search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Rename - no functional change. Stop all variables being called "req".
[Samba/ekacnet.git] / source3 / smbd / smb2_create.c
blob1af4a96093eb4901120704720982f40b6f9238df
1 /*
2 Unix SMB/CIFS implementation.
3 Core SMB2 server
4
5 Copyright (C) Stefan Metzmacher 2009
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "smbd/globals.h"
23 #include "../libcli/smb/smb_common.h"
24
25 static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
26 struct tevent_context *ev,
27 struct smbd_smb2_request *smb2req,
28 uint8_t in_oplock_level,
29 uint32_t in_impersonation_level,
30 uint32_t in_desired_access,
31 uint32_t in_file_attributes,
32 uint32_t in_share_access,
33 uint32_t in_create_disposition,
34 uint32_t in_create_options,
35 const char *in_name,
36 struct smb2_create_blobs in_context_blobs);
37 static NTSTATUS smbd_smb2_create_recv(struct tevent_req *treq,
38 TALLOC_CTX *mem_ctx,
39 uint8_t *out_oplock_level,
40 uint32_t *out_create_action,
41 NTTIME *out_creation_time,
42 NTTIME *out_last_access_time,
43 NTTIME *out_last_write_time,
44 NTTIME *out_change_time,
45 uint64_t *out_allocation_size,
46 uint64_t *out_end_of_file,
47 uint32_t *out_file_attributes,
48 uint64_t *out_file_id_volatile,
49 struct smb2_create_blobs *out_context_blobs);
50
51 static void smbd_smb2_request_create_done(struct tevent_req *tsubreq);
52 NTSTATUS smbd_smb2_request_process_create(struct smbd_smb2_request *smb2req)
53 {
54 const uint8_t *inbody;
55 int i = smb2req->current_idx;
56 size_t expected_body_size = 0x39;
57 size_t body_size;
58 uint8_t in_oplock_level;
59 uint32_t in_impersonation_level;
60 uint32_t in_desired_access;
61 uint32_t in_file_attributes;
62 uint32_t in_share_access;
63 uint32_t in_create_disposition;
64 uint32_t in_create_options;
65 uint16_t in_name_offset;
66 uint16_t in_name_length;
67 DATA_BLOB in_name_buffer;
68 char *in_name_string;
69 size_t in_name_string_size;
70 uint32_t name_offset = 0;
71 uint32_t name_available_length = 0;
72 uint32_t in_context_offset;
73 uint32_t in_context_length;
74 DATA_BLOB in_context_buffer;
75 struct smb2_create_blobs in_context_blobs;
76 uint32_t context_offset = 0;
77 uint32_t context_available_length = 0;
78 uint32_t dyn_offset;
79 NTSTATUS status;
80 bool ok;
81 struct tevent_req *tsubreq;
82
83 if (smb2req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
84 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
85 }
86
87 inbody = (const uint8_t *)smb2req->in.vector[i+1].iov_base;
88
89 body_size = SVAL(inbody, 0x00);
90 if (body_size != expected_body_size) {
91 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
92 }
93
94 in_oplock_level = CVAL(inbody, 0x03);
95 in_impersonation_level = IVAL(inbody, 0x04);
96 in_desired_access = IVAL(inbody, 0x18);
97 in_file_attributes = IVAL(inbody, 0x1C);
98 in_share_access = IVAL(inbody, 0x20);
99 in_create_disposition = IVAL(inbody, 0x24);
100 in_create_options = IVAL(inbody, 0x28);
101 in_name_offset = SVAL(inbody, 0x2C);
102 in_name_length = SVAL(inbody, 0x2E);
103 in_context_offset = IVAL(inbody, 0x30);
104 in_context_length = IVAL(inbody, 0x34);
105
106 /*
107 * First check if the dynamic name and context buffers
108 * are correctly specified.
109 *
110 * Note: That we don't check if the name and context buffers
111 * overlap
112 */
113
114 dyn_offset = SMB2_HDR_BODY + (body_size & 0xFFFFFFFE);
115
116 if (in_name_offset == 0 && in_name_length == 0) {
117 /* This is ok */
118 name_offset = 0;
119 } else if (in_name_offset < dyn_offset) {
120 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
121 } else {
122 name_offset = in_name_offset - dyn_offset;
123 }
124
125 if (name_offset > smb2req->in.vector[i+2].iov_len) {
126 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
127 }
128
129 name_available_length = smb2req->in.vector[i+2].iov_len - name_offset;
130
131 if (in_name_length > name_available_length) {
132 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
133 }
134
135 in_name_buffer.data = (uint8_t *)smb2req->in.vector[i+2].iov_base +
136 name_offset;
137 in_name_buffer.length = in_name_length;
138
139 if (in_context_offset == 0 && in_context_length == 0) {
140 /* This is ok */
141 context_offset = 0;
142 } else if (in_context_offset < dyn_offset) {
143 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
144 } else {
145 context_offset = in_context_offset - dyn_offset;
146 }
147
148 if (context_offset > smb2req->in.vector[i+2].iov_len) {
149 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
150 }
151
152 context_available_length = smb2req->in.vector[i+2].iov_len - context_offset;
153
154 if (in_context_length > context_available_length) {
155 return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
156 }
157
158 in_context_buffer.data = (uint8_t *)smb2req->in.vector[i+2].iov_base +
159 context_offset;
160 in_context_buffer.length = in_context_length;
161
162 /*
163 * Now interpret the name and context buffers
164 */
165
166 ok = convert_string_talloc(smb2req, CH_UTF16, CH_UNIX,
167 in_name_buffer.data,
168 in_name_buffer.length,
169 &in_name_string,
170 &in_name_string_size, false);
171 if (!ok) {
172 return smbd_smb2_request_error(smb2req, NT_STATUS_ILLEGAL_CHARACTER);
173 }
174
175 ZERO_STRUCT(in_context_blobs);
176 status = smb2_create_blob_parse(smb2req, in_context_buffer, &in_context_blobs);
177 if (!NT_STATUS_IS_OK(status)) {
178 return smbd_smb2_request_error(smb2req, status);
179 }
180
181 tsubreq = smbd_smb2_create_send(smb2req,
182 smb2req->sconn->smb2.event_ctx,
183 smb2req,
184 in_oplock_level,
185 in_impersonation_level,
186 in_desired_access,
187 in_file_attributes,
188 in_share_access,
189 in_create_disposition,
190 in_create_options,
191 in_name_string,
192 in_context_blobs);
193 if (tsubreq == NULL) {
194 smb2req->subreq = NULL;
195 return smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
196 }
197 tevent_req_set_callback(tsubreq, smbd_smb2_request_create_done, smb2req);
198
199 return smbd_smb2_request_pending_queue(smb2req, tsubreq);
200 }
201
202 static void smbd_smb2_request_create_done(struct tevent_req *tsubreq)
203 {
204 struct smbd_smb2_request *smb2req = tevent_req_callback_data(tsubreq,
205 struct smbd_smb2_request);
206 int i = smb2req->current_idx;
207 uint8_t *outhdr;
208 DATA_BLOB outbody;
209 DATA_BLOB outdyn;
210 uint8_t out_oplock_level = 0;
211 uint32_t out_create_action = 0;
212 NTTIME out_creation_time = 0;
213 NTTIME out_last_access_time = 0;
214 NTTIME out_last_write_time = 0;
215 NTTIME out_change_time = 0;
216 uint64_t out_allocation_size = 0;
217 uint64_t out_end_of_file = 0;
218 uint32_t out_file_attributes = 0;
219 uint64_t out_file_id_volatile = 0;
220 struct smb2_create_blobs out_context_blobs;
221 DATA_BLOB out_context_buffer;
222 uint16_t out_context_buffer_offset = 0;
223 NTSTATUS status;
224 NTSTATUS error; /* transport error */
225
226 status = smbd_smb2_create_recv(tsubreq,
227 smb2req,
228 &out_oplock_level,
229 &out_create_action,
230 &out_creation_time,
231 &out_last_access_time,
232 &out_last_write_time,
233 &out_change_time,
234 &out_allocation_size,
235 &out_end_of_file,
236 &out_file_attributes,
237 &out_file_id_volatile,
238 &out_context_blobs);
239 if (!NT_STATUS_IS_OK(status)) {
240 error = smbd_smb2_request_error(smb2req, status);
241 if (!NT_STATUS_IS_OK(error)) {
242 smbd_server_connection_terminate(smb2req->sconn,
243 nt_errstr(error));
244 return;
245 }
246 return;
247 }
248
249 status = smb2_create_blob_push(smb2req, &out_context_buffer, out_context_blobs);
250 if (!NT_STATUS_IS_OK(status)) {
251 error = smbd_smb2_request_error(smb2req, status);
252 if (!NT_STATUS_IS_OK(error)) {
253 smbd_server_connection_terminate(smb2req->sconn,
254 nt_errstr(error));
255 return;
256 }
257 return;
258 }
259
260 if (out_context_buffer.length > 0) {
261 out_context_buffer_offset = SMB2_HDR_BODY + 0x58;
262 }
263
264 outhdr = (uint8_t *)smb2req->out.vector[i].iov_base;
265
266 outbody = data_blob_talloc(smb2req->out.vector, NULL, 0x58);
267 if (outbody.data == NULL) {
268 error = smbd_smb2_request_error(smb2req, NT_STATUS_NO_MEMORY);
269 if (!NT_STATUS_IS_OK(error)) {
270 smbd_server_connection_terminate(smb2req->sconn,
271 nt_errstr(error));
272 return;
273 }
274 return;
275 }
276
277 SSVAL(outbody.data, 0x00, 0x58 + 1); /* struct size */
278 SCVAL(outbody.data, 0x02,
279 out_oplock_level); /* oplock level */
280 SCVAL(outbody.data, 0x03, 0); /* reserved */
281 SIVAL(outbody.data, 0x04,
282 out_create_action); /* create action */
283 SBVAL(outbody.data, 0x08,
284 out_creation_time); /* creation time */
285 SBVAL(outbody.data, 0x10,
286 out_last_access_time); /* last access time */
287 SBVAL(outbody.data, 0x18,
288 out_last_write_time); /* last write time */
289 SBVAL(outbody.data, 0x20,
290 out_change_time); /* change time */
291 SBVAL(outbody.data, 0x28,
292 out_allocation_size); /* allocation size */
293 SBVAL(outbody.data, 0x30,
294 out_end_of_file); /* end of file */
295 SIVAL(outbody.data, 0x38,
296 out_file_attributes); /* file attributes */
297 SIVAL(outbody.data, 0x3C, 0); /* reserved */
298 SBVAL(outbody.data, 0x40, 0); /* file id (persistent) */
299 SBVAL(outbody.data, 0x48,
300 out_file_id_volatile); /* file id (volatile) */
301 SIVAL(outbody.data, 0x50,
302 out_context_buffer_offset); /* create contexts offset */
303 SIVAL(outbody.data, 0x54,
304 out_context_buffer.length); /* create contexts length */
305
306 outdyn = out_context_buffer;
307
308 error = smbd_smb2_request_done(smb2req, outbody, &outdyn);
309 if (!NT_STATUS_IS_OK(error)) {
310 smbd_server_connection_terminate(smb2req->sconn,
311 nt_errstr(error));
312 return;
313 }
314 }
315
316 struct smbd_smb2_create_state {
317 struct smbd_smb2_request *smb2req;
318 struct smb_request *smb1req;
319 struct timed_event *te;
320 struct timeval request_time;
321 DATA_BLOB private_data;
322 uint8_t out_oplock_level;
323 uint32_t out_create_action;
324 NTTIME out_creation_time;
325 NTTIME out_last_access_time;
326 NTTIME out_last_write_time;
327 NTTIME out_change_time;
328 uint64_t out_allocation_size;
329 uint64_t out_end_of_file;
330 uint32_t out_file_attributes;
331 uint64_t out_file_id_volatile;
332 struct smb2_create_blobs out_context_blobs;
333 };
334
335 static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
336 struct tevent_context *ev,
337 struct smbd_smb2_request *smb2req,
338 uint8_t in_oplock_level,
339 uint32_t in_impersonation_level,
340 uint32_t in_desired_access,
341 uint32_t in_file_attributes,
342 uint32_t in_share_access,
343 uint32_t in_create_disposition,
344 uint32_t in_create_options,
345 const char *in_name,
346 struct smb2_create_blobs in_context_blobs)
347 {
348 struct tevent_req *treq = NULL;
349 struct smbd_smb2_create_state *state = NULL;
350 NTSTATUS status;
351 struct smb_request *smb1req = NULL;
352 files_struct *result = NULL;
353 int info;
354 struct timespec write_time_ts;
355 struct smb2_create_blobs out_context_blobs;
356
357 ZERO_STRUCT(out_context_blobs);
358
359 if (!smb2req->async) {
360 /* New create call. */
361 treq = tevent_req_create(mem_ctx, &state,
362 struct smbd_smb2_create_state);
363 if (treq == NULL) {
364 return NULL;
365 }
366 state->smb2req = smb2req;
367 smb2req->subreq = treq; /* So we can find this when going async. */
368
369 smb1req = smbd_smb2_fake_smb_request(smb2req);
370 if (tevent_req_nomem(smb1req, treq)) {
371 return tevent_req_post(treq, ev);
372 }
373 state->smb1req = smb1req;
374 DEBUG(10,("smbd_smb2_create: name[%s]\n",
375 in_name));
376 } else {
377 /* Re-entrant create call. */
378 treq = smb2req->subreq;
379 state = tevent_req_data(treq,
380 struct smbd_smb2_create_state);
381 smb1req = state->smb1req;
382 DEBUG(10,("smbd_smb2_create_send: reentrant for file %s\n",
383 in_name ));
384 }
385
386 if (IS_IPC(smb1req->conn)) {
387 const char *pipe_name = in_name;
388
389 if (!lp_nt_pipe_support()) {
390 tevent_req_nterror(treq, NT_STATUS_ACCESS_DENIED);
391 return tevent_req_post(treq, ev);
392 }
393
394 /* Strip \\ off the name. */
395 if (pipe_name[0] == '\\') {
396 pipe_name++;
397 }
398
399 status = open_np_file(smb1req, pipe_name, &result);
400 if (!NT_STATUS_IS_OK(status)) {
401 tevent_req_nterror(treq, status);
402 return tevent_req_post(treq, ev);
403 }
404 info = FILE_WAS_OPENED;
405 } else if (CAN_PRINT(smb1req->conn)) {
406 status = file_new(smb1req, smb1req->conn, &result);
407 if(!NT_STATUS_IS_OK(status)) {
408 tevent_req_nterror(treq, status);
409 return tevent_req_post(treq, ev);
410 }
411
412 status = print_fsp_open(smb1req,
413 smb1req->conn,
414 in_name,
415 smb1req->vuid,
416 result);
417 if (!NT_STATUS_IS_OK(status)) {
418 file_free(smb1req, result);
419 tevent_req_nterror(treq, status);
420 return tevent_req_post(treq, ev);
421 }
422 info = FILE_WAS_CREATED;
423 } else {
424 char *fname;
425 struct smb_filename *smb_fname = NULL;
426 struct smb2_create_blob *exta = NULL;
427 struct ea_list *ea_list = NULL;
428 struct smb2_create_blob *mxac = NULL;
429 NTTIME max_access_time = 0;
430 struct smb2_create_blob *secd = NULL;
431 struct security_descriptor *sec_desc = NULL;
432 struct smb2_create_blob *dhnq = NULL;
433 struct smb2_create_blob *dhnc = NULL;
434 struct smb2_create_blob *alsi = NULL;
435 uint64_t allocation_size = 0;
436 struct smb2_create_blob *twrp = NULL;
437 struct smb2_create_blob *qfid = NULL;
438
439 exta = smb2_create_blob_find(&in_context_blobs,
440 SMB2_CREATE_TAG_EXTA);
441 mxac = smb2_create_blob_find(&in_context_blobs,
442 SMB2_CREATE_TAG_MXAC);
443 secd = smb2_create_blob_find(&in_context_blobs,
444 SMB2_CREATE_TAG_SECD);
445 dhnq = smb2_create_blob_find(&in_context_blobs,
446 SMB2_CREATE_TAG_DHNQ);
447 dhnc = smb2_create_blob_find(&in_context_blobs,
448 SMB2_CREATE_TAG_DHNC);
449 alsi = smb2_create_blob_find(&in_context_blobs,
450 SMB2_CREATE_TAG_ALSI);
451 twrp = smb2_create_blob_find(&in_context_blobs,
452 SMB2_CREATE_TAG_TWRP);
453 qfid = smb2_create_blob_find(&in_context_blobs,
454 SMB2_CREATE_TAG_QFID);
455
456 fname = talloc_strdup(state, in_name);
457 if (tevent_req_nomem(fname, treq)) {
458 return tevent_req_post(treq, ev);
459 }
460
461 if (exta) {
462 if (dhnc) {
463 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
464 return tevent_req_post(treq, ev);
465 }
466
467 ea_list = read_nttrans_ea_list(mem_ctx,
468 (const char *)exta->data.data, exta->data.length);
469 if (!ea_list) {
470 DEBUG(10,("smbd_smb2_create_send: read_ea_name_list failed.\n"));
471 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
472 return tevent_req_post(treq, ev);
473 }
474 }
475
476 if (mxac) {
477 if (dhnc) {
478 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
479 return tevent_req_post(treq, ev);
480 }
481
482 if (mxac->data.length == 0) {
483 max_access_time = 0;
484 } else if (mxac->data.length == 8) {
485 max_access_time = BVAL(mxac->data.data, 0);
486 } else {
487 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
488 return tevent_req_post(treq, ev);
489 }
490 }
491
492 if (secd) {
493 enum ndr_err_code ndr_err;
494
495 if (dhnc) {
496 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
497 return tevent_req_post(treq, ev);
498 }
499
500 sec_desc = talloc_zero(state, struct security_descriptor);
501 if (tevent_req_nomem(sec_desc, treq)) {
502 return tevent_req_post(treq, ev);
503 }
504
505 ndr_err = ndr_pull_struct_blob(&secd->data,
506 sec_desc, NULL, sec_desc,
507 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
508 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
509 DEBUG(2,("ndr_pull_security_descriptor failed: %s\n",
510 ndr_errstr(ndr_err)));
511 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
512 return tevent_req_post(treq, ev);
513 }
514 }
515
516 if (dhnq) {
517 if (dhnc) {
518 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
519 return tevent_req_post(treq, ev);
520 }
521
522 if (dhnq->data.length != 16) {
523 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
524 return tevent_req_post(treq, ev);
525 }
526 /*
527 * we don't support durable handles yet
528 * and have to ignore this
529 */
530 }
531
532 if (dhnc) {
533 if (dhnc->data.length != 16) {
534 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
535 return tevent_req_post(treq, ev);
536 }
537 /* we don't support durable handles yet */
538 tevent_req_nterror(treq, NT_STATUS_OBJECT_NAME_NOT_FOUND);
539 return tevent_req_post(treq, ev);
540 }
541
542 if (alsi) {
543 if (dhnc) {
544 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
545 return tevent_req_post(treq, ev);
546 }
547
548 if (alsi->data.length != 8) {
549 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
550 return tevent_req_post(treq, ev);
551 }
552 allocation_size = BVAL(alsi->data.data, 0);
553 }
554
555 if (twrp) {
556 NTTIME nttime;
557 time_t t;
558 struct tm *tm;
559
560 if (dhnc) {
561 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
562 return tevent_req_post(treq, ev);
563 }
564
565 if (twrp->data.length != 8) {
566 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
567 return tevent_req_post(treq, ev);
568 }
569
570 nttime = BVAL(twrp->data.data, 0);
571 t = nt_time_to_unix(nttime);
572 tm = gmtime(&t);
573
574 TALLOC_FREE(fname);
575 fname = talloc_asprintf(state,
576 "@GMT-%04u.%02u.%02u-%02u.%02u.%02u\\%s",
577 tm->tm_year + 1900,
578 tm->tm_mon + 1,
579 tm->tm_mday,
580 tm->tm_hour,
581 tm->tm_min,
582 tm->tm_sec,
583 in_name);
584 if (tevent_req_nomem(fname, treq)) {
585 return tevent_req_post(treq, ev);
586 }
587 }
588
589 if (qfid) {
590 if (qfid->data.length != 0) {
591 tevent_req_nterror(treq, NT_STATUS_INVALID_PARAMETER);
592 return tevent_req_post(treq, ev);
593 }
594 }
595
596 /* these are ignored for SMB2 */
597 in_create_options &= ~(0x10);/* NTCREATEX_OPTIONS_SYNC_ALERT */
598 in_create_options &= ~(0x20);/* NTCREATEX_OPTIONS_ASYNC_ALERT */
599
600 /* convert '\\' into '/' */
601 status = check_path_syntax(fname);
602 if (!NT_STATUS_IS_OK(status)) {
603 tevent_req_nterror(treq, status);
604 return tevent_req_post(treq, ev);
605 }
606
607 status = filename_convert(treq,
608 smb1req->conn,
609 smb1req->flags2 & FLAGS2_DFS_PATHNAMES,
610 fname,
611 0,
612 NULL,
613 &smb_fname);
614 if (!NT_STATUS_IS_OK(status)) {
615 tevent_req_nterror(treq, status);
616 return tevent_req_post(treq, ev);
617 }
618
619 status = SMB_VFS_CREATE_FILE(smb1req->conn,
620 smb1req,
621 0, /* root_dir_fid */
622 smb_fname,
623 in_desired_access,
624 in_share_access,
625 in_create_disposition,
626 in_create_options,
627 in_file_attributes,
628 0, /* oplock_request */
629 allocation_size,
630 0, /* private_flags */
631 sec_desc,
632 ea_list,
633 &result,
634 &info);
635 if (!NT_STATUS_IS_OK(status)) {
636 if (open_was_deferred(smb1req->mid)) {
637 return treq;
638 }
639 tevent_req_nterror(treq, status);
640 return tevent_req_post(treq, ev);
641 }
642
643 if (mxac) {
644 NTTIME last_write_time;
645
646 unix_timespec_to_nt_time(&last_write_time,
647 result->fsp_name->st.st_ex_mtime);
648 if (last_write_time != max_access_time) {
649 uint8_t p[8];
650 uint32_t max_access_granted;
651 DATA_BLOB blob = data_blob_const(p, sizeof(p));
652
653 status = smbd_check_open_rights(smb1req->conn,
654 result->fsp_name,
655 SEC_FLAG_MAXIMUM_ALLOWED,
656 &max_access_granted);
657
658 SIVAL(p, 0, NT_STATUS_V(status));
659 SIVAL(p, 4, max_access_granted);
660
661 status = smb2_create_blob_add(state,
662 &out_context_blobs,
663 SMB2_CREATE_TAG_MXAC,
664 blob);
665 if (!NT_STATUS_IS_OK(status)) {
666 tevent_req_nterror(treq, status);
667 return tevent_req_post(treq, ev);
668 }
669 }
670 }
671
672 if (qfid) {
673 uint8_t p[32];
674 DATA_BLOB blob = data_blob_const(p, sizeof(p));
675
676 ZERO_STRUCT(p);
677
678 /* TODO: maybe use result->file_id */
679 SIVAL(p, 0, result->fsp_name->st.st_ex_ino);/* FileIndexLow */
680 SIVAL(p, 4, result->fsp_name->st.st_ex_dev);/* FileIndexHigh */
681
682 status = smb2_create_blob_add(state, &out_context_blobs,
683 SMB2_CREATE_TAG_QFID,
684 blob);
685 if (!NT_STATUS_IS_OK(status)) {
686 tevent_req_nterror(treq, status);
687 return tevent_req_post(treq, ev);
688 }
689 }
690 }
691
692 smb2req->compat_chain_fsp = smb1req->chain_fsp;
693
694 state->out_oplock_level = 0;
695 if ((in_create_disposition == FILE_SUPERSEDE)
696 && (info == FILE_WAS_OVERWRITTEN)) {
697 state->out_create_action = FILE_WAS_SUPERSEDED;
698 } else {
699 state->out_create_action = info;
700 }
701 state->out_file_attributes = dos_mode(result->conn,
702 result->fsp_name);
703 /* Deal with other possible opens having a modified
704 write time. JRA. */
705 ZERO_STRUCT(write_time_ts);
706 get_file_infos(result->file_id, NULL, &write_time_ts);
707 if (!null_timespec(write_time_ts)) {
708 update_stat_ex_mtime(&result->fsp_name->st, write_time_ts);
709 }
710
711 unix_timespec_to_nt_time(&state->out_creation_time,
712 get_create_timespec(smb1req->conn, result,
713 result->fsp_name));
714 unix_timespec_to_nt_time(&state->out_last_access_time,
715 result->fsp_name->st.st_ex_atime);
716 unix_timespec_to_nt_time(&state->out_last_write_time,
717 result->fsp_name->st.st_ex_mtime);
718 unix_timespec_to_nt_time(&state->out_change_time,
719 get_change_timespec(smb1req->conn, result,
720 result->fsp_name));
721 state->out_allocation_size =
722 result->fsp_name->st.st_ex_blksize *
723 result->fsp_name->st.st_ex_blocks;
724 state->out_end_of_file = result->fsp_name->st.st_ex_size;
725 if (state->out_file_attributes == 0) {
726 state->out_file_attributes = FILE_ATTRIBUTE_NORMAL;
727 }
728 state->out_file_id_volatile = result->fnum;
729 state->out_context_blobs = out_context_blobs;
730
731 tevent_req_done(treq);
732 return tevent_req_post(treq, ev);
733 }
734
735 static NTSTATUS smbd_smb2_create_recv(struct tevent_req *treq,
736 TALLOC_CTX *mem_ctx,
737 uint8_t *out_oplock_level,
738 uint32_t *out_create_action,
739 NTTIME *out_creation_time,
740 NTTIME *out_last_access_time,
741 NTTIME *out_last_write_time,
742 NTTIME *out_change_time,
743 uint64_t *out_allocation_size,
744 uint64_t *out_end_of_file,
745 uint32_t *out_file_attributes,
746 uint64_t *out_file_id_volatile,
747 struct smb2_create_blobs *out_context_blobs)
748 {
749 NTSTATUS status;
750 struct smbd_smb2_create_state *state = tevent_req_data(treq,
751 struct smbd_smb2_create_state);
752
753 if (tevent_req_is_nterror(treq, &status)) {
754 tevent_req_received(treq);
755 return status;
756 }
757
758 *out_oplock_level = state->out_oplock_level;
759 *out_create_action = state->out_create_action;
760 *out_creation_time = state->out_creation_time;
761 *out_last_access_time = state->out_last_access_time;
762 *out_last_write_time = state->out_last_write_time;
763 *out_change_time = state->out_change_time;
764 *out_allocation_size = state->out_allocation_size;
765 *out_end_of_file = state->out_end_of_file;
766 *out_file_attributes = state->out_file_attributes;
767 *out_file_id_volatile = state->out_file_id_volatile;
768 *out_context_blobs = state->out_context_blobs;
769
770 talloc_steal(mem_ctx, state->out_context_blobs.blobs);
771
772 tevent_req_received(treq);
773 return NT_STATUS_OK;
774 }
775
776 /*********************************************************
777 Code for dealing with deferred opens.
778 *********************************************************/
779
780 bool get_deferred_open_message_state_smb2(struct smbd_smb2_request *smb2req,
781 struct timeval *p_request_time,
782 void **pp_state)
783 {
784 struct smbd_smb2_create_state *state = NULL;
785 struct tevent_req *treq = NULL;
786
787 if (!smb2req) {
788 return false;
789 }
790 if (!smb2req->async) {
791 return false;
792 }
793 treq = smb2req->subreq;
794 if (!treq) {
795 return false;
796 }
797 state = tevent_req_data(treq, struct smbd_smb2_create_state);
798 if (!state) {
799 return false;
800 }
801 if (p_request_time) {
802 *p_request_time = state->request_time;
803 }
804 if (pp_state) {
805 *pp_state = (void *)state->private_data.data;
806 }
807 return true;
808 }
809
810 /*********************************************************
811 Re-process this call early - requested by message or
812 close.
813 *********************************************************/
814
815 static struct smbd_smb2_request *find_open_smb2req(uint64_t mid)
816 {
817 struct smbd_server_connection *sconn = smbd_server_conn;
818 struct smbd_smb2_request *smb2req;
819
820 for (smb2req = sconn->smb2.requests; smb2req; smb2req = smb2req->next) {
821 uint8_t *reqhdr = (uint8_t *)smb2req->out.vector[smb2req->current_idx].iov_base;
822 uint64_t message_id = BVAL(reqhdr, SMB2_HDR_MESSAGE_ID);
823 if (message_id == mid) {
824 return smb2req;
825 }
826 }
827 return NULL;
828 }
829
830 bool open_was_deferred_smb2(uint64_t mid)
831 {
832 struct smbd_smb2_create_state *state = NULL;
833 struct smbd_smb2_request *smb2req = find_open_smb2req(mid);
834
835 if (!smb2req) {
836 DEBUG(10,("open_was_deferred_smb2: mid %llu smb2req == NULL\n",
837 (unsigned long long)mid));
838 return false;
839 }
840 if (!smb2req->subreq) {
841 return false;
842 }
843 if (!tevent_req_is_in_progress(smb2req->subreq)) {
844 return false;
845 }
846 state = tevent_req_data(smb2req->subreq,
847 struct smbd_smb2_create_state);
848 if (!state) {
849 return false;
850 }
851 /* It's not in progress if there's no timeout event. */
852 if (!state->te) {
853 return false;
854 }
855
856 DEBUG(10,("open_was_deferred_smb2: mid = %llu\n",
857 (unsigned long long)mid));
858
859 return true;
860 }
861
862 void remove_deferred_open_message_smb2(uint64_t mid)
863 {
864 struct smbd_smb2_create_state *state = NULL;
865 struct smbd_smb2_request *smb2req = find_open_smb2req(mid);
866
867 if (!smb2req) {
868 DEBUG(10,("remove_deferred_open_message_smb2: "
869 "can't find mid %llu\n",
870 (unsigned long long)mid ));
871 return;
872 }
873 if (!smb2req->subreq) {
874 return;
875 }
876 if (!tevent_req_is_in_progress(smb2req->subreq)) {
877 return;
878 }
879 state = tevent_req_data(smb2req->subreq,
880 struct smbd_smb2_create_state);
881 if (!state) {
882 return;
883 }
884
885 DEBUG(10,("remove_deferred_open_message_smb2: "
886 "mid %llu\n",
887 (unsigned long long)mid ));
888
889 /* Ensure we don't have any outstanding timer event. */
890 TALLOC_FREE(state->te);
891 }
892
893 void schedule_deferred_open_message_smb2(uint64_t mid)
894 {
895 struct tevent_immediate *im = NULL;
896 struct smbd_smb2_create_state *state = NULL;
897 struct smbd_smb2_request *smb2req = find_open_smb2req(mid);
898
899 if (!smb2req) {
900 DEBUG(10,("schedule_deferred_open_message_smb2: "
901 "can't find mid %llu\n",
902 (unsigned long long)mid ));
903 return;
904 }
905 if (!smb2req->subreq) {
906 return;
907 }
908 if (!tevent_req_is_in_progress(smb2req->subreq)) {
909 return;
910 }
911 state = tevent_req_data(smb2req->subreq,
912 struct smbd_smb2_create_state);
913 if (!state) {
914 return;
915 }
916 /* Ensure we don't have any outstanding timer event. */
917 TALLOC_FREE(state->te);
918
919 im = tevent_create_immediate(smb2req);
920 if (!im) {
921 smbd_server_connection_terminate(smb2req->sconn,
922 nt_errstr(NT_STATUS_NO_MEMORY));
923 }
924
925 DEBUG(10,("schedule_deferred_open_message_smb2: "
926 "re-processing mid %llu\n",
927 (unsigned long long)mid ));
928
929 tevent_schedule_immediate(im,
930 smb2req->sconn->smb2.event_ctx,
931 smbd_smb2_request_dispatch_immediate,
932 smb2req);
933 }
934
935 /*********************************************************
936 Re-process this call.
937 *********************************************************/
938
939 static void smb2_deferred_open_timer(struct event_context *ev,
940 struct timed_event *te,
941 struct timeval _tval,
942 void *private_data)
943 {
944 NTSTATUS status;
945 struct smbd_smb2_create_state *state = NULL;
946 struct smbd_smb2_request *smb2req = talloc_get_type(private_data,
947 struct smbd_smb2_request);
948
949 DEBUG(10,("smb2_deferred_open_timer: [idx=%d], %s\n",
950 smb2req->current_idx,
951 tevent_req_default_print(smb2req->subreq, talloc_tos()) ));
952
953 state = tevent_req_data(smb2req->subreq,
954 struct smbd_smb2_create_state);
955 if (!state) {
956 return;
957 }
958 /*
959 * Null this out, don't talloc_free. It will
960 * be talloc_free'd by the tevent library when
961 * this returns.
962 */
963 state->te = NULL;
964
965 /*
966 * This is subtle. We must null out the callback
967 * before resheduling, else the first call to
968 * tevent_req_nterror() causes the _receive()
969 * function to be called, this causing tevent_req_post()
970 * to crash.
971 */
972 tevent_req_set_callback(smb2req->subreq, NULL, NULL);
973
974 status = smbd_smb2_request_dispatch(smb2req);
975
976 if (!NT_STATUS_IS_OK(status)) {
977 smbd_server_connection_terminate(smb2req->sconn,
978 nt_errstr(status));
979 }
980 }
981
982 bool push_deferred_open_message_smb2(struct smbd_smb2_request *smb2req,
983 struct timeval request_time,
984 struct timeval timeout,
985 char *private_data,
986 size_t priv_len)
987 {
988 struct tevent_req *treq = NULL;
989 struct smbd_smb2_create_state *state = NULL;
990 struct timeval end_time;
991
992 if (!smb2req) {
993 return false;
994 }
995 treq = smb2req->subreq;
996 if (!treq) {
997 return false;
998 }
999 state = tevent_req_data(treq, struct smbd_smb2_create_state);
1000 if (!state) {
1001 return false;
1002 }
1003 state->request_time = request_time;
1004 state->private_data = data_blob_talloc(state, private_data,
1005 priv_len);
1006 if (!state->private_data.data) {
1007 return false;
1008 }
1009 #if 0
1010 /* Boo - turns out this isn't what W2K8R2
1011 does. It actually sends the STATUS_PENDING
1012 message followed by the STATUS_SHARING_VIOLATION
1013 message. Surely this means that all open
1014 calls (even on directories) will potentially
1015 fail in a chain.... ? And I've seen directory
1016 opens as the start of a chain. JRA.
1017 */
1018 /*
1019 * More subtlety. To match W2K8R2 don't
1020 * send a "gone async" message if it's simply
1021 * a STATUS_SHARING_VIOLATION (short) wait, not
1022 * an oplock break wait. We do this by prematurely
1023 * setting smb2req->async flag.
1024 */
1025 if (timeout.tv_sec < 2) {
1026 DEBUG(10,("push_deferred_open_message_smb2: "
1027 "short timer wait (usec = %u). "
1028 "Don't send async message.\n",
1029 (unsigned int)timeout.tv_usec ));
1030 smb2req->async = true;
1031 }
1032 #endif
1033
1034 /* Re-schedule us to retry on timer expiry. */
1035 end_time = timeval_sum(&request_time, &timeout);
1036
1037 DEBUG(10,("push_deferred_open_message_smb2: "
1038 "timeout at %s\n",
1039 timeval_string(talloc_tos(),
1040 &end_time,
1041 true) ));
1042
1043 state->te = event_add_timed(smb2req->sconn->smb2.event_ctx,
1044 state,
1045 end_time,
1046 smb2_deferred_open_timer,
1047 smb2req);
1048 if (!state->te) {
1049 return false;
1050 }
1051 return true;
1052 }