search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
uint -> uint32.
[Samba/ekacnet.git] / source / smbd / nttrans.c
blobf0403f011e6d2da364dbe09c49085743e8d1ce3f
1 /*
2 Unix SMB/Netbios implementation.
3 Version 1.9.
4 SMB NT transaction handling
5 Copyright (C) Jeremy Allison 1994-1998
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22 #include "includes.h"
23
24 extern int DEBUGLEVEL;
25 extern int Protocol;
26 extern int smb_read_error;
27 extern int global_oplock_break;
28 extern BOOL case_sensitive;
29 extern BOOL case_preserve;
30 extern BOOL short_case_preserve;
31
32 static char *known_nt_pipes[] = {
33 "\\LANMAN",
34 "\\srvsvc",
35 "\\samr",
36 "\\wkssvc",
37 "\\NETLOGON",
38 "\\ntlsa",
39 "\\ntsvcs",
40 "\\lsass",
41 "\\lsarpc",
42 "\\winreg",
43 "\\spoolss",
44 #ifdef WITH_MSDFS
45 "\\netdfs",
46 #endif
47 NULL
48 };
49
50 /* Map generic permissions to file object specific permissions */
51
52 struct generic_mapping file_generic_mapping = {
53 FILE_GENERIC_READ,
54 FILE_GENERIC_WRITE,
55 FILE_GENERIC_EXECUTE,
56 FILE_GENERIC_ALL
57 };
58
59 /****************************************************************************
60 Send the required number of replies back.
61 We assume all fields other than the data fields are
62 set correctly for the type of call.
63 HACK ! Always assumes smb_setup field is zero.
64 ****************************************************************************/
65
66 static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, uint32 nt_error, char *params,
67 int paramsize, char *pdata, int datasize)
68 {
69 extern int max_send;
70 int data_to_send = datasize;
71 int params_to_send = paramsize;
72 int useable_space;
73 char *pp = params;
74 char *pd = pdata;
75 int params_sent_thistime, data_sent_thistime, total_sent_thistime;
76 int alignment_offset = 3;
77 int data_alignment_offset = 0;
78
79 /*
80 * Initially set the wcnt area to be 18 - this is true for all
81 * transNT replies.
82 */
83
84 set_message(outbuf,18,0,True);
85
86 if(nt_error != 0) {
87 /* NT Error. */
88 SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
89
90 ERROR(0,nt_error);
91 }
92
93 /*
94 * If there genuinely are no parameters or data to send just send
95 * the empty packet.
96 */
97
98 if(params_to_send == 0 && data_to_send == 0) {
99 if (!send_smb(smbd_server_fd(),outbuf))
100 exit_server("send_nt_replies: send_smb failed.\n");
101 return 0;
102 }
103
104 /*
105 * When sending params and data ensure that both are nicely aligned.
106 * Only do this alignment when there is also data to send - else
107 * can cause NT redirector problems.
108 */
109
110 if (((params_to_send % 4) != 0) && (data_to_send != 0))
111 data_alignment_offset = 4 - (params_to_send % 4);
112
113 /*
114 * Space is bufsize minus Netbios over TCP header minus SMB header.
115 * The alignment_offset is to align the param bytes on a four byte
116 * boundary (2 bytes for data len, one byte pad).
117 * NT needs this to work correctly.
118 */
119
120 useable_space = bufsize - ((smb_buf(outbuf)+
121 alignment_offset+data_alignment_offset) -
122 outbuf);
123
124 /*
125 * useable_space can never be more than max_send minus the
126 * alignment offset.
127 */
128
129 useable_space = MIN(useable_space,
130 max_send - (alignment_offset+data_alignment_offset));
131
132
133 while (params_to_send || data_to_send) {
134
135 /*
136 * Calculate whether we will totally or partially fill this packet.
137 */
138
139 total_sent_thistime = params_to_send + data_to_send +
140 alignment_offset + data_alignment_offset;
141
142 /*
143 * We can never send more than useable_space.
144 */
145
146 total_sent_thistime = MIN(total_sent_thistime, useable_space);
147
148 set_message(outbuf, 18, total_sent_thistime, True);
149
150 /*
151 * Set total params and data to be sent.
152 */
153
154 SIVAL(outbuf,smb_ntr_TotalParameterCount,paramsize);
155 SIVAL(outbuf,smb_ntr_TotalDataCount,datasize);
156
157 /*
158 * Calculate how many parameters and data we can fit into
159 * this packet. Parameters get precedence.
160 */
161
162 params_sent_thistime = MIN(params_to_send,useable_space);
163 data_sent_thistime = useable_space - params_sent_thistime;
164 data_sent_thistime = MIN(data_sent_thistime,data_to_send);
165
166 SIVAL(outbuf,smb_ntr_ParameterCount,params_sent_thistime);
167
168 if(params_sent_thistime == 0) {
169 SIVAL(outbuf,smb_ntr_ParameterOffset,0);
170 SIVAL(outbuf,smb_ntr_ParameterDisplacement,0);
171 } else {
172 /*
173 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
174 * parameter bytes, however the first 4 bytes of outbuf are
175 * the Netbios over TCP header. Thus use smb_base() to subtract
176 * them from the calculation.
177 */
178
179 SIVAL(outbuf,smb_ntr_ParameterOffset,
180 ((smb_buf(outbuf)+alignment_offset) - smb_base(outbuf)));
181 /*
182 * Absolute displacement of param bytes sent in this packet.
183 */
184
185 SIVAL(outbuf,smb_ntr_ParameterDisplacement,pp - params);
186 }
187
188 /*
189 * Deal with the data portion.
190 */
191
192 SIVAL(outbuf,smb_ntr_DataCount, data_sent_thistime);
193
194 if(data_sent_thistime == 0) {
195 SIVAL(outbuf,smb_ntr_DataOffset,0);
196 SIVAL(outbuf,smb_ntr_DataDisplacement, 0);
197 } else {
198 /*
199 * The offset of the data bytes is the offset of the
200 * parameter bytes plus the number of parameters being sent this time.
201 */
202
203 SIVAL(outbuf,smb_ntr_DataOffset,((smb_buf(outbuf)+alignment_offset) -
204 smb_base(outbuf)) + params_sent_thistime + data_alignment_offset);
205 SIVAL(outbuf,smb_ntr_DataDisplacement, pd - pdata);
206 }
207
208 /*
209 * Copy the param bytes into the packet.
210 */
211
212 if(params_sent_thistime)
213 memcpy((smb_buf(outbuf)+alignment_offset),pp,params_sent_thistime);
214
215 /*
216 * Copy in the data bytes
217 */
218
219 if(data_sent_thistime)
220 memcpy(smb_buf(outbuf)+alignment_offset+params_sent_thistime+
221 data_alignment_offset,pd,data_sent_thistime);
222
223 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
224 params_sent_thistime, data_sent_thistime, useable_space));
225 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
226 params_to_send, data_to_send, paramsize, datasize));
227
228 /* Send the packet */
229 if (!send_smb(smbd_server_fd(),outbuf))
230 exit_server("send_nt_replies: send_smb failed.\n");
231
232 pp += params_sent_thistime;
233 pd += data_sent_thistime;
234
235 params_to_send -= params_sent_thistime;
236 data_to_send -= data_sent_thistime;
237
238 /*
239 * Sanity check
240 */
241
242 if(params_to_send < 0 || data_to_send < 0) {
243 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
244 params_to_send, data_to_send));
245 return -1;
246 }
247 }
248
249 return 0;
250 }
251
252 /****************************************************************************
253 Save case statics.
254 ****************************************************************************/
255
256 static BOOL saved_case_sensitive;
257 static BOOL saved_case_preserve;
258 static BOOL saved_short_case_preserve;
259
260 /****************************************************************************
261 Save case semantics.
262 ****************************************************************************/
263
264 static void set_posix_case_semantics(uint32 file_attributes)
265 {
266 if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS))
267 return;
268
269 saved_case_sensitive = case_sensitive;
270 saved_case_preserve = case_preserve;
271 saved_short_case_preserve = short_case_preserve;
272
273 /* Set to POSIX. */
274 case_sensitive = True;
275 case_preserve = True;
276 short_case_preserve = True;
277 }
278
279 /****************************************************************************
280 Restore case semantics.
281 ****************************************************************************/
282
283 static void restore_case_semantics(uint32 file_attributes)
284 {
285 if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS))
286 return;
287
288 case_sensitive = saved_case_sensitive;
289 case_preserve = saved_case_preserve;
290 short_case_preserve = saved_short_case_preserve;
291 }
292
293 /****************************************************************************
294 Utility function to map create disposition.
295 ****************************************************************************/
296
297 static int map_create_disposition( uint32 create_disposition)
298 {
299 int ret;
300
301 switch( create_disposition ) {
302 case FILE_CREATE:
303 /* create if not exist, fail if exist */
304 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_FAIL);
305 break;
306 case FILE_SUPERSEDE:
307 case FILE_OVERWRITE_IF:
308 /* create if not exist, trunc if exist */
309 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE);
310 break;
311 case FILE_OPEN:
312 /* fail if not exist, open if exists */
313 ret = (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN);
314 break;
315 case FILE_OPEN_IF:
316 /* create if not exist, open if exists */
317 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_OPEN);
318 break;
319 case FILE_OVERWRITE:
320 /* fail if not exist, truncate if exists */
321 ret = (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE);
322 break;
323 default:
324 DEBUG(0,("map_create_disposition: Incorrect value for create_disposition = %d\n",
325 create_disposition ));
326 return -1;
327 }
328
329 DEBUG(10,("map_create_disposition: Mapped create_disposition %lx to %x\n",
330 (unsigned long)create_disposition, ret ));
331
332 return ret;
333 }
334
335 /****************************************************************************
336 Utility function to map share modes.
337 ****************************************************************************/
338
339 static int map_share_mode( BOOL *pstat_open_only, char *fname,
340 uint32 desired_access, uint32 share_access, uint32 file_attributes)
341 {
342 int smb_open_mode = -1;
343
344 *pstat_open_only = False;
345
346 /*
347 * Convert GENERIC bits to specific bits.
348 */
349
350 se_map_generic(&desired_access, &file_generic_mapping);
351
352 switch( desired_access & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA) ) {
353 case FILE_READ_DATA:
354 smb_open_mode = DOS_OPEN_RDONLY;
355 break;
356 case FILE_WRITE_DATA:
357 case FILE_APPEND_DATA:
358 case FILE_WRITE_DATA|FILE_APPEND_DATA:
359 smb_open_mode = DOS_OPEN_WRONLY;
360 break;
361 case FILE_READ_DATA|FILE_WRITE_DATA:
362 case FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA:
363 case FILE_READ_DATA|FILE_APPEND_DATA:
364 smb_open_mode = DOS_OPEN_RDWR;
365 break;
366 }
367
368 /*
369 * NB. For DELETE_ACCESS we should really check the
370 * directory permissions, as that is what controls
371 * delete, and for WRITE_DAC_ACCESS we should really
372 * check the ownership, as that is what controls the
373 * chmod. Note that this is *NOT* a security hole (this
374 * note is for you, Andrew) as we are not *allowing*
375 * the access at this point, the actual unlink or
376 * chown or chmod call would do this. We are just helping
377 * clients out by telling them if they have a hope
378 * of any of this succeeding. POSIX acls may still
379 * deny the real call. JRA.
380 */
381
382 if (smb_open_mode == -1) {
383
384 if(desired_access == WRITE_DAC_ACCESS || desired_access == READ_CONTROL_ACCESS)
385 *pstat_open_only = True;
386
387 if(desired_access & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|
388 FILE_EXECUTE|FILE_READ_ATTRIBUTES|
389 FILE_READ_EA|FILE_WRITE_EA|SYSTEM_SECURITY_ACCESS|
390 FILE_WRITE_ATTRIBUTES|READ_CONTROL_ACCESS)) {
391 smb_open_mode = DOS_OPEN_RDONLY;
392 } else if(desired_access == 0) {
393
394 /*
395 * JRA - NT seems to sometimes send desired_access as zero. play it safe
396 * and map to a stat open.
397 */
398
399 *pstat_open_only = True;
400 smb_open_mode = DOS_OPEN_RDONLY;
401
402 } else {
403 DEBUG(0,("map_share_mode: Incorrect value %lx for desired_access to file %s\n",
404 (unsigned long)desired_access, fname));
405 return -1;
406 }
407 }
408
409 /*
410 * Set the special bit that means allow share delete.
411 * This is held outside the normal share mode bits at 1<<15.
412 * JRA.
413 */
414
415 if(share_access & FILE_SHARE_DELETE) {
416 smb_open_mode |= ALLOW_SHARE_DELETE;
417 DEBUG(10,("map_share_mode: FILE_SHARE_DELETE requested. open_mode = %x\n", smb_open_mode));
418 }
419
420 /*
421 * We need to store the intent to open for Delete. This
422 * is what determines if a delete on close flag can be set.
423 * This is the wrong way (and place) to store this, but for 2.2 this
424 * is the only practical way. JRA.
425 */
426
427 if(desired_access & DELETE_ACCESS) {
428 smb_open_mode |= DELETE_ACCESS_REQUESTED;
429 DEBUG(10,("map_share_mode: DELETE_ACCESS requested. open_mode = %x\n", smb_open_mode));
430 }
431
432 /* Add in the requested share mode. */
433 switch( share_access & (FILE_SHARE_READ|FILE_SHARE_WRITE)) {
434 case FILE_SHARE_READ:
435 smb_open_mode |= SET_DENY_MODE(DENY_WRITE);
436 break;
437 case FILE_SHARE_WRITE:
438 smb_open_mode |= SET_DENY_MODE(DENY_READ);
439 break;
440 case (FILE_SHARE_READ|FILE_SHARE_WRITE):
441 smb_open_mode |= SET_DENY_MODE(DENY_NONE);
442 break;
443 case FILE_SHARE_NONE:
444 smb_open_mode |= SET_DENY_MODE(DENY_ALL);
445 break;
446 }
447
448 /*
449 * Handle an O_SYNC request.
450 */
451
452 if(file_attributes & FILE_FLAG_WRITE_THROUGH)
453 smb_open_mode |= FILE_SYNC_OPENMODE;
454
455 DEBUG(10,("map_share_mode: Mapped desired access %lx, share access %lx, file attributes %lx \
456 to open_mode %x\n", (unsigned long)desired_access, (unsigned long)share_access,
457 (unsigned long)file_attributes, smb_open_mode ));
458
459 return smb_open_mode;
460 }
461
462 #if 0
463 /*
464 * This is a *disgusting* hack.
465 * This is *so* bad that even I'm embarrassed (and I
466 * have no shame). Here's the deal :
467 * Until we get the correct SPOOLSS code into smbd
468 * then when we're running with NT SMB support then
469 * NT makes this call with a level of zero, and then
470 * immediately follows it with an open request to
471 * the \\SRVSVC pipe. If we allow that open to
472 * succeed then NT barfs when it cannot open the
473 * \\SPOOLSS pipe immediately after and continually
474 * whines saying "Printer name is invalid" forever
475 * after. If we cause *JUST THIS NEXT OPEN* of \\SRVSVC
476 * to fail, then NT downgrades to using the downlevel code
477 * and everything works as well as before. I hate
478 * myself for adding this code.... JRA.
479 *
480 * The HACK_FAIL_TIME define allows only a 2
481 * second window for this to occur, just in
482 * case...
483 */
484
485 static BOOL fail_next_srvsvc = False;
486 static time_t fail_time;
487 #define HACK_FAIL_TIME 2 /* In seconds. */
488
489 void fail_next_srvsvc_open(void)
490 {
491 /* Check client is WinNT proper; Win2K doesn't like Jeremy's hack - matty */
492 if (get_remote_arch() != RA_WINNT)
493 return;
494
495 fail_next_srvsvc = True;
496 fail_time = time(NULL);
497 DEBUG(10,("fail_next_srvsvc_open: setting up timeout close of \\srvsvc pipe for print fix.\n"));
498 }
499
500 /*
501 * HACK alert.... see above - JRA.
502 */
503
504 BOOL should_fail_next_srvsvc_open(const char *pipename)
505 {
506
507 DEBUG(10,("should_fail_next_srvsvc_open: fail = %d, pipe = %s\n",
508 (int)fail_next_srvsvc, pipename));
509
510 if(fail_next_srvsvc && (time(NULL) > fail_time + HACK_FAIL_TIME)) {
511 fail_next_srvsvc = False;
512 fail_time = (time_t)0;
513 DEBUG(10,("should_fail_next_srvsvc_open: End of timeout close of \\srvsvc pipe for print fix.\n"));
514 }
515
516 if(fail_next_srvsvc && strequal(pipename, "srvsvc")) {
517 fail_next_srvsvc = False;
518 DEBUG(10,("should_fail_next_srvsvc_open: Deliberately failing open of \\srvsvc pipe for print fix.\n"));
519 return True;
520 }
521 return False;
522 }
523 #endif
524
525 /****************************************************************************
526 Reply to an NT create and X call on a pipe.
527 ****************************************************************************/
528 static int nt_open_pipe(char *fname, connection_struct *conn,
529 char *inbuf, char *outbuf, int *ppnum)
530 {
531 pipes_struct *p = NULL;
532
533 uint16 vuid = SVAL(inbuf, smb_uid);
534 int i;
535
536 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
537
538 /* See if it is one we want to handle. */
539 for( i = 0; known_nt_pipes[i]; i++ )
540 if( strequal(fname,known_nt_pipes[i]))
541 break;
542
543 if ( known_nt_pipes[i] == NULL )
544 return(ERROR(ERRSRV,ERRaccess));
545
546 /* Strip \\ off the name. */
547 fname++;
548
549 #if 0
550 if(should_fail_next_srvsvc_open(fname))
551 return (ERROR(ERRSRV,ERRaccess));
552 #endif
553
554 DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
555
556 p = open_rpc_pipe_p(fname, conn, vuid);
557 if (!p)
558 return(ERROR(ERRSRV,ERRnofids));
559
560 *ppnum = p->pnum;
561
562 return 0;
563 }
564
565 /****************************************************************************
566 Reply to an NT create and X call for pipes.
567 ****************************************************************************/
568
569 static int do_ntcreate_pipe_open(connection_struct *conn,
570 char *inbuf,char *outbuf,int length,int bufsize)
571 {
572 pstring fname;
573 int ret;
574 int pnum = -1;
575 char *p = NULL;
576
577 srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname), -1, STR_TERMINATE);
578
579 if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0)
580 return ret;
581
582 /*
583 * Deal with pipe return.
584 */
585
586 set_message(outbuf,34,0,True);
587
588 p = outbuf + smb_vwv2;
589 p++;
590 SSVAL(p,0,pnum);
591 p += 2;
592 SIVAL(p,0,FILE_WAS_OPENED);
593 p += 4;
594 p += 32;
595 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
596 p += 20;
597 /* File type. */
598 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
599 /* Device state. */
600 SSVAL(p,2, 0x5FF); /* ? */
601
602 DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname));
603
604 return chain_reply(inbuf,outbuf,length,bufsize);
605 }
606
607 /****************************************************************************
608 Reply to an NT create and X call.
609 ****************************************************************************/
610
611 int reply_ntcreate_and_X(connection_struct *conn,
612 char *inbuf,char *outbuf,int length,int bufsize)
613 {
614 int result;
615 pstring fname;
616 uint32 flags = IVAL(inbuf,smb_ntcreate_Flags);
617 uint32 desired_access = IVAL(inbuf,smb_ntcreate_DesiredAccess);
618 uint32 file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
619 uint32 share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
620 uint32 create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
621 uint32 create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
622 uint16 root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
623 int smb_ofun;
624 int smb_open_mode;
625 int smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK);
626 /* Breakout the oplock request bits so we can set the
627 reply bits separately. */
628 int oplock_request = 0;
629 mode_t unixmode;
630 int fmode=0,rmode=0;
631 SMB_OFF_T file_len = 0;
632 SMB_STRUCT_STAT sbuf;
633 int smb_action = 0;
634 BOOL bad_path = False;
635 files_struct *fsp=NULL;
636 char *p = NULL;
637 BOOL stat_open_only = False;
638 time_t c_time;
639 START_PROFILE(SMBntcreateX);
640
641 /* If it's an IPC, use the pipe handler. */
642
643 if (IS_IPC(conn)) {
644 if (lp_nt_pipe_support()) {
645 END_PROFILE(SMBntcreateX);
646 return do_ntcreate_pipe_open(conn,inbuf,outbuf,length,bufsize);
647 } else {
648 END_PROFILE(SMBntcreateX);
649 return(ERROR(ERRDOS,ERRbadaccess));
650 }
651 }
652
653
654 /*
655 * We need to construct the open_and_X ofun value from the
656 * NT values, as that's what our code is structured to accept.
657 */
658
659 if((smb_ofun = map_create_disposition( create_disposition )) == -1) {
660 END_PROFILE(SMBntcreateX);
661 return(ERROR(ERRDOS,ERRbadaccess));
662 }
663
664 /*
665 * Get the file name.
666 */
667
668 if(root_dir_fid != 0) {
669 /*
670 * This filename is relative to a directory fid.
671 */
672 files_struct *dir_fsp = file_fsp(inbuf,smb_ntcreate_RootDirectoryFid);
673 size_t dir_name_len;
674
675 if(!dir_fsp) {
676 END_PROFILE(SMBntcreateX);
677 return(ERROR(ERRDOS,ERRbadfid));
678 }
679
680 if(!dir_fsp->is_directory) {
681 /*
682 * Check to see if this is a mac fork of some kind.
683 */
684
685 srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname), -1, STR_TERMINATE);
686
687 if( strchr_m(fname, ':')) {
688 SSVAL(outbuf, smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
689 END_PROFILE(SMBntcreateX);
690 return(ERROR(0, NT_STATUS_OBJECT_PATH_NOT_FOUND));
691 }
692 END_PROFILE(SMBntcreateX);
693 return(ERROR(ERRDOS,ERRbadfid));
694 }
695
696 /*
697 * Copy in the base directory name.
698 */
699
700 pstrcpy( fname, dir_fsp->fsp_name );
701 dir_name_len = strlen(fname);
702
703 /*
704 * Ensure it ends in a '\'.
705 */
706
707 if(fname[dir_name_len-1] != '\\' && fname[dir_name_len-1] != '/') {
708 pstrcat(fname, "\\");
709 dir_name_len++;
710 }
711
712 srvstr_pull(inbuf, &fname[dir_name_len], smb_buf(inbuf), sizeof(fname)-dir_name_len,
713 -1, STR_TERMINATE);
714 } else {
715 srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname),
716 -1, STR_TERMINATE);
717 }
718
719 /*
720 * Now contruct the smb_open_mode value from the filename,
721 * desired access and the share access.
722 */
723 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
724
725 if((smb_open_mode = map_share_mode(&stat_open_only, fname, desired_access,
726 share_access,
727 file_attributes)) == -1) {
728 END_PROFILE(SMBntcreateX);
729 return(ERROR(ERRDOS,ERRbadaccess));
730 }
731
732 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
733 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
734
735 /*
736 * Ordinary file or directory.
737 */
738
739 /*
740 * Check if POSIX semantics are wanted.
741 */
742
743 set_posix_case_semantics(file_attributes);
744
745 unix_convert(fname,conn,0,&bad_path,&sbuf);
746
747 unixmode = unix_mode(conn,smb_attr | aARCH, fname);
748
749 /*
750 * If it's a request for a directory open, deal with it separately.
751 */
752
753 if(create_options & FILE_DIRECTORY_FILE) {
754 oplock_request = 0;
755
756 fsp = open_directory(conn, fname, &sbuf, smb_ofun, unixmode, &smb_action);
757
758 restore_case_semantics(file_attributes);
759
760 if(!fsp) {
761 if((errno == ENOENT) && bad_path) {
762 unix_ERR_class = ERRDOS;
763 unix_ERR_code = ERRbadpath;
764 }
765 END_PROFILE(SMBntcreateX);
766 return(UNIXERROR(ERRDOS,ERRnoaccess));
767 }
768 } else {
769 /*
770 * Ordinary file case.
771 */
772
773 /* NB. We have a potential bug here. If we
774 * cause an oplock break to ourselves, then we
775 * could end up processing filename related
776 * SMB requests whilst we await the oplock
777 * break response. As we may have changed the
778 * filename case semantics to be POSIX-like,
779 * this could mean a filename request could
780 * fail when it should succeed. This is a rare
781 * condition, but eventually we must arrange
782 * to restore the correct case semantics
783 * before issuing an oplock break request to
784 * our client. JRA. */
785
786 fsp = open_file_shared(conn,fname,&sbuf,smb_open_mode,
787 smb_ofun,unixmode, oplock_request,&rmode,&smb_action);
788
789 if (!fsp) {
790 /* We cheat here. There are two cases we
791 * care about. One is a directory rename,
792 * where the NT client will attempt to
793 * open the source directory for
794 * DELETE access. Note that when the
795 * NT client does this it does *not*
796 * set the directory bit in the
797 * request packet. This is translated
798 * into a read/write open
799 * request. POSIX states that any open
800 * for write request on a directory
801 * will generate an EISDIR error, so
802 * we can catch this here and open a
803 * pseudo handle that is flagged as a
804 * directory. The second is an open
805 * for a permissions read only, which
806 * we handle in the open_file_stat case. JRA.
807 */
808
809 if(errno == EISDIR) {
810
811 /*
812 * Fail the open if it was explicitly a non-directory file.
813 */
814
815 if (create_options & FILE_NON_DIRECTORY_FILE) {
816 restore_case_semantics(file_attributes);
817 SSVAL(outbuf, smb_flg2,
818 SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
819 END_PROFILE(SMBntcreateX);
820 return(ERROR(0, NT_STATUS_FILE_IS_A_DIRECTORY));
821 }
822
823 oplock_request = 0;
824 fsp = open_directory(conn, fname, &sbuf, smb_ofun, unixmode, &smb_action);
825
826 if(!fsp) {
827 restore_case_semantics(file_attributes);
828 if((errno == ENOENT) && bad_path) {
829 unix_ERR_class = ERRDOS;
830 unix_ERR_code = ERRbadpath;
831 }
832 END_PROFILE(SMBntcreateX);
833 return(UNIXERROR(ERRDOS,ERRnoaccess));
834 }
835 #ifdef EROFS
836 } else if (((errno == EACCES) || (errno == EROFS)) && stat_open_only) {
837 #else /* !EROFS */
838 } else if (errno == EACCES && stat_open_only) {
839 #endif
840 /*
841 * We couldn't open normally and all we want
842 * are the permissions. Try and do a stat open.
843 */
844
845 oplock_request = 0;
846
847 fsp = open_file_stat(conn,fname,&sbuf,smb_open_mode,&smb_action);
848
849 if(!fsp) {
850 restore_case_semantics(file_attributes);
851 END_PROFILE(SMBntcreateX);
852 return(UNIXERROR(ERRDOS,ERRnoaccess));
853 }
854
855 } else {
856
857 if((errno == ENOENT) && bad_path) {
858 unix_ERR_class = ERRDOS;
859 unix_ERR_code = ERRbadpath;
860 }
861
862 restore_case_semantics(file_attributes);
863
864 END_PROFILE(SMBntcreateX);
865 return(UNIXERROR(ERRDOS,ERRnoaccess));
866 }
867 }
868 }
869
870 restore_case_semantics(file_attributes);
871
872 file_len = sbuf.st_size;
873 fmode = dos_mode(conn,fname,&sbuf);
874 if(fmode == 0)
875 fmode = FILE_ATTRIBUTE_NORMAL;
876 if (!fsp->is_directory && (fmode & aDIR)) {
877 close_file(fsp,False);
878 END_PROFILE(SMBntcreateX);
879 return(ERROR(ERRDOS,ERRnoaccess));
880 }
881
882 /*
883 * If the caller set the extended oplock request bit
884 * and we granted one (by whatever means) - set the
885 * correct bit for extended oplock reply.
886 */
887
888 if (oplock_request && lp_fake_oplocks(SNUM(conn)))
889 smb_action |= EXTENDED_OPLOCK_GRANTED;
890
891 if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
892 smb_action |= EXTENDED_OPLOCK_GRANTED;
893
894 set_message(outbuf,34,0,True);
895
896 p = outbuf + smb_vwv2;
897
898 /*
899 * Currently as we don't support level II oplocks we just report
900 * exclusive & batch here.
901 */
902
903 if (smb_action & EXTENDED_OPLOCK_GRANTED)
904 SCVAL(p,0, BATCH_OPLOCK_RETURN);
905 else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type))
906 SCVAL(p,0, LEVEL_II_OPLOCK_RETURN);
907 else
908 SCVAL(p,0,NO_OPLOCK_RETURN);
909
910 p++;
911 SSVAL(p,0,fsp->fnum);
912 p += 2;
913 SIVAL(p,0,smb_action);
914 p += 4;
915
916 /* Create time. */
917 c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
918
919 if (lp_dos_filetime_resolution(SNUM(conn))) {
920 c_time &= ~1;
921 sbuf.st_atime &= ~1;
922 sbuf.st_mtime &= ~1;
923 sbuf.st_mtime &= ~1;
924 }
925
926 put_long_date(p,c_time);
927 p += 8;
928 put_long_date(p,sbuf.st_atime); /* access time */
929 p += 8;
930 put_long_date(p,sbuf.st_mtime); /* write time */
931 p += 8;
932 put_long_date(p,sbuf.st_mtime); /* change time */
933 p += 8;
934 SIVAL(p,0,fmode); /* File Attributes. */
935 p += 4;
936 SOFF_T(p, 0, file_len);
937 p += 8;
938 SOFF_T(p,0,file_len);
939 p += 12;
940 SCVAL(p,0,fsp->is_directory ? 1 : 0);
941
942 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp->fnum, fsp->fsp_name));
943
944 result = chain_reply(inbuf,outbuf,length,bufsize);
945 END_PROFILE(SMBntcreateX);
946 return result;
947 }
948
949 /****************************************************************************
950 Reply to a NT_TRANSACT_CREATE call to open a pipe.
951 ****************************************************************************/
952
953 static int do_nt_transact_create_pipe( connection_struct *conn,
954 char *inbuf, char *outbuf, int length,
955 int bufsize, char **ppsetup, char **ppparams,
956 char **ppdata)
957 {
958 pstring fname;
959 int total_parameter_count = (int)IVAL(inbuf, smb_nt_TotalParameterCount);
960 char *params = *ppparams;
961 int ret;
962 int pnum = -1;
963 char *p = NULL;
964
965 /*
966 * Ensure minimum number of parameters sent.
967 */
968
969 if(total_parameter_count < 54) {
970 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)total_parameter_count));
971 return(ERROR(ERRDOS,ERRbadaccess));
972 }
973
974 srvstr_pull(inbuf, fname, params+53, sizeof(fname), -1, STR_TERMINATE);
975
976 if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0)
977 return ret;
978
979 /* Realloc the size of parameters and data we will return */
980 params = Realloc(*ppparams, 69);
981 if(params == NULL)
982 return(ERROR(ERRDOS,ERRnomem));
983
984 *ppparams = params;
985
986 memset((char *)params,'\0',69);
987
988 p = params;
989 SCVAL(p,0,NO_OPLOCK_RETURN);
990
991 p += 2;
992 SSVAL(p,0,pnum);
993 p += 2;
994 SIVAL(p,0,FILE_WAS_OPENED);
995 p += 8;
996
997 p += 32;
998 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
999 p += 20;
1000 /* File type. */
1001 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
1002 /* Device state. */
1003 SSVAL(p,2, 0x5FF); /* ? */
1004
1005 DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname));
1006
1007 /* Send the required number of replies */
1008 send_nt_replies(inbuf, outbuf, bufsize, 0, params, 69, *ppdata, 0);
1009
1010 return -1;
1011 }
1012
1013 /****************************************************************************
1014 Internal fn to set security descriptors.
1015 ****************************************************************************/
1016
1017 static BOOL set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 security_info_sent, int *pdef_class,uint32 *pdef_code)
1018 {
1019 prs_struct pd;
1020 SEC_DESC *psd = NULL;
1021 TALLOC_CTX *mem_ctx;
1022 BOOL ret;
1023
1024 if (sd_len == 0) {
1025 *pdef_class = ERRDOS;
1026 *pdef_code = ERRbadaccess;
1027 return False;
1028 }
1029
1030 /*
1031 * Init the parse struct we will unmarshall from.
1032 */
1033
1034 if ((mem_ctx = talloc_init()) == NULL) {
1035 DEBUG(0,("set_sd: talloc_init failed.\n"));
1036 *pdef_class = ERRDOS;
1037 *pdef_code = ERRnomem;
1038 return False;
1039 }
1040
1041 prs_init(&pd, 0, mem_ctx, UNMARSHALL);
1042
1043 /*
1044 * Setup the prs_struct to point at the memory we just
1045 * allocated.
1046 */
1047
1048 prs_give_memory( &pd, data, sd_len, False);
1049
1050 /*
1051 * Finally, unmarshall from the data buffer.
1052 */
1053
1054 if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
1055 DEBUG(0,("set_sd: Error in unmarshalling security descriptor.\n"));
1056 /*
1057 * Return access denied for want of a better error message..
1058 */
1059 talloc_destroy(mem_ctx);
1060 *pdef_class = ERRDOS;
1061 *pdef_code = ERRnomem;
1062 return False;
1063 }
1064
1065 if (psd->off_owner_sid==0)
1066 security_info_sent &= ~OWNER_SECURITY_INFORMATION;
1067 if (psd->off_grp_sid==0)
1068 security_info_sent &= ~GROUP_SECURITY_INFORMATION;
1069 if (psd->off_sacl==0)
1070 security_info_sent &= ~SACL_SECURITY_INFORMATION;
1071 if (psd->off_dacl==0)
1072 security_info_sent &= ~DACL_SECURITY_INFORMATION;
1073
1074 ret = fsp->conn->vfs_ops.fset_nt_acl( fsp, fsp->fd, security_info_sent, psd);
1075
1076 if (!ret) {
1077 talloc_destroy(mem_ctx);
1078 *pdef_class = ERRDOS;
1079 *pdef_code = ERRnoaccess;
1080 return False;
1081 }
1082
1083 talloc_destroy(mem_ctx);
1084
1085 *pdef_class = 0;
1086 *pdef_code = 0;
1087 return True;
1088 }
1089
1090 /****************************************************************************
1091 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
1092 ****************************************************************************/
1093
1094 static int call_nt_transact_create(connection_struct *conn,
1095 char *inbuf, char *outbuf, int length,
1096 int bufsize, char **ppsetup, char **ppparams,
1097 char **ppdata)
1098 {
1099 pstring fname;
1100 char *params = *ppparams;
1101 char *data = *ppdata;
1102 int total_parameter_count = (int)IVAL(inbuf, smb_nt_TotalParameterCount);
1103 /* Breakout the oplock request bits so we can set the
1104 reply bits separately. */
1105 int oplock_request = 0;
1106 mode_t unixmode;
1107 int fmode=0,rmode=0;
1108 SMB_OFF_T file_len = 0;
1109 SMB_STRUCT_STAT sbuf;
1110 int smb_action = 0;
1111 BOOL bad_path = False;
1112 files_struct *fsp = NULL;
1113 char *p = NULL;
1114 BOOL stat_open_only = False;
1115 uint32 flags;
1116 uint32 desired_access;
1117 uint32 file_attributes;
1118 uint32 share_access;
1119 uint32 create_disposition;
1120 uint32 create_options;
1121 uint32 sd_len;
1122 uint16 root_dir_fid;
1123 int smb_ofun;
1124 int smb_open_mode;
1125 int smb_attr;
1126 int error_class;
1127 uint32 error_code;
1128 time_t c_time;
1129
1130 DEBUG(5,("call_nt_transact_create\n"));
1131
1132 /*
1133 * If it's an IPC, use the pipe handler.
1134 */
1135
1136 if (IS_IPC(conn)) {
1137 if (lp_nt_pipe_support())
1138 return do_nt_transact_create_pipe(conn, inbuf, outbuf, length,
1139 bufsize, ppsetup, ppparams, ppdata);
1140 else
1141 return(ERROR(ERRDOS,ERRbadaccess));
1142 }
1143
1144 /*
1145 * Ensure minimum number of parameters sent.
1146 */
1147
1148 if(total_parameter_count < 54) {
1149 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)total_parameter_count));
1150 return(ERROR(ERRDOS,ERRbadaccess));
1151 }
1152
1153 flags = IVAL(params,0);
1154 desired_access = IVAL(params,8);
1155 file_attributes = IVAL(params,20);
1156 share_access = IVAL(params,24);
1157 create_disposition = IVAL(params,28);
1158 create_options = IVAL(params,32);
1159 sd_len = IVAL(params,36);
1160 root_dir_fid = (uint16)IVAL(params,4);
1161 smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK);
1162
1163 /*
1164 * We need to construct the open_and_X ofun value from the
1165 * NT values, as that's what our code is structured to accept.
1166 */
1167
1168 if((smb_ofun = map_create_disposition( create_disposition )) == -1)
1169 return(ERROR(ERRDOS,ERRbadmem));
1170
1171 /*
1172 * Get the file name.
1173 */
1174
1175 if(root_dir_fid != 0) {
1176 /*
1177 * This filename is relative to a directory fid.
1178 */
1179
1180 files_struct *dir_fsp = file_fsp(params,4);
1181 size_t dir_name_len;
1182
1183 if(!dir_fsp)
1184 return(ERROR(ERRDOS,ERRbadfid));
1185
1186 if(!dir_fsp->is_directory) {
1187 /*
1188 * Check to see if this is a mac fork of some kind.
1189 */
1190
1191 srvstr_pull(inbuf, fname, params+53, sizeof(fname), -1, STR_TERMINATE);
1192
1193 if( strchr_m(fname, ':')) {
1194 SSVAL(outbuf, smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
1195 return(ERROR(0, NT_STATUS_OBJECT_PATH_NOT_FOUND));
1196 }
1197
1198 return(ERROR(ERRDOS,ERRbadfid));
1199 }
1200
1201 /*
1202 * Copy in the base directory name.
1203 */
1204
1205 pstrcpy( fname, dir_fsp->fsp_name );
1206 dir_name_len = strlen(fname);
1207
1208 /*
1209 * Ensure it ends in a '\'.
1210 */
1211
1212 if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) {
1213 pstrcat(fname, "\\");
1214 dir_name_len++;
1215 }
1216
1217 srvstr_pull(inbuf, &fname[dir_name_len], params+53, sizeof(fname)-dir_name_len,
1218 -1, STR_TERMINATE);
1219 } else {
1220 srvstr_pull(inbuf, fname, params+53, sizeof(fname), -1, STR_TERMINATE);
1221 }
1222
1223 /*
1224 * Now contruct the smb_open_mode value from the desired access
1225 * and the share access.
1226 */
1227
1228 if((smb_open_mode = map_share_mode( &stat_open_only, fname, desired_access,
1229 share_access, file_attributes)) == -1)
1230 return(ERROR(ERRDOS,ERRbadaccess));
1231
1232 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
1233 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
1234
1235 /*
1236 * Check if POSIX semantics are wanted.
1237 */
1238
1239 set_posix_case_semantics(file_attributes);
1240
1241 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
1242
1243 unix_convert(fname,conn,0,&bad_path,&sbuf);
1244
1245 unixmode = unix_mode(conn,smb_attr | aARCH, fname);
1246
1247 /*
1248 * If it's a request for a directory open, deal with it separately.
1249 */
1250
1251 if(create_options & FILE_DIRECTORY_FILE) {
1252
1253 oplock_request = 0;
1254
1255 /*
1256 * We will get a create directory here if the Win32
1257 * app specified a security descriptor in the
1258 * CreateDirectory() call.
1259 */
1260
1261 fsp = open_directory(conn, fname, &sbuf, smb_ofun, unixmode, &smb_action);
1262
1263 if(!fsp) {
1264 restore_case_semantics(file_attributes);
1265 if((errno == ENOENT) && bad_path) {
1266 unix_ERR_class = ERRDOS;
1267 unix_ERR_code = ERRbadpath;
1268 }
1269 return(UNIXERROR(ERRDOS,ERRnoaccess));
1270 }
1271
1272 } else {
1273
1274 /*
1275 * Ordinary file case.
1276 */
1277
1278 fsp = open_file_shared(conn,fname,&sbuf,smb_open_mode,smb_ofun,unixmode,
1279 oplock_request,&rmode,&smb_action);
1280
1281 if (!fsp) {
1282
1283 if(errno == EISDIR) {
1284
1285 /*
1286 * Fail the open if it was explicitly a non-directory file.
1287 */
1288
1289 if (create_options & FILE_NON_DIRECTORY_FILE) {
1290 restore_case_semantics(file_attributes);
1291 SSVAL(outbuf, smb_flg2,
1292 SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
1293 return(ERROR(0, NT_STATUS_FILE_IS_A_DIRECTORY));
1294 }
1295
1296 oplock_request = 0;
1297 fsp = open_directory(conn, fname, &sbuf, smb_ofun, unixmode, &smb_action);
1298
1299 if(!fsp) {
1300 restore_case_semantics(file_attributes);
1301 if((errno == ENOENT) && bad_path) {
1302 unix_ERR_class = ERRDOS;
1303 unix_ERR_code = ERRbadpath;
1304 }
1305 return(UNIXERROR(ERRDOS,ERRnoaccess));
1306 }
1307 #ifdef EROFS
1308 } else if (((errno == EACCES) || (errno == EROFS)) && stat_open_only) {
1309 #else /* !EROFS */
1310 } else if (errno == EACCES && stat_open_only) {
1311 #endif
1312
1313 /*
1314 * We couldn't open normally and all we want
1315 * are the permissions. Try and do a stat open.
1316 */
1317
1318 oplock_request = 0;
1319
1320 fsp = open_file_stat(conn,fname,&sbuf,smb_open_mode,&smb_action);
1321
1322 if(!fsp) {
1323 restore_case_semantics(file_attributes);
1324 return(UNIXERROR(ERRDOS,ERRnoaccess));
1325 }
1326 } else {
1327
1328 if((errno == ENOENT) && bad_path) {
1329 unix_ERR_class = ERRDOS;
1330 unix_ERR_code = ERRbadpath;
1331 }
1332
1333 restore_case_semantics(file_attributes);
1334
1335 return(UNIXERROR(ERRDOS,ERRnoaccess));
1336 }
1337 }
1338
1339 file_len = sbuf.st_size;
1340 fmode = dos_mode(conn,fname,&sbuf);
1341 if(fmode == 0)
1342 fmode = FILE_ATTRIBUTE_NORMAL;
1343
1344 if (fmode & aDIR) {
1345 close_file(fsp,False);
1346 restore_case_semantics(file_attributes);
1347 return(ERROR(ERRDOS,ERRnoaccess));
1348 }
1349
1350 /*
1351 * If the caller set the extended oplock request bit
1352 * and we granted one (by whatever means) - set the
1353 * correct bit for extended oplock reply.
1354 */
1355
1356 if (oplock_request && lp_fake_oplocks(SNUM(conn)))
1357 smb_action |= EXTENDED_OPLOCK_GRANTED;
1358
1359 if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
1360 smb_action |= EXTENDED_OPLOCK_GRANTED;
1361 }
1362
1363 /*
1364 * Now try and apply the desired SD.
1365 */
1366
1367 if (!set_sd( fsp, data, sd_len, ALL_SECURITY_INFORMATION, &error_class, &error_code)) {
1368 close_file(fsp,False);
1369 restore_case_semantics(file_attributes);
1370 return(ERROR(error_class, error_code));
1371 }
1372
1373 restore_case_semantics(file_attributes);
1374
1375 /* Realloc the size of parameters and data we will return */
1376 params = Realloc(*ppparams, 69);
1377 if(params == NULL)
1378 return(ERROR(ERRDOS,ERRnomem));
1379
1380 *ppparams = params;
1381
1382 memset((char *)params,'\0',69);
1383
1384 p = params;
1385 if (smb_action & EXTENDED_OPLOCK_GRANTED)
1386 SCVAL(p,0, BATCH_OPLOCK_RETURN);
1387 else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type))
1388 SCVAL(p,0, LEVEL_II_OPLOCK_RETURN);
1389 else
1390 SCVAL(p,0,NO_OPLOCK_RETURN);
1391
1392 p += 2;
1393 SSVAL(p,0,fsp->fnum);
1394 p += 2;
1395 SIVAL(p,0,smb_action);
1396 p += 8;
1397
1398 /* Create time. */
1399 c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
1400
1401 if (lp_dos_filetime_resolution(SNUM(conn))) {
1402 c_time &= ~1;
1403 sbuf.st_atime &= ~1;
1404 sbuf.st_mtime &= ~1;
1405 sbuf.st_mtime &= ~1;
1406 }
1407
1408 put_long_date(p,c_time);
1409 p += 8;
1410 put_long_date(p,sbuf.st_atime); /* access time */
1411 p += 8;
1412 put_long_date(p,sbuf.st_mtime); /* write time */
1413 p += 8;
1414 put_long_date(p,sbuf.st_mtime); /* change time */
1415 p += 8;
1416 SIVAL(p,0,fmode); /* File Attributes. */
1417 p += 4;
1418 SOFF_T(p,0,file_len);
1419 p += 8;
1420 SOFF_T(p,0,file_len);
1421
1422 DEBUG(5,("call_nt_transact_create: open name = %s\n", fname));
1423
1424 /* Send the required number of replies */
1425 send_nt_replies(inbuf, outbuf, bufsize, 0, params, 69, *ppdata, 0);
1426
1427 return -1;
1428 }
1429
1430 /****************************************************************************
1431 Reply to a NT CANCEL request.
1432 ****************************************************************************/
1433 int reply_ntcancel(connection_struct *conn,
1434 char *inbuf,char *outbuf,int length,int bufsize)
1435 {
1436 /*
1437 * Go through and cancel any pending change notifies.
1438 */
1439
1440 int mid = SVAL(inbuf,smb_mid);
1441 START_PROFILE(SMBntcancel);
1442 remove_pending_change_notify_requests_by_mid(mid);
1443 remove_pending_lock_requests_by_mid(mid);
1444
1445 DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", mid));
1446
1447 END_PROFILE(SMBntcancel);
1448 return(-1);
1449 }
1450
1451 /****************************************************************************
1452 Reply to an unsolicited SMBNTtranss - just ignore it!
1453 ****************************************************************************/
1454 int reply_nttranss(connection_struct *conn,
1455 char *inbuf,char *outbuf,int length,int bufsize)
1456 {
1457 START_PROFILE(SMBnttranss);
1458 DEBUG(4,("Ignoring nttranss of length %d\n",length));
1459 END_PROFILE(SMBnttranss);
1460 return(-1);
1461 }
1462
1463 /****************************************************************************
1464 Reply to a notify change - queue the request and
1465 don't allow a directory to be opened.
1466 ****************************************************************************/
1467 static int call_nt_transact_notify_change(connection_struct *conn,
1468 char *inbuf, char *outbuf, int length,
1469 int bufsize,
1470 char **ppsetup,
1471 char **ppparams, char **ppdata)
1472 {
1473 char *setup = *ppsetup;
1474 files_struct *fsp;
1475 uint32 flags;
1476
1477 fsp = file_fsp(setup,4);
1478 flags = IVAL(setup, 0);
1479
1480 DEBUG(3,("call_nt_transact_notify_change\n"));
1481
1482 if(!fsp)
1483 return(ERROR(ERRDOS,ERRbadfid));
1484
1485 if((!fsp->is_directory) || (conn != fsp->conn))
1486 return(ERROR(ERRDOS,ERRbadfid));
1487
1488 if (!change_notify_set(inbuf, fsp, conn, flags)) {
1489 return(UNIXERROR(ERRDOS,ERRbadfid));
1490 }
1491
1492 DEBUG(3,("call_nt_transact_notify_change: notify change called on directory \
1493 name = %s\n", fsp->fsp_name ));
1494
1495 return -1;
1496 }
1497
1498 /****************************************************************************
1499 Reply to an NT transact rename command.
1500 ****************************************************************************/
1501
1502 static int call_nt_transact_rename(connection_struct *conn,
1503 char *inbuf, char *outbuf, int length,
1504 int bufsize,
1505 char **ppsetup, char **ppparams, char **ppdata)
1506 {
1507 char *params = *ppparams;
1508 pstring new_name;
1509 files_struct *fsp = file_fsp(params, 0);
1510 BOOL replace_if_exists = (SVAL(params,2) & RENAME_REPLACE_IF_EXISTS) ? True : False;
1511 int outsize = 0;
1512
1513 CHECK_FSP(fsp, conn);
1514 srvstr_pull(inbuf, new_name, params+4, sizeof(new_name), -1, STR_TERMINATE);
1515
1516 outsize = rename_internals(conn, inbuf, outbuf, fsp->fsp_name,
1517 new_name, replace_if_exists);
1518 if(outsize == 0) {
1519 /*
1520 * Rename was successful.
1521 */
1522 send_nt_replies(inbuf, outbuf, bufsize, 0, NULL, 0, NULL, 0);
1523
1524 DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
1525 fsp->fsp_name, new_name));
1526
1527 outsize = -1;
1528
1529 /*
1530 * Win2k needs a changenotify request response before it will
1531 * update after a rename..
1532 */
1533
1534 process_pending_change_notify_queue((time_t)0);
1535 }
1536
1537 return(outsize);
1538 }
1539
1540
1541 /****************************************************************************
1542 Reply to query a security descriptor - currently this is not implemented (it
1543 is planned to be though). Right now it just returns the same thing NT would
1544 when queried on a FAT filesystem. JRA.
1545 ****************************************************************************/
1546
1547 static int call_nt_transact_query_security_desc(connection_struct *conn,
1548 char *inbuf, char *outbuf,
1549 int length, int bufsize,
1550 char **ppsetup, char **ppparams, char **ppdata)
1551 {
1552 uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount);
1553 char *params = *ppparams;
1554 char *data = *ppdata;
1555 prs_struct pd;
1556 SEC_DESC *psd = NULL;
1557 size_t sd_size;
1558 TALLOC_CTX *mem_ctx;
1559
1560 files_struct *fsp = file_fsp(params,0);
1561
1562 if(!fsp)
1563 return(ERROR(ERRDOS,ERRbadfid));
1564
1565 DEBUG(3,("call_nt_transact_query_security_desc: file = %s\n", fsp->fsp_name ));
1566
1567 params = Realloc(*ppparams, 4);
1568 if(params == NULL)
1569 return(ERROR(ERRDOS,ERRnomem));
1570
1571 *ppparams = params;
1572
1573 /*
1574 * Get the permissions to return.
1575 */
1576
1577 if((sd_size = conn->vfs_ops.fget_nt_acl(fsp, fsp->fd, &psd)) == 0)
1578 return(UNIXERROR(ERRDOS,ERRnoaccess));
1579
1580 DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %d.\n",(int)sd_size));
1581
1582 SIVAL(params,0,(uint32)sd_size);
1583
1584 if(max_data_count < sd_size) {
1585
1586 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_BUFFER_TOO_SMALL,
1587 params, 4, *ppdata, 0);
1588 return -1;
1589 }
1590
1591 /*
1592 * Allocate the data we will point this at.
1593 */
1594
1595 data = Realloc(*ppdata, sd_size);
1596 if(data == NULL) {
1597 return(ERROR(ERRDOS,ERRnomem));
1598 }
1599
1600 *ppdata = data;
1601
1602 memset(data, '\0', sd_size);
1603
1604 /*
1605 * Init the parse struct we will marshall into.
1606 */
1607
1608 if ((mem_ctx = talloc_init()) == NULL) {
1609 DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
1610 return(ERROR(ERRDOS,ERRnomem));
1611 }
1612
1613 prs_init(&pd, 0, mem_ctx, MARSHALL);
1614
1615 /*
1616 * Setup the prs_struct to point at the memory we just
1617 * allocated.
1618 */
1619
1620 prs_give_memory( &pd, data, (uint32)sd_size, False);
1621
1622 /*
1623 * Finally, linearize into the outgoing buffer.
1624 */
1625
1626 if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
1627 DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \
1628 security descriptor.\n"));
1629 /*
1630 * Return access denied for want of a better error message..
1631 */
1632 talloc_destroy(mem_ctx);
1633 return(UNIXERROR(ERRDOS,ERRnoaccess));
1634 }
1635
1636 /*
1637 * Now we can delete the security descriptor.
1638 */
1639
1640 talloc_destroy(mem_ctx);
1641
1642 send_nt_replies(inbuf, outbuf, bufsize, 0, params, 4, data, (int)sd_size);
1643 return -1;
1644 }
1645
1646 /****************************************************************************
1647 Reply to set a security descriptor. Map to UNIX perms.
1648 ****************************************************************************/
1649
1650 static int call_nt_transact_set_security_desc(connection_struct *conn,
1651 char *inbuf, char *outbuf, int length,
1652 int bufsize, char **ppsetup,
1653 char **ppparams, char **ppdata)
1654 {
1655 uint32 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
1656 char *params= *ppparams;
1657 char *data = *ppdata;
1658 uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount);
1659 files_struct *fsp = NULL;
1660 uint32 security_info_sent = 0;
1661 int error_class;
1662 uint32 error_code;
1663
1664 if(!lp_nt_acl_support())
1665 return(UNIXERROR(ERRDOS,ERRnoaccess));
1666
1667 if(total_parameter_count < 8)
1668 return(ERROR(ERRDOS,ERRbadfunc));
1669
1670 if((fsp = file_fsp(params,0)) == NULL)
1671 return(ERROR(ERRDOS,ERRbadfid));
1672
1673 security_info_sent = IVAL(params,4);
1674
1675 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
1676 (unsigned int)security_info_sent ));
1677
1678 if (!set_sd( fsp, data, total_data_count, security_info_sent, &error_class, &error_code))
1679 return (ERROR(error_class, error_code));
1680
1681 send_nt_replies(inbuf, outbuf, bufsize, 0, NULL, 0, NULL, 0);
1682 return -1;
1683 }
1684
1685 /****************************************************************************
1686 Reply to IOCTL - not implemented - no plans.
1687 ****************************************************************************/
1688 static int call_nt_transact_ioctl(connection_struct *conn,
1689 char *inbuf, char *outbuf, int length,
1690 int bufsize,
1691 char **ppsetup, char **ppparams, char **ppdata)
1692 {
1693 static BOOL logged_message = False;
1694
1695 if(!logged_message) {
1696 DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
1697 logged_message = True; /* Only print this once... */
1698 }
1699 return(ERROR(ERRSRV,ERRnosupport));
1700 }
1701
1702 /****************************************************************************
1703 Reply to a SMBNTtrans.
1704 ****************************************************************************/
1705 int reply_nttrans(connection_struct *conn,
1706 char *inbuf,char *outbuf,int length,int bufsize)
1707 {
1708 int outsize = 0;
1709 #if 0 /* Not used. */
1710 uint16 max_setup_count = CVAL(inbuf, smb_nt_MaxSetupCount);
1711 uint32 max_parameter_count = IVAL(inbuf, smb_nt_MaxParameterCount);
1712 uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount);
1713 #endif /* Not used. */
1714 uint32 total_parameter_count = IVAL(inbuf, smb_nt_TotalParameterCount);
1715 uint32 total_data_count = IVAL(inbuf, smb_nt_TotalDataCount);
1716 uint32 parameter_count = IVAL(inbuf,smb_nt_ParameterCount);
1717 uint32 parameter_offset = IVAL(inbuf,smb_nt_ParameterOffset);
1718 uint32 data_count = IVAL(inbuf,smb_nt_DataCount);
1719 uint32 data_offset = IVAL(inbuf,smb_nt_DataOffset);
1720 uint16 setup_count = 2*CVAL(inbuf,smb_nt_SetupCount); /* setup count is in *words* */
1721 uint16 function_code = SVAL( inbuf, smb_nt_Function);
1722 char *params = NULL, *data = NULL, *setup = NULL;
1723 uint32 num_params_sofar, num_data_sofar;
1724 START_PROFILE(SMBnttrans);
1725
1726 if(global_oplock_break && (function_code == NT_TRANSACT_CREATE)) {
1727 /*
1728 * Queue this open message as we are the process of an oplock break.
1729 */
1730
1731 DEBUG(2,("reply_nttrans: queueing message NT_TRANSACT_CREATE \
1732 due to being in oplock break state.\n" ));
1733
1734 push_oplock_pending_smb_message( inbuf, length);
1735 END_PROFILE(SMBnttrans);
1736 return -1;
1737 }
1738
1739 if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
1740 END_PROFILE(SMBnttrans);
1741 return (ERROR(ERRSRV,ERRaccess));
1742 }
1743
1744 outsize = set_message(outbuf,0,0,True);
1745
1746 /*
1747 * All nttrans messages we handle have smb_wct == 19 + setup_count.
1748 * Ensure this is so as a sanity check.
1749 */
1750
1751 if(CVAL(inbuf, smb_wct) != 19 + (setup_count/2)) {
1752 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
1753 CVAL(inbuf, smb_wct), 19 + (setup_count/2)));
1754 END_PROFILE(SMBnttrans);
1755 return(ERROR(ERRSRV,ERRerror));
1756 }
1757
1758 /* Allocate the space for the setup, the maximum needed parameters and data */
1759
1760 if(setup_count > 0)
1761 setup = (char *)malloc(setup_count);
1762 if (total_parameter_count > 0)
1763 params = (char *)malloc(total_parameter_count);
1764 if (total_data_count > 0)
1765 data = (char *)malloc(total_data_count);
1766
1767 if ((total_parameter_count && !params) || (total_data_count && !data) ||
1768 (setup_count && !setup)) {
1769 safe_free(setup);
1770 safe_free(params);
1771 safe_free(data);
1772 DEBUG(0,("reply_nttrans : Out of memory\n"));
1773 END_PROFILE(SMBnttrans);
1774 return(ERROR(ERRDOS,ERRnomem));
1775 }
1776
1777 /* Copy the param and data bytes sent with this request into
1778 the params buffer */
1779 num_params_sofar = parameter_count;
1780 num_data_sofar = data_count;
1781
1782 if (parameter_count > total_parameter_count || data_count > total_data_count)
1783 exit_server("reply_nttrans: invalid sizes in packet.\n");
1784
1785 if(setup) {
1786 memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count);
1787 DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count));
1788 dump_data(10, setup, setup_count);
1789 }
1790 if(params) {
1791 memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count);
1792 DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count));
1793 dump_data(10, params, parameter_count);
1794 }
1795 if(data) {
1796 memcpy( data, smb_base(inbuf) + data_offset, data_count);
1797 DEBUG(10,("reply_nttrans: data_count = %d\n",data_count));
1798 dump_data(10, data, data_count);
1799 }
1800
1801 if(num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
1802 /* We need to send an interim response then receive the rest
1803 of the parameter/data bytes */
1804 outsize = set_message(outbuf,0,0,True);
1805 if (!send_smb(smbd_server_fd(),outbuf))
1806 exit_server("reply_nttrans: send_smb failed.\n");
1807
1808 while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
1809 BOOL ret;
1810
1811 ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
1812
1813 if((ret && (CVAL(inbuf, smb_com) != SMBnttranss)) || !ret) {
1814 outsize = set_message(outbuf,0,0,True);
1815 if(ret) {
1816 DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n"));
1817 } else {
1818 DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
1819 (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
1820 }
1821 if(params)
1822 free(params);
1823 if(data)
1824 free(data);
1825 if(setup)
1826 free(setup);
1827 END_PROFILE(SMBnttrans);
1828 return(ERROR(ERRSRV,ERRerror));
1829 }
1830
1831 /* Revise total_params and total_data in case they have changed downwards */
1832 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
1833 total_data_count = IVAL(inbuf, smb_nts_TotalDataCount);
1834 num_params_sofar += (parameter_count = IVAL(inbuf,smb_nts_ParameterCount));
1835 num_data_sofar += ( data_count = IVAL(inbuf, smb_nts_DataCount));
1836 if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count)
1837 exit_server("reply_nttrans2: data overflow in secondary nttrans packet\n");
1838
1839 memcpy( &params[ IVAL(inbuf, smb_nts_ParameterDisplacement)],
1840 smb_base(inbuf) + IVAL(inbuf, smb_nts_ParameterOffset), parameter_count);
1841 memcpy( &data[IVAL(inbuf, smb_nts_DataDisplacement)],
1842 smb_base(inbuf)+ IVAL(inbuf, smb_nts_DataOffset), data_count);
1843 }
1844 }
1845
1846 if (Protocol >= PROTOCOL_NT1) {
1847 SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | 0x40); /* IS_LONG_NAME */
1848 }
1849
1850 /* Now we must call the relevant NT_TRANS function */
1851 switch(function_code) {
1852 case NT_TRANSACT_CREATE:
1853 START_PROFILE_NESTED(NT_transact_create);
1854 outsize = call_nt_transact_create(conn, inbuf, outbuf, length, bufsize,
1855 &setup, &params, &data);
1856 END_PROFILE_NESTED(NT_transact_create);
1857 break;
1858 case NT_TRANSACT_IOCTL:
1859 START_PROFILE_NESTED(NT_transact_ioctl);
1860 outsize = call_nt_transact_ioctl(conn,
1861 inbuf, outbuf, length, bufsize,
1862 &setup, &params, &data);
1863 END_PROFILE_NESTED(NT_transact_ioctl);
1864 break;
1865 case NT_TRANSACT_SET_SECURITY_DESC:
1866 START_PROFILE_NESTED(NT_transact_set_security_desc);
1867 outsize = call_nt_transact_set_security_desc(conn, inbuf, outbuf,
1868 length, bufsize,
1869 &setup, &params, &data);
1870 END_PROFILE_NESTED(NT_transact_set_security_desc);
1871 break;
1872 case NT_TRANSACT_NOTIFY_CHANGE:
1873 START_PROFILE_NESTED(NT_transact_notify_change);
1874 outsize = call_nt_transact_notify_change(conn, inbuf, outbuf,
1875 length, bufsize,
1876 &setup, &params, &data);
1877 END_PROFILE_NESTED(NT_transact_notify_change);
1878 break;
1879 case NT_TRANSACT_RENAME:
1880 START_PROFILE_NESTED(NT_transact_rename);
1881 outsize = call_nt_transact_rename(conn, inbuf, outbuf, length,
1882 bufsize,
1883 &setup, &params, &data);
1884 END_PROFILE_NESTED(NT_transact_rename);
1885 break;
1886
1887 case NT_TRANSACT_QUERY_SECURITY_DESC:
1888 START_PROFILE_NESTED(NT_transact_query_security_desc);
1889 outsize = call_nt_transact_query_security_desc(conn, inbuf, outbuf,
1890 length, bufsize,
1891 &setup, &params, &data);
1892 END_PROFILE_NESTED(NT_transact_query_security_desc);
1893 break;
1894 default:
1895 /* Error in request */
1896 DEBUG(0,("reply_nttrans: Unknown request %d in nttrans call\n", function_code));
1897 if(setup)
1898 free(setup);
1899 if(params)
1900 free(params);
1901 if(data)
1902 free(data);
1903 END_PROFILE(SMBnttrans);
1904 return (ERROR(ERRSRV,ERRerror));
1905 }
1906
1907 /* As we do not know how many data packets will need to be
1908 returned here the various call_nt_transact_xxxx calls
1909 must send their own. Thus a call_nt_transact_xxxx routine only
1910 returns a value other than -1 when it wants to send
1911 an error packet.
1912 */
1913
1914 if(setup)
1915 free(setup);
1916 if(params)
1917 free(params);
1918 if(data)
1919 free(data);
1920 END_PROFILE(SMBnttrans);
1921 return outsize; /* If a correct response was needed the call_nt_transact_xxxx
1922 calls have already sent it. If outsize != -1 then it is
1923 returning an error packet. */
1924 }