create_options |= FILE_DIRECTORY_FILE;
5967 }
5968
5969 status = SMB_VFS_CREATE_FILE(
5970 conn, /* conn */
5971 req, /* req */
5972 0, /* root_dir_fid */
5973 directory, /* fname */
5974 0, /* create_file_flags */
5975 access_mask, /* access_mask */
5976 (FILE_SHARE_READ | /* share_access */
5977 FILE_SHARE_WRITE),
5978 FILE_OPEN, /* create_disposition*/
5979 create_options, /* create_options */
5980 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
5981 0, /* oplock_request */
5982 0, /* allocation_size */
5983 NULL, /* sd */
5984 NULL, /* ea_list */
5985 &fsp, /* result */
5986 NULL, /* pinfo */
5987 &sbuf1); /* psbuf */
5988
5989 if (!NT_STATUS_IS_OK(status)) {
5990 DEBUG(3, ("Could not open rename source %s: %s\n",
5991 directory, nt_errstr(status)));
5992 return status;
5993 }
5994
5995 status = rename_internals_fsp(conn, fsp, newname,
5996 last_component_dest,
5997 attrs, replace_if_exists);
5998
5999 close_file(req, fsp, NORMAL_CLOSE);
6000
6001 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6002 nt_errstr(status), directory,newname));
6003
6004 return status;
6005 }
6006
6007 /*
6008 * Wildcards - process each file that matches.
6009 */
6010 if (strequal(mask,"????????.???")) {
6011 mask[0] = '*';
6012 mask[1] = '\0';
6013 }
6014
6015 status = check_name(conn, directory);
6016 if (!NT_STATUS_IS_OK(status)) {
6017 return status;
6018 }
6019
6020 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
6021 if (dir_hnd == NULL) {
6022 return map_nt_error_from_unix(errno);
6023 }
6024
6025 status = NT_STATUS_NO_SUCH_FILE;
6026 /*
6027 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6028 * - gentest fix. JRA
6029 */
6030
6031 while ((dname = ReadDirName(dir_hnd, &offset, &sbuf1))) {
6032 files_struct *fsp = NULL;
6033 char *fname = NULL;
6034 char *destname = NULL;
6035 bool sysdir_entry = False;
6036
6037 /* Quick check for "." and ".." */
6038 if (ISDOT(dname) || ISDOTDOT(dname)) {
6039 if (attrs & aDIR) {
6040 sysdir_entry = True;
6041 } else {
6042 continue;
6043 }
6044 }
6045
6046 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6047 continue;
6048 }
6049
6050 if(!mask_match(dname, mask, conn->case_sensitive)) {
6051 continue;
6052 }
6053
6054 if (sysdir_entry) {
6055 status = NT_STATUS_OBJECT_NAME_INVALID;
6056 break;
6057 }
6058
6059 fname = talloc_asprintf(ctx,
6060 "%s/%s",
6061 directory,
6062 dname);
6063 if (!fname) {
6064 return NT_STATUS_NO_MEMORY;
6065 }
6066
6067 if (!resolve_wildcards(ctx,
6068 fname,newname,&destname)) {
6069 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6070 fname, destname));
6071 TALLOC_FREE(fname);
6072 continue;
6073 }
6074 if (!destname) {
6075 return NT_STATUS_NO_MEMORY;
6076 }
6077
6078 ZERO_STRUCT(sbuf1);
6079 if (posix_pathnames) {
6080 SMB_VFS_LSTAT(conn, fname, &sbuf1);
6081 } else {
6082 SMB_VFS_STAT(conn, fname, &sbuf1);
6083 }
6084
6085 create_options = 0;
6086
6087 if (S_ISDIR(sbuf1.st_mode)) {
6088 create_options |= FILE_DIRECTORY_FILE;
6089 }
6090
6091 status = SMB_VFS_CREATE_FILE(
6092 conn, /* conn */
6093 req, /* req */
6094 0, /* root_dir_fid */
6095 fname, /* fname */
6096 0, /* create_file_flags */
6097 access_mask, /* access_mask */
6098 (FILE_SHARE_READ | /* share_access */
6099 FILE_SHARE_WRITE),
6100 FILE_OPEN, /* create_disposition*/
6101 create_options, /* create_options */
6102 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6103 0, /* oplock_request */
6104 0, /* allocation_size */
6105 NULL, /* sd */
6106 NULL, /* ea_list */
6107 &fsp, /* result */
6108 NULL, /* pinfo */
6109 &sbuf1); /* psbuf */
6110
6111 if (!NT_STATUS_IS_OK(status)) {
6112 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6113 "returned %s rename %s -> %s\n",
6114 nt_errstr(status), directory, newname));
6115 break;
6116 }
6117
6118 status = rename_internals_fsp(conn, fsp, destname, dname,
6119 attrs, replace_if_exists);
6120
6121 close_file(req, fsp, NORMAL_CLOSE);
6122
6123 if (!NT_STATUS_IS_OK(status)) {
6124 DEBUG(3, ("rename_internals_fsp returned %s for "
6125 "rename %s -> %s\n", nt_errstr(status),
6126 directory, newname));
6127 break;
6128 }
6129
6130 count++;
6131
6132 DEBUG(3,("rename_internals: doing rename on %s -> "
6133 "%s\n",fname,destname));
6134
6135 TALLOC_FREE(fname);
6136 TALLOC_FREE(destname);
6137 }
6138 TALLOC_FREE(dir_hnd);
6139
6140 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6141 status = map_nt_error_from_unix(errno);
6142 }
6143
6144 return status;
6145 }
6146
6147 /****************************************************************************
6148 Reply to a mv.
6149 ****************************************************************************/
6150
6151 void reply_mv(struct smb_request *req)
6152 {
6153 connection_struct *conn = req->conn;
6154 char *name = NULL;
6155 char *newname = NULL;
6156 const char *p;
6157 uint32 attrs;
6158 NTSTATUS status;
6159 bool src_has_wcard = False;
6160 bool dest_has_wcard = False;
6161 TALLOC_CTX *ctx = talloc_tos();
6162
6163 START_PROFILE(SMBmv);
6164
6165 if (req->wct < 1) {
6166 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6167 END_PROFILE(SMBmv);
6168 return;
6169 }
6170
6171 attrs = SVAL(req->vwv+0, 0);
6172
6173 p = (const char *)req->buf + 1;
6174 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6175 &status, &src_has_wcard);
6176 if (!NT_STATUS_IS_OK(status)) {
6177 reply_nterror(req, status);
6178 END_PROFILE(SMBmv);
6179 return;
6180 }
6181 p++;
6182 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6183 &status, &dest_has_wcard);
6184 if (!NT_STATUS_IS_OK(status)) {
6185 reply_nterror(req, status);
6186 END_PROFILE(SMBmv);
6187 return;
6188 }
6189
6190 status = resolve_dfspath_wcard(ctx, conn,
6191 req->flags2 & FLAGS2_DFS_PATHNAMES,
6192 name,
6193 &name,
6194 &src_has_wcard);
6195 if (!NT_STATUS_IS_OK(status)) {
6196 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6197 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6198 ERRSRV, ERRbadpath);
6199 END_PROFILE(SMBmv);
6200 return;
6201 }
6202 reply_nterror(req, status);
6203 END_PROFILE(SMBmv);
6204 return;
6205 }
6206
6207 status = resolve_dfspath_wcard(ctx, conn,
6208 req->flags2 & FLAGS2_DFS_PATHNAMES,
6209 newname,
6210 &newname,
6211 &dest_has_wcard);
6212 if (!NT_STATUS_IS_OK(status)) {
6213 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6214 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6215 ERRSRV, ERRbadpath);
6216 END_PROFILE(SMBmv);
6217 return;
6218 }
6219 reply_nterror(req, status);
6220 END_PROFILE(SMBmv);
6221 return;
6222 }
6223
6224 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
6225
6226 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
6227 src_has_wcard, dest_has_wcard, DELETE_ACCESS);
6228 if (!NT_STATUS_IS_OK(status)) {
6229 if (open_was_deferred(req->mid)) {
6230 /* We have re-scheduled this call. */
6231 END_PROFILE(SMBmv);
6232 return;
6233 }
6234 reply_nterror(req, status);
6235 END_PROFILE(SMBmv);
6236 return;
6237 }
6238
6239 reply_outbuf(req, 0, 0);
6240
6241 END_PROFILE(SMBmv);
6242 return;
6243 }
6244
6245 /*******************************************************************
6246 Copy a file as part of a reply_copy.
6247 ******************************************************************/
6248
6249 /*
6250 * TODO: check error codes on all callers
6251 */
6252
6253 NTSTATUS copy_file(TALLOC_CTX *ctx,
6254 connection_struct *conn,
6255 const char *src,
6256 const char *dest1,
6257 int ofun,
6258 int count,
6259 bool target_is_directory)
6260 {
6261 SMB_STRUCT_STAT src_sbuf, sbuf2;
6262 SMB_OFF_T ret=-1;
6263 files_struct *fsp1,*fsp2;
6264 char *dest = NULL;
6265 uint32 dosattrs;
6266 uint32 new_create_disposition;
6267 NTSTATUS status;
6268
6269 dest = talloc_strdup(ctx, dest1);
6270 if (!dest) {
6271 return NT_STATUS_NO_MEMORY;
6272 }
6273 if (target_is_directory) {
6274 const char *p = strrchr_m(src,'/');
6275 if (p) {
6276 p++;
6277 } else {
6278 p = src;
6279 }
6280 dest = talloc_asprintf_append(dest,
6281 "/%s",
6282 p);
6283 if (!dest) {
6284 return NT_STATUS_NO_MEMORY;
6285 }
6286 }
6287
6288 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6289 TALLOC_FREE(dest);
6290 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6291 }
6292
6293 if (!target_is_directory && count) {
6294 new_create_disposition = FILE_OPEN;
6295 } else {
6296 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6297 NULL, NULL, &new_create_disposition, NULL)) {
6298 TALLOC_FREE(dest);
6299 return NT_STATUS_INVALID_PARAMETER;
6300 }
6301 }
6302
6303 status = SMB_VFS_CREATE_FILE(
6304 conn, /* conn */
6305 NULL, /* req */
6306 0, /* root_dir_fid */
6307 src, /* fname */
6308 0, /* create_file_flags */
6309 FILE_GENERIC_READ, /* access_mask */
6310 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6311 FILE_OPEN, /* create_disposition*/
6312 0, /* create_options */
6313 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6314 INTERNAL_OPEN_ONLY, /* oplock_request */
6315 0, /* allocation_size */
6316 NULL, /* sd */
6317 NULL, /* ea_list */
6318 &fsp1, /* result */
6319 NULL, /* pinfo */
6320 &src_sbuf); /* psbuf */
6321
6322 if (!NT_STATUS_IS_OK(status)) {
6323 TALLOC_FREE(dest);
6324 return status;
6325 }
6326
6327 dosattrs = dos_mode(conn, src, &src_sbuf);
6328 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6329 ZERO_STRUCTP(&sbuf2);
6330 }
6331
6332 status = SMB_VFS_CREATE_FILE(
6333 conn, /* conn */
6334 NULL, /* req */
6335 0, /* root_dir_fid */
6336 dest, /* fname */
6337 0, /* create_file_flags */
6338 FILE_GENERIC_WRITE, /* access_mask */
6339 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6340 new_create_disposition, /* create_disposition*/
6341 0, /* create_options */
6342 dosattrs, /* file_attributes */
6343 INTERNAL_OPEN_ONLY, /* oplock_request */
6344 0, /* allocation_size */
6345 NULL, /* sd */
6346 NULL, /* ea_list */
6347 &fsp2, /* result */
6348 NULL, /* pinfo */
6349 &sbuf2); /* psbuf */
6350
6351 TALLOC_FREE(dest);
6352
6353 if (!NT_STATUS_IS_OK(status)) {
6354 close_file(NULL, fsp1, ERROR_CLOSE);
6355 return status;
6356 }
6357
6358 if ((ofun&3) == 1) {
6359 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6360 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6361 /*
6362 * Stop the copy from occurring.
6363 */
6364 ret = -1;
6365 src_sbuf.st_size = 0;
6366 }
6367 }
6368
6369 if (src_sbuf.st_size) {
6370 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6371 }
6372
6373 close_file(NULL, fsp1, NORMAL_CLOSE);
6374
6375 /* Ensure the modtime is set correctly on the destination file. */
6376 set_close_write_time(fsp2, get_mtimespec(&src_sbuf));
6377
6378 /*
6379 * As we are opening fsp1 read-only we only expect
6380 * an error on close on fsp2 if we are out of space.
6381 * Thus we don't look at the error return from the
6382 * close of fsp1.
6383 */
6384 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6385
6386 if (!NT_STATUS_IS_OK(status)) {
6387 return status;
6388 }
6389
6390 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6391 return NT_STATUS_DISK_FULL;
6392 }
6393
6394 return NT_STATUS_OK;
6395 }
6396
6397 /****************************************************************************
6398 Reply to a file copy.
6399 ****************************************************************************/
6400
6401 void reply_copy(struct smb_request *req)
6402 {
6403 connection_struct *conn = req->conn;
6404 char *name = NULL;
6405 char *newname = NULL;
6406 char *directory = NULL;
6407 const char *mask = NULL;
6408 const char mask_star[] = "*";
6409 const char *p;
6410 int count=0;
6411 int error = ERRnoaccess;
6412 int err = 0;
6413 int tid2;
6414 int ofun;
6415 int flags;
6416 bool target_is_directory=False;
6417 bool source_has_wild = False;
6418 bool dest_has_wild = False;
6419 SMB_STRUCT_STAT sbuf1, sbuf2;
6420 NTSTATUS status;
6421 TALLOC_CTX *ctx = talloc_tos();
6422
6423 START_PROFILE(SMBcopy);
6424
6425 if (req->wct < 3) {
6426 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6427 END_PROFILE(SMBcopy);
6428 return;
6429 }
6430
6431 tid2 = SVAL(req->vwv+0, 0);
6432 ofun = SVAL(req->vwv+1, 0);
6433 flags = SVAL(req->vwv+2, 0);
6434
6435 p = (const char *)req->buf;
6436 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6437 &status, &source_has_wild);
6438 if (!NT_STATUS_IS_OK(status)) {
6439 reply_nterror(req, status);
6440 END_PROFILE(SMBcopy);
6441 return;
6442 }
6443 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6444 &status, &dest_has_wild);
6445 if (!NT_STATUS_IS_OK(status)) {
6446 reply_nterror(req, status);
6447 END_PROFILE(SMBcopy);
6448 return;
6449 }
6450
6451 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6452
6453 if (tid2 != conn->cnum) {
6454 /* can't currently handle inter share copies XXXX */
6455 DEBUG(3,("Rejecting inter-share copy\n"));
6456 reply_doserror(req, ERRSRV, ERRinvdevice);
6457 END_PROFILE(SMBcopy);
6458 return;
6459 }
6460
6461 status = resolve_dfspath_wcard(ctx, conn,
6462 req->flags2 & FLAGS2_DFS_PATHNAMES,
6463 name,
6464 &name,
6465 &source_has_wild);
6466 if (!NT_STATUS_IS_OK(status)) {
6467 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6468 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6469 ERRSRV, ERRbadpath);
6470 END_PROFILE(SMBcopy);
6471 return;
6472 }
6473 reply_nterror(req, status);
6474 END_PROFILE(SMBcopy);
6475 return;
6476 }
6477
6478 status = resolve_dfspath_wcard(ctx, conn,
6479 req->flags2 & FLAGS2_DFS_PATHNAMES,
6480 newname,
6481 &newname,
6482 &dest_has_wild);
6483 if (!NT_STATUS_IS_OK(status)) {
6484 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6485 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6486 ERRSRV, ERRbadpath);
6487 END_PROFILE(SMBcopy);
6488 return;
6489 }
6490 reply_nterror(req, status);
6491 END_PROFILE(SMBcopy);
6492 return;
6493 }
6494
6495 status = unix_convert(ctx, conn, name, source_has_wild,
6496 &name, NULL, &sbuf1);
6497 if (!NT_STATUS_IS_OK(status)) {
6498 reply_nterror(req, status);
6499 END_PROFILE(SMBcopy);
6500 return;
6501 }
6502
6503 status = unix_convert(ctx, conn, newname, dest_has_wild,
6504 &newname, NULL, &sbuf2);
6505 if (!NT_STATUS_IS_OK(status)) {
6506 reply_nterror(req, status);
6507 END_PROFILE(SMBcopy);
6508 return;
6509 }
6510
6511 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6512
6513 if ((flags&1) && target_is_directory) {
6514 reply_doserror(req, ERRDOS, ERRbadfile);
6515 END_PROFILE(SMBcopy);
6516 return;
6517 }
6518
6519 if ((flags&2) && !target_is_directory) {
6520 reply_doserror(req, ERRDOS, ERRbadpath);
6521 END_PROFILE(SMBcopy);
6522 return;
6523 }
6524
6525 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6526 /* wants a tree copy! XXXX */
6527 DEBUG(3,("Rejecting tree copy\n"));
6528 reply_doserror(req, ERRSRV, ERRerror);
6529 END_PROFILE(SMBcopy);
6530 return;
6531 }
6532
6533 p = strrchr_m(name,'/');
6534 if (p != NULL) {
6535 directory = talloc_strndup(ctx, name, PTR_DIFF(p, name));
6536 mask = p+1;
6537 } else {
6538 directory = talloc_strdup(ctx, "./");
6539 mask = name;
6540 }
6541
6542 if (!directory) {
6543 reply_nterror(req, NT_STATUS_NO_MEMORY);
6544 END_PROFILE(SMBcopy);
6545 return;
6546 }
6547
6548 /*
6549 * We should only check the mangled cache
6550 * here if unix_convert failed. This means
6551 * that the path in 'mask' doesn't exist
6552 * on the file system and so we need to look
6553 * for a possible mangle. This patch from
6554 * Tine Smukavec <valentin.smukavec@hermes.si>.
6555 */
6556
6557 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6558 char *new_mask = NULL;
6559 mangle_lookup_name_from_8_3(ctx,
6560 mask,
6561 &new_mask,
6562 conn->params );
6563 if (new_mask) {
6564 mask = new_mask;
6565 }
6566 }
6567
6568 if (!source_has_wild) {
6569 directory = talloc_asprintf_append(directory,
6570 "/%s",
6571 mask);
6572 if (dest_has_wild) {
6573 char *mod_newname = NULL;
6574 if (!resolve_wildcards(ctx,
6575 directory,newname,&mod_newname)) {
6576 reply_nterror(req, NT_STATUS_NO_MEMORY);
6577 END_PROFILE(SMBcopy);
6578 return;
6579 }
6580 newname = mod_newname;
6581 }
6582
6583 status = check_name(conn, directory);
6584 if (!NT_STATUS_IS_OK(status)) {
6585 reply_nterror(req, status);
6586 END_PROFILE(SMBcopy);
6587 return;
6588 }
6589
6590 status = check_name(conn, newname);
6591 if (!NT_STATUS_IS_OK(status)) {
6592 reply_nterror(req, status);
6593 END_PROFILE(SMBcopy);
6594 return;
6595 }
6596
6597 status = copy_file(ctx,conn,directory,newname,ofun,
6598 count,target_is_directory);
6599
6600 if(!NT_STATUS_IS_OK(status)) {
6601 reply_nterror(req, status);
6602 END_PROFILE(SMBcopy);
6603 return;
6604 } else {
6605 count++;
6606 }
6607 } else {
6608 struct smb_Dir *dir_hnd = NULL;
6609 const char *dname = NULL;
6610 long offset = 0;
6611
6612 if (strequal(mask,"????????.???")) {
6613 mask = mask_star;
6614 }
6615
6616 status = check_name(conn, directory);
6617 if (!NT_STATUS_IS_OK(status)) {
6618 reply_nterror(req, status);
6619 END_PROFILE(SMBcopy);
6620 return;
6621 }
6622
6623 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6624 if (dir_hnd == NULL) {
6625 status = map_nt_error_from_unix(errno);
6626 reply_nterror(req, status);
6627 END_PROFILE(SMBcopy);
6628 return;
6629 }
6630
6631 error = ERRbadfile;
6632
6633 while ((dname = ReadDirName(dir_hnd, &offset, &sbuf1))) {
6634 char *destname = NULL;
6635 char *fname = NULL;
6636
6637 if (ISDOT(dname) || ISDOTDOT(dname)) {
6638 continue;
6639 }
6640
6641 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6642 continue;
6643 }
6644
6645 if(!mask_match(dname, mask, conn->case_sensitive)) {
6646 continue;
6647 }
6648
6649 error = ERRnoaccess;
6650 fname = talloc_asprintf(ctx,
6651 "%s/%s",
6652 directory,
6653 dname);
6654 if (!fname) {
6655 TALLOC_FREE(dir_hnd);
6656 reply_nterror(req, NT_STATUS_NO_MEMORY);
6657 END_PROFILE(SMBcopy);
6658 return;
6659 }
6660
6661 if (!resolve_wildcards(ctx,
6662 fname,newname,&destname)) {
6663 continue;
6664 }
6665 if (!destname) {
6666 TALLOC_FREE(dir_hnd);
6667 reply_nterror(req, NT_STATUS_NO_MEMORY);
6668 END_PROFILE(SMBcopy);
6669 return;
6670 }
6671
6672 status = check_name(conn, fname);
6673 if (!NT_STATUS_IS_OK(status)) {
6674 TALLOC_FREE(dir_hnd);
6675 reply_nterror(req, status);
6676 END_PROFILE(SMBcopy);
6677 return;
6678 }
6679
6680 status = check_name(conn, destname);
6681 if (!NT_STATUS_IS_OK(status)) {
6682 TALLOC_FREE(dir_hnd);
6683 reply_nterror(req, status);
6684 END_PROFILE(SMBcopy);
6685 return;
6686 }
6687
6688 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6689
6690 status = copy_file(ctx,conn,fname,destname,ofun,
6691 count,target_is_directory);
6692 if (NT_STATUS_IS_OK(status)) {
6693 count++;
6694 }
6695 TALLOC_FREE(fname);
6696 TALLOC_FREE(destname);
6697 }
6698 TALLOC_FREE(dir_hnd);
6699 }
6700
6701 if (count == 0) {
6702 if(err) {
6703 /* Error on close... */
6704 errno = err;
6705 reply_unixerror(req, ERRHRD, ERRgeneral);
6706 END_PROFILE(SMBcopy);
6707 return;
6708 }
6709
6710 reply_doserror(req, ERRDOS, error);
6711 END_PROFILE(SMBcopy);
6712 return;
6713 }
6714
6715 reply_outbuf(req, 1, 0);
6716 SSVAL(req->outbuf,smb_vwv0,count);
6717
6718 END_PROFILE(SMBcopy);
6719 return;
6720 }
6721
6722 #undef DBGC_CLASS
6723 #define DBGC_CLASS DBGC_LOCKING
6724
6725 /****************************************************************************
6726 Get a lock pid, dealing with large count requests.
6727 ****************************************************************************/
6728
6729 uint32 get_lock_pid(const uint8_t *data, int data_offset,
6730 bool large_file_format)
6731 {
6732 if(!large_file_format)
6733 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6734 else
6735 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6736 }
6737
6738 /****************************************************************************
6739 Get a lock count, dealing with large count requests.
6740 ****************************************************************************/
6741
6742 uint64_t get_lock_count(const uint8_t *data, int data_offset,
6743 bool large_file_format)
6744 {
6745 uint64_t count = 0;
6746
6747 if(!large_file_format) {
6748 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6749 } else {
6750
6751 #if defined(HAVE_LONGLONG)
6752 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6753 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6754 #else /* HAVE_LONGLONG */
6755
6756 /*
6757 * NT4.x seems to be broken in that it sends large file (64 bit)
6758 * lockingX calls even if the CAP_LARGE_FILES was *not*
6759 * negotiated. For boxes without large unsigned ints truncate the
6760 * lock count by dropping the top 32 bits.
6761 */
6762
6763 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6764 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6765 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6766 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6767 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6768 }
6769
6770 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6771 #endif /* HAVE_LONGLONG */
6772 }
6773
6774 return count;
6775 }
6776
6777 #if !defined(HAVE_LONGLONG)
6778 /****************************************************************************
6779 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6780 ****************************************************************************/
6781
6782 static uint32 map_lock_offset(uint32 high, uint32 low)
6783 {
6784 unsigned int i;
6785 uint32 mask = 0;
6786 uint32 highcopy = high;
6787
6788 /*
6789 * Try and find out how many significant bits there are in high.
6790 */
6791
6792 for(i = 0; highcopy; i++)
6793 highcopy >>= 1;
6794
6795 /*
6796 * We use 31 bits not 32 here as POSIX
6797 * lock offsets may not be negative.
6798 */
6799
6800 mask = (~0) << (31 - i);
6801
6802 if(low & mask)
6803 return 0; /* Fail. */
6804
6805 high <<= (31 - i);
6806
6807 return (high|low);
6808 }
6809 #endif /* !defined(HAVE_LONGLONG) */
6810
6811 /****************************************************************************
6812 Get a lock offset, dealing with large offset requests.
6813 ****************************************************************************/
6814
6815 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
6816 bool large_file_format, bool *err)
6817 {
6818 uint64_t offset = 0;
6819
6820 *err = False;
6821
6822 if(!large_file_format) {
6823 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6824 } else {
6825
6826 #if defined(HAVE_LONGLONG)
6827 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6828 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6829 #else /* HAVE_LONGLONG */
6830
6831 /*
6832 * NT4.x seems to be broken in that it sends large file (64 bit)
6833 * lockingX calls even if the CAP_LARGE_FILES was *not*
6834 * negotiated. For boxes without large unsigned ints mangle the
6835 * lock offset by mapping the top 32 bits onto the lower 32.
6836 */
6837
6838 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6839 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6840 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6841 uint32 new_low = 0;
6842
6843 if((new_low = map_lock_offset(high, low)) == 0) {
6844 *err = True;
6845 return (uint64_t)-1;
6846 }
6847
6848 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6849 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6850 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6851 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6852 }
6853
6854 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6855 #endif /* HAVE_LONGLONG */
6856 }
6857
6858 return offset;
6859 }
6860
6861 /****************************************************************************
6862 Reply to a lockingX request.
6863 ****************************************************************************/
6864
6865 void reply_lockingX(struct smb_request *req)
6866 {
6867 connection_struct *conn = req->conn;
6868 files_struct *fsp;
6869 unsigned char locktype;
6870 unsigned char oplocklevel;
6871 uint16 num_ulocks;
6872 uint16 num_locks;
6873 uint64_t count = 0, offset = 0;
6874 uint32 lock_pid;
6875 int32 lock_timeout;
6876 int i;
6877 const uint8_t *data;
6878 bool large_file_format;
6879 bool err;
6880 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6881
6882 START_PROFILE(SMBlockingX);
6883
6884 if (req->wct < 8) {
6885 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6886 END_PROFILE(SMBlockingX);
6887 return;
6888 }
6889
6890 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
6891 locktype = CVAL(req->vwv+3, 0);
6892 oplocklevel = CVAL(req->vwv+3, 1);
6893 num_ulocks = SVAL(req->vwv+6, 0);
6894 num_locks = SVAL(req->vwv+7, 0);
6895 lock_timeout = IVAL(req->vwv+4, 0);
6896 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6897
6898 if (!check_fsp(conn, req, fsp)) {
6899 END_PROFILE(SMBlockingX);
6900 return;
6901 }
6902
6903 data = req->buf;
6904
6905 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6906 /* we don't support these - and CANCEL_LOCK makes w2k
6907 and XP reboot so I don't really want to be
6908 compatible! (tridge) */
6909 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6910 END_PROFILE(SMBlockingX);
6911 return;
6912 }
6913
6914 /* Check if this is an oplock break on a file
6915 we have granted an oplock on.
6916 */
6917 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6918 /* Client can insist on breaking to none. */
6919 bool break_to_none = (oplocklevel == 0);
6920 bool result;
6921
6922 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6923 "for fnum = %d\n", (unsigned int)oplocklevel,
6924 fsp->fnum ));
6925
6926 /*
6927 * Make sure we have granted an exclusive or batch oplock on
6928 * this file.
6929 */
6930
6931 if (fsp->oplock_type == 0) {
6932
6933 /* The Samba4 nbench simulator doesn't understand
6934 the difference between break to level2 and break
6935 to none from level2 - it sends oplock break
6936 replies in both cases. Don't keep logging an error
6937 message here - just ignore it. JRA. */
6938
6939 DEBUG(5,("reply_lockingX: Error : oplock break from "
6940 "client for fnum = %d (oplock=%d) and no "
6941 "oplock granted on this file (%s).\n",
6942 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6943
6944 /* if this is a pure oplock break request then don't
6945 * send a reply */
6946 if (num_locks == 0 && num_ulocks == 0) {
6947 END_PROFILE(SMBlockingX);
6948 return;
6949 } else {
6950 END_PROFILE(SMBlockingX);
6951 reply_doserror(req, ERRDOS, ERRlock);
6952 return;
6953 }
6954 }
6955
6956 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6957 (break_to_none)) {
6958 result = remove_oplock(fsp);
6959 } else {
6960 result = downgrade_oplock(fsp);
6961 }
6962
6963 if (!result) {
6964 DEBUG(0, ("reply_lockingX: error in removing "
6965 "oplock on file %s\n", fsp->fsp_name));
6966 /* Hmmm. Is this panic justified? */
6967 smb_panic("internal tdb error");
6968 }
6969
6970 reply_to_oplock_break_requests(fsp);
6971
6972 /* if this is a pure oplock break request then don't send a
6973 * reply */
6974 if (num_locks == 0 && num_ulocks == 0) {
6975 /* Sanity check - ensure a pure oplock break is not a
6976 chained request. */
6977 if(CVAL(req->vwv+0, 0) != 0xff)
6978 DEBUG(0,("reply_lockingX: Error : pure oplock "
6979 "break is a chained %d request !\n",
6980 (unsigned int)CVAL(req->vwv+0, 0)));
6981 END_PROFILE(SMBlockingX);
6982 return;
6983 }
6984 }
6985
6986 if (req->buflen <
6987 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6988 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6989 END_PROFILE(SMBlockingX);
6990 return;
6991 }
6992
6993 /* Data now points at the beginning of the list
6994 of smb_unlkrng structs */
6995 for(i = 0; i < (int)num_ulocks; i++) {
6996 lock_pid = get_lock_pid( data, i, large_file_format);
6997 count = get_lock_count( data, i, large_file_format);
6998 offset = get_lock_offset( data, i, large_file_format, &err);
6999
7000 /*
7001 * There is no error code marked "stupid client bug".... :-).
7002 */
7003 if(err) {
7004 END_PROFILE(SMBlockingX);
7005 reply_doserror(req, ERRDOS, ERRnoaccess);
7006 return;
7007 }
7008
7009 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
7010 "pid %u, file %s\n", (double)offset, (double)count,
7011 (unsigned int)lock_pid, fsp->fsp_name ));
7012
7013 status = do_unlock(smbd_messaging_context(),
7014 fsp,
7015 lock_pid,
7016 count,
7017 offset,
7018 WINDOWS_LOCK);
7019
7020 DEBUG(10, ("reply_lockingX: unlock returned %s\n",
7021 nt_errstr(status)));
7022
7023 if (NT_STATUS_V(status)) {
7024 END_PROFILE(SMBlockingX);
7025 reply_nterror(req, status);
7026 return;
7027 }
7028 }
7029
7030 /* Setup the timeout in seconds. */
7031
7032 if (!lp_blocking_locks(SNUM(conn))) {
7033 lock_timeout = 0;
7034 }
7035
7036 /* Now do any requested locks */
7037 data += ((large_file_format ? 20 : 10)*num_ulocks);
7038
7039 /* Data now points at the beginning of the list
7040 of smb_lkrng structs */
7041
7042 for(i = 0; i < (int)num_locks; i++) {
7043 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
7044 READ_LOCK:WRITE_LOCK);
7045 lock_pid = get_lock_pid( data, i, large_file_format);
7046 count = get_lock_count( data, i, large_file_format);
7047 offset = get_lock_offset( data, i, large_file_format, &err);
7048
7049 /*
7050 * There is no error code marked "stupid client bug".... :-).
7051 */
7052 if(err) {
7053 END_PROFILE(SMBlockingX);
7054 reply_doserror(req, ERRDOS, ERRnoaccess);
7055 return;
7056 }
7057
7058 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
7059 "%u, file %s timeout = %d\n", (double)offset,
7060 (double)count, (unsigned int)lock_pid,
7061 fsp->fsp_name, (int)lock_timeout ));
7062
7063 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7064 struct blocking_lock_record *blr = NULL;
7065
7066 if (lp_blocking_locks(SNUM(conn))) {
7067
7068 /* Schedule a message to ourselves to
7069 remove the blocking lock record and
7070 return the right error. */
7071
7072 blr = blocking_lock_cancel(fsp,
7073 lock_pid,
7074 offset,
7075 count,
7076 WINDOWS_LOCK,
7077 locktype,
7078 NT_STATUS_FILE_LOCK_CONFLICT);
7079 if (blr == NULL) {
7080 END_PROFILE(SMBlockingX);
7081 reply_nterror(
7082 req,
7083 NT_STATUS_DOS(
7084 ERRDOS,
7085 ERRcancelviolation));
7086 return;
7087 }
7088 }
7089 /* Remove a matching pending lock. */
7090 status = do_lock_cancel(fsp,
7091 lock_pid,
7092 count,
7093 offset,
7094 WINDOWS_LOCK,
7095 blr);
7096 } else {
7097 bool blocking_lock = lock_timeout ? True : False;
7098 bool defer_lock = False;
7099 struct byte_range_lock *br_lck;
7100 uint32 block_smbpid;
7101
7102 br_lck = do_lock(smbd_messaging_context(),
7103 fsp,
7104 lock_pid,
7105 count,
7106 offset,
7107 lock_type,
7108 WINDOWS_LOCK,
7109 blocking_lock,
7110 &status,
7111 &block_smbpid,
7112 NULL);
7113
7114 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7115 /* Windows internal resolution for blocking locks seems
7116 to be about 200ms... Don't wait for less than that. JRA. */
7117 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
7118 lock_timeout = lp_lock_spin_time();
7119 }
7120 defer_lock = True;
7121 }
7122
7123 /* This heuristic seems to match W2K3 very well. If a
7124 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
7125 it pretends we asked for a timeout of between 150 - 300 milliseconds as
7126 far as I can tell. Replacement for do_lock_spin(). JRA. */
7127
7128 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
7129 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
7130 defer_lock = True;
7131 lock_timeout = lp_lock_spin_time();
7132 }
7133
7134 if (br_lck && defer_lock) {
7135 /*
7136 * A blocking lock was requested. Package up
7137 * this smb into a queued request and push it
7138 * onto the blocking lock queue.
7139 */
7140 if(push_blocking_lock_request(br_lck,
7141 req,
7142 fsp,
7143 lock_timeout,
7144 i,
7145 lock_pid,
7146 lock_type,
7147 WINDOWS_LOCK,
7148 offset,
7149 count,
7150 block_smbpid)) {
7151 TALLOC_FREE(br_lck);
7152 END_PROFILE(SMBlockingX);
7153 return;
7154 }
7155 }
7156
7157 TALLOC_FREE(br_lck);
7158 }
7159
7160 if (NT_STATUS_V(status)) {
7161 END_PROFILE(SMBlockingX);
7162 reply_nterror(req, status);
7163 return;
7164 }
7165 }
7166
7167 /* If any of the above locks failed, then we must unlock
7168 all of the previous locks (X/Open spec). */
7169
7170 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
7171 (i != num_locks) &&
7172 (num_locks != 0)) {
7173 /*
7174 * Ensure we don't do a remove on the lock that just failed,
7175 * as under POSIX rules, if we have a lock already there, we
7176 * will delete it (and we shouldn't) .....
7177 */
7178 for(i--; i >= 0; i--) {
7179 lock_pid = get_lock_pid( data, i, large_file_format);
7180 count = get_lock_count( data, i, large_file_format);
7181 offset = get_lock_offset( data, i, large_file_format,
7182 &err);
7183
7184 /*
7185 * There is no error code marked "stupid client
7186 * bug".... :-).
7187 */
7188 if(err) {
7189 END_PROFILE(SMBlockingX);
7190 reply_doserror(req, ERRDOS, ERRnoaccess);
7191 return;
7192 }
7193
7194 do_unlock(smbd_messaging_context(),
7195 fsp,
7196 lock_pid,
7197 count,
7198 offset,
7199 WINDOWS_LOCK);
7200 }
7201 END_PROFILE(SMBlockingX);
7202 reply_nterror(req, status);
7203 return;
7204 }
7205
7206 reply_outbuf(req, 2, 0);
7207
7208 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7209 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7210
7211 END_PROFILE(SMBlockingX);
7212 chain_reply(req);
7213 }
7214
7215 #undef DBGC_CLASS
7216 #define DBGC_CLASS DBGC_ALL
7217
7218 /****************************************************************************
7219 Reply to a SMBreadbmpx (read block multiplex) request.
7220 Always reply with an error, if someone has a platform really needs this,
7221 please contact vl@samba.org
7222 ****************************************************************************/
7223
7224 void reply_readbmpx(struct smb_request *req)
7225 {
7226 START_PROFILE(SMBreadBmpx);
7227 reply_doserror(req, ERRSRV, ERRuseSTD);
7228 END_PROFILE(SMBreadBmpx);
7229 return;
7230 }
7231
7232 /****************************************************************************
7233 Reply to a SMBreadbs (read block multiplex secondary) request.
7234 Always reply with an error, if someone has a platform really needs this,
7235 please contact vl@samba.org
7236 ****************************************************************************/
7237
7238 void reply_readbs(struct smb_request *req)
7239 {
7240 START_PROFILE(SMBreadBs);
7241 reply_doserror(req, ERRSRV, ERRuseSTD);
7242 END_PROFILE(SMBreadBs);
7243 return;
7244 }
7245
7246 /****************************************************************************
7247 Reply to a SMBsetattrE.
7248 ****************************************************************************/
7249
7250 void reply_setattrE(struct smb_request *req)
7251 {
7252 connection_struct *conn = req->conn;
7253 struct smb_file_time ft;
7254 files_struct *fsp;
7255 SMB_STRUCT_STAT sbuf;
7256 NTSTATUS status;
7257
7258 START_PROFILE(SMBsetattrE);
7259 ZERO_STRUCT(ft);
7260
7261 if (req->wct < 7) {
7262 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7263 END_PROFILE(SMBsetattrE);
7264 return;
7265 }
7266
7267 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7268
7269 if(!fsp || (fsp->conn != conn)) {
7270 reply_doserror(req, ERRDOS, ERRbadfid);
7271 END_PROFILE(SMBsetattrE);
7272 return;
7273 }
7274
7275
7276 /*
7277 * Convert the DOS times into unix times.
7278 */
7279
7280 ft.atime = convert_time_t_to_timespec(
7281 srv_make_unix_date2(req->vwv+3));
7282 ft.mtime = convert_time_t_to_timespec(
7283 srv_make_unix_date2(req->vwv+5));
7284 ft.create_time = convert_time_t_to_timespec(
7285 srv_make_unix_date2(req->vwv+1));
7286
7287 reply_outbuf(req, 0, 0);
7288
7289 /*
7290 * Patch from Ray Frush <frush@engr.colostate.edu>
7291 * Sometimes times are sent as zero - ignore them.
7292 */
7293
7294 /* Ensure we have a valid stat struct for the source. */
7295 if (fsp->fh->fd != -1) {
7296 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
7297 status = map_nt_error_from_unix(errno);
7298 reply_nterror(req, status);
7299 END_PROFILE(SMBsetattrE);
7300 return;
7301 }
7302 } else {
7303 int ret = -1;
7304
7305 if (fsp->posix_open) {
7306 ret = SMB_VFS_LSTAT(conn, fsp->fsp_name, &sbuf);
7307 } else {
7308 ret = SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf);
7309 }
7310 if (ret == -1) {
7311 status = map_nt_error_from_unix(errno);
7312 reply_nterror(req, status);
7313 END_PROFILE(SMBsetattrE);
7314 return;
7315 }
7316 }
7317
7318 status = smb_set_file_time(conn, fsp, fsp->fsp_name,
7319 &sbuf, &ft, true);
7320 if (!NT_STATUS_IS_OK(status)) {
7321 reply_doserror(req, ERRDOS, ERRnoaccess);
7322 END_PROFILE(SMBsetattrE);
7323 return;
7324 }
7325
7326 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7327 " createtime=%u\n",
7328 fsp->fnum,
7329 (unsigned int)ft.atime.tv_sec,
7330 (unsigned int)ft.mtime.tv_sec,
7331 (unsigned int)ft.create_time.tv_sec
7332 ));
7333
7334 END_PROFILE(SMBsetattrE);
7335 return;
7336 }
7337
7338
7339 /* Back from the dead for OS/2..... JRA. */
7340
7341 /****************************************************************************
7342 Reply to a SMBwritebmpx (write block multiplex primary) request.
7343 Always reply with an error, if someone has a platform really needs this,
7344 please contact vl@samba.org
7345 ****************************************************************************/
7346
7347 void reply_writebmpx(struct smb_request *req)
7348 {
7349 START_PROFILE(SMBwriteBmpx);
7350 reply_doserror(req, ERRSRV, ERRuseSTD);
7351 END_PROFILE(SMBwriteBmpx);
7352 return;
7353 }
7354
7355 /****************************************************************************
7356 Reply to a SMBwritebs (write block multiplex secondary) request.
7357 Always reply with an error, if someone has a platform really needs this,
7358 please contact vl@samba.org
7359 ****************************************************************************/
7360
7361 void reply_writebs(struct smb_request *req)
7362 {
7363 START_PROFILE(SMBwriteBs);
7364 reply_doserror(req, ERRSRV, ERRuseSTD);
7365 END_PROFILE(SMBwriteBs);
7366 return;
7367 }
7368
7369 /****************************************************************************
7370 Reply to a SMBgetattrE.
7371 ****************************************************************************/
7372
7373 void reply_getattrE(struct smb_request *req)
7374 {
7375 connection_struct *conn = req->conn;
7376 SMB_STRUCT_STAT sbuf;
7377 int mode;
7378 files_struct *fsp;
7379 struct timespec create_ts;
7380
7381 START_PROFILE(SMBgetattrE);
7382
7383 if (req->wct < 1) {
7384 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7385 END_PROFILE(SMBgetattrE);
7386 return;
7387 }
7388
7389 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7390
7391 if(!fsp || (fsp->conn != conn)) {
7392 reply_doserror(req, ERRDOS, ERRbadfid);
7393 END_PROFILE(SMBgetattrE);
7394 return;
7395 }
7396
7397 /* Do an fstat on this file */
7398 if(fsp_stat(fsp, &sbuf)) {
7399 reply_unixerror(req, ERRDOS, ERRnoaccess);
7400 END_PROFILE(SMBgetattrE);
7401 return;
7402 }
7403
7404 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7405
7406 /*
7407 * Convert the times into dos times. Set create
7408 * date to be last modify date as UNIX doesn't save
7409 * this.
7410 */
7411
7412 reply_outbuf(req, 11, 0);
7413
7414 create_ts = get_create_timespec(&sbuf,
7415 lp_fake_dir_create_times(SNUM(conn)));
7416 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7417 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7418 /* Should we check pending modtime here ? JRA */
7419 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7420
7421 if (mode & aDIR) {
7422 SIVAL(req->outbuf, smb_vwv6, 0);
7423 SIVAL(req->outbuf, smb_vwv8, 0);
7424 } else {
7425 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &sbuf);
7426 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7427 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7428 }
7429 SSVAL(req->outbuf,smb_vwv10, mode);
7430
7431 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7432
7433 END_PROFILE(SMBgetattrE);
7434 return;
7435 }
Samba GIT mirror