search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:smbd: remove dirptr and dirpath from connection_struct
[Samba/cd1.git] / source3 / smbd / reply.c
blobf6028a3eef350082d3bfe9bf7ca87bca477165c3
1 /*
2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22 /*
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
25 */
26
27 #include "includes.h"
28 #include "smbd/globals.h"
29
30 extern enum protocol_types Protocol;
31
32 /****************************************************************************
33 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
34 path or anything including wildcards.
35 We're assuming here that '/' is not the second byte in any multibyte char
36 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
37 set.
38 ****************************************************************************/
39
40 /* Custom version for processing POSIX paths. */
41 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
42
43 static NTSTATUS check_path_syntax_internal(char *path,
44 bool posix_path,
45 bool *p_last_component_contains_wcard)
46 {
47 char *d = path;
48 const char *s = path;
49 NTSTATUS ret = NT_STATUS_OK;
50 bool start_of_name_component = True;
51 bool stream_started = false;
52
53 *p_last_component_contains_wcard = False;
54
55 while (*s) {
56 if (stream_started) {
57 switch (*s) {
58 case '/':
59 case '\\':
60 return NT_STATUS_OBJECT_NAME_INVALID;
61 case ':':
62 if (s[1] == '\0') {
63 return NT_STATUS_OBJECT_NAME_INVALID;
64 }
65 if (strchr_m(&s[1], ':')) {
66 return NT_STATUS_OBJECT_NAME_INVALID;
67 }
68 if (StrCaseCmp(s, ":$DATA") != 0) {
69 return NT_STATUS_INVALID_PARAMETER;
70 }
71 break;
72 }
73 }
74
75 if (!posix_path && !stream_started && *s == ':') {
76 if (*p_last_component_contains_wcard) {
77 return NT_STATUS_OBJECT_NAME_INVALID;
78 }
79 /* Stream names allow more characters than file names.
80 We're overloading posix_path here to allow a wider
81 range of characters. If stream_started is true this
82 is still a Windows path even if posix_path is true.
83 JRA.
84 */
85 stream_started = true;
86 start_of_name_component = false;
87 posix_path = true;
88
89 if (s[1] == '\0') {
90 return NT_STATUS_OBJECT_NAME_INVALID;
91 }
92 }
93
94 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
95 /*
96 * Safe to assume is not the second part of a mb char
97 * as this is handled below.
98 */
99 /* Eat multiple '/' or '\\' */
100 while (IS_PATH_SEP(*s,posix_path)) {
101 s++;
102 }
103 if ((d != path) && (*s != '\0')) {
104 /* We only care about non-leading or trailing '/' or '\\' */
105 *d++ = '/';
106 }
107
108 start_of_name_component = True;
109 /* New component. */
110 *p_last_component_contains_wcard = False;
111 continue;
112 }
113
114 if (start_of_name_component) {
115 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
116 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
117
118 /*
119 * No mb char starts with '.' so we're safe checking the directory separator here.
120 */
121
122 /* If we just added a '/' - delete it */
123 if ((d > path) && (*(d-1) == '/')) {
124 *(d-1) = '\0';
125 d--;
126 }
127
128 /* Are we at the start ? Can't go back further if so. */
129 if (d <= path) {
130 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
131 break;
132 }
133 /* Go back one level... */
134 /* We know this is safe as '/' cannot be part of a mb sequence. */
135 /* NOTE - if this assumption is invalid we are not in good shape... */
136 /* Decrement d first as d points to the *next* char to write into. */
137 for (d--; d > path; d--) {
138 if (*d == '/')
139 break;
140 }
141 s += 2; /* Else go past the .. */
142 /* We're still at the start of a name component, just the previous one. */
143 continue;
144
145 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
146 if (posix_path) {
147 /* Eat the '.' */
148 s++;
149 continue;
150 }
151 }
152
153 }
154
155 if (!(*s & 0x80)) {
156 if (!posix_path) {
157 if (*s <= 0x1f || *s == '|') {
158 return NT_STATUS_OBJECT_NAME_INVALID;
159 }
160 switch (*s) {
161 case '*':
162 case '?':
163 case '<':
164 case '>':
165 case '"':
166 *p_last_component_contains_wcard = True;
167 break;
168 default:
169 break;
170 }
171 }
172 *d++ = *s++;
173 } else {
174 size_t siz;
175 /* Get the size of the next MB character. */
176 next_codepoint(s,&siz);
177 switch(siz) {
178 case 5:
179 *d++ = *s++;
180 /*fall through*/
181 case 4:
182 *d++ = *s++;
183 /*fall through*/
184 case 3:
185 *d++ = *s++;
186 /*fall through*/
187 case 2:
188 *d++ = *s++;
189 /*fall through*/
190 case 1:
191 *d++ = *s++;
192 break;
193 default:
194 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
195 *d = '\0';
196 return NT_STATUS_INVALID_PARAMETER;
197 }
198 }
199 start_of_name_component = False;
200 }
201
202 *d = '\0';
203
204 return ret;
205 }
206
207 /****************************************************************************
208 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
209 No wildcards allowed.
210 ****************************************************************************/
211
212 NTSTATUS check_path_syntax(char *path)
213 {
214 bool ignore;
215 return check_path_syntax_internal(path, False, &ignore);
216 }
217
218 /****************************************************************************
219 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
220 Wildcards allowed - p_contains_wcard returns true if the last component contained
221 a wildcard.
222 ****************************************************************************/
223
224 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
225 {
226 return check_path_syntax_internal(path, False, p_contains_wcard);
227 }
228
229 /****************************************************************************
230 Check the path for a POSIX client.
231 We're assuming here that '/' is not the second byte in any multibyte char
232 set (a safe assumption).
233 ****************************************************************************/
234
235 NTSTATUS check_path_syntax_posix(char *path)
236 {
237 bool ignore;
238 return check_path_syntax_internal(path, True, &ignore);
239 }
240
241 /****************************************************************************
242 Pull a string and check the path allowing a wilcard - provide for error return.
243 ****************************************************************************/
244
245 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
246 const char *base_ptr,
247 uint16 smb_flags2,
248 char **pp_dest,
249 const char *src,
250 size_t src_len,
251 int flags,
252 NTSTATUS *err,
253 bool *contains_wcard)
254 {
255 size_t ret;
256
257 *pp_dest = NULL;
258
259 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
260 src_len, flags);
261
262 if (!*pp_dest) {
263 *err = NT_STATUS_INVALID_PARAMETER;
264 return ret;
265 }
266
267 *contains_wcard = False;
268
269 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
270 /*
271 * For a DFS path the function parse_dfs_path()
272 * will do the path processing, just make a copy.
273 */
274 *err = NT_STATUS_OK;
275 return ret;
276 }
277
278 if (lp_posix_pathnames()) {
279 *err = check_path_syntax_posix(*pp_dest);
280 } else {
281 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
282 }
283
284 return ret;
285 }
286
287 /****************************************************************************
288 Pull a string and check the path - provide for error return.
289 ****************************************************************************/
290
291 size_t srvstr_get_path(TALLOC_CTX *ctx,
292 const char *base_ptr,
293 uint16 smb_flags2,
294 char **pp_dest,
295 const char *src,
296 size_t src_len,
297 int flags,
298 NTSTATUS *err)
299 {
300 bool ignore;
301 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
302 src_len, flags, err, &ignore);
303 }
304
305 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
306 char **pp_dest, const char *src, int flags,
307 NTSTATUS *err, bool *contains_wcard)
308 {
309 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
310 pp_dest, src, smbreq_bufrem(req, src),
311 flags, err, contains_wcard);
312 }
313
314 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
315 char **pp_dest, const char *src, int flags,
316 NTSTATUS *err)
317 {
318 bool ignore;
319 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
320 flags, err, &ignore);
321 }
322
323 /****************************************************************************
324 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
325 ****************************************************************************/
326
327 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
328 files_struct *fsp)
329 {
330 if (!(fsp) || !(conn)) {
331 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
332 return False;
333 }
334 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
335 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
336 return False;
337 }
338 return True;
339 }
340
341 /****************************************************************************
342 Check if we have a correct fsp pointing to a file.
343 ****************************************************************************/
344
345 bool check_fsp(connection_struct *conn, struct smb_request *req,
346 files_struct *fsp)
347 {
348 if (!check_fsp_open(conn, req, fsp)) {
349 return False;
350 }
351 if ((fsp)->is_directory) {
352 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
353 return False;
354 }
355 if ((fsp)->fh->fd == -1) {
356 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
357 return False;
358 }
359 (fsp)->num_smb_operations++;
360 return True;
361 }
362
363 /****************************************************************************
364 Check if we have a correct fsp pointing to a quota fake file. Replacement for
365 the CHECK_NTQUOTA_HANDLE_OK macro.
366 ****************************************************************************/
367
368 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
369 files_struct *fsp)
370 {
371 if (!check_fsp_open(conn, req, fsp)) {
372 return false;
373 }
374
375 if (fsp->is_directory) {
376 return false;
377 }
378
379 if (fsp->fake_file_handle == NULL) {
380 return false;
381 }
382
383 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
384 return false;
385 }
386
387 if (fsp->fake_file_handle->private_data == NULL) {
388 return false;
389 }
390
391 return true;
392 }
393
394 /****************************************************************************
395 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
396 ****************************************************************************/
397
398 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
399 files_struct *fsp)
400 {
401 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
402 && (req->vuid == (fsp)->vuid)) {
403 return True;
404 }
405
406 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
407 return False;
408 }
409
410 static bool netbios_session_retarget(const char *name, int name_type)
411 {
412 char *trim_name;
413 char *trim_name_type;
414 const char *retarget_parm;
415 char *retarget;
416 char *p;
417 int retarget_type = 0x20;
418 int retarget_port = 139;
419 struct sockaddr_storage retarget_addr;
420 struct sockaddr_in *in_addr;
421 bool ret = false;
422 uint8_t outbuf[10];
423
424 if (get_socket_port(smbd_server_fd()) != 139) {
425 return false;
426 }
427
428 trim_name = talloc_strdup(talloc_tos(), name);
429 if (trim_name == NULL) {
430 goto fail;
431 }
432 trim_char(trim_name, ' ', ' ');
433
434 trim_name_type = talloc_asprintf(trim_name, "%s#%2.2x", trim_name,
435 name_type);
436 if (trim_name_type == NULL) {
437 goto fail;
438 }
439
440 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
441 trim_name_type, NULL);
442 if (retarget_parm == NULL) {
443 retarget_parm = lp_parm_const_string(-1, "netbios retarget",
444 trim_name, NULL);
445 }
446 if (retarget_parm == NULL) {
447 goto fail;
448 }
449
450 retarget = talloc_strdup(trim_name, retarget_parm);
451 if (retarget == NULL) {
452 goto fail;
453 }
454
455 DEBUG(10, ("retargeting %s to %s\n", trim_name_type, retarget));
456
457 p = strchr(retarget, ':');
458 if (p != NULL) {
459 *p++ = '\0';
460 retarget_port = atoi(p);
461 }
462
463 p = strchr_m(retarget, '#');
464 if (p != NULL) {
465 *p++ = '\0';
466 sscanf(p, "%x", &retarget_type);
467 }
468
469 ret = resolve_name(retarget, &retarget_addr, retarget_type, false);
470 if (!ret) {
471 DEBUG(10, ("could not resolve %s\n", retarget));
472 goto fail;
473 }
474
475 if (retarget_addr.ss_family != AF_INET) {
476 DEBUG(10, ("Retarget target not an IPv4 addr\n"));
477 goto fail;
478 }
479
480 in_addr = (struct sockaddr_in *)(void *)&retarget_addr;
481
482 _smb_setlen(outbuf, 6);
483 SCVAL(outbuf, 0, 0x84);
484 *(uint32_t *)(outbuf+4) = in_addr->sin_addr.s_addr;
485 *(uint16_t *)(outbuf+8) = htons(retarget_port);
486
487 if (!srv_send_smb(smbd_server_fd(), (char *)outbuf, false, 0, false,
488 NULL)) {
489 exit_server_cleanly("netbios_session_regarget: srv_send_smb "
490 "failed.");
491 }
492
493 ret = true;
494 fail:
495 TALLOC_FREE(trim_name);
496 return ret;
497 }
498
499 /****************************************************************************
500 Reply to a (netbios-level) special message.
501 ****************************************************************************/
502
503 void reply_special(char *inbuf)
504 {
505 int msg_type = CVAL(inbuf,0);
506 int msg_flags = CVAL(inbuf,1);
507 fstring name1,name2;
508 char name_type1, name_type2;
509 struct smbd_server_connection *sconn = smbd_server_conn;
510
511 /*
512 * We only really use 4 bytes of the outbuf, but for the smb_setlen
513 * calculation & friends (srv_send_smb uses that) we need the full smb
514 * header.
515 */
516 char outbuf[smb_size];
517
518 *name1 = *name2 = 0;
519
520 memset(outbuf, '\0', sizeof(outbuf));
521
522 smb_setlen(outbuf,0);
523
524 switch (msg_type) {
525 case 0x81: /* session request */
526
527 if (sconn->nbt.got_session) {
528 exit_server_cleanly("multiple session request not permitted");
529 }
530
531 SCVAL(outbuf,0,0x82);
532 SCVAL(outbuf,3,0);
533 if (name_len(inbuf+4) > 50 ||
534 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
535 DEBUG(0,("Invalid name length in session request\n"));
536 return;
537 }
538 name_type1 = name_extract(inbuf,4,name1);
539 name_type2 = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
540 DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
541 name1, name_type1, name2, name_type2));
542
543 if (netbios_session_retarget(name1, name_type1)) {
544 exit_server_cleanly("retargeted client");
545 }
546
547 set_local_machine_name(name1, True);
548 set_remote_machine_name(name2, True);
549
550 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
551 get_local_machine_name(), get_remote_machine_name(),
552 name_type2));
553
554 if (name_type2 == 'R') {
555 /* We are being asked for a pathworks session ---
556 no thanks! */
557 SCVAL(outbuf, 0,0x83);
558 break;
559 }
560
561 /* only add the client's machine name to the list
562 of possibly valid usernames if we are operating
563 in share mode security */
564 if (lp_security() == SEC_SHARE) {
565 add_session_user(sconn, get_remote_machine_name());
566 }
567
568 reload_services(True);
569 reopen_logs();
570
571 sconn->nbt.got_session = true;
572 break;
573
574 case 0x89: /* session keepalive request
575 (some old clients produce this?) */
576 SCVAL(outbuf,0,SMBkeepalive);
577 SCVAL(outbuf,3,0);
578 break;
579
580 case 0x82: /* positive session response */
581 case 0x83: /* negative session response */
582 case 0x84: /* retarget session response */
583 DEBUG(0,("Unexpected session response\n"));
584 break;
585
586 case SMBkeepalive: /* session keepalive */
587 default:
588 return;
589 }
590
591 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
592 msg_type, msg_flags));
593
594 srv_send_smb(smbd_server_fd(), outbuf, false, 0, false, NULL);
595 return;
596 }
597
598 /****************************************************************************
599 Reply to a tcon.
600 conn POINTER CAN BE NULL HERE !
601 ****************************************************************************/
602
603 void reply_tcon(struct smb_request *req)
604 {
605 connection_struct *conn = req->conn;
606 const char *service;
607 char *service_buf = NULL;
608 char *password = NULL;
609 char *dev = NULL;
610 int pwlen=0;
611 NTSTATUS nt_status;
612 const char *p;
613 DATA_BLOB password_blob;
614 TALLOC_CTX *ctx = talloc_tos();
615 struct smbd_server_connection *sconn = smbd_server_conn;
616
617 START_PROFILE(SMBtcon);
618
619 if (req->buflen < 4) {
620 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
621 END_PROFILE(SMBtcon);
622 return;
623 }
624
625 p = (const char *)req->buf + 1;
626 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
627 p += 1;
628 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
629 p += pwlen+1;
630 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
631 p += 1;
632
633 if (service_buf == NULL || password == NULL || dev == NULL) {
634 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
635 END_PROFILE(SMBtcon);
636 return;
637 }
638 p = strrchr_m(service_buf,'\\');
639 if (p) {
640 service = p+1;
641 } else {
642 service = service_buf;
643 }
644
645 password_blob = data_blob(password, pwlen+1);
646
647 conn = make_connection(sconn,service,password_blob,dev,
648 req->vuid,&nt_status);
649 req->conn = conn;
650
651 data_blob_clear_free(&password_blob);
652
653 if (!conn) {
654 reply_nterror(req, nt_status);
655 END_PROFILE(SMBtcon);
656 return;
657 }
658
659 reply_outbuf(req, 2, 0);
660 SSVAL(req->outbuf,smb_vwv0,sconn->smb1.negprot.max_recv);
661 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
662 SSVAL(req->outbuf,smb_tid,conn->cnum);
663
664 DEBUG(3,("tcon service=%s cnum=%d\n",
665 service, conn->cnum));
666
667 END_PROFILE(SMBtcon);
668 return;
669 }
670
671 /****************************************************************************
672 Reply to a tcon and X.
673 conn POINTER CAN BE NULL HERE !
674 ****************************************************************************/
675
676 void reply_tcon_and_X(struct smb_request *req)
677 {
678 connection_struct *conn = req->conn;
679 const char *service = NULL;
680 DATA_BLOB password;
681 TALLOC_CTX *ctx = talloc_tos();
682 /* what the cleint thinks the device is */
683 char *client_devicetype = NULL;
684 /* what the server tells the client the share represents */
685 const char *server_devicetype;
686 NTSTATUS nt_status;
687 int passlen;
688 char *path = NULL;
689 const char *p, *q;
690 uint16 tcon_flags;
691 struct smbd_server_connection *sconn = smbd_server_conn;
692
693 START_PROFILE(SMBtconX);
694
695 if (req->wct < 4) {
696 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
697 END_PROFILE(SMBtconX);
698 return;
699 }
700
701 passlen = SVAL(req->vwv+3, 0);
702 tcon_flags = SVAL(req->vwv+2, 0);
703
704 /* we might have to close an old one */
705 if ((tcon_flags & 0x1) && conn) {
706 close_cnum(conn,req->vuid);
707 req->conn = NULL;
708 conn = NULL;
709 }
710
711 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
712 reply_doserror(req, ERRDOS, ERRbuftoosmall);
713 END_PROFILE(SMBtconX);
714 return;
715 }
716
717 if (sconn->smb1.negprot.encrypted_passwords) {
718 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
719 if (lp_security() == SEC_SHARE) {
720 /*
721 * Security = share always has a pad byte
722 * after the password.
723 */
724 p = (const char *)req->buf + passlen + 1;
725 } else {
726 p = (const char *)req->buf + passlen;
727 }
728 } else {
729 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
730 /* Ensure correct termination */
731 password.data[passlen]=0;
732 p = (const char *)req->buf + passlen + 1;
733 }
734
735 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
736
737 if (path == NULL) {
738 data_blob_clear_free(&password);
739 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
740 END_PROFILE(SMBtconX);
741 return;
742 }
743
744 /*
745 * the service name can be either: \\server\share
746 * or share directly like on the DELL PowerVault 705
747 */
748 if (*path=='\\') {
749 q = strchr_m(path+2,'\\');
750 if (!q) {
751 data_blob_clear_free(&password);
752 reply_doserror(req, ERRDOS, ERRnosuchshare);
753 END_PROFILE(SMBtconX);
754 return;
755 }
756 service = q+1;
757 } else {
758 service = path;
759 }
760
761 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
762 &client_devicetype, p,
763 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
764
765 if (client_devicetype == NULL) {
766 data_blob_clear_free(&password);
767 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
768 END_PROFILE(SMBtconX);
769 return;
770 }
771
772 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
773
774 conn = make_connection(sconn, service, password, client_devicetype,
775 req->vuid, &nt_status);
776 req->conn =conn;
777
778 data_blob_clear_free(&password);
779
780 if (!conn) {
781 reply_nterror(req, nt_status);
782 END_PROFILE(SMBtconX);
783 return;
784 }
785
786 if ( IS_IPC(conn) )
787 server_devicetype = "IPC";
788 else if ( IS_PRINT(conn) )
789 server_devicetype = "LPT1:";
790 else
791 server_devicetype = "A:";
792
793 if (Protocol < PROTOCOL_NT1) {
794 reply_outbuf(req, 2, 0);
795 if (message_push_string(&req->outbuf, server_devicetype,
796 STR_TERMINATE|STR_ASCII) == -1) {
797 reply_nterror(req, NT_STATUS_NO_MEMORY);
798 END_PROFILE(SMBtconX);
799 return;
800 }
801 } else {
802 /* NT sets the fstype of IPC$ to the null string */
803 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
804
805 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
806 /* Return permissions. */
807 uint32 perm1 = 0;
808 uint32 perm2 = 0;
809
810 reply_outbuf(req, 7, 0);
811
812 if (IS_IPC(conn)) {
813 perm1 = FILE_ALL_ACCESS;
814 perm2 = FILE_ALL_ACCESS;
815 } else {
816 perm1 = CAN_WRITE(conn) ?
817 SHARE_ALL_ACCESS :
818 SHARE_READ_ONLY;
819 }
820
821 SIVAL(req->outbuf, smb_vwv3, perm1);
822 SIVAL(req->outbuf, smb_vwv5, perm2);
823 } else {
824 reply_outbuf(req, 3, 0);
825 }
826
827 if ((message_push_string(&req->outbuf, server_devicetype,
828 STR_TERMINATE|STR_ASCII) == -1)
829 || (message_push_string(&req->outbuf, fstype,
830 STR_TERMINATE) == -1)) {
831 reply_nterror(req, NT_STATUS_NO_MEMORY);
832 END_PROFILE(SMBtconX);
833 return;
834 }
835
836 /* what does setting this bit do? It is set by NT4 and
837 may affect the ability to autorun mounted cdroms */
838 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
839 (lp_csc_policy(SNUM(conn)) << 2));
840
841 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
842 DEBUG(2,("Serving %s as a Dfs root\n",
843 lp_servicename(SNUM(conn)) ));
844 SSVAL(req->outbuf, smb_vwv2,
845 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
846 }
847 }
848
849
850 DEBUG(3,("tconX service=%s \n",
851 service));
852
853 /* set the incoming and outgoing tid to the just created one */
854 SSVAL(req->inbuf,smb_tid,conn->cnum);
855 SSVAL(req->outbuf,smb_tid,conn->cnum);
856
857 END_PROFILE(SMBtconX);
858
859 req->tid = conn->cnum;
860 chain_reply(req);
861 return;
862 }
863
864 /****************************************************************************
865 Reply to an unknown type.
866 ****************************************************************************/
867
868 void reply_unknown_new(struct smb_request *req, uint8 type)
869 {
870 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
871 smb_fn_name(type), type, type));
872 reply_doserror(req, ERRSRV, ERRunknownsmb);
873 return;
874 }
875
876 /****************************************************************************
877 Reply to an ioctl.
878 conn POINTER CAN BE NULL HERE !
879 ****************************************************************************/
880
881 void reply_ioctl(struct smb_request *req)
882 {
883 connection_struct *conn = req->conn;
884 uint16 device;
885 uint16 function;
886 uint32 ioctl_code;
887 int replysize;
888 char *p;
889
890 START_PROFILE(SMBioctl);
891
892 if (req->wct < 3) {
893 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
894 END_PROFILE(SMBioctl);
895 return;
896 }
897
898 device = SVAL(req->vwv+1, 0);
899 function = SVAL(req->vwv+2, 0);
900 ioctl_code = (device << 16) + function;
901
902 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
903
904 switch (ioctl_code) {
905 case IOCTL_QUERY_JOB_INFO:
906 replysize = 32;
907 break;
908 default:
909 reply_doserror(req, ERRSRV, ERRnosupport);
910 END_PROFILE(SMBioctl);
911 return;
912 }
913
914 reply_outbuf(req, 8, replysize+1);
915 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
916 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
917 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
918 p = smb_buf(req->outbuf);
919 memset(p, '\0', replysize+1); /* valgrind-safe. */
920 p += 1; /* Allow for alignment */
921
922 switch (ioctl_code) {
923 case IOCTL_QUERY_JOB_INFO:
924 {
925 files_struct *fsp = file_fsp(
926 req, SVAL(req->vwv+0, 0));
927 if (!fsp) {
928 reply_doserror(req, ERRDOS, ERRbadfid);
929 END_PROFILE(SMBioctl);
930 return;
931 }
932 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
933 srvstr_push((char *)req->outbuf, req->flags2, p+2,
934 global_myname(), 15,
935 STR_TERMINATE|STR_ASCII);
936 if (conn) {
937 srvstr_push((char *)req->outbuf, req->flags2,
938 p+18, lp_servicename(SNUM(conn)),
939 13, STR_TERMINATE|STR_ASCII);
940 } else {
941 memset(p+18, 0, 13);
942 }
943 break;
944 }
945 }
946
947 END_PROFILE(SMBioctl);
948 return;
949 }
950
951 /****************************************************************************
952 Strange checkpath NTSTATUS mapping.
953 ****************************************************************************/
954
955 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
956 {
957 /* Strange DOS error code semantics only for checkpath... */
958 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
959 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
960 /* We need to map to ERRbadpath */
961 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
962 }
963 }
964 return status;
965 }
966
967 /****************************************************************************
968 Reply to a checkpath.
969 ****************************************************************************/
970
971 void reply_checkpath(struct smb_request *req)
972 {
973 connection_struct *conn = req->conn;
974 struct smb_filename *smb_fname = NULL;
975 char *name = NULL;
976 NTSTATUS status;
977 TALLOC_CTX *ctx = talloc_tos();
978
979 START_PROFILE(SMBcheckpath);
980
981 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
982 STR_TERMINATE, &status);
983
984 if (!NT_STATUS_IS_OK(status)) {
985 status = map_checkpath_error(req->flags2, status);
986 reply_nterror(req, status);
987 END_PROFILE(SMBcheckpath);
988 return;
989 }
990
991 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
992
993 status = filename_convert(ctx,
994 conn,
995 req->flags2 & FLAGS2_DFS_PATHNAMES,
996 name,
997 0,
998 NULL,
999 &smb_fname);
1000
1001 if (!NT_STATUS_IS_OK(status)) {
1002 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1003 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1004 ERRSRV, ERRbadpath);
1005 END_PROFILE(SMBcheckpath);
1006 return;
1007 }
1008 goto path_err;
1009 }
1010
1011 if (!VALID_STAT(smb_fname->st) &&
1012 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1013 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",
1014 smb_fname_str_dbg(smb_fname), strerror(errno)));
1015 status = map_nt_error_from_unix(errno);
1016 goto path_err;
1017 }
1018
1019 if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
1020 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
1021 ERRDOS, ERRbadpath);
1022 goto out;
1023 }
1024
1025 reply_outbuf(req, 0, 0);
1026
1027 path_err:
1028 /* We special case this - as when a Windows machine
1029 is parsing a path is steps through the components
1030 one at a time - if a component fails it expects
1031 ERRbadpath, not ERRbadfile.
1032 */
1033 status = map_checkpath_error(req->flags2, status);
1034 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1035 /*
1036 * Windows returns different error codes if
1037 * the parent directory is valid but not the
1038 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
1039 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
1040 * if the path is invalid.
1041 */
1042 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
1043 ERRDOS, ERRbadpath);
1044 goto out;
1045 }
1046
1047 reply_nterror(req, status);
1048
1049 out:
1050 TALLOC_FREE(smb_fname);
1051 END_PROFILE(SMBcheckpath);
1052 return;
1053 }
1054
1055 /****************************************************************************
1056 Reply to a getatr.
1057 ****************************************************************************/
1058
1059 void reply_getatr(struct smb_request *req)
1060 {
1061 connection_struct *conn = req->conn;
1062 struct smb_filename *smb_fname = NULL;
1063 char *fname = NULL;
1064 int mode=0;
1065 SMB_OFF_T size=0;
1066 time_t mtime=0;
1067 const char *p;
1068 NTSTATUS status;
1069 TALLOC_CTX *ctx = talloc_tos();
1070 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1071
1072 START_PROFILE(SMBgetatr);
1073
1074 p = (const char *)req->buf + 1;
1075 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1076 if (!NT_STATUS_IS_OK(status)) {
1077 reply_nterror(req, status);
1078 goto out;
1079 }
1080
1081 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1082 under WfWg - weird! */
1083 if (*fname == '\0') {
1084 mode = aHIDDEN | aDIR;
1085 if (!CAN_WRITE(conn)) {
1086 mode |= aRONLY;
1087 }
1088 size = 0;
1089 mtime = 0;
1090 } else {
1091 status = filename_convert(ctx,
1092 conn,
1093 req->flags2 & FLAGS2_DFS_PATHNAMES,
1094 fname,
1095 0,
1096 NULL,
1097 &smb_fname);
1098 if (!NT_STATUS_IS_OK(status)) {
1099 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1100 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1101 ERRSRV, ERRbadpath);
1102 goto out;
1103 }
1104 reply_nterror(req, status);
1105 goto out;
1106 }
1107 if (!VALID_STAT(smb_fname->st) &&
1108 (SMB_VFS_STAT(conn, smb_fname) != 0)) {
1109 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",
1110 smb_fname_str_dbg(smb_fname),
1111 strerror(errno)));
1112 reply_nterror(req, map_nt_error_from_unix(errno));
1113 goto out;
1114 }
1115
1116 mode = dos_mode(conn, smb_fname);
1117 size = smb_fname->st.st_ex_size;
1118
1119 if (ask_sharemode) {
1120 struct timespec write_time_ts;
1121 struct file_id fileid;
1122
1123 ZERO_STRUCT(write_time_ts);
1124 fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1125 get_file_infos(fileid, NULL, &write_time_ts);
1126 if (!null_timespec(write_time_ts)) {
1127 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1128 }
1129 }
1130
1131 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1132 if (mode & aDIR) {
1133 size = 0;
1134 }
1135 }
1136
1137 reply_outbuf(req, 10, 0);
1138
1139 SSVAL(req->outbuf,smb_vwv0,mode);
1140 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1141 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1142 } else {
1143 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1144 }
1145 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1146
1147 if (Protocol >= PROTOCOL_NT1) {
1148 SSVAL(req->outbuf, smb_flg2,
1149 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1150 }
1151
1152 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n",
1153 smb_fname_str_dbg(smb_fname), mode, (unsigned int)size));
1154
1155 out:
1156 TALLOC_FREE(smb_fname);
1157 TALLOC_FREE(fname);
1158 END_PROFILE(SMBgetatr);
1159 return;
1160 }
1161
1162 /****************************************************************************
1163 Reply to a setatr.
1164 ****************************************************************************/
1165
1166 void reply_setatr(struct smb_request *req)
1167 {
1168 struct smb_file_time ft;
1169 connection_struct *conn = req->conn;
1170 struct smb_filename *smb_fname = NULL;
1171 char *fname = NULL;
1172 int mode;
1173 time_t mtime;
1174 const char *p;
1175 NTSTATUS status;
1176 TALLOC_CTX *ctx = talloc_tos();
1177
1178 START_PROFILE(SMBsetatr);
1179
1180 ZERO_STRUCT(ft);
1181
1182 if (req->wct < 2) {
1183 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1184 goto out;
1185 }
1186
1187 p = (const char *)req->buf + 1;
1188 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1189 if (!NT_STATUS_IS_OK(status)) {
1190 reply_nterror(req, status);
1191 goto out;
1192 }
1193
1194 status = filename_convert(ctx,
1195 conn,
1196 req->flags2 & FLAGS2_DFS_PATHNAMES,
1197 fname,
1198 0,
1199 NULL,
1200 &smb_fname);
1201 if (!NT_STATUS_IS_OK(status)) {
1202 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1203 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1204 ERRSRV, ERRbadpath);
1205 goto out;
1206 }
1207 reply_nterror(req, status);
1208 goto out;
1209 }
1210
1211 if (smb_fname->base_name[0] == '.' &&
1212 smb_fname->base_name[1] == '\0') {
1213 /*
1214 * Not sure here is the right place to catch this
1215 * condition. Might be moved to somewhere else later -- vl
1216 */
1217 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1218 goto out;
1219 }
1220
1221 mode = SVAL(req->vwv+0, 0);
1222 mtime = srv_make_unix_date3(req->vwv+1);
1223
1224 ft.mtime = convert_time_t_to_timespec(mtime);
1225 status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
1226 if (!NT_STATUS_IS_OK(status)) {
1227 reply_nterror(req, status);
1228 goto out;
1229 }
1230
1231 if (mode != FILE_ATTRIBUTE_NORMAL) {
1232 if (VALID_STAT_OF_DIR(smb_fname->st))
1233 mode |= aDIR;
1234 else
1235 mode &= ~aDIR;
1236
1237 if (file_set_dosmode(conn, smb_fname, mode, NULL,
1238 false) != 0) {
1239 reply_nterror(req, map_nt_error_from_unix(errno));
1240 goto out;
1241 }
1242 }
1243
1244 reply_outbuf(req, 0, 0);
1245
1246 DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
1247 mode));
1248 out:
1249 TALLOC_FREE(smb_fname);
1250 END_PROFILE(SMBsetatr);
1251 return;
1252 }
1253
1254 /****************************************************************************
1255 Reply to a dskattr.
1256 ****************************************************************************/
1257
1258 void reply_dskattr(struct smb_request *req)
1259 {
1260 connection_struct *conn = req->conn;
1261 uint64_t dfree,dsize,bsize;
1262 START_PROFILE(SMBdskattr);
1263
1264 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1265 reply_nterror(req, map_nt_error_from_unix(errno));
1266 END_PROFILE(SMBdskattr);
1267 return;
1268 }
1269
1270 reply_outbuf(req, 5, 0);
1271
1272 if (Protocol <= PROTOCOL_LANMAN2) {
1273 double total_space, free_space;
1274 /* we need to scale this to a number that DOS6 can handle. We
1275 use floating point so we can handle large drives on systems
1276 that don't have 64 bit integers
1277
1278 we end up displaying a maximum of 2G to DOS systems
1279 */
1280 total_space = dsize * (double)bsize;
1281 free_space = dfree * (double)bsize;
1282
1283 dsize = (uint64_t)((total_space+63*512) / (64*512));
1284 dfree = (uint64_t)((free_space+63*512) / (64*512));
1285
1286 if (dsize > 0xFFFF) dsize = 0xFFFF;
1287 if (dfree > 0xFFFF) dfree = 0xFFFF;
1288
1289 SSVAL(req->outbuf,smb_vwv0,dsize);
1290 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1291 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1292 SSVAL(req->outbuf,smb_vwv3,dfree);
1293 } else {
1294 SSVAL(req->outbuf,smb_vwv0,dsize);
1295 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1296 SSVAL(req->outbuf,smb_vwv2,512);
1297 SSVAL(req->outbuf,smb_vwv3,dfree);
1298 }
1299
1300 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1301
1302 END_PROFILE(SMBdskattr);
1303 return;
1304 }
1305
1306 /*
1307 * Utility function to split the filename from the directory.
1308 */
1309 static NTSTATUS split_fname_dir_mask(TALLOC_CTX *ctx, const char *fname_in,
1310 char **fname_dir_out,
1311 char **fname_mask_out)
1312 {
1313 const char *p = NULL;
1314 char *fname_dir = NULL;
1315 char *fname_mask = NULL;
1316
1317 p = strrchr_m(fname_in, '/');
1318 if (!p) {
1319 fname_dir = talloc_strdup(ctx, ".");
1320 fname_mask = talloc_strdup(ctx, fname_in);
1321 } else {
1322 fname_dir = talloc_strndup(ctx, fname_in,
1323 PTR_DIFF(p, fname_in));
1324 fname_mask = talloc_strdup(ctx, p+1);
1325 }
1326
1327 if (!fname_dir || !fname_mask) {
1328 TALLOC_FREE(fname_dir);
1329 TALLOC_FREE(fname_mask);
1330 return NT_STATUS_NO_MEMORY;
1331 }
1332
1333 *fname_dir_out = fname_dir;
1334 *fname_mask_out = fname_mask;
1335 return NT_STATUS_OK;
1336 }
1337
1338 /****************************************************************************
1339 Reply to a search.
1340 Can be called from SMBsearch, SMBffirst or SMBfunique.
1341 ****************************************************************************/
1342
1343 void reply_search(struct smb_request *req)
1344 {
1345 connection_struct *conn = req->conn;
1346 char *path = NULL;
1347 const char *mask = NULL;
1348 char *directory = NULL;
1349 struct smb_filename *smb_fname = NULL;
1350 char *fname = NULL;
1351 SMB_OFF_T size;
1352 uint32 mode;
1353 struct timespec date;
1354 uint32 dirtype;
1355 unsigned int numentries = 0;
1356 unsigned int maxentries = 0;
1357 bool finished = False;
1358 const char *p;
1359 int status_len;
1360 char status[21];
1361 int dptr_num= -1;
1362 bool check_descend = False;
1363 bool expect_close = False;
1364 NTSTATUS nt_status;
1365 bool mask_contains_wcard = False;
1366 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1367 TALLOC_CTX *ctx = talloc_tos();
1368 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1369 struct dptr_struct *dirptr = NULL;
1370
1371 START_PROFILE(SMBsearch);
1372
1373 if (req->wct < 2) {
1374 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1375 goto out;
1376 }
1377
1378 if (lp_posix_pathnames()) {
1379 reply_unknown_new(req, req->cmd);
1380 goto out;
1381 }
1382
1383 /* If we were called as SMBffirst then we must expect close. */
1384 if(req->cmd == SMBffirst) {
1385 expect_close = True;
1386 }
1387
1388 reply_outbuf(req, 1, 3);
1389 maxentries = SVAL(req->vwv+0, 0);
1390 dirtype = SVAL(req->vwv+1, 0);
1391 p = (const char *)req->buf + 1;
1392 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1393 &nt_status, &mask_contains_wcard);
1394 if (!NT_STATUS_IS_OK(nt_status)) {
1395 reply_nterror(req, nt_status);
1396 goto out;
1397 }
1398
1399 p++;
1400 status_len = SVAL(p, 0);
1401 p += 2;
1402
1403 /* dirtype &= ~aDIR; */
1404
1405 if (status_len == 0) {
1406 nt_status = filename_convert(ctx, conn,
1407 req->flags2 & FLAGS2_DFS_PATHNAMES,
1408 path,
1409 UCF_ALWAYS_ALLOW_WCARD_LCOMP,
1410 &mask_contains_wcard,
1411 &smb_fname);
1412 if (!NT_STATUS_IS_OK(nt_status)) {
1413 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1414 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1415 ERRSRV, ERRbadpath);
1416 goto out;
1417 }
1418 reply_nterror(req, nt_status);
1419 goto out;
1420 }
1421
1422 directory = smb_fname->base_name;
1423
1424 p = strrchr_m(directory,'/');
1425 if ((p != NULL) && (*directory != '/')) {
1426 mask = p + 1;
1427 directory = talloc_strndup(ctx, directory,
1428 PTR_DIFF(p, directory));
1429 } else {
1430 mask = directory;
1431 directory = talloc_strdup(ctx,".");
1432 }
1433
1434 if (!directory) {
1435 reply_nterror(req, NT_STATUS_NO_MEMORY);
1436 goto out;
1437 }
1438
1439 memset((char *)status,'\0',21);
1440 SCVAL(status,0,(dirtype & 0x1F));
1441
1442 nt_status = dptr_create(conn,
1443 directory,
1444 True,
1445 expect_close,
1446 req->smbpid,
1447 mask,
1448 mask_contains_wcard,
1449 dirtype,
1450 &dirptr);
1451 if (!NT_STATUS_IS_OK(nt_status)) {
1452 reply_nterror(req, nt_status);
1453 goto out;
1454 }
1455 dptr_num = dptr_dnum(dirptr);
1456 } else {
1457 int status_dirtype;
1458 const char *dirpath;
1459
1460 memcpy(status,p,21);
1461 status_dirtype = CVAL(status,0) & 0x1F;
1462 if (status_dirtype != (dirtype & 0x1F)) {
1463 dirtype = status_dirtype;
1464 }
1465
1466 dirptr = dptr_fetch(status+12,&dptr_num);
1467 if (!dirptr) {
1468 goto SearchEmpty;
1469 }
1470 dirpath = dptr_path(dptr_num);
1471 directory = talloc_strdup(ctx, dirpath);
1472 if (!directory) {
1473 reply_nterror(req, NT_STATUS_NO_MEMORY);
1474 goto out;
1475 }
1476
1477 mask = dptr_wcard(dptr_num);
1478 if (!mask) {
1479 goto SearchEmpty;
1480 }
1481 /*
1482 * For a 'continue' search we have no string. So
1483 * check from the initial saved string.
1484 */
1485 mask_contains_wcard = ms_has_wild(mask);
1486 dirtype = dptr_attr(dptr_num);
1487 }
1488
1489 DEBUG(4,("dptr_num is %d\n",dptr_num));
1490
1491 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1492 dptr_init_search_op(dirptr);
1493
1494 if ((dirtype&0x1F) == aVOLID) {
1495 char buf[DIR_STRUCT_SIZE];
1496 memcpy(buf,status,21);
1497 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1498 0,aVOLID,0,!allow_long_path_components)) {
1499 reply_nterror(req, NT_STATUS_NO_MEMORY);
1500 goto out;
1501 }
1502 dptr_fill(buf+12,dptr_num);
1503 if (dptr_zero(buf+12) && (status_len==0)) {
1504 numentries = 1;
1505 } else {
1506 numentries = 0;
1507 }
1508 if (message_push_blob(&req->outbuf,
1509 data_blob_const(buf, sizeof(buf)))
1510 == -1) {
1511 reply_nterror(req, NT_STATUS_NO_MEMORY);
1512 goto out;
1513 }
1514 } else {
1515 unsigned int i;
1516 maxentries = MIN(
1517 maxentries,
1518 ((BUFFER_SIZE -
1519 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1520 /DIR_STRUCT_SIZE));
1521
1522 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1523 directory,lp_dontdescend(SNUM(conn))));
1524 if (in_list(directory, lp_dontdescend(SNUM(conn)),True)) {
1525 check_descend = True;
1526 }
1527
1528 for (i=numentries;(i<maxentries) && !finished;i++) {
1529 finished = !get_dir_entry(ctx,
1530 dirptr,
1531 mask,
1532 dirtype,
1533 &fname,
1534 &size,
1535 &mode,
1536 &date,
1537 check_descend,
1538 ask_sharemode);
1539 if (!finished) {
1540 char buf[DIR_STRUCT_SIZE];
1541 memcpy(buf,status,21);
1542 if (!make_dir_struct(ctx,
1543 buf,
1544 mask,
1545 fname,
1546 size,
1547 mode,
1548 convert_timespec_to_time_t(date),
1549 !allow_long_path_components)) {
1550 reply_nterror(req, NT_STATUS_NO_MEMORY);
1551 goto out;
1552 }
1553 if (!dptr_fill(buf+12,dptr_num)) {
1554 break;
1555 }
1556 if (message_push_blob(&req->outbuf,
1557 data_blob_const(buf, sizeof(buf)))
1558 == -1) {
1559 reply_nterror(req, NT_STATUS_NO_MEMORY);
1560 goto out;
1561 }
1562 numentries++;
1563 }
1564 }
1565 }
1566
1567 SearchEmpty:
1568
1569 /* If we were called as SMBffirst with smb_search_id == NULL
1570 and no entries were found then return error and close dirptr
1571 (X/Open spec) */
1572
1573 if (numentries == 0) {
1574 dptr_close(&dptr_num);
1575 } else if(expect_close && status_len == 0) {
1576 /* Close the dptr - we know it's gone */
1577 dptr_close(&dptr_num);
1578 }
1579
1580 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1581 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1582 dptr_close(&dptr_num);
1583 }
1584
1585 if ((numentries == 0) && !mask_contains_wcard) {
1586 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1587 goto out;
1588 }
1589
1590 SSVAL(req->outbuf,smb_vwv0,numentries);
1591 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1592 SCVAL(smb_buf(req->outbuf),0,5);
1593 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1594
1595 /* The replies here are never long name. */
1596 SSVAL(req->outbuf, smb_flg2,
1597 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1598 if (!allow_long_path_components) {
1599 SSVAL(req->outbuf, smb_flg2,
1600 SVAL(req->outbuf, smb_flg2)
1601 & (~FLAGS2_LONG_PATH_COMPONENTS));
1602 }
1603
1604 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1605 SSVAL(req->outbuf, smb_flg2,
1606 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1607
1608 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1609 smb_fn_name(req->cmd),
1610 mask,
1611 directory,
1612 dirtype,
1613 numentries,
1614 maxentries ));
1615 out:
1616 TALLOC_FREE(directory);
1617 TALLOC_FREE(smb_fname);
1618 END_PROFILE(SMBsearch);
1619 return;
1620 }
1621
1622 /****************************************************************************
1623 Reply to a fclose (stop directory search).
1624 ****************************************************************************/
1625
1626 void reply_fclose(struct smb_request *req)
1627 {
1628 int status_len;
1629 char status[21];
1630 int dptr_num= -2;
1631 const char *p;
1632 char *path = NULL;
1633 NTSTATUS err;
1634 bool path_contains_wcard = False;
1635 TALLOC_CTX *ctx = talloc_tos();
1636
1637 START_PROFILE(SMBfclose);
1638
1639 if (lp_posix_pathnames()) {
1640 reply_unknown_new(req, req->cmd);
1641 END_PROFILE(SMBfclose);
1642 return;
1643 }
1644
1645 p = (const char *)req->buf + 1;
1646 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1647 &err, &path_contains_wcard);
1648 if (!NT_STATUS_IS_OK(err)) {
1649 reply_nterror(req, err);
1650 END_PROFILE(SMBfclose);
1651 return;
1652 }
1653 p++;
1654 status_len = SVAL(p,0);
1655 p += 2;
1656
1657 if (status_len == 0) {
1658 reply_doserror(req, ERRSRV, ERRsrverror);
1659 END_PROFILE(SMBfclose);
1660 return;
1661 }
1662
1663 memcpy(status,p,21);
1664
1665 if(dptr_fetch(status+12,&dptr_num)) {
1666 /* Close the dptr - we know it's gone */
1667 dptr_close(&dptr_num);
1668 }
1669
1670 reply_outbuf(req, 1, 0);
1671 SSVAL(req->outbuf,smb_vwv0,0);
1672
1673 DEBUG(3,("search close\n"));
1674
1675 END_PROFILE(SMBfclose);
1676 return;
1677 }
1678
1679 /****************************************************************************
1680 Reply to an open.
1681 ****************************************************************************/
1682
1683 void reply_open(struct smb_request *req)
1684 {
1685 connection_struct *conn = req->conn;
1686 struct smb_filename *smb_fname = NULL;
1687 char *fname = NULL;
1688 uint32 fattr=0;
1689 SMB_OFF_T size = 0;
1690 time_t mtime=0;
1691 int info;
1692 files_struct *fsp;
1693 int oplock_request;
1694 int deny_mode;
1695 uint32 dos_attr;
1696 uint32 access_mask;
1697 uint32 share_mode;
1698 uint32 create_disposition;
1699 uint32 create_options = 0;
1700 NTSTATUS status;
1701 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1702 TALLOC_CTX *ctx = talloc_tos();
1703
1704 START_PROFILE(SMBopen);
1705
1706 if (req->wct < 2) {
1707 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1708 goto out;
1709 }
1710
1711 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1712 deny_mode = SVAL(req->vwv+0, 0);
1713 dos_attr = SVAL(req->vwv+1, 0);
1714
1715 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1716 STR_TERMINATE, &status);
1717 if (!NT_STATUS_IS_OK(status)) {
1718 reply_nterror(req, status);
1719 goto out;
1720 }
1721
1722 status = filename_convert(ctx,
1723 conn,
1724 req->flags2 & FLAGS2_DFS_PATHNAMES,
1725 fname,
1726 0,
1727 NULL,
1728 &smb_fname);
1729 if (!NT_STATUS_IS_OK(status)) {
1730 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1731 reply_botherror(req,
1732 NT_STATUS_PATH_NOT_COVERED,
1733 ERRSRV, ERRbadpath);
1734 goto out;
1735 }
1736 reply_nterror(req, status);
1737 goto out;
1738 }
1739
1740 if (!map_open_params_to_ntcreate(smb_fname, deny_mode,
1741 OPENX_FILE_EXISTS_OPEN, &access_mask,
1742 &share_mode, &create_disposition,
1743 &create_options)) {
1744 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1745 goto out;
1746 }
1747
1748 status = SMB_VFS_CREATE_FILE(
1749 conn, /* conn */
1750 req, /* req */
1751 0, /* root_dir_fid */
1752 smb_fname, /* fname */
1753 access_mask, /* access_mask */
1754 share_mode, /* share_access */
1755 create_disposition, /* create_disposition*/
1756 create_options, /* create_options */
1757 dos_attr, /* file_attributes */
1758 oplock_request, /* oplock_request */
1759 0, /* allocation_size */
1760 NULL, /* sd */
1761 NULL, /* ea_list */
1762 &fsp, /* result */
1763 &info); /* pinfo */
1764
1765 if (!NT_STATUS_IS_OK(status)) {
1766 if (open_was_deferred(req->mid)) {
1767 /* We have re-scheduled this call. */
1768 goto out;
1769 }
1770 reply_openerror(req, status);
1771 goto out;
1772 }
1773
1774 size = smb_fname->st.st_ex_size;
1775 fattr = dos_mode(conn, smb_fname);
1776
1777 /* Deal with other possible opens having a modified
1778 write time. JRA. */
1779 if (ask_sharemode) {
1780 struct timespec write_time_ts;
1781
1782 ZERO_STRUCT(write_time_ts);
1783 get_file_infos(fsp->file_id, NULL, &write_time_ts);
1784 if (!null_timespec(write_time_ts)) {
1785 update_stat_ex_mtime(&smb_fname->st, write_time_ts);
1786 }
1787 }
1788
1789 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1790
1791 if (fattr & aDIR) {
1792 DEBUG(3,("attempt to open a directory %s\n",
1793 fsp_str_dbg(fsp)));
1794 close_file(req, fsp, ERROR_CLOSE);
1795 reply_doserror(req, ERRDOS,ERRnoaccess);
1796 goto out;
1797 }
1798
1799 reply_outbuf(req, 7, 0);
1800 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1801 SSVAL(req->outbuf,smb_vwv1,fattr);
1802 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1803 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1804 } else {
1805 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1806 }
1807 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1808 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1809
1810 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1811 SCVAL(req->outbuf,smb_flg,
1812 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1813 }
1814
1815 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1816 SCVAL(req->outbuf,smb_flg,
1817 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1818 }
1819 out:
1820 TALLOC_FREE(smb_fname);
1821 END_PROFILE(SMBopen);
1822 return;
1823 }
1824
1825 /****************************************************************************
1826 Reply to an open and X.
1827 ****************************************************************************/
1828
1829 void reply_open_and_X(struct smb_request *req)
1830 {
1831 connection_struct *conn = req->conn;
1832 struct smb_filename *smb_fname = NULL;
1833 char *fname = NULL;
1834 uint16 open_flags;
1835 int deny_mode;
1836 uint32 smb_attr;
1837 /* Breakout the oplock request bits so we can set the
1838 reply bits separately. */
1839 int ex_oplock_request;
1840 int core_oplock_request;
1841 int oplock_request;
1842 #if 0
1843 int smb_sattr = SVAL(req->vwv+4, 0);
1844 uint32 smb_time = make_unix_date3(req->vwv+6);
1845 #endif
1846 int smb_ofun;
1847 uint32 fattr=0;
1848 int mtime=0;
1849 int smb_action = 0;
1850 files_struct *fsp;
1851 NTSTATUS status;
1852 uint64_t allocation_size;
1853 ssize_t retval = -1;
1854 uint32 access_mask;
1855 uint32 share_mode;
1856 uint32 create_disposition;
1857 uint32 create_options = 0;
1858 TALLOC_CTX *ctx = talloc_tos();
1859
1860 START_PROFILE(SMBopenX);
1861
1862 if (req->wct < 15) {
1863 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1864 goto out;
1865 }
1866
1867 open_flags = SVAL(req->vwv+2, 0);
1868 deny_mode = SVAL(req->vwv+3, 0);
1869 smb_attr = SVAL(req->vwv+5, 0);
1870 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1871 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1872 oplock_request = ex_oplock_request | core_oplock_request;
1873 smb_ofun = SVAL(req->vwv+8, 0);
1874 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1875
1876 /* If it's an IPC, pass off the pipe handler. */
1877 if (IS_IPC(conn)) {
1878 if (lp_nt_pipe_support()) {
1879 reply_open_pipe_and_X(conn, req);
1880 } else {
1881 reply_doserror(req, ERRSRV, ERRaccess);
1882 }
1883 goto out;
1884 }
1885
1886 /* XXXX we need to handle passed times, sattr and flags */
1887 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1888 STR_TERMINATE, &status);
1889 if (!NT_STATUS_IS_OK(status)) {
1890 reply_nterror(req, status);
1891 goto out;
1892 }
1893
1894 status = filename_convert(ctx,
1895 conn,
1896 req->flags2 & FLAGS2_DFS_PATHNAMES,
1897 fname,
1898 0,
1899 NULL,
1900 &smb_fname);
1901 if (!NT_STATUS_IS_OK(status)) {
1902 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1903 reply_botherror(req,
1904 NT_STATUS_PATH_NOT_COVERED,
1905 ERRSRV, ERRbadpath);
1906 goto out;
1907 }
1908 reply_nterror(req, status);
1909 goto out;
1910 }
1911
1912 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, smb_ofun,
1913 &access_mask, &share_mode,
1914 &create_disposition,
1915 &create_options)) {
1916 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1917 goto out;
1918 }
1919
1920 status = SMB_VFS_CREATE_FILE(
1921 conn, /* conn */
1922 req, /* req */
1923 0, /* root_dir_fid */
1924 smb_fname, /* fname */
1925 access_mask, /* access_mask */
1926 share_mode, /* share_access */
1927 create_disposition, /* create_disposition*/
1928 create_options, /* create_options */
1929 smb_attr, /* file_attributes */
1930 oplock_request, /* oplock_request */
1931 0, /* allocation_size */
1932 NULL, /* sd */
1933 NULL, /* ea_list */
1934 &fsp, /* result */
1935 &smb_action); /* pinfo */
1936
1937 if (!NT_STATUS_IS_OK(status)) {
1938 if (open_was_deferred(req->mid)) {
1939 /* We have re-scheduled this call. */
1940 goto out;
1941 }
1942 reply_openerror(req, status);
1943 goto out;
1944 }
1945
1946 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1947 if the file is truncated or created. */
1948 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1949 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1950 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1951 close_file(req, fsp, ERROR_CLOSE);
1952 reply_nterror(req, NT_STATUS_DISK_FULL);
1953 goto out;
1954 }
1955 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1956 if (retval < 0) {
1957 close_file(req, fsp, ERROR_CLOSE);
1958 reply_nterror(req, NT_STATUS_DISK_FULL);
1959 goto out;
1960 }
1961 smb_fname->st.st_ex_size =
1962 SMB_VFS_GET_ALLOC_SIZE(conn, fsp, &smb_fname->st);
1963 }
1964
1965 fattr = dos_mode(conn, smb_fname);
1966 mtime = convert_timespec_to_time_t(smb_fname->st.st_ex_mtime);
1967 if (fattr & aDIR) {
1968 close_file(req, fsp, ERROR_CLOSE);
1969 reply_doserror(req, ERRDOS, ERRnoaccess);
1970 goto out;
1971 }
1972
1973 /* If the caller set the extended oplock request bit
1974 and we granted one (by whatever means) - set the
1975 correct bit for extended oplock reply.
1976 */
1977
1978 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1979 smb_action |= EXTENDED_OPLOCK_GRANTED;
1980 }
1981
1982 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1983 smb_action |= EXTENDED_OPLOCK_GRANTED;
1984 }
1985
1986 /* If the caller set the core oplock request bit
1987 and we granted one (by whatever means) - set the
1988 correct bit for core oplock reply.
1989 */
1990
1991 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1992 reply_outbuf(req, 19, 0);
1993 } else {
1994 reply_outbuf(req, 15, 0);
1995 }
1996
1997 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1998 SCVAL(req->outbuf, smb_flg,
1999 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2000 }
2001
2002 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2003 SCVAL(req->outbuf, smb_flg,
2004 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2005 }
2006
2007 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
2008 SSVAL(req->outbuf,smb_vwv3,fattr);
2009 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
2010 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
2011 } else {
2012 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
2013 }
2014 SIVAL(req->outbuf,smb_vwv6,(uint32)smb_fname->st.st_ex_size);
2015 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
2016 SSVAL(req->outbuf,smb_vwv11,smb_action);
2017
2018 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
2019 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
2020 }
2021
2022 chain_reply(req);
2023 out:
2024 TALLOC_FREE(smb_fname);
2025 END_PROFILE(SMBopenX);
2026 return;
2027 }
2028
2029 /****************************************************************************
2030 Reply to a SMBulogoffX.
2031 ****************************************************************************/
2032
2033 void reply_ulogoffX(struct smb_request *req)
2034 {
2035 struct smbd_server_connection *sconn = smbd_server_conn;
2036 user_struct *vuser;
2037
2038 START_PROFILE(SMBulogoffX);
2039
2040 vuser = get_valid_user_struct(sconn, req->vuid);
2041
2042 if(vuser == NULL) {
2043 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
2044 req->vuid));
2045 }
2046
2047 /* in user level security we are supposed to close any files
2048 open by this user */
2049 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
2050 file_close_user(req->vuid);
2051 }
2052
2053 invalidate_vuid(sconn, req->vuid);
2054
2055 reply_outbuf(req, 2, 0);
2056
2057 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
2058
2059 END_PROFILE(SMBulogoffX);
2060 req->vuid = UID_FIELD_INVALID;
2061 chain_reply(req);
2062 }
2063
2064 /****************************************************************************
2065 Reply to a mknew or a create.
2066 ****************************************************************************/
2067
2068 void reply_mknew(struct smb_request *req)
2069 {
2070 connection_struct *conn = req->conn;
2071 struct smb_filename *smb_fname = NULL;
2072 char *fname = NULL;
2073 uint32 fattr = 0;
2074 struct smb_file_time ft;
2075 files_struct *fsp;
2076 int oplock_request = 0;
2077 NTSTATUS status;
2078 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
2079 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
2080 uint32 create_disposition;
2081 uint32 create_options = 0;
2082 TALLOC_CTX *ctx = talloc_tos();
2083
2084 START_PROFILE(SMBcreate);
2085 ZERO_STRUCT(ft);
2086
2087 if (req->wct < 3) {
2088 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2089 goto out;
2090 }
2091
2092 fattr = SVAL(req->vwv+0, 0);
2093 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2094
2095 /* mtime. */
2096 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
2097
2098 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
2099 STR_TERMINATE, &status);
2100 if (!NT_STATUS_IS_OK(status)) {
2101 reply_nterror(req, status);
2102 goto out;
2103 }
2104
2105 status = filename_convert(ctx,
2106 conn,
2107 req->flags2 & FLAGS2_DFS_PATHNAMES,
2108 fname,
2109 0,
2110 NULL,
2111 &smb_fname);
2112 if (!NT_STATUS_IS_OK(status)) {
2113 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2114 reply_botherror(req,
2115 NT_STATUS_PATH_NOT_COVERED,
2116 ERRSRV, ERRbadpath);
2117 goto out;
2118 }
2119 reply_nterror(req, status);
2120 goto out;
2121 }
2122
2123 if (fattr & aVOLID) {
2124 DEBUG(0,("Attempt to create file (%s) with volid set - "
2125 "please report this\n",
2126 smb_fname_str_dbg(smb_fname)));
2127 }
2128
2129 if(req->cmd == SMBmknew) {
2130 /* We should fail if file exists. */
2131 create_disposition = FILE_CREATE;
2132 } else {
2133 /* Create if file doesn't exist, truncate if it does. */
2134 create_disposition = FILE_OVERWRITE_IF;
2135 }
2136
2137 status = SMB_VFS_CREATE_FILE(
2138 conn, /* conn */
2139 req, /* req */
2140 0, /* root_dir_fid */
2141 smb_fname, /* fname */
2142 access_mask, /* access_mask */
2143 share_mode, /* share_access */
2144 create_disposition, /* create_disposition*/
2145 create_options, /* create_options */
2146 fattr, /* file_attributes */
2147 oplock_request, /* oplock_request */
2148 0, /* allocation_size */
2149 NULL, /* sd */
2150 NULL, /* ea_list */
2151 &fsp, /* result */
2152 NULL); /* pinfo */
2153
2154 if (!NT_STATUS_IS_OK(status)) {
2155 if (open_was_deferred(req->mid)) {
2156 /* We have re-scheduled this call. */
2157 goto out;
2158 }
2159 reply_openerror(req, status);
2160 goto out;
2161 }
2162
2163 ft.atime = smb_fname->st.st_ex_atime; /* atime. */
2164 status = smb_set_file_time(conn, fsp, smb_fname, &ft, true);
2165 if (!NT_STATUS_IS_OK(status)) {
2166 END_PROFILE(SMBcreate);
2167 goto out;
2168 }
2169
2170 reply_outbuf(req, 1, 0);
2171 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2172
2173 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2174 SCVAL(req->outbuf,smb_flg,
2175 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2176 }
2177
2178 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2179 SCVAL(req->outbuf,smb_flg,
2180 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2181 }
2182
2183 DEBUG(2, ("reply_mknew: file %s\n", smb_fname_str_dbg(smb_fname)));
2184 DEBUG(3, ("reply_mknew %s fd=%d dmode=0x%x\n",
2185 smb_fname_str_dbg(smb_fname), fsp->fh->fd,
2186 (unsigned int)fattr));
2187
2188 out:
2189 TALLOC_FREE(smb_fname);
2190 END_PROFILE(SMBcreate);
2191 return;
2192 }
2193
2194 /****************************************************************************
2195 Reply to a create temporary file.
2196 ****************************************************************************/
2197
2198 void reply_ctemp(struct smb_request *req)
2199 {
2200 connection_struct *conn = req->conn;
2201 struct smb_filename *smb_fname = NULL;
2202 char *fname = NULL;
2203 uint32 fattr;
2204 files_struct *fsp;
2205 int oplock_request;
2206 int tmpfd;
2207 char *s;
2208 NTSTATUS status;
2209 TALLOC_CTX *ctx = talloc_tos();
2210
2211 START_PROFILE(SMBctemp);
2212
2213 if (req->wct < 3) {
2214 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2215 goto out;
2216 }
2217
2218 fattr = SVAL(req->vwv+0, 0);
2219 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2220
2221 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2222 STR_TERMINATE, &status);
2223 if (!NT_STATUS_IS_OK(status)) {
2224 reply_nterror(req, status);
2225 goto out;
2226 }
2227 if (*fname) {
2228 fname = talloc_asprintf(ctx,
2229 "%s/TMXXXXXX",
2230 fname);
2231 } else {
2232 fname = talloc_strdup(ctx, "TMXXXXXX");
2233 }
2234
2235 if (!fname) {
2236 reply_nterror(req, NT_STATUS_NO_MEMORY);
2237 goto out;
2238 }
2239
2240 status = filename_convert(ctx, conn,
2241 req->flags2 & FLAGS2_DFS_PATHNAMES,
2242 fname,
2243 0,
2244 NULL,
2245 &smb_fname);
2246 if (!NT_STATUS_IS_OK(status)) {
2247 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2248 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2249 ERRSRV, ERRbadpath);
2250 goto out;
2251 }
2252 reply_nterror(req, status);
2253 goto out;
2254 }
2255
2256 tmpfd = mkstemp(smb_fname->base_name);
2257 if (tmpfd == -1) {
2258 reply_nterror(req, map_nt_error_from_unix(errno));
2259 goto out;
2260 }
2261
2262 SMB_VFS_STAT(conn, smb_fname);
2263
2264 /* We should fail if file does not exist. */
2265 status = SMB_VFS_CREATE_FILE(
2266 conn, /* conn */
2267 req, /* req */
2268 0, /* root_dir_fid */
2269 smb_fname, /* fname */
2270 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2271 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2272 FILE_OPEN, /* create_disposition*/
2273 0, /* create_options */
2274 fattr, /* file_attributes */
2275 oplock_request, /* oplock_request */
2276 0, /* allocation_size */
2277 NULL, /* sd */
2278 NULL, /* ea_list */
2279 &fsp, /* result */
2280 NULL); /* pinfo */
2281
2282 /* close fd from mkstemp() */
2283 close(tmpfd);
2284
2285 if (!NT_STATUS_IS_OK(status)) {
2286 if (open_was_deferred(req->mid)) {
2287 /* We have re-scheduled this call. */
2288 goto out;
2289 }
2290 reply_openerror(req, status);
2291 goto out;
2292 }
2293
2294 reply_outbuf(req, 1, 0);
2295 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2296
2297 /* the returned filename is relative to the directory */
2298 s = strrchr_m(fsp->fsp_name->base_name, '/');
2299 if (!s) {
2300 s = fsp->fsp_name->base_name;
2301 } else {
2302 s++;
2303 }
2304
2305 #if 0
2306 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2307 thing in the byte section. JRA */
2308 SSVALS(p, 0, -1); /* what is this? not in spec */
2309 #endif
2310 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2311 == -1) {
2312 reply_nterror(req, NT_STATUS_NO_MEMORY);
2313 goto out;
2314 }
2315
2316 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2317 SCVAL(req->outbuf, smb_flg,
2318 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2319 }
2320
2321 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2322 SCVAL(req->outbuf, smb_flg,
2323 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2324 }
2325
2326 DEBUG(2, ("reply_ctemp: created temp file %s\n", fsp_str_dbg(fsp)));
2327 DEBUG(3, ("reply_ctemp %s fd=%d umode=0%o\n", fsp_str_dbg(fsp),
2328 fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode));
2329 out:
2330 TALLOC_FREE(smb_fname);
2331 END_PROFILE(SMBctemp);
2332 return;
2333 }
2334
2335 /*******************************************************************
2336 Check if a user is allowed to rename a file.
2337 ********************************************************************/
2338
2339 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2340 uint16 dirtype, SMB_STRUCT_STAT *pst)
2341 {
2342 uint32 fmode;
2343
2344 if (!CAN_WRITE(conn)) {
2345 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2346 }
2347
2348 fmode = dos_mode(conn, fsp->fsp_name);
2349 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2350 return NT_STATUS_NO_SUCH_FILE;
2351 }
2352
2353 if (S_ISDIR(pst->st_ex_mode)) {
2354 if (fsp->posix_open) {
2355 return NT_STATUS_OK;
2356 }
2357
2358 /* If no pathnames are open below this
2359 directory, allow the rename. */
2360
2361 if (file_find_subpath(fsp)) {
2362 return NT_STATUS_ACCESS_DENIED;
2363 }
2364 return NT_STATUS_OK;
2365 }
2366
2367 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2368 return NT_STATUS_OK;
2369 }
2370
2371 return NT_STATUS_ACCESS_DENIED;
2372 }
2373
2374 /*******************************************************************
2375 * unlink a file with all relevant access checks
2376 *******************************************************************/
2377
2378 static NTSTATUS do_unlink(connection_struct *conn,
2379 struct smb_request *req,
2380 struct smb_filename *smb_fname,
2381 uint32 dirtype)
2382 {
2383 uint32 fattr;
2384 files_struct *fsp;
2385 uint32 dirtype_orig = dirtype;
2386 NTSTATUS status;
2387
2388 DEBUG(10,("do_unlink: %s, dirtype = %d\n",
2389 smb_fname_str_dbg(smb_fname),
2390 dirtype));
2391
2392 if (!CAN_WRITE(conn)) {
2393 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2394 }
2395
2396 if (SMB_VFS_LSTAT(conn, smb_fname) != 0) {
2397 return map_nt_error_from_unix(errno);
2398 }
2399
2400 fattr = dos_mode(conn, smb_fname);
2401
2402 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2403 dirtype = aDIR|aARCH|aRONLY;
2404 }
2405
2406 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2407 if (!dirtype) {
2408 return NT_STATUS_NO_SUCH_FILE;
2409 }
2410
2411 if (!dir_check_ftype(conn, fattr, dirtype)) {
2412 if (fattr & aDIR) {
2413 return NT_STATUS_FILE_IS_A_DIRECTORY;
2414 }
2415 return NT_STATUS_NO_SUCH_FILE;
2416 }
2417
2418 if (dirtype_orig & 0x8000) {
2419 /* These will never be set for POSIX. */
2420 return NT_STATUS_NO_SUCH_FILE;
2421 }
2422
2423 #if 0
2424 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2425 return NT_STATUS_FILE_IS_A_DIRECTORY;
2426 }
2427
2428 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2429 return NT_STATUS_NO_SUCH_FILE;
2430 }
2431
2432 if (dirtype & 0xFF00) {
2433 /* These will never be set for POSIX. */
2434 return NT_STATUS_NO_SUCH_FILE;
2435 }
2436
2437 dirtype &= 0xFF;
2438 if (!dirtype) {
2439 return NT_STATUS_NO_SUCH_FILE;
2440 }
2441
2442 /* Can't delete a directory. */
2443 if (fattr & aDIR) {
2444 return NT_STATUS_FILE_IS_A_DIRECTORY;
2445 }
2446 #endif
2447
2448 #if 0 /* JRATEST */
2449 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2450 return NT_STATUS_OBJECT_NAME_INVALID;
2451 #endif /* JRATEST */
2452
2453 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2454
2455 On a Windows share, a file with read-only dosmode can be opened with
2456 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2457 fails with NT_STATUS_CANNOT_DELETE error.
2458
2459 This semantic causes a problem that a user can not
2460 rename a file with read-only dosmode on a Samba share
2461 from a Windows command prompt (i.e. cmd.exe, but can rename
2462 from Windows Explorer).
2463 */
2464
2465 if (!lp_delete_readonly(SNUM(conn))) {
2466 if (fattr & aRONLY) {
2467 return NT_STATUS_CANNOT_DELETE;
2468 }
2469 }
2470
2471 /* On open checks the open itself will check the share mode, so
2472 don't do it here as we'll get it wrong. */
2473
2474 status = SMB_VFS_CREATE_FILE
2475 (conn, /* conn */
2476 req, /* req */
2477 0, /* root_dir_fid */
2478 smb_fname, /* fname */
2479 DELETE_ACCESS, /* access_mask */
2480 FILE_SHARE_NONE, /* share_access */
2481 FILE_OPEN, /* create_disposition*/
2482 FILE_NON_DIRECTORY_FILE, /* create_options */
2483 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2484 0, /* oplock_request */
2485 0, /* allocation_size */
2486 NULL, /* sd */
2487 NULL, /* ea_list */
2488 &fsp, /* result */
2489 NULL); /* pinfo */
2490
2491 if (!NT_STATUS_IS_OK(status)) {
2492 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2493 nt_errstr(status)));
2494 return status;
2495 }
2496
2497 /* The set is across all open files on this dev/inode pair. */
2498 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2499 close_file(req, fsp, NORMAL_CLOSE);
2500 return NT_STATUS_ACCESS_DENIED;
2501 }
2502
2503 return close_file(req, fsp, NORMAL_CLOSE);
2504 }
2505
2506 /****************************************************************************
2507 The guts of the unlink command, split out so it may be called by the NT SMB
2508 code.
2509 ****************************************************************************/
2510
2511 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2512 uint32 dirtype, struct smb_filename *smb_fname,
2513 bool has_wild)
2514 {
2515 char *fname_dir = NULL;
2516 char *fname_mask = NULL;
2517 int count=0;
2518 NTSTATUS status = NT_STATUS_OK;
2519 TALLOC_CTX *ctx = talloc_tos();
2520
2521 /* Split up the directory from the filename/mask. */
2522 status = split_fname_dir_mask(ctx, smb_fname->base_name,
2523 &fname_dir, &fname_mask);
2524 if (!NT_STATUS_IS_OK(status)) {
2525 goto out;
2526 }
2527
2528 /*
2529 * We should only check the mangled cache
2530 * here if unix_convert failed. This means
2531 * that the path in 'mask' doesn't exist
2532 * on the file system and so we need to look
2533 * for a possible mangle. This patch from
2534 * Tine Smukavec <valentin.smukavec@hermes.si>.
2535 */
2536
2537 if (!VALID_STAT(smb_fname->st) &&
2538 mangle_is_mangled(fname_mask, conn->params)) {
2539 char *new_mask = NULL;
2540 mangle_lookup_name_from_8_3(ctx, fname_mask,
2541 &new_mask, conn->params);
2542 if (new_mask) {
2543 TALLOC_FREE(fname_mask);
2544 fname_mask = new_mask;
2545 }
2546 }
2547
2548 if (!has_wild) {
2549
2550 /*
2551 * Only one file needs to be unlinked. Append the mask back
2552 * onto the directory.
2553 */
2554 TALLOC_FREE(smb_fname->base_name);
2555 smb_fname->base_name = talloc_asprintf(smb_fname,
2556 "%s/%s",
2557 fname_dir,
2558 fname_mask);
2559 if (!smb_fname->base_name) {
2560 status = NT_STATUS_NO_MEMORY;
2561 goto out;
2562 }
2563 if (dirtype == 0) {
2564 dirtype = FILE_ATTRIBUTE_NORMAL;
2565 }
2566
2567 status = check_name(conn, smb_fname->base_name);
2568 if (!NT_STATUS_IS_OK(status)) {
2569 goto out;
2570 }
2571
2572 status = do_unlink(conn, req, smb_fname, dirtype);
2573 if (!NT_STATUS_IS_OK(status)) {
2574 goto out;
2575 }
2576
2577 count++;
2578 } else {
2579 struct smb_Dir *dir_hnd = NULL;
2580 long offset = 0;
2581 const char *dname;
2582
2583 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2584 status = NT_STATUS_OBJECT_NAME_INVALID;
2585 goto out;
2586 }
2587
2588 if (strequal(fname_mask,"????????.???")) {
2589 TALLOC_FREE(fname_mask);
2590 fname_mask = talloc_strdup(ctx, "*");
2591 if (!fname_mask) {
2592 status = NT_STATUS_NO_MEMORY;
2593 goto out;
2594 }
2595 }
2596
2597 status = check_name(conn, fname_dir);
2598 if (!NT_STATUS_IS_OK(status)) {
2599 goto out;
2600 }
2601
2602 dir_hnd = OpenDir(talloc_tos(), conn, fname_dir, fname_mask,
2603 dirtype);
2604 if (dir_hnd == NULL) {
2605 status = map_nt_error_from_unix(errno);
2606 goto out;
2607 }
2608
2609 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2610 the pattern matches against the long name, otherwise the short name
2611 We don't implement this yet XXXX
2612 */
2613
2614 status = NT_STATUS_NO_SUCH_FILE;
2615
2616 while ((dname = ReadDirName(dir_hnd, &offset,
2617 &smb_fname->st))) {
2618 TALLOC_CTX *frame = talloc_stackframe();
2619
2620 if (!is_visible_file(conn, fname_dir, dname,
2621 &smb_fname->st, true)) {
2622 TALLOC_FREE(frame);
2623 continue;
2624 }
2625
2626 /* Quick check for "." and ".." */
2627 if (ISDOT(dname) || ISDOTDOT(dname)) {
2628 TALLOC_FREE(frame);
2629 continue;
2630 }
2631
2632 if(!mask_match(dname, fname_mask,
2633 conn->case_sensitive)) {
2634 TALLOC_FREE(frame);
2635 continue;
2636 }
2637
2638 TALLOC_FREE(smb_fname->base_name);
2639 smb_fname->base_name =
2640 talloc_asprintf(smb_fname, "%s/%s",
2641 fname_dir, dname);
2642
2643 if (!smb_fname->base_name) {
2644 TALLOC_FREE(dir_hnd);
2645 status = NT_STATUS_NO_MEMORY;
2646 TALLOC_FREE(frame);
2647 goto out;
2648 }
2649
2650 status = check_name(conn, smb_fname->base_name);
2651 if (!NT_STATUS_IS_OK(status)) {
2652 TALLOC_FREE(dir_hnd);
2653 TALLOC_FREE(frame);
2654 goto out;
2655 }
2656
2657 status = do_unlink(conn, req, smb_fname, dirtype);
2658 if (!NT_STATUS_IS_OK(status)) {
2659 TALLOC_FREE(frame);
2660 continue;
2661 }
2662
2663 count++;
2664 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2665 smb_fname->base_name));
2666
2667 TALLOC_FREE(frame);
2668 }
2669 TALLOC_FREE(dir_hnd);
2670 }
2671
2672 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2673 status = map_nt_error_from_unix(errno);
2674 }
2675
2676 out:
2677 TALLOC_FREE(fname_dir);
2678 TALLOC_FREE(fname_mask);
2679 return status;
2680 }
2681
2682 /****************************************************************************
2683 Reply to a unlink
2684 ****************************************************************************/
2685
2686 void reply_unlink(struct smb_request *req)
2687 {
2688 connection_struct *conn = req->conn;
2689 char *name = NULL;
2690 struct smb_filename *smb_fname = NULL;
2691 uint32 dirtype;
2692 NTSTATUS status;
2693 bool path_contains_wcard = False;
2694 TALLOC_CTX *ctx = talloc_tos();
2695
2696 START_PROFILE(SMBunlink);
2697
2698 if (req->wct < 1) {
2699 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2700 goto out;
2701 }
2702
2703 dirtype = SVAL(req->vwv+0, 0);
2704
2705 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2706 STR_TERMINATE, &status,
2707 &path_contains_wcard);
2708 if (!NT_STATUS_IS_OK(status)) {
2709 reply_nterror(req, status);
2710 goto out;
2711 }
2712
2713 status = filename_convert(ctx, conn,
2714 req->flags2 & FLAGS2_DFS_PATHNAMES,
2715 name,
2716 UCF_COND_ALLOW_WCARD_LCOMP,
2717 &path_contains_wcard,
2718 &smb_fname);
2719 if (!NT_STATUS_IS_OK(status)) {
2720 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2721 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2722 ERRSRV, ERRbadpath);
2723 goto out;
2724 }
2725 reply_nterror(req, status);
2726 goto out;
2727 }
2728
2729 DEBUG(3,("reply_unlink : %s\n", smb_fname_str_dbg(smb_fname)));
2730
2731 status = unlink_internals(conn, req, dirtype, smb_fname,
2732 path_contains_wcard);
2733 if (!NT_STATUS_IS_OK(status)) {
2734 if (open_was_deferred(req->mid)) {
2735 /* We have re-scheduled this call. */
2736 goto out;
2737 }
2738 reply_nterror(req, status);
2739 goto out;
2740 }
2741
2742 reply_outbuf(req, 0, 0);
2743 out:
2744 TALLOC_FREE(smb_fname);
2745 END_PROFILE(SMBunlink);
2746 return;
2747 }
2748
2749 /****************************************************************************
2750 Fail for readbraw.
2751 ****************************************************************************/
2752
2753 static void fail_readraw(void)
2754 {
2755 const char *errstr = talloc_asprintf(talloc_tos(),
2756 "FAIL ! reply_readbraw: socket write fail (%s)",
2757 strerror(errno));
2758 if (!errstr) {
2759 errstr = "";
2760 }
2761 exit_server_cleanly(errstr);
2762 }
2763
2764 /****************************************************************************
2765 Fake (read/write) sendfile. Returns -1 on read or write fail.
2766 ****************************************************************************/
2767
2768 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2769 size_t nread)
2770 {
2771 size_t bufsize;
2772 size_t tosend = nread;
2773 char *buf;
2774
2775 if (nread == 0) {
2776 return 0;
2777 }
2778
2779 bufsize = MIN(nread, 65536);
2780
2781 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2782 return -1;
2783 }
2784
2785 while (tosend > 0) {
2786 ssize_t ret;
2787 size_t cur_read;
2788
2789 if (tosend > bufsize) {
2790 cur_read = bufsize;
2791 } else {
2792 cur_read = tosend;
2793 }
2794 ret = read_file(fsp,buf,startpos,cur_read);
2795 if (ret == -1) {
2796 SAFE_FREE(buf);
2797 return -1;
2798 }
2799
2800 /* If we had a short read, fill with zeros. */
2801 if (ret < cur_read) {
2802 memset(buf + ret, '\0', cur_read - ret);
2803 }
2804
2805 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2806 SAFE_FREE(buf);
2807 return -1;
2808 }
2809 tosend -= cur_read;
2810 startpos += cur_read;
2811 }
2812
2813 SAFE_FREE(buf);
2814 return (ssize_t)nread;
2815 }
2816
2817 #if defined(WITH_SENDFILE)
2818 /****************************************************************************
2819 Deal with the case of sendfile reading less bytes from the file than
2820 requested. Fill with zeros (all we can do).
2821 ****************************************************************************/
2822
2823 static void sendfile_short_send(files_struct *fsp,
2824 ssize_t nread,
2825 size_t headersize,
2826 size_t smb_maxcnt)
2827 {
2828 #define SHORT_SEND_BUFSIZE 1024
2829 if (nread < headersize) {
2830 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2831 "header for file %s (%s). Terminating\n",
2832 fsp_str_dbg(fsp), strerror(errno)));
2833 exit_server_cleanly("sendfile_short_send failed");
2834 }
2835
2836 nread -= headersize;
2837
2838 if (nread < smb_maxcnt) {
2839 char *buf = SMB_CALLOC_ARRAY(char, SHORT_SEND_BUFSIZE);
2840 if (!buf) {
2841 exit_server_cleanly("sendfile_short_send: "
2842 "malloc failed");
2843 }
2844
2845 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2846 "with zeros !\n", fsp_str_dbg(fsp)));
2847
2848 while (nread < smb_maxcnt) {
2849 /*
2850 * We asked for the real file size and told sendfile
2851 * to not go beyond the end of the file. But it can
2852 * happen that in between our fstat call and the
2853 * sendfile call the file was truncated. This is very
2854 * bad because we have already announced the larger
2855 * number of bytes to the client.
2856 *
2857 * The best we can do now is to send 0-bytes, just as
2858 * a read from a hole in a sparse file would do.
2859 *
2860 * This should happen rarely enough that I don't care
2861 * about efficiency here :-)
2862 */
2863 size_t to_write;
2864
2865 to_write = MIN(SHORT_SEND_BUFSIZE, smb_maxcnt - nread);
2866 if (write_data(smbd_server_fd(), buf, to_write) != to_write) {
2867 exit_server_cleanly("sendfile_short_send: "
2868 "write_data failed");
2869 }
2870 nread += to_write;
2871 }
2872 SAFE_FREE(buf);
2873 }
2874 }
2875 #endif /* defined WITH_SENDFILE */
2876
2877 /****************************************************************************
2878 Return a readbraw error (4 bytes of zero).
2879 ****************************************************************************/
2880
2881 static void reply_readbraw_error(void)
2882 {
2883 char header[4];
2884 SIVAL(header,0,0);
2885 if (write_data(smbd_server_fd(),header,4) != 4) {
2886 fail_readraw();
2887 }
2888 }
2889
2890 /****************************************************************************
2891 Use sendfile in readbraw.
2892 ****************************************************************************/
2893
2894 static void send_file_readbraw(connection_struct *conn,
2895 struct smb_request *req,
2896 files_struct *fsp,
2897 SMB_OFF_T startpos,
2898 size_t nread,
2899 ssize_t mincount)
2900 {
2901 char *outbuf = NULL;
2902 ssize_t ret=0;
2903
2904 #if defined(WITH_SENDFILE)
2905 /*
2906 * We can only use sendfile on a non-chained packet
2907 * but we can use on a non-oplocked file. tridge proved this
2908 * on a train in Germany :-). JRA.
2909 * reply_readbraw has already checked the length.
2910 */
2911
2912 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2913 (fsp->wcp == NULL) &&
2914 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
2915 ssize_t sendfile_read = -1;
2916 char header[4];
2917 DATA_BLOB header_blob;
2918
2919 _smb_setlen(header,nread);
2920 header_blob = data_blob_const(header, 4);
2921
2922 if ((sendfile_read = SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2923 &header_blob, startpos, nread)) == -1) {
2924 /* Returning ENOSYS means no data at all was sent.
2925 * Do this as a normal read. */
2926 if (errno == ENOSYS) {
2927 goto normal_readbraw;
2928 }
2929
2930 /*
2931 * Special hack for broken Linux with no working sendfile. If we
2932 * return EINTR we sent the header but not the rest of the data.
2933 * Fake this up by doing read/write calls.
2934 */
2935 if (errno == EINTR) {
2936 /* Ensure we don't do this again. */
2937 set_use_sendfile(SNUM(conn), False);
2938 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2939
2940 if (fake_sendfile(fsp, startpos, nread) == -1) {
2941 DEBUG(0,("send_file_readbraw: "
2942 "fake_sendfile failed for "
2943 "file %s (%s).\n",
2944 fsp_str_dbg(fsp),
2945 strerror(errno)));
2946 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2947 }
2948 return;
2949 }
2950
2951 DEBUG(0,("send_file_readbraw: sendfile failed for "
2952 "file %s (%s). Terminating\n",
2953 fsp_str_dbg(fsp), strerror(errno)));
2954 exit_server_cleanly("send_file_readbraw sendfile failed");
2955 } else if (sendfile_read == 0) {
2956 /*
2957 * Some sendfile implementations return 0 to indicate
2958 * that there was a short read, but nothing was
2959 * actually written to the socket. In this case,
2960 * fallback to the normal read path so the header gets
2961 * the correct byte count.
2962 */
2963 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
2964 "bytes falling back to the normal read: "
2965 "%s\n", fsp_str_dbg(fsp)));
2966 goto normal_readbraw;
2967 }
2968
2969 /* Deal with possible short send. */
2970 if (sendfile_read != 4+nread) {
2971 sendfile_short_send(fsp, sendfile_read, 4, nread);
2972 }
2973 return;
2974 }
2975
2976 normal_readbraw:
2977 #endif
2978
2979 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2980 if (!outbuf) {
2981 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2982 (unsigned)(nread+4)));
2983 reply_readbraw_error();
2984 return;
2985 }
2986
2987 if (nread > 0) {
2988 ret = read_file(fsp,outbuf+4,startpos,nread);
2989 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2990 if (ret < mincount)
2991 ret = 0;
2992 #else
2993 if (ret < nread)
2994 ret = 0;
2995 #endif
2996 }
2997
2998 _smb_setlen(outbuf,ret);
2999 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
3000 fail_readraw();
3001
3002 TALLOC_FREE(outbuf);
3003 }
3004
3005 /****************************************************************************
3006 Reply to a readbraw (core+ protocol).
3007 ****************************************************************************/
3008
3009 void reply_readbraw(struct smb_request *req)
3010 {
3011 connection_struct *conn = req->conn;
3012 ssize_t maxcount,mincount;
3013 size_t nread = 0;
3014 SMB_OFF_T startpos;
3015 files_struct *fsp;
3016 struct lock_struct lock;
3017 SMB_STRUCT_STAT st;
3018 SMB_OFF_T size = 0;
3019
3020 START_PROFILE(SMBreadbraw);
3021
3022 if (srv_is_signing_active(smbd_server_conn) ||
3023 is_encrypted_packet(req->inbuf)) {
3024 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
3025 "raw reads/writes are disallowed.");
3026 }
3027
3028 if (req->wct < 8) {
3029 reply_readbraw_error();
3030 END_PROFILE(SMBreadbraw);
3031 return;
3032 }
3033
3034 /*
3035 * Special check if an oplock break has been issued
3036 * and the readraw request croses on the wire, we must
3037 * return a zero length response here.
3038 */
3039
3040 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3041
3042 /*
3043 * We have to do a check_fsp by hand here, as
3044 * we must always return 4 zero bytes on error,
3045 * not a NTSTATUS.
3046 */
3047
3048 if (!fsp || !conn || conn != fsp->conn ||
3049 req->vuid != fsp->vuid ||
3050 fsp->is_directory || fsp->fh->fd == -1) {
3051 /*
3052 * fsp could be NULL here so use the value from the packet. JRA.
3053 */
3054 DEBUG(3,("reply_readbraw: fnum %d not valid "
3055 "- cache prime?\n",
3056 (int)SVAL(req->vwv+0, 0)));
3057 reply_readbraw_error();
3058 END_PROFILE(SMBreadbraw);
3059 return;
3060 }
3061
3062 /* Do a "by hand" version of CHECK_READ. */
3063 if (!(fsp->can_read ||
3064 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
3065 (fsp->access_mask & FILE_EXECUTE)))) {
3066 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
3067 (int)SVAL(req->vwv+0, 0)));
3068 reply_readbraw_error();
3069 END_PROFILE(SMBreadbraw);
3070 return;
3071 }
3072
3073 flush_write_cache(fsp, READRAW_FLUSH);
3074
3075 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
3076 if(req->wct == 10) {
3077 /*
3078 * This is a large offset (64 bit) read.
3079 */
3080 #ifdef LARGE_SMB_OFF_T
3081
3082 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
3083
3084 #else /* !LARGE_SMB_OFF_T */
3085
3086 /*
3087 * Ensure we haven't been sent a >32 bit offset.
3088 */
3089
3090 if(IVAL(req->vwv+8, 0) != 0) {
3091 DEBUG(0,("reply_readbraw: large offset "
3092 "(%x << 32) used and we don't support "
3093 "64 bit offsets.\n",
3094 (unsigned int)IVAL(req->vwv+8, 0) ));
3095 reply_readbraw_error();
3096 END_PROFILE(SMBreadbraw);
3097 return;
3098 }
3099
3100 #endif /* LARGE_SMB_OFF_T */
3101
3102 if(startpos < 0) {
3103 DEBUG(0,("reply_readbraw: negative 64 bit "
3104 "readraw offset (%.0f) !\n",
3105 (double)startpos ));
3106 reply_readbraw_error();
3107 END_PROFILE(SMBreadbraw);
3108 return;
3109 }
3110 }
3111
3112 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
3113 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
3114
3115 /* ensure we don't overrun the packet size */
3116 maxcount = MIN(65535,maxcount);
3117
3118 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3119 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
3120 &lock);
3121
3122 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3123 reply_readbraw_error();
3124 END_PROFILE(SMBreadbraw);
3125 return;
3126 }
3127
3128 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
3129 size = st.st_ex_size;
3130 }
3131
3132 if (startpos >= size) {
3133 nread = 0;
3134 } else {
3135 nread = MIN(maxcount,(size - startpos));
3136 }
3137
3138 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
3139 if (nread < mincount)
3140 nread = 0;
3141 #endif
3142
3143 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3144 "min=%lu nread=%lu\n",
3145 fsp->fnum, (double)startpos,
3146 (unsigned long)maxcount,
3147 (unsigned long)mincount,
3148 (unsigned long)nread ) );
3149
3150 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3151
3152 DEBUG(5,("reply_readbraw finished\n"));
3153
3154 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3155
3156 END_PROFILE(SMBreadbraw);
3157 return;
3158 }
3159
3160 #undef DBGC_CLASS
3161 #define DBGC_CLASS DBGC_LOCKING
3162
3163 /****************************************************************************
3164 Reply to a lockread (core+ protocol).
3165 ****************************************************************************/
3166
3167 void reply_lockread(struct smb_request *req)
3168 {
3169 connection_struct *conn = req->conn;
3170 ssize_t nread = -1;
3171 char *data;
3172 SMB_OFF_T startpos;
3173 size_t numtoread;
3174 NTSTATUS status;
3175 files_struct *fsp;
3176 struct byte_range_lock *br_lck = NULL;
3177 char *p = NULL;
3178 struct smbd_server_connection *sconn = smbd_server_conn;
3179
3180 START_PROFILE(SMBlockread);
3181
3182 if (req->wct < 5) {
3183 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3184 END_PROFILE(SMBlockread);
3185 return;
3186 }
3187
3188 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3189
3190 if (!check_fsp(conn, req, fsp)) {
3191 END_PROFILE(SMBlockread);
3192 return;
3193 }
3194
3195 if (!CHECK_READ(fsp,req)) {
3196 reply_doserror(req, ERRDOS, ERRbadaccess);
3197 END_PROFILE(SMBlockread);
3198 return;
3199 }
3200
3201 numtoread = SVAL(req->vwv+1, 0);
3202 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3203
3204 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3205
3206 reply_outbuf(req, 5, numtoread + 3);
3207
3208 data = smb_buf(req->outbuf) + 3;
3209
3210 /*
3211 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3212 * protocol request that predates the read/write lock concept.
3213 * Thus instead of asking for a read lock here we need to ask
3214 * for a write lock. JRA.
3215 * Note that the requested lock size is unaffected by max_recv.
3216 */
3217
3218 br_lck = do_lock(smbd_messaging_context(),
3219 fsp,
3220 req->smbpid,
3221 (uint64_t)numtoread,
3222 (uint64_t)startpos,
3223 WRITE_LOCK,
3224 WINDOWS_LOCK,
3225 False, /* Non-blocking lock. */
3226 &status,
3227 NULL,
3228 NULL);
3229 TALLOC_FREE(br_lck);
3230
3231 if (NT_STATUS_V(status)) {
3232 reply_nterror(req, status);
3233 END_PROFILE(SMBlockread);
3234 return;
3235 }
3236
3237 /*
3238 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3239 */
3240
3241 if (numtoread > sconn->smb1.negprot.max_recv) {
3242 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3243 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3244 (unsigned int)numtoread,
3245 (unsigned int)sconn->smb1.negprot.max_recv));
3246 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3247 }
3248 nread = read_file(fsp,data,startpos,numtoread);
3249
3250 if (nread < 0) {
3251 reply_nterror(req, map_nt_error_from_unix(errno));
3252 END_PROFILE(SMBlockread);
3253 return;
3254 }
3255
3256 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3257
3258 SSVAL(req->outbuf,smb_vwv0,nread);
3259 SSVAL(req->outbuf,smb_vwv5,nread+3);
3260 p = smb_buf(req->outbuf);
3261 SCVAL(p,0,0); /* pad byte. */
3262 SSVAL(p,1,nread);
3263
3264 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3265 fsp->fnum, (int)numtoread, (int)nread));
3266
3267 END_PROFILE(SMBlockread);
3268 return;
3269 }
3270
3271 #undef DBGC_CLASS
3272 #define DBGC_CLASS DBGC_ALL
3273
3274 /****************************************************************************
3275 Reply to a read.
3276 ****************************************************************************/
3277
3278 void reply_read(struct smb_request *req)
3279 {
3280 connection_struct *conn = req->conn;
3281 size_t numtoread;
3282 ssize_t nread = 0;
3283 char *data;
3284 SMB_OFF_T startpos;
3285 int outsize = 0;
3286 files_struct *fsp;
3287 struct lock_struct lock;
3288 struct smbd_server_connection *sconn = smbd_server_conn;
3289
3290 START_PROFILE(SMBread);
3291
3292 if (req->wct < 3) {
3293 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3294 END_PROFILE(SMBread);
3295 return;
3296 }
3297
3298 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3299
3300 if (!check_fsp(conn, req, fsp)) {
3301 END_PROFILE(SMBread);
3302 return;
3303 }
3304
3305 if (!CHECK_READ(fsp,req)) {
3306 reply_doserror(req, ERRDOS, ERRbadaccess);
3307 END_PROFILE(SMBread);
3308 return;
3309 }
3310
3311 numtoread = SVAL(req->vwv+1, 0);
3312 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3313
3314 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3315
3316 /*
3317 * The requested read size cannot be greater than max_recv. JRA.
3318 */
3319 if (numtoread > sconn->smb1.negprot.max_recv) {
3320 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3321 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3322 (unsigned int)numtoread,
3323 (unsigned int)sconn->smb1.negprot.max_recv));
3324 numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
3325 }
3326
3327 reply_outbuf(req, 5, numtoread+3);
3328
3329 data = smb_buf(req->outbuf) + 3;
3330
3331 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3332 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3333 &lock);
3334
3335 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3336 reply_doserror(req, ERRDOS,ERRlock);
3337 END_PROFILE(SMBread);
3338 return;
3339 }
3340
3341 if (numtoread > 0)
3342 nread = read_file(fsp,data,startpos,numtoread);
3343
3344 if (nread < 0) {
3345 reply_nterror(req, map_nt_error_from_unix(errno));
3346 goto strict_unlock;
3347 }
3348
3349 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3350
3351 SSVAL(req->outbuf,smb_vwv0,nread);
3352 SSVAL(req->outbuf,smb_vwv5,nread+3);
3353 SCVAL(smb_buf(req->outbuf),0,1);
3354 SSVAL(smb_buf(req->outbuf),1,nread);
3355
3356 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3357 fsp->fnum, (int)numtoread, (int)nread ) );
3358
3359 strict_unlock:
3360 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3361
3362 END_PROFILE(SMBread);
3363 return;
3364 }
3365
3366 /****************************************************************************
3367 Setup readX header.
3368 ****************************************************************************/
3369
3370 static int setup_readX_header(struct smb_request *req, char *outbuf,
3371 size_t smb_maxcnt)
3372 {
3373 int outsize;
3374 char *data;
3375
3376 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3377 data = smb_buf(outbuf);
3378
3379 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3380
3381 SCVAL(outbuf,smb_vwv0,0xFF);
3382 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3383 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3384 SSVAL(outbuf,smb_vwv6,
3385 req_wct_ofs(req)
3386 + 1 /* the wct field */
3387 + 12 * sizeof(uint16_t) /* vwv */
3388 + 2); /* the buflen field */
3389 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3390 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3391 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3392 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3393 return outsize;
3394 }
3395
3396 /****************************************************************************
3397 Reply to a read and X - possibly using sendfile.
3398 ****************************************************************************/
3399
3400 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3401 files_struct *fsp, SMB_OFF_T startpos,
3402 size_t smb_maxcnt)
3403 {
3404 SMB_STRUCT_STAT sbuf;
3405 ssize_t nread = -1;
3406 struct lock_struct lock;
3407 int saved_errno = 0;
3408
3409 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3410 reply_nterror(req, map_nt_error_from_unix(errno));
3411 return;
3412 }
3413
3414 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3415 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3416 &lock);
3417
3418 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3419 reply_doserror(req, ERRDOS, ERRlock);
3420 return;
3421 }
3422
3423 if (!S_ISREG(sbuf.st_ex_mode) || (startpos > sbuf.st_ex_size)
3424 || (smb_maxcnt > (sbuf.st_ex_size - startpos))) {
3425 /*
3426 * We already know that we would do a short read, so don't
3427 * try the sendfile() path.
3428 */
3429 goto nosendfile_read;
3430 }
3431
3432 #if defined(WITH_SENDFILE)
3433 /*
3434 * We can only use sendfile on a non-chained packet
3435 * but we can use on a non-oplocked file. tridge proved this
3436 * on a train in Germany :-). JRA.
3437 */
3438
3439 if (!req_is_in_chain(req) &&
3440 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3441 (fsp->wcp == NULL) &&
3442 lp_use_sendfile(SNUM(conn), smbd_server_conn->smb1.signing_state) ) {
3443 uint8 headerbuf[smb_size + 12 * 2];
3444 DATA_BLOB header;
3445
3446 /*
3447 * Set up the packet header before send. We
3448 * assume here the sendfile will work (get the
3449 * correct amount of data).
3450 */
3451
3452 header = data_blob_const(headerbuf, sizeof(headerbuf));
3453
3454 construct_reply_common_req(req, (char *)headerbuf);
3455 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3456
3457 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3458 /* Returning ENOSYS means no data at all was sent.
3459 Do this as a normal read. */
3460 if (errno == ENOSYS) {
3461 goto normal_read;
3462 }
3463
3464 /*
3465 * Special hack for broken Linux with no working sendfile. If we
3466 * return EINTR we sent the header but not the rest of the data.
3467 * Fake this up by doing read/write calls.
3468 */
3469
3470 if (errno == EINTR) {
3471 /* Ensure we don't do this again. */
3472 set_use_sendfile(SNUM(conn), False);
3473 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3474 nread = fake_sendfile(fsp, startpos,
3475 smb_maxcnt);
3476 if (nread == -1) {
3477 DEBUG(0,("send_file_readX: "
3478 "fake_sendfile failed for "
3479 "file %s (%s).\n",
3480 fsp_str_dbg(fsp),
3481 strerror(errno)));
3482 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3483 }
3484 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3485 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3486 /* No outbuf here means successful sendfile. */
3487 goto strict_unlock;
3488 }
3489
3490 DEBUG(0,("send_file_readX: sendfile failed for file "
3491 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3492 strerror(errno)));
3493 exit_server_cleanly("send_file_readX sendfile failed");
3494 } else if (nread == 0) {
3495 /*
3496 * Some sendfile implementations return 0 to indicate
3497 * that there was a short read, but nothing was
3498 * actually written to the socket. In this case,
3499 * fallback to the normal read path so the header gets
3500 * the correct byte count.
3501 */
3502 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3503 "falling back to the normal read: %s\n",
3504 fsp_str_dbg(fsp)));
3505 goto normal_read;
3506 }
3507
3508 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3509 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3510
3511 /* Deal with possible short send. */
3512 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3513 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3514 }
3515 /* No outbuf here means successful sendfile. */
3516 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3517 SMB_PERFCOUNT_END(&req->pcd);
3518 goto strict_unlock;
3519 }
3520
3521 normal_read:
3522
3523 #endif
3524
3525 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3526 uint8 headerbuf[smb_size + 2*12];
3527
3528 construct_reply_common_req(req, (char *)headerbuf);
3529 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3530
3531 /* Send out the header. */
3532 if (write_data(smbd_server_fd(), (char *)headerbuf,
3533 sizeof(headerbuf)) != sizeof(headerbuf)) {
3534 DEBUG(0,("send_file_readX: write_data failed for file "
3535 "%s (%s). Terminating\n", fsp_str_dbg(fsp),
3536 strerror(errno)));
3537 exit_server_cleanly("send_file_readX sendfile failed");
3538 }
3539 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3540 if (nread == -1) {
3541 DEBUG(0,("send_file_readX: fake_sendfile failed for "
3542 "file %s (%s).\n", fsp_str_dbg(fsp),
3543 strerror(errno)));
3544 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3545 }
3546 goto strict_unlock;
3547 }
3548
3549 nosendfile_read:
3550
3551 reply_outbuf(req, 12, smb_maxcnt);
3552
3553 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3554 saved_errno = errno;
3555
3556 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3557
3558 if (nread < 0) {
3559 reply_nterror(req, map_nt_error_from_unix(saved_errno));
3560 return;
3561 }
3562
3563 setup_readX_header(req, (char *)req->outbuf, nread);
3564
3565 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3566 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3567
3568 chain_reply(req);
3569 return;
3570
3571 strict_unlock:
3572 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3573 TALLOC_FREE(req->outbuf);
3574 return;
3575 }
3576
3577 /****************************************************************************
3578 Reply to a read and X.
3579 ****************************************************************************/
3580
3581 void reply_read_and_X(struct smb_request *req)
3582 {
3583 connection_struct *conn = req->conn;
3584 files_struct *fsp;
3585 SMB_OFF_T startpos;
3586 size_t smb_maxcnt;
3587 bool big_readX = False;
3588 #if 0
3589 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3590 #endif
3591
3592 START_PROFILE(SMBreadX);
3593
3594 if ((req->wct != 10) && (req->wct != 12)) {
3595 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3596 return;
3597 }
3598
3599 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3600 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3601 smb_maxcnt = SVAL(req->vwv+5, 0);
3602
3603 /* If it's an IPC, pass off the pipe handler. */
3604 if (IS_IPC(conn)) {
3605 reply_pipe_read_and_X(req);
3606 END_PROFILE(SMBreadX);
3607 return;
3608 }
3609
3610 if (!check_fsp(conn, req, fsp)) {
3611 END_PROFILE(SMBreadX);
3612 return;
3613 }
3614
3615 if (!CHECK_READ(fsp,req)) {
3616 reply_doserror(req, ERRDOS,ERRbadaccess);
3617 END_PROFILE(SMBreadX);
3618 return;
3619 }
3620
3621 if (global_client_caps & CAP_LARGE_READX) {
3622 size_t upper_size = SVAL(req->vwv+7, 0);
3623 smb_maxcnt |= (upper_size<<16);
3624 if (upper_size > 1) {
3625 /* Can't do this on a chained packet. */
3626 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3627 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3628 END_PROFILE(SMBreadX);
3629 return;
3630 }
3631 /* We currently don't do this on signed or sealed data. */
3632 if (srv_is_signing_active(smbd_server_conn) ||
3633 is_encrypted_packet(req->inbuf)) {
3634 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3635 END_PROFILE(SMBreadX);
3636 return;
3637 }
3638 /* Is there room in the reply for this data ? */
3639 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3640 reply_nterror(req,
3641 NT_STATUS_INVALID_PARAMETER);
3642 END_PROFILE(SMBreadX);
3643 return;
3644 }
3645 big_readX = True;
3646 }
3647 }
3648
3649 if (req->wct == 12) {
3650 #ifdef LARGE_SMB_OFF_T
3651 /*
3652 * This is a large offset (64 bit) read.
3653 */
3654 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3655
3656 #else /* !LARGE_SMB_OFF_T */
3657
3658 /*
3659 * Ensure we haven't been sent a >32 bit offset.
3660 */
3661
3662 if(IVAL(req->vwv+10, 0) != 0) {
3663 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3664 "used and we don't support 64 bit offsets.\n",
3665 (unsigned int)IVAL(req->vwv+10, 0) ));
3666 END_PROFILE(SMBreadX);
3667 reply_doserror(req, ERRDOS, ERRbadaccess);
3668 return;
3669 }
3670
3671 #endif /* LARGE_SMB_OFF_T */
3672
3673 }
3674
3675 if (!big_readX &&
3676 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3677 goto out;
3678 }
3679
3680 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3681
3682 out:
3683 END_PROFILE(SMBreadX);
3684 return;
3685 }
3686
3687 /****************************************************************************
3688 Error replies to writebraw must have smb_wct == 1. Fix this up.
3689 ****************************************************************************/
3690
3691 void error_to_writebrawerr(struct smb_request *req)
3692 {
3693 uint8 *old_outbuf = req->outbuf;
3694
3695 reply_outbuf(req, 1, 0);
3696
3697 memcpy(req->outbuf, old_outbuf, smb_size);
3698 TALLOC_FREE(old_outbuf);
3699 }
3700
3701 /****************************************************************************
3702 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3703 ****************************************************************************/
3704
3705 void reply_writebraw(struct smb_request *req)
3706 {
3707 connection_struct *conn = req->conn;
3708 char *buf = NULL;
3709 ssize_t nwritten=0;
3710 ssize_t total_written=0;
3711 size_t numtowrite=0;
3712 size_t tcount;
3713 SMB_OFF_T startpos;
3714 char *data=NULL;
3715 bool write_through;
3716 files_struct *fsp;
3717 struct lock_struct lock;
3718 NTSTATUS status;
3719
3720 START_PROFILE(SMBwritebraw);
3721
3722 /*
3723 * If we ever reply with an error, it must have the SMB command
3724 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3725 * we're finished.
3726 */
3727 SCVAL(req->inbuf,smb_com,SMBwritec);
3728
3729 if (srv_is_signing_active(smbd_server_conn)) {
3730 END_PROFILE(SMBwritebraw);
3731 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3732 "raw reads/writes are disallowed.");
3733 }
3734
3735 if (req->wct < 12) {
3736 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3737 error_to_writebrawerr(req);
3738 END_PROFILE(SMBwritebraw);
3739 return;
3740 }
3741
3742 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3743 if (!check_fsp(conn, req, fsp)) {
3744 error_to_writebrawerr(req);
3745 END_PROFILE(SMBwritebraw);
3746 return;
3747 }
3748
3749 if (!CHECK_WRITE(fsp)) {
3750 reply_doserror(req, ERRDOS, ERRbadaccess);
3751 error_to_writebrawerr(req);
3752 END_PROFILE(SMBwritebraw);
3753 return;
3754 }
3755
3756 tcount = IVAL(req->vwv+1, 0);
3757 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3758 write_through = BITSETW(req->vwv+7,0);
3759
3760 /* We have to deal with slightly different formats depending
3761 on whether we are using the core+ or lanman1.0 protocol */
3762
3763 if(Protocol <= PROTOCOL_COREPLUS) {
3764 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3765 data = smb_buf(req->inbuf);
3766 } else {
3767 numtowrite = SVAL(req->vwv+10, 0);
3768 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3769 }
3770
3771 /* Ensure we don't write bytes past the end of this packet. */
3772 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3773 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3774 error_to_writebrawerr(req);
3775 END_PROFILE(SMBwritebraw);
3776 return;
3777 }
3778
3779 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3780 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3781 &lock);
3782
3783 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3784 reply_doserror(req, ERRDOS, ERRlock);
3785 error_to_writebrawerr(req);
3786 END_PROFILE(SMBwritebraw);
3787 return;
3788 }
3789
3790 if (numtowrite>0) {
3791 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3792 }
3793
3794 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3795 "wrote=%d sync=%d\n",
3796 fsp->fnum, (double)startpos, (int)numtowrite,
3797 (int)nwritten, (int)write_through));
3798
3799 if (nwritten < (ssize_t)numtowrite) {
3800 reply_doserror(req, ERRHRD, ERRdiskfull);
3801 error_to_writebrawerr(req);
3802 goto strict_unlock;
3803 }
3804
3805 total_written = nwritten;
3806
3807 /* Allocate a buffer of 64k + length. */
3808 buf = TALLOC_ARRAY(NULL, char, 65540);
3809 if (!buf) {
3810 reply_doserror(req, ERRDOS, ERRnomem);
3811 error_to_writebrawerr(req);
3812 goto strict_unlock;
3813 }
3814
3815 /* Return a SMBwritebraw message to the redirector to tell
3816 * it to send more bytes */
3817
3818 memcpy(buf, req->inbuf, smb_size);
3819 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3820 SCVAL(buf,smb_com,SMBwritebraw);
3821 SSVALS(buf,smb_vwv0,0xFFFF);
3822 show_msg(buf);
3823 if (!srv_send_smb(smbd_server_fd(),
3824 buf,
3825 false, 0, /* no signing */
3826 IS_CONN_ENCRYPTED(conn),
3827 &req->pcd)) {
3828 exit_server_cleanly("reply_writebraw: srv_send_smb "
3829 "failed.");
3830 }
3831
3832 /* Now read the raw data into the buffer and write it */
3833 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3834 &numtowrite);
3835 if (!NT_STATUS_IS_OK(status)) {
3836 exit_server_cleanly("secondary writebraw failed");
3837 }
3838
3839 /* Set up outbuf to return the correct size */
3840 reply_outbuf(req, 1, 0);
3841
3842 if (numtowrite != 0) {
3843
3844 if (numtowrite > 0xFFFF) {
3845 DEBUG(0,("reply_writebraw: Oversize secondary write "
3846 "raw requested (%u). Terminating\n",
3847 (unsigned int)numtowrite ));
3848 exit_server_cleanly("secondary writebraw failed");
3849 }
3850
3851 if (tcount > nwritten+numtowrite) {
3852 DEBUG(3,("reply_writebraw: Client overestimated the "
3853 "write %d %d %d\n",
3854 (int)tcount,(int)nwritten,(int)numtowrite));
3855 }
3856
3857 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3858
3859 if (!NT_STATUS_IS_OK(status)) {
3860 DEBUG(0,("reply_writebraw: Oversize secondary write "
3861 "raw read failed (%s). Terminating\n",
3862 nt_errstr(status)));
3863 exit_server_cleanly("secondary writebraw failed");
3864 }
3865
3866 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3867 if (nwritten == -1) {
3868 TALLOC_FREE(buf);
3869 reply_nterror(req, map_nt_error_from_unix(errno));
3870 error_to_writebrawerr(req);
3871 goto strict_unlock;
3872 }
3873
3874 if (nwritten < (ssize_t)numtowrite) {
3875 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3876 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3877 }
3878
3879 if (nwritten > 0) {
3880 total_written += nwritten;
3881 }
3882 }
3883
3884 TALLOC_FREE(buf);
3885 SSVAL(req->outbuf,smb_vwv0,total_written);
3886
3887 status = sync_file(conn, fsp, write_through);
3888 if (!NT_STATUS_IS_OK(status)) {
3889 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3890 fsp_str_dbg(fsp), nt_errstr(status)));
3891 reply_nterror(req, status);
3892 error_to_writebrawerr(req);
3893 goto strict_unlock;
3894 }
3895
3896 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3897 "wrote=%d\n",
3898 fsp->fnum, (double)startpos, (int)numtowrite,
3899 (int)total_written));
3900
3901 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3902
3903 /* We won't return a status if write through is not selected - this
3904 * follows what WfWg does */
3905 END_PROFILE(SMBwritebraw);
3906
3907 if (!write_through && total_written==tcount) {
3908
3909 #if RABBIT_PELLET_FIX
3910 /*
3911 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3912 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3913 * JRA.
3914 */
3915 if (!send_keepalive(smbd_server_fd())) {
3916 exit_server_cleanly("reply_writebraw: send of "
3917 "keepalive failed");
3918 }
3919 #endif
3920 TALLOC_FREE(req->outbuf);
3921 }
3922 return;
3923
3924 strict_unlock:
3925 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3926
3927 END_PROFILE(SMBwritebraw);
3928 return;
3929 }
3930
3931 #undef DBGC_CLASS
3932 #define DBGC_CLASS DBGC_LOCKING
3933
3934 /****************************************************************************
3935 Reply to a writeunlock (core+).
3936 ****************************************************************************/
3937
3938 void reply_writeunlock(struct smb_request *req)
3939 {
3940 connection_struct *conn = req->conn;
3941 ssize_t nwritten = -1;
3942 size_t numtowrite;
3943 SMB_OFF_T startpos;
3944 const char *data;
3945 NTSTATUS status = NT_STATUS_OK;
3946 files_struct *fsp;
3947 struct lock_struct lock;
3948 int saved_errno = 0;
3949
3950 START_PROFILE(SMBwriteunlock);
3951
3952 if (req->wct < 5) {
3953 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3954 END_PROFILE(SMBwriteunlock);
3955 return;
3956 }
3957
3958 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3959
3960 if (!check_fsp(conn, req, fsp)) {
3961 END_PROFILE(SMBwriteunlock);
3962 return;
3963 }
3964
3965 if (!CHECK_WRITE(fsp)) {
3966 reply_doserror(req, ERRDOS,ERRbadaccess);
3967 END_PROFILE(SMBwriteunlock);
3968 return;
3969 }
3970
3971 numtowrite = SVAL(req->vwv+1, 0);
3972 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3973 data = (const char *)req->buf + 3;
3974
3975 if (numtowrite) {
3976 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3977 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3978 &lock);
3979
3980 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3981 reply_doserror(req, ERRDOS, ERRlock);
3982 END_PROFILE(SMBwriteunlock);
3983 return;
3984 }
3985 }
3986
3987 /* The special X/Open SMB protocol handling of
3988 zero length writes is *NOT* done for
3989 this call */
3990 if(numtowrite == 0) {
3991 nwritten = 0;
3992 } else {
3993 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3994 saved_errno = errno;
3995 }
3996
3997 status = sync_file(conn, fsp, False /* write through */);
3998 if (!NT_STATUS_IS_OK(status)) {
3999 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
4000 fsp_str_dbg(fsp), nt_errstr(status)));
4001 reply_nterror(req, status);
4002 goto strict_unlock;
4003 }
4004
4005 if(nwritten < 0) {
4006 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4007 goto strict_unlock;
4008 }
4009
4010 if((nwritten < numtowrite) && (numtowrite != 0)) {
4011 reply_doserror(req, ERRHRD, ERRdiskfull);
4012 goto strict_unlock;
4013 }
4014
4015 if (numtowrite) {
4016 status = do_unlock(smbd_messaging_context(),
4017 fsp,
4018 req->smbpid,
4019 (uint64_t)numtowrite,
4020 (uint64_t)startpos,
4021 WINDOWS_LOCK);
4022
4023 if (NT_STATUS_V(status)) {
4024 reply_nterror(req, status);
4025 goto strict_unlock;
4026 }
4027 }
4028
4029 reply_outbuf(req, 1, 0);
4030
4031 SSVAL(req->outbuf,smb_vwv0,nwritten);
4032
4033 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
4034 fsp->fnum, (int)numtowrite, (int)nwritten));
4035
4036 strict_unlock:
4037 if (numtowrite) {
4038 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4039 }
4040
4041 END_PROFILE(SMBwriteunlock);
4042 return;
4043 }
4044
4045 #undef DBGC_CLASS
4046 #define DBGC_CLASS DBGC_ALL
4047
4048 /****************************************************************************
4049 Reply to a write.
4050 ****************************************************************************/
4051
4052 void reply_write(struct smb_request *req)
4053 {
4054 connection_struct *conn = req->conn;
4055 size_t numtowrite;
4056 ssize_t nwritten = -1;
4057 SMB_OFF_T startpos;
4058 const char *data;
4059 files_struct *fsp;
4060 struct lock_struct lock;
4061 NTSTATUS status;
4062 int saved_errno = 0;
4063
4064 START_PROFILE(SMBwrite);
4065
4066 if (req->wct < 5) {
4067 END_PROFILE(SMBwrite);
4068 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4069 return;
4070 }
4071
4072 /* If it's an IPC, pass off the pipe handler. */
4073 if (IS_IPC(conn)) {
4074 reply_pipe_write(req);
4075 END_PROFILE(SMBwrite);
4076 return;
4077 }
4078
4079 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4080
4081 if (!check_fsp(conn, req, fsp)) {
4082 END_PROFILE(SMBwrite);
4083 return;
4084 }
4085
4086 if (!CHECK_WRITE(fsp)) {
4087 reply_doserror(req, ERRDOS, ERRbadaccess);
4088 END_PROFILE(SMBwrite);
4089 return;
4090 }
4091
4092 numtowrite = SVAL(req->vwv+1, 0);
4093 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4094 data = (const char *)req->buf + 3;
4095
4096 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4097 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4098 &lock);
4099
4100 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4101 reply_doserror(req, ERRDOS, ERRlock);
4102 END_PROFILE(SMBwrite);
4103 return;
4104 }
4105
4106 /*
4107 * X/Open SMB protocol says that if smb_vwv1 is
4108 * zero then the file size should be extended or
4109 * truncated to the size given in smb_vwv[2-3].
4110 */
4111
4112 if(numtowrite == 0) {
4113 /*
4114 * This is actually an allocate call, and set EOF. JRA.
4115 */
4116 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
4117 if (nwritten < 0) {
4118 reply_nterror(req, NT_STATUS_DISK_FULL);
4119 goto strict_unlock;
4120 }
4121 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
4122 if (nwritten < 0) {
4123 reply_nterror(req, NT_STATUS_DISK_FULL);
4124 goto strict_unlock;
4125 }
4126 trigger_write_time_update_immediate(fsp);
4127 } else {
4128 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4129 }
4130
4131 status = sync_file(conn, fsp, False);
4132 if (!NT_STATUS_IS_OK(status)) {
4133 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
4134 fsp_str_dbg(fsp), nt_errstr(status)));
4135 reply_nterror(req, status);
4136 goto strict_unlock;
4137 }
4138
4139 if(nwritten < 0) {
4140 reply_nterror(req, map_nt_error_from_unix(saved_errno));
4141 goto strict_unlock;
4142 }
4143
4144 if((nwritten == 0) && (numtowrite != 0)) {
4145 reply_doserror(req, ERRHRD, ERRdiskfull);
4146 goto strict_unlock;
4147 }
4148
4149 reply_outbuf(req, 1, 0);
4150
4151 SSVAL(req->outbuf,smb_vwv0,nwritten);
4152
4153 if (nwritten < (ssize_t)numtowrite) {
4154 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4155 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4156 }
4157
4158 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
4159
4160 strict_unlock:
4161 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4162
4163 END_PROFILE(SMBwrite);
4164 return;
4165 }
4166
4167 /****************************************************************************
4168 Ensure a buffer is a valid writeX for recvfile purposes.
4169 ****************************************************************************/
4170
4171 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4172 (2*14) + /* word count (including bcc) */ \
4173 1 /* pad byte */)
4174
4175 bool is_valid_writeX_buffer(const uint8_t *inbuf)
4176 {
4177 size_t numtowrite;
4178 connection_struct *conn = NULL;
4179 unsigned int doff = 0;
4180 size_t len = smb_len_large(inbuf);
4181 struct smbd_server_connection *sconn = smbd_server_conn;
4182
4183 if (is_encrypted_packet(inbuf)) {
4184 /* Can't do this on encrypted
4185 * connections. */
4186 return false;
4187 }
4188
4189 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4190 return false;
4191 }
4192
4193 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4194 CVAL(inbuf,smb_wct) != 14) {
4195 DEBUG(10,("is_valid_writeX_buffer: chained or "
4196 "invalid word length.\n"));
4197 return false;
4198 }
4199
4200 conn = conn_find(sconn, SVAL(inbuf, smb_tid));
4201 if (conn == NULL) {
4202 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4203 return false;
4204 }
4205 if (IS_IPC(conn)) {
4206 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4207 return false;
4208 }
4209 if (IS_PRINT(conn)) {
4210 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4211 return false;
4212 }
4213 doff = SVAL(inbuf,smb_vwv11);
4214
4215 numtowrite = SVAL(inbuf,smb_vwv10);
4216
4217 if (len > doff && len - doff > 0xFFFF) {
4218 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4219 }
4220
4221 if (numtowrite == 0) {
4222 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4223 return false;
4224 }
4225
4226 /* Ensure the sizes match up. */
4227 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4228 /* no pad byte...old smbclient :-( */
4229 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4230 (unsigned int)doff,
4231 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4232 return false;
4233 }
4234
4235 if (len - doff != numtowrite) {
4236 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4237 "len = %u, doff = %u, numtowrite = %u\n",
4238 (unsigned int)len,
4239 (unsigned int)doff,
4240 (unsigned int)numtowrite ));
4241 return false;
4242 }
4243
4244 DEBUG(10,("is_valid_writeX_buffer: true "
4245 "len = %u, doff = %u, numtowrite = %u\n",
4246 (unsigned int)len,
4247 (unsigned int)doff,
4248 (unsigned int)numtowrite ));
4249
4250 return true;
4251 }
4252
4253 /****************************************************************************
4254 Reply to a write and X.
4255 ****************************************************************************/
4256
4257 void reply_write_and_X(struct smb_request *req)
4258 {
4259 connection_struct *conn = req->conn;
4260 files_struct *fsp;
4261 struct lock_struct lock;
4262 SMB_OFF_T startpos;
4263 size_t numtowrite;
4264 bool write_through;
4265 ssize_t nwritten;
4266 unsigned int smb_doff;
4267 unsigned int smblen;
4268 char *data;
4269 NTSTATUS status;
4270
4271 START_PROFILE(SMBwriteX);
4272
4273 if ((req->wct != 12) && (req->wct != 14)) {
4274 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4275 END_PROFILE(SMBwriteX);
4276 return;
4277 }
4278
4279 numtowrite = SVAL(req->vwv+10, 0);
4280 smb_doff = SVAL(req->vwv+11, 0);
4281 smblen = smb_len(req->inbuf);
4282
4283 if (req->unread_bytes > 0xFFFF ||
4284 (smblen > smb_doff &&
4285 smblen - smb_doff > 0xFFFF)) {
4286 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4287 }
4288
4289 if (req->unread_bytes) {
4290 /* Can't do a recvfile write on IPC$ */
4291 if (IS_IPC(conn)) {
4292 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4293 END_PROFILE(SMBwriteX);
4294 return;
4295 }
4296 if (numtowrite != req->unread_bytes) {
4297 reply_doserror(req, ERRDOS, ERRbadmem);
4298 END_PROFILE(SMBwriteX);
4299 return;
4300 }
4301 } else {
4302 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4303 smb_doff + numtowrite > smblen) {
4304 reply_doserror(req, ERRDOS, ERRbadmem);
4305 END_PROFILE(SMBwriteX);
4306 return;
4307 }
4308 }
4309
4310 /* If it's an IPC, pass off the pipe handler. */
4311 if (IS_IPC(conn)) {
4312 if (req->unread_bytes) {
4313 reply_doserror(req, ERRDOS, ERRbadmem);
4314 END_PROFILE(SMBwriteX);
4315 return;
4316 }
4317 reply_pipe_write_and_X(req);
4318 END_PROFILE(SMBwriteX);
4319 return;
4320 }
4321
4322 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4323 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4324 write_through = BITSETW(req->vwv+7,0);
4325
4326 if (!check_fsp(conn, req, fsp)) {
4327 END_PROFILE(SMBwriteX);
4328 return;
4329 }
4330
4331 if (!CHECK_WRITE(fsp)) {
4332 reply_doserror(req, ERRDOS, ERRbadaccess);
4333 END_PROFILE(SMBwriteX);
4334 return;
4335 }
4336
4337 data = smb_base(req->inbuf) + smb_doff;
4338
4339 if(req->wct == 14) {
4340 #ifdef LARGE_SMB_OFF_T
4341 /*
4342 * This is a large offset (64 bit) write.
4343 */
4344 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4345
4346 #else /* !LARGE_SMB_OFF_T */
4347
4348 /*
4349 * Ensure we haven't been sent a >32 bit offset.
4350 */
4351
4352 if(IVAL(req->vwv+12, 0) != 0) {
4353 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4354 "used and we don't support 64 bit offsets.\n",
4355 (unsigned int)IVAL(req->vwv+12, 0) ));
4356 reply_doserror(req, ERRDOS, ERRbadaccess);
4357 END_PROFILE(SMBwriteX);
4358 return;
4359 }
4360
4361 #endif /* LARGE_SMB_OFF_T */
4362 }
4363
4364 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4365 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4366 &lock);
4367
4368 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4369 reply_doserror(req, ERRDOS, ERRlock);
4370 END_PROFILE(SMBwriteX);
4371 return;
4372 }
4373
4374 /* X/Open SMB protocol says that, unlike SMBwrite
4375 if the length is zero then NO truncation is
4376 done, just a write of zero. To truncate a file,
4377 use SMBwrite. */
4378
4379 if(numtowrite == 0) {
4380 nwritten = 0;
4381 } else {
4382
4383 if ((req->unread_bytes == 0) &&
4384 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4385 numtowrite)) {
4386 goto strict_unlock;
4387 }
4388
4389 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4390 }
4391
4392 if(nwritten < 0) {
4393 reply_nterror(req, map_nt_error_from_unix(errno));
4394 goto strict_unlock;
4395 }
4396
4397 if((nwritten == 0) && (numtowrite != 0)) {
4398 reply_doserror(req, ERRHRD, ERRdiskfull);
4399 goto strict_unlock;
4400 }
4401
4402 reply_outbuf(req, 6, 0);
4403 SSVAL(req->outbuf,smb_vwv2,nwritten);
4404 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4405
4406 if (nwritten < (ssize_t)numtowrite) {
4407 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4408 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4409 }
4410
4411 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4412 fsp->fnum, (int)numtowrite, (int)nwritten));
4413
4414 status = sync_file(conn, fsp, write_through);
4415 if (!NT_STATUS_IS_OK(status)) {
4416 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4417 fsp_str_dbg(fsp), nt_errstr(status)));
4418 reply_nterror(req, status);
4419 goto strict_unlock;
4420 }
4421
4422 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4423
4424 END_PROFILE(SMBwriteX);
4425 chain_reply(req);
4426 return;
4427
4428 strict_unlock:
4429 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4430
4431 END_PROFILE(SMBwriteX);
4432 return;
4433 }
4434
4435 /****************************************************************************
4436 Reply to a lseek.
4437 ****************************************************************************/
4438
4439 void reply_lseek(struct smb_request *req)
4440 {
4441 connection_struct *conn = req->conn;
4442 SMB_OFF_T startpos;
4443 SMB_OFF_T res= -1;
4444 int mode,umode;
4445 files_struct *fsp;
4446
4447 START_PROFILE(SMBlseek);
4448
4449 if (req->wct < 4) {
4450 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4451 END_PROFILE(SMBlseek);
4452 return;
4453 }
4454
4455 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4456
4457 if (!check_fsp(conn, req, fsp)) {
4458 return;
4459 }
4460
4461 flush_write_cache(fsp, SEEK_FLUSH);
4462
4463 mode = SVAL(req->vwv+1, 0) & 3;
4464 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4465 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4466
4467 switch (mode) {
4468 case 0:
4469 umode = SEEK_SET;
4470 res = startpos;
4471 break;
4472 case 1:
4473 umode = SEEK_CUR;
4474 res = fsp->fh->pos + startpos;
4475 break;
4476 case 2:
4477 umode = SEEK_END;
4478 break;
4479 default:
4480 umode = SEEK_SET;
4481 res = startpos;
4482 break;
4483 }
4484
4485 if (umode == SEEK_END) {
4486 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4487 if(errno == EINVAL) {
4488 SMB_OFF_T current_pos = startpos;
4489 SMB_STRUCT_STAT sbuf;
4490
4491 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4492 reply_nterror(req,
4493 map_nt_error_from_unix(errno));
4494 END_PROFILE(SMBlseek);
4495 return;
4496 }
4497
4498 current_pos += sbuf.st_ex_size;
4499 if(current_pos < 0)
4500 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4501 }
4502 }
4503
4504 if(res == -1) {
4505 reply_nterror(req, map_nt_error_from_unix(errno));
4506 END_PROFILE(SMBlseek);
4507 return;
4508 }
4509 }
4510
4511 fsp->fh->pos = res;
4512
4513 reply_outbuf(req, 2, 0);
4514 SIVAL(req->outbuf,smb_vwv0,res);
4515
4516 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4517 fsp->fnum, (double)startpos, (double)res, mode));
4518
4519 END_PROFILE(SMBlseek);
4520 return;
4521 }
4522
4523 /****************************************************************************
4524 Reply to a flush.
4525 ****************************************************************************/
4526
4527 void reply_flush(struct smb_request *req)
4528 {
4529 connection_struct *conn = req->conn;
4530 uint16 fnum;
4531 files_struct *fsp;
4532
4533 START_PROFILE(SMBflush);
4534
4535 if (req->wct < 1) {
4536 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4537 return;
4538 }
4539
4540 fnum = SVAL(req->vwv+0, 0);
4541 fsp = file_fsp(req, fnum);
4542
4543 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4544 return;
4545 }
4546
4547 if (!fsp) {
4548 file_sync_all(conn);
4549 } else {
4550 NTSTATUS status = sync_file(conn, fsp, True);
4551 if (!NT_STATUS_IS_OK(status)) {
4552 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4553 fsp_str_dbg(fsp), nt_errstr(status)));
4554 reply_nterror(req, status);
4555 END_PROFILE(SMBflush);
4556 return;
4557 }
4558 }
4559
4560 reply_outbuf(req, 0, 0);
4561
4562 DEBUG(3,("flush\n"));
4563 END_PROFILE(SMBflush);
4564 return;
4565 }
4566
4567 /****************************************************************************
4568 Reply to a exit.
4569 conn POINTER CAN BE NULL HERE !
4570 ****************************************************************************/
4571
4572 void reply_exit(struct smb_request *req)
4573 {
4574 START_PROFILE(SMBexit);
4575
4576 file_close_pid(req->smbpid, req->vuid);
4577
4578 reply_outbuf(req, 0, 0);
4579
4580 DEBUG(3,("exit\n"));
4581
4582 END_PROFILE(SMBexit);
4583 return;
4584 }
4585
4586 /****************************************************************************
4587 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4588 ****************************************************************************/
4589
4590 void reply_close(struct smb_request *req)
4591 {
4592 connection_struct *conn = req->conn;
4593 NTSTATUS status = NT_STATUS_OK;
4594 files_struct *fsp = NULL;
4595 START_PROFILE(SMBclose);
4596
4597 if (req->wct < 3) {
4598 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4599 END_PROFILE(SMBclose);
4600 return;
4601 }
4602
4603 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4604
4605 /*
4606 * We can only use check_fsp if we know it's not a directory.
4607 */
4608
4609 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4610 reply_doserror(req, ERRDOS, ERRbadfid);
4611 END_PROFILE(SMBclose);
4612 return;
4613 }
4614
4615 if(fsp->is_directory) {
4616 /*
4617 * Special case - close NT SMB directory handle.
4618 */
4619 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4620 status = close_file(req, fsp, NORMAL_CLOSE);
4621 } else {
4622 time_t t;
4623 /*
4624 * Close ordinary file.
4625 */
4626
4627 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4628 fsp->fh->fd, fsp->fnum,
4629 conn->num_files_open));
4630
4631 /*
4632 * Take care of any time sent in the close.
4633 */
4634
4635 t = srv_make_unix_date3(req->vwv+1);
4636 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4637
4638 /*
4639 * close_file() returns the unix errno if an error
4640 * was detected on close - normally this is due to
4641 * a disk full error. If not then it was probably an I/O error.
4642 */
4643
4644 status = close_file(req, fsp, NORMAL_CLOSE);
4645 }
4646
4647 if (!NT_STATUS_IS_OK(status)) {
4648 reply_nterror(req, status);
4649 END_PROFILE(SMBclose);
4650 return;
4651 }
4652
4653 reply_outbuf(req, 0, 0);
4654 END_PROFILE(SMBclose);
4655 return;
4656 }
4657
4658 /****************************************************************************
4659 Reply to a writeclose (Core+ protocol).
4660 ****************************************************************************/
4661
4662 void reply_writeclose(struct smb_request *req)
4663 {
4664 connection_struct *conn = req->conn;
4665 size_t numtowrite;
4666 ssize_t nwritten = -1;
4667 NTSTATUS close_status = NT_STATUS_OK;
4668 SMB_OFF_T startpos;
4669 const char *data;
4670 struct timespec mtime;
4671 files_struct *fsp;
4672 struct lock_struct lock;
4673
4674 START_PROFILE(SMBwriteclose);
4675
4676 if (req->wct < 6) {
4677 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4678 END_PROFILE(SMBwriteclose);
4679 return;
4680 }
4681
4682 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4683
4684 if (!check_fsp(conn, req, fsp)) {
4685 END_PROFILE(SMBwriteclose);
4686 return;
4687 }
4688 if (!CHECK_WRITE(fsp)) {
4689 reply_doserror(req, ERRDOS,ERRbadaccess);
4690 END_PROFILE(SMBwriteclose);
4691 return;
4692 }
4693
4694 numtowrite = SVAL(req->vwv+1, 0);
4695 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4696 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4697 data = (const char *)req->buf + 1;
4698
4699 if (numtowrite) {
4700 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4701 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4702 &lock);
4703
4704 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4705 reply_doserror(req, ERRDOS,ERRlock);
4706 END_PROFILE(SMBwriteclose);
4707 return;
4708 }
4709 }
4710
4711 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4712
4713 set_close_write_time(fsp, mtime);
4714
4715 /*
4716 * More insanity. W2K only closes the file if writelen > 0.
4717 * JRA.
4718 */
4719
4720 if (numtowrite) {
4721 DEBUG(3,("reply_writeclose: zero length write doesn't close "
4722 "file %s\n", fsp_str_dbg(fsp)));
4723 close_status = close_file(req, fsp, NORMAL_CLOSE);
4724 }
4725
4726 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4727 fsp->fnum, (int)numtowrite, (int)nwritten,
4728 conn->num_files_open));
4729
4730 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4731 reply_doserror(req, ERRHRD, ERRdiskfull);
4732 goto strict_unlock;
4733 }
4734
4735 if(!NT_STATUS_IS_OK(close_status)) {
4736 reply_nterror(req, close_status);
4737 goto strict_unlock;
4738 }
4739
4740 reply_outbuf(req, 1, 0);
4741
4742 SSVAL(req->outbuf,smb_vwv0,nwritten);
4743
4744 strict_unlock:
4745 if (numtowrite) {
4746 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4747 }
4748
4749 END_PROFILE(SMBwriteclose);
4750 return;
4751 }
4752
4753 #undef DBGC_CLASS
4754 #define DBGC_CLASS DBGC_LOCKING
4755
4756 /****************************************************************************
4757 Reply to a lock.
4758 ****************************************************************************/
4759
4760 void reply_lock(struct smb_request *req)
4761 {
4762 connection_struct *conn = req->conn;
4763 uint64_t count,offset;
4764 NTSTATUS status;
4765 files_struct *fsp;
4766 struct byte_range_lock *br_lck = NULL;
4767
4768 START_PROFILE(SMBlock);
4769
4770 if (req->wct < 5) {
4771 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4772 END_PROFILE(SMBlock);
4773 return;
4774 }
4775
4776 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4777
4778 if (!check_fsp(conn, req, fsp)) {
4779 END_PROFILE(SMBlock);
4780 return;
4781 }
4782
4783 count = (uint64_t)IVAL(req->vwv+1, 0);
4784 offset = (uint64_t)IVAL(req->vwv+3, 0);
4785
4786 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4787 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4788
4789 br_lck = do_lock(smbd_messaging_context(),
4790 fsp,
4791 req->smbpid,
4792 count,
4793 offset,
4794 WRITE_LOCK,
4795 WINDOWS_LOCK,
4796 False, /* Non-blocking lock. */
4797 &status,
4798 NULL,
4799 NULL);
4800
4801 TALLOC_FREE(br_lck);
4802
4803 if (NT_STATUS_V(status)) {
4804 reply_nterror(req, status);
4805 END_PROFILE(SMBlock);
4806 return;
4807 }
4808
4809 reply_outbuf(req, 0, 0);
4810
4811 END_PROFILE(SMBlock);
4812 return;
4813 }
4814
4815 /****************************************************************************
4816 Reply to a unlock.
4817 ****************************************************************************/
4818
4819 void reply_unlock(struct smb_request *req)
4820 {
4821 connection_struct *conn = req->conn;
4822 uint64_t count,offset;
4823 NTSTATUS status;
4824 files_struct *fsp;
4825
4826 START_PROFILE(SMBunlock);
4827
4828 if (req->wct < 5) {
4829 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4830 END_PROFILE(SMBunlock);
4831 return;
4832 }
4833
4834 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4835
4836 if (!check_fsp(conn, req, fsp)) {
4837 END_PROFILE(SMBunlock);
4838 return;
4839 }
4840
4841 count = (uint64_t)IVAL(req->vwv+1, 0);
4842 offset = (uint64_t)IVAL(req->vwv+3, 0);
4843
4844 status = do_unlock(smbd_messaging_context(),
4845 fsp,
4846 req->smbpid,
4847 count,
4848 offset,
4849 WINDOWS_LOCK);
4850
4851 if (NT_STATUS_V(status)) {
4852 reply_nterror(req, status);
4853 END_PROFILE(SMBunlock);
4854 return;
4855 }
4856
4857 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4858 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4859
4860 reply_outbuf(req, 0, 0);
4861
4862 END_PROFILE(SMBunlock);
4863 return;
4864 }
4865
4866 #undef DBGC_CLASS
4867 #define DBGC_CLASS DBGC_ALL
4868
4869 /****************************************************************************
4870 Reply to a tdis.
4871 conn POINTER CAN BE NULL HERE !
4872 ****************************************************************************/
4873
4874 void reply_tdis(struct smb_request *req)
4875 {
4876 connection_struct *conn = req->conn;
4877 START_PROFILE(SMBtdis);
4878
4879 if (!conn) {
4880 DEBUG(4,("Invalid connection in tdis\n"));
4881 reply_doserror(req, ERRSRV, ERRinvnid);
4882 END_PROFILE(SMBtdis);
4883 return;
4884 }
4885
4886 conn->used = False;
4887
4888 close_cnum(conn,req->vuid);
4889 req->conn = NULL;
4890
4891 reply_outbuf(req, 0, 0);
4892 END_PROFILE(SMBtdis);
4893 return;
4894 }
4895
4896 /****************************************************************************
4897 Reply to a echo.
4898 conn POINTER CAN BE NULL HERE !
4899 ****************************************************************************/
4900
4901 void reply_echo(struct smb_request *req)
4902 {
4903 connection_struct *conn = req->conn;
4904 struct smb_perfcount_data local_pcd;
4905 struct smb_perfcount_data *cur_pcd;
4906 int smb_reverb;
4907 int seq_num;
4908
4909 START_PROFILE(SMBecho);
4910
4911 smb_init_perfcount_data(&local_pcd);
4912
4913 if (req->wct < 1) {
4914 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4915 END_PROFILE(SMBecho);
4916 return;
4917 }
4918
4919 smb_reverb = SVAL(req->vwv+0, 0);
4920
4921 reply_outbuf(req, 1, req->buflen);
4922
4923 /* copy any incoming data back out */
4924 if (req->buflen > 0) {
4925 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4926 }
4927
4928 if (smb_reverb > 100) {
4929 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4930 smb_reverb = 100;
4931 }
4932
4933 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
4934
4935 /* this makes sure we catch the request pcd */
4936 if (seq_num == smb_reverb) {
4937 cur_pcd = &req->pcd;
4938 } else {
4939 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
4940 cur_pcd = &local_pcd;
4941 }
4942
4943 SSVAL(req->outbuf,smb_vwv0,seq_num);
4944
4945 show_msg((char *)req->outbuf);
4946 if (!srv_send_smb(smbd_server_fd(),
4947 (char *)req->outbuf,
4948 true, req->seqnum+1,
4949 IS_CONN_ENCRYPTED(conn)||req->encrypted,
4950 cur_pcd))
4951 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4952 }
4953
4954 DEBUG(3,("echo %d times\n", smb_reverb));
4955
4956 TALLOC_FREE(req->outbuf);
4957
4958 END_PROFILE(SMBecho);
4959 return;
4960 }
4961
4962 /****************************************************************************
4963 Reply to a printopen.
4964 ****************************************************************************/
4965
4966 void reply_printopen(struct smb_request *req)
4967 {
4968 connection_struct *conn = req->conn;
4969 files_struct *fsp;
4970 SMB_STRUCT_STAT sbuf;
4971 NTSTATUS status;
4972
4973 START_PROFILE(SMBsplopen);
4974
4975 if (req->wct < 2) {
4976 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4977 END_PROFILE(SMBsplopen);
4978 return;
4979 }
4980
4981 if (!CAN_PRINT(conn)) {
4982 reply_doserror(req, ERRDOS, ERRnoaccess);
4983 END_PROFILE(SMBsplopen);
4984 return;
4985 }
4986
4987 status = file_new(req, conn, &fsp);
4988 if(!NT_STATUS_IS_OK(status)) {
4989 reply_nterror(req, status);
4990 END_PROFILE(SMBsplopen);
4991 return;
4992 }
4993
4994 /* Open for exclusive use, write only. */
4995 status = print_fsp_open(req, conn, NULL, req->vuid, fsp, &sbuf);
4996
4997 if (!NT_STATUS_IS_OK(status)) {
4998 file_free(req, fsp);
4999 reply_nterror(req, status);
5000 END_PROFILE(SMBsplopen);
5001 return;
5002 }
5003
5004 reply_outbuf(req, 1, 0);
5005 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
5006
5007 DEBUG(3,("openprint fd=%d fnum=%d\n",
5008 fsp->fh->fd, fsp->fnum));
5009
5010 END_PROFILE(SMBsplopen);
5011 return;
5012 }
5013
5014 /****************************************************************************
5015 Reply to a printclose.
5016 ****************************************************************************/
5017
5018 void reply_printclose(struct smb_request *req)
5019 {
5020 connection_struct *conn = req->conn;
5021 files_struct *fsp;
5022 NTSTATUS status;
5023
5024 START_PROFILE(SMBsplclose);
5025
5026 if (req->wct < 1) {
5027 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5028 END_PROFILE(SMBsplclose);
5029 return;
5030 }
5031
5032 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5033
5034 if (!check_fsp(conn, req, fsp)) {
5035 END_PROFILE(SMBsplclose);
5036 return;
5037 }
5038
5039 if (!CAN_PRINT(conn)) {
5040 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
5041 END_PROFILE(SMBsplclose);
5042 return;
5043 }
5044
5045 DEBUG(3,("printclose fd=%d fnum=%d\n",
5046 fsp->fh->fd,fsp->fnum));
5047
5048 status = close_file(req, fsp, NORMAL_CLOSE);
5049
5050 if(!NT_STATUS_IS_OK(status)) {
5051 reply_nterror(req, status);
5052 END_PROFILE(SMBsplclose);
5053 return;
5054 }
5055
5056 reply_outbuf(req, 0, 0);
5057
5058 END_PROFILE(SMBsplclose);
5059 return;
5060 }
5061
5062 /****************************************************************************
5063 Reply to a printqueue.
5064 ****************************************************************************/
5065
5066 void reply_printqueue(struct smb_request *req)
5067 {
5068 connection_struct *conn = req->conn;
5069 int max_count;
5070 int start_index;
5071
5072 START_PROFILE(SMBsplretq);
5073
5074 if (req->wct < 2) {
5075 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5076 END_PROFILE(SMBsplretq);
5077 return;
5078 }
5079
5080 max_count = SVAL(req->vwv+0, 0);
5081 start_index = SVAL(req->vwv+1, 0);
5082
5083 /* we used to allow the client to get the cnum wrong, but that
5084 is really quite gross and only worked when there was only
5085 one printer - I think we should now only accept it if they
5086 get it right (tridge) */
5087 if (!CAN_PRINT(conn)) {
5088 reply_doserror(req, ERRDOS, ERRnoaccess);
5089 END_PROFILE(SMBsplretq);
5090 return;
5091 }
5092
5093 reply_outbuf(req, 2, 3);
5094 SSVAL(req->outbuf,smb_vwv0,0);
5095 SSVAL(req->outbuf,smb_vwv1,0);
5096 SCVAL(smb_buf(req->outbuf),0,1);
5097 SSVAL(smb_buf(req->outbuf),1,0);
5098
5099 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
5100 start_index, max_count));
5101
5102 {
5103 print_queue_struct *queue = NULL;
5104 print_status_struct status;
5105 int count = print_queue_status(SNUM(conn), &queue, &status);
5106 int num_to_get = ABS(max_count);
5107 int first = (max_count>0?start_index:start_index+max_count+1);
5108 int i;
5109
5110 if (first >= count)
5111 num_to_get = 0;
5112 else
5113 num_to_get = MIN(num_to_get,count-first);
5114
5115
5116 for (i=first;i<first+num_to_get;i++) {
5117 char blob[28];
5118 char *p = blob;
5119
5120 srv_put_dos_date2(p,0,queue[i].time);
5121 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
5122 SSVAL(p,5, queue[i].job);
5123 SIVAL(p,7,queue[i].size);
5124 SCVAL(p,11,0);
5125 srvstr_push(blob, req->flags2, p+12,
5126 queue[i].fs_user, 16, STR_ASCII);
5127
5128 if (message_push_blob(
5129 &req->outbuf,
5130 data_blob_const(
5131 blob, sizeof(blob))) == -1) {
5132 reply_nterror(req, NT_STATUS_NO_MEMORY);
5133 END_PROFILE(SMBsplretq);
5134 return;
5135 }
5136 }
5137
5138 if (count > 0) {
5139 SSVAL(req->outbuf,smb_vwv0,count);
5140 SSVAL(req->outbuf,smb_vwv1,
5141 (max_count>0?first+count:first-1));
5142 SCVAL(smb_buf(req->outbuf),0,1);
5143 SSVAL(smb_buf(req->outbuf),1,28*count);
5144 }
5145
5146 SAFE_FREE(queue);
5147
5148 DEBUG(3,("%d entries returned in queue\n",count));
5149 }
5150
5151 END_PROFILE(SMBsplretq);
5152 return;
5153 }
5154
5155 /****************************************************************************
5156 Reply to a printwrite.
5157 ****************************************************************************/
5158
5159 void reply_printwrite(struct smb_request *req)
5160 {
5161 connection_struct *conn = req->conn;
5162 int numtowrite;
5163 const char *data;
5164 files_struct *fsp;
5165
5166 START_PROFILE(SMBsplwr);
5167
5168 if (req->wct < 1) {
5169 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5170 END_PROFILE(SMBsplwr);
5171 return;
5172 }
5173
5174 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
5175
5176 if (!check_fsp(conn, req, fsp)) {
5177 END_PROFILE(SMBsplwr);
5178 return;
5179 }
5180
5181 if (!CAN_PRINT(conn)) {
5182 reply_doserror(req, ERRDOS, ERRnoaccess);
5183 END_PROFILE(SMBsplwr);
5184 return;
5185 }
5186
5187 if (!CHECK_WRITE(fsp)) {
5188 reply_doserror(req, ERRDOS, ERRbadaccess);
5189 END_PROFILE(SMBsplwr);
5190 return;
5191 }
5192
5193 numtowrite = SVAL(req->buf, 1);
5194
5195 if (req->buflen < numtowrite + 3) {
5196 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5197 END_PROFILE(SMBsplwr);
5198 return;
5199 }
5200
5201 data = (const char *)req->buf + 3;
5202
5203 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
5204 reply_nterror(req, map_nt_error_from_unix(errno));
5205 END_PROFILE(SMBsplwr);
5206 return;
5207 }
5208
5209 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5210
5211 END_PROFILE(SMBsplwr);
5212 return;
5213 }
5214
5215 /****************************************************************************
5216 Reply to a mkdir.
5217 ****************************************************************************/
5218
5219 void reply_mkdir(struct smb_request *req)
5220 {
5221 connection_struct *conn = req->conn;
5222 struct smb_filename *smb_dname = NULL;
5223 char *directory = NULL;
5224 NTSTATUS status;
5225 TALLOC_CTX *ctx = talloc_tos();
5226
5227 START_PROFILE(SMBmkdir);
5228
5229 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5230 STR_TERMINATE, &status);
5231 if (!NT_STATUS_IS_OK(status)) {
5232 reply_nterror(req, status);
5233 goto out;
5234 }
5235
5236 status = filename_convert(ctx, conn,
5237 req->flags2 & FLAGS2_DFS_PATHNAMES,
5238 directory,
5239 0,
5240 NULL,
5241 &smb_dname);
5242 if (!NT_STATUS_IS_OK(status)) {
5243 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5244 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5245 ERRSRV, ERRbadpath);
5246 goto out;
5247 }
5248 reply_nterror(req, status);
5249 goto out;
5250 }
5251
5252 status = create_directory(conn, req, smb_dname);
5253
5254 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5255
5256 if (!NT_STATUS_IS_OK(status)) {
5257
5258 if (!use_nt_status()
5259 && NT_STATUS_EQUAL(status,
5260 NT_STATUS_OBJECT_NAME_COLLISION)) {
5261 /*
5262 * Yes, in the DOS error code case we get a
5263 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5264 * samba4 torture test.
5265 */
5266 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5267 }
5268
5269 reply_nterror(req, status);
5270 goto out;
5271 }
5272
5273 reply_outbuf(req, 0, 0);
5274
5275 DEBUG(3, ("mkdir %s\n", smb_dname->base_name));
5276 out:
5277 TALLOC_FREE(smb_dname);
5278 END_PROFILE(SMBmkdir);
5279 return;
5280 }
5281
5282 /****************************************************************************
5283 Static function used by reply_rmdir to delete an entire directory
5284 tree recursively. Return True on ok, False on fail.
5285 ****************************************************************************/
5286
5287 static bool recursive_rmdir(TALLOC_CTX *ctx,
5288 connection_struct *conn,
5289 struct smb_filename *smb_dname)
5290 {
5291 const char *dname = NULL;
5292 bool ret = True;
5293 long offset = 0;
5294 SMB_STRUCT_STAT st;
5295 struct smb_Dir *dir_hnd;
5296
5297 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
5298
5299 dir_hnd = OpenDir(talloc_tos(), conn, smb_dname->base_name, NULL, 0);
5300 if(dir_hnd == NULL)
5301 return False;
5302
5303 while((dname = ReadDirName(dir_hnd, &offset, &st))) {
5304 struct smb_filename *smb_dname_full = NULL;
5305 char *fullname = NULL;
5306 bool do_break = true;
5307 NTSTATUS status;
5308
5309 if (ISDOT(dname) || ISDOTDOT(dname)) {
5310 continue;
5311 }
5312
5313 if (!is_visible_file(conn, smb_dname->base_name, dname, &st,
5314 false)) {
5315 continue;
5316 }
5317
5318 /* Construct the full name. */
5319 fullname = talloc_asprintf(ctx,
5320 "%s/%s",
5321 smb_dname->base_name,
5322 dname);
5323 if (!fullname) {
5324 errno = ENOMEM;
5325 goto err_break;
5326 }
5327
5328 status = create_synthetic_smb_fname(talloc_tos(), fullname,
5329 NULL, NULL,
5330 &smb_dname_full);
5331 if (!NT_STATUS_IS_OK(status)) {
5332 goto err_break;
5333 }
5334
5335 if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
5336 goto err_break;
5337 }
5338
5339 if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
5340 if(!recursive_rmdir(ctx, conn, smb_dname_full)) {
5341 goto err_break;
5342 }
5343 if(SMB_VFS_RMDIR(conn,
5344 smb_dname_full->base_name) != 0) {
5345 goto err_break;
5346 }
5347 } else if(SMB_VFS_UNLINK(conn, smb_dname_full) != 0) {
5348 goto err_break;
5349 }
5350
5351 /* Successful iteration. */
5352 do_break = false;
5353
5354 err_break:
5355 TALLOC_FREE(smb_dname_full);
5356 TALLOC_FREE(fullname);
5357 if (do_break) {
5358 ret = false;
5359 break;
5360 }
5361 }
5362 TALLOC_FREE(dir_hnd);
5363 return ret;
5364 }
5365
5366 /****************************************************************************
5367 The internals of the rmdir code - called elsewhere.
5368 ****************************************************************************/
5369
5370 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
5371 connection_struct *conn,
5372 struct smb_filename *smb_dname)
5373 {
5374 int ret;
5375 SMB_STRUCT_STAT st;
5376
5377 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
5378
5379 /* Might be a symlink. */
5380 if(SMB_VFS_LSTAT(conn, smb_dname) != 0) {
5381 return map_nt_error_from_unix(errno);
5382 }
5383
5384 if (S_ISLNK(smb_dname->st.st_ex_mode)) {
5385 /* Is what it points to a directory ? */
5386 if(SMB_VFS_STAT(conn, smb_dname) != 0) {
5387 return map_nt_error_from_unix(errno);
5388 }
5389 if (!(S_ISDIR(smb_dname->st.st_ex_mode))) {
5390 return NT_STATUS_NOT_A_DIRECTORY;
5391 }
5392 ret = SMB_VFS_UNLINK(conn, smb_dname);
5393 } else {
5394 ret = SMB_VFS_RMDIR(conn, smb_dname->base_name);
5395 }
5396 if (ret == 0) {
5397 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5398 FILE_NOTIFY_CHANGE_DIR_NAME,
5399 smb_dname->base_name);
5400 return NT_STATUS_OK;
5401 }
5402
5403 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
5404 /*
5405 * Check to see if the only thing in this directory are
5406 * vetoed files/directories. If so then delete them and
5407 * retry. If we fail to delete any of them (and we *don't*
5408 * do a recursive delete) then fail the rmdir.
5409 */
5410 const char *dname;
5411 long dirpos = 0;
5412 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5413 smb_dname->base_name, NULL,
5414 0);
5415
5416 if(dir_hnd == NULL) {
5417 errno = ENOTEMPTY;
5418 goto err;
5419 }
5420
5421 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5422 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5423 continue;
5424 if (!is_visible_file(conn, smb_dname->base_name, dname,
5425 &st, false))
5426 continue;
5427 if(!IS_VETO_PATH(conn, dname)) {
5428 TALLOC_FREE(dir_hnd);
5429 errno = ENOTEMPTY;
5430 goto err;
5431 }
5432 }
5433
5434 /* We only have veto files/directories.
5435 * Are we allowed to delete them ? */
5436
5437 if(!lp_recursive_veto_delete(SNUM(conn))) {
5438 TALLOC_FREE(dir_hnd);
5439 errno = ENOTEMPTY;
5440 goto err;
5441 }
5442
5443 /* Do a recursive delete. */
5444 RewindDir(dir_hnd,&dirpos);
5445 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5446 struct smb_filename *smb_dname_full = NULL;
5447 char *fullname = NULL;
5448 bool do_break = true;
5449 NTSTATUS status;
5450
5451 if (ISDOT(dname) || ISDOTDOT(dname)) {
5452 continue;
5453 }
5454 if (!is_visible_file(conn, smb_dname->base_name, dname,
5455 &st, false)) {
5456 continue;
5457 }
5458
5459 fullname = talloc_asprintf(ctx,
5460 "%s/%s",
5461 smb_dname->base_name,
5462 dname);
5463
5464 if(!fullname) {
5465 errno = ENOMEM;
5466 goto err_break;
5467 }
5468
5469 status = create_synthetic_smb_fname(talloc_tos(),
5470 fullname, NULL,
5471 NULL,
5472 &smb_dname_full);
5473 if (!NT_STATUS_IS_OK(status)) {
5474 errno = map_errno_from_nt_status(status);
5475 goto err_break;
5476 }
5477
5478 if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
5479 goto err_break;
5480 }
5481 if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
5482 if(!recursive_rmdir(ctx, conn,
5483 smb_dname_full)) {
5484 goto err_break;
5485 }
5486 if(SMB_VFS_RMDIR(conn,
5487 smb_dname_full->base_name) != 0) {
5488 goto err_break;
5489 }
5490 } else if(SMB_VFS_UNLINK(conn, smb_dname_full) != 0) {
5491 goto err_break;
5492 }
5493
5494 /* Successful iteration. */
5495 do_break = false;
5496
5497 err_break:
5498 TALLOC_FREE(fullname);
5499 TALLOC_FREE(smb_dname_full);
5500 if (do_break)
5501 break;
5502 }
5503 TALLOC_FREE(dir_hnd);
5504 /* Retry the rmdir */
5505 ret = SMB_VFS_RMDIR(conn, smb_dname->base_name);
5506 }
5507
5508 err:
5509
5510 if (ret != 0) {
5511 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5512 "%s\n", smb_fname_str_dbg(smb_dname),
5513 strerror(errno)));
5514 return map_nt_error_from_unix(errno);
5515 }
5516
5517 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5518 FILE_NOTIFY_CHANGE_DIR_NAME,
5519 smb_dname->base_name);
5520
5521 return NT_STATUS_OK;
5522 }
5523
5524 /****************************************************************************
5525 Reply to a rmdir.
5526 ****************************************************************************/
5527
5528 void reply_rmdir(struct smb_request *req)
5529 {
5530 connection_struct *conn = req->conn;
5531 struct smb_filename *smb_dname = NULL;
5532 char *directory = NULL;
5533 NTSTATUS status;
5534 TALLOC_CTX *ctx = talloc_tos();
5535
5536 START_PROFILE(SMBrmdir);
5537
5538 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5539 STR_TERMINATE, &status);
5540 if (!NT_STATUS_IS_OK(status)) {
5541 reply_nterror(req, status);
5542 goto out;
5543 }
5544
5545 status = filename_convert(ctx, conn,
5546 req->flags2 & FLAGS2_DFS_PATHNAMES,
5547 directory,
5548 0,
5549 NULL,
5550 &smb_dname);
5551 if (!NT_STATUS_IS_OK(status)) {
5552 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5553 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5554 ERRSRV, ERRbadpath);
5555 goto out;
5556 }
5557 reply_nterror(req, status);
5558 goto out;
5559 }
5560
5561 if (is_ntfs_stream_smb_fname(smb_dname)) {
5562 reply_nterror(req, NT_STATUS_NOT_A_DIRECTORY);
5563 goto out;
5564 }
5565
5566 dptr_closepath(smb_dname->base_name, req->smbpid);
5567 status = rmdir_internals(ctx, conn, smb_dname);
5568 if (!NT_STATUS_IS_OK(status)) {
5569 reply_nterror(req, status);
5570 goto out;
5571 }
5572
5573 reply_outbuf(req, 0, 0);
5574
5575 DEBUG(3, ("rmdir %s\n", smb_fname_str_dbg(smb_dname)));
5576 out:
5577 TALLOC_FREE(smb_dname);
5578 END_PROFILE(SMBrmdir);
5579 return;
5580 }
5581
5582 /*******************************************************************
5583 Resolve wildcards in a filename rename.
5584 ********************************************************************/
5585
5586 static bool resolve_wildcards(TALLOC_CTX *ctx,
5587 const char *name1,
5588 const char *name2,
5589 char **pp_newname)
5590 {
5591 char *name2_copy = NULL;
5592 char *root1 = NULL;
5593 char *root2 = NULL;
5594 char *ext1 = NULL;
5595 char *ext2 = NULL;
5596 char *p,*p2, *pname1, *pname2;
5597
5598 name2_copy = talloc_strdup(ctx, name2);
5599 if (!name2_copy) {
5600 return False;
5601 }
5602
5603 pname1 = strrchr_m(name1,'/');
5604 pname2 = strrchr_m(name2_copy,'/');
5605
5606 if (!pname1 || !pname2) {
5607 return False;
5608 }
5609
5610 /* Truncate the copy of name2 at the last '/' */
5611 *pname2 = '\0';
5612
5613 /* Now go past the '/' */
5614 pname1++;
5615 pname2++;
5616
5617 root1 = talloc_strdup(ctx, pname1);
5618 root2 = talloc_strdup(ctx, pname2);
5619
5620 if (!root1 || !root2) {
5621 return False;
5622 }
5623
5624 p = strrchr_m(root1,'.');
5625 if (p) {
5626 *p = 0;
5627 ext1 = talloc_strdup(ctx, p+1);
5628 } else {
5629 ext1 = talloc_strdup(ctx, "");
5630 }
5631 p = strrchr_m(root2,'.');
5632 if (p) {
5633 *p = 0;
5634 ext2 = talloc_strdup(ctx, p+1);
5635 } else {
5636 ext2 = talloc_strdup(ctx, "");
5637 }
5638
5639 if (!ext1 || !ext2) {
5640 return False;
5641 }
5642
5643 p = root1;
5644 p2 = root2;
5645 while (*p2) {
5646 if (*p2 == '?') {
5647 /* Hmmm. Should this be mb-aware ? */
5648 *p2 = *p;
5649 p2++;
5650 } else if (*p2 == '*') {
5651 *p2 = '\0';
5652 root2 = talloc_asprintf(ctx, "%s%s",
5653 root2,
5654 p);
5655 if (!root2) {
5656 return False;
5657 }
5658 break;
5659 } else {
5660 p2++;
5661 }
5662 if (*p) {
5663 p++;
5664 }
5665 }
5666
5667 p = ext1;
5668 p2 = ext2;
5669 while (*p2) {
5670 if (*p2 == '?') {
5671 /* Hmmm. Should this be mb-aware ? */
5672 *p2 = *p;
5673 p2++;
5674 } else if (*p2 == '*') {
5675 *p2 = '\0';
5676 ext2 = talloc_asprintf(ctx, "%s%s",
5677 ext2,
5678 p);
5679 if (!ext2) {
5680 return False;
5681 }
5682 break;
5683 } else {
5684 p2++;
5685 }
5686 if (*p) {
5687 p++;
5688 }
5689 }
5690
5691 if (*ext2) {
5692 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5693 name2_copy,
5694 root2,
5695 ext2);
5696 } else {
5697 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5698 name2_copy,
5699 root2);
5700 }
5701
5702 if (!*pp_newname) {
5703 return False;
5704 }
5705
5706 return True;
5707 }
5708
5709 /****************************************************************************
5710 Ensure open files have their names updated. Updated to notify other smbd's
5711 asynchronously.
5712 ****************************************************************************/
5713
5714 static void rename_open_files(connection_struct *conn,
5715 struct share_mode_lock *lck,
5716 const struct smb_filename *smb_fname_dst)
5717 {
5718 files_struct *fsp;
5719 bool did_rename = False;
5720 NTSTATUS status;
5721
5722 for(fsp = file_find_di_first(lck->id); fsp;
5723 fsp = file_find_di_next(fsp)) {
5724 /* fsp_name is a relative path under the fsp. To change this for other
5725 sharepaths we need to manipulate relative paths. */
5726 /* TODO - create the absolute path and manipulate the newname
5727 relative to the sharepath. */
5728 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5729 continue;
5730 }
5731 DEBUG(10, ("rename_open_files: renaming file fnum %d "
5732 "(file_id %s) from %s -> %s\n", fsp->fnum,
5733 file_id_string_tos(&fsp->file_id), fsp_str_dbg(fsp),
5734 smb_fname_str_dbg(smb_fname_dst)));
5735
5736 status = fsp_set_smb_fname(fsp, smb_fname_dst);
5737 if (NT_STATUS_IS_OK(status)) {
5738 did_rename = True;
5739 }
5740 }
5741
5742 if (!did_rename) {
5743 DEBUG(10, ("rename_open_files: no open files on file_id %s "
5744 "for %s\n", file_id_string_tos(&lck->id),
5745 smb_fname_str_dbg(smb_fname_dst)));
5746 }
5747
5748 /* Send messages to all smbd's (not ourself) that the name has changed. */
5749 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5750 smb_fname_dst);
5751
5752 }
5753
5754 /****************************************************************************
5755 We need to check if the source path is a parent directory of the destination
5756 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5757 refuse the rename with a sharing violation. Under UNIX the above call can
5758 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5759 probably need to check that the client is a Windows one before disallowing
5760 this as a UNIX client (one with UNIX extensions) can know the source is a
5761 symlink and make this decision intelligently. Found by an excellent bug
5762 report from <AndyLiebman@aol.com>.
5763 ****************************************************************************/
5764
5765 static bool rename_path_prefix_equal(const struct smb_filename *smb_fname_src,
5766 const struct smb_filename *smb_fname_dst)
5767 {
5768 const char *psrc = smb_fname_src->base_name;
5769 const char *pdst = smb_fname_dst->base_name;
5770 size_t slen;
5771
5772 if (psrc[0] == '.' && psrc[1] == '/') {
5773 psrc += 2;
5774 }
5775 if (pdst[0] == '.' && pdst[1] == '/') {
5776 pdst += 2;
5777 }
5778 if ((slen = strlen(psrc)) > strlen(pdst)) {
5779 return False;
5780 }
5781 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5782 }
5783
5784 /*
5785 * Do the notify calls from a rename
5786 */
5787
5788 static void notify_rename(connection_struct *conn, bool is_dir,
5789 const struct smb_filename *smb_fname_src,
5790 const struct smb_filename *smb_fname_dst)
5791 {
5792 char *parent_dir_src = NULL;
5793 char *parent_dir_dst = NULL;
5794 uint32 mask;
5795
5796 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5797 : FILE_NOTIFY_CHANGE_FILE_NAME;
5798
5799 if (!parent_dirname(talloc_tos(), smb_fname_src->base_name,
5800 &parent_dir_src, NULL) ||
5801 !parent_dirname(talloc_tos(), smb_fname_dst->base_name,
5802 &parent_dir_dst, NULL)) {
5803 goto out;
5804 }
5805
5806 if (strcmp(parent_dir_src, parent_dir_dst) == 0) {
5807 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask,
5808 smb_fname_src->base_name);
5809 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask,
5810 smb_fname_dst->base_name);
5811 }
5812 else {
5813 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask,
5814 smb_fname_src->base_name);
5815 notify_fname(conn, NOTIFY_ACTION_ADDED, mask,
5816 smb_fname_dst->base_name);
5817 }
5818
5819 /* this is a strange one. w2k3 gives an additional event for
5820 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5821 files, but not directories */
5822 if (!is_dir) {
5823 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5824 FILE_NOTIFY_CHANGE_ATTRIBUTES
5825 |FILE_NOTIFY_CHANGE_CREATION,
5826 smb_fname_dst->base_name);
5827 }
5828 out:
5829 TALLOC_FREE(parent_dir_src);
5830 TALLOC_FREE(parent_dir_dst);
5831 }
5832
5833 /****************************************************************************
5834 Rename an open file - given an fsp.
5835 ****************************************************************************/
5836
5837 NTSTATUS rename_internals_fsp(connection_struct *conn,
5838 files_struct *fsp,
5839 const struct smb_filename *smb_fname_dst_in,
5840 uint32 attrs,
5841 bool replace_if_exists)
5842 {
5843 TALLOC_CTX *ctx = talloc_tos();
5844 struct smb_filename *smb_fname_src = NULL;
5845 struct smb_filename *smb_fname_dst = NULL;
5846 SMB_STRUCT_STAT sbuf;
5847 NTSTATUS status = NT_STATUS_OK;
5848 struct share_mode_lock *lck = NULL;
5849 bool dst_exists, old_is_stream, new_is_stream;
5850
5851 ZERO_STRUCT(sbuf);
5852
5853 status = check_name(conn, smb_fname_dst_in->base_name);
5854 if (!NT_STATUS_IS_OK(status)) {
5855 return status;
5856 }
5857
5858 /* Make a copy of the src and dst smb_fname structs */
5859 status = copy_smb_filename(ctx, fsp->fsp_name, &smb_fname_src);
5860 if (!NT_STATUS_IS_OK(status)) {
5861 goto out;
5862 }
5863
5864 status = copy_smb_filename(ctx, smb_fname_dst_in, &smb_fname_dst);
5865 if (!NT_STATUS_IS_OK(status)) {
5866 goto out;
5867 }
5868
5869 /* Ensure the dst smb_fname contains a '/' */
5870 if(strrchr_m(smb_fname_dst->base_name,'/') == 0) {
5871 char * tmp;
5872 tmp = talloc_asprintf(smb_fname_dst, "./%s",
5873 smb_fname_dst->base_name);
5874 if (!tmp) {
5875 status = NT_STATUS_NO_MEMORY;
5876 goto out;
5877 }
5878 TALLOC_FREE(smb_fname_dst->base_name);
5879 smb_fname_dst->base_name = tmp;
5880 }
5881
5882 /*
5883 * Check for special case with case preserving and not
5884 * case sensitive. If the old last component differs from the original
5885 * last component only by case, then we should allow
5886 * the rename (user is trying to change the case of the
5887 * filename).
5888 */
5889 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5890 strequal(smb_fname_src->base_name, smb_fname_dst->base_name) &&
5891 strequal(smb_fname_src->stream_name, smb_fname_dst->stream_name)) {
5892 char *last_slash;
5893 char *fname_dst_lcomp_base_mod = NULL;
5894 struct smb_filename *smb_fname_orig_lcomp = NULL;
5895
5896 /*
5897 * Get the last component of the destination name. Note that
5898 * we guarantee that destination name contains a '/' character
5899 * above.
5900 */
5901 last_slash = strrchr_m(smb_fname_dst->base_name, '/');
5902 fname_dst_lcomp_base_mod = talloc_strdup(ctx, last_slash + 1);
5903 if (!fname_dst_lcomp_base_mod) {
5904 status = NT_STATUS_NO_MEMORY;
5905 goto out;
5906 }
5907
5908 /*
5909 * Create an smb_filename struct using the original last
5910 * component of the destination.
5911 */
5912 status = create_synthetic_smb_fname_split(ctx,
5913 smb_fname_dst->original_lcomp, NULL,
5914 &smb_fname_orig_lcomp);
5915 if (!NT_STATUS_IS_OK(status)) {
5916 TALLOC_FREE(fname_dst_lcomp_base_mod);
5917 goto out;
5918 }
5919
5920 /* If the base names only differ by case, use original. */
5921 if(!strcsequal(fname_dst_lcomp_base_mod,
5922 smb_fname_orig_lcomp->base_name)) {
5923 char *tmp;
5924 /*
5925 * Replace the modified last component with the
5926 * original.
5927 */
5928 *last_slash = '\0'; /* Truncate at the '/' */
5929 tmp = talloc_asprintf(smb_fname_dst,
5930 "%s/%s",
5931 smb_fname_dst->base_name,
5932 smb_fname_orig_lcomp->base_name);
5933 if (tmp == NULL) {
5934 status = NT_STATUS_NO_MEMORY;
5935 TALLOC_FREE(fname_dst_lcomp_base_mod);
5936 TALLOC_FREE(smb_fname_orig_lcomp);
5937 goto out;
5938 }
5939 TALLOC_FREE(smb_fname_dst->base_name);
5940 smb_fname_dst->base_name = tmp;
5941 }
5942
5943 /* If the stream_names only differ by case, use original. */
5944 if(!strcsequal(smb_fname_dst->stream_name,
5945 smb_fname_orig_lcomp->stream_name)) {
5946 char *tmp = NULL;
5947 /* Use the original stream. */
5948 tmp = talloc_strdup(smb_fname_dst,
5949 smb_fname_orig_lcomp->stream_name);
5950 if (tmp == NULL) {
5951 status = NT_STATUS_NO_MEMORY;
5952 TALLOC_FREE(fname_dst_lcomp_base_mod);
5953 TALLOC_FREE(smb_fname_orig_lcomp);
5954 goto out;
5955 }
5956 TALLOC_FREE(smb_fname_dst->stream_name);
5957 smb_fname_dst->stream_name = tmp;
5958 }
5959 TALLOC_FREE(fname_dst_lcomp_base_mod);
5960 TALLOC_FREE(smb_fname_orig_lcomp);
5961 }
5962
5963 /*
5964 * If the src and dest names are identical - including case,
5965 * don't do the rename, just return success.
5966 */
5967
5968 if (strcsequal(smb_fname_src->base_name, smb_fname_dst->base_name) &&
5969 strcsequal(smb_fname_src->stream_name,
5970 smb_fname_dst->stream_name)) {
5971 DEBUG(3, ("rename_internals_fsp: identical names in rename %s "
5972 "- returning success\n",
5973 smb_fname_str_dbg(smb_fname_dst)));
5974 status = NT_STATUS_OK;
5975 goto out;
5976 }
5977
5978 old_is_stream = is_ntfs_stream_smb_fname(smb_fname_src);
5979 new_is_stream = is_ntfs_stream_smb_fname(smb_fname_dst);
5980
5981 /* Return the correct error code if both names aren't streams. */
5982 if (!old_is_stream && new_is_stream) {
5983 status = NT_STATUS_OBJECT_NAME_INVALID;
5984 goto out;
5985 }
5986
5987 if (old_is_stream && !new_is_stream) {
5988 status = NT_STATUS_INVALID_PARAMETER;
5989 goto out;
5990 }
5991
5992 dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0;
5993
5994 if(!replace_if_exists && dst_exists) {
5995 DEBUG(3, ("rename_internals_fsp: dest exists doing rename "
5996 "%s -> %s\n", smb_fname_str_dbg(smb_fname_src),
5997 smb_fname_str_dbg(smb_fname_dst)));
5998 status = NT_STATUS_OBJECT_NAME_COLLISION;
5999 goto out;
6000 }
6001
6002 if (dst_exists) {
6003 struct file_id fileid = vfs_file_id_from_sbuf(conn,
6004 &smb_fname_dst->st);
6005 files_struct *dst_fsp = file_find_di_first(fileid);
6006 /* The file can be open when renaming a stream */
6007 if (dst_fsp && !new_is_stream) {
6008 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
6009 status = NT_STATUS_ACCESS_DENIED;
6010 goto out;
6011 }
6012 }
6013
6014 /* Ensure we have a valid stat struct for the source. */
6015 if (fsp->fh->fd != -1) {
6016 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
6017 status = map_nt_error_from_unix(errno);
6018 goto out;
6019 }
6020 } else {
6021 int ret = -1;
6022 if (fsp->posix_open) {
6023 ret = SMB_VFS_LSTAT(conn, smb_fname_src);
6024 } else {
6025
6026 ret = SMB_VFS_STAT(conn, smb_fname_src);
6027 }
6028 if (ret == -1) {
6029 status = map_nt_error_from_unix(errno);
6030 goto out;
6031 }
6032 sbuf = smb_fname_src->st;
6033 }
6034
6035 status = can_rename(conn, fsp, attrs, &sbuf);
6036
6037 if (!NT_STATUS_IS_OK(status)) {
6038 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6039 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6040 smb_fname_str_dbg(smb_fname_dst)));
6041 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
6042 status = NT_STATUS_ACCESS_DENIED;
6043 goto out;
6044 }
6045
6046 if (rename_path_prefix_equal(smb_fname_src, smb_fname_dst)) {
6047 status = NT_STATUS_ACCESS_DENIED;
6048 }
6049
6050 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
6051 NULL);
6052
6053 /*
6054 * We have the file open ourselves, so not being able to get the
6055 * corresponding share mode lock is a fatal error.
6056 */
6057
6058 SMB_ASSERT(lck != NULL);
6059
6060 if(SMB_VFS_RENAME(conn, smb_fname_src, smb_fname_dst) == 0) {
6061 uint32 create_options = fsp->fh->private_options;
6062
6063 DEBUG(3, ("rename_internals_fsp: succeeded doing rename on "
6064 "%s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6065 smb_fname_str_dbg(smb_fname_dst)));
6066
6067 notify_rename(conn, fsp->is_directory, smb_fname_src,
6068 smb_fname_dst);
6069
6070 rename_open_files(conn, lck, smb_fname_dst);
6071
6072 /*
6073 * A rename acts as a new file create w.r.t. allowing an initial delete
6074 * on close, probably because in Windows there is a new handle to the
6075 * new file. If initial delete on close was requested but not
6076 * originally set, we need to set it here. This is probably not 100% correct,
6077 * but will work for the CIFSFS client which in non-posix mode
6078 * depends on these semantics. JRA.
6079 */
6080
6081 if (create_options & FILE_DELETE_ON_CLOSE) {
6082 status = can_set_delete_on_close(fsp, True, 0);
6083
6084 if (NT_STATUS_IS_OK(status)) {
6085 /* Note that here we set the *inital* delete on close flag,
6086 * not the regular one. The magic gets handled in close. */
6087 fsp->initial_delete_on_close = True;
6088 }
6089 }
6090 TALLOC_FREE(lck);
6091 status = NT_STATUS_OK;
6092 goto out;
6093 }
6094
6095 TALLOC_FREE(lck);
6096
6097 if (errno == ENOTDIR || errno == EISDIR) {
6098 status = NT_STATUS_OBJECT_NAME_COLLISION;
6099 } else {
6100 status = map_nt_error_from_unix(errno);
6101 }
6102
6103 DEBUG(3, ("rename_internals_fsp: Error %s rename %s -> %s\n",
6104 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6105 smb_fname_str_dbg(smb_fname_dst)));
6106
6107 out:
6108 TALLOC_FREE(smb_fname_src);
6109 TALLOC_FREE(smb_fname_dst);
6110
6111 return status;
6112 }
6113
6114 /****************************************************************************
6115 The guts of the rename command, split out so it may be called by the NT SMB
6116 code.
6117 ****************************************************************************/
6118
6119 NTSTATUS rename_internals(TALLOC_CTX *ctx,
6120 connection_struct *conn,
6121 struct smb_request *req,
6122 struct smb_filename *smb_fname_src,
6123 struct smb_filename *smb_fname_dst,
6124 uint32 attrs,
6125 bool replace_if_exists,
6126 bool src_has_wild,
6127 bool dest_has_wild,
6128 uint32_t access_mask)
6129 {
6130 char *fname_src_dir = NULL;
6131 char *fname_src_mask = NULL;
6132 int count=0;
6133 NTSTATUS status = NT_STATUS_OK;
6134 struct smb_Dir *dir_hnd = NULL;
6135 const char *dname;
6136 long offset = 0;
6137 int create_options = 0;
6138 bool posix_pathnames = lp_posix_pathnames();
6139
6140 /*
6141 * Split the old name into directory and last component
6142 * strings. Note that unix_convert may have stripped off a
6143 * leading ./ from both name and newname if the rename is
6144 * at the root of the share. We need to make sure either both
6145 * name and newname contain a / character or neither of them do
6146 * as this is checked in resolve_wildcards().
6147 */
6148
6149 /* Split up the directory from the filename/mask. */
6150 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6151 &fname_src_dir, &fname_src_mask);
6152 if (!NT_STATUS_IS_OK(status)) {
6153 status = NT_STATUS_NO_MEMORY;
6154 goto out;
6155 }
6156
6157 /*
6158 * We should only check the mangled cache
6159 * here if unix_convert failed. This means
6160 * that the path in 'mask' doesn't exist
6161 * on the file system and so we need to look
6162 * for a possible mangle. This patch from
6163 * Tine Smukavec <valentin.smukavec@hermes.si>.
6164 */
6165
6166 if (!VALID_STAT(smb_fname_src->st) &&
6167 mangle_is_mangled(fname_src_mask, conn->params)) {
6168 char *new_mask = NULL;
6169 mangle_lookup_name_from_8_3(ctx, fname_src_mask, &new_mask,
6170 conn->params);
6171 if (new_mask) {
6172 TALLOC_FREE(fname_src_mask);
6173 fname_src_mask = new_mask;
6174 }
6175 }
6176
6177 if (!src_has_wild) {
6178 files_struct *fsp;
6179
6180 /*
6181 * Only one file needs to be renamed. Append the mask back
6182 * onto the directory.
6183 */
6184 TALLOC_FREE(smb_fname_src->base_name);
6185 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6186 "%s/%s",
6187 fname_src_dir,
6188 fname_src_mask);
6189 if (!smb_fname_src->base_name) {
6190 status = NT_STATUS_NO_MEMORY;
6191 goto out;
6192 }
6193
6194 /* Ensure dst fname contains a '/' also */
6195 if(strrchr_m(smb_fname_dst->base_name, '/') == 0) {
6196 char *tmp;
6197 tmp = talloc_asprintf(smb_fname_dst, "./%s",
6198 smb_fname_dst->base_name);
6199 if (!tmp) {
6200 status = NT_STATUS_NO_MEMORY;
6201 goto out;
6202 }
6203 TALLOC_FREE(smb_fname_dst->base_name);
6204 smb_fname_dst->base_name = tmp;
6205 }
6206
6207 DEBUG(3, ("rename_internals: case_sensitive = %d, "
6208 "case_preserve = %d, short case preserve = %d, "
6209 "directory = %s, newname = %s, "
6210 "last_component_dest = %s\n",
6211 conn->case_sensitive, conn->case_preserve,
6212 conn->short_case_preserve,
6213 smb_fname_str_dbg(smb_fname_src),
6214 smb_fname_str_dbg(smb_fname_dst),
6215 smb_fname_dst->original_lcomp));
6216
6217 /* The dest name still may have wildcards. */
6218 if (dest_has_wild) {
6219 char *fname_dst_mod = NULL;
6220 if (!resolve_wildcards(smb_fname_dst,
6221 smb_fname_src->base_name,
6222 smb_fname_dst->base_name,
6223 &fname_dst_mod)) {
6224 DEBUG(6, ("rename_internals: resolve_wildcards "
6225 "%s %s failed\n",
6226 smb_fname_src->base_name,
6227 smb_fname_dst->base_name));
6228 status = NT_STATUS_NO_MEMORY;
6229 goto out;
6230 }
6231 TALLOC_FREE(smb_fname_dst->base_name);
6232 smb_fname_dst->base_name = fname_dst_mod;
6233 }
6234
6235 ZERO_STRUCT(smb_fname_src->st);
6236 if (posix_pathnames) {
6237 SMB_VFS_LSTAT(conn, smb_fname_src);
6238 } else {
6239 SMB_VFS_STAT(conn, smb_fname_src);
6240 }
6241
6242 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6243 create_options |= FILE_DIRECTORY_FILE;
6244 }
6245
6246 status = SMB_VFS_CREATE_FILE(
6247 conn, /* conn */
6248 req, /* req */
6249 0, /* root_dir_fid */
6250 smb_fname_src, /* fname */
6251 access_mask, /* access_mask */
6252 (FILE_SHARE_READ | /* share_access */
6253 FILE_SHARE_WRITE),
6254 FILE_OPEN, /* create_disposition*/
6255 create_options, /* create_options */
6256 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6257 0, /* oplock_request */
6258 0, /* allocation_size */
6259 NULL, /* sd */
6260 NULL, /* ea_list */
6261 &fsp, /* result */
6262 NULL); /* pinfo */
6263
6264 if (!NT_STATUS_IS_OK(status)) {
6265 DEBUG(3, ("Could not open rename source %s: %s\n",
6266 smb_fname_str_dbg(smb_fname_src),
6267 nt_errstr(status)));
6268 goto out;
6269 }
6270
6271 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6272 attrs, replace_if_exists);
6273
6274 close_file(req, fsp, NORMAL_CLOSE);
6275
6276 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6277 nt_errstr(status), smb_fname_str_dbg(smb_fname_src),
6278 smb_fname_str_dbg(smb_fname_dst)));
6279
6280 goto out;
6281 }
6282
6283 /*
6284 * Wildcards - process each file that matches.
6285 */
6286 if (strequal(fname_src_mask, "????????.???")) {
6287 TALLOC_FREE(fname_src_mask);
6288 fname_src_mask = talloc_strdup(ctx, "*");
6289 if (!fname_src_mask) {
6290 status = NT_STATUS_NO_MEMORY;
6291 goto out;
6292 }
6293 }
6294
6295 status = check_name(conn, fname_src_dir);
6296 if (!NT_STATUS_IS_OK(status)) {
6297 goto out;
6298 }
6299
6300 dir_hnd = OpenDir(talloc_tos(), conn, fname_src_dir, fname_src_mask,
6301 attrs);
6302 if (dir_hnd == NULL) {
6303 status = map_nt_error_from_unix(errno);
6304 goto out;
6305 }
6306
6307 status = NT_STATUS_NO_SUCH_FILE;
6308 /*
6309 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6310 * - gentest fix. JRA
6311 */
6312
6313 while ((dname = ReadDirName(dir_hnd, &offset, &smb_fname_src->st))) {
6314 files_struct *fsp = NULL;
6315 char *destname = NULL;
6316 bool sysdir_entry = False;
6317
6318 /* Quick check for "." and ".." */
6319 if (ISDOT(dname) || ISDOTDOT(dname)) {
6320 if (attrs & aDIR) {
6321 sysdir_entry = True;
6322 } else {
6323 continue;
6324 }
6325 }
6326
6327 if (!is_visible_file(conn, fname_src_dir, dname,
6328 &smb_fname_src->st, false)) {
6329 continue;
6330 }
6331
6332 if(!mask_match(dname, fname_src_mask, conn->case_sensitive)) {
6333 continue;
6334 }
6335
6336 if (sysdir_entry) {
6337 status = NT_STATUS_OBJECT_NAME_INVALID;
6338 break;
6339 }
6340
6341 TALLOC_FREE(smb_fname_src->base_name);
6342 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6343 "%s/%s",
6344 fname_src_dir,
6345 dname);
6346 if (!smb_fname_src->base_name) {
6347 status = NT_STATUS_NO_MEMORY;
6348 goto out;
6349 }
6350
6351 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6352 smb_fname_dst->base_name,
6353 &destname)) {
6354 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6355 smb_fname_src->base_name, destname));
6356 continue;
6357 }
6358 if (!destname) {
6359 status = NT_STATUS_NO_MEMORY;
6360 goto out;
6361 }
6362
6363 TALLOC_FREE(smb_fname_dst->base_name);
6364 smb_fname_dst->base_name = destname;
6365
6366 ZERO_STRUCT(smb_fname_src->st);
6367 if (posix_pathnames) {
6368 SMB_VFS_LSTAT(conn, smb_fname_src);
6369 } else {
6370 SMB_VFS_STAT(conn, smb_fname_src);
6371 }
6372
6373 create_options = 0;
6374
6375 if (S_ISDIR(smb_fname_src->st.st_ex_mode)) {
6376 create_options |= FILE_DIRECTORY_FILE;
6377 }
6378
6379 status = SMB_VFS_CREATE_FILE(
6380 conn, /* conn */
6381 req, /* req */
6382 0, /* root_dir_fid */
6383 smb_fname_src, /* fname */
6384 access_mask, /* access_mask */
6385 (FILE_SHARE_READ | /* share_access */
6386 FILE_SHARE_WRITE),
6387 FILE_OPEN, /* create_disposition*/
6388 create_options, /* create_options */
6389 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6390 0, /* oplock_request */
6391 0, /* allocation_size */
6392 NULL, /* sd */
6393 NULL, /* ea_list */
6394 &fsp, /* result */
6395 NULL); /* pinfo */
6396
6397 if (!NT_STATUS_IS_OK(status)) {
6398 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6399 "returned %s rename %s -> %s\n",
6400 nt_errstr(status),
6401 smb_fname_str_dbg(smb_fname_src),
6402 smb_fname_str_dbg(smb_fname_dst)));
6403 break;
6404 }
6405
6406 smb_fname_dst->original_lcomp = talloc_strdup(smb_fname_dst,
6407 dname);
6408 if (!smb_fname_dst->original_lcomp) {
6409 status = NT_STATUS_NO_MEMORY;
6410 goto out;
6411 }
6412
6413 status = rename_internals_fsp(conn, fsp, smb_fname_dst,
6414 attrs, replace_if_exists);
6415
6416 close_file(req, fsp, NORMAL_CLOSE);
6417
6418 if (!NT_STATUS_IS_OK(status)) {
6419 DEBUG(3, ("rename_internals_fsp returned %s for "
6420 "rename %s -> %s\n", nt_errstr(status),
6421 smb_fname_str_dbg(smb_fname_src),
6422 smb_fname_str_dbg(smb_fname_dst)));
6423 break;
6424 }
6425
6426 count++;
6427
6428 DEBUG(3,("rename_internals: doing rename on %s -> "
6429 "%s\n", smb_fname_str_dbg(smb_fname_src),
6430 smb_fname_str_dbg(smb_fname_src)));
6431
6432 }
6433 TALLOC_FREE(dir_hnd);
6434
6435 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6436 status = map_nt_error_from_unix(errno);
6437 }
6438
6439 out:
6440 TALLOC_FREE(fname_src_dir);
6441 TALLOC_FREE(fname_src_mask);
6442 return status;
6443 }
6444
6445 /****************************************************************************
6446 Reply to a mv.
6447 ****************************************************************************/
6448
6449 void reply_mv(struct smb_request *req)
6450 {
6451 connection_struct *conn = req->conn;
6452 char *name = NULL;
6453 char *newname = NULL;
6454 const char *p;
6455 uint32 attrs;
6456 NTSTATUS status;
6457 bool src_has_wcard = False;
6458 bool dest_has_wcard = False;
6459 TALLOC_CTX *ctx = talloc_tos();
6460 struct smb_filename *smb_fname_src = NULL;
6461 struct smb_filename *smb_fname_dst = NULL;
6462
6463 START_PROFILE(SMBmv);
6464
6465 if (req->wct < 1) {
6466 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6467 goto out;
6468 }
6469
6470 attrs = SVAL(req->vwv+0, 0);
6471
6472 p = (const char *)req->buf + 1;
6473 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6474 &status, &src_has_wcard);
6475 if (!NT_STATUS_IS_OK(status)) {
6476 reply_nterror(req, status);
6477 goto out;
6478 }
6479 p++;
6480 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6481 &status, &dest_has_wcard);
6482 if (!NT_STATUS_IS_OK(status)) {
6483 reply_nterror(req, status);
6484 goto out;
6485 }
6486
6487 status = filename_convert(ctx,
6488 conn,
6489 req->flags2 & FLAGS2_DFS_PATHNAMES,
6490 name,
6491 UCF_COND_ALLOW_WCARD_LCOMP,
6492 &src_has_wcard,
6493 &smb_fname_src);
6494
6495 if (!NT_STATUS_IS_OK(status)) {
6496 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6497 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6498 ERRSRV, ERRbadpath);
6499 goto out;
6500 }
6501 reply_nterror(req, status);
6502 goto out;
6503 }
6504
6505 status = filename_convert(ctx,
6506 conn,
6507 req->flags2 & FLAGS2_DFS_PATHNAMES,
6508 newname,
6509 UCF_COND_ALLOW_WCARD_LCOMP | UCF_SAVE_LCOMP,
6510 &dest_has_wcard,
6511 &smb_fname_dst);
6512
6513 if (!NT_STATUS_IS_OK(status)) {
6514 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6515 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6516 ERRSRV, ERRbadpath);
6517 goto out;
6518 }
6519 reply_nterror(req, status);
6520 goto out;
6521 }
6522
6523 DEBUG(3,("reply_mv : %s -> %s\n", smb_fname_str_dbg(smb_fname_src),
6524 smb_fname_str_dbg(smb_fname_dst)));
6525
6526 status = rename_internals(ctx, conn, req, smb_fname_src, smb_fname_dst,
6527 attrs, False, src_has_wcard, dest_has_wcard,
6528 DELETE_ACCESS);
6529 if (!NT_STATUS_IS_OK(status)) {
6530 if (open_was_deferred(req->mid)) {
6531 /* We have re-scheduled this call. */
6532 goto out;
6533 }
6534 reply_nterror(req, status);
6535 goto out;
6536 }
6537
6538 reply_outbuf(req, 0, 0);
6539 out:
6540 TALLOC_FREE(smb_fname_src);
6541 TALLOC_FREE(smb_fname_dst);
6542 END_PROFILE(SMBmv);
6543 return;
6544 }
6545
6546 /*******************************************************************
6547 Copy a file as part of a reply_copy.
6548 ******************************************************************/
6549
6550 /*
6551 * TODO: check error codes on all callers
6552 */
6553
6554 NTSTATUS copy_file(TALLOC_CTX *ctx,
6555 connection_struct *conn,
6556 struct smb_filename *smb_fname_src,
6557 struct smb_filename *smb_fname_dst,
6558 int ofun,
6559 int count,
6560 bool target_is_directory)
6561 {
6562 struct smb_filename *smb_fname_dst_tmp = NULL;
6563 SMB_OFF_T ret=-1;
6564 files_struct *fsp1,*fsp2;
6565 uint32 dosattrs;
6566 uint32 new_create_disposition;
6567 NTSTATUS status;
6568
6569
6570 status = copy_smb_filename(ctx, smb_fname_dst, &smb_fname_dst_tmp);
6571 if (!NT_STATUS_IS_OK(status)) {
6572 return status;
6573 }
6574
6575 /*
6576 * If the target is a directory, extract the last component from the
6577 * src filename and append it to the dst filename
6578 */
6579 if (target_is_directory) {
6580 const char *p;
6581
6582 /* dest/target can't be a stream if it's a directory. */
6583 SMB_ASSERT(smb_fname_dst->stream_name == NULL);
6584
6585 p = strrchr_m(smb_fname_src->base_name,'/');
6586 if (p) {
6587 p++;
6588 } else {
6589 p = smb_fname_src->base_name;
6590 }
6591 smb_fname_dst_tmp->base_name =
6592 talloc_asprintf_append(smb_fname_dst_tmp->base_name, "/%s",
6593 p);
6594 if (!smb_fname_dst_tmp->base_name) {
6595 status = NT_STATUS_NO_MEMORY;
6596 goto out;
6597 }
6598 }
6599
6600 status = vfs_file_exist(conn, smb_fname_src);
6601 if (!NT_STATUS_IS_OK(status)) {
6602 goto out;
6603 }
6604
6605 if (!target_is_directory && count) {
6606 new_create_disposition = FILE_OPEN;
6607 } else {
6608 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp, 0, ofun,
6609 NULL, NULL,
6610 &new_create_disposition,
6611 NULL)) {
6612 status = NT_STATUS_INVALID_PARAMETER;
6613 goto out;
6614 }
6615 }
6616
6617 /* Open the src file for reading. */
6618 status = SMB_VFS_CREATE_FILE(
6619 conn, /* conn */
6620 NULL, /* req */
6621 0, /* root_dir_fid */
6622 smb_fname_src, /* fname */
6623 FILE_GENERIC_READ, /* access_mask */
6624 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6625 FILE_OPEN, /* create_disposition*/
6626 0, /* create_options */
6627 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6628 INTERNAL_OPEN_ONLY, /* oplock_request */
6629 0, /* allocation_size */
6630 NULL, /* sd */
6631 NULL, /* ea_list */
6632 &fsp1, /* result */
6633 NULL); /* psbuf */
6634
6635 if (!NT_STATUS_IS_OK(status)) {
6636 goto out;
6637 }
6638
6639 dosattrs = dos_mode(conn, smb_fname_src);
6640
6641 if (SMB_VFS_STAT(conn, smb_fname_dst_tmp) == -1) {
6642 ZERO_STRUCTP(&smb_fname_dst_tmp->st);
6643 }
6644
6645 /* Open the dst file for writing. */
6646 status = SMB_VFS_CREATE_FILE(
6647 conn, /* conn */
6648 NULL, /* req */
6649 0, /* root_dir_fid */
6650 smb_fname_dst, /* fname */
6651 FILE_GENERIC_WRITE, /* access_mask */
6652 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6653 new_create_disposition, /* create_disposition*/
6654 0, /* create_options */
6655 dosattrs, /* file_attributes */
6656 INTERNAL_OPEN_ONLY, /* oplock_request */
6657 0, /* allocation_size */
6658 NULL, /* sd */
6659 NULL, /* ea_list */
6660 &fsp2, /* result */
6661 NULL); /* psbuf */
6662
6663 if (!NT_STATUS_IS_OK(status)) {
6664 close_file(NULL, fsp1, ERROR_CLOSE);
6665 goto out;
6666 }
6667
6668 if ((ofun&3) == 1) {
6669 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6670 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6671 /*
6672 * Stop the copy from occurring.
6673 */
6674 ret = -1;
6675 smb_fname_src->st.st_ex_size = 0;
6676 }
6677 }
6678
6679 /* Do the actual copy. */
6680 if (smb_fname_src->st.st_ex_size) {
6681 ret = vfs_transfer_file(fsp1, fsp2, smb_fname_src->st.st_ex_size);
6682 }
6683
6684 close_file(NULL, fsp1, NORMAL_CLOSE);
6685
6686 /* Ensure the modtime is set correctly on the destination file. */
6687 set_close_write_time(fsp2, smb_fname_src->st.st_ex_mtime);
6688
6689 /*
6690 * As we are opening fsp1 read-only we only expect
6691 * an error on close on fsp2 if we are out of space.
6692 * Thus we don't look at the error return from the
6693 * close of fsp1.
6694 */
6695 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6696
6697 if (!NT_STATUS_IS_OK(status)) {
6698 goto out;
6699 }
6700
6701 if (ret != (SMB_OFF_T)smb_fname_src->st.st_ex_size) {
6702 status = NT_STATUS_DISK_FULL;
6703 goto out;
6704 }
6705
6706 status = NT_STATUS_OK;
6707
6708 out:
6709 TALLOC_FREE(smb_fname_dst_tmp);
6710 return status;
6711 }
6712
6713 /****************************************************************************
6714 Reply to a file copy.
6715 ****************************************************************************/
6716
6717 void reply_copy(struct smb_request *req)
6718 {
6719 connection_struct *conn = req->conn;
6720 struct smb_filename *smb_fname_src = NULL;
6721 struct smb_filename *smb_fname_dst = NULL;
6722 char *fname_src = NULL;
6723 char *fname_dst = NULL;
6724 char *fname_src_mask = NULL;
6725 char *fname_src_dir = NULL;
6726 const char *p;
6727 int count=0;
6728 int error = ERRnoaccess;
6729 int tid2;
6730 int ofun;
6731 int flags;
6732 bool target_is_directory=False;
6733 bool source_has_wild = False;
6734 bool dest_has_wild = False;
6735 NTSTATUS status;
6736 TALLOC_CTX *ctx = talloc_tos();
6737
6738 START_PROFILE(SMBcopy);
6739
6740 if (req->wct < 3) {
6741 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6742 goto out;
6743 }
6744
6745 tid2 = SVAL(req->vwv+0, 0);
6746 ofun = SVAL(req->vwv+1, 0);
6747 flags = SVAL(req->vwv+2, 0);
6748
6749 p = (const char *)req->buf;
6750 p += srvstr_get_path_req_wcard(ctx, req, &fname_src, p, STR_TERMINATE,
6751 &status, &source_has_wild);
6752 if (!NT_STATUS_IS_OK(status)) {
6753 reply_nterror(req, status);
6754 goto out;
6755 }
6756 p += srvstr_get_path_req_wcard(ctx, req, &fname_dst, p, STR_TERMINATE,
6757 &status, &dest_has_wild);
6758 if (!NT_STATUS_IS_OK(status)) {
6759 reply_nterror(req, status);
6760 goto out;
6761 }
6762
6763 DEBUG(3,("reply_copy : %s -> %s\n", fname_src, fname_dst));
6764
6765 if (tid2 != conn->cnum) {
6766 /* can't currently handle inter share copies XXXX */
6767 DEBUG(3,("Rejecting inter-share copy\n"));
6768 reply_doserror(req, ERRSRV, ERRinvdevice);
6769 goto out;
6770 }
6771
6772 status = filename_convert(ctx, conn,
6773 req->flags2 & FLAGS2_DFS_PATHNAMES,
6774 fname_src,
6775 UCF_COND_ALLOW_WCARD_LCOMP,
6776 &source_has_wild,
6777 &smb_fname_src);
6778 if (!NT_STATUS_IS_OK(status)) {
6779 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6780 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6781 ERRSRV, ERRbadpath);
6782 goto out;
6783 }
6784 reply_nterror(req, status);
6785 goto out;
6786 }
6787
6788 status = filename_convert(ctx, conn,
6789 req->flags2 & FLAGS2_DFS_PATHNAMES,
6790 fname_dst,
6791 UCF_COND_ALLOW_WCARD_LCOMP,
6792 &dest_has_wild,
6793 &smb_fname_dst);
6794 if (!NT_STATUS_IS_OK(status)) {
6795 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6796 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6797 ERRSRV, ERRbadpath);
6798 goto out;
6799 }
6800 reply_nterror(req, status);
6801 goto out;
6802 }
6803
6804 target_is_directory = VALID_STAT_OF_DIR(smb_fname_dst->st);
6805
6806 if ((flags&1) && target_is_directory) {
6807 reply_doserror(req, ERRDOS, ERRbadfile);
6808 goto out;
6809 }
6810
6811 if ((flags&2) && !target_is_directory) {
6812 reply_doserror(req, ERRDOS, ERRbadpath);
6813 goto out;
6814 }
6815
6816 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(smb_fname_src->st)) {
6817 /* wants a tree copy! XXXX */
6818 DEBUG(3,("Rejecting tree copy\n"));
6819 reply_doserror(req, ERRSRV, ERRerror);
6820 goto out;
6821 }
6822
6823 /* Split up the directory from the filename/mask. */
6824 status = split_fname_dir_mask(ctx, smb_fname_src->base_name,
6825 &fname_src_dir, &fname_src_mask);
6826 if (!NT_STATUS_IS_OK(status)) {
6827 reply_nterror(req, NT_STATUS_NO_MEMORY);
6828 goto out;
6829 }
6830
6831 /*
6832 * We should only check the mangled cache
6833 * here if unix_convert failed. This means
6834 * that the path in 'mask' doesn't exist
6835 * on the file system and so we need to look
6836 * for a possible mangle. This patch from
6837 * Tine Smukavec <valentin.smukavec@hermes.si>.
6838 */
6839 if (!VALID_STAT(smb_fname_src->st) &&
6840 mangle_is_mangled(fname_src_mask, conn->params)) {
6841 char *new_mask = NULL;
6842 mangle_lookup_name_from_8_3(ctx, fname_src_mask,
6843 &new_mask, conn->params);
6844
6845 /* Use demangled name if one was successfully found. */
6846 if (new_mask) {
6847 TALLOC_FREE(fname_src_mask);
6848 fname_src_mask = new_mask;
6849 }
6850 }
6851
6852 if (!source_has_wild) {
6853
6854 /*
6855 * Only one file needs to be copied. Append the mask back onto
6856 * the directory.
6857 */
6858 TALLOC_FREE(smb_fname_src->base_name);
6859 smb_fname_src->base_name = talloc_asprintf(smb_fname_src,
6860 "%s/%s",
6861 fname_src_dir,
6862 fname_src_mask);
6863 if (!smb_fname_src->base_name) {
6864 reply_nterror(req, NT_STATUS_NO_MEMORY);
6865 goto out;
6866 }
6867
6868 if (dest_has_wild) {
6869 char *fname_dst_mod = NULL;
6870 if (!resolve_wildcards(smb_fname_dst,
6871 smb_fname_src->base_name,
6872 smb_fname_dst->base_name,
6873 &fname_dst_mod)) {
6874 reply_nterror(req, NT_STATUS_NO_MEMORY);
6875 goto out;
6876 }
6877 TALLOC_FREE(smb_fname_dst->base_name);
6878 smb_fname_dst->base_name = fname_dst_mod;
6879 }
6880
6881 status = check_name(conn, smb_fname_src->base_name);
6882 if (!NT_STATUS_IS_OK(status)) {
6883 reply_nterror(req, status);
6884 goto out;
6885 }
6886
6887 status = check_name(conn, smb_fname_dst->base_name);
6888 if (!NT_STATUS_IS_OK(status)) {
6889 reply_nterror(req, status);
6890 goto out;
6891 }
6892
6893 status = copy_file(ctx, conn, smb_fname_src, smb_fname_dst,
6894 ofun, count, target_is_directory);
6895
6896 if(!NT_STATUS_IS_OK(status)) {
6897 reply_nterror(req, status);
6898 goto out;
6899 } else {
6900 count++;
6901 }
6902 } else {
6903 struct smb_Dir *dir_hnd = NULL;
6904 const char *dname = NULL;
6905 long offset = 0;
6906
6907 /*
6908 * There is a wildcard that requires us to actually read the
6909 * src dir and copy each file matching the mask to the dst.
6910 * Right now streams won't be copied, but this could
6911 * presumably be added with a nested loop for reach dir entry.
6912 */
6913 SMB_ASSERT(!smb_fname_src->stream_name);
6914 SMB_ASSERT(!smb_fname_dst->stream_name);
6915
6916 smb_fname_src->stream_name = NULL;
6917 smb_fname_dst->stream_name = NULL;
6918
6919 if (strequal(fname_src_mask,"????????.???")) {
6920 TALLOC_FREE(fname_src_mask);
6921 fname_src_mask = talloc_strdup(ctx, "*");
6922 if (!fname_src_mask) {
6923 reply_nterror(req, NT_STATUS_NO_MEMORY);
6924 goto out;
6925 }
6926 }
6927
6928 status = check_name(conn, fname_src_dir);
6929 if (!NT_STATUS_IS_OK(status)) {
6930 reply_nterror(req, status);
6931 goto out;
6932 }
6933
6934 dir_hnd = OpenDir(ctx, conn, fname_src_dir, fname_src_mask, 0);
6935 if (dir_hnd == NULL) {
6936 status = map_nt_error_from_unix(errno);
6937 reply_nterror(req, status);
6938 goto out;
6939 }
6940
6941 error = ERRbadfile;
6942
6943 /* Iterate over the src dir copying each entry to the dst. */
6944 while ((dname = ReadDirName(dir_hnd, &offset,
6945 &smb_fname_src->st))) {
6946 char *destname = NULL;
6947
6948 if (ISDOT(dname) || ISDOTDOT(dname)) {
6949 continue;
6950 }
6951
6952 if (!is_visible_file(conn, fname_src_dir, dname,
6953 &smb_fname_src->st, false)) {
6954 continue;
6955 }
6956
6957 if(!mask_match(dname, fname_src_mask,
6958 conn->case_sensitive)) {
6959 continue;
6960 }
6961
6962 error = ERRnoaccess;
6963
6964 /* Get the src smb_fname struct setup. */
6965 TALLOC_FREE(smb_fname_src->base_name);
6966 smb_fname_src->base_name =
6967 talloc_asprintf(smb_fname_src, "%s/%s",
6968 fname_src_dir, dname);
6969
6970 if (!smb_fname_src->base_name) {
6971 TALLOC_FREE(dir_hnd);
6972 reply_nterror(req, NT_STATUS_NO_MEMORY);
6973 goto out;
6974 }
6975
6976 if (!resolve_wildcards(ctx, smb_fname_src->base_name,
6977 smb_fname_dst->base_name,
6978 &destname)) {
6979 continue;
6980 }
6981 if (!destname) {
6982 TALLOC_FREE(dir_hnd);
6983 reply_nterror(req, NT_STATUS_NO_MEMORY);
6984 goto out;
6985 }
6986
6987 TALLOC_FREE(smb_fname_dst->base_name);
6988 smb_fname_dst->base_name = destname;
6989
6990 status = check_name(conn, smb_fname_src->base_name);
6991 if (!NT_STATUS_IS_OK(status)) {
6992 TALLOC_FREE(dir_hnd);
6993 reply_nterror(req, status);
6994 goto out;
6995 }
6996
6997 status = check_name(conn, smb_fname_dst->base_name);
6998 if (!NT_STATUS_IS_OK(status)) {
6999 TALLOC_FREE(dir_hnd);
7000 reply_nterror(req, status);
7001 goto out;
7002 }
7003
7004 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",
7005 smb_fname_src->base_name,
7006 smb_fname_dst->base_name));
7007
7008 status = copy_file(ctx, conn, smb_fname_src,
7009 smb_fname_dst, ofun, count,
7010 target_is_directory);
7011 if (NT_STATUS_IS_OK(status)) {
7012 count++;
7013 }
7014 }
7015 TALLOC_FREE(dir_hnd);
7016 }
7017
7018 if (count == 0) {
7019 reply_doserror(req, ERRDOS, error);
7020 goto out;
7021 }
7022
7023 reply_outbuf(req, 1, 0);
7024 SSVAL(req->outbuf,smb_vwv0,count);
7025 out:
7026 TALLOC_FREE(smb_fname_src);
7027 TALLOC_FREE(smb_fname_dst);
7028 TALLOC_FREE(fname_src);
7029 TALLOC_FREE(fname_dst);
7030 TALLOC_FREE(fname_src_mask);
7031 TALLOC_FREE(fname_src_dir);
7032
7033 END_PROFILE(SMBcopy);
7034 return;
7035 }
7036
7037 #undef DBGC_CLASS
7038 #define DBGC_CLASS DBGC_LOCKING
7039
7040 /****************************************************************************
7041 Get a lock pid, dealing with large count requests.
7042 ****************************************************************************/
7043
7044 uint32 get_lock_pid(const uint8_t *data, int data_offset,
7045 bool large_file_format)
7046 {
7047 if(!large_file_format)
7048 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
7049 else
7050 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
7051 }
7052
7053 /****************************************************************************
7054 Get a lock count, dealing with large count requests.
7055 ****************************************************************************/
7056
7057 uint64_t get_lock_count(const uint8_t *data, int data_offset,
7058 bool large_file_format)
7059 {
7060 uint64_t count = 0;
7061
7062 if(!large_file_format) {
7063 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
7064 } else {
7065
7066 #if defined(HAVE_LONGLONG)
7067 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
7068 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
7069 #else /* HAVE_LONGLONG */
7070
7071 /*
7072 * NT4.x seems to be broken in that it sends large file (64 bit)
7073 * lockingX calls even if the CAP_LARGE_FILES was *not*
7074 * negotiated. For boxes without large unsigned ints truncate the
7075 * lock count by dropping the top 32 bits.
7076 */
7077
7078 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
7079 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
7080 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
7081 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
7082 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
7083 }
7084
7085 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
7086 #endif /* HAVE_LONGLONG */
7087 }
7088
7089 return count;
7090 }
7091
7092 #if !defined(HAVE_LONGLONG)
7093 /****************************************************************************
7094 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
7095 ****************************************************************************/
7096
7097 static uint32 map_lock_offset(uint32 high, uint32 low)
7098 {
7099 unsigned int i;
7100 uint32 mask = 0;
7101 uint32 highcopy = high;
7102
7103 /*
7104 * Try and find out how many significant bits there are in high.
7105 */
7106
7107 for(i = 0; highcopy; i++)
7108 highcopy >>= 1;
7109
7110 /*
7111 * We use 31 bits not 32 here as POSIX
7112 * lock offsets may not be negative.
7113 */
7114
7115 mask = (~0) << (31 - i);
7116
7117 if(low & mask)
7118 return 0; /* Fail. */
7119
7120 high <<= (31 - i);
7121
7122 return (high|low);
7123 }
7124 #endif /* !defined(HAVE_LONGLONG) */
7125
7126 /****************************************************************************
7127 Get a lock offset, dealing with large offset requests.
7128 ****************************************************************************/
7129
7130 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
7131 bool large_file_format, bool *err)
7132 {
7133 uint64_t offset = 0;
7134
7135 *err = False;
7136
7137 if(!large_file_format) {
7138 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
7139 } else {
7140
7141 #if defined(HAVE_LONGLONG)
7142 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
7143 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
7144 #else /* HAVE_LONGLONG */
7145
7146 /*
7147 * NT4.x seems to be broken in that it sends large file (64 bit)
7148 * lockingX calls even if the CAP_LARGE_FILES was *not*
7149 * negotiated. For boxes without large unsigned ints mangle the
7150 * lock offset by mapping the top 32 bits onto the lower 32.
7151 */
7152
7153 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
7154 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7155 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
7156 uint32 new_low = 0;
7157
7158 if((new_low = map_lock_offset(high, low)) == 0) {
7159 *err = True;
7160 return (uint64_t)-1;
7161 }
7162
7163 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
7164 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
7165 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
7166 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
7167 }
7168
7169 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
7170 #endif /* HAVE_LONGLONG */
7171 }
7172
7173 return offset;
7174 }
7175
7176 NTSTATUS smbd_do_locking(struct smb_request *req,
7177 files_struct *fsp,
7178 uint8_t type,
7179 int32_t timeout,
7180 uint16_t num_ulocks,
7181 struct smbd_lock_element *ulocks,
7182 uint16_t num_locks,
7183 struct smbd_lock_element *locks,
7184 bool *async)
7185 {
7186 connection_struct *conn = req->conn;
7187 int i;
7188 NTSTATUS status = NT_STATUS_OK;
7189
7190 *async = false;
7191
7192 /* Data now points at the beginning of the list
7193 of smb_unlkrng structs */
7194 for(i = 0; i < (int)num_ulocks; i++) {
7195 struct smbd_lock_element *e = &ulocks[i];
7196
7197 DEBUG(10,("smbd_do_locking: unlock start=%.0f, len=%.0f for "
7198 "pid %u, file %s\n",
7199 (double)e->offset,
7200 (double)e->count,
7201 (unsigned int)e->smbpid,
7202 fsp_str_dbg(fsp)));
7203
7204 if (e->brltype != UNLOCK_LOCK) {
7205 /* this can only happen with SMB2 */
7206 return NT_STATUS_INVALID_PARAMETER;
7207 }
7208
7209 status = do_unlock(smbd_messaging_context(),
7210 fsp,
7211 e->smbpid,
7212 e->count,
7213 e->offset,
7214 WINDOWS_LOCK);
7215
7216 DEBUG(10, ("smbd_do_locking: unlock returned %s\n",
7217 nt_errstr(status)));
7218
7219 if (!NT_STATUS_IS_OK(status)) {
7220 return status;
7221 }
7222 }
7223
7224 /* Setup the timeout in seconds. */
7225
7226 if (!lp_blocking_locks(SNUM(conn))) {
7227 timeout = 0;
7228 }
7229
7230 /* Data now points at the beginning of the list
7231 of smb_lkrng structs */
7232
7233 for(i = 0; i < (int)num_locks; i++) {
7234 struct smbd_lock_element *e = &locks[i];
7235
7236 DEBUG(10,("smbd_do_locking: lock start=%.0f, len=%.0f for pid "
7237 "%u, file %s timeout = %d\n",
7238 (double)e->offset,
7239 (double)e->count,
7240 (unsigned int)e->smbpid,
7241 fsp_str_dbg(fsp),
7242 (int)timeout));
7243
7244 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7245 struct blocking_lock_record *blr = NULL;
7246
7247 if (lp_blocking_locks(SNUM(conn))) {
7248
7249 /* Schedule a message to ourselves to
7250 remove the blocking lock record and
7251 return the right error. */
7252
7253 blr = blocking_lock_cancel(fsp,
7254 e->smbpid,
7255 e->offset,
7256 e->count,
7257 WINDOWS_LOCK,
7258 type,
7259 NT_STATUS_FILE_LOCK_CONFLICT);
7260 if (blr == NULL) {
7261 return NT_STATUS_DOS(
7262 ERRDOS,
7263 ERRcancelviolation);
7264 }
7265 }
7266 /* Remove a matching pending lock. */
7267 status = do_lock_cancel(fsp,
7268 e->smbpid,
7269 e->count,
7270 e->offset,
7271 WINDOWS_LOCK,
7272 blr);
7273 } else {
7274 bool blocking_lock = timeout ? true : false;
7275 bool defer_lock = false;
7276 struct byte_range_lock *br_lck;
7277 uint32_t block_smbpid;
7278
7279 br_lck = do_lock(smbd_messaging_context(),
7280 fsp,
7281 e->smbpid,
7282 e->count,
7283 e->offset,
7284 e->brltype,
7285 WINDOWS_LOCK,
7286 blocking_lock,
7287 &status,
7288 &block_smbpid,
7289 NULL);
7290
7291 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7292 /* Windows internal resolution for blocking locks seems
7293 to be about 200ms... Don't wait for less than that. JRA. */
7294 if (timeout != -1 && timeout < lp_lock_spin_time()) {
7295 timeout = lp_lock_spin_time();
7296 }
7297 defer_lock = true;
7298 }
7299
7300 /* This heuristic seems to match W2K3 very well. If a
7301 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
7302 it pretends we asked for a timeout of between 150 - 300 milliseconds as
7303 far as I can tell. Replacement for do_lock_spin(). JRA. */
7304
7305 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
7306 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
7307 defer_lock = true;
7308 timeout = lp_lock_spin_time();
7309 }
7310
7311 if (br_lck && defer_lock) {
7312 /*
7313 * A blocking lock was requested. Package up
7314 * this smb into a queued request and push it
7315 * onto the blocking lock queue.
7316 */
7317 if(push_blocking_lock_request(br_lck,
7318 req,
7319 fsp,
7320 timeout,
7321 i,
7322 e->smbpid,
7323 e->brltype,
7324 WINDOWS_LOCK,
7325 e->offset,
7326 e->count,
7327 block_smbpid)) {
7328 TALLOC_FREE(br_lck);
7329 *async = true;
7330 return NT_STATUS_OK;
7331 }
7332 }
7333
7334 TALLOC_FREE(br_lck);
7335 }
7336
7337 if (!NT_STATUS_IS_OK(status)) {
7338 break;
7339 }
7340 }
7341
7342 /* If any of the above locks failed, then we must unlock
7343 all of the previous locks (X/Open spec). */
7344
7345 if (num_locks != 0 && !NT_STATUS_IS_OK(status)) {
7346
7347 if (type & LOCKING_ANDX_CANCEL_LOCK) {
7348 i = -1; /* we want to skip the for loop */
7349 }
7350
7351 /*
7352 * Ensure we don't do a remove on the lock that just failed,
7353 * as under POSIX rules, if we have a lock already there, we
7354 * will delete it (and we shouldn't) .....
7355 */
7356 for(i--; i >= 0; i--) {
7357 struct smbd_lock_element *e = &locks[i];
7358
7359 do_unlock(smbd_messaging_context(),
7360 fsp,
7361 e->smbpid,
7362 e->count,
7363 e->offset,
7364 WINDOWS_LOCK);
7365 }
7366 return status;
7367 }
7368
7369 DEBUG(3, ("smbd_do_locking: fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7370 fsp->fnum, (unsigned int)type, num_locks, num_ulocks));
7371
7372 return NT_STATUS_OK;
7373 }
7374
7375 /****************************************************************************
7376 Reply to a lockingX request.
7377 ****************************************************************************/
7378
7379 void reply_lockingX(struct smb_request *req)
7380 {
7381 connection_struct *conn = req->conn;
7382 files_struct *fsp;
7383 unsigned char locktype;
7384 unsigned char oplocklevel;
7385 uint16 num_ulocks;
7386 uint16 num_locks;
7387 int32 lock_timeout;
7388 int i;
7389 const uint8_t *data;
7390 bool large_file_format;
7391 bool err;
7392 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
7393 struct smbd_lock_element *ulocks;
7394 struct smbd_lock_element *locks;
7395 bool async = false;
7396
7397 START_PROFILE(SMBlockingX);
7398
7399 if (req->wct < 8) {
7400 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7401 END_PROFILE(SMBlockingX);
7402 return;
7403 }
7404
7405 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
7406 locktype = CVAL(req->vwv+3, 0);
7407 oplocklevel = CVAL(req->vwv+3, 1);
7408 num_ulocks = SVAL(req->vwv+6, 0);
7409 num_locks = SVAL(req->vwv+7, 0);
7410 lock_timeout = IVAL(req->vwv+4, 0);
7411 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
7412
7413 if (!check_fsp(conn, req, fsp)) {
7414 END_PROFILE(SMBlockingX);
7415 return;
7416 }
7417
7418 data = req->buf;
7419
7420 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
7421 /* we don't support these - and CANCEL_LOCK makes w2k
7422 and XP reboot so I don't really want to be
7423 compatible! (tridge) */
7424 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
7425 END_PROFILE(SMBlockingX);
7426 return;
7427 }
7428
7429 /* Check if this is an oplock break on a file
7430 we have granted an oplock on.
7431 */
7432 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
7433 /* Client can insist on breaking to none. */
7434 bool break_to_none = (oplocklevel == 0);
7435 bool result;
7436
7437 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
7438 "for fnum = %d\n", (unsigned int)oplocklevel,
7439 fsp->fnum ));
7440
7441 /*
7442 * Make sure we have granted an exclusive or batch oplock on
7443 * this file.
7444 */
7445
7446 if (fsp->oplock_type == 0) {
7447
7448 /* The Samba4 nbench simulator doesn't understand
7449 the difference between break to level2 and break
7450 to none from level2 - it sends oplock break
7451 replies in both cases. Don't keep logging an error
7452 message here - just ignore it. JRA. */
7453
7454 DEBUG(5,("reply_lockingX: Error : oplock break from "
7455 "client for fnum = %d (oplock=%d) and no "
7456 "oplock granted on this file (%s).\n",
7457 fsp->fnum, fsp->oplock_type,
7458 fsp_str_dbg(fsp)));
7459
7460 /* if this is a pure oplock break request then don't
7461 * send a reply */
7462 if (num_locks == 0 && num_ulocks == 0) {
7463 END_PROFILE(SMBlockingX);
7464 return;
7465 } else {
7466 END_PROFILE(SMBlockingX);
7467 reply_doserror(req, ERRDOS, ERRlock);
7468 return;
7469 }
7470 }
7471
7472 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
7473 (break_to_none)) {
7474 result = remove_oplock(fsp);
7475 } else {
7476 result = downgrade_oplock(fsp);
7477 }
7478
7479 if (!result) {
7480 DEBUG(0, ("reply_lockingX: error in removing "
7481 "oplock on file %s\n", fsp_str_dbg(fsp)));
7482 /* Hmmm. Is this panic justified? */
7483 smb_panic("internal tdb error");
7484 }
7485
7486 reply_to_oplock_break_requests(fsp);
7487
7488 /* if this is a pure oplock break request then don't send a
7489 * reply */
7490 if (num_locks == 0 && num_ulocks == 0) {
7491 /* Sanity check - ensure a pure oplock break is not a
7492 chained request. */
7493 if(CVAL(req->vwv+0, 0) != 0xff)
7494 DEBUG(0,("reply_lockingX: Error : pure oplock "
7495 "break is a chained %d request !\n",
7496 (unsigned int)CVAL(req->vwv+0, 0)));
7497 END_PROFILE(SMBlockingX);
7498 return;
7499 }
7500 }
7501
7502 if (req->buflen <
7503 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
7504 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7505 END_PROFILE(SMBlockingX);
7506 return;
7507 }
7508
7509 ulocks = talloc_array(req, struct smbd_lock_element, num_ulocks);
7510 if (ulocks == NULL) {
7511 reply_nterror(req, NT_STATUS_NO_MEMORY);
7512 END_PROFILE(SMBlockingX);
7513 return;
7514 }
7515
7516 locks = talloc_array(req, struct smbd_lock_element, num_locks);
7517 if (locks == NULL) {
7518 reply_nterror(req, NT_STATUS_NO_MEMORY);
7519 END_PROFILE(SMBlockingX);
7520 return;
7521 }
7522
7523 /* Data now points at the beginning of the list
7524 of smb_unlkrng structs */
7525 for(i = 0; i < (int)num_ulocks; i++) {
7526 ulocks[i].smbpid = get_lock_pid(data, i, large_file_format);
7527 ulocks[i].count = get_lock_count(data, i, large_file_format);
7528 ulocks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7529 ulocks[i].brltype = UNLOCK_LOCK;
7530
7531 /*
7532 * There is no error code marked "stupid client bug".... :-).
7533 */
7534 if(err) {
7535 END_PROFILE(SMBlockingX);
7536 reply_doserror(req, ERRDOS, ERRnoaccess);
7537 return;
7538 }
7539 }
7540
7541 /* Now do any requested locks */
7542 data += ((large_file_format ? 20 : 10)*num_ulocks);
7543
7544 /* Data now points at the beginning of the list
7545 of smb_lkrng structs */
7546
7547 for(i = 0; i < (int)num_locks; i++) {
7548 locks[i].smbpid = get_lock_pid(data, i, large_file_format);
7549 locks[i].count = get_lock_count(data, i, large_file_format);
7550 locks[i].offset = get_lock_offset(data, i, large_file_format, &err);
7551
7552 if (locktype & LOCKING_ANDX_SHARED_LOCK) {
7553 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7554 locks[i].brltype = PENDING_READ_LOCK;
7555 } else {
7556 locks[i].brltype = READ_LOCK;
7557 }
7558 } else {
7559 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7560 locks[i].brltype = PENDING_WRITE_LOCK;
7561 } else {
7562 locks[i].brltype = WRITE_LOCK;
7563 }
7564 }
7565
7566 /*
7567 * There is no error code marked "stupid client bug".... :-).
7568 */
7569 if(err) {
7570 END_PROFILE(SMBlockingX);
7571 reply_doserror(req, ERRDOS, ERRnoaccess);
7572 return;
7573 }
7574 }
7575
7576 status = smbd_do_locking(req, fsp,
7577 locktype, lock_timeout,
7578 num_ulocks, ulocks,
7579 num_locks, locks,
7580 &async);
7581 if (!NT_STATUS_IS_OK(status)) {
7582 END_PROFILE(SMBlockingX);
7583 reply_nterror(req, status);
7584 return;
7585 }
7586 if (async) {
7587 END_PROFILE(SMBlockingX);
7588 return;
7589 }
7590
7591 reply_outbuf(req, 2, 0);
7592
7593 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7594 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7595
7596 END_PROFILE(SMBlockingX);
7597 chain_reply(req);
7598 }
7599
7600 #undef DBGC_CLASS
7601 #define DBGC_CLASS DBGC_ALL
7602
7603 /****************************************************************************
7604 Reply to a SMBreadbmpx (read block multiplex) request.
7605 Always reply with an error, if someone has a platform really needs this,
7606 please contact vl@samba.org
7607 ****************************************************************************/
7608
7609 void reply_readbmpx(struct smb_request *req)
7610 {
7611 START_PROFILE(SMBreadBmpx);
7612 reply_doserror(req, ERRSRV, ERRuseSTD);
7613 END_PROFILE(SMBreadBmpx);
7614 return;
7615 }
7616
7617 /****************************************************************************
7618 Reply to a SMBreadbs (read block multiplex secondary) request.
7619 Always reply with an error, if someone has a platform really needs this,
7620 please contact vl@samba.org
7621 ****************************************************************************/
7622
7623 void reply_readbs(struct smb_request *req)
7624 {
7625 START_PROFILE(SMBreadBs);
7626 reply_doserror(req, ERRSRV, ERRuseSTD);
7627 END_PROFILE(SMBreadBs);
7628 return;
7629 }
7630
7631 /****************************************************************************
7632 Reply to a SMBsetattrE.
7633 ****************************************************************************/
7634
7635 void reply_setattrE(struct smb_request *req)
7636 {
7637 connection_struct *conn = req->conn;
7638 struct smb_file_time ft;
7639 files_struct *fsp;
7640 NTSTATUS status;
7641
7642 START_PROFILE(SMBsetattrE);
7643 ZERO_STRUCT(ft);
7644
7645 if (req->wct < 7) {
7646 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7647 goto out;
7648 }
7649
7650 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7651
7652 if(!fsp || (fsp->conn != conn)) {
7653 reply_doserror(req, ERRDOS, ERRbadfid);
7654 goto out;
7655 }
7656
7657 /*
7658 * Convert the DOS times into unix times.
7659 */
7660
7661 ft.atime = convert_time_t_to_timespec(
7662 srv_make_unix_date2(req->vwv+3));
7663 ft.mtime = convert_time_t_to_timespec(
7664 srv_make_unix_date2(req->vwv+5));
7665 ft.create_time = convert_time_t_to_timespec(
7666 srv_make_unix_date2(req->vwv+1));
7667
7668 reply_outbuf(req, 0, 0);
7669
7670 /*
7671 * Patch from Ray Frush <frush@engr.colostate.edu>
7672 * Sometimes times are sent as zero - ignore them.
7673 */
7674
7675 /* Ensure we have a valid stat struct for the source. */
7676 if (fsp->fh->fd != -1) {
7677 if (SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) == -1) {
7678 status = map_nt_error_from_unix(errno);
7679 reply_nterror(req, status);
7680 goto out;
7681 }
7682 } else {
7683 int ret = -1;
7684
7685 if (fsp->posix_open) {
7686 ret = SMB_VFS_LSTAT(conn, fsp->fsp_name);
7687 } else {
7688 ret = SMB_VFS_STAT(conn, fsp->fsp_name);
7689 }
7690 if (ret == -1) {
7691 status = map_nt_error_from_unix(errno);
7692 reply_nterror(req, status);
7693 goto out;
7694 }
7695 }
7696
7697 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
7698 if (!NT_STATUS_IS_OK(status)) {
7699 reply_doserror(req, ERRDOS, ERRnoaccess);
7700 goto out;
7701 }
7702
7703 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7704 " createtime=%u\n",
7705 fsp->fnum,
7706 (unsigned int)ft.atime.tv_sec,
7707 (unsigned int)ft.mtime.tv_sec,
7708 (unsigned int)ft.create_time.tv_sec
7709 ));
7710 out:
7711 END_PROFILE(SMBsetattrE);
7712 return;
7713 }
7714
7715
7716 /* Back from the dead for OS/2..... JRA. */
7717
7718 /****************************************************************************
7719 Reply to a SMBwritebmpx (write block multiplex primary) request.
7720 Always reply with an error, if someone has a platform really needs this,
7721 please contact vl@samba.org
7722 ****************************************************************************/
7723
7724 void reply_writebmpx(struct smb_request *req)
7725 {
7726 START_PROFILE(SMBwriteBmpx);
7727 reply_doserror(req, ERRSRV, ERRuseSTD);
7728 END_PROFILE(SMBwriteBmpx);
7729 return;
7730 }
7731
7732 /****************************************************************************
7733 Reply to a SMBwritebs (write block multiplex secondary) request.
7734 Always reply with an error, if someone has a platform really needs this,
7735 please contact vl@samba.org
7736 ****************************************************************************/
7737
7738 void reply_writebs(struct smb_request *req)
7739 {
7740 START_PROFILE(SMBwriteBs);
7741 reply_doserror(req, ERRSRV, ERRuseSTD);
7742 END_PROFILE(SMBwriteBs);
7743 return;
7744 }
7745
7746 /****************************************************************************
7747 Reply to a SMBgetattrE.
7748 ****************************************************************************/
7749
7750 void reply_getattrE(struct smb_request *req)
7751 {
7752 connection_struct *conn = req->conn;
7753 SMB_STRUCT_STAT sbuf;
7754 int mode;
7755 files_struct *fsp;
7756 struct timespec create_ts;
7757
7758 START_PROFILE(SMBgetattrE);
7759
7760 if (req->wct < 1) {
7761 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7762 END_PROFILE(SMBgetattrE);
7763 return;
7764 }
7765
7766 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7767
7768 if(!fsp || (fsp->conn != conn)) {
7769 reply_doserror(req, ERRDOS, ERRbadfid);
7770 END_PROFILE(SMBgetattrE);
7771 return;
7772 }
7773
7774 /* Do an fstat on this file */
7775 if(fsp_stat(fsp, &sbuf)) {
7776 reply_nterror(req, map_nt_error_from_unix(errno));
7777 END_PROFILE(SMBgetattrE);
7778 return;
7779 }
7780
7781 fsp->fsp_name->st = sbuf;
7782
7783 mode = dos_mode(conn, fsp->fsp_name);
7784
7785 /*
7786 * Convert the times into dos times. Set create
7787 * date to be last modify date as UNIX doesn't save
7788 * this.
7789 */
7790
7791 reply_outbuf(req, 11, 0);
7792
7793 create_ts = sbuf.st_ex_btime;
7794 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7795 srv_put_dos_date2((char *)req->outbuf, smb_vwv2,
7796 convert_timespec_to_time_t(sbuf.st_ex_atime));
7797 /* Should we check pending modtime here ? JRA */
7798 srv_put_dos_date2((char *)req->outbuf, smb_vwv4,
7799 convert_timespec_to_time_t(sbuf.st_ex_mtime));
7800
7801 if (mode & aDIR) {
7802 SIVAL(req->outbuf, smb_vwv6, 0);
7803 SIVAL(req->outbuf, smb_vwv8, 0);
7804 } else {
7805 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &sbuf);
7806 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_ex_size);
7807 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7808 }
7809 SSVAL(req->outbuf,smb_vwv10, mode);
7810
7811 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7812
7813 END_PROFILE(SMBgetattrE);
7814 return;
7815 }
Crístian's Samba branch