search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
packaging(RHEL): fix build of [u]mount.cifs
[Samba.git] / source / smbd / reply.c
blobec8dc7703fff6e40836a3374cec1beb9e4f5ccc7
1 /*
2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22 /*
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
25 */
26
27 #include "includes.h"
28
29 /* look in server.c for some explanation of these variables */
30 extern enum protocol_types Protocol;
31 extern int max_recv;
32 unsigned int smb_echo_count = 0;
33 extern uint32 global_client_caps;
34
35 extern struct current_user current_user;
36 extern bool global_encrypted_passwords_negotiated;
37
38 /****************************************************************************
39 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
40 path or anything including wildcards.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
43 set.
44 ****************************************************************************/
45
46 /* Custom version for processing POSIX paths. */
47 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
48
49 static NTSTATUS check_path_syntax_internal(char *path,
50 bool posix_path,
51 bool *p_last_component_contains_wcard)
52 {
53 char *d = path;
54 const char *s = path;
55 NTSTATUS ret = NT_STATUS_OK;
56 bool start_of_name_component = True;
57 bool stream_started = false;
58
59 *p_last_component_contains_wcard = False;
60
61 while (*s) {
62 if (stream_started) {
63 switch (*s) {
64 case '/':
65 case '\\':
66 return NT_STATUS_OBJECT_NAME_INVALID;
67 case ':':
68 if (s[1] == '\0') {
69 return NT_STATUS_OBJECT_NAME_INVALID;
70 }
71 if (strchr_m(&s[1], ':')) {
72 return NT_STATUS_OBJECT_NAME_INVALID;
73 }
74 if (StrCaseCmp(s, ":$DATA") != 0) {
75 return NT_STATUS_INVALID_PARAMETER;
76 }
77 break;
78 }
79 }
80
81 if (!stream_started && *s == ':') {
82 if (*p_last_component_contains_wcard) {
83 return NT_STATUS_OBJECT_NAME_INVALID;
84 }
85 /* stream names allow more characters than file names */
86 stream_started = true;
87 start_of_name_component = false;
88 posix_path = true;
89
90 if (s[1] == '\0') {
91 return NT_STATUS_OBJECT_NAME_INVALID;
92 }
93 }
94
95 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
96 /*
97 * Safe to assume is not the second part of a mb char
98 * as this is handled below.
99 */
100 /* Eat multiple '/' or '\\' */
101 while (IS_PATH_SEP(*s,posix_path)) {
102 s++;
103 }
104 if ((d != path) && (*s != '\0')) {
105 /* We only care about non-leading or trailing '/' or '\\' */
106 *d++ = '/';
107 }
108
109 start_of_name_component = True;
110 /* New component. */
111 *p_last_component_contains_wcard = False;
112 continue;
113 }
114
115 if (start_of_name_component) {
116 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
117 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
118
119 /*
120 * No mb char starts with '.' so we're safe checking the directory separator here.
121 */
122
123 /* If we just added a '/' - delete it */
124 if ((d > path) && (*(d-1) == '/')) {
125 *(d-1) = '\0';
126 d--;
127 }
128
129 /* Are we at the start ? Can't go back further if so. */
130 if (d <= path) {
131 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
132 break;
133 }
134 /* Go back one level... */
135 /* We know this is safe as '/' cannot be part of a mb sequence. */
136 /* NOTE - if this assumption is invalid we are not in good shape... */
137 /* Decrement d first as d points to the *next* char to write into. */
138 for (d--; d > path; d--) {
139 if (*d == '/')
140 break;
141 }
142 s += 2; /* Else go past the .. */
143 /* We're still at the start of a name component, just the previous one. */
144 continue;
145
146 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
147 if (posix_path) {
148 /* Eat the '.' */
149 s++;
150 continue;
151 }
152 }
153
154 }
155
156 if (!(*s & 0x80)) {
157 if (!posix_path) {
158 if (*s <= 0x1f || *s == '|') {
159 return NT_STATUS_OBJECT_NAME_INVALID;
160 }
161 switch (*s) {
162 case '*':
163 case '?':
164 case '<':
165 case '>':
166 case '"':
167 *p_last_component_contains_wcard = True;
168 break;
169 default:
170 break;
171 }
172 }
173 *d++ = *s++;
174 } else {
175 size_t siz;
176 /* Get the size of the next MB character. */
177 next_codepoint(s,&siz);
178 switch(siz) {
179 case 5:
180 *d++ = *s++;
181 /*fall through*/
182 case 4:
183 *d++ = *s++;
184 /*fall through*/
185 case 3:
186 *d++ = *s++;
187 /*fall through*/
188 case 2:
189 *d++ = *s++;
190 /*fall through*/
191 case 1:
192 *d++ = *s++;
193 break;
194 default:
195 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
196 *d = '\0';
197 return NT_STATUS_INVALID_PARAMETER;
198 }
199 }
200 start_of_name_component = False;
201 }
202
203 *d = '\0';
204
205 return ret;
206 }
207
208 /****************************************************************************
209 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
210 No wildcards allowed.
211 ****************************************************************************/
212
213 NTSTATUS check_path_syntax(char *path)
214 {
215 bool ignore;
216 return check_path_syntax_internal(path, False, &ignore);
217 }
218
219 /****************************************************************************
220 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
221 Wildcards allowed - p_contains_wcard returns true if the last component contained
222 a wildcard.
223 ****************************************************************************/
224
225 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
226 {
227 return check_path_syntax_internal(path, False, p_contains_wcard);
228 }
229
230 /****************************************************************************
231 Check the path for a POSIX client.
232 We're assuming here that '/' is not the second byte in any multibyte char
233 set (a safe assumption).
234 ****************************************************************************/
235
236 NTSTATUS check_path_syntax_posix(char *path)
237 {
238 bool ignore;
239 return check_path_syntax_internal(path, True, &ignore);
240 }
241
242 /****************************************************************************
243 Pull a string and check the path allowing a wilcard - provide for error return.
244 ****************************************************************************/
245
246 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
247 const char *inbuf,
248 uint16 smb_flags2,
249 char **pp_dest,
250 const char *src,
251 size_t src_len,
252 int flags,
253 NTSTATUS *err,
254 bool *contains_wcard)
255 {
256 size_t ret;
257
258 *pp_dest = NULL;
259
260 if (src_len == 0) {
261 ret = srvstr_pull_buf_talloc(ctx,
262 inbuf,
263 smb_flags2,
264 pp_dest,
265 src,
266 flags);
267 } else {
268 ret = srvstr_pull_talloc(ctx,
269 inbuf,
270 smb_flags2,
271 pp_dest,
272 src,
273 src_len,
274 flags);
275 }
276
277 if (!*pp_dest) {
278 *err = NT_STATUS_INVALID_PARAMETER;
279 return ret;
280 }
281
282 *contains_wcard = False;
283
284 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
285 /*
286 * For a DFS path the function parse_dfs_path()
287 * will do the path processing, just make a copy.
288 */
289 *err = NT_STATUS_OK;
290 return ret;
291 }
292
293 if (lp_posix_pathnames()) {
294 *err = check_path_syntax_posix(*pp_dest);
295 } else {
296 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
297 }
298
299 return ret;
300 }
301
302 /****************************************************************************
303 Pull a string and check the path - provide for error return.
304 ****************************************************************************/
305
306 size_t srvstr_get_path(TALLOC_CTX *ctx,
307 const char *inbuf,
308 uint16 smb_flags2,
309 char **pp_dest,
310 const char *src,
311 size_t src_len,
312 int flags,
313 NTSTATUS *err)
314 {
315 size_t ret;
316
317 *pp_dest = NULL;
318
319 if (src_len == 0) {
320 ret = srvstr_pull_buf_talloc(ctx,
321 inbuf,
322 smb_flags2,
323 pp_dest,
324 src,
325 flags);
326 } else {
327 ret = srvstr_pull_talloc(ctx,
328 inbuf,
329 smb_flags2,
330 pp_dest,
331 src,
332 src_len,
333 flags);
334 }
335
336 if (!*pp_dest) {
337 *err = NT_STATUS_INVALID_PARAMETER;
338 return ret;
339 }
340
341 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
342 /*
343 * For a DFS path the function parse_dfs_path()
344 * will do the path processing, just make a copy.
345 */
346 *err = NT_STATUS_OK;
347 return ret;
348 }
349
350 if (lp_posix_pathnames()) {
351 *err = check_path_syntax_posix(*pp_dest);
352 } else {
353 *err = check_path_syntax(*pp_dest);
354 }
355
356 return ret;
357 }
358
359 /****************************************************************************
360 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
361 ****************************************************************************/
362
363 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
364 files_struct *fsp, struct current_user *user)
365 {
366 if (!(fsp) || !(conn)) {
367 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
368 return False;
369 }
370 if (((conn) != (fsp)->conn) || user->vuid != (fsp)->vuid) {
371 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
372 return False;
373 }
374 return True;
375 }
376
377 /****************************************************************************
378 Check if we have a correct fsp pointing to a file. Replacement for the
379 CHECK_FSP macro.
380 ****************************************************************************/
381
382 bool check_fsp(connection_struct *conn, struct smb_request *req,
383 files_struct *fsp, struct current_user *user)
384 {
385 if (!check_fsp_open(conn, req, fsp, user)) {
386 return False;
387 }
388 if ((fsp)->is_directory) {
389 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
390 return False;
391 }
392 if ((fsp)->fh->fd == -1) {
393 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
394 return False;
395 }
396 (fsp)->num_smb_operations++;
397 return True;
398 }
399
400 /****************************************************************************
401 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
402 ****************************************************************************/
403
404 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
405 files_struct *fsp, struct current_user *user)
406 {
407 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
408 && (current_user.vuid==(fsp)->vuid)) {
409 return True;
410 }
411
412 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
413 return False;
414 }
415
416 /****************************************************************************
417 Reply to a (netbios-level) special message.
418 ****************************************************************************/
419
420 void reply_special(char *inbuf)
421 {
422 int msg_type = CVAL(inbuf,0);
423 int msg_flags = CVAL(inbuf,1);
424 fstring name1,name2;
425 char name_type = 0;
426
427 /*
428 * We only really use 4 bytes of the outbuf, but for the smb_setlen
429 * calculation & friends (srv_send_smb uses that) we need the full smb
430 * header.
431 */
432 char outbuf[smb_size];
433
434 static bool already_got_session = False;
435
436 *name1 = *name2 = 0;
437
438 memset(outbuf, '\0', sizeof(outbuf));
439
440 smb_setlen(outbuf,0);
441
442 switch (msg_type) {
443 case 0x81: /* session request */
444
445 if (already_got_session) {
446 exit_server_cleanly("multiple session request not permitted");
447 }
448
449 SCVAL(outbuf,0,0x82);
450 SCVAL(outbuf,3,0);
451 if (name_len(inbuf+4) > 50 ||
452 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
453 DEBUG(0,("Invalid name length in session request\n"));
454 return;
455 }
456 name_extract(inbuf,4,name1);
457 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
458 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
459 name1,name2));
460
461 set_local_machine_name(name1, True);
462 set_remote_machine_name(name2, True);
463
464 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
465 get_local_machine_name(), get_remote_machine_name(),
466 name_type));
467
468 if (name_type == 'R') {
469 /* We are being asked for a pathworks session ---
470 no thanks! */
471 SCVAL(outbuf, 0,0x83);
472 break;
473 }
474
475 /* only add the client's machine name to the list
476 of possibly valid usernames if we are operating
477 in share mode security */
478 if (lp_security() == SEC_SHARE) {
479 add_session_user(get_remote_machine_name());
480 }
481
482 reload_services(True);
483 reopen_logs();
484
485 already_got_session = True;
486 break;
487
488 case 0x89: /* session keepalive request
489 (some old clients produce this?) */
490 SCVAL(outbuf,0,SMBkeepalive);
491 SCVAL(outbuf,3,0);
492 break;
493
494 case 0x82: /* positive session response */
495 case 0x83: /* negative session response */
496 case 0x84: /* retarget session response */
497 DEBUG(0,("Unexpected session response\n"));
498 break;
499
500 case SMBkeepalive: /* session keepalive */
501 default:
502 return;
503 }
504
505 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
506 msg_type, msg_flags));
507
508 srv_send_smb(smbd_server_fd(), outbuf, false);
509 return;
510 }
511
512 /****************************************************************************
513 Reply to a tcon.
514 conn POINTER CAN BE NULL HERE !
515 ****************************************************************************/
516
517 void reply_tcon(struct smb_request *req)
518 {
519 connection_struct *conn = req->conn;
520 const char *service;
521 char *service_buf = NULL;
522 char *password = NULL;
523 char *dev = NULL;
524 int pwlen=0;
525 NTSTATUS nt_status;
526 char *p;
527 DATA_BLOB password_blob;
528 TALLOC_CTX *ctx = talloc_tos();
529
530 START_PROFILE(SMBtcon);
531
532 if (smb_buflen(req->inbuf) < 4) {
533 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
534 END_PROFILE(SMBtcon);
535 return;
536 }
537
538 p = smb_buf(req->inbuf)+1;
539 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
540 &service_buf, p, STR_TERMINATE) + 1;
541 pwlen = srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
542 &password, p, STR_TERMINATE) + 1;
543 p += pwlen;
544 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
545 &dev, p, STR_TERMINATE) + 1;
546
547 if (service_buf == NULL || password == NULL || dev == NULL) {
548 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
549 END_PROFILE(SMBtcon);
550 return;
551 }
552 p = strrchr_m(service_buf,'\\');
553 if (p) {
554 service = p+1;
555 } else {
556 service = service_buf;
557 }
558
559 password_blob = data_blob(password, pwlen+1);
560
561 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
562 req->conn = conn;
563
564 data_blob_clear_free(&password_blob);
565
566 if (!conn) {
567 reply_nterror(req, nt_status);
568 END_PROFILE(SMBtcon);
569 return;
570 }
571
572 reply_outbuf(req, 2, 0);
573 SSVAL(req->outbuf,smb_vwv0,max_recv);
574 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
575 SSVAL(req->outbuf,smb_tid,conn->cnum);
576
577 DEBUG(3,("tcon service=%s cnum=%d\n",
578 service, conn->cnum));
579
580 END_PROFILE(SMBtcon);
581 return;
582 }
583
584 /****************************************************************************
585 Reply to a tcon and X.
586 conn POINTER CAN BE NULL HERE !
587 ****************************************************************************/
588
589 void reply_tcon_and_X(struct smb_request *req)
590 {
591 connection_struct *conn = req->conn;
592 char *service = NULL;
593 DATA_BLOB password;
594 TALLOC_CTX *ctx = talloc_tos();
595 /* what the cleint thinks the device is */
596 char *client_devicetype = NULL;
597 /* what the server tells the client the share represents */
598 const char *server_devicetype;
599 NTSTATUS nt_status;
600 int passlen;
601 char *path = NULL;
602 char *p, *q;
603 uint16 tcon_flags;
604
605 START_PROFILE(SMBtconX);
606
607 if (req->wct < 4) {
608 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
609 END_PROFILE(SMBtconX);
610 return;
611 }
612
613 passlen = SVAL(req->inbuf,smb_vwv3);
614 tcon_flags = SVAL(req->inbuf,smb_vwv2);
615
616 /* we might have to close an old one */
617 if ((tcon_flags & 0x1) && conn) {
618 close_cnum(conn,req->vuid);
619 req->conn = NULL;
620 conn = NULL;
621 }
622
623 if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
624 reply_doserror(req, ERRDOS, ERRbuftoosmall);
625 END_PROFILE(SMBtconX);
626 return;
627 }
628
629 if (global_encrypted_passwords_negotiated) {
630 password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf),
631 passlen);
632 if (lp_security() == SEC_SHARE) {
633 /*
634 * Security = share always has a pad byte
635 * after the password.
636 */
637 p = smb_buf(req->inbuf) + passlen + 1;
638 } else {
639 p = smb_buf(req->inbuf) + passlen;
640 }
641 } else {
642 password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf),
643 passlen+1);
644 /* Ensure correct termination */
645 password.data[passlen]=0;
646 p = smb_buf(req->inbuf) + passlen + 1;
647 }
648
649 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
650 STR_TERMINATE);
651
652 if (path == NULL) {
653 data_blob_clear_free(&password);
654 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
655 END_PROFILE(SMBtconX);
656 return;
657 }
658
659 /*
660 * the service name can be either: \\server\share
661 * or share directly like on the DELL PowerVault 705
662 */
663 if (*path=='\\') {
664 q = strchr_m(path+2,'\\');
665 if (!q) {
666 data_blob_clear_free(&password);
667 reply_doserror(req, ERRDOS, ERRnosuchshare);
668 END_PROFILE(SMBtconX);
669 return;
670 }
671 service = q+1;
672 } else {
673 service = path;
674 }
675
676 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
677 &client_devicetype, p,
678 MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
679
680 if (client_devicetype == NULL) {
681 data_blob_clear_free(&password);
682 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
683 END_PROFILE(SMBtconX);
684 return;
685 }
686
687 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
688
689 conn = make_connection(service, password, client_devicetype,
690 req->vuid, &nt_status);
691 req->conn =conn;
692
693 data_blob_clear_free(&password);
694
695 if (!conn) {
696 reply_nterror(req, nt_status);
697 END_PROFILE(SMBtconX);
698 return;
699 }
700
701 if ( IS_IPC(conn) )
702 server_devicetype = "IPC";
703 else if ( IS_PRINT(conn) )
704 server_devicetype = "LPT1:";
705 else
706 server_devicetype = "A:";
707
708 if (Protocol < PROTOCOL_NT1) {
709 reply_outbuf(req, 2, 0);
710 if (message_push_string(&req->outbuf, server_devicetype,
711 STR_TERMINATE|STR_ASCII) == -1) {
712 reply_nterror(req, NT_STATUS_NO_MEMORY);
713 END_PROFILE(SMBtconX);
714 return;
715 }
716 } else {
717 /* NT sets the fstype of IPC$ to the null string */
718 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
719
720 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
721 /* Return permissions. */
722 uint32 perm1 = 0;
723 uint32 perm2 = 0;
724
725 reply_outbuf(req, 7, 0);
726
727 if (IS_IPC(conn)) {
728 perm1 = FILE_ALL_ACCESS;
729 perm2 = FILE_ALL_ACCESS;
730 } else {
731 perm1 = CAN_WRITE(conn) ?
732 SHARE_ALL_ACCESS :
733 SHARE_READ_ONLY;
734 }
735
736 SIVAL(req->outbuf, smb_vwv3, perm1);
737 SIVAL(req->outbuf, smb_vwv5, perm2);
738 } else {
739 reply_outbuf(req, 3, 0);
740 }
741
742 if ((message_push_string(&req->outbuf, server_devicetype,
743 STR_TERMINATE|STR_ASCII) == -1)
744 || (message_push_string(&req->outbuf, fstype,
745 STR_TERMINATE) == -1)) {
746 reply_nterror(req, NT_STATUS_NO_MEMORY);
747 END_PROFILE(SMBtconX);
748 return;
749 }
750
751 /* what does setting this bit do? It is set by NT4 and
752 may affect the ability to autorun mounted cdroms */
753 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
754 (lp_csc_policy(SNUM(conn)) << 2));
755
756 init_dfsroot(conn, req->inbuf, req->outbuf);
757 }
758
759
760 DEBUG(3,("tconX service=%s \n",
761 service));
762
763 /* set the incoming and outgoing tid to the just created one */
764 SSVAL(req->inbuf,smb_tid,conn->cnum);
765 SSVAL(req->outbuf,smb_tid,conn->cnum);
766
767 END_PROFILE(SMBtconX);
768
769 chain_reply(req);
770 return;
771 }
772
773 /****************************************************************************
774 Reply to an unknown type.
775 ****************************************************************************/
776
777 void reply_unknown_new(struct smb_request *req, uint8 type)
778 {
779 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
780 smb_fn_name(type), type, type));
781 reply_doserror(req, ERRSRV, ERRunknownsmb);
782 return;
783 }
784
785 /****************************************************************************
786 Reply to an ioctl.
787 conn POINTER CAN BE NULL HERE !
788 ****************************************************************************/
789
790 void reply_ioctl(struct smb_request *req)
791 {
792 connection_struct *conn = req->conn;
793 uint16 device;
794 uint16 function;
795 uint32 ioctl_code;
796 int replysize;
797 char *p;
798
799 START_PROFILE(SMBioctl);
800
801 if (req->wct < 3) {
802 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
803 END_PROFILE(SMBioctl);
804 return;
805 }
806
807 device = SVAL(req->inbuf,smb_vwv1);
808 function = SVAL(req->inbuf,smb_vwv2);
809 ioctl_code = (device << 16) + function;
810
811 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
812
813 switch (ioctl_code) {
814 case IOCTL_QUERY_JOB_INFO:
815 replysize = 32;
816 break;
817 default:
818 reply_doserror(req, ERRSRV, ERRnosupport);
819 END_PROFILE(SMBioctl);
820 return;
821 }
822
823 reply_outbuf(req, 8, replysize+1);
824 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
825 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
826 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
827 p = smb_buf(req->outbuf);
828 memset(p, '\0', replysize+1); /* valgrind-safe. */
829 p += 1; /* Allow for alignment */
830
831 switch (ioctl_code) {
832 case IOCTL_QUERY_JOB_INFO:
833 {
834 files_struct *fsp = file_fsp(SVAL(req->inbuf,
835 smb_vwv0));
836 if (!fsp) {
837 reply_doserror(req, ERRDOS, ERRbadfid);
838 END_PROFILE(SMBioctl);
839 return;
840 }
841 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
842 srvstr_push((char *)req->outbuf, req->flags2, p+2,
843 global_myname(), 15,
844 STR_TERMINATE|STR_ASCII);
845 if (conn) {
846 srvstr_push((char *)req->outbuf, req->flags2,
847 p+18, lp_servicename(SNUM(conn)),
848 13, STR_TERMINATE|STR_ASCII);
849 } else {
850 memset(p+18, 0, 13);
851 }
852 break;
853 }
854 }
855
856 END_PROFILE(SMBioctl);
857 return;
858 }
859
860 /****************************************************************************
861 Strange checkpath NTSTATUS mapping.
862 ****************************************************************************/
863
864 static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
865 {
866 /* Strange DOS error code semantics only for checkpath... */
867 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
868 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
869 /* We need to map to ERRbadpath */
870 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
871 }
872 }
873 return status;
874 }
875
876 /****************************************************************************
877 Reply to a checkpath.
878 ****************************************************************************/
879
880 void reply_checkpath(struct smb_request *req)
881 {
882 connection_struct *conn = req->conn;
883 char *name = NULL;
884 SMB_STRUCT_STAT sbuf;
885 NTSTATUS status;
886 TALLOC_CTX *ctx = talloc_tos();
887
888 START_PROFILE(SMBcheckpath);
889
890 srvstr_get_path(ctx,(char *)req->inbuf, req->flags2, &name,
891 smb_buf(req->inbuf) + 1, 0,
892 STR_TERMINATE, &status);
893 if (!NT_STATUS_IS_OK(status)) {
894 status = map_checkpath_error((char *)req->inbuf, status);
895 reply_nterror(req, status);
896 END_PROFILE(SMBcheckpath);
897 return;
898 }
899
900 status = resolve_dfspath(ctx, conn,
901 req->flags2 & FLAGS2_DFS_PATHNAMES,
902 name,
903 &name);
904 if (!NT_STATUS_IS_OK(status)) {
905 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
906 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
907 ERRSRV, ERRbadpath);
908 END_PROFILE(SMBcheckpath);
909 return;
910 }
911 goto path_err;
912 }
913
914 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
915
916 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
917 if (!NT_STATUS_IS_OK(status)) {
918 goto path_err;
919 }
920
921 status = check_name(conn, name);
922 if (!NT_STATUS_IS_OK(status)) {
923 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
924 goto path_err;
925 }
926
927 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
928 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
929 status = map_nt_error_from_unix(errno);
930 goto path_err;
931 }
932
933 if (!S_ISDIR(sbuf.st_mode)) {
934 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
935 ERRDOS, ERRbadpath);
936 END_PROFILE(SMBcheckpath);
937 return;
938 }
939
940 reply_outbuf(req, 0, 0);
941
942 END_PROFILE(SMBcheckpath);
943 return;
944
945 path_err:
946
947 END_PROFILE(SMBcheckpath);
948
949 /* We special case this - as when a Windows machine
950 is parsing a path is steps through the components
951 one at a time - if a component fails it expects
952 ERRbadpath, not ERRbadfile.
953 */
954 status = map_checkpath_error((char *)req->inbuf, status);
955 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
956 /*
957 * Windows returns different error codes if
958 * the parent directory is valid but not the
959 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
960 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
961 * if the path is invalid.
962 */
963 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
964 ERRDOS, ERRbadpath);
965 return;
966 }
967
968 reply_nterror(req, status);
969 }
970
971 /****************************************************************************
972 Reply to a getatr.
973 ****************************************************************************/
974
975 void reply_getatr(struct smb_request *req)
976 {
977 connection_struct *conn = req->conn;
978 char *fname = NULL;
979 SMB_STRUCT_STAT sbuf;
980 int mode=0;
981 SMB_OFF_T size=0;
982 time_t mtime=0;
983 char *p;
984 NTSTATUS status;
985 TALLOC_CTX *ctx = talloc_tos();
986
987 START_PROFILE(SMBgetatr);
988
989 p = smb_buf(req->inbuf) + 1;
990 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
991 0, STR_TERMINATE, &status);
992 if (!NT_STATUS_IS_OK(status)) {
993 reply_nterror(req, status);
994 END_PROFILE(SMBgetatr);
995 return;
996 }
997
998 status = resolve_dfspath(ctx, conn,
999 req->flags2 & FLAGS2_DFS_PATHNAMES,
1000 fname,
1001 &fname);
1002 if (!NT_STATUS_IS_OK(status)) {
1003 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1004 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1005 ERRSRV, ERRbadpath);
1006 END_PROFILE(SMBgetatr);
1007 return;
1008 }
1009 reply_nterror(req, status);
1010 END_PROFILE(SMBgetatr);
1011 return;
1012 }
1013
1014 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1015 under WfWg - weird! */
1016 if (*fname == '\0') {
1017 mode = aHIDDEN | aDIR;
1018 if (!CAN_WRITE(conn)) {
1019 mode |= aRONLY;
1020 }
1021 size = 0;
1022 mtime = 0;
1023 } else {
1024 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
1025 if (!NT_STATUS_IS_OK(status)) {
1026 reply_nterror(req, status);
1027 END_PROFILE(SMBgetatr);
1028 return;
1029 }
1030 status = check_name(conn, fname);
1031 if (!NT_STATUS_IS_OK(status)) {
1032 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
1033 reply_nterror(req, status);
1034 END_PROFILE(SMBgetatr);
1035 return;
1036 }
1037 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1038 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1039 reply_unixerror(req, ERRDOS,ERRbadfile);
1040 END_PROFILE(SMBgetatr);
1041 return;
1042 }
1043
1044 mode = dos_mode(conn,fname,&sbuf);
1045 size = sbuf.st_size;
1046 mtime = sbuf.st_mtime;
1047 if (mode & aDIR) {
1048 size = 0;
1049 }
1050 }
1051
1052 reply_outbuf(req, 10, 0);
1053
1054 SSVAL(req->outbuf,smb_vwv0,mode);
1055 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1056 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1057 } else {
1058 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1059 }
1060 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1061
1062 if (Protocol >= PROTOCOL_NT1) {
1063 SSVAL(req->outbuf, smb_flg2,
1064 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1065 }
1066
1067 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1068
1069 END_PROFILE(SMBgetatr);
1070 return;
1071 }
1072
1073 /****************************************************************************
1074 Reply to a setatr.
1075 ****************************************************************************/
1076
1077 void reply_setatr(struct smb_request *req)
1078 {
1079 struct timespec ts[2];
1080 connection_struct *conn = req->conn;
1081 char *fname = NULL;
1082 int mode;
1083 time_t mtime;
1084 SMB_STRUCT_STAT sbuf;
1085 char *p;
1086 NTSTATUS status;
1087 TALLOC_CTX *ctx = talloc_tos();
1088
1089 START_PROFILE(SMBsetatr);
1090
1091 ZERO_STRUCT(ts);
1092
1093 if (req->wct < 2) {
1094 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1095 return;
1096 }
1097
1098 p = smb_buf(req->inbuf) + 1;
1099 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
1100 0, STR_TERMINATE, &status);
1101 if (!NT_STATUS_IS_OK(status)) {
1102 reply_nterror(req, status);
1103 END_PROFILE(SMBsetatr);
1104 return;
1105 }
1106
1107 status = resolve_dfspath(ctx, conn,
1108 req->flags2 & FLAGS2_DFS_PATHNAMES,
1109 fname,
1110 &fname);
1111 if (!NT_STATUS_IS_OK(status)) {
1112 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1113 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1114 ERRSRV, ERRbadpath);
1115 END_PROFILE(SMBsetatr);
1116 return;
1117 }
1118 reply_nterror(req, status);
1119 END_PROFILE(SMBsetatr);
1120 return;
1121 }
1122
1123 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1124 if (!NT_STATUS_IS_OK(status)) {
1125 reply_nterror(req, status);
1126 END_PROFILE(SMBsetatr);
1127 return;
1128 }
1129
1130 status = check_name(conn, fname);
1131 if (!NT_STATUS_IS_OK(status)) {
1132 reply_nterror(req, status);
1133 END_PROFILE(SMBsetatr);
1134 return;
1135 }
1136
1137 if (fname[0] == '.' && fname[1] == '\0') {
1138 /*
1139 * Not sure here is the right place to catch this
1140 * condition. Might be moved to somewhere else later -- vl
1141 */
1142 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1143 END_PROFILE(SMBsetatr);
1144 return;
1145 }
1146
1147 mode = SVAL(req->inbuf,smb_vwv0);
1148 mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
1149
1150 ts[1] = convert_time_t_to_timespec(mtime);
1151 status = smb_set_file_time(conn, NULL, fname,
1152 &sbuf, ts, true);
1153 if (!NT_STATUS_IS_OK(status)) {
1154 reply_unixerror(req, ERRDOS, ERRnoaccess);
1155 END_PROFILE(SMBsetatr);
1156 return;
1157 }
1158
1159 if (mode != FILE_ATTRIBUTE_NORMAL) {
1160 if (VALID_STAT_OF_DIR(sbuf))
1161 mode |= aDIR;
1162 else
1163 mode &= ~aDIR;
1164
1165 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1166 reply_unixerror(req, ERRDOS, ERRnoaccess);
1167 END_PROFILE(SMBsetatr);
1168 return;
1169 }
1170 }
1171
1172 reply_outbuf(req, 0, 0);
1173
1174 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1175
1176 END_PROFILE(SMBsetatr);
1177 return;
1178 }
1179
1180 /****************************************************************************
1181 Reply to a dskattr.
1182 ****************************************************************************/
1183
1184 void reply_dskattr(struct smb_request *req)
1185 {
1186 connection_struct *conn = req->conn;
1187 SMB_BIG_UINT dfree,dsize,bsize;
1188 START_PROFILE(SMBdskattr);
1189
1190 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1191 reply_unixerror(req, ERRHRD, ERRgeneral);
1192 END_PROFILE(SMBdskattr);
1193 return;
1194 }
1195
1196 reply_outbuf(req, 5, 0);
1197
1198 if (Protocol <= PROTOCOL_LANMAN2) {
1199 double total_space, free_space;
1200 /* we need to scale this to a number that DOS6 can handle. We
1201 use floating point so we can handle large drives on systems
1202 that don't have 64 bit integers
1203
1204 we end up displaying a maximum of 2G to DOS systems
1205 */
1206 total_space = dsize * (double)bsize;
1207 free_space = dfree * (double)bsize;
1208
1209 dsize = (SMB_BIG_UINT)((total_space+63*512) / (64*512));
1210 dfree = (SMB_BIG_UINT)((free_space+63*512) / (64*512));
1211
1212 if (dsize > 0xFFFF) dsize = 0xFFFF;
1213 if (dfree > 0xFFFF) dfree = 0xFFFF;
1214
1215 SSVAL(req->outbuf,smb_vwv0,dsize);
1216 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1217 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1218 SSVAL(req->outbuf,smb_vwv3,dfree);
1219 } else {
1220 SSVAL(req->outbuf,smb_vwv0,dsize);
1221 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1222 SSVAL(req->outbuf,smb_vwv2,512);
1223 SSVAL(req->outbuf,smb_vwv3,dfree);
1224 }
1225
1226 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1227
1228 END_PROFILE(SMBdskattr);
1229 return;
1230 }
1231
1232 /****************************************************************************
1233 Reply to a search.
1234 Can be called from SMBsearch, SMBffirst or SMBfunique.
1235 ****************************************************************************/
1236
1237 void reply_search(struct smb_request *req)
1238 {
1239 connection_struct *conn = req->conn;
1240 char *mask = NULL;
1241 char *directory = NULL;
1242 char *fname = NULL;
1243 SMB_OFF_T size;
1244 uint32 mode;
1245 time_t date;
1246 uint32 dirtype;
1247 unsigned int numentries = 0;
1248 unsigned int maxentries = 0;
1249 bool finished = False;
1250 char *p;
1251 int status_len;
1252 char *path = NULL;
1253 char status[21];
1254 int dptr_num= -1;
1255 bool check_descend = False;
1256 bool expect_close = False;
1257 NTSTATUS nt_status;
1258 bool mask_contains_wcard = False;
1259 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1260 TALLOC_CTX *ctx = talloc_tos();
1261 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1262
1263 START_PROFILE(SMBsearch);
1264
1265 if (req->wct < 2) {
1266 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1267 END_PROFILE(SMBsearch);
1268 return;
1269 }
1270
1271 if (lp_posix_pathnames()) {
1272 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1273 END_PROFILE(SMBsearch);
1274 return;
1275 }
1276
1277 /* If we were called as SMBffirst then we must expect close. */
1278 if(CVAL(req->inbuf,smb_com) == SMBffirst) {
1279 expect_close = True;
1280 }
1281
1282 reply_outbuf(req, 1, 3);
1283 maxentries = SVAL(req->inbuf,smb_vwv0);
1284 dirtype = SVAL(req->inbuf,smb_vwv1);
1285 p = smb_buf(req->inbuf) + 1;
1286 p += srvstr_get_path_wcard(ctx,
1287 (char *)req->inbuf,
1288 req->flags2,
1289 &path,
1290 p,
1291 0,
1292 STR_TERMINATE,
1293 &nt_status,
1294 &mask_contains_wcard);
1295 if (!NT_STATUS_IS_OK(nt_status)) {
1296 reply_nterror(req, nt_status);
1297 END_PROFILE(SMBsearch);
1298 return;
1299 }
1300
1301 nt_status = resolve_dfspath_wcard(ctx, conn,
1302 req->flags2 & FLAGS2_DFS_PATHNAMES,
1303 path,
1304 &path,
1305 &mask_contains_wcard);
1306 if (!NT_STATUS_IS_OK(nt_status)) {
1307 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1308 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1309 ERRSRV, ERRbadpath);
1310 END_PROFILE(SMBsearch);
1311 return;
1312 }
1313 reply_nterror(req, nt_status);
1314 END_PROFILE(SMBsearch);
1315 return;
1316 }
1317
1318 p++;
1319 status_len = SVAL(p, 0);
1320 p += 2;
1321
1322 /* dirtype &= ~aDIR; */
1323
1324 if (status_len == 0) {
1325 SMB_STRUCT_STAT sbuf;
1326
1327 nt_status = unix_convert(ctx, conn, path, True,
1328 &directory, NULL, &sbuf);
1329 if (!NT_STATUS_IS_OK(nt_status)) {
1330 reply_nterror(req, nt_status);
1331 END_PROFILE(SMBsearch);
1332 return;
1333 }
1334
1335 nt_status = check_name(conn, directory);
1336 if (!NT_STATUS_IS_OK(nt_status)) {
1337 reply_nterror(req, nt_status);
1338 END_PROFILE(SMBsearch);
1339 return;
1340 }
1341
1342 p = strrchr_m(directory,'/');
1343 if (!p) {
1344 mask = directory;
1345 directory = talloc_strdup(ctx,".");
1346 if (!directory) {
1347 reply_nterror(req, NT_STATUS_NO_MEMORY);
1348 END_PROFILE(SMBsearch);
1349 return;
1350 }
1351 } else {
1352 *p = 0;
1353 mask = p+1;
1354 }
1355
1356 if (*directory == '\0') {
1357 directory = talloc_strdup(ctx,".");
1358 if (!directory) {
1359 reply_nterror(req, NT_STATUS_NO_MEMORY);
1360 END_PROFILE(SMBsearch);
1361 return;
1362 }
1363 }
1364 memset((char *)status,'\0',21);
1365 SCVAL(status,0,(dirtype & 0x1F));
1366
1367 nt_status = dptr_create(conn,
1368 directory,
1369 True,
1370 expect_close,
1371 req->smbpid,
1372 mask,
1373 mask_contains_wcard,
1374 dirtype,
1375 &conn->dirptr);
1376 if (!NT_STATUS_IS_OK(nt_status)) {
1377 reply_nterror(req, nt_status);
1378 END_PROFILE(SMBsearch);
1379 return;
1380 }
1381 dptr_num = dptr_dnum(conn->dirptr);
1382 } else {
1383 int status_dirtype;
1384
1385 memcpy(status,p,21);
1386 status_dirtype = CVAL(status,0) & 0x1F;
1387 if (status_dirtype != (dirtype & 0x1F)) {
1388 dirtype = status_dirtype;
1389 }
1390
1391 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1392 if (!conn->dirptr) {
1393 goto SearchEmpty;
1394 }
1395 string_set(&conn->dirpath,dptr_path(dptr_num));
1396 mask = dptr_wcard(dptr_num);
1397 if (!mask) {
1398 goto SearchEmpty;
1399 }
1400 /*
1401 * For a 'continue' search we have no string. So
1402 * check from the initial saved string.
1403 */
1404 mask_contains_wcard = ms_has_wild(mask);
1405 dirtype = dptr_attr(dptr_num);
1406 }
1407
1408 DEBUG(4,("dptr_num is %d\n",dptr_num));
1409
1410 if ((dirtype&0x1F) == aVOLID) {
1411 char buf[DIR_STRUCT_SIZE];
1412 memcpy(buf,status,21);
1413 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1414 0,aVOLID,0,!allow_long_path_components)) {
1415 reply_nterror(req, NT_STATUS_NO_MEMORY);
1416 END_PROFILE(SMBsearch);
1417 return;
1418 }
1419 dptr_fill(buf+12,dptr_num);
1420 if (dptr_zero(buf+12) && (status_len==0)) {
1421 numentries = 1;
1422 } else {
1423 numentries = 0;
1424 }
1425 if (message_push_blob(&req->outbuf,
1426 data_blob_const(buf, sizeof(buf)))
1427 == -1) {
1428 reply_nterror(req, NT_STATUS_NO_MEMORY);
1429 END_PROFILE(SMBsearch);
1430 return;
1431 }
1432 } else {
1433 unsigned int i;
1434 maxentries = MIN(
1435 maxentries,
1436 ((BUFFER_SIZE -
1437 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1438 /DIR_STRUCT_SIZE));
1439
1440 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1441 conn->dirpath,lp_dontdescend(SNUM(conn))));
1442 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1443 check_descend = True;
1444 }
1445
1446 for (i=numentries;(i<maxentries) && !finished;i++) {
1447 finished = !get_dir_entry(ctx,
1448 conn,
1449 mask,
1450 dirtype,
1451 &fname,
1452 &size,
1453 &mode,
1454 &date,
1455 check_descend,
1456 ask_sharemode);
1457 if (!finished) {
1458 char buf[DIR_STRUCT_SIZE];
1459 memcpy(buf,status,21);
1460 if (!make_dir_struct(ctx,
1461 buf,
1462 mask,
1463 fname,
1464 size,
1465 mode,
1466 date,
1467 !allow_long_path_components)) {
1468 reply_nterror(req, NT_STATUS_NO_MEMORY);
1469 END_PROFILE(SMBsearch);
1470 return;
1471 }
1472 if (!dptr_fill(buf+12,dptr_num)) {
1473 break;
1474 }
1475 if (message_push_blob(&req->outbuf,
1476 data_blob_const(buf, sizeof(buf)))
1477 == -1) {
1478 reply_nterror(req, NT_STATUS_NO_MEMORY);
1479 END_PROFILE(SMBsearch);
1480 return;
1481 }
1482 numentries++;
1483 }
1484 }
1485 }
1486
1487 SearchEmpty:
1488
1489 /* If we were called as SMBffirst with smb_search_id == NULL
1490 and no entries were found then return error and close dirptr
1491 (X/Open spec) */
1492
1493 if (numentries == 0) {
1494 dptr_close(&dptr_num);
1495 } else if(expect_close && status_len == 0) {
1496 /* Close the dptr - we know it's gone */
1497 dptr_close(&dptr_num);
1498 }
1499
1500 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1501 if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) {
1502 dptr_close(&dptr_num);
1503 }
1504
1505 if ((numentries == 0) && !mask_contains_wcard) {
1506 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1507 END_PROFILE(SMBsearch);
1508 return;
1509 }
1510
1511 SSVAL(req->outbuf,smb_vwv0,numentries);
1512 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1513 SCVAL(smb_buf(req->outbuf),0,5);
1514 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1515
1516 /* The replies here are never long name. */
1517 SSVAL(req->outbuf, smb_flg2,
1518 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1519 if (!allow_long_path_components) {
1520 SSVAL(req->outbuf, smb_flg2,
1521 SVAL(req->outbuf, smb_flg2)
1522 & (~FLAGS2_LONG_PATH_COMPONENTS));
1523 }
1524
1525 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1526 SSVAL(req->outbuf, smb_flg2,
1527 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1528
1529 if (!directory) {
1530 directory = dptr_path(dptr_num);
1531 }
1532
1533 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1534 smb_fn_name(CVAL(req->inbuf,smb_com)),
1535 mask,
1536 directory ? directory : "./",
1537 dirtype,
1538 numentries,
1539 maxentries ));
1540
1541 END_PROFILE(SMBsearch);
1542 return;
1543 }
1544
1545 /****************************************************************************
1546 Reply to a fclose (stop directory search).
1547 ****************************************************************************/
1548
1549 void reply_fclose(struct smb_request *req)
1550 {
1551 int status_len;
1552 char status[21];
1553 int dptr_num= -2;
1554 char *p;
1555 char *path = NULL;
1556 NTSTATUS err;
1557 bool path_contains_wcard = False;
1558 TALLOC_CTX *ctx = talloc_tos();
1559
1560 START_PROFILE(SMBfclose);
1561
1562 if (lp_posix_pathnames()) {
1563 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1564 END_PROFILE(SMBfclose);
1565 return;
1566 }
1567
1568 p = smb_buf(req->inbuf) + 1;
1569 p += srvstr_get_path_wcard(ctx,
1570 (char *)req->inbuf,
1571 req->flags2,
1572 &path,
1573 p,
1574 0,
1575 STR_TERMINATE,
1576 &err,
1577 &path_contains_wcard);
1578 if (!NT_STATUS_IS_OK(err)) {
1579 reply_nterror(req, err);
1580 END_PROFILE(SMBfclose);
1581 return;
1582 }
1583 p++;
1584 status_len = SVAL(p,0);
1585 p += 2;
1586
1587 if (status_len == 0) {
1588 reply_doserror(req, ERRSRV, ERRsrverror);
1589 END_PROFILE(SMBfclose);
1590 return;
1591 }
1592
1593 memcpy(status,p,21);
1594
1595 if(dptr_fetch(status+12,&dptr_num)) {
1596 /* Close the dptr - we know it's gone */
1597 dptr_close(&dptr_num);
1598 }
1599
1600 reply_outbuf(req, 1, 0);
1601 SSVAL(req->outbuf,smb_vwv0,0);
1602
1603 DEBUG(3,("search close\n"));
1604
1605 END_PROFILE(SMBfclose);
1606 return;
1607 }
1608
1609 /****************************************************************************
1610 Reply to an open.
1611 ****************************************************************************/
1612
1613 void reply_open(struct smb_request *req)
1614 {
1615 connection_struct *conn = req->conn;
1616 char *fname = NULL;
1617 uint32 fattr=0;
1618 SMB_OFF_T size = 0;
1619 time_t mtime=0;
1620 int info;
1621 SMB_STRUCT_STAT sbuf;
1622 files_struct *fsp;
1623 int oplock_request;
1624 int deny_mode;
1625 uint32 dos_attr;
1626 uint32 access_mask;
1627 uint32 share_mode;
1628 uint32 create_disposition;
1629 uint32 create_options = 0;
1630 NTSTATUS status;
1631 TALLOC_CTX *ctx = talloc_tos();
1632
1633 START_PROFILE(SMBopen);
1634
1635 if (req->wct < 2) {
1636 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1637 END_PROFILE(SMBopen);
1638 return;
1639 }
1640
1641 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1642 deny_mode = SVAL(req->inbuf,smb_vwv0);
1643 dos_attr = SVAL(req->inbuf,smb_vwv1);
1644
1645 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1646 smb_buf(req->inbuf)+1, 0,
1647 STR_TERMINATE, &status);
1648 if (!NT_STATUS_IS_OK(status)) {
1649 reply_nterror(req, status);
1650 END_PROFILE(SMBopen);
1651 return;
1652 }
1653
1654 if (!map_open_params_to_ntcreate(
1655 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1656 &share_mode, &create_disposition, &create_options)) {
1657 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1658 END_PROFILE(SMBopen);
1659 return;
1660 }
1661
1662 status = create_file(conn, /* conn */
1663 req, /* req */
1664 0, /* root_dir_fid */
1665 fname, /* fname */
1666 access_mask, /* access_mask */
1667 share_mode, /* share_access */
1668 create_disposition, /* create_disposition*/
1669 create_options, /* create_options */
1670 dos_attr, /* file_attributes */
1671 oplock_request, /* oplock_request */
1672 0, /* allocation_size */
1673 NULL, /* sd */
1674 NULL, /* ea_list */
1675 &fsp, /* result */
1676 &info, /* pinfo */
1677 &sbuf); /* psbuf */
1678
1679 if (!NT_STATUS_IS_OK(status)) {
1680 if (open_was_deferred(req->mid)) {
1681 /* We have re-scheduled this call. */
1682 END_PROFILE(SMBopen);
1683 return;
1684 }
1685 reply_openerror(req, status);
1686 END_PROFILE(SMBopen);
1687 return;
1688 }
1689
1690 size = sbuf.st_size;
1691 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1692 mtime = sbuf.st_mtime;
1693
1694 if (fattr & aDIR) {
1695 DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
1696 close_file(fsp,ERROR_CLOSE);
1697 reply_doserror(req, ERRDOS,ERRnoaccess);
1698 END_PROFILE(SMBopen);
1699 return;
1700 }
1701
1702 reply_outbuf(req, 7, 0);
1703 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1704 SSVAL(req->outbuf,smb_vwv1,fattr);
1705 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1706 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1707 } else {
1708 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1709 }
1710 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1711 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1712
1713 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1714 SCVAL(req->outbuf,smb_flg,
1715 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1716 }
1717
1718 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1719 SCVAL(req->outbuf,smb_flg,
1720 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1721 }
1722 END_PROFILE(SMBopen);
1723 return;
1724 }
1725
1726 /****************************************************************************
1727 Reply to an open and X.
1728 ****************************************************************************/
1729
1730 void reply_open_and_X(struct smb_request *req)
1731 {
1732 connection_struct *conn = req->conn;
1733 char *fname = NULL;
1734 uint16 open_flags;
1735 int deny_mode;
1736 uint32 smb_attr;
1737 /* Breakout the oplock request bits so we can set the
1738 reply bits separately. */
1739 int ex_oplock_request;
1740 int core_oplock_request;
1741 int oplock_request;
1742 #if 0
1743 int smb_sattr = SVAL(req->inbuf,smb_vwv4);
1744 uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
1745 #endif
1746 int smb_ofun;
1747 uint32 fattr=0;
1748 int mtime=0;
1749 SMB_STRUCT_STAT sbuf;
1750 int smb_action = 0;
1751 files_struct *fsp;
1752 NTSTATUS status;
1753 SMB_BIG_UINT allocation_size;
1754 ssize_t retval = -1;
1755 uint32 access_mask;
1756 uint32 share_mode;
1757 uint32 create_disposition;
1758 uint32 create_options = 0;
1759 TALLOC_CTX *ctx = talloc_tos();
1760
1761 START_PROFILE(SMBopenX);
1762
1763 if (req->wct < 15) {
1764 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1765 END_PROFILE(SMBopenX);
1766 return;
1767 }
1768
1769 open_flags = SVAL(req->inbuf,smb_vwv2);
1770 deny_mode = SVAL(req->inbuf,smb_vwv3);
1771 smb_attr = SVAL(req->inbuf,smb_vwv5);
1772 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1773 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1774 oplock_request = ex_oplock_request | core_oplock_request;
1775 smb_ofun = SVAL(req->inbuf,smb_vwv8);
1776 allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv9);
1777
1778 /* If it's an IPC, pass off the pipe handler. */
1779 if (IS_IPC(conn)) {
1780 if (lp_nt_pipe_support()) {
1781 reply_open_pipe_and_X(conn, req);
1782 } else {
1783 reply_doserror(req, ERRSRV, ERRaccess);
1784 }
1785 END_PROFILE(SMBopenX);
1786 return;
1787 }
1788
1789 /* XXXX we need to handle passed times, sattr and flags */
1790 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1791 smb_buf(req->inbuf), 0, STR_TERMINATE,
1792 &status);
1793 if (!NT_STATUS_IS_OK(status)) {
1794 reply_nterror(req, status);
1795 END_PROFILE(SMBopenX);
1796 return;
1797 }
1798
1799 if (!map_open_params_to_ntcreate(
1800 fname, deny_mode, smb_ofun, &access_mask,
1801 &share_mode, &create_disposition, &create_options)) {
1802 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1803 END_PROFILE(SMBopenX);
1804 return;
1805 }
1806
1807 status = create_file(conn, /* conn */
1808 req, /* req */
1809 0, /* root_dir_fid */
1810 fname, /* fname */
1811 access_mask, /* access_mask */
1812 share_mode, /* share_access */
1813 create_disposition, /* create_disposition*/
1814 create_options, /* create_options */
1815 smb_attr, /* file_attributes */
1816 oplock_request, /* oplock_request */
1817 0, /* allocation_size */
1818 NULL, /* sd */
1819 NULL, /* ea_list */
1820 &fsp, /* result */
1821 &smb_action, /* pinfo */
1822 &sbuf); /* psbuf */
1823
1824 if (!NT_STATUS_IS_OK(status)) {
1825 END_PROFILE(SMBopenX);
1826 if (open_was_deferred(req->mid)) {
1827 /* We have re-scheduled this call. */
1828 return;
1829 }
1830 reply_openerror(req, status);
1831 return;
1832 }
1833
1834 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1835 if the file is truncated or created. */
1836 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1837 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1838 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1839 close_file(fsp,ERROR_CLOSE);
1840 reply_nterror(req, NT_STATUS_DISK_FULL);
1841 END_PROFILE(SMBopenX);
1842 return;
1843 }
1844 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1845 if (retval < 0) {
1846 close_file(fsp,ERROR_CLOSE);
1847 reply_nterror(req, NT_STATUS_DISK_FULL);
1848 END_PROFILE(SMBopenX);
1849 return;
1850 }
1851 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1852 }
1853
1854 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1855 mtime = sbuf.st_mtime;
1856 if (fattr & aDIR) {
1857 close_file(fsp,ERROR_CLOSE);
1858 reply_doserror(req, ERRDOS, ERRnoaccess);
1859 END_PROFILE(SMBopenX);
1860 return;
1861 }
1862
1863 /* If the caller set the extended oplock request bit
1864 and we granted one (by whatever means) - set the
1865 correct bit for extended oplock reply.
1866 */
1867
1868 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1869 smb_action |= EXTENDED_OPLOCK_GRANTED;
1870 }
1871
1872 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1873 smb_action |= EXTENDED_OPLOCK_GRANTED;
1874 }
1875
1876 /* If the caller set the core oplock request bit
1877 and we granted one (by whatever means) - set the
1878 correct bit for core oplock reply.
1879 */
1880
1881 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1882 reply_outbuf(req, 19, 0);
1883 } else {
1884 reply_outbuf(req, 15, 0);
1885 }
1886
1887 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1888 SCVAL(req->outbuf, smb_flg,
1889 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1890 }
1891
1892 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1893 SCVAL(req->outbuf, smb_flg,
1894 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1895 }
1896
1897 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1898 SSVAL(req->outbuf,smb_vwv3,fattr);
1899 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1900 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1901 } else {
1902 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1903 }
1904 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1905 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1906 SSVAL(req->outbuf,smb_vwv11,smb_action);
1907
1908 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1909 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1910 }
1911
1912 END_PROFILE(SMBopenX);
1913 chain_reply(req);
1914 return;
1915 }
1916
1917 /****************************************************************************
1918 Reply to a SMBulogoffX.
1919 ****************************************************************************/
1920
1921 void reply_ulogoffX(struct smb_request *req)
1922 {
1923 user_struct *vuser;
1924
1925 START_PROFILE(SMBulogoffX);
1926
1927 vuser = get_valid_user_struct(req->vuid);
1928
1929 if(vuser == NULL) {
1930 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1931 req->vuid));
1932 }
1933
1934 /* in user level security we are supposed to close any files
1935 open by this user */
1936 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1937 file_close_user(req->vuid);
1938 }
1939
1940 invalidate_vuid(req->vuid);
1941
1942 reply_outbuf(req, 2, 0);
1943
1944 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1945
1946 END_PROFILE(SMBulogoffX);
1947 chain_reply(req);
1948 }
1949
1950 /****************************************************************************
1951 Reply to a mknew or a create.
1952 ****************************************************************************/
1953
1954 void reply_mknew(struct smb_request *req)
1955 {
1956 connection_struct *conn = req->conn;
1957 char *fname = NULL;
1958 int com;
1959 uint32 fattr = 0;
1960 struct timespec ts[2];
1961 files_struct *fsp;
1962 int oplock_request = 0;
1963 SMB_STRUCT_STAT sbuf;
1964 NTSTATUS status;
1965 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1966 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1967 uint32 create_disposition;
1968 uint32 create_options = 0;
1969 TALLOC_CTX *ctx = talloc_tos();
1970
1971 START_PROFILE(SMBcreate);
1972
1973 if (req->wct < 3) {
1974 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1975 END_PROFILE(SMBcreate);
1976 return;
1977 }
1978
1979 fattr = SVAL(req->inbuf,smb_vwv0);
1980 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1981 com = SVAL(req->inbuf,smb_com);
1982
1983 ts[1] =convert_time_t_to_timespec(
1984 srv_make_unix_date3(req->inbuf + smb_vwv1));
1985 /* mtime. */
1986
1987 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1988 smb_buf(req->inbuf) + 1, 0,
1989 STR_TERMINATE, &status);
1990 if (!NT_STATUS_IS_OK(status)) {
1991 reply_nterror(req, status);
1992 END_PROFILE(SMBcreate);
1993 return;
1994 }
1995
1996 if (fattr & aVOLID) {
1997 DEBUG(0,("Attempt to create file (%s) with volid set - "
1998 "please report this\n", fname));
1999 }
2000
2001 if(com == SMBmknew) {
2002 /* We should fail if file exists. */
2003 create_disposition = FILE_CREATE;
2004 } else {
2005 /* Create if file doesn't exist, truncate if it does. */
2006 create_disposition = FILE_OVERWRITE_IF;
2007 }
2008
2009 status = create_file(conn, /* conn */
2010 req, /* req */
2011 0, /* root_dir_fid */
2012 fname, /* fname */
2013 access_mask, /* access_mask */
2014 share_mode, /* share_access */
2015 create_disposition, /* create_disposition*/
2016 create_options, /* create_options */
2017 fattr, /* file_attributes */
2018 oplock_request, /* oplock_request */
2019 0, /* allocation_size */
2020 NULL, /* sd */
2021 NULL, /* ea_list */
2022 &fsp, /* result */
2023 NULL, /* pinfo */
2024 &sbuf); /* psbuf */
2025
2026 if (!NT_STATUS_IS_OK(status)) {
2027 END_PROFILE(SMBcreate);
2028 if (open_was_deferred(req->mid)) {
2029 /* We have re-scheduled this call. */
2030 return;
2031 }
2032 reply_openerror(req, status);
2033 return;
2034 }
2035
2036 ts[0] = get_atimespec(&sbuf); /* atime. */
2037 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &sbuf, ts, true);
2038 if (!NT_STATUS_IS_OK(status)) {
2039 END_PROFILE(SMBcreate);
2040 reply_openerror(req, status);
2041 return;
2042 }
2043
2044 reply_outbuf(req, 1, 0);
2045 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2046
2047 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2048 SCVAL(req->outbuf,smb_flg,
2049 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2050 }
2051
2052 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2053 SCVAL(req->outbuf,smb_flg,
2054 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2055 }
2056
2057 DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
2058 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2059 fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
2060
2061 END_PROFILE(SMBcreate);
2062 return;
2063 }
2064
2065 /****************************************************************************
2066 Reply to a create temporary file.
2067 ****************************************************************************/
2068
2069 void reply_ctemp(struct smb_request *req)
2070 {
2071 connection_struct *conn = req->conn;
2072 char *fname = NULL;
2073 uint32 fattr;
2074 files_struct *fsp;
2075 int oplock_request;
2076 int tmpfd;
2077 SMB_STRUCT_STAT sbuf;
2078 char *s;
2079 NTSTATUS status;
2080 TALLOC_CTX *ctx = talloc_tos();
2081
2082 START_PROFILE(SMBctemp);
2083
2084 if (req->wct < 3) {
2085 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2086 END_PROFILE(SMBctemp);
2087 return;
2088 }
2089
2090 fattr = SVAL(req->inbuf,smb_vwv0);
2091 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2092
2093 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
2094 smb_buf(req->inbuf)+1, 0, STR_TERMINATE,
2095 &status);
2096 if (!NT_STATUS_IS_OK(status)) {
2097 reply_nterror(req, status);
2098 END_PROFILE(SMBctemp);
2099 return;
2100 }
2101 if (*fname) {
2102 fname = talloc_asprintf(ctx,
2103 "%s/TMXXXXXX",
2104 fname);
2105 } else {
2106 fname = talloc_strdup(ctx, "TMXXXXXX");
2107 }
2108
2109 if (!fname) {
2110 reply_nterror(req, NT_STATUS_NO_MEMORY);
2111 END_PROFILE(SMBctemp);
2112 return;
2113 }
2114
2115 status = resolve_dfspath(ctx, conn,
2116 req->flags2 & FLAGS2_DFS_PATHNAMES,
2117 fname,
2118 &fname);
2119 if (!NT_STATUS_IS_OK(status)) {
2120 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2121 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2122 ERRSRV, ERRbadpath);
2123 END_PROFILE(SMBctemp);
2124 return;
2125 }
2126 reply_nterror(req, status);
2127 END_PROFILE(SMBctemp);
2128 return;
2129 }
2130
2131 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2132 if (!NT_STATUS_IS_OK(status)) {
2133 reply_nterror(req, status);
2134 END_PROFILE(SMBctemp);
2135 return;
2136 }
2137
2138 status = check_name(conn, CONST_DISCARD(char *,fname));
2139 if (!NT_STATUS_IS_OK(status)) {
2140 reply_nterror(req, status);
2141 END_PROFILE(SMBctemp);
2142 return;
2143 }
2144
2145 tmpfd = smb_mkstemp(fname);
2146 if (tmpfd == -1) {
2147 reply_unixerror(req, ERRDOS, ERRnoaccess);
2148 END_PROFILE(SMBctemp);
2149 return;
2150 }
2151
2152 SMB_VFS_STAT(conn,fname,&sbuf);
2153
2154 /* We should fail if file does not exist. */
2155 status = open_file_ntcreate(conn, req, fname, &sbuf,
2156 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2157 FILE_SHARE_READ|FILE_SHARE_WRITE,
2158 FILE_OPEN,
2159 0,
2160 fattr,
2161 oplock_request,
2162 NULL, &fsp);
2163
2164 /* close fd from smb_mkstemp() */
2165 close(tmpfd);
2166
2167 if (!NT_STATUS_IS_OK(status)) {
2168 if (open_was_deferred(req->mid)) {
2169 /* We have re-scheduled this call. */
2170 END_PROFILE(SMBctemp);
2171 return;
2172 }
2173 reply_openerror(req, status);
2174 END_PROFILE(SMBctemp);
2175 return;
2176 }
2177
2178 reply_outbuf(req, 1, 0);
2179 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2180
2181 /* the returned filename is relative to the directory */
2182 s = strrchr_m(fsp->fsp_name, '/');
2183 if (!s) {
2184 s = fsp->fsp_name;
2185 } else {
2186 s++;
2187 }
2188
2189 #if 0
2190 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2191 thing in the byte section. JRA */
2192 SSVALS(p, 0, -1); /* what is this? not in spec */
2193 #endif
2194 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2195 == -1) {
2196 reply_nterror(req, NT_STATUS_NO_MEMORY);
2197 END_PROFILE(SMBctemp);
2198 return;
2199 }
2200
2201 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2202 SCVAL(req->outbuf, smb_flg,
2203 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2204 }
2205
2206 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2207 SCVAL(req->outbuf, smb_flg,
2208 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2209 }
2210
2211 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
2212 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
2213 fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
2214
2215 END_PROFILE(SMBctemp);
2216 return;
2217 }
2218
2219 /*******************************************************************
2220 Check if a user is allowed to rename a file.
2221 ********************************************************************/
2222
2223 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2224 uint16 dirtype, SMB_STRUCT_STAT *pst)
2225 {
2226 uint32 fmode;
2227
2228 if (!CAN_WRITE(conn)) {
2229 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2230 }
2231
2232 fmode = dos_mode(conn, fsp->fsp_name, pst);
2233 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2234 return NT_STATUS_NO_SUCH_FILE;
2235 }
2236
2237 if (S_ISDIR(pst->st_mode)) {
2238 return NT_STATUS_OK;
2239 }
2240
2241 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2242 return NT_STATUS_OK;
2243 }
2244
2245 return NT_STATUS_ACCESS_DENIED;
2246 }
2247
2248 /*******************************************************************
2249 * unlink a file with all relevant access checks
2250 *******************************************************************/
2251
2252 static NTSTATUS do_unlink(connection_struct *conn,
2253 struct smb_request *req,
2254 const char *fname,
2255 uint32 dirtype)
2256 {
2257 SMB_STRUCT_STAT sbuf;
2258 uint32 fattr;
2259 files_struct *fsp;
2260 uint32 dirtype_orig = dirtype;
2261 NTSTATUS status;
2262
2263 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2264
2265 if (!CAN_WRITE(conn)) {
2266 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2267 }
2268
2269 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2270 return map_nt_error_from_unix(errno);
2271 }
2272
2273 fattr = dos_mode(conn,fname,&sbuf);
2274
2275 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2276 dirtype = aDIR|aARCH|aRONLY;
2277 }
2278
2279 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2280 if (!dirtype) {
2281 return NT_STATUS_NO_SUCH_FILE;
2282 }
2283
2284 if (!dir_check_ftype(conn, fattr, dirtype)) {
2285 if (fattr & aDIR) {
2286 return NT_STATUS_FILE_IS_A_DIRECTORY;
2287 }
2288 return NT_STATUS_NO_SUCH_FILE;
2289 }
2290
2291 if (dirtype_orig & 0x8000) {
2292 /* These will never be set for POSIX. */
2293 return NT_STATUS_NO_SUCH_FILE;
2294 }
2295
2296 #if 0
2297 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2298 return NT_STATUS_FILE_IS_A_DIRECTORY;
2299 }
2300
2301 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2302 return NT_STATUS_NO_SUCH_FILE;
2303 }
2304
2305 if (dirtype & 0xFF00) {
2306 /* These will never be set for POSIX. */
2307 return NT_STATUS_NO_SUCH_FILE;
2308 }
2309
2310 dirtype &= 0xFF;
2311 if (!dirtype) {
2312 return NT_STATUS_NO_SUCH_FILE;
2313 }
2314
2315 /* Can't delete a directory. */
2316 if (fattr & aDIR) {
2317 return NT_STATUS_FILE_IS_A_DIRECTORY;
2318 }
2319 #endif
2320
2321 #if 0 /* JRATEST */
2322 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2323 return NT_STATUS_OBJECT_NAME_INVALID;
2324 #endif /* JRATEST */
2325
2326 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2327
2328 On a Windows share, a file with read-only dosmode can be opened with
2329 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2330 fails with NT_STATUS_CANNOT_DELETE error.
2331
2332 This semantic causes a problem that a user can not
2333 rename a file with read-only dosmode on a Samba share
2334 from a Windows command prompt (i.e. cmd.exe, but can rename
2335 from Windows Explorer).
2336 */
2337
2338 if (!lp_delete_readonly(SNUM(conn))) {
2339 if (fattr & aRONLY) {
2340 return NT_STATUS_CANNOT_DELETE;
2341 }
2342 }
2343
2344 /* On open checks the open itself will check the share mode, so
2345 don't do it here as we'll get it wrong. */
2346
2347 status = create_file_unixpath
2348 (conn, /* conn */
2349 req, /* req */
2350 fname, /* fname */
2351 DELETE_ACCESS, /* access_mask */
2352 FILE_SHARE_NONE, /* share_access */
2353 FILE_OPEN, /* create_disposition*/
2354 FILE_NON_DIRECTORY_FILE, /* create_options */
2355 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2356 0, /* oplock_request */
2357 0, /* allocation_size */
2358 NULL, /* sd */
2359 NULL, /* ea_list */
2360 &fsp, /* result */
2361 NULL, /* pinfo */
2362 &sbuf); /* psbuf */
2363
2364 if (!NT_STATUS_IS_OK(status)) {
2365 DEBUG(10, ("open_file_ntcreate failed: %s\n",
2366 nt_errstr(status)));
2367 return status;
2368 }
2369
2370 /* The set is across all open files on this dev/inode pair. */
2371 if (!set_delete_on_close(fsp, True, &current_user.ut)) {
2372 close_file(fsp, NORMAL_CLOSE);
2373 return NT_STATUS_ACCESS_DENIED;
2374 }
2375
2376 return close_file(fsp,NORMAL_CLOSE);
2377 }
2378
2379 /****************************************************************************
2380 The guts of the unlink command, split out so it may be called by the NT SMB
2381 code.
2382 ****************************************************************************/
2383
2384 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2385 uint32 dirtype, const char *name_in, bool has_wild)
2386 {
2387 const char *directory = NULL;
2388 char *mask = NULL;
2389 char *name = NULL;
2390 char *p = NULL;
2391 int count=0;
2392 NTSTATUS status = NT_STATUS_OK;
2393 SMB_STRUCT_STAT sbuf;
2394 TALLOC_CTX *ctx = talloc_tos();
2395
2396 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2397 if (!NT_STATUS_IS_OK(status)) {
2398 return status;
2399 }
2400
2401 p = strrchr_m(name,'/');
2402 if (!p) {
2403 directory = talloc_strdup(ctx, ".");
2404 if (!directory) {
2405 return NT_STATUS_NO_MEMORY;
2406 }
2407 mask = name;
2408 } else {
2409 *p = 0;
2410 directory = name;
2411 mask = p+1;
2412 }
2413
2414 /*
2415 * We should only check the mangled cache
2416 * here if unix_convert failed. This means
2417 * that the path in 'mask' doesn't exist
2418 * on the file system and so we need to look
2419 * for a possible mangle. This patch from
2420 * Tine Smukavec <valentin.smukavec@hermes.si>.
2421 */
2422
2423 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2424 char *new_mask = NULL;
2425 mangle_lookup_name_from_8_3(ctx,
2426 mask,
2427 &new_mask,
2428 conn->params );
2429 if (new_mask) {
2430 mask = new_mask;
2431 }
2432 }
2433
2434 if (!has_wild) {
2435 directory = talloc_asprintf(ctx,
2436 "%s/%s",
2437 directory,
2438 mask);
2439 if (!directory) {
2440 return NT_STATUS_NO_MEMORY;
2441 }
2442 if (dirtype == 0) {
2443 dirtype = FILE_ATTRIBUTE_NORMAL;
2444 }
2445
2446 status = check_name(conn, directory);
2447 if (!NT_STATUS_IS_OK(status)) {
2448 return status;
2449 }
2450
2451 status = do_unlink(conn, req, directory, dirtype);
2452 if (!NT_STATUS_IS_OK(status)) {
2453 return status;
2454 }
2455
2456 count++;
2457 } else {
2458 struct smb_Dir *dir_hnd = NULL;
2459 long offset = 0;
2460 const char *dname;
2461
2462 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2463 return NT_STATUS_OBJECT_NAME_INVALID;
2464 }
2465
2466 if (strequal(mask,"????????.???")) {
2467 mask[0] = '*';
2468 mask[1] = '\0';
2469 }
2470
2471 status = check_name(conn, directory);
2472 if (!NT_STATUS_IS_OK(status)) {
2473 return status;
2474 }
2475
2476 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2477 dirtype);
2478 if (dir_hnd == NULL) {
2479 return map_nt_error_from_unix(errno);
2480 }
2481
2482 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2483 the pattern matches against the long name, otherwise the short name
2484 We don't implement this yet XXXX
2485 */
2486
2487 status = NT_STATUS_NO_SUCH_FILE;
2488
2489 while ((dname = ReadDirName(dir_hnd, &offset))) {
2490 SMB_STRUCT_STAT st;
2491 char *fname = NULL;
2492
2493 if (!is_visible_file(conn, directory, dname, &st, True)) {
2494 continue;
2495 }
2496
2497 /* Quick check for "." and ".." */
2498 if (ISDOT(dname) || ISDOTDOT(dname)) {
2499 continue;
2500 }
2501
2502 if(!mask_match(dname, mask, conn->case_sensitive)) {
2503 continue;
2504 }
2505
2506 fname = talloc_asprintf(ctx, "%s/%s",
2507 directory,
2508 dname);
2509 if (!fname) {
2510 return NT_STATUS_NO_MEMORY;
2511 }
2512
2513 status = check_name(conn, fname);
2514 if (!NT_STATUS_IS_OK(status)) {
2515 TALLOC_FREE(dir_hnd);
2516 return status;
2517 }
2518
2519 status = do_unlink(conn, req, fname, dirtype);
2520 if (!NT_STATUS_IS_OK(status)) {
2521 TALLOC_FREE(fname);
2522 continue;
2523 }
2524
2525 count++;
2526 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2527 fname));
2528
2529 TALLOC_FREE(fname);
2530 }
2531 TALLOC_FREE(dir_hnd);
2532 }
2533
2534 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2535 status = map_nt_error_from_unix(errno);
2536 }
2537
2538 return status;
2539 }
2540
2541 /****************************************************************************
2542 Reply to a unlink
2543 ****************************************************************************/
2544
2545 void reply_unlink(struct smb_request *req)
2546 {
2547 connection_struct *conn = req->conn;
2548 char *name = NULL;
2549 uint32 dirtype;
2550 NTSTATUS status;
2551 bool path_contains_wcard = False;
2552 TALLOC_CTX *ctx = talloc_tos();
2553
2554 START_PROFILE(SMBunlink);
2555
2556 if (req->wct < 1) {
2557 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2558 END_PROFILE(SMBunlink);
2559 return;
2560 }
2561
2562 dirtype = SVAL(req->inbuf,smb_vwv0);
2563
2564 srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name,
2565 smb_buf(req->inbuf) + 1, 0,
2566 STR_TERMINATE, &status, &path_contains_wcard);
2567 if (!NT_STATUS_IS_OK(status)) {
2568 reply_nterror(req, status);
2569 END_PROFILE(SMBunlink);
2570 return;
2571 }
2572
2573 status = resolve_dfspath_wcard(ctx, conn,
2574 req->flags2 & FLAGS2_DFS_PATHNAMES,
2575 name,
2576 &name,
2577 &path_contains_wcard);
2578 if (!NT_STATUS_IS_OK(status)) {
2579 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2580 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2581 ERRSRV, ERRbadpath);
2582 END_PROFILE(SMBunlink);
2583 return;
2584 }
2585 reply_nterror(req, status);
2586 END_PROFILE(SMBunlink);
2587 return;
2588 }
2589
2590 DEBUG(3,("reply_unlink : %s\n",name));
2591
2592 status = unlink_internals(conn, req, dirtype, name,
2593 path_contains_wcard);
2594 if (!NT_STATUS_IS_OK(status)) {
2595 if (open_was_deferred(req->mid)) {
2596 /* We have re-scheduled this call. */
2597 END_PROFILE(SMBunlink);
2598 return;
2599 }
2600 reply_nterror(req, status);
2601 END_PROFILE(SMBunlink);
2602 return;
2603 }
2604
2605 reply_outbuf(req, 0, 0);
2606 END_PROFILE(SMBunlink);
2607
2608 return;
2609 }
2610
2611 /****************************************************************************
2612 Fail for readbraw.
2613 ****************************************************************************/
2614
2615 static void fail_readraw(void)
2616 {
2617 const char *errstr = talloc_asprintf(talloc_tos(),
2618 "FAIL ! reply_readbraw: socket write fail (%s)",
2619 strerror(errno));
2620 if (!errstr) {
2621 errstr = "";
2622 }
2623 exit_server_cleanly(errstr);
2624 }
2625
2626 /****************************************************************************
2627 Fake (read/write) sendfile. Returns -1 on read or write fail.
2628 ****************************************************************************/
2629
2630 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2631 size_t nread)
2632 {
2633 size_t bufsize;
2634 size_t tosend = nread;
2635 char *buf;
2636
2637 if (nread == 0) {
2638 return 0;
2639 }
2640
2641 bufsize = MIN(nread, 65536);
2642
2643 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2644 return -1;
2645 }
2646
2647 while (tosend > 0) {
2648 ssize_t ret;
2649 size_t cur_read;
2650
2651 if (tosend > bufsize) {
2652 cur_read = bufsize;
2653 } else {
2654 cur_read = tosend;
2655 }
2656 ret = read_file(fsp,buf,startpos,cur_read);
2657 if (ret == -1) {
2658 SAFE_FREE(buf);
2659 return -1;
2660 }
2661
2662 /* If we had a short read, fill with zeros. */
2663 if (ret < cur_read) {
2664 memset(buf, '\0', cur_read - ret);
2665 }
2666
2667 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2668 SAFE_FREE(buf);
2669 return -1;
2670 }
2671 tosend -= cur_read;
2672 startpos += cur_read;
2673 }
2674
2675 SAFE_FREE(buf);
2676 return (ssize_t)nread;
2677 }
2678
2679 /****************************************************************************
2680 Return a readbraw error (4 bytes of zero).
2681 ****************************************************************************/
2682
2683 static void reply_readbraw_error(void)
2684 {
2685 char header[4];
2686 SIVAL(header,0,0);
2687 if (write_data(smbd_server_fd(),header,4) != 4) {
2688 fail_readraw();
2689 }
2690 }
2691
2692 /****************************************************************************
2693 Use sendfile in readbraw.
2694 ****************************************************************************/
2695
2696 void send_file_readbraw(connection_struct *conn,
2697 files_struct *fsp,
2698 SMB_OFF_T startpos,
2699 size_t nread,
2700 ssize_t mincount)
2701 {
2702 char *outbuf = NULL;
2703 ssize_t ret=0;
2704
2705 #if defined(WITH_SENDFILE)
2706 /*
2707 * We can only use sendfile on a non-chained packet
2708 * but we can use on a non-oplocked file. tridge proved this
2709 * on a train in Germany :-). JRA.
2710 * reply_readbraw has already checked the length.
2711 */
2712
2713 if ( (chain_size == 0) && (nread > 0) && (fsp->base_fsp == NULL) &&
2714 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2715 char header[4];
2716 DATA_BLOB header_blob;
2717
2718 _smb_setlen(header,nread);
2719 header_blob = data_blob_const(header, 4);
2720
2721 if (SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2722 &header_blob, startpos, nread) == -1) {
2723 /* Returning ENOSYS means no data at all was sent.
2724 * Do this as a normal read. */
2725 if (errno == ENOSYS) {
2726 goto normal_readbraw;
2727 }
2728
2729 /*
2730 * Special hack for broken Linux with no working sendfile. If we
2731 * return EINTR we sent the header but not the rest of the data.
2732 * Fake this up by doing read/write calls.
2733 */
2734 if (errno == EINTR) {
2735 /* Ensure we don't do this again. */
2736 set_use_sendfile(SNUM(conn), False);
2737 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2738
2739 if (fake_sendfile(fsp, startpos, nread) == -1) {
2740 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2741 fsp->fsp_name, strerror(errno) ));
2742 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2743 }
2744 return;
2745 }
2746
2747 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2748 fsp->fsp_name, strerror(errno) ));
2749 exit_server_cleanly("send_file_readbraw sendfile failed");
2750 }
2751
2752 return;
2753 }
2754 #endif
2755
2756 normal_readbraw:
2757
2758 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2759 if (!outbuf) {
2760 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2761 (unsigned)(nread+4)));
2762 reply_readbraw_error();
2763 return;
2764 }
2765
2766 if (nread > 0) {
2767 ret = read_file(fsp,outbuf+4,startpos,nread);
2768 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2769 if (ret < mincount)
2770 ret = 0;
2771 #else
2772 if (ret < nread)
2773 ret = 0;
2774 #endif
2775 }
2776
2777 _smb_setlen(outbuf,ret);
2778 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2779 fail_readraw();
2780
2781 TALLOC_FREE(outbuf);
2782 }
2783
2784 /****************************************************************************
2785 Reply to a readbraw (core+ protocol).
2786 ****************************************************************************/
2787
2788 void reply_readbraw(struct smb_request *req)
2789 {
2790 connection_struct *conn = req->conn;
2791 ssize_t maxcount,mincount;
2792 size_t nread = 0;
2793 SMB_OFF_T startpos;
2794 files_struct *fsp;
2795 SMB_STRUCT_STAT st;
2796 SMB_OFF_T size = 0;
2797
2798 START_PROFILE(SMBreadbraw);
2799
2800 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2801 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2802 "raw reads/writes are disallowed.");
2803 }
2804
2805 if (req->wct < 8) {
2806 reply_readbraw_error();
2807 END_PROFILE(SMBreadbraw);
2808 return;
2809 }
2810
2811 /*
2812 * Special check if an oplock break has been issued
2813 * and the readraw request croses on the wire, we must
2814 * return a zero length response here.
2815 */
2816
2817 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2818
2819 /*
2820 * We have to do a check_fsp by hand here, as
2821 * we must always return 4 zero bytes on error,
2822 * not a NTSTATUS.
2823 */
2824
2825 if (!fsp || !conn || conn != fsp->conn ||
2826 current_user.vuid != fsp->vuid ||
2827 fsp->is_directory || fsp->fh->fd == -1) {
2828 /*
2829 * fsp could be NULL here so use the value from the packet. JRA.
2830 */
2831 DEBUG(3,("reply_readbraw: fnum %d not valid "
2832 "- cache prime?\n",
2833 (int)SVAL(req->inbuf,smb_vwv0)));
2834 reply_readbraw_error();
2835 END_PROFILE(SMBreadbraw);
2836 return;
2837 }
2838
2839 /* Do a "by hand" version of CHECK_READ. */
2840 if (!(fsp->can_read ||
2841 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2842 (fsp->access_mask & FILE_EXECUTE)))) {
2843 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2844 (int)SVAL(req->inbuf,smb_vwv0)));
2845 reply_readbraw_error();
2846 END_PROFILE(SMBreadbraw);
2847 return;
2848 }
2849
2850 flush_write_cache(fsp, READRAW_FLUSH);
2851
2852 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
2853 if(req->wct == 10) {
2854 /*
2855 * This is a large offset (64 bit) read.
2856 */
2857 #ifdef LARGE_SMB_OFF_T
2858
2859 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
2860
2861 #else /* !LARGE_SMB_OFF_T */
2862
2863 /*
2864 * Ensure we haven't been sent a >32 bit offset.
2865 */
2866
2867 if(IVAL(req->inbuf,smb_vwv8) != 0) {
2868 DEBUG(0,("reply_readbraw: large offset "
2869 "(%x << 32) used and we don't support "
2870 "64 bit offsets.\n",
2871 (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
2872 reply_readbraw_error();
2873 END_PROFILE(SMBreadbraw);
2874 return;
2875 }
2876
2877 #endif /* LARGE_SMB_OFF_T */
2878
2879 if(startpos < 0) {
2880 DEBUG(0,("reply_readbraw: negative 64 bit "
2881 "readraw offset (%.0f) !\n",
2882 (double)startpos ));
2883 reply_readbraw_error();
2884 END_PROFILE(SMBreadbraw);
2885 return;
2886 }
2887 }
2888
2889 maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
2890 mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
2891
2892 /* ensure we don't overrun the packet size */
2893 maxcount = MIN(65535,maxcount);
2894
2895 if (is_locked(fsp,(uint32)req->smbpid,
2896 (SMB_BIG_UINT)maxcount,
2897 (SMB_BIG_UINT)startpos,
2898 READ_LOCK)) {
2899 reply_readbraw_error();
2900 END_PROFILE(SMBreadbraw);
2901 return;
2902 }
2903
2904 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2905 size = st.st_size;
2906 }
2907
2908 if (startpos >= size) {
2909 nread = 0;
2910 } else {
2911 nread = MIN(maxcount,(size - startpos));
2912 }
2913
2914 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2915 if (nread < mincount)
2916 nread = 0;
2917 #endif
2918
2919 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2920 "min=%lu nread=%lu\n",
2921 fsp->fnum, (double)startpos,
2922 (unsigned long)maxcount,
2923 (unsigned long)mincount,
2924 (unsigned long)nread ) );
2925
2926 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2927
2928 DEBUG(5,("reply_readbraw finished\n"));
2929 END_PROFILE(SMBreadbraw);
2930 }
2931
2932 #undef DBGC_CLASS
2933 #define DBGC_CLASS DBGC_LOCKING
2934
2935 /****************************************************************************
2936 Reply to a lockread (core+ protocol).
2937 ****************************************************************************/
2938
2939 void reply_lockread(struct smb_request *req)
2940 {
2941 connection_struct *conn = req->conn;
2942 ssize_t nread = -1;
2943 char *data;
2944 SMB_OFF_T startpos;
2945 size_t numtoread;
2946 NTSTATUS status;
2947 files_struct *fsp;
2948 struct byte_range_lock *br_lck = NULL;
2949 char *p = NULL;
2950
2951 START_PROFILE(SMBlockread);
2952
2953 if (req->wct < 5) {
2954 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2955 END_PROFILE(SMBlockread);
2956 return;
2957 }
2958
2959 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2960
2961 if (!check_fsp(conn, req, fsp, &current_user)) {
2962 END_PROFILE(SMBlockread);
2963 return;
2964 }
2965
2966 if (!CHECK_READ(fsp,req->inbuf)) {
2967 reply_doserror(req, ERRDOS, ERRbadaccess);
2968 END_PROFILE(SMBlockread);
2969 return;
2970 }
2971
2972 release_level_2_oplocks_on_change(fsp);
2973
2974 numtoread = SVAL(req->inbuf,smb_vwv1);
2975 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
2976
2977 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2978
2979 reply_outbuf(req, 5, numtoread + 3);
2980
2981 data = smb_buf(req->outbuf) + 3;
2982
2983 /*
2984 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2985 * protocol request that predates the read/write lock concept.
2986 * Thus instead of asking for a read lock here we need to ask
2987 * for a write lock. JRA.
2988 * Note that the requested lock size is unaffected by max_recv.
2989 */
2990
2991 br_lck = do_lock(smbd_messaging_context(),
2992 fsp,
2993 req->smbpid,
2994 (SMB_BIG_UINT)numtoread,
2995 (SMB_BIG_UINT)startpos,
2996 WRITE_LOCK,
2997 WINDOWS_LOCK,
2998 False, /* Non-blocking lock. */
2999 &status,
3000 NULL);
3001 TALLOC_FREE(br_lck);
3002
3003 if (NT_STATUS_V(status)) {
3004 reply_nterror(req, status);
3005 END_PROFILE(SMBlockread);
3006 return;
3007 }
3008
3009 /*
3010 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3011 */
3012
3013 if (numtoread > max_recv) {
3014 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3015 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3016 (unsigned int)numtoread, (unsigned int)max_recv ));
3017 numtoread = MIN(numtoread,max_recv);
3018 }
3019 nread = read_file(fsp,data,startpos,numtoread);
3020
3021 if (nread < 0) {
3022 reply_unixerror(req, ERRDOS, ERRnoaccess);
3023 END_PROFILE(SMBlockread);
3024 return;
3025 }
3026
3027 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3028
3029 SSVAL(req->outbuf,smb_vwv0,nread);
3030 SSVAL(req->outbuf,smb_vwv5,nread+3);
3031 p = smb_buf(req->outbuf);
3032 SCVAL(p,0,0); /* pad byte. */
3033 SSVAL(p,1,nread);
3034
3035 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3036 fsp->fnum, (int)numtoread, (int)nread));
3037
3038 END_PROFILE(SMBlockread);
3039 return;
3040 }
3041
3042 #undef DBGC_CLASS
3043 #define DBGC_CLASS DBGC_ALL
3044
3045 /****************************************************************************
3046 Reply to a read.
3047 ****************************************************************************/
3048
3049 void reply_read(struct smb_request *req)
3050 {
3051 connection_struct *conn = req->conn;
3052 size_t numtoread;
3053 ssize_t nread = 0;
3054 char *data;
3055 SMB_OFF_T startpos;
3056 int outsize = 0;
3057 files_struct *fsp;
3058
3059 START_PROFILE(SMBread);
3060
3061 if (req->wct < 3) {
3062 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3063 END_PROFILE(SMBread);
3064 return;
3065 }
3066
3067 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3068
3069 if (!check_fsp(conn, req, fsp, &current_user)) {
3070 END_PROFILE(SMBread);
3071 return;
3072 }
3073
3074 if (!CHECK_READ(fsp,req->inbuf)) {
3075 reply_doserror(req, ERRDOS, ERRbadaccess);
3076 END_PROFILE(SMBread);
3077 return;
3078 }
3079
3080 numtoread = SVAL(req->inbuf,smb_vwv1);
3081 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3082
3083 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3084
3085 /*
3086 * The requested read size cannot be greater than max_recv. JRA.
3087 */
3088 if (numtoread > max_recv) {
3089 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3090 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3091 (unsigned int)numtoread, (unsigned int)max_recv ));
3092 numtoread = MIN(numtoread,max_recv);
3093 }
3094
3095 reply_outbuf(req, 5, numtoread+3);
3096
3097 data = smb_buf(req->outbuf) + 3;
3098
3099 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtoread,
3100 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3101 reply_doserror(req, ERRDOS,ERRlock);
3102 END_PROFILE(SMBread);
3103 return;
3104 }
3105
3106 if (numtoread > 0)
3107 nread = read_file(fsp,data,startpos,numtoread);
3108
3109 if (nread < 0) {
3110 reply_unixerror(req, ERRDOS,ERRnoaccess);
3111 END_PROFILE(SMBread);
3112 return;
3113 }
3114
3115 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3116
3117 SSVAL(req->outbuf,smb_vwv0,nread);
3118 SSVAL(req->outbuf,smb_vwv5,nread+3);
3119 SCVAL(smb_buf(req->outbuf),0,1);
3120 SSVAL(smb_buf(req->outbuf),1,nread);
3121
3122 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3123 fsp->fnum, (int)numtoread, (int)nread ) );
3124
3125 END_PROFILE(SMBread);
3126 return;
3127 }
3128
3129 /****************************************************************************
3130 Setup readX header.
3131 ****************************************************************************/
3132
3133 static int setup_readX_header(char *outbuf, size_t smb_maxcnt)
3134 {
3135 int outsize;
3136 char *data;
3137
3138 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3139 data = smb_buf(outbuf);
3140
3141 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3142
3143 SCVAL(outbuf,smb_vwv0,0xFF);
3144 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3145 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3146 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3147 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3148 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3149 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3150 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3151 return outsize;
3152 }
3153
3154 /****************************************************************************
3155 Reply to a read and X - possibly using sendfile.
3156 ****************************************************************************/
3157
3158 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3159 files_struct *fsp, SMB_OFF_T startpos,
3160 size_t smb_maxcnt)
3161 {
3162 SMB_STRUCT_STAT sbuf;
3163 ssize_t nread = -1;
3164
3165 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3166 reply_unixerror(req, ERRDOS, ERRnoaccess);
3167 return;
3168 }
3169
3170 if (startpos > sbuf.st_size) {
3171 smb_maxcnt = 0;
3172 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3173 smb_maxcnt = (sbuf.st_size - startpos);
3174 }
3175
3176 if (smb_maxcnt == 0) {
3177 goto normal_read;
3178 }
3179
3180 #if defined(WITH_SENDFILE)
3181 /*
3182 * We can only use sendfile on a non-chained packet
3183 * but we can use on a non-oplocked file. tridge proved this
3184 * on a train in Germany :-). JRA.
3185 */
3186
3187 if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
3188 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3189 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3190 uint8 headerbuf[smb_size + 12 * 2];
3191 DATA_BLOB header;
3192
3193 /*
3194 * Set up the packet header before send. We
3195 * assume here the sendfile will work (get the
3196 * correct amount of data).
3197 */
3198
3199 header = data_blob_const(headerbuf, sizeof(headerbuf));
3200
3201 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3202 setup_readX_header((char *)headerbuf, smb_maxcnt);
3203
3204 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3205 /* Returning ENOSYS or EINVAL means no data at all was sent.
3206 Do this as a normal read. */
3207 if (errno == ENOSYS || errno == EINVAL) {
3208 goto normal_read;
3209 }
3210
3211 /*
3212 * Special hack for broken Linux with no working sendfile. If we
3213 * return EINTR we sent the header but not the rest of the data.
3214 * Fake this up by doing read/write calls.
3215 */
3216
3217 if (errno == EINTR) {
3218 /* Ensure we don't do this again. */
3219 set_use_sendfile(SNUM(conn), False);
3220 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3221 nread = fake_sendfile(fsp, startpos,
3222 smb_maxcnt);
3223 if (nread == -1) {
3224 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3225 fsp->fsp_name, strerror(errno) ));
3226 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3227 }
3228 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3229 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3230 /* No outbuf here means successful sendfile. */
3231 TALLOC_FREE(req->outbuf);
3232 return;
3233 }
3234
3235 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3236 fsp->fsp_name, strerror(errno) ));
3237 exit_server_cleanly("send_file_readX sendfile failed");
3238 }
3239
3240 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3241 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3242 /* No outbuf here means successful sendfile. */
3243 TALLOC_FREE(req->outbuf);
3244 return;
3245 }
3246 #endif
3247
3248 normal_read:
3249
3250 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3251 uint8 headerbuf[smb_size + 2*12];
3252
3253 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3254 setup_readX_header((char *)headerbuf, smb_maxcnt);
3255
3256 /* Send out the header. */
3257 if (write_data(smbd_server_fd(), (char *)headerbuf,
3258 sizeof(headerbuf)) != sizeof(headerbuf)) {
3259 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3260 fsp->fsp_name, strerror(errno) ));
3261 exit_server_cleanly("send_file_readX sendfile failed");
3262 }
3263 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3264 if (nread == -1) {
3265 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3266 fsp->fsp_name, strerror(errno) ));
3267 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3268 }
3269 TALLOC_FREE(req->outbuf);
3270 return;
3271 } else {
3272 reply_outbuf(req, 12, smb_maxcnt);
3273
3274 nread = read_file(fsp, smb_buf(req->outbuf), startpos,
3275 smb_maxcnt);
3276 if (nread < 0) {
3277 reply_unixerror(req, ERRDOS, ERRnoaccess);
3278 return;
3279 }
3280
3281 setup_readX_header((char *)req->outbuf, nread);
3282
3283 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3284 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3285
3286 chain_reply(req);
3287
3288 return;
3289 }
3290 }
3291
3292 /****************************************************************************
3293 Reply to a read and X.
3294 ****************************************************************************/
3295
3296 void reply_read_and_X(struct smb_request *req)
3297 {
3298 connection_struct *conn = req->conn;
3299 files_struct *fsp;
3300 SMB_OFF_T startpos;
3301 size_t smb_maxcnt;
3302 bool big_readX = False;
3303 #if 0
3304 size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
3305 #endif
3306
3307 START_PROFILE(SMBreadX);
3308
3309 if ((req->wct != 10) && (req->wct != 12)) {
3310 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3311 return;
3312 }
3313
3314 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3315 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3316 smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
3317
3318 /* If it's an IPC, pass off the pipe handler. */
3319 if (IS_IPC(conn)) {
3320 reply_pipe_read_and_X(req);
3321 END_PROFILE(SMBreadX);
3322 return;
3323 }
3324
3325 if (!check_fsp(conn, req, fsp, &current_user)) {
3326 END_PROFILE(SMBreadX);
3327 return;
3328 }
3329
3330 if (!CHECK_READ(fsp,req->inbuf)) {
3331 reply_doserror(req, ERRDOS,ERRbadaccess);
3332 END_PROFILE(SMBreadX);
3333 return;
3334 }
3335
3336 if (global_client_caps & CAP_LARGE_READX) {
3337 size_t upper_size = SVAL(req->inbuf,smb_vwv7);
3338 smb_maxcnt |= (upper_size<<16);
3339 if (upper_size > 1) {
3340 /* Can't do this on a chained packet. */
3341 if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
3342 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3343 END_PROFILE(SMBreadX);
3344 return;
3345 }
3346 /* We currently don't do this on signed or sealed data. */
3347 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3348 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3349 END_PROFILE(SMBreadX);
3350 return;
3351 }
3352 /* Is there room in the reply for this data ? */
3353 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3354 reply_nterror(req,
3355 NT_STATUS_INVALID_PARAMETER);
3356 END_PROFILE(SMBreadX);
3357 return;
3358 }
3359 big_readX = True;
3360 }
3361 }
3362
3363 if (req->wct == 12) {
3364 #ifdef LARGE_SMB_OFF_T
3365 /*
3366 * This is a large offset (64 bit) read.
3367 */
3368 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
3369
3370 #else /* !LARGE_SMB_OFF_T */
3371
3372 /*
3373 * Ensure we haven't been sent a >32 bit offset.
3374 */
3375
3376 if(IVAL(req->inbuf,smb_vwv10) != 0) {
3377 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3378 "used and we don't support 64 bit offsets.\n",
3379 (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
3380 END_PROFILE(SMBreadX);
3381 reply_doserror(req, ERRDOS, ERRbadaccess);
3382 return;
3383 }
3384
3385 #endif /* LARGE_SMB_OFF_T */
3386
3387 }
3388
3389 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)smb_maxcnt,
3390 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3391 END_PROFILE(SMBreadX);
3392 reply_doserror(req, ERRDOS, ERRlock);
3393 return;
3394 }
3395
3396 if (!big_readX &&
3397 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3398 END_PROFILE(SMBreadX);
3399 return;
3400 }
3401
3402 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3403
3404 END_PROFILE(SMBreadX);
3405 return;
3406 }
3407
3408 /****************************************************************************
3409 Error replies to writebraw must have smb_wct == 1. Fix this up.
3410 ****************************************************************************/
3411
3412 void error_to_writebrawerr(struct smb_request *req)
3413 {
3414 uint8 *old_outbuf = req->outbuf;
3415
3416 reply_outbuf(req, 1, 0);
3417
3418 memcpy(req->outbuf, old_outbuf, smb_size);
3419 TALLOC_FREE(old_outbuf);
3420 }
3421
3422 /****************************************************************************
3423 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3424 ****************************************************************************/
3425
3426 void reply_writebraw(struct smb_request *req)
3427 {
3428 connection_struct *conn = req->conn;
3429 char *buf = NULL;
3430 ssize_t nwritten=0;
3431 ssize_t total_written=0;
3432 size_t numtowrite=0;
3433 size_t tcount;
3434 SMB_OFF_T startpos;
3435 char *data=NULL;
3436 bool write_through;
3437 files_struct *fsp;
3438 NTSTATUS status;
3439
3440 START_PROFILE(SMBwritebraw);
3441
3442 /*
3443 * If we ever reply with an error, it must have the SMB command
3444 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3445 * we're finished.
3446 */
3447 SCVAL(req->inbuf,smb_com,SMBwritec);
3448
3449 if (srv_is_signing_active()) {
3450 END_PROFILE(SMBwritebraw);
3451 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3452 "raw reads/writes are disallowed.");
3453 }
3454
3455 if (req->wct < 12) {
3456 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3457 error_to_writebrawerr(req);
3458 END_PROFILE(SMBwritebraw);
3459 return;
3460 }
3461
3462 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3463 if (!check_fsp(conn, req, fsp, &current_user)) {
3464 error_to_writebrawerr(req);
3465 END_PROFILE(SMBwritebraw);
3466 return;
3467 }
3468
3469 if (!CHECK_WRITE(fsp)) {
3470 reply_doserror(req, ERRDOS, ERRbadaccess);
3471 error_to_writebrawerr(req);
3472 END_PROFILE(SMBwritebraw);
3473 return;
3474 }
3475
3476 tcount = IVAL(req->inbuf,smb_vwv1);
3477 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3478 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3479
3480 /* We have to deal with slightly different formats depending
3481 on whether we are using the core+ or lanman1.0 protocol */
3482
3483 if(Protocol <= PROTOCOL_COREPLUS) {
3484 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3485 data = smb_buf(req->inbuf);
3486 } else {
3487 numtowrite = SVAL(req->inbuf,smb_vwv10);
3488 data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11);
3489 }
3490
3491 /* Ensure we don't write bytes past the end of this packet. */
3492 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3493 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3494 error_to_writebrawerr(req);
3495 END_PROFILE(SMBwritebraw);
3496 return;
3497 }
3498
3499 if (is_locked(fsp,(uint32)req->smbpid,(SMB_BIG_UINT)tcount,
3500 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3501 reply_doserror(req, ERRDOS, ERRlock);
3502 error_to_writebrawerr(req);
3503 END_PROFILE(SMBwritebraw);
3504 return;
3505 }
3506
3507 if (numtowrite>0) {
3508 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3509 }
3510
3511 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3512 "wrote=%d sync=%d\n",
3513 fsp->fnum, (double)startpos, (int)numtowrite,
3514 (int)nwritten, (int)write_through));
3515
3516 if (nwritten < (ssize_t)numtowrite) {
3517 reply_unixerror(req, ERRHRD, ERRdiskfull);
3518 error_to_writebrawerr(req);
3519 END_PROFILE(SMBwritebraw);
3520 return;
3521 }
3522
3523 total_written = nwritten;
3524
3525 /* Allocate a buffer of 64k + length. */
3526 buf = TALLOC_ARRAY(NULL, char, 65540);
3527 if (!buf) {
3528 reply_doserror(req, ERRDOS, ERRnomem);
3529 error_to_writebrawerr(req);
3530 END_PROFILE(SMBwritebraw);
3531 return;
3532 }
3533
3534 /* Return a SMBwritebraw message to the redirector to tell
3535 * it to send more bytes */
3536
3537 memcpy(buf, req->inbuf, smb_size);
3538 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3539 SCVAL(buf,smb_com,SMBwritebraw);
3540 SSVALS(buf,smb_vwv0,0xFFFF);
3541 show_msg(buf);
3542 if (!srv_send_smb(smbd_server_fd(),
3543 buf,
3544 IS_CONN_ENCRYPTED(conn))) {
3545 exit_server_cleanly("reply_writebraw: srv_send_smb "
3546 "failed.");
3547 }
3548
3549 /* Now read the raw data into the buffer and write it */
3550 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3551 &numtowrite);
3552 if (!NT_STATUS_IS_OK(status)) {
3553 exit_server_cleanly("secondary writebraw failed");
3554 }
3555
3556 /* Set up outbuf to return the correct size */
3557 reply_outbuf(req, 1, 0);
3558
3559 if (numtowrite != 0) {
3560
3561 if (numtowrite > 0xFFFF) {
3562 DEBUG(0,("reply_writebraw: Oversize secondary write "
3563 "raw requested (%u). Terminating\n",
3564 (unsigned int)numtowrite ));
3565 exit_server_cleanly("secondary writebraw failed");
3566 }
3567
3568 if (tcount > nwritten+numtowrite) {
3569 DEBUG(3,("reply_writebraw: Client overestimated the "
3570 "write %d %d %d\n",
3571 (int)tcount,(int)nwritten,(int)numtowrite));
3572 }
3573
3574 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3575
3576 if (!NT_STATUS_IS_OK(status)) {
3577 DEBUG(0,("reply_writebraw: Oversize secondary write "
3578 "raw read failed (%s). Terminating\n",
3579 nt_errstr(status)));
3580 exit_server_cleanly("secondary writebraw failed");
3581 }
3582
3583 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3584 if (nwritten == -1) {
3585 TALLOC_FREE(buf);
3586 reply_unixerror(req, ERRHRD, ERRdiskfull);
3587 error_to_writebrawerr(req);
3588 END_PROFILE(SMBwritebraw);
3589 return;
3590 }
3591
3592 if (nwritten < (ssize_t)numtowrite) {
3593 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3594 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3595 }
3596
3597 if (nwritten > 0) {
3598 total_written += nwritten;
3599 }
3600 }
3601
3602 TALLOC_FREE(buf);
3603 SSVAL(req->outbuf,smb_vwv0,total_written);
3604
3605 status = sync_file(conn, fsp, write_through);
3606 if (!NT_STATUS_IS_OK(status)) {
3607 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3608 fsp->fsp_name, nt_errstr(status) ));
3609 reply_nterror(req, status);
3610 error_to_writebrawerr(req);
3611 END_PROFILE(SMBwritebraw);
3612 return;
3613 }
3614
3615 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3616 "wrote=%d\n",
3617 fsp->fnum, (double)startpos, (int)numtowrite,
3618 (int)total_written));
3619
3620 /* We won't return a status if write through is not selected - this
3621 * follows what WfWg does */
3622 END_PROFILE(SMBwritebraw);
3623
3624 if (!write_through && total_written==tcount) {
3625
3626 #if RABBIT_PELLET_FIX
3627 /*
3628 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3629 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3630 * JRA.
3631 */
3632 if (!send_keepalive(smbd_server_fd())) {
3633 exit_server_cleanly("reply_writebraw: send of "
3634 "keepalive failed");
3635 }
3636 #endif
3637 TALLOC_FREE(req->outbuf);
3638 }
3639 return;
3640 }
3641
3642 #undef DBGC_CLASS
3643 #define DBGC_CLASS DBGC_LOCKING
3644
3645 /****************************************************************************
3646 Reply to a writeunlock (core+).
3647 ****************************************************************************/
3648
3649 void reply_writeunlock(struct smb_request *req)
3650 {
3651 connection_struct *conn = req->conn;
3652 ssize_t nwritten = -1;
3653 size_t numtowrite;
3654 SMB_OFF_T startpos;
3655 char *data;
3656 NTSTATUS status = NT_STATUS_OK;
3657 files_struct *fsp;
3658
3659 START_PROFILE(SMBwriteunlock);
3660
3661 if (req->wct < 5) {
3662 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3663 END_PROFILE(SMBwriteunlock);
3664 return;
3665 }
3666
3667 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3668
3669 if (!check_fsp(conn, req, fsp, &current_user)) {
3670 END_PROFILE(SMBwriteunlock);
3671 return;
3672 }
3673
3674 if (!CHECK_WRITE(fsp)) {
3675 reply_doserror(req, ERRDOS,ERRbadaccess);
3676 END_PROFILE(SMBwriteunlock);
3677 return;
3678 }
3679
3680 numtowrite = SVAL(req->inbuf,smb_vwv1);
3681 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3682 data = smb_buf(req->inbuf) + 3;
3683
3684 if (numtowrite
3685 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3686 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3687 reply_doserror(req, ERRDOS, ERRlock);
3688 END_PROFILE(SMBwriteunlock);
3689 return;
3690 }
3691
3692 /* The special X/Open SMB protocol handling of
3693 zero length writes is *NOT* done for
3694 this call */
3695 if(numtowrite == 0) {
3696 nwritten = 0;
3697 } else {
3698 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3699 }
3700
3701 status = sync_file(conn, fsp, False /* write through */);
3702 if (!NT_STATUS_IS_OK(status)) {
3703 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3704 fsp->fsp_name, nt_errstr(status) ));
3705 reply_nterror(req, status);
3706 END_PROFILE(SMBwriteunlock);
3707 return;
3708 }
3709
3710 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3711 reply_unixerror(req, ERRHRD, ERRdiskfull);
3712 END_PROFILE(SMBwriteunlock);
3713 return;
3714 }
3715
3716 if (numtowrite) {
3717 status = do_unlock(smbd_messaging_context(),
3718 fsp,
3719 req->smbpid,
3720 (SMB_BIG_UINT)numtowrite,
3721 (SMB_BIG_UINT)startpos,
3722 WINDOWS_LOCK);
3723
3724 if (NT_STATUS_V(status)) {
3725 reply_nterror(req, status);
3726 END_PROFILE(SMBwriteunlock);
3727 return;
3728 }
3729 }
3730
3731 reply_outbuf(req, 1, 0);
3732
3733 SSVAL(req->outbuf,smb_vwv0,nwritten);
3734
3735 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3736 fsp->fnum, (int)numtowrite, (int)nwritten));
3737
3738 END_PROFILE(SMBwriteunlock);
3739 return;
3740 }
3741
3742 #undef DBGC_CLASS
3743 #define DBGC_CLASS DBGC_ALL
3744
3745 /****************************************************************************
3746 Reply to a write.
3747 ****************************************************************************/
3748
3749 void reply_write(struct smb_request *req)
3750 {
3751 connection_struct *conn = req->conn;
3752 size_t numtowrite;
3753 ssize_t nwritten = -1;
3754 SMB_OFF_T startpos;
3755 char *data;
3756 files_struct *fsp;
3757 NTSTATUS status;
3758
3759 START_PROFILE(SMBwrite);
3760
3761 if (req->wct < 5) {
3762 END_PROFILE(SMBwrite);
3763 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3764 return;
3765 }
3766
3767 /* If it's an IPC, pass off the pipe handler. */
3768 if (IS_IPC(conn)) {
3769 reply_pipe_write(req);
3770 END_PROFILE(SMBwrite);
3771 return;
3772 }
3773
3774 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3775
3776 if (!check_fsp(conn, req, fsp, &current_user)) {
3777 END_PROFILE(SMBwrite);
3778 return;
3779 }
3780
3781 if (!CHECK_WRITE(fsp)) {
3782 reply_doserror(req, ERRDOS, ERRbadaccess);
3783 END_PROFILE(SMBwrite);
3784 return;
3785 }
3786
3787 numtowrite = SVAL(req->inbuf,smb_vwv1);
3788 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3789 data = smb_buf(req->inbuf) + 3;
3790
3791 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3792 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3793 reply_doserror(req, ERRDOS, ERRlock);
3794 END_PROFILE(SMBwrite);
3795 return;
3796 }
3797
3798 /*
3799 * X/Open SMB protocol says that if smb_vwv1 is
3800 * zero then the file size should be extended or
3801 * truncated to the size given in smb_vwv[2-3].
3802 */
3803
3804 if(numtowrite == 0) {
3805 /*
3806 * This is actually an allocate call, and set EOF. JRA.
3807 */
3808 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3809 if (nwritten < 0) {
3810 reply_nterror(req, NT_STATUS_DISK_FULL);
3811 END_PROFILE(SMBwrite);
3812 return;
3813 }
3814 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3815 if (nwritten < 0) {
3816 reply_nterror(req, NT_STATUS_DISK_FULL);
3817 END_PROFILE(SMBwrite);
3818 return;
3819 }
3820 trigger_write_time_update_immediate(fsp);
3821 } else {
3822 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3823 }
3824
3825 status = sync_file(conn, fsp, False);
3826 if (!NT_STATUS_IS_OK(status)) {
3827 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3828 fsp->fsp_name, nt_errstr(status) ));
3829 reply_nterror(req, status);
3830 END_PROFILE(SMBwrite);
3831 return;
3832 }
3833
3834 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3835 reply_unixerror(req, ERRHRD, ERRdiskfull);
3836 END_PROFILE(SMBwrite);
3837 return;
3838 }
3839
3840 reply_outbuf(req, 1, 0);
3841
3842 SSVAL(req->outbuf,smb_vwv0,nwritten);
3843
3844 if (nwritten < (ssize_t)numtowrite) {
3845 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3846 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3847 }
3848
3849 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3850
3851 END_PROFILE(SMBwrite);
3852 return;
3853 }
3854
3855 /****************************************************************************
3856 Ensure a buffer is a valid writeX for recvfile purposes.
3857 ****************************************************************************/
3858
3859 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3860 (2*14) + /* word count (including bcc) */ \
3861 1 /* pad byte */)
3862
3863 bool is_valid_writeX_buffer(const uint8_t *inbuf)
3864 {
3865 size_t numtowrite;
3866 connection_struct *conn = NULL;
3867 unsigned int doff = 0;
3868 size_t len = smb_len_large(inbuf);
3869
3870 if (is_encrypted_packet(inbuf)) {
3871 /* Can't do this on encrypted
3872 * connections. */
3873 return false;
3874 }
3875
3876 if (CVAL(inbuf,smb_com) != SMBwriteX) {
3877 return false;
3878 }
3879
3880 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
3881 CVAL(inbuf,smb_wct) != 14) {
3882 DEBUG(10,("is_valid_writeX_buffer: chained or "
3883 "invalid word length.\n"));
3884 return false;
3885 }
3886
3887 conn = conn_find(SVAL(inbuf, smb_tid));
3888 if (conn == NULL) {
3889 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
3890 return false;
3891 }
3892 if (IS_IPC(conn)) {
3893 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
3894 return false;
3895 }
3896 if (IS_PRINT(conn)) {
3897 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
3898 return false;
3899 }
3900 doff = SVAL(inbuf,smb_vwv11);
3901
3902 numtowrite = SVAL(inbuf,smb_vwv10);
3903
3904 if (len > doff && len - doff > 0xFFFF) {
3905 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
3906 }
3907
3908 if (numtowrite == 0) {
3909 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
3910 return false;
3911 }
3912
3913 /* Ensure the sizes match up. */
3914 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
3915 /* no pad byte...old smbclient :-( */
3916 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
3917 (unsigned int)doff,
3918 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
3919 return false;
3920 }
3921
3922 if (len - doff != numtowrite) {
3923 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
3924 "len = %u, doff = %u, numtowrite = %u\n",
3925 (unsigned int)len,
3926 (unsigned int)doff,
3927 (unsigned int)numtowrite ));
3928 return false;
3929 }
3930
3931 DEBUG(10,("is_valid_writeX_buffer: true "
3932 "len = %u, doff = %u, numtowrite = %u\n",
3933 (unsigned int)len,
3934 (unsigned int)doff,
3935 (unsigned int)numtowrite ));
3936
3937 return true;
3938 }
3939
3940 /****************************************************************************
3941 Reply to a write and X.
3942 ****************************************************************************/
3943
3944 void reply_write_and_X(struct smb_request *req)
3945 {
3946 connection_struct *conn = req->conn;
3947 files_struct *fsp;
3948 SMB_OFF_T startpos;
3949 size_t numtowrite;
3950 bool write_through;
3951 ssize_t nwritten;
3952 unsigned int smb_doff;
3953 unsigned int smblen;
3954 char *data;
3955 NTSTATUS status;
3956
3957 START_PROFILE(SMBwriteX);
3958
3959 if ((req->wct != 12) && (req->wct != 14)) {
3960 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3961 END_PROFILE(SMBwriteX);
3962 return;
3963 }
3964
3965 numtowrite = SVAL(req->inbuf,smb_vwv10);
3966 smb_doff = SVAL(req->inbuf,smb_vwv11);
3967 smblen = smb_len(req->inbuf);
3968
3969 if (req->unread_bytes > 0xFFFF ||
3970 (smblen > smb_doff &&
3971 smblen - smb_doff > 0xFFFF)) {
3972 numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16);
3973 }
3974
3975 if (req->unread_bytes) {
3976 /* Can't do a recvfile write on IPC$ */
3977 if (IS_IPC(conn)) {
3978 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3979 END_PROFILE(SMBwriteX);
3980 return;
3981 }
3982 if (numtowrite != req->unread_bytes) {
3983 reply_doserror(req, ERRDOS, ERRbadmem);
3984 END_PROFILE(SMBwriteX);
3985 return;
3986 }
3987 } else {
3988 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
3989 smb_doff + numtowrite > smblen) {
3990 reply_doserror(req, ERRDOS, ERRbadmem);
3991 END_PROFILE(SMBwriteX);
3992 return;
3993 }
3994 }
3995
3996 /* If it's an IPC, pass off the pipe handler. */
3997 if (IS_IPC(conn)) {
3998 if (req->unread_bytes) {
3999 reply_doserror(req, ERRDOS, ERRbadmem);
4000 END_PROFILE(SMBwriteX);
4001 return;
4002 }
4003 reply_pipe_write_and_X(req);
4004 END_PROFILE(SMBwriteX);
4005 return;
4006 }
4007
4008 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
4009 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
4010 write_through = BITSETW(req->inbuf+smb_vwv7,0);
4011
4012 if (!check_fsp(conn, req, fsp, &current_user)) {
4013 END_PROFILE(SMBwriteX);
4014 return;
4015 }
4016
4017 if (!CHECK_WRITE(fsp)) {
4018 reply_doserror(req, ERRDOS, ERRbadaccess);
4019 END_PROFILE(SMBwriteX);
4020 return;
4021 }
4022
4023 data = smb_base(req->inbuf) + smb_doff;
4024
4025 if(req->wct == 14) {
4026 #ifdef LARGE_SMB_OFF_T
4027 /*
4028 * This is a large offset (64 bit) write.
4029 */
4030 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
4031
4032 #else /* !LARGE_SMB_OFF_T */
4033
4034 /*
4035 * Ensure we haven't been sent a >32 bit offset.
4036 */
4037
4038 if(IVAL(req->inbuf,smb_vwv12) != 0) {
4039 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4040 "used and we don't support 64 bit offsets.\n",
4041 (unsigned int)IVAL(req->inbuf,smb_vwv12) ));
4042 reply_doserror(req, ERRDOS, ERRbadaccess);
4043 END_PROFILE(SMBwriteX);
4044 return;
4045 }
4046
4047 #endif /* LARGE_SMB_OFF_T */
4048 }
4049
4050 if (is_locked(fsp,(uint32)req->smbpid,
4051 (SMB_BIG_UINT)numtowrite,
4052 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4053 reply_doserror(req, ERRDOS, ERRlock);
4054 END_PROFILE(SMBwriteX);
4055 return;
4056 }
4057
4058 /* X/Open SMB protocol says that, unlike SMBwrite
4059 if the length is zero then NO truncation is
4060 done, just a write of zero. To truncate a file,
4061 use SMBwrite. */
4062
4063 if(numtowrite == 0) {
4064 nwritten = 0;
4065 } else {
4066
4067 if ((req->unread_bytes == 0) &&
4068 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4069 numtowrite)) {
4070 END_PROFILE(SMBwriteX);
4071 return;
4072 }
4073
4074 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4075 }
4076
4077 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4078 reply_unixerror(req, ERRHRD, ERRdiskfull);
4079 END_PROFILE(SMBwriteX);
4080 return;
4081 }
4082
4083 reply_outbuf(req, 6, 0);
4084 SSVAL(req->outbuf,smb_vwv2,nwritten);
4085 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4086
4087 if (nwritten < (ssize_t)numtowrite) {
4088 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4089 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4090 }
4091
4092 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4093 fsp->fnum, (int)numtowrite, (int)nwritten));
4094
4095 status = sync_file(conn, fsp, write_through);
4096 if (!NT_STATUS_IS_OK(status)) {
4097 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4098 fsp->fsp_name, nt_errstr(status) ));
4099 reply_nterror(req, status);
4100 END_PROFILE(SMBwriteX);
4101 return;
4102 }
4103
4104 END_PROFILE(SMBwriteX);
4105 chain_reply(req);
4106 return;
4107 }
4108
4109 /****************************************************************************
4110 Reply to a lseek.
4111 ****************************************************************************/
4112
4113 void reply_lseek(struct smb_request *req)
4114 {
4115 connection_struct *conn = req->conn;
4116 SMB_OFF_T startpos;
4117 SMB_OFF_T res= -1;
4118 int mode,umode;
4119 files_struct *fsp;
4120
4121 START_PROFILE(SMBlseek);
4122
4123 if (req->wct < 4) {
4124 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4125 END_PROFILE(SMBlseek);
4126 return;
4127 }
4128
4129 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4130
4131 if (!check_fsp(conn, req, fsp, &current_user)) {
4132 return;
4133 }
4134
4135 flush_write_cache(fsp, SEEK_FLUSH);
4136
4137 mode = SVAL(req->inbuf,smb_vwv1) & 3;
4138 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4139 startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2);
4140
4141 switch (mode) {
4142 case 0:
4143 umode = SEEK_SET;
4144 res = startpos;
4145 break;
4146 case 1:
4147 umode = SEEK_CUR;
4148 res = fsp->fh->pos + startpos;
4149 break;
4150 case 2:
4151 umode = SEEK_END;
4152 break;
4153 default:
4154 umode = SEEK_SET;
4155 res = startpos;
4156 break;
4157 }
4158
4159 if (umode == SEEK_END) {
4160 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4161 if(errno == EINVAL) {
4162 SMB_OFF_T current_pos = startpos;
4163 SMB_STRUCT_STAT sbuf;
4164
4165 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4166 reply_unixerror(req, ERRDOS,
4167 ERRnoaccess);
4168 END_PROFILE(SMBlseek);
4169 return;
4170 }
4171
4172 current_pos += sbuf.st_size;
4173 if(current_pos < 0)
4174 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4175 }
4176 }
4177
4178 if(res == -1) {
4179 reply_unixerror(req, ERRDOS, ERRnoaccess);
4180 END_PROFILE(SMBlseek);
4181 return;
4182 }
4183 }
4184
4185 fsp->fh->pos = res;
4186
4187 reply_outbuf(req, 2, 0);
4188 SIVAL(req->outbuf,smb_vwv0,res);
4189
4190 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4191 fsp->fnum, (double)startpos, (double)res, mode));
4192
4193 END_PROFILE(SMBlseek);
4194 return;
4195 }
4196
4197 /****************************************************************************
4198 Reply to a flush.
4199 ****************************************************************************/
4200
4201 void reply_flush(struct smb_request *req)
4202 {
4203 connection_struct *conn = req->conn;
4204 uint16 fnum;
4205 files_struct *fsp;
4206
4207 START_PROFILE(SMBflush);
4208
4209 if (req->wct < 1) {
4210 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4211 return;
4212 }
4213
4214 fnum = SVAL(req->inbuf,smb_vwv0);
4215 fsp = file_fsp(fnum);
4216
4217 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp, &current_user)) {
4218 return;
4219 }
4220
4221 if (!fsp) {
4222 file_sync_all(conn);
4223 } else {
4224 NTSTATUS status = sync_file(conn, fsp, True);
4225 if (!NT_STATUS_IS_OK(status)) {
4226 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4227 fsp->fsp_name, nt_errstr(status) ));
4228 reply_nterror(req, status);
4229 END_PROFILE(SMBflush);
4230 return;
4231 }
4232 }
4233
4234 reply_outbuf(req, 0, 0);
4235
4236 DEBUG(3,("flush\n"));
4237 END_PROFILE(SMBflush);
4238 return;
4239 }
4240
4241 /****************************************************************************
4242 Reply to a exit.
4243 conn POINTER CAN BE NULL HERE !
4244 ****************************************************************************/
4245
4246 void reply_exit(struct smb_request *req)
4247 {
4248 START_PROFILE(SMBexit);
4249
4250 file_close_pid(req->smbpid, req->vuid);
4251
4252 reply_outbuf(req, 0, 0);
4253
4254 DEBUG(3,("exit\n"));
4255
4256 END_PROFILE(SMBexit);
4257 return;
4258 }
4259
4260 /****************************************************************************
4261 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4262 ****************************************************************************/
4263
4264 void reply_close(struct smb_request *req)
4265 {
4266 connection_struct *conn = req->conn;
4267 NTSTATUS status = NT_STATUS_OK;
4268 files_struct *fsp = NULL;
4269 START_PROFILE(SMBclose);
4270
4271 if (req->wct < 3) {
4272 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4273 END_PROFILE(SMBclose);
4274 return;
4275 }
4276
4277 /* If it's an IPC, pass off to the pipe handler. */
4278 if (IS_IPC(conn)) {
4279 reply_pipe_close(conn, req);
4280 END_PROFILE(SMBclose);
4281 return;
4282 }
4283
4284 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4285
4286 /*
4287 * We can only use CHECK_FSP if we know it's not a directory.
4288 */
4289
4290 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
4291 reply_doserror(req, ERRDOS, ERRbadfid);
4292 END_PROFILE(SMBclose);
4293 return;
4294 }
4295
4296 if(fsp->is_directory) {
4297 /*
4298 * Special case - close NT SMB directory handle.
4299 */
4300 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4301 status = close_file(fsp,NORMAL_CLOSE);
4302 } else {
4303 time_t t;
4304 /*
4305 * Close ordinary file.
4306 */
4307
4308 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4309 fsp->fh->fd, fsp->fnum,
4310 conn->num_files_open));
4311
4312 /*
4313 * Take care of any time sent in the close.
4314 */
4315
4316 t = srv_make_unix_date3(req->inbuf+smb_vwv1);
4317 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4318
4319 /*
4320 * close_file() returns the unix errno if an error
4321 * was detected on close - normally this is due to
4322 * a disk full error. If not then it was probably an I/O error.
4323 */
4324
4325 status = close_file(fsp,NORMAL_CLOSE);
4326 }
4327
4328 if (!NT_STATUS_IS_OK(status)) {
4329 reply_nterror(req, status);
4330 END_PROFILE(SMBclose);
4331 return;
4332 }
4333
4334 reply_outbuf(req, 0, 0);
4335 END_PROFILE(SMBclose);
4336 return;
4337 }
4338
4339 /****************************************************************************
4340 Reply to a writeclose (Core+ protocol).
4341 ****************************************************************************/
4342
4343 void reply_writeclose(struct smb_request *req)
4344 {
4345 connection_struct *conn = req->conn;
4346 size_t numtowrite;
4347 ssize_t nwritten = -1;
4348 NTSTATUS close_status = NT_STATUS_OK;
4349 SMB_OFF_T startpos;
4350 char *data;
4351 struct timespec mtime;
4352 files_struct *fsp;
4353
4354 START_PROFILE(SMBwriteclose);
4355
4356 if (req->wct < 6) {
4357 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4358 END_PROFILE(SMBwriteclose);
4359 return;
4360 }
4361
4362 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4363
4364 if (!check_fsp(conn, req, fsp, &current_user)) {
4365 END_PROFILE(SMBwriteclose);
4366 return;
4367 }
4368 if (!CHECK_WRITE(fsp)) {
4369 reply_doserror(req, ERRDOS,ERRbadaccess);
4370 END_PROFILE(SMBwriteclose);
4371 return;
4372 }
4373
4374 numtowrite = SVAL(req->inbuf,smb_vwv1);
4375 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
4376 mtime = convert_time_t_to_timespec(srv_make_unix_date3(
4377 req->inbuf+smb_vwv4));
4378 data = smb_buf(req->inbuf) + 1;
4379
4380 if (numtowrite
4381 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
4382 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4383 reply_doserror(req, ERRDOS,ERRlock);
4384 END_PROFILE(SMBwriteclose);
4385 return;
4386 }
4387
4388 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4389
4390 set_close_write_time(fsp, mtime);
4391
4392 /*
4393 * More insanity. W2K only closes the file if writelen > 0.
4394 * JRA.
4395 */
4396
4397 if (numtowrite) {
4398 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4399 fsp->fsp_name ));
4400 close_status = close_file(fsp,NORMAL_CLOSE);
4401 }
4402
4403 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4404 fsp->fnum, (int)numtowrite, (int)nwritten,
4405 conn->num_files_open));
4406
4407 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4408 reply_doserror(req, ERRHRD, ERRdiskfull);
4409 END_PROFILE(SMBwriteclose);
4410 return;
4411 }
4412
4413 if(!NT_STATUS_IS_OK(close_status)) {
4414 reply_nterror(req, close_status);
4415 END_PROFILE(SMBwriteclose);
4416 return;
4417 }
4418
4419 reply_outbuf(req, 1, 0);
4420
4421 SSVAL(req->outbuf,smb_vwv0,nwritten);
4422 END_PROFILE(SMBwriteclose);
4423 return;
4424 }
4425
4426 #undef DBGC_CLASS
4427 #define DBGC_CLASS DBGC_LOCKING
4428
4429 /****************************************************************************
4430 Reply to a lock.
4431 ****************************************************************************/
4432
4433 void reply_lock(struct smb_request *req)
4434 {
4435 connection_struct *conn = req->conn;
4436 SMB_BIG_UINT count,offset;
4437 NTSTATUS status;
4438 files_struct *fsp;
4439 struct byte_range_lock *br_lck = NULL;
4440
4441 START_PROFILE(SMBlock);
4442
4443 if (req->wct < 5) {
4444 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4445 END_PROFILE(SMBlock);
4446 return;
4447 }
4448
4449 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4450
4451 if (!check_fsp(conn, req, fsp, &current_user)) {
4452 END_PROFILE(SMBlock);
4453 return;
4454 }
4455
4456 release_level_2_oplocks_on_change(fsp);
4457
4458 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4459 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4460
4461 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4462 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4463
4464 br_lck = do_lock(smbd_messaging_context(),
4465 fsp,
4466 req->smbpid,
4467 count,
4468 offset,
4469 WRITE_LOCK,
4470 WINDOWS_LOCK,
4471 False, /* Non-blocking lock. */
4472 &status,
4473 NULL);
4474
4475 TALLOC_FREE(br_lck);
4476
4477 if (NT_STATUS_V(status)) {
4478 reply_nterror(req, status);
4479 END_PROFILE(SMBlock);
4480 return;
4481 }
4482
4483 reply_outbuf(req, 0, 0);
4484
4485 END_PROFILE(SMBlock);
4486 return;
4487 }
4488
4489 /****************************************************************************
4490 Reply to a unlock.
4491 ****************************************************************************/
4492
4493 void reply_unlock(struct smb_request *req)
4494 {
4495 connection_struct *conn = req->conn;
4496 SMB_BIG_UINT count,offset;
4497 NTSTATUS status;
4498 files_struct *fsp;
4499
4500 START_PROFILE(SMBunlock);
4501
4502 if (req->wct < 5) {
4503 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4504 END_PROFILE(SMBunlock);
4505 return;
4506 }
4507
4508 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4509
4510 if (!check_fsp(conn, req, fsp, &current_user)) {
4511 END_PROFILE(SMBunlock);
4512 return;
4513 }
4514
4515 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4516 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4517
4518 status = do_unlock(smbd_messaging_context(),
4519 fsp,
4520 req->smbpid,
4521 count,
4522 offset,
4523 WINDOWS_LOCK);
4524
4525 if (NT_STATUS_V(status)) {
4526 reply_nterror(req, status);
4527 END_PROFILE(SMBunlock);
4528 return;
4529 }
4530
4531 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4532 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4533
4534 reply_outbuf(req, 0, 0);
4535
4536 END_PROFILE(SMBunlock);
4537 return;
4538 }
4539
4540 #undef DBGC_CLASS
4541 #define DBGC_CLASS DBGC_ALL
4542
4543 /****************************************************************************
4544 Reply to a tdis.
4545 conn POINTER CAN BE NULL HERE !
4546 ****************************************************************************/
4547
4548 void reply_tdis(struct smb_request *req)
4549 {
4550 connection_struct *conn = req->conn;
4551 START_PROFILE(SMBtdis);
4552
4553 if (!conn) {
4554 DEBUG(4,("Invalid connection in tdis\n"));
4555 reply_doserror(req, ERRSRV, ERRinvnid);
4556 END_PROFILE(SMBtdis);
4557 return;
4558 }
4559
4560 conn->used = False;
4561
4562 close_cnum(conn,req->vuid);
4563 req->conn = NULL;
4564
4565 reply_outbuf(req, 0, 0);
4566 END_PROFILE(SMBtdis);
4567 return;
4568 }
4569
4570 /****************************************************************************
4571 Reply to a echo.
4572 conn POINTER CAN BE NULL HERE !
4573 ****************************************************************************/
4574
4575 void reply_echo(struct smb_request *req)
4576 {
4577 connection_struct *conn = req->conn;
4578 int smb_reverb;
4579 int seq_num;
4580 unsigned int data_len = smb_buflen(req->inbuf);
4581
4582 START_PROFILE(SMBecho);
4583
4584 if (req->wct < 1) {
4585 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4586 END_PROFILE(SMBecho);
4587 return;
4588 }
4589
4590 if (data_len > BUFFER_SIZE) {
4591 DEBUG(0,("reply_echo: data_len too large.\n"));
4592 reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
4593 END_PROFILE(SMBecho);
4594 return;
4595 }
4596
4597 smb_reverb = SVAL(req->inbuf,smb_vwv0);
4598
4599 reply_outbuf(req, 1, data_len);
4600
4601 /* copy any incoming data back out */
4602 if (data_len > 0) {
4603 memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
4604 }
4605
4606 if (smb_reverb > 100) {
4607 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4608 smb_reverb = 100;
4609 }
4610
4611 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4612 SSVAL(req->outbuf,smb_vwv0,seq_num);
4613
4614 show_msg((char *)req->outbuf);
4615 if (!srv_send_smb(smbd_server_fd(),
4616 (char *)req->outbuf,
4617 IS_CONN_ENCRYPTED(conn)||req->encrypted))
4618 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4619 }
4620
4621 DEBUG(3,("echo %d times\n", smb_reverb));
4622
4623 TALLOC_FREE(req->outbuf);
4624
4625 smb_echo_count++;
4626
4627 END_PROFILE(SMBecho);
4628 return;
4629 }
4630
4631 /****************************************************************************
4632 Reply to a printopen.
4633 ****************************************************************************/
4634
4635 void reply_printopen(struct smb_request *req)
4636 {
4637 connection_struct *conn = req->conn;
4638 files_struct *fsp;
4639 NTSTATUS status;
4640 SMB_STRUCT_STAT sbuf;
4641
4642 START_PROFILE(SMBsplopen);
4643
4644 if (req->wct < 2) {
4645 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4646 END_PROFILE(SMBsplopen);
4647 return;
4648 }
4649
4650 if (!CAN_PRINT(conn)) {
4651 reply_doserror(req, ERRDOS, ERRnoaccess);
4652 END_PROFILE(SMBsplopen);
4653 return;
4654 }
4655
4656 status = file_new(conn, &fsp);
4657 if(!NT_STATUS_IS_OK(status)) {
4658 reply_nterror(req, status);
4659 END_PROFILE(SMBsplopen);
4660 return;
4661 }
4662
4663 /* Open for exclusive use, write only. */
4664 status = print_fsp_open(conn, NULL, fsp, &sbuf);
4665
4666 if (!NT_STATUS_IS_OK(status)) {
4667 file_free(fsp);
4668 reply_nterror(req, status);
4669 END_PROFILE(SMBsplopen);
4670 return;
4671 }
4672
4673 reply_outbuf(req, 1, 0);
4674 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4675
4676 DEBUG(3,("openprint fd=%d fnum=%d\n",
4677 fsp->fh->fd, fsp->fnum));
4678
4679 END_PROFILE(SMBsplopen);
4680 return;
4681 }
4682
4683 /****************************************************************************
4684 Reply to a printclose.
4685 ****************************************************************************/
4686
4687 void reply_printclose(struct smb_request *req)
4688 {
4689 connection_struct *conn = req->conn;
4690 files_struct *fsp;
4691 NTSTATUS status;
4692
4693 START_PROFILE(SMBsplclose);
4694
4695 if (req->wct < 1) {
4696 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4697 END_PROFILE(SMBsplclose);
4698 return;
4699 }
4700
4701 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4702
4703 if (!check_fsp(conn, req, fsp, &current_user)) {
4704 END_PROFILE(SMBsplclose);
4705 return;
4706 }
4707
4708 if (!CAN_PRINT(conn)) {
4709 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4710 END_PROFILE(SMBsplclose);
4711 return;
4712 }
4713
4714 DEBUG(3,("printclose fd=%d fnum=%d\n",
4715 fsp->fh->fd,fsp->fnum));
4716
4717 status = close_file(fsp,NORMAL_CLOSE);
4718
4719 if(!NT_STATUS_IS_OK(status)) {
4720 reply_nterror(req, status);
4721 END_PROFILE(SMBsplclose);
4722 return;
4723 }
4724
4725 reply_outbuf(req, 0, 0);
4726
4727 END_PROFILE(SMBsplclose);
4728 return;
4729 }
4730
4731 /****************************************************************************
4732 Reply to a printqueue.
4733 ****************************************************************************/
4734
4735 void reply_printqueue(struct smb_request *req)
4736 {
4737 connection_struct *conn = req->conn;
4738 int max_count;
4739 int start_index;
4740
4741 START_PROFILE(SMBsplretq);
4742
4743 if (req->wct < 2) {
4744 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4745 END_PROFILE(SMBsplretq);
4746 return;
4747 }
4748
4749 max_count = SVAL(req->inbuf,smb_vwv0);
4750 start_index = SVAL(req->inbuf,smb_vwv1);
4751
4752 /* we used to allow the client to get the cnum wrong, but that
4753 is really quite gross and only worked when there was only
4754 one printer - I think we should now only accept it if they
4755 get it right (tridge) */
4756 if (!CAN_PRINT(conn)) {
4757 reply_doserror(req, ERRDOS, ERRnoaccess);
4758 END_PROFILE(SMBsplretq);
4759 return;
4760 }
4761
4762 reply_outbuf(req, 2, 3);
4763 SSVAL(req->outbuf,smb_vwv0,0);
4764 SSVAL(req->outbuf,smb_vwv1,0);
4765 SCVAL(smb_buf(req->outbuf),0,1);
4766 SSVAL(smb_buf(req->outbuf),1,0);
4767
4768 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4769 start_index, max_count));
4770
4771 {
4772 print_queue_struct *queue = NULL;
4773 print_status_struct status;
4774 int count = print_queue_status(SNUM(conn), &queue, &status);
4775 int num_to_get = ABS(max_count);
4776 int first = (max_count>0?start_index:start_index+max_count+1);
4777 int i;
4778
4779 if (first >= count)
4780 num_to_get = 0;
4781 else
4782 num_to_get = MIN(num_to_get,count-first);
4783
4784
4785 for (i=first;i<first+num_to_get;i++) {
4786 char blob[28];
4787 char *p = blob;
4788
4789 srv_put_dos_date2(p,0,queue[i].time);
4790 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4791 SSVAL(p,5, queue[i].job);
4792 SIVAL(p,7,queue[i].size);
4793 SCVAL(p,11,0);
4794 srvstr_push(blob, req->flags2, p+12,
4795 queue[i].fs_user, 16, STR_ASCII);
4796
4797 if (message_push_blob(
4798 &req->outbuf,
4799 data_blob_const(
4800 blob, sizeof(blob))) == -1) {
4801 reply_nterror(req, NT_STATUS_NO_MEMORY);
4802 END_PROFILE(SMBsplretq);
4803 return;
4804 }
4805 }
4806
4807 if (count > 0) {
4808 SSVAL(req->outbuf,smb_vwv0,count);
4809 SSVAL(req->outbuf,smb_vwv1,
4810 (max_count>0?first+count:first-1));
4811 SCVAL(smb_buf(req->outbuf),0,1);
4812 SSVAL(smb_buf(req->outbuf),1,28*count);
4813 }
4814
4815 SAFE_FREE(queue);
4816
4817 DEBUG(3,("%d entries returned in queue\n",count));
4818 }
4819
4820 END_PROFILE(SMBsplretq);
4821 return;
4822 }
4823
4824 /****************************************************************************
4825 Reply to a printwrite.
4826 ****************************************************************************/
4827
4828 void reply_printwrite(struct smb_request *req)
4829 {
4830 connection_struct *conn = req->conn;
4831 int numtowrite;
4832 char *data;
4833 files_struct *fsp;
4834
4835 START_PROFILE(SMBsplwr);
4836
4837 if (req->wct < 1) {
4838 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4839 END_PROFILE(SMBsplwr);
4840 return;
4841 }
4842
4843 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4844
4845 if (!check_fsp(conn, req, fsp, &current_user)) {
4846 END_PROFILE(SMBsplwr);
4847 return;
4848 }
4849
4850 if (!CAN_PRINT(conn)) {
4851 reply_doserror(req, ERRDOS, ERRnoaccess);
4852 END_PROFILE(SMBsplwr);
4853 return;
4854 }
4855
4856 if (!CHECK_WRITE(fsp)) {
4857 reply_doserror(req, ERRDOS, ERRbadaccess);
4858 END_PROFILE(SMBsplwr);
4859 return;
4860 }
4861
4862 numtowrite = SVAL(smb_buf(req->inbuf),1);
4863
4864 if (smb_buflen(req->inbuf) < numtowrite + 3) {
4865 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4866 END_PROFILE(SMBsplwr);
4867 return;
4868 }
4869
4870 data = smb_buf(req->inbuf) + 3;
4871
4872 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
4873 reply_unixerror(req, ERRHRD, ERRdiskfull);
4874 END_PROFILE(SMBsplwr);
4875 return;
4876 }
4877
4878 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4879
4880 END_PROFILE(SMBsplwr);
4881 return;
4882 }
4883
4884 /****************************************************************************
4885 Reply to a mkdir.
4886 ****************************************************************************/
4887
4888 void reply_mkdir(struct smb_request *req)
4889 {
4890 connection_struct *conn = req->conn;
4891 char *directory = NULL;
4892 NTSTATUS status;
4893 SMB_STRUCT_STAT sbuf;
4894 TALLOC_CTX *ctx = talloc_tos();
4895
4896 START_PROFILE(SMBmkdir);
4897
4898 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
4899 smb_buf(req->inbuf) + 1, 0,
4900 STR_TERMINATE, &status);
4901 if (!NT_STATUS_IS_OK(status)) {
4902 reply_nterror(req, status);
4903 END_PROFILE(SMBmkdir);
4904 return;
4905 }
4906
4907 status = resolve_dfspath(ctx, conn,
4908 req->flags2 & FLAGS2_DFS_PATHNAMES,
4909 directory,
4910 &directory);
4911 if (!NT_STATUS_IS_OK(status)) {
4912 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4913 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4914 ERRSRV, ERRbadpath);
4915 END_PROFILE(SMBmkdir);
4916 return;
4917 }
4918 reply_nterror(req, status);
4919 END_PROFILE(SMBmkdir);
4920 return;
4921 }
4922
4923 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
4924 if (!NT_STATUS_IS_OK(status)) {
4925 reply_nterror(req, status);
4926 END_PROFILE(SMBmkdir);
4927 return;
4928 }
4929
4930 status = check_name(conn, directory);
4931 if (!NT_STATUS_IS_OK(status)) {
4932 reply_nterror(req, status);
4933 END_PROFILE(SMBmkdir);
4934 return;
4935 }
4936
4937 status = create_directory(conn, req, directory);
4938
4939 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4940
4941 if (!NT_STATUS_IS_OK(status)) {
4942
4943 if (!use_nt_status()
4944 && NT_STATUS_EQUAL(status,
4945 NT_STATUS_OBJECT_NAME_COLLISION)) {
4946 /*
4947 * Yes, in the DOS error code case we get a
4948 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4949 * samba4 torture test.
4950 */
4951 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4952 }
4953
4954 reply_nterror(req, status);
4955 END_PROFILE(SMBmkdir);
4956 return;
4957 }
4958
4959 reply_outbuf(req, 0, 0);
4960
4961 DEBUG( 3, ( "mkdir %s\n", directory ) );
4962
4963 END_PROFILE(SMBmkdir);
4964 return;
4965 }
4966
4967 /****************************************************************************
4968 Static function used by reply_rmdir to delete an entire directory
4969 tree recursively. Return True on ok, False on fail.
4970 ****************************************************************************/
4971
4972 static bool recursive_rmdir(TALLOC_CTX *ctx,
4973 connection_struct *conn,
4974 char *directory)
4975 {
4976 const char *dname = NULL;
4977 bool ret = True;
4978 long offset = 0;
4979 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
4980 NULL, 0);
4981
4982 if(dir_hnd == NULL)
4983 return False;
4984
4985 while((dname = ReadDirName(dir_hnd, &offset))) {
4986 char *fullname = NULL;
4987 SMB_STRUCT_STAT st;
4988
4989 if (ISDOT(dname) || ISDOTDOT(dname)) {
4990 continue;
4991 }
4992
4993 if (!is_visible_file(conn, directory, dname, &st, False)) {
4994 continue;
4995 }
4996
4997 /* Construct the full name. */
4998 fullname = talloc_asprintf(ctx,
4999 "%s/%s",
5000 directory,
5001 dname);
5002 if (!fullname) {
5003 errno = ENOMEM;
5004 ret = False;
5005 break;
5006 }
5007
5008 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5009 ret = False;
5010 break;
5011 }
5012
5013 if(st.st_mode & S_IFDIR) {
5014 if(!recursive_rmdir(ctx, conn, fullname)) {
5015 ret = False;
5016 break;
5017 }
5018 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5019 ret = False;
5020 break;
5021 }
5022 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5023 ret = False;
5024 break;
5025 }
5026 TALLOC_FREE(fullname);
5027 }
5028 TALLOC_FREE(dir_hnd);
5029 return ret;
5030 }
5031
5032 /****************************************************************************
5033 The internals of the rmdir code - called elsewhere.
5034 ****************************************************************************/
5035
5036 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
5037 connection_struct *conn,
5038 const char *directory)
5039 {
5040 int ret;
5041 SMB_STRUCT_STAT st;
5042
5043 /* Might be a symlink. */
5044 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
5045 return map_nt_error_from_unix(errno);
5046 }
5047
5048 if (S_ISLNK(st.st_mode)) {
5049 /* Is what it points to a directory ? */
5050 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
5051 return map_nt_error_from_unix(errno);
5052 }
5053 if (!(S_ISDIR(st.st_mode))) {
5054 return NT_STATUS_NOT_A_DIRECTORY;
5055 }
5056 ret = SMB_VFS_UNLINK(conn,directory);
5057 } else {
5058 ret = SMB_VFS_RMDIR(conn,directory);
5059 }
5060 if (ret == 0) {
5061 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5062 FILE_NOTIFY_CHANGE_DIR_NAME,
5063 directory);
5064 return NT_STATUS_OK;
5065 }
5066
5067 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
5068 /*
5069 * Check to see if the only thing in this directory are
5070 * vetoed files/directories. If so then delete them and
5071 * retry. If we fail to delete any of them (and we *don't*
5072 * do a recursive delete) then fail the rmdir.
5073 */
5074 const char *dname;
5075 long dirpos = 0;
5076 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5077 directory, NULL, 0);
5078
5079 if(dir_hnd == NULL) {
5080 errno = ENOTEMPTY;
5081 goto err;
5082 }
5083
5084 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5085 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5086 continue;
5087 if (!is_visible_file(conn, directory, dname, &st, False))
5088 continue;
5089 if(!IS_VETO_PATH(conn, dname)) {
5090 TALLOC_FREE(dir_hnd);
5091 errno = ENOTEMPTY;
5092 goto err;
5093 }
5094 }
5095
5096 /* We only have veto files/directories.
5097 * Are we allowed to delete them ? */
5098
5099 if(!lp_recursive_veto_delete(SNUM(conn))) {
5100 TALLOC_FREE(dir_hnd);
5101 errno = ENOTEMPTY;
5102 goto err;
5103 }
5104
5105 /* Do a recursive delete. */
5106 RewindDir(dir_hnd,&dirpos);
5107 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5108 char *fullname = NULL;
5109
5110 if (ISDOT(dname) || ISDOTDOT(dname)) {
5111 continue;
5112 }
5113 if (!is_visible_file(conn, directory, dname, &st, False)) {
5114 continue;
5115 }
5116
5117 fullname = talloc_asprintf(ctx,
5118 "%s/%s",
5119 directory,
5120 dname);
5121
5122 if(!fullname) {
5123 errno = ENOMEM;
5124 break;
5125 }
5126
5127 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5128 break;
5129 }
5130 if(st.st_mode & S_IFDIR) {
5131 if(!recursive_rmdir(ctx, conn, fullname)) {
5132 break;
5133 }
5134 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5135 break;
5136 }
5137 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5138 break;
5139 }
5140 TALLOC_FREE(fullname);
5141 }
5142 TALLOC_FREE(dir_hnd);
5143 /* Retry the rmdir */
5144 ret = SMB_VFS_RMDIR(conn,directory);
5145 }
5146
5147 err:
5148
5149 if (ret != 0) {
5150 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5151 "%s\n", directory,strerror(errno)));
5152 return map_nt_error_from_unix(errno);
5153 }
5154
5155 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5156 FILE_NOTIFY_CHANGE_DIR_NAME,
5157 directory);
5158
5159 return NT_STATUS_OK;
5160 }
5161
5162 /****************************************************************************
5163 Reply to a rmdir.
5164 ****************************************************************************/
5165
5166 void reply_rmdir(struct smb_request *req)
5167 {
5168 connection_struct *conn = req->conn;
5169 char *directory = NULL;
5170 SMB_STRUCT_STAT sbuf;
5171 NTSTATUS status;
5172 TALLOC_CTX *ctx = talloc_tos();
5173
5174 START_PROFILE(SMBrmdir);
5175
5176 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
5177 smb_buf(req->inbuf) + 1, 0,
5178 STR_TERMINATE, &status);
5179 if (!NT_STATUS_IS_OK(status)) {
5180 reply_nterror(req, status);
5181 END_PROFILE(SMBrmdir);
5182 return;
5183 }
5184
5185 status = resolve_dfspath(ctx, conn,
5186 req->flags2 & FLAGS2_DFS_PATHNAMES,
5187 directory,
5188 &directory);
5189 if (!NT_STATUS_IS_OK(status)) {
5190 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5191 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5192 ERRSRV, ERRbadpath);
5193 END_PROFILE(SMBrmdir);
5194 return;
5195 }
5196 reply_nterror(req, status);
5197 END_PROFILE(SMBrmdir);
5198 return;
5199 }
5200
5201 status = unix_convert(ctx, conn, directory, False, &directory,
5202 NULL, &sbuf);
5203 if (!NT_STATUS_IS_OK(status)) {
5204 reply_nterror(req, status);
5205 END_PROFILE(SMBrmdir);
5206 return;
5207 }
5208
5209 status = check_name(conn, directory);
5210 if (!NT_STATUS_IS_OK(status)) {
5211 reply_nterror(req, status);
5212 END_PROFILE(SMBrmdir);
5213 return;
5214 }
5215
5216 dptr_closepath(directory, req->smbpid);
5217 status = rmdir_internals(ctx, conn, directory);
5218 if (!NT_STATUS_IS_OK(status)) {
5219 reply_nterror(req, status);
5220 END_PROFILE(SMBrmdir);
5221 return;
5222 }
5223
5224 reply_outbuf(req, 0, 0);
5225
5226 DEBUG( 3, ( "rmdir %s\n", directory ) );
5227
5228 END_PROFILE(SMBrmdir);
5229 return;
5230 }
5231
5232 /*******************************************************************
5233 Resolve wildcards in a filename rename.
5234 ********************************************************************/
5235
5236 static bool resolve_wildcards(TALLOC_CTX *ctx,
5237 const char *name1,
5238 const char *name2,
5239 char **pp_newname)
5240 {
5241 char *name2_copy = NULL;
5242 char *root1 = NULL;
5243 char *root2 = NULL;
5244 char *ext1 = NULL;
5245 char *ext2 = NULL;
5246 char *p,*p2, *pname1, *pname2;
5247
5248 name2_copy = talloc_strdup(ctx, name2);
5249 if (!name2_copy) {
5250 return False;
5251 }
5252
5253 pname1 = strrchr_m(name1,'/');
5254 pname2 = strrchr_m(name2_copy,'/');
5255
5256 if (!pname1 || !pname2) {
5257 return False;
5258 }
5259
5260 /* Truncate the copy of name2 at the last '/' */
5261 *pname2 = '\0';
5262
5263 /* Now go past the '/' */
5264 pname1++;
5265 pname2++;
5266
5267 root1 = talloc_strdup(ctx, pname1);
5268 root2 = talloc_strdup(ctx, pname2);
5269
5270 if (!root1 || !root2) {
5271 return False;
5272 }
5273
5274 p = strrchr_m(root1,'.');
5275 if (p) {
5276 *p = 0;
5277 ext1 = talloc_strdup(ctx, p+1);
5278 } else {
5279 ext1 = talloc_strdup(ctx, "");
5280 }
5281 p = strrchr_m(root2,'.');
5282 if (p) {
5283 *p = 0;
5284 ext2 = talloc_strdup(ctx, p+1);
5285 } else {
5286 ext2 = talloc_strdup(ctx, "");
5287 }
5288
5289 if (!ext1 || !ext2) {
5290 return False;
5291 }
5292
5293 p = root1;
5294 p2 = root2;
5295 while (*p2) {
5296 if (*p2 == '?') {
5297 /* Hmmm. Should this be mb-aware ? */
5298 *p2 = *p;
5299 p2++;
5300 } else if (*p2 == '*') {
5301 *p2 = '\0';
5302 root2 = talloc_asprintf(ctx, "%s%s",
5303 root2,
5304 p);
5305 if (!root2) {
5306 return False;
5307 }
5308 break;
5309 } else {
5310 p2++;
5311 }
5312 if (*p) {
5313 p++;
5314 }
5315 }
5316
5317 p = ext1;
5318 p2 = ext2;
5319 while (*p2) {
5320 if (*p2 == '?') {
5321 /* Hmmm. Should this be mb-aware ? */
5322 *p2 = *p;
5323 p2++;
5324 } else if (*p2 == '*') {
5325 *p2 = '\0';
5326 ext2 = talloc_asprintf(ctx, "%s%s",
5327 ext2,
5328 p);
5329 if (!ext2) {
5330 return False;
5331 }
5332 break;
5333 } else {
5334 p2++;
5335 }
5336 if (*p) {
5337 p++;
5338 }
5339 }
5340
5341 if (*ext2) {
5342 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5343 name2_copy,
5344 root2,
5345 ext2);
5346 } else {
5347 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5348 name2_copy,
5349 root2);
5350 }
5351
5352 if (!*pp_newname) {
5353 return False;
5354 }
5355
5356 return True;
5357 }
5358
5359 /****************************************************************************
5360 Ensure open files have their names updated. Updated to notify other smbd's
5361 asynchronously.
5362 ****************************************************************************/
5363
5364 static void rename_open_files(connection_struct *conn,
5365 struct share_mode_lock *lck,
5366 const char *newname)
5367 {
5368 files_struct *fsp;
5369 bool did_rename = False;
5370
5371 for(fsp = file_find_di_first(lck->id); fsp;
5372 fsp = file_find_di_next(fsp)) {
5373 /* fsp_name is a relative path under the fsp. To change this for other
5374 sharepaths we need to manipulate relative paths. */
5375 /* TODO - create the absolute path and manipulate the newname
5376 relative to the sharepath. */
5377 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5378 continue;
5379 }
5380 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5381 fsp->fnum, file_id_string_tos(&fsp->file_id),
5382 fsp->fsp_name, newname ));
5383 string_set(&fsp->fsp_name, newname);
5384 did_rename = True;
5385 }
5386
5387 if (!did_rename) {
5388 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5389 file_id_string_tos(&lck->id), newname ));
5390 }
5391
5392 /* Send messages to all smbd's (not ourself) that the name has changed. */
5393 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5394 newname);
5395 }
5396
5397 /****************************************************************************
5398 We need to check if the source path is a parent directory of the destination
5399 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5400 refuse the rename with a sharing violation. Under UNIX the above call can
5401 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5402 probably need to check that the client is a Windows one before disallowing
5403 this as a UNIX client (one with UNIX extensions) can know the source is a
5404 symlink and make this decision intelligently. Found by an excellent bug
5405 report from <AndyLiebman@aol.com>.
5406 ****************************************************************************/
5407
5408 static bool rename_path_prefix_equal(const char *src, const char *dest)
5409 {
5410 const char *psrc = src;
5411 const char *pdst = dest;
5412 size_t slen;
5413
5414 if (psrc[0] == '.' && psrc[1] == '/') {
5415 psrc += 2;
5416 }
5417 if (pdst[0] == '.' && pdst[1] == '/') {
5418 pdst += 2;
5419 }
5420 if ((slen = strlen(psrc)) > strlen(pdst)) {
5421 return False;
5422 }
5423 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5424 }
5425
5426 /*
5427 * Do the notify calls from a rename
5428 */
5429
5430 static void notify_rename(connection_struct *conn, bool is_dir,
5431 const char *oldpath, const char *newpath)
5432 {
5433 char *olddir, *newdir;
5434 const char *oldname, *newname;
5435 uint32 mask;
5436
5437 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5438 : FILE_NOTIFY_CHANGE_FILE_NAME;
5439
5440 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5441 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5442 TALLOC_FREE(olddir);
5443 return;
5444 }
5445
5446 if (strcmp(olddir, newdir) == 0) {
5447 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5448 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5449 }
5450 else {
5451 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5452 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5453 }
5454 TALLOC_FREE(olddir);
5455 TALLOC_FREE(newdir);
5456
5457 /* this is a strange one. w2k3 gives an additional event for
5458 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5459 files, but not directories */
5460 if (!is_dir) {
5461 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5462 FILE_NOTIFY_CHANGE_ATTRIBUTES
5463 |FILE_NOTIFY_CHANGE_CREATION,
5464 newpath);
5465 }
5466 }
5467
5468 /****************************************************************************
5469 Rename an open file - given an fsp.
5470 ****************************************************************************/
5471
5472 NTSTATUS rename_internals_fsp(connection_struct *conn,
5473 files_struct *fsp,
5474 char *newname,
5475 const char *newname_last_component,
5476 uint32 attrs,
5477 bool replace_if_exists)
5478 {
5479 TALLOC_CTX *ctx = talloc_tos();
5480 SMB_STRUCT_STAT sbuf, sbuf1;
5481 NTSTATUS status = NT_STATUS_OK;
5482 struct share_mode_lock *lck = NULL;
5483 bool dst_exists;
5484
5485 ZERO_STRUCT(sbuf);
5486
5487 status = check_name(conn, newname);
5488 if (!NT_STATUS_IS_OK(status)) {
5489 return status;
5490 }
5491
5492 /* Ensure newname contains a '/' */
5493 if(strrchr_m(newname,'/') == 0) {
5494 newname = talloc_asprintf(ctx,
5495 "./%s",
5496 newname);
5497 if (!newname) {
5498 return NT_STATUS_NO_MEMORY;
5499 }
5500 }
5501
5502 /*
5503 * Check for special case with case preserving and not
5504 * case sensitive. If the old last component differs from the original
5505 * last component only by case, then we should allow
5506 * the rename (user is trying to change the case of the
5507 * filename).
5508 */
5509
5510 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5511 strequal(newname, fsp->fsp_name)) {
5512 char *p;
5513 char *newname_modified_last_component = NULL;
5514
5515 /*
5516 * Get the last component of the modified name.
5517 * Note that we guarantee that newname contains a '/'
5518 * character above.
5519 */
5520 p = strrchr_m(newname,'/');
5521 newname_modified_last_component = talloc_strdup(ctx,
5522 p+1);
5523 if (!newname_modified_last_component) {
5524 return NT_STATUS_NO_MEMORY;
5525 }
5526
5527 if(strcsequal(newname_modified_last_component,
5528 newname_last_component) == False) {
5529 /*
5530 * Replace the modified last component with
5531 * the original.
5532 */
5533 *p = '\0'; /* Truncate at the '/' */
5534 newname = talloc_asprintf(ctx,
5535 "%s/%s",
5536 newname,
5537 newname_last_component);
5538 }
5539 }
5540
5541 /*
5542 * If the src and dest names are identical - including case,
5543 * don't do the rename, just return success.
5544 */
5545
5546 if (strcsequal(fsp->fsp_name, newname)) {
5547 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5548 newname));
5549 return NT_STATUS_OK;
5550 }
5551
5552 /*
5553 * Have vfs_object_exist also fill sbuf1
5554 */
5555 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5556
5557 if(!replace_if_exists && dst_exists) {
5558 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5559 fsp->fsp_name,newname));
5560 return NT_STATUS_OBJECT_NAME_COLLISION;
5561 }
5562
5563 if(replace_if_exists && dst_exists) {
5564 /* Ensure both or neither are stream names. */
5565 if (is_ntfs_stream_name(fsp->fsp_name) !=
5566 is_ntfs_stream_name(newname)) {
5567 return NT_STATUS_INVALID_PARAMETER;
5568 }
5569 }
5570
5571 if (dst_exists) {
5572 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5573 files_struct *dst_fsp = file_find_di_first(fileid);
5574 if (dst_fsp) {
5575 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5576 return NT_STATUS_ACCESS_DENIED;
5577 }
5578 }
5579
5580 /* Ensure we have a valid stat struct for the source. */
5581 if (fsp->fh->fd != -1) {
5582 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5583 return map_nt_error_from_unix(errno);
5584 }
5585 } else {
5586 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5587 return map_nt_error_from_unix(errno);
5588 }
5589 }
5590
5591 status = can_rename(conn, fsp, attrs, &sbuf);
5592
5593 if (!NT_STATUS_IS_OK(status)) {
5594 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5595 nt_errstr(status), fsp->fsp_name,newname));
5596 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5597 status = NT_STATUS_ACCESS_DENIED;
5598 return status;
5599 }
5600
5601 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5602 return NT_STATUS_ACCESS_DENIED;
5603 }
5604
5605 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5606 NULL);
5607
5608 /*
5609 * We have the file open ourselves, so not being able to get the
5610 * corresponding share mode lock is a fatal error.
5611 */
5612
5613 SMB_ASSERT(lck != NULL);
5614
5615 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5616 uint32 create_options = fsp->fh->private_options;
5617
5618 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5619 fsp->fsp_name,newname));
5620
5621 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5622
5623 rename_open_files(conn, lck, newname);
5624
5625 /*
5626 * A rename acts as a new file create w.r.t. allowing an initial delete
5627 * on close, probably because in Windows there is a new handle to the
5628 * new file. If initial delete on close was requested but not
5629 * originally set, we need to set it here. This is probably not 100% correct,
5630 * but will work for the CIFSFS client which in non-posix mode
5631 * depends on these semantics. JRA.
5632 */
5633
5634 set_allow_initial_delete_on_close(lck, fsp, True);
5635
5636 if (create_options & FILE_DELETE_ON_CLOSE) {
5637 status = can_set_delete_on_close(fsp, True, 0);
5638
5639 if (NT_STATUS_IS_OK(status)) {
5640 /* Note that here we set the *inital* delete on close flag,
5641 * not the regular one. The magic gets handled in close. */
5642 fsp->initial_delete_on_close = True;
5643 }
5644 }
5645 TALLOC_FREE(lck);
5646 return NT_STATUS_OK;
5647 }
5648
5649 TALLOC_FREE(lck);
5650
5651 if (errno == ENOTDIR || errno == EISDIR) {
5652 status = NT_STATUS_OBJECT_NAME_COLLISION;
5653 } else {
5654 status = map_nt_error_from_unix(errno);
5655 }
5656
5657 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5658 nt_errstr(status), fsp->fsp_name,newname));
5659
5660 return status;
5661 }
5662
5663 /****************************************************************************
5664 The guts of the rename command, split out so it may be called by the NT SMB
5665 code.
5666 ****************************************************************************/
5667
5668 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5669 connection_struct *conn,
5670 struct smb_request *req,
5671 const char *name_in,
5672 const char *newname_in,
5673 uint32 attrs,
5674 bool replace_if_exists,
5675 bool src_has_wild,
5676 bool dest_has_wild,
5677 uint32_t access_mask)
5678 {
5679 char *directory = NULL;
5680 char *mask = NULL;
5681 char *last_component_src = NULL;
5682 char *last_component_dest = NULL;
5683 char *name = NULL;
5684 char *newname = NULL;
5685 char *p;
5686 int count=0;
5687 NTSTATUS status = NT_STATUS_OK;
5688 SMB_STRUCT_STAT sbuf1, sbuf2;
5689 struct smb_Dir *dir_hnd = NULL;
5690 const char *dname;
5691 long offset = 0;
5692
5693 ZERO_STRUCT(sbuf1);
5694 ZERO_STRUCT(sbuf2);
5695
5696 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5697 &last_component_src, &sbuf1);
5698 if (!NT_STATUS_IS_OK(status)) {
5699 return status;
5700 }
5701
5702 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5703 &last_component_dest, &sbuf2);
5704 if (!NT_STATUS_IS_OK(status)) {
5705 return status;
5706 }
5707
5708 /*
5709 * Split the old name into directory and last component
5710 * strings. Note that unix_convert may have stripped off a
5711 * leading ./ from both name and newname if the rename is
5712 * at the root of the share. We need to make sure either both
5713 * name and newname contain a / character or neither of them do
5714 * as this is checked in resolve_wildcards().
5715 */
5716
5717 p = strrchr_m(name,'/');
5718 if (!p) {
5719 directory = talloc_strdup(ctx, ".");
5720 if (!directory) {
5721 return NT_STATUS_NO_MEMORY;
5722 }
5723 mask = name;
5724 } else {
5725 *p = 0;
5726 directory = talloc_strdup(ctx, name);
5727 if (!directory) {
5728 return NT_STATUS_NO_MEMORY;
5729 }
5730 mask = p+1;
5731 *p = '/'; /* Replace needed for exceptional test below. */
5732 }
5733
5734 /*
5735 * We should only check the mangled cache
5736 * here if unix_convert failed. This means
5737 * that the path in 'mask' doesn't exist
5738 * on the file system and so we need to look
5739 * for a possible mangle. This patch from
5740 * Tine Smukavec <valentin.smukavec@hermes.si>.
5741 */
5742
5743 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5744 char *new_mask = NULL;
5745 mangle_lookup_name_from_8_3(ctx,
5746 mask,
5747 &new_mask,
5748 conn->params );
5749 if (new_mask) {
5750 mask = new_mask;
5751 }
5752 }
5753
5754 if (!src_has_wild) {
5755 files_struct *fsp;
5756
5757 /*
5758 * No wildcards - just process the one file.
5759 */
5760 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5761
5762 /* Add a terminating '/' to the directory name. */
5763 directory = talloc_asprintf_append(directory,
5764 "/%s",
5765 mask);
5766 if (!directory) {
5767 return NT_STATUS_NO_MEMORY;
5768 }
5769
5770 /* Ensure newname contains a '/' also */
5771 if(strrchr_m(newname,'/') == 0) {
5772 newname = talloc_asprintf(ctx,
5773 "./%s",
5774 newname);
5775 if (!newname) {
5776 return NT_STATUS_NO_MEMORY;
5777 }
5778 }
5779
5780 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5781 "case_preserve = %d, short case preserve = %d, "
5782 "directory = %s, newname = %s, "
5783 "last_component_dest = %s, is_8_3 = %d\n",
5784 conn->case_sensitive, conn->case_preserve,
5785 conn->short_case_preserve, directory,
5786 newname, last_component_dest, is_short_name));
5787
5788 /* The dest name still may have wildcards. */
5789 if (dest_has_wild) {
5790 char *mod_newname = NULL;
5791 if (!resolve_wildcards(ctx,
5792 directory,newname,&mod_newname)) {
5793 DEBUG(6, ("rename_internals: resolve_wildcards "
5794 "%s %s failed\n",
5795 directory,
5796 newname));
5797 return NT_STATUS_NO_MEMORY;
5798 }
5799 newname = mod_newname;
5800 }
5801
5802 ZERO_STRUCT(sbuf1);
5803 SMB_VFS_STAT(conn, directory, &sbuf1);
5804
5805 status = S_ISDIR(sbuf1.st_mode) ?
5806 open_directory(conn, req, directory, &sbuf1,
5807 access_mask,
5808 FILE_SHARE_READ|FILE_SHARE_WRITE,
5809 FILE_OPEN, 0, 0, NULL,
5810 &fsp)
5811 : open_file_ntcreate(conn, req, directory, &sbuf1,
5812 access_mask,
5813 FILE_SHARE_READ|FILE_SHARE_WRITE,
5814 FILE_OPEN, 0, 0, 0, NULL,
5815 &fsp);
5816
5817 if (!NT_STATUS_IS_OK(status)) {
5818 DEBUG(3, ("Could not open rename source %s: %s\n",
5819 directory, nt_errstr(status)));
5820 return status;
5821 }
5822
5823 status = rename_internals_fsp(conn, fsp, newname,
5824 last_component_dest,
5825 attrs, replace_if_exists);
5826
5827 close_file(fsp, NORMAL_CLOSE);
5828
5829 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5830 nt_errstr(status), directory,newname));
5831
5832 return status;
5833 }
5834
5835 /*
5836 * Wildcards - process each file that matches.
5837 */
5838 if (strequal(mask,"????????.???")) {
5839 mask[0] = '*';
5840 mask[1] = '\0';
5841 }
5842
5843 status = check_name(conn, directory);
5844 if (!NT_STATUS_IS_OK(status)) {
5845 return status;
5846 }
5847
5848 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
5849 if (dir_hnd == NULL) {
5850 return map_nt_error_from_unix(errno);
5851 }
5852
5853 status = NT_STATUS_NO_SUCH_FILE;
5854 /*
5855 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5856 * - gentest fix. JRA
5857 */
5858
5859 while ((dname = ReadDirName(dir_hnd, &offset))) {
5860 files_struct *fsp = NULL;
5861 char *fname = NULL;
5862 char *destname = NULL;
5863 bool sysdir_entry = False;
5864
5865 /* Quick check for "." and ".." */
5866 if (ISDOT(dname) || ISDOTDOT(dname)) {
5867 if (attrs & aDIR) {
5868 sysdir_entry = True;
5869 } else {
5870 continue;
5871 }
5872 }
5873
5874 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5875 continue;
5876 }
5877
5878 if(!mask_match(dname, mask, conn->case_sensitive)) {
5879 continue;
5880 }
5881
5882 if (sysdir_entry) {
5883 status = NT_STATUS_OBJECT_NAME_INVALID;
5884 break;
5885 }
5886
5887 fname = talloc_asprintf(ctx,
5888 "%s/%s",
5889 directory,
5890 dname);
5891 if (!fname) {
5892 return NT_STATUS_NO_MEMORY;
5893 }
5894
5895 if (!resolve_wildcards(ctx,
5896 fname,newname,&destname)) {
5897 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5898 fname, destname));
5899 TALLOC_FREE(fname);
5900 continue;
5901 }
5902 if (!destname) {
5903 return NT_STATUS_NO_MEMORY;
5904 }
5905
5906 ZERO_STRUCT(sbuf1);
5907 SMB_VFS_STAT(conn, fname, &sbuf1);
5908
5909 status = S_ISDIR(sbuf1.st_mode) ?
5910 open_directory(conn, req, fname, &sbuf1,
5911 access_mask,
5912 FILE_SHARE_READ|FILE_SHARE_WRITE,
5913 FILE_OPEN, 0, 0, NULL,
5914 &fsp)
5915 : open_file_ntcreate(conn, req, fname, &sbuf1,
5916 access_mask,
5917 FILE_SHARE_READ|FILE_SHARE_WRITE,
5918 FILE_OPEN, 0, 0, 0, NULL,
5919 &fsp);
5920
5921 if (!NT_STATUS_IS_OK(status)) {
5922 DEBUG(3,("rename_internals: open_file_ntcreate "
5923 "returned %s rename %s -> %s\n",
5924 nt_errstr(status), directory, newname));
5925 break;
5926 }
5927
5928 status = rename_internals_fsp(conn, fsp, destname, dname,
5929 attrs, replace_if_exists);
5930
5931 close_file(fsp, NORMAL_CLOSE);
5932
5933 if (!NT_STATUS_IS_OK(status)) {
5934 DEBUG(3, ("rename_internals_fsp returned %s for "
5935 "rename %s -> %s\n", nt_errstr(status),
5936 directory, newname));
5937 break;
5938 }
5939
5940 count++;
5941
5942 DEBUG(3,("rename_internals: doing rename on %s -> "
5943 "%s\n",fname,destname));
5944
5945 TALLOC_FREE(fname);
5946 TALLOC_FREE(destname);
5947 }
5948 TALLOC_FREE(dir_hnd);
5949
5950 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
5951 status = map_nt_error_from_unix(errno);
5952 }
5953
5954 return status;
5955 }
5956
5957 /****************************************************************************
5958 Reply to a mv.
5959 ****************************************************************************/
5960
5961 void reply_mv(struct smb_request *req)
5962 {
5963 connection_struct *conn = req->conn;
5964 char *name = NULL;
5965 char *newname = NULL;
5966 char *p;
5967 uint32 attrs;
5968 NTSTATUS status;
5969 bool src_has_wcard = False;
5970 bool dest_has_wcard = False;
5971 TALLOC_CTX *ctx = talloc_tos();
5972
5973 START_PROFILE(SMBmv);
5974
5975 if (req->wct < 1) {
5976 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5977 END_PROFILE(SMBmv);
5978 return;
5979 }
5980
5981 attrs = SVAL(req->inbuf,smb_vwv0);
5982
5983 p = smb_buf(req->inbuf) + 1;
5984 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
5985 0, STR_TERMINATE, &status,
5986 &src_has_wcard);
5987 if (!NT_STATUS_IS_OK(status)) {
5988 reply_nterror(req, status);
5989 END_PROFILE(SMBmv);
5990 return;
5991 }
5992 p++;
5993 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
5994 0, STR_TERMINATE, &status,
5995 &dest_has_wcard);
5996 if (!NT_STATUS_IS_OK(status)) {
5997 reply_nterror(req, status);
5998 END_PROFILE(SMBmv);
5999 return;
6000 }
6001
6002 status = resolve_dfspath_wcard(ctx, conn,
6003 req->flags2 & FLAGS2_DFS_PATHNAMES,
6004 name,
6005 &name,
6006 &src_has_wcard);
6007 if (!NT_STATUS_IS_OK(status)) {
6008 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6009 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6010 ERRSRV, ERRbadpath);
6011 END_PROFILE(SMBmv);
6012 return;
6013 }
6014 reply_nterror(req, status);
6015 END_PROFILE(SMBmv);
6016 return;
6017 }
6018
6019 status = resolve_dfspath_wcard(ctx, conn,
6020 req->flags2 & FLAGS2_DFS_PATHNAMES,
6021 newname,
6022 &newname,
6023 &dest_has_wcard);
6024 if (!NT_STATUS_IS_OK(status)) {
6025 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6026 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6027 ERRSRV, ERRbadpath);
6028 END_PROFILE(SMBmv);
6029 return;
6030 }
6031 reply_nterror(req, status);
6032 END_PROFILE(SMBmv);
6033 return;
6034 }
6035
6036 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
6037
6038 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
6039 src_has_wcard, dest_has_wcard, DELETE_ACCESS);
6040 if (!NT_STATUS_IS_OK(status)) {
6041 if (open_was_deferred(req->mid)) {
6042 /* We have re-scheduled this call. */
6043 END_PROFILE(SMBmv);
6044 return;
6045 }
6046 reply_nterror(req, status);
6047 END_PROFILE(SMBmv);
6048 return;
6049 }
6050
6051 reply_outbuf(req, 0, 0);
6052
6053 END_PROFILE(SMBmv);
6054 return;
6055 }
6056
6057 /*******************************************************************
6058 Copy a file as part of a reply_copy.
6059 ******************************************************************/
6060
6061 /*
6062 * TODO: check error codes on all callers
6063 */
6064
6065 NTSTATUS copy_file(TALLOC_CTX *ctx,
6066 connection_struct *conn,
6067 const char *src,
6068 const char *dest1,
6069 int ofun,
6070 int count,
6071 bool target_is_directory)
6072 {
6073 SMB_STRUCT_STAT src_sbuf, sbuf2;
6074 SMB_OFF_T ret=-1;
6075 files_struct *fsp1,*fsp2;
6076 char *dest = NULL;
6077 uint32 dosattrs;
6078 uint32 new_create_disposition;
6079 NTSTATUS status;
6080
6081 dest = talloc_strdup(ctx, dest1);
6082 if (!dest) {
6083 return NT_STATUS_NO_MEMORY;
6084 }
6085 if (target_is_directory) {
6086 const char *p = strrchr_m(src,'/');
6087 if (p) {
6088 p++;
6089 } else {
6090 p = src;
6091 }
6092 dest = talloc_asprintf_append(dest,
6093 "/%s",
6094 p);
6095 if (!dest) {
6096 return NT_STATUS_NO_MEMORY;
6097 }
6098 }
6099
6100 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6101 TALLOC_FREE(dest);
6102 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6103 }
6104
6105 if (!target_is_directory && count) {
6106 new_create_disposition = FILE_OPEN;
6107 } else {
6108 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6109 NULL, NULL, &new_create_disposition, NULL)) {
6110 TALLOC_FREE(dest);
6111 return NT_STATUS_INVALID_PARAMETER;
6112 }
6113 }
6114
6115 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
6116 FILE_GENERIC_READ,
6117 FILE_SHARE_READ|FILE_SHARE_WRITE,
6118 FILE_OPEN,
6119 0,
6120 FILE_ATTRIBUTE_NORMAL,
6121 INTERNAL_OPEN_ONLY,
6122 NULL, &fsp1);
6123
6124 if (!NT_STATUS_IS_OK(status)) {
6125 TALLOC_FREE(dest);
6126 return status;
6127 }
6128
6129 dosattrs = dos_mode(conn, src, &src_sbuf);
6130 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6131 ZERO_STRUCTP(&sbuf2);
6132 }
6133
6134 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
6135 FILE_GENERIC_WRITE,
6136 FILE_SHARE_READ|FILE_SHARE_WRITE,
6137 new_create_disposition,
6138 0,
6139 dosattrs,
6140 INTERNAL_OPEN_ONLY,
6141 NULL, &fsp2);
6142
6143 TALLOC_FREE(dest);
6144
6145 if (!NT_STATUS_IS_OK(status)) {
6146 close_file(fsp1,ERROR_CLOSE);
6147 return status;
6148 }
6149
6150 if ((ofun&3) == 1) {
6151 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6152 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6153 /*
6154 * Stop the copy from occurring.
6155 */
6156 ret = -1;
6157 src_sbuf.st_size = 0;
6158 }
6159 }
6160
6161 if (src_sbuf.st_size) {
6162 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6163 }
6164
6165 close_file(fsp1,NORMAL_CLOSE);
6166
6167 /* Ensure the modtime is set correctly on the destination file. */
6168 set_close_write_time(fsp2, get_mtimespec(&src_sbuf));
6169
6170 /*
6171 * As we are opening fsp1 read-only we only expect
6172 * an error on close on fsp2 if we are out of space.
6173 * Thus we don't look at the error return from the
6174 * close of fsp1.
6175 */
6176 status = close_file(fsp2,NORMAL_CLOSE);
6177
6178 if (!NT_STATUS_IS_OK(status)) {
6179 return status;
6180 }
6181
6182 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6183 return NT_STATUS_DISK_FULL;
6184 }
6185
6186 return NT_STATUS_OK;
6187 }
6188
6189 /****************************************************************************
6190 Reply to a file copy.
6191 ****************************************************************************/
6192
6193 void reply_copy(struct smb_request *req)
6194 {
6195 connection_struct *conn = req->conn;
6196 char *name = NULL;
6197 char *newname = NULL;
6198 char *directory = NULL;
6199 char *mask = NULL;
6200 char *p;
6201 int count=0;
6202 int error = ERRnoaccess;
6203 int err = 0;
6204 int tid2;
6205 int ofun;
6206 int flags;
6207 bool target_is_directory=False;
6208 bool source_has_wild = False;
6209 bool dest_has_wild = False;
6210 SMB_STRUCT_STAT sbuf1, sbuf2;
6211 NTSTATUS status;
6212 TALLOC_CTX *ctx = talloc_tos();
6213
6214 START_PROFILE(SMBcopy);
6215
6216 if (req->wct < 3) {
6217 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6218 END_PROFILE(SMBcopy);
6219 return;
6220 }
6221
6222 tid2 = SVAL(req->inbuf,smb_vwv0);
6223 ofun = SVAL(req->inbuf,smb_vwv1);
6224 flags = SVAL(req->inbuf,smb_vwv2);
6225
6226 p = smb_buf(req->inbuf);
6227 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
6228 0, STR_TERMINATE, &status,
6229 &source_has_wild);
6230 if (!NT_STATUS_IS_OK(status)) {
6231 reply_nterror(req, status);
6232 END_PROFILE(SMBcopy);
6233 return;
6234 }
6235 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
6236 0, STR_TERMINATE, &status,
6237 &dest_has_wild);
6238 if (!NT_STATUS_IS_OK(status)) {
6239 reply_nterror(req, status);
6240 END_PROFILE(SMBcopy);
6241 return;
6242 }
6243
6244 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6245
6246 if (tid2 != conn->cnum) {
6247 /* can't currently handle inter share copies XXXX */
6248 DEBUG(3,("Rejecting inter-share copy\n"));
6249 reply_doserror(req, ERRSRV, ERRinvdevice);
6250 END_PROFILE(SMBcopy);
6251 return;
6252 }
6253
6254 status = resolve_dfspath_wcard(ctx, conn,
6255 req->flags2 & FLAGS2_DFS_PATHNAMES,
6256 name,
6257 &name,
6258 &source_has_wild);
6259 if (!NT_STATUS_IS_OK(status)) {
6260 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6261 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6262 ERRSRV, ERRbadpath);
6263 END_PROFILE(SMBcopy);
6264 return;
6265 }
6266 reply_nterror(req, status);
6267 END_PROFILE(SMBcopy);
6268 return;
6269 }
6270
6271 status = resolve_dfspath_wcard(ctx, conn,
6272 req->flags2 & FLAGS2_DFS_PATHNAMES,
6273 newname,
6274 &newname,
6275 &dest_has_wild);
6276 if (!NT_STATUS_IS_OK(status)) {
6277 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6278 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6279 ERRSRV, ERRbadpath);
6280 END_PROFILE(SMBcopy);
6281 return;
6282 }
6283 reply_nterror(req, status);
6284 END_PROFILE(SMBcopy);
6285 return;
6286 }
6287
6288 status = unix_convert(ctx, conn, name, source_has_wild,
6289 &name, NULL, &sbuf1);
6290 if (!NT_STATUS_IS_OK(status)) {
6291 reply_nterror(req, status);
6292 END_PROFILE(SMBcopy);
6293 return;
6294 }
6295
6296 status = unix_convert(ctx, conn, newname, dest_has_wild,
6297 &newname, NULL, &sbuf2);
6298 if (!NT_STATUS_IS_OK(status)) {
6299 reply_nterror(req, status);
6300 END_PROFILE(SMBcopy);
6301 return;
6302 }
6303
6304 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6305
6306 if ((flags&1) && target_is_directory) {
6307 reply_doserror(req, ERRDOS, ERRbadfile);
6308 END_PROFILE(SMBcopy);
6309 return;
6310 }
6311
6312 if ((flags&2) && !target_is_directory) {
6313 reply_doserror(req, ERRDOS, ERRbadpath);
6314 END_PROFILE(SMBcopy);
6315 return;
6316 }
6317
6318 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6319 /* wants a tree copy! XXXX */
6320 DEBUG(3,("Rejecting tree copy\n"));
6321 reply_doserror(req, ERRSRV, ERRerror);
6322 END_PROFILE(SMBcopy);
6323 return;
6324 }
6325
6326 p = strrchr_m(name,'/');
6327 if (!p) {
6328 directory = talloc_strdup(ctx, "./");
6329 if (!directory) {
6330 reply_nterror(req, NT_STATUS_NO_MEMORY);
6331 END_PROFILE(SMBcopy);
6332 return;
6333 }
6334 mask = name;
6335 } else {
6336 *p = 0;
6337 directory = talloc_strdup(ctx, name);
6338 if (!directory) {
6339 reply_nterror(req, NT_STATUS_NO_MEMORY);
6340 END_PROFILE(SMBcopy);
6341 return;
6342 }
6343 mask = p+1;
6344 }
6345
6346 /*
6347 * We should only check the mangled cache
6348 * here if unix_convert failed. This means
6349 * that the path in 'mask' doesn't exist
6350 * on the file system and so we need to look
6351 * for a possible mangle. This patch from
6352 * Tine Smukavec <valentin.smukavec@hermes.si>.
6353 */
6354
6355 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6356 char *new_mask = NULL;
6357 mangle_lookup_name_from_8_3(ctx,
6358 mask,
6359 &new_mask,
6360 conn->params );
6361 if (new_mask) {
6362 mask = new_mask;
6363 }
6364 }
6365
6366 if (!source_has_wild) {
6367 directory = talloc_asprintf_append(directory,
6368 "/%s",
6369 mask);
6370 if (dest_has_wild) {
6371 char *mod_newname = NULL;
6372 if (!resolve_wildcards(ctx,
6373 directory,newname,&mod_newname)) {
6374 reply_nterror(req, NT_STATUS_NO_MEMORY);
6375 END_PROFILE(SMBcopy);
6376 return;
6377 }
6378 newname = mod_newname;
6379 }
6380
6381 status = check_name(conn, directory);
6382 if (!NT_STATUS_IS_OK(status)) {
6383 reply_nterror(req, status);
6384 END_PROFILE(SMBcopy);
6385 return;
6386 }
6387
6388 status = check_name(conn, newname);
6389 if (!NT_STATUS_IS_OK(status)) {
6390 reply_nterror(req, status);
6391 END_PROFILE(SMBcopy);
6392 return;
6393 }
6394
6395 status = copy_file(ctx,conn,directory,newname,ofun,
6396 count,target_is_directory);
6397
6398 if(!NT_STATUS_IS_OK(status)) {
6399 reply_nterror(req, status);
6400 END_PROFILE(SMBcopy);
6401 return;
6402 } else {
6403 count++;
6404 }
6405 } else {
6406 struct smb_Dir *dir_hnd = NULL;
6407 const char *dname = NULL;
6408 long offset = 0;
6409
6410 if (strequal(mask,"????????.???")) {
6411 mask[0] = '*';
6412 mask[1] = '\0';
6413 }
6414
6415 status = check_name(conn, directory);
6416 if (!NT_STATUS_IS_OK(status)) {
6417 reply_nterror(req, status);
6418 END_PROFILE(SMBcopy);
6419 return;
6420 }
6421
6422 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6423 if (dir_hnd == NULL) {
6424 status = map_nt_error_from_unix(errno);
6425 reply_nterror(req, status);
6426 END_PROFILE(SMBcopy);
6427 return;
6428 }
6429
6430 error = ERRbadfile;
6431
6432 while ((dname = ReadDirName(dir_hnd, &offset))) {
6433 char *destname = NULL;
6434 char *fname = NULL;
6435
6436 if (ISDOT(dname) || ISDOTDOT(dname)) {
6437 continue;
6438 }
6439
6440 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6441 continue;
6442 }
6443
6444 if(!mask_match(dname, mask, conn->case_sensitive)) {
6445 continue;
6446 }
6447
6448 error = ERRnoaccess;
6449 fname = talloc_asprintf(ctx,
6450 "%s/%s",
6451 directory,
6452 dname);
6453 if (!fname) {
6454 TALLOC_FREE(dir_hnd);
6455 reply_nterror(req, NT_STATUS_NO_MEMORY);
6456 END_PROFILE(SMBcopy);
6457 return;
6458 }
6459
6460 if (!resolve_wildcards(ctx,
6461 fname,newname,&destname)) {
6462 continue;
6463 }
6464 if (!destname) {
6465 TALLOC_FREE(dir_hnd);
6466 reply_nterror(req, NT_STATUS_NO_MEMORY);
6467 END_PROFILE(SMBcopy);
6468 return;
6469 }
6470
6471 status = check_name(conn, fname);
6472 if (!NT_STATUS_IS_OK(status)) {
6473 TALLOC_FREE(dir_hnd);
6474 reply_nterror(req, status);
6475 END_PROFILE(SMBcopy);
6476 return;
6477 }
6478
6479 status = check_name(conn, destname);
6480 if (!NT_STATUS_IS_OK(status)) {
6481 TALLOC_FREE(dir_hnd);
6482 reply_nterror(req, status);
6483 END_PROFILE(SMBcopy);
6484 return;
6485 }
6486
6487 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6488
6489 status = copy_file(ctx,conn,fname,destname,ofun,
6490 count,target_is_directory);
6491 if (NT_STATUS_IS_OK(status)) {
6492 count++;
6493 }
6494 TALLOC_FREE(fname);
6495 TALLOC_FREE(destname);
6496 }
6497 TALLOC_FREE(dir_hnd);
6498 }
6499
6500 if (count == 0) {
6501 if(err) {
6502 /* Error on close... */
6503 errno = err;
6504 reply_unixerror(req, ERRHRD, ERRgeneral);
6505 END_PROFILE(SMBcopy);
6506 return;
6507 }
6508
6509 reply_doserror(req, ERRDOS, error);
6510 END_PROFILE(SMBcopy);
6511 return;
6512 }
6513
6514 reply_outbuf(req, 1, 0);
6515 SSVAL(req->outbuf,smb_vwv0,count);
6516
6517 END_PROFILE(SMBcopy);
6518 return;
6519 }
6520
6521 #undef DBGC_CLASS
6522 #define DBGC_CLASS DBGC_LOCKING
6523
6524 /****************************************************************************
6525 Get a lock pid, dealing with large count requests.
6526 ****************************************************************************/
6527
6528 uint32 get_lock_pid( char *data, int data_offset, bool large_file_format)
6529 {
6530 if(!large_file_format)
6531 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6532 else
6533 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6534 }
6535
6536 /****************************************************************************
6537 Get a lock count, dealing with large count requests.
6538 ****************************************************************************/
6539
6540 SMB_BIG_UINT get_lock_count( char *data, int data_offset, bool large_file_format)
6541 {
6542 SMB_BIG_UINT count = 0;
6543
6544 if(!large_file_format) {
6545 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6546 } else {
6547
6548 #if defined(HAVE_LONGLONG)
6549 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6550 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6551 #else /* HAVE_LONGLONG */
6552
6553 /*
6554 * NT4.x seems to be broken in that it sends large file (64 bit)
6555 * lockingX calls even if the CAP_LARGE_FILES was *not*
6556 * negotiated. For boxes without large unsigned ints truncate the
6557 * lock count by dropping the top 32 bits.
6558 */
6559
6560 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6561 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6562 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6563 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6564 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6565 }
6566
6567 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6568 #endif /* HAVE_LONGLONG */
6569 }
6570
6571 return count;
6572 }
6573
6574 #if !defined(HAVE_LONGLONG)
6575 /****************************************************************************
6576 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6577 ****************************************************************************/
6578
6579 static uint32 map_lock_offset(uint32 high, uint32 low)
6580 {
6581 unsigned int i;
6582 uint32 mask = 0;
6583 uint32 highcopy = high;
6584
6585 /*
6586 * Try and find out how many significant bits there are in high.
6587 */
6588
6589 for(i = 0; highcopy; i++)
6590 highcopy >>= 1;
6591
6592 /*
6593 * We use 31 bits not 32 here as POSIX
6594 * lock offsets may not be negative.
6595 */
6596
6597 mask = (~0) << (31 - i);
6598
6599 if(low & mask)
6600 return 0; /* Fail. */
6601
6602 high <<= (31 - i);
6603
6604 return (high|low);
6605 }
6606 #endif /* !defined(HAVE_LONGLONG) */
6607
6608 /****************************************************************************
6609 Get a lock offset, dealing with large offset requests.
6610 ****************************************************************************/
6611
6612 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, bool large_file_format, bool *err)
6613 {
6614 SMB_BIG_UINT offset = 0;
6615
6616 *err = False;
6617
6618 if(!large_file_format) {
6619 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6620 } else {
6621
6622 #if defined(HAVE_LONGLONG)
6623 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6624 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6625 #else /* HAVE_LONGLONG */
6626
6627 /*
6628 * NT4.x seems to be broken in that it sends large file (64 bit)
6629 * lockingX calls even if the CAP_LARGE_FILES was *not*
6630 * negotiated. For boxes without large unsigned ints mangle the
6631 * lock offset by mapping the top 32 bits onto the lower 32.
6632 */
6633
6634 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6635 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6636 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6637 uint32 new_low = 0;
6638
6639 if((new_low = map_lock_offset(high, low)) == 0) {
6640 *err = True;
6641 return (SMB_BIG_UINT)-1;
6642 }
6643
6644 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6645 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6646 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6647 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6648 }
6649
6650 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6651 #endif /* HAVE_LONGLONG */
6652 }
6653
6654 return offset;
6655 }
6656
6657 /****************************************************************************
6658 Reply to a lockingX request.
6659 ****************************************************************************/
6660
6661 void reply_lockingX(struct smb_request *req)
6662 {
6663 connection_struct *conn = req->conn;
6664 files_struct *fsp;
6665 unsigned char locktype;
6666 unsigned char oplocklevel;
6667 uint16 num_ulocks;
6668 uint16 num_locks;
6669 SMB_BIG_UINT count = 0, offset = 0;
6670 uint32 lock_pid;
6671 int32 lock_timeout;
6672 int i;
6673 char *data;
6674 bool large_file_format;
6675 bool err;
6676 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6677
6678 START_PROFILE(SMBlockingX);
6679
6680 if (req->wct < 8) {
6681 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6682 END_PROFILE(SMBlockingX);
6683 return;
6684 }
6685
6686 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
6687 locktype = CVAL(req->inbuf,smb_vwv3);
6688 oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
6689 num_ulocks = SVAL(req->inbuf,smb_vwv6);
6690 num_locks = SVAL(req->inbuf,smb_vwv7);
6691 lock_timeout = IVAL(req->inbuf,smb_vwv4);
6692 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6693
6694 if (!check_fsp(conn, req, fsp, &current_user)) {
6695 END_PROFILE(SMBlockingX);
6696 return;
6697 }
6698
6699 data = smb_buf(req->inbuf);
6700
6701 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6702 /* we don't support these - and CANCEL_LOCK makes w2k
6703 and XP reboot so I don't really want to be
6704 compatible! (tridge) */
6705 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6706 END_PROFILE(SMBlockingX);
6707 return;
6708 }
6709
6710 /* Check if this is an oplock break on a file
6711 we have granted an oplock on.
6712 */
6713 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6714 /* Client can insist on breaking to none. */
6715 bool break_to_none = (oplocklevel == 0);
6716 bool result;
6717
6718 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6719 "for fnum = %d\n", (unsigned int)oplocklevel,
6720 fsp->fnum ));
6721
6722 /*
6723 * Make sure we have granted an exclusive or batch oplock on
6724 * this file.
6725 */
6726
6727 if (fsp->oplock_type == 0) {
6728
6729 /* The Samba4 nbench simulator doesn't understand
6730 the difference between break to level2 and break
6731 to none from level2 - it sends oplock break
6732 replies in both cases. Don't keep logging an error
6733 message here - just ignore it. JRA. */
6734
6735 DEBUG(5,("reply_lockingX: Error : oplock break from "
6736 "client for fnum = %d (oplock=%d) and no "
6737 "oplock granted on this file (%s).\n",
6738 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6739
6740 /* if this is a pure oplock break request then don't
6741 * send a reply */
6742 if (num_locks == 0 && num_ulocks == 0) {
6743 END_PROFILE(SMBlockingX);
6744 return;
6745 } else {
6746 END_PROFILE(SMBlockingX);
6747 reply_doserror(req, ERRDOS, ERRlock);
6748 return;
6749 }
6750 }
6751
6752 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6753 (break_to_none)) {
6754 result = remove_oplock(fsp);
6755 } else {
6756 result = downgrade_oplock(fsp);
6757 }
6758
6759 if (!result) {
6760 DEBUG(0, ("reply_lockingX: error in removing "
6761 "oplock on file %s\n", fsp->fsp_name));
6762 /* Hmmm. Is this panic justified? */
6763 smb_panic("internal tdb error");
6764 }
6765
6766 reply_to_oplock_break_requests(fsp);
6767
6768 /* if this is a pure oplock break request then don't send a
6769 * reply */
6770 if (num_locks == 0 && num_ulocks == 0) {
6771 /* Sanity check - ensure a pure oplock break is not a
6772 chained request. */
6773 if(CVAL(req->inbuf,smb_vwv0) != 0xff)
6774 DEBUG(0,("reply_lockingX: Error : pure oplock "
6775 "break is a chained %d request !\n",
6776 (unsigned int)CVAL(req->inbuf,
6777 smb_vwv0) ));
6778 END_PROFILE(SMBlockingX);
6779 return;
6780 }
6781 }
6782
6783 /*
6784 * We do this check *after* we have checked this is not a oplock break
6785 * response message. JRA.
6786 */
6787
6788 release_level_2_oplocks_on_change(fsp);
6789
6790 if (smb_buflen(req->inbuf) <
6791 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6792 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6793 END_PROFILE(SMBlockingX);
6794 return;
6795 }
6796
6797 /* Data now points at the beginning of the list
6798 of smb_unlkrng structs */
6799 for(i = 0; i < (int)num_ulocks; i++) {
6800 lock_pid = get_lock_pid( data, i, large_file_format);
6801 count = get_lock_count( data, i, large_file_format);
6802 offset = get_lock_offset( data, i, large_file_format, &err);
6803
6804 /*
6805 * There is no error code marked "stupid client bug".... :-).
6806 */
6807 if(err) {
6808 END_PROFILE(SMBlockingX);
6809 reply_doserror(req, ERRDOS, ERRnoaccess);
6810 return;
6811 }
6812
6813 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6814 "pid %u, file %s\n", (double)offset, (double)count,
6815 (unsigned int)lock_pid, fsp->fsp_name ));
6816
6817 status = do_unlock(smbd_messaging_context(),
6818 fsp,
6819 lock_pid,
6820 count,
6821 offset,
6822 WINDOWS_LOCK);
6823
6824 if (NT_STATUS_V(status)) {
6825 END_PROFILE(SMBlockingX);
6826 reply_nterror(req, status);
6827 return;
6828 }
6829 }
6830
6831 /* Setup the timeout in seconds. */
6832
6833 if (!lp_blocking_locks(SNUM(conn))) {
6834 lock_timeout = 0;
6835 }
6836
6837 /* Now do any requested locks */
6838 data += ((large_file_format ? 20 : 10)*num_ulocks);
6839
6840 /* Data now points at the beginning of the list
6841 of smb_lkrng structs */
6842
6843 for(i = 0; i < (int)num_locks; i++) {
6844 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6845 READ_LOCK:WRITE_LOCK);
6846 lock_pid = get_lock_pid( data, i, large_file_format);
6847 count = get_lock_count( data, i, large_file_format);
6848 offset = get_lock_offset( data, i, large_file_format, &err);
6849
6850 /*
6851 * There is no error code marked "stupid client bug".... :-).
6852 */
6853 if(err) {
6854 END_PROFILE(SMBlockingX);
6855 reply_doserror(req, ERRDOS, ERRnoaccess);
6856 return;
6857 }
6858
6859 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6860 "%u, file %s timeout = %d\n", (double)offset,
6861 (double)count, (unsigned int)lock_pid,
6862 fsp->fsp_name, (int)lock_timeout ));
6863
6864 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6865 if (lp_blocking_locks(SNUM(conn))) {
6866
6867 /* Schedule a message to ourselves to
6868 remove the blocking lock record and
6869 return the right error. */
6870
6871 if (!blocking_lock_cancel(fsp,
6872 lock_pid,
6873 offset,
6874 count,
6875 WINDOWS_LOCK,
6876 locktype,
6877 NT_STATUS_FILE_LOCK_CONFLICT)) {
6878 END_PROFILE(SMBlockingX);
6879 reply_nterror(
6880 req,
6881 NT_STATUS_DOS(
6882 ERRDOS,
6883 ERRcancelviolation));
6884 return;
6885 }
6886 }
6887 /* Remove a matching pending lock. */
6888 status = do_lock_cancel(fsp,
6889 lock_pid,
6890 count,
6891 offset,
6892 WINDOWS_LOCK);
6893 } else {
6894 bool blocking_lock = lock_timeout ? True : False;
6895 bool defer_lock = False;
6896 struct byte_range_lock *br_lck;
6897 uint32 block_smbpid;
6898
6899 br_lck = do_lock(smbd_messaging_context(),
6900 fsp,
6901 lock_pid,
6902 count,
6903 offset,
6904 lock_type,
6905 WINDOWS_LOCK,
6906 blocking_lock,
6907 &status,
6908 &block_smbpid);
6909
6910 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6911 /* Windows internal resolution for blocking locks seems
6912 to be about 200ms... Don't wait for less than that. JRA. */
6913 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6914 lock_timeout = lp_lock_spin_time();
6915 }
6916 defer_lock = True;
6917 }
6918
6919 /* This heuristic seems to match W2K3 very well. If a
6920 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6921 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6922 far as I can tell. Replacement for do_lock_spin(). JRA. */
6923
6924 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6925 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6926 defer_lock = True;
6927 lock_timeout = lp_lock_spin_time();
6928 }
6929
6930 if (br_lck && defer_lock) {
6931 /*
6932 * A blocking lock was requested. Package up
6933 * this smb into a queued request and push it
6934 * onto the blocking lock queue.
6935 */
6936 if(push_blocking_lock_request(br_lck,
6937 req,
6938 fsp,
6939 lock_timeout,
6940 i,
6941 lock_pid,
6942 lock_type,
6943 WINDOWS_LOCK,
6944 offset,
6945 count,
6946 block_smbpid)) {
6947 TALLOC_FREE(br_lck);
6948 END_PROFILE(SMBlockingX);
6949 return;
6950 }
6951 }
6952
6953 TALLOC_FREE(br_lck);
6954 }
6955
6956 if (NT_STATUS_V(status)) {
6957 END_PROFILE(SMBlockingX);
6958 reply_nterror(req, status);
6959 return;
6960 }
6961 }
6962
6963 /* If any of the above locks failed, then we must unlock
6964 all of the previous locks (X/Open spec). */
6965
6966 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6967 (i != num_locks) &&
6968 (num_locks != 0)) {
6969 /*
6970 * Ensure we don't do a remove on the lock that just failed,
6971 * as under POSIX rules, if we have a lock already there, we
6972 * will delete it (and we shouldn't) .....
6973 */
6974 for(i--; i >= 0; i--) {
6975 lock_pid = get_lock_pid( data, i, large_file_format);
6976 count = get_lock_count( data, i, large_file_format);
6977 offset = get_lock_offset( data, i, large_file_format,
6978 &err);
6979
6980 /*
6981 * There is no error code marked "stupid client
6982 * bug".... :-).
6983 */
6984 if(err) {
6985 END_PROFILE(SMBlockingX);
6986 reply_doserror(req, ERRDOS, ERRnoaccess);
6987 return;
6988 }
6989
6990 do_unlock(smbd_messaging_context(),
6991 fsp,
6992 lock_pid,
6993 count,
6994 offset,
6995 WINDOWS_LOCK);
6996 }
6997 END_PROFILE(SMBlockingX);
6998 reply_nterror(req, status);
6999 return;
7000 }
7001
7002 reply_outbuf(req, 2, 0);
7003
7004 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7005 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7006
7007 END_PROFILE(SMBlockingX);
7008 chain_reply(req);
7009 }
7010
7011 #undef DBGC_CLASS
7012 #define DBGC_CLASS DBGC_ALL
7013
7014 /****************************************************************************
7015 Reply to a SMBreadbmpx (read block multiplex) request.
7016 Always reply with an error, if someone has a platform really needs this,
7017 please contact vl@samba.org
7018 ****************************************************************************/
7019
7020 void reply_readbmpx(struct smb_request *req)
7021 {
7022 START_PROFILE(SMBreadBmpx);
7023 reply_doserror(req, ERRSRV, ERRuseSTD);
7024 END_PROFILE(SMBreadBmpx);
7025 return;
7026 }
7027
7028 /****************************************************************************
7029 Reply to a SMBreadbs (read block multiplex secondary) request.
7030 Always reply with an error, if someone has a platform really needs this,
7031 please contact vl@samba.org
7032 ****************************************************************************/
7033
7034 void reply_readbs(struct smb_request *req)
7035 {
7036 START_PROFILE(SMBreadBs);
7037 reply_doserror(req, ERRSRV, ERRuseSTD);
7038 END_PROFILE(SMBreadBs);
7039 return;
7040 }
7041
7042 /****************************************************************************
7043 Reply to a SMBsetattrE.
7044 ****************************************************************************/
7045
7046 void reply_setattrE(struct smb_request *req)
7047 {
7048 connection_struct *conn = req->conn;
7049 struct timespec ts[2];
7050 files_struct *fsp;
7051 SMB_STRUCT_STAT sbuf;
7052 NTSTATUS status;
7053
7054 START_PROFILE(SMBsetattrE);
7055
7056 if (req->wct < 7) {
7057 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7058 END_PROFILE(SMBsetattrE);
7059 return;
7060 }
7061
7062 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
7063
7064 if(!fsp || (fsp->conn != conn)) {
7065 reply_doserror(req, ERRDOS, ERRbadfid);
7066 END_PROFILE(SMBsetattrE);
7067 return;
7068 }
7069
7070
7071 /*
7072 * Convert the DOS times into unix times. Ignore create
7073 * time as UNIX can't set this.
7074 */
7075
7076 ts[0] = convert_time_t_to_timespec(
7077 srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */
7078 ts[1] = convert_time_t_to_timespec(
7079 srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */
7080
7081 reply_outbuf(req, 0, 0);
7082
7083 /*
7084 * Patch from Ray Frush <frush@engr.colostate.edu>
7085 * Sometimes times are sent as zero - ignore them.
7086 */
7087
7088 /* Ensure we have a valid stat struct for the source. */
7089 if (fsp->fh->fd != -1) {
7090 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
7091 status = map_nt_error_from_unix(errno);
7092 reply_nterror(req, status);
7093 END_PROFILE(SMBsetattrE);
7094 return;
7095 }
7096 } else {
7097 if (SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf) == -1) {
7098 status = map_nt_error_from_unix(errno);
7099 reply_nterror(req, status);
7100 END_PROFILE(SMBsetattrE);
7101 return;
7102 }
7103 }
7104
7105 status = smb_set_file_time(conn, fsp, fsp->fsp_name,
7106 &sbuf, ts, true);
7107 if (!NT_STATUS_IS_OK(status)) {
7108 reply_doserror(req, ERRDOS, ERRnoaccess);
7109 END_PROFILE(SMBsetattrE);
7110 return;
7111 }
7112
7113 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
7114 fsp->fnum,
7115 (unsigned int)ts[0].tv_sec,
7116 (unsigned int)ts[1].tv_sec));
7117
7118 END_PROFILE(SMBsetattrE);
7119 return;
7120 }
7121
7122
7123 /* Back from the dead for OS/2..... JRA. */
7124
7125 /****************************************************************************
7126 Reply to a SMBwritebmpx (write block multiplex primary) request.
7127 Always reply with an error, if someone has a platform really needs this,
7128 please contact vl@samba.org
7129 ****************************************************************************/
7130
7131 void reply_writebmpx(struct smb_request *req)
7132 {
7133 START_PROFILE(SMBwriteBmpx);
7134 reply_doserror(req, ERRSRV, ERRuseSTD);
7135 END_PROFILE(SMBwriteBmpx);
7136 return;
7137 }
7138
7139 /****************************************************************************
7140 Reply to a SMBwritebs (write block multiplex secondary) request.
7141 Always reply with an error, if someone has a platform really needs this,
7142 please contact vl@samba.org
7143 ****************************************************************************/
7144
7145 void reply_writebs(struct smb_request *req)
7146 {
7147 START_PROFILE(SMBwriteBs);
7148 reply_doserror(req, ERRSRV, ERRuseSTD);
7149 END_PROFILE(SMBwriteBs);
7150 return;
7151 }
7152
7153 /****************************************************************************
7154 Reply to a SMBgetattrE.
7155 ****************************************************************************/
7156
7157 void reply_getattrE(struct smb_request *req)
7158 {
7159 connection_struct *conn = req->conn;
7160 SMB_STRUCT_STAT sbuf;
7161 int mode;
7162 files_struct *fsp;
7163 struct timespec create_ts;
7164
7165 START_PROFILE(SMBgetattrE);
7166
7167 if (req->wct < 1) {
7168 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7169 END_PROFILE(SMBgetattrE);
7170 return;
7171 }
7172
7173 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
7174
7175 if(!fsp || (fsp->conn != conn)) {
7176 reply_doserror(req, ERRDOS, ERRbadfid);
7177 END_PROFILE(SMBgetattrE);
7178 return;
7179 }
7180
7181 /* Do an fstat on this file */
7182 if(fsp_stat(fsp, &sbuf)) {
7183 reply_unixerror(req, ERRDOS, ERRnoaccess);
7184 END_PROFILE(SMBgetattrE);
7185 return;
7186 }
7187
7188 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7189
7190 /*
7191 * Convert the times into dos times. Set create
7192 * date to be last modify date as UNIX doesn't save
7193 * this.
7194 */
7195
7196 reply_outbuf(req, 11, 0);
7197
7198 create_ts = get_create_timespec(&sbuf,
7199 lp_fake_dir_create_times(SNUM(conn)));
7200 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7201 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7202 /* Should we check pending modtime here ? JRA */
7203 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7204
7205 if (mode & aDIR) {
7206 SIVAL(req->outbuf, smb_vwv6, 0);
7207 SIVAL(req->outbuf, smb_vwv8, 0);
7208 } else {
7209 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
7210 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7211 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7212 }
7213 SSVAL(req->outbuf,smb_vwv10, mode);
7214
7215 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7216
7217 END_PROFILE(SMBgetattrE);
7218 return;
7219 }
Samba GIT mirror