search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix warning about unused label with no sendfile.
[Samba/gbeck.git] / source3 / smbd / reply.c
blobf35900bfc548a77d98afe554d1545d7ff4b73189
1 /*
2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22 /*
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
25 */
26
27 #include "includes.h"
28 #include "smbd/globals.h"
29
30 extern enum protocol_types Protocol;
31
32 /****************************************************************************
33 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
34 path or anything including wildcards.
35 We're assuming here that '/' is not the second byte in any multibyte char
36 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
37 set.
38 ****************************************************************************/
39
40 /* Custom version for processing POSIX paths. */
41 #define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
42
43 static NTSTATUS check_path_syntax_internal(char *path,
44 bool posix_path,
45 bool *p_last_component_contains_wcard)
46 {
47 char *d = path;
48 const char *s = path;
49 NTSTATUS ret = NT_STATUS_OK;
50 bool start_of_name_component = True;
51 bool stream_started = false;
52
53 *p_last_component_contains_wcard = False;
54
55 while (*s) {
56 if (stream_started) {
57 switch (*s) {
58 case '/':
59 case '\\':
60 return NT_STATUS_OBJECT_NAME_INVALID;
61 case ':':
62 if (s[1] == '\0') {
63 return NT_STATUS_OBJECT_NAME_INVALID;
64 }
65 if (strchr_m(&s[1], ':')) {
66 return NT_STATUS_OBJECT_NAME_INVALID;
67 }
68 if (StrCaseCmp(s, ":$DATA") != 0) {
69 return NT_STATUS_INVALID_PARAMETER;
70 }
71 break;
72 }
73 }
74
75 if (!posix_path && !stream_started && *s == ':') {
76 if (*p_last_component_contains_wcard) {
77 return NT_STATUS_OBJECT_NAME_INVALID;
78 }
79 /* Stream names allow more characters than file names.
80 We're overloading posix_path here to allow a wider
81 range of characters. If stream_started is true this
82 is still a Windows path even if posix_path is true.
83 JRA.
84 */
85 stream_started = true;
86 start_of_name_component = false;
87 posix_path = true;
88
89 if (s[1] == '\0') {
90 return NT_STATUS_OBJECT_NAME_INVALID;
91 }
92 }
93
94 if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
95 /*
96 * Safe to assume is not the second part of a mb char
97 * as this is handled below.
98 */
99 /* Eat multiple '/' or '\\' */
100 while (IS_PATH_SEP(*s,posix_path)) {
101 s++;
102 }
103 if ((d != path) && (*s != '\0')) {
104 /* We only care about non-leading or trailing '/' or '\\' */
105 *d++ = '/';
106 }
107
108 start_of_name_component = True;
109 /* New component. */
110 *p_last_component_contains_wcard = False;
111 continue;
112 }
113
114 if (start_of_name_component) {
115 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
116 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
117
118 /*
119 * No mb char starts with '.' so we're safe checking the directory separator here.
120 */
121
122 /* If we just added a '/' - delete it */
123 if ((d > path) && (*(d-1) == '/')) {
124 *(d-1) = '\0';
125 d--;
126 }
127
128 /* Are we at the start ? Can't go back further if so. */
129 if (d <= path) {
130 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
131 break;
132 }
133 /* Go back one level... */
134 /* We know this is safe as '/' cannot be part of a mb sequence. */
135 /* NOTE - if this assumption is invalid we are not in good shape... */
136 /* Decrement d first as d points to the *next* char to write into. */
137 for (d--; d > path; d--) {
138 if (*d == '/')
139 break;
140 }
141 s += 2; /* Else go past the .. */
142 /* We're still at the start of a name component, just the previous one. */
143 continue;
144
145 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
146 if (posix_path) {
147 /* Eat the '.' */
148 s++;
149 continue;
150 }
151 }
152
153 }
154
155 if (!(*s & 0x80)) {
156 if (!posix_path) {
157 if (*s <= 0x1f || *s == '|') {
158 return NT_STATUS_OBJECT_NAME_INVALID;
159 }
160 switch (*s) {
161 case '*':
162 case '?':
163 case '<':
164 case '>':
165 case '"':
166 *p_last_component_contains_wcard = True;
167 break;
168 default:
169 break;
170 }
171 }
172 *d++ = *s++;
173 } else {
174 size_t siz;
175 /* Get the size of the next MB character. */
176 next_codepoint(s,&siz);
177 switch(siz) {
178 case 5:
179 *d++ = *s++;
180 /*fall through*/
181 case 4:
182 *d++ = *s++;
183 /*fall through*/
184 case 3:
185 *d++ = *s++;
186 /*fall through*/
187 case 2:
188 *d++ = *s++;
189 /*fall through*/
190 case 1:
191 *d++ = *s++;
192 break;
193 default:
194 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
195 *d = '\0';
196 return NT_STATUS_INVALID_PARAMETER;
197 }
198 }
199 start_of_name_component = False;
200 }
201
202 *d = '\0';
203
204 return ret;
205 }
206
207 /****************************************************************************
208 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
209 No wildcards allowed.
210 ****************************************************************************/
211
212 NTSTATUS check_path_syntax(char *path)
213 {
214 bool ignore;
215 return check_path_syntax_internal(path, False, &ignore);
216 }
217
218 /****************************************************************************
219 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
220 Wildcards allowed - p_contains_wcard returns true if the last component contained
221 a wildcard.
222 ****************************************************************************/
223
224 NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
225 {
226 return check_path_syntax_internal(path, False, p_contains_wcard);
227 }
228
229 /****************************************************************************
230 Check the path for a POSIX client.
231 We're assuming here that '/' is not the second byte in any multibyte char
232 set (a safe assumption).
233 ****************************************************************************/
234
235 NTSTATUS check_path_syntax_posix(char *path)
236 {
237 bool ignore;
238 return check_path_syntax_internal(path, True, &ignore);
239 }
240
241 /****************************************************************************
242 Pull a string and check the path allowing a wilcard - provide for error return.
243 ****************************************************************************/
244
245 size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
246 const char *base_ptr,
247 uint16 smb_flags2,
248 char **pp_dest,
249 const char *src,
250 size_t src_len,
251 int flags,
252 NTSTATUS *err,
253 bool *contains_wcard)
254 {
255 size_t ret;
256
257 *pp_dest = NULL;
258
259 ret = srvstr_pull_talloc(ctx, base_ptr, smb_flags2, pp_dest, src,
260 src_len, flags);
261
262 if (!*pp_dest) {
263 *err = NT_STATUS_INVALID_PARAMETER;
264 return ret;
265 }
266
267 *contains_wcard = False;
268
269 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
270 /*
271 * For a DFS path the function parse_dfs_path()
272 * will do the path processing, just make a copy.
273 */
274 *err = NT_STATUS_OK;
275 return ret;
276 }
277
278 if (lp_posix_pathnames()) {
279 *err = check_path_syntax_posix(*pp_dest);
280 } else {
281 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
282 }
283
284 return ret;
285 }
286
287 /****************************************************************************
288 Pull a string and check the path - provide for error return.
289 ****************************************************************************/
290
291 size_t srvstr_get_path(TALLOC_CTX *ctx,
292 const char *base_ptr,
293 uint16 smb_flags2,
294 char **pp_dest,
295 const char *src,
296 size_t src_len,
297 int flags,
298 NTSTATUS *err)
299 {
300 bool ignore;
301 return srvstr_get_path_wcard(ctx, base_ptr, smb_flags2, pp_dest, src,
302 src_len, flags, err, &ignore);
303 }
304
305 size_t srvstr_get_path_req_wcard(TALLOC_CTX *mem_ctx, struct smb_request *req,
306 char **pp_dest, const char *src, int flags,
307 NTSTATUS *err, bool *contains_wcard)
308 {
309 return srvstr_get_path_wcard(mem_ctx, (char *)req->inbuf, req->flags2,
310 pp_dest, src, smbreq_bufrem(req, src),
311 flags, err, contains_wcard);
312 }
313
314 size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
315 char **pp_dest, const char *src, int flags,
316 NTSTATUS *err)
317 {
318 bool ignore;
319 return srvstr_get_path_req_wcard(mem_ctx, req, pp_dest, src,
320 flags, err, &ignore);
321 }
322
323 /****************************************************************************
324 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
325 ****************************************************************************/
326
327 bool check_fsp_open(connection_struct *conn, struct smb_request *req,
328 files_struct *fsp)
329 {
330 if (!(fsp) || !(conn)) {
331 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
332 return False;
333 }
334 if (((conn) != (fsp)->conn) || req->vuid != (fsp)->vuid) {
335 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
336 return False;
337 }
338 return True;
339 }
340
341 /****************************************************************************
342 Check if we have a correct fsp pointing to a file.
343 ****************************************************************************/
344
345 bool check_fsp(connection_struct *conn, struct smb_request *req,
346 files_struct *fsp)
347 {
348 if (!check_fsp_open(conn, req, fsp)) {
349 return False;
350 }
351 if ((fsp)->is_directory) {
352 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
353 return False;
354 }
355 if ((fsp)->fh->fd == -1) {
356 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
357 return False;
358 }
359 (fsp)->num_smb_operations++;
360 return True;
361 }
362
363 /****************************************************************************
364 Check if we have a correct fsp pointing to a quota fake file. Replacement for
365 the CHECK_NTQUOTA_HANDLE_OK macro.
366 ****************************************************************************/
367
368 bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req,
369 files_struct *fsp)
370 {
371 if (!check_fsp_open(conn, req, fsp)) {
372 return false;
373 }
374
375 if (fsp->is_directory) {
376 return false;
377 }
378
379 if (fsp->fake_file_handle == NULL) {
380 return false;
381 }
382
383 if (fsp->fake_file_handle->type != FAKE_FILE_TYPE_QUOTA) {
384 return false;
385 }
386
387 if (fsp->fake_file_handle->private_data == NULL) {
388 return false;
389 }
390
391 return true;
392 }
393
394 /****************************************************************************
395 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
396 ****************************************************************************/
397
398 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
399 files_struct *fsp)
400 {
401 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
402 && (req->vuid == (fsp)->vuid)) {
403 return True;
404 }
405
406 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
407 return False;
408 }
409
410 /****************************************************************************
411 Reply to a (netbios-level) special message.
412 ****************************************************************************/
413
414 void reply_special(char *inbuf)
415 {
416 int msg_type = CVAL(inbuf,0);
417 int msg_flags = CVAL(inbuf,1);
418 fstring name1,name2;
419 char name_type = 0;
420
421 /*
422 * We only really use 4 bytes of the outbuf, but for the smb_setlen
423 * calculation & friends (srv_send_smb uses that) we need the full smb
424 * header.
425 */
426 char outbuf[smb_size];
427
428 *name1 = *name2 = 0;
429
430 memset(outbuf, '\0', sizeof(outbuf));
431
432 smb_setlen(outbuf,0);
433
434 switch (msg_type) {
435 case 0x81: /* session request */
436
437 if (already_got_session) {
438 exit_server_cleanly("multiple session request not permitted");
439 }
440
441 SCVAL(outbuf,0,0x82);
442 SCVAL(outbuf,3,0);
443 if (name_len(inbuf+4) > 50 ||
444 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
445 DEBUG(0,("Invalid name length in session request\n"));
446 return;
447 }
448 name_extract(inbuf,4,name1);
449 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
450 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
451 name1,name2));
452
453 set_local_machine_name(name1, True);
454 set_remote_machine_name(name2, True);
455
456 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
457 get_local_machine_name(), get_remote_machine_name(),
458 name_type));
459
460 if (name_type == 'R') {
461 /* We are being asked for a pathworks session ---
462 no thanks! */
463 SCVAL(outbuf, 0,0x83);
464 break;
465 }
466
467 /* only add the client's machine name to the list
468 of possibly valid usernames if we are operating
469 in share mode security */
470 if (lp_security() == SEC_SHARE) {
471 add_session_user(get_remote_machine_name());
472 }
473
474 reload_services(True);
475 reopen_logs();
476
477 already_got_session = True;
478 break;
479
480 case 0x89: /* session keepalive request
481 (some old clients produce this?) */
482 SCVAL(outbuf,0,SMBkeepalive);
483 SCVAL(outbuf,3,0);
484 break;
485
486 case 0x82: /* positive session response */
487 case 0x83: /* negative session response */
488 case 0x84: /* retarget session response */
489 DEBUG(0,("Unexpected session response\n"));
490 break;
491
492 case SMBkeepalive: /* session keepalive */
493 default:
494 return;
495 }
496
497 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
498 msg_type, msg_flags));
499
500 srv_send_smb(smbd_server_fd(), outbuf, false, NULL);
501 return;
502 }
503
504 /****************************************************************************
505 Reply to a tcon.
506 conn POINTER CAN BE NULL HERE !
507 ****************************************************************************/
508
509 void reply_tcon(struct smb_request *req)
510 {
511 connection_struct *conn = req->conn;
512 const char *service;
513 char *service_buf = NULL;
514 char *password = NULL;
515 char *dev = NULL;
516 int pwlen=0;
517 NTSTATUS nt_status;
518 const char *p;
519 DATA_BLOB password_blob;
520 TALLOC_CTX *ctx = talloc_tos();
521
522 START_PROFILE(SMBtcon);
523
524 if (req->buflen < 4) {
525 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
526 END_PROFILE(SMBtcon);
527 return;
528 }
529
530 p = (const char *)req->buf + 1;
531 p += srvstr_pull_req_talloc(ctx, req, &service_buf, p, STR_TERMINATE);
532 p += 1;
533 pwlen = srvstr_pull_req_talloc(ctx, req, &password, p, STR_TERMINATE);
534 p += pwlen+1;
535 p += srvstr_pull_req_talloc(ctx, req, &dev, p, STR_TERMINATE);
536 p += 1;
537
538 if (service_buf == NULL || password == NULL || dev == NULL) {
539 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
540 END_PROFILE(SMBtcon);
541 return;
542 }
543 p = strrchr_m(service_buf,'\\');
544 if (p) {
545 service = p+1;
546 } else {
547 service = service_buf;
548 }
549
550 password_blob = data_blob(password, pwlen+1);
551
552 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
553 req->conn = conn;
554
555 data_blob_clear_free(&password_blob);
556
557 if (!conn) {
558 reply_nterror(req, nt_status);
559 END_PROFILE(SMBtcon);
560 return;
561 }
562
563 reply_outbuf(req, 2, 0);
564 SSVAL(req->outbuf,smb_vwv0,max_recv);
565 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
566 SSVAL(req->outbuf,smb_tid,conn->cnum);
567
568 DEBUG(3,("tcon service=%s cnum=%d\n",
569 service, conn->cnum));
570
571 END_PROFILE(SMBtcon);
572 return;
573 }
574
575 /****************************************************************************
576 Reply to a tcon and X.
577 conn POINTER CAN BE NULL HERE !
578 ****************************************************************************/
579
580 void reply_tcon_and_X(struct smb_request *req)
581 {
582 connection_struct *conn = req->conn;
583 const char *service = NULL;
584 DATA_BLOB password;
585 TALLOC_CTX *ctx = talloc_tos();
586 /* what the cleint thinks the device is */
587 char *client_devicetype = NULL;
588 /* what the server tells the client the share represents */
589 const char *server_devicetype;
590 NTSTATUS nt_status;
591 int passlen;
592 char *path = NULL;
593 const char *p, *q;
594 uint16 tcon_flags;
595
596 START_PROFILE(SMBtconX);
597
598 if (req->wct < 4) {
599 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
600 END_PROFILE(SMBtconX);
601 return;
602 }
603
604 passlen = SVAL(req->vwv+3, 0);
605 tcon_flags = SVAL(req->vwv+2, 0);
606
607 /* we might have to close an old one */
608 if ((tcon_flags & 0x1) && conn) {
609 close_cnum(conn,req->vuid);
610 req->conn = NULL;
611 conn = NULL;
612 }
613
614 if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
615 reply_doserror(req, ERRDOS, ERRbuftoosmall);
616 END_PROFILE(SMBtconX);
617 return;
618 }
619
620 if (global_encrypted_passwords_negotiated) {
621 password = data_blob_talloc(talloc_tos(), req->buf, passlen);
622 if (lp_security() == SEC_SHARE) {
623 /*
624 * Security = share always has a pad byte
625 * after the password.
626 */
627 p = (const char *)req->buf + passlen + 1;
628 } else {
629 p = (const char *)req->buf + passlen;
630 }
631 } else {
632 password = data_blob_talloc(talloc_tos(), req->buf, passlen+1);
633 /* Ensure correct termination */
634 password.data[passlen]=0;
635 p = (const char *)req->buf + passlen + 1;
636 }
637
638 p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE);
639
640 if (path == NULL) {
641 data_blob_clear_free(&password);
642 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
643 END_PROFILE(SMBtconX);
644 return;
645 }
646
647 /*
648 * the service name can be either: \\server\share
649 * or share directly like on the DELL PowerVault 705
650 */
651 if (*path=='\\') {
652 q = strchr_m(path+2,'\\');
653 if (!q) {
654 data_blob_clear_free(&password);
655 reply_doserror(req, ERRDOS, ERRnosuchshare);
656 END_PROFILE(SMBtconX);
657 return;
658 }
659 service = q+1;
660 } else {
661 service = path;
662 }
663
664 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
665 &client_devicetype, p,
666 MIN(6, smbreq_bufrem(req, p)), STR_ASCII);
667
668 if (client_devicetype == NULL) {
669 data_blob_clear_free(&password);
670 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
671 END_PROFILE(SMBtconX);
672 return;
673 }
674
675 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
676
677 conn = make_connection(service, password, client_devicetype,
678 req->vuid, &nt_status);
679 req->conn =conn;
680
681 data_blob_clear_free(&password);
682
683 if (!conn) {
684 reply_nterror(req, nt_status);
685 END_PROFILE(SMBtconX);
686 return;
687 }
688
689 if ( IS_IPC(conn) )
690 server_devicetype = "IPC";
691 else if ( IS_PRINT(conn) )
692 server_devicetype = "LPT1:";
693 else
694 server_devicetype = "A:";
695
696 if (Protocol < PROTOCOL_NT1) {
697 reply_outbuf(req, 2, 0);
698 if (message_push_string(&req->outbuf, server_devicetype,
699 STR_TERMINATE|STR_ASCII) == -1) {
700 reply_nterror(req, NT_STATUS_NO_MEMORY);
701 END_PROFILE(SMBtconX);
702 return;
703 }
704 } else {
705 /* NT sets the fstype of IPC$ to the null string */
706 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
707
708 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
709 /* Return permissions. */
710 uint32 perm1 = 0;
711 uint32 perm2 = 0;
712
713 reply_outbuf(req, 7, 0);
714
715 if (IS_IPC(conn)) {
716 perm1 = FILE_ALL_ACCESS;
717 perm2 = FILE_ALL_ACCESS;
718 } else {
719 perm1 = CAN_WRITE(conn) ?
720 SHARE_ALL_ACCESS :
721 SHARE_READ_ONLY;
722 }
723
724 SIVAL(req->outbuf, smb_vwv3, perm1);
725 SIVAL(req->outbuf, smb_vwv5, perm2);
726 } else {
727 reply_outbuf(req, 3, 0);
728 }
729
730 if ((message_push_string(&req->outbuf, server_devicetype,
731 STR_TERMINATE|STR_ASCII) == -1)
732 || (message_push_string(&req->outbuf, fstype,
733 STR_TERMINATE) == -1)) {
734 reply_nterror(req, NT_STATUS_NO_MEMORY);
735 END_PROFILE(SMBtconX);
736 return;
737 }
738
739 /* what does setting this bit do? It is set by NT4 and
740 may affect the ability to autorun mounted cdroms */
741 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
742 (lp_csc_policy(SNUM(conn)) << 2));
743
744 if (lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) {
745 DEBUG(2,("Serving %s as a Dfs root\n",
746 lp_servicename(SNUM(conn)) ));
747 SSVAL(req->outbuf, smb_vwv2,
748 SMB_SHARE_IN_DFS | SVAL(req->outbuf, smb_vwv2));
749 }
750 }
751
752
753 DEBUG(3,("tconX service=%s \n",
754 service));
755
756 /* set the incoming and outgoing tid to the just created one */
757 SSVAL(req->inbuf,smb_tid,conn->cnum);
758 SSVAL(req->outbuf,smb_tid,conn->cnum);
759
760 END_PROFILE(SMBtconX);
761
762 chain_reply(req);
763 return;
764 }
765
766 /****************************************************************************
767 Reply to an unknown type.
768 ****************************************************************************/
769
770 void reply_unknown_new(struct smb_request *req, uint8 type)
771 {
772 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
773 smb_fn_name(type), type, type));
774 reply_doserror(req, ERRSRV, ERRunknownsmb);
775 return;
776 }
777
778 /****************************************************************************
779 Reply to an ioctl.
780 conn POINTER CAN BE NULL HERE !
781 ****************************************************************************/
782
783 void reply_ioctl(struct smb_request *req)
784 {
785 connection_struct *conn = req->conn;
786 uint16 device;
787 uint16 function;
788 uint32 ioctl_code;
789 int replysize;
790 char *p;
791
792 START_PROFILE(SMBioctl);
793
794 if (req->wct < 3) {
795 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
796 END_PROFILE(SMBioctl);
797 return;
798 }
799
800 device = SVAL(req->vwv+1, 0);
801 function = SVAL(req->vwv+2, 0);
802 ioctl_code = (device << 16) + function;
803
804 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
805
806 switch (ioctl_code) {
807 case IOCTL_QUERY_JOB_INFO:
808 replysize = 32;
809 break;
810 default:
811 reply_doserror(req, ERRSRV, ERRnosupport);
812 END_PROFILE(SMBioctl);
813 return;
814 }
815
816 reply_outbuf(req, 8, replysize+1);
817 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
818 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
819 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
820 p = smb_buf(req->outbuf);
821 memset(p, '\0', replysize+1); /* valgrind-safe. */
822 p += 1; /* Allow for alignment */
823
824 switch (ioctl_code) {
825 case IOCTL_QUERY_JOB_INFO:
826 {
827 files_struct *fsp = file_fsp(
828 req, SVAL(req->vwv+0, 0));
829 if (!fsp) {
830 reply_doserror(req, ERRDOS, ERRbadfid);
831 END_PROFILE(SMBioctl);
832 return;
833 }
834 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
835 srvstr_push((char *)req->outbuf, req->flags2, p+2,
836 global_myname(), 15,
837 STR_TERMINATE|STR_ASCII);
838 if (conn) {
839 srvstr_push((char *)req->outbuf, req->flags2,
840 p+18, lp_servicename(SNUM(conn)),
841 13, STR_TERMINATE|STR_ASCII);
842 } else {
843 memset(p+18, 0, 13);
844 }
845 break;
846 }
847 }
848
849 END_PROFILE(SMBioctl);
850 return;
851 }
852
853 /****************************************************************************
854 Strange checkpath NTSTATUS mapping.
855 ****************************************************************************/
856
857 static NTSTATUS map_checkpath_error(uint16_t flags2, NTSTATUS status)
858 {
859 /* Strange DOS error code semantics only for checkpath... */
860 if (!(flags2 & FLAGS2_32_BIT_ERROR_CODES)) {
861 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
862 /* We need to map to ERRbadpath */
863 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
864 }
865 }
866 return status;
867 }
868
869 /****************************************************************************
870 Reply to a checkpath.
871 ****************************************************************************/
872
873 void reply_checkpath(struct smb_request *req)
874 {
875 connection_struct *conn = req->conn;
876 char *name = NULL;
877 SMB_STRUCT_STAT sbuf;
878 NTSTATUS status;
879 TALLOC_CTX *ctx = talloc_tos();
880
881 START_PROFILE(SMBcheckpath);
882
883 srvstr_get_path_req(ctx, req, &name, (const char *)req->buf + 1,
884 STR_TERMINATE, &status);
885
886 if (!NT_STATUS_IS_OK(status)) {
887 status = map_checkpath_error(req->flags2, status);
888 reply_nterror(req, status);
889 END_PROFILE(SMBcheckpath);
890 return;
891 }
892
893 status = resolve_dfspath(ctx, conn,
894 req->flags2 & FLAGS2_DFS_PATHNAMES,
895 name,
896 &name);
897 if (!NT_STATUS_IS_OK(status)) {
898 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
899 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
900 ERRSRV, ERRbadpath);
901 END_PROFILE(SMBcheckpath);
902 return;
903 }
904 goto path_err;
905 }
906
907 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->vwv+0, 0)));
908
909 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
910 if (!NT_STATUS_IS_OK(status)) {
911 goto path_err;
912 }
913
914 status = check_name(conn, name);
915 if (!NT_STATUS_IS_OK(status)) {
916 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
917 goto path_err;
918 }
919
920 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
921 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
922 status = map_nt_error_from_unix(errno);
923 goto path_err;
924 }
925
926 if (!S_ISDIR(sbuf.st_mode)) {
927 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
928 ERRDOS, ERRbadpath);
929 END_PROFILE(SMBcheckpath);
930 return;
931 }
932
933 reply_outbuf(req, 0, 0);
934
935 END_PROFILE(SMBcheckpath);
936 return;
937
938 path_err:
939
940 END_PROFILE(SMBcheckpath);
941
942 /* We special case this - as when a Windows machine
943 is parsing a path is steps through the components
944 one at a time - if a component fails it expects
945 ERRbadpath, not ERRbadfile.
946 */
947 status = map_checkpath_error(req->flags2, status);
948 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
949 /*
950 * Windows returns different error codes if
951 * the parent directory is valid but not the
952 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
953 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
954 * if the path is invalid.
955 */
956 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
957 ERRDOS, ERRbadpath);
958 return;
959 }
960
961 reply_nterror(req, status);
962 }
963
964 /****************************************************************************
965 Reply to a getatr.
966 ****************************************************************************/
967
968 void reply_getatr(struct smb_request *req)
969 {
970 connection_struct *conn = req->conn;
971 char *fname = NULL;
972 SMB_STRUCT_STAT sbuf;
973 int mode=0;
974 SMB_OFF_T size=0;
975 time_t mtime=0;
976 const char *p;
977 NTSTATUS status;
978 TALLOC_CTX *ctx = talloc_tos();
979
980 START_PROFILE(SMBgetatr);
981
982 p = (const char *)req->buf + 1;
983 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
984 if (!NT_STATUS_IS_OK(status)) {
985 reply_nterror(req, status);
986 END_PROFILE(SMBgetatr);
987 return;
988 }
989
990 status = resolve_dfspath(ctx, conn,
991 req->flags2 & FLAGS2_DFS_PATHNAMES,
992 fname,
993 &fname);
994 if (!NT_STATUS_IS_OK(status)) {
995 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
996 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
997 ERRSRV, ERRbadpath);
998 END_PROFILE(SMBgetatr);
999 return;
1000 }
1001 reply_nterror(req, status);
1002 END_PROFILE(SMBgetatr);
1003 return;
1004 }
1005
1006 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
1007 under WfWg - weird! */
1008 if (*fname == '\0') {
1009 mode = aHIDDEN | aDIR;
1010 if (!CAN_WRITE(conn)) {
1011 mode |= aRONLY;
1012 }
1013 size = 0;
1014 mtime = 0;
1015 } else {
1016 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
1017 if (!NT_STATUS_IS_OK(status)) {
1018 reply_nterror(req, status);
1019 END_PROFILE(SMBgetatr);
1020 return;
1021 }
1022 status = check_name(conn, fname);
1023 if (!NT_STATUS_IS_OK(status)) {
1024 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
1025 reply_nterror(req, status);
1026 END_PROFILE(SMBgetatr);
1027 return;
1028 }
1029 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1030 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1031 reply_unixerror(req, ERRDOS,ERRbadfile);
1032 END_PROFILE(SMBgetatr);
1033 return;
1034 }
1035
1036 mode = dos_mode(conn,fname,&sbuf);
1037 size = sbuf.st_size;
1038 mtime = sbuf.st_mtime;
1039 if (mode & aDIR) {
1040 size = 0;
1041 }
1042 }
1043
1044 reply_outbuf(req, 10, 0);
1045
1046 SSVAL(req->outbuf,smb_vwv0,mode);
1047 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1048 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1049 } else {
1050 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1051 }
1052 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1053
1054 if (Protocol >= PROTOCOL_NT1) {
1055 SSVAL(req->outbuf, smb_flg2,
1056 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1057 }
1058
1059 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1060
1061 END_PROFILE(SMBgetatr);
1062 return;
1063 }
1064
1065 /****************************************************************************
1066 Reply to a setatr.
1067 ****************************************************************************/
1068
1069 void reply_setatr(struct smb_request *req)
1070 {
1071 struct smb_file_time ft;
1072 connection_struct *conn = req->conn;
1073 char *fname = NULL;
1074 int mode;
1075 time_t mtime;
1076 SMB_STRUCT_STAT sbuf;
1077 const char *p;
1078 NTSTATUS status;
1079 TALLOC_CTX *ctx = talloc_tos();
1080
1081 START_PROFILE(SMBsetatr);
1082
1083 ZERO_STRUCT(ft);
1084
1085 if (req->wct < 2) {
1086 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1087 return;
1088 }
1089
1090 p = (const char *)req->buf + 1;
1091 p += srvstr_get_path_req(ctx, req, &fname, p, STR_TERMINATE, &status);
1092 if (!NT_STATUS_IS_OK(status)) {
1093 reply_nterror(req, status);
1094 END_PROFILE(SMBsetatr);
1095 return;
1096 }
1097
1098 status = resolve_dfspath(ctx, conn,
1099 req->flags2 & FLAGS2_DFS_PATHNAMES,
1100 fname,
1101 &fname);
1102 if (!NT_STATUS_IS_OK(status)) {
1103 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1104 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1105 ERRSRV, ERRbadpath);
1106 END_PROFILE(SMBsetatr);
1107 return;
1108 }
1109 reply_nterror(req, status);
1110 END_PROFILE(SMBsetatr);
1111 return;
1112 }
1113
1114 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1115 if (!NT_STATUS_IS_OK(status)) {
1116 reply_nterror(req, status);
1117 END_PROFILE(SMBsetatr);
1118 return;
1119 }
1120
1121 status = check_name(conn, fname);
1122 if (!NT_STATUS_IS_OK(status)) {
1123 reply_nterror(req, status);
1124 END_PROFILE(SMBsetatr);
1125 return;
1126 }
1127
1128 if (fname[0] == '.' && fname[1] == '\0') {
1129 /*
1130 * Not sure here is the right place to catch this
1131 * condition. Might be moved to somewhere else later -- vl
1132 */
1133 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1134 END_PROFILE(SMBsetatr);
1135 return;
1136 }
1137
1138 mode = SVAL(req->vwv+0, 0);
1139 mtime = srv_make_unix_date3(req->vwv+1);
1140
1141 ft.mtime = convert_time_t_to_timespec(mtime);
1142 status = smb_set_file_time(conn, NULL, fname,
1143 &sbuf, &ft, true);
1144 if (!NT_STATUS_IS_OK(status)) {
1145 reply_unixerror(req, ERRDOS, ERRnoaccess);
1146 END_PROFILE(SMBsetatr);
1147 return;
1148 }
1149
1150 if (mode != FILE_ATTRIBUTE_NORMAL) {
1151 if (VALID_STAT_OF_DIR(sbuf))
1152 mode |= aDIR;
1153 else
1154 mode &= ~aDIR;
1155
1156 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1157 reply_unixerror(req, ERRDOS, ERRnoaccess);
1158 END_PROFILE(SMBsetatr);
1159 return;
1160 }
1161 }
1162
1163 reply_outbuf(req, 0, 0);
1164
1165 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1166
1167 END_PROFILE(SMBsetatr);
1168 return;
1169 }
1170
1171 /****************************************************************************
1172 Reply to a dskattr.
1173 ****************************************************************************/
1174
1175 void reply_dskattr(struct smb_request *req)
1176 {
1177 connection_struct *conn = req->conn;
1178 uint64_t dfree,dsize,bsize;
1179 START_PROFILE(SMBdskattr);
1180
1181 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (uint64_t)-1) {
1182 reply_unixerror(req, ERRHRD, ERRgeneral);
1183 END_PROFILE(SMBdskattr);
1184 return;
1185 }
1186
1187 reply_outbuf(req, 5, 0);
1188
1189 if (Protocol <= PROTOCOL_LANMAN2) {
1190 double total_space, free_space;
1191 /* we need to scale this to a number that DOS6 can handle. We
1192 use floating point so we can handle large drives on systems
1193 that don't have 64 bit integers
1194
1195 we end up displaying a maximum of 2G to DOS systems
1196 */
1197 total_space = dsize * (double)bsize;
1198 free_space = dfree * (double)bsize;
1199
1200 dsize = (uint64_t)((total_space+63*512) / (64*512));
1201 dfree = (uint64_t)((free_space+63*512) / (64*512));
1202
1203 if (dsize > 0xFFFF) dsize = 0xFFFF;
1204 if (dfree > 0xFFFF) dfree = 0xFFFF;
1205
1206 SSVAL(req->outbuf,smb_vwv0,dsize);
1207 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1208 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1209 SSVAL(req->outbuf,smb_vwv3,dfree);
1210 } else {
1211 SSVAL(req->outbuf,smb_vwv0,dsize);
1212 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1213 SSVAL(req->outbuf,smb_vwv2,512);
1214 SSVAL(req->outbuf,smb_vwv3,dfree);
1215 }
1216
1217 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1218
1219 END_PROFILE(SMBdskattr);
1220 return;
1221 }
1222
1223 /****************************************************************************
1224 Reply to a search.
1225 Can be called from SMBsearch, SMBffirst or SMBfunique.
1226 ****************************************************************************/
1227
1228 void reply_search(struct smb_request *req)
1229 {
1230 connection_struct *conn = req->conn;
1231 const char *mask = NULL;
1232 char *directory = NULL;
1233 char *fname = NULL;
1234 SMB_OFF_T size;
1235 uint32 mode;
1236 time_t date;
1237 uint32 dirtype;
1238 unsigned int numentries = 0;
1239 unsigned int maxentries = 0;
1240 bool finished = False;
1241 const char *p;
1242 int status_len;
1243 char *path = NULL;
1244 char status[21];
1245 int dptr_num= -1;
1246 bool check_descend = False;
1247 bool expect_close = False;
1248 NTSTATUS nt_status;
1249 bool mask_contains_wcard = False;
1250 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1251 TALLOC_CTX *ctx = talloc_tos();
1252 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1253
1254 START_PROFILE(SMBsearch);
1255
1256 if (req->wct < 2) {
1257 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1258 END_PROFILE(SMBsearch);
1259 return;
1260 }
1261
1262 if (lp_posix_pathnames()) {
1263 reply_unknown_new(req, req->cmd);
1264 END_PROFILE(SMBsearch);
1265 return;
1266 }
1267
1268 /* If we were called as SMBffirst then we must expect close. */
1269 if(req->cmd == SMBffirst) {
1270 expect_close = True;
1271 }
1272
1273 reply_outbuf(req, 1, 3);
1274 maxentries = SVAL(req->vwv+0, 0);
1275 dirtype = SVAL(req->vwv+1, 0);
1276 p = (const char *)req->buf + 1;
1277 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1278 &nt_status, &mask_contains_wcard);
1279 if (!NT_STATUS_IS_OK(nt_status)) {
1280 reply_nterror(req, nt_status);
1281 END_PROFILE(SMBsearch);
1282 return;
1283 }
1284
1285 nt_status = resolve_dfspath_wcard(ctx, conn,
1286 req->flags2 & FLAGS2_DFS_PATHNAMES,
1287 path,
1288 &path,
1289 &mask_contains_wcard);
1290 if (!NT_STATUS_IS_OK(nt_status)) {
1291 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1292 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1293 ERRSRV, ERRbadpath);
1294 END_PROFILE(SMBsearch);
1295 return;
1296 }
1297 reply_nterror(req, nt_status);
1298 END_PROFILE(SMBsearch);
1299 return;
1300 }
1301
1302 p++;
1303 status_len = SVAL(p, 0);
1304 p += 2;
1305
1306 /* dirtype &= ~aDIR; */
1307
1308 if (status_len == 0) {
1309 SMB_STRUCT_STAT sbuf;
1310
1311 nt_status = unix_convert(ctx, conn, path, True,
1312 &directory, NULL, &sbuf);
1313 if (!NT_STATUS_IS_OK(nt_status)) {
1314 reply_nterror(req, nt_status);
1315 END_PROFILE(SMBsearch);
1316 return;
1317 }
1318
1319 nt_status = check_name(conn, directory);
1320 if (!NT_STATUS_IS_OK(nt_status)) {
1321 reply_nterror(req, nt_status);
1322 END_PROFILE(SMBsearch);
1323 return;
1324 }
1325
1326 p = strrchr_m(directory,'/');
1327 if ((p != NULL) && (*directory != '/')) {
1328 mask = p + 1;
1329 directory = talloc_strndup(ctx, directory,
1330 PTR_DIFF(p, directory));
1331 } else {
1332 mask = directory;
1333 directory = talloc_strdup(ctx,".");
1334 }
1335
1336 if (!directory) {
1337 reply_nterror(req, NT_STATUS_NO_MEMORY);
1338 END_PROFILE(SMBsearch);
1339 return;
1340 }
1341
1342 memset((char *)status,'\0',21);
1343 SCVAL(status,0,(dirtype & 0x1F));
1344
1345 nt_status = dptr_create(conn,
1346 directory,
1347 True,
1348 expect_close,
1349 req->smbpid,
1350 mask,
1351 mask_contains_wcard,
1352 dirtype,
1353 &conn->dirptr);
1354 if (!NT_STATUS_IS_OK(nt_status)) {
1355 reply_nterror(req, nt_status);
1356 END_PROFILE(SMBsearch);
1357 return;
1358 }
1359 dptr_num = dptr_dnum(conn->dirptr);
1360 } else {
1361 int status_dirtype;
1362
1363 memcpy(status,p,21);
1364 status_dirtype = CVAL(status,0) & 0x1F;
1365 if (status_dirtype != (dirtype & 0x1F)) {
1366 dirtype = status_dirtype;
1367 }
1368
1369 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1370 if (!conn->dirptr) {
1371 goto SearchEmpty;
1372 }
1373 string_set(&conn->dirpath,dptr_path(dptr_num));
1374 mask = dptr_wcard(dptr_num);
1375 if (!mask) {
1376 goto SearchEmpty;
1377 }
1378 /*
1379 * For a 'continue' search we have no string. So
1380 * check from the initial saved string.
1381 */
1382 mask_contains_wcard = ms_has_wild(mask);
1383 dirtype = dptr_attr(dptr_num);
1384 }
1385
1386 DEBUG(4,("dptr_num is %d\n",dptr_num));
1387
1388 /* Initialize per SMBsearch/SMBffirst/SMBfunique operation data */
1389 dptr_init_search_op(conn->dirptr);
1390
1391 if ((dirtype&0x1F) == aVOLID) {
1392 char buf[DIR_STRUCT_SIZE];
1393 memcpy(buf,status,21);
1394 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1395 0,aVOLID,0,!allow_long_path_components)) {
1396 reply_nterror(req, NT_STATUS_NO_MEMORY);
1397 END_PROFILE(SMBsearch);
1398 return;
1399 }
1400 dptr_fill(buf+12,dptr_num);
1401 if (dptr_zero(buf+12) && (status_len==0)) {
1402 numentries = 1;
1403 } else {
1404 numentries = 0;
1405 }
1406 if (message_push_blob(&req->outbuf,
1407 data_blob_const(buf, sizeof(buf)))
1408 == -1) {
1409 reply_nterror(req, NT_STATUS_NO_MEMORY);
1410 END_PROFILE(SMBsearch);
1411 return;
1412 }
1413 } else {
1414 unsigned int i;
1415 maxentries = MIN(
1416 maxentries,
1417 ((BUFFER_SIZE -
1418 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1419 /DIR_STRUCT_SIZE));
1420
1421 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1422 conn->dirpath,lp_dontdescend(SNUM(conn))));
1423 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1424 check_descend = True;
1425 }
1426
1427 for (i=numentries;(i<maxentries) && !finished;i++) {
1428 finished = !get_dir_entry(ctx,
1429 conn,
1430 mask,
1431 dirtype,
1432 &fname,
1433 &size,
1434 &mode,
1435 &date,
1436 check_descend,
1437 ask_sharemode);
1438 if (!finished) {
1439 char buf[DIR_STRUCT_SIZE];
1440 memcpy(buf,status,21);
1441 if (!make_dir_struct(ctx,
1442 buf,
1443 mask,
1444 fname,
1445 size,
1446 mode,
1447 date,
1448 !allow_long_path_components)) {
1449 reply_nterror(req, NT_STATUS_NO_MEMORY);
1450 END_PROFILE(SMBsearch);
1451 return;
1452 }
1453 if (!dptr_fill(buf+12,dptr_num)) {
1454 break;
1455 }
1456 if (message_push_blob(&req->outbuf,
1457 data_blob_const(buf, sizeof(buf)))
1458 == -1) {
1459 reply_nterror(req, NT_STATUS_NO_MEMORY);
1460 END_PROFILE(SMBsearch);
1461 return;
1462 }
1463 numentries++;
1464 }
1465 }
1466 }
1467
1468 SearchEmpty:
1469
1470 /* If we were called as SMBffirst with smb_search_id == NULL
1471 and no entries were found then return error and close dirptr
1472 (X/Open spec) */
1473
1474 if (numentries == 0) {
1475 dptr_close(&dptr_num);
1476 } else if(expect_close && status_len == 0) {
1477 /* Close the dptr - we know it's gone */
1478 dptr_close(&dptr_num);
1479 }
1480
1481 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1482 if(dptr_num >= 0 && req->cmd == SMBfunique) {
1483 dptr_close(&dptr_num);
1484 }
1485
1486 if ((numentries == 0) && !mask_contains_wcard) {
1487 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1488 END_PROFILE(SMBsearch);
1489 return;
1490 }
1491
1492 SSVAL(req->outbuf,smb_vwv0,numentries);
1493 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1494 SCVAL(smb_buf(req->outbuf),0,5);
1495 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1496
1497 /* The replies here are never long name. */
1498 SSVAL(req->outbuf, smb_flg2,
1499 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1500 if (!allow_long_path_components) {
1501 SSVAL(req->outbuf, smb_flg2,
1502 SVAL(req->outbuf, smb_flg2)
1503 & (~FLAGS2_LONG_PATH_COMPONENTS));
1504 }
1505
1506 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1507 SSVAL(req->outbuf, smb_flg2,
1508 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1509
1510 if (!directory) {
1511 directory = dptr_path(dptr_num);
1512 }
1513
1514 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1515 smb_fn_name(req->cmd),
1516 mask,
1517 directory ? directory : "./",
1518 dirtype,
1519 numentries,
1520 maxentries ));
1521
1522 END_PROFILE(SMBsearch);
1523 return;
1524 }
1525
1526 /****************************************************************************
1527 Reply to a fclose (stop directory search).
1528 ****************************************************************************/
1529
1530 void reply_fclose(struct smb_request *req)
1531 {
1532 int status_len;
1533 char status[21];
1534 int dptr_num= -2;
1535 const char *p;
1536 char *path = NULL;
1537 NTSTATUS err;
1538 bool path_contains_wcard = False;
1539 TALLOC_CTX *ctx = talloc_tos();
1540
1541 START_PROFILE(SMBfclose);
1542
1543 if (lp_posix_pathnames()) {
1544 reply_unknown_new(req, req->cmd);
1545 END_PROFILE(SMBfclose);
1546 return;
1547 }
1548
1549 p = (const char *)req->buf + 1;
1550 p += srvstr_get_path_req_wcard(ctx, req, &path, p, STR_TERMINATE,
1551 &err, &path_contains_wcard);
1552 if (!NT_STATUS_IS_OK(err)) {
1553 reply_nterror(req, err);
1554 END_PROFILE(SMBfclose);
1555 return;
1556 }
1557 p++;
1558 status_len = SVAL(p,0);
1559 p += 2;
1560
1561 if (status_len == 0) {
1562 reply_doserror(req, ERRSRV, ERRsrverror);
1563 END_PROFILE(SMBfclose);
1564 return;
1565 }
1566
1567 memcpy(status,p,21);
1568
1569 if(dptr_fetch(status+12,&dptr_num)) {
1570 /* Close the dptr - we know it's gone */
1571 dptr_close(&dptr_num);
1572 }
1573
1574 reply_outbuf(req, 1, 0);
1575 SSVAL(req->outbuf,smb_vwv0,0);
1576
1577 DEBUG(3,("search close\n"));
1578
1579 END_PROFILE(SMBfclose);
1580 return;
1581 }
1582
1583 /****************************************************************************
1584 Reply to an open.
1585 ****************************************************************************/
1586
1587 void reply_open(struct smb_request *req)
1588 {
1589 connection_struct *conn = req->conn;
1590 char *fname = NULL;
1591 uint32 fattr=0;
1592 SMB_OFF_T size = 0;
1593 time_t mtime=0;
1594 int info;
1595 SMB_STRUCT_STAT sbuf;
1596 files_struct *fsp;
1597 int oplock_request;
1598 int deny_mode;
1599 uint32 dos_attr;
1600 uint32 access_mask;
1601 uint32 share_mode;
1602 uint32 create_disposition;
1603 uint32 create_options = 0;
1604 NTSTATUS status;
1605 TALLOC_CTX *ctx = talloc_tos();
1606
1607 START_PROFILE(SMBopen);
1608
1609 SET_STAT_INVALID(sbuf);
1610
1611 if (req->wct < 2) {
1612 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1613 END_PROFILE(SMBopen);
1614 return;
1615 }
1616
1617 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1618 deny_mode = SVAL(req->vwv+0, 0);
1619 dos_attr = SVAL(req->vwv+1, 0);
1620
1621 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
1622 STR_TERMINATE, &status);
1623 if (!NT_STATUS_IS_OK(status)) {
1624 reply_nterror(req, status);
1625 END_PROFILE(SMBopen);
1626 return;
1627 }
1628
1629 if (!map_open_params_to_ntcreate(
1630 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1631 &share_mode, &create_disposition, &create_options)) {
1632 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1633 END_PROFILE(SMBopen);
1634 return;
1635 }
1636
1637 status = SMB_VFS_CREATE_FILE(
1638 conn, /* conn */
1639 req, /* req */
1640 0, /* root_dir_fid */
1641 fname, /* fname */
1642 CFF_DOS_PATH, /* create_file_flags */
1643 access_mask, /* access_mask */
1644 share_mode, /* share_access */
1645 create_disposition, /* create_disposition*/
1646 create_options, /* create_options */
1647 dos_attr, /* file_attributes */
1648 oplock_request, /* oplock_request */
1649 0, /* allocation_size */
1650 NULL, /* sd */
1651 NULL, /* ea_list */
1652 &fsp, /* result */
1653 &info, /* pinfo */
1654 &sbuf); /* psbuf */
1655
1656 if (!NT_STATUS_IS_OK(status)) {
1657 if (open_was_deferred(req->mid)) {
1658 /* We have re-scheduled this call. */
1659 END_PROFILE(SMBopen);
1660 return;
1661 }
1662 reply_openerror(req, status);
1663 END_PROFILE(SMBopen);
1664 return;
1665 }
1666
1667 size = sbuf.st_size;
1668 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1669 mtime = sbuf.st_mtime;
1670
1671 if (fattr & aDIR) {
1672 DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
1673 close_file(req, fsp, ERROR_CLOSE);
1674 reply_doserror(req, ERRDOS,ERRnoaccess);
1675 END_PROFILE(SMBopen);
1676 return;
1677 }
1678
1679 reply_outbuf(req, 7, 0);
1680 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1681 SSVAL(req->outbuf,smb_vwv1,fattr);
1682 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1683 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1684 } else {
1685 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1686 }
1687 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1688 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1689
1690 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1691 SCVAL(req->outbuf,smb_flg,
1692 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1693 }
1694
1695 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1696 SCVAL(req->outbuf,smb_flg,
1697 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1698 }
1699 END_PROFILE(SMBopen);
1700 return;
1701 }
1702
1703 /****************************************************************************
1704 Reply to an open and X.
1705 ****************************************************************************/
1706
1707 void reply_open_and_X(struct smb_request *req)
1708 {
1709 connection_struct *conn = req->conn;
1710 char *fname = NULL;
1711 uint16 open_flags;
1712 int deny_mode;
1713 uint32 smb_attr;
1714 /* Breakout the oplock request bits so we can set the
1715 reply bits separately. */
1716 int ex_oplock_request;
1717 int core_oplock_request;
1718 int oplock_request;
1719 #if 0
1720 int smb_sattr = SVAL(req->vwv+4, 0);
1721 uint32 smb_time = make_unix_date3(req->vwv+6);
1722 #endif
1723 int smb_ofun;
1724 uint32 fattr=0;
1725 int mtime=0;
1726 SMB_STRUCT_STAT sbuf;
1727 int smb_action = 0;
1728 files_struct *fsp;
1729 NTSTATUS status;
1730 uint64_t allocation_size;
1731 ssize_t retval = -1;
1732 uint32 access_mask;
1733 uint32 share_mode;
1734 uint32 create_disposition;
1735 uint32 create_options = 0;
1736 TALLOC_CTX *ctx = talloc_tos();
1737
1738 START_PROFILE(SMBopenX);
1739
1740 if (req->wct < 15) {
1741 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1742 END_PROFILE(SMBopenX);
1743 return;
1744 }
1745
1746 SET_STAT_INVALID(sbuf);
1747
1748 open_flags = SVAL(req->vwv+2, 0);
1749 deny_mode = SVAL(req->vwv+3, 0);
1750 smb_attr = SVAL(req->vwv+5, 0);
1751 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1752 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1753 oplock_request = ex_oplock_request | core_oplock_request;
1754 smb_ofun = SVAL(req->vwv+8, 0);
1755 allocation_size = (uint64_t)IVAL(req->vwv+9, 0);
1756
1757 /* If it's an IPC, pass off the pipe handler. */
1758 if (IS_IPC(conn)) {
1759 if (lp_nt_pipe_support()) {
1760 reply_open_pipe_and_X(conn, req);
1761 } else {
1762 reply_doserror(req, ERRSRV, ERRaccess);
1763 }
1764 END_PROFILE(SMBopenX);
1765 return;
1766 }
1767
1768 /* XXXX we need to handle passed times, sattr and flags */
1769 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
1770 STR_TERMINATE, &status);
1771 if (!NT_STATUS_IS_OK(status)) {
1772 reply_nterror(req, status);
1773 END_PROFILE(SMBopenX);
1774 return;
1775 }
1776
1777 if (!map_open_params_to_ntcreate(
1778 fname, deny_mode, smb_ofun, &access_mask,
1779 &share_mode, &create_disposition, &create_options)) {
1780 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1781 END_PROFILE(SMBopenX);
1782 return;
1783 }
1784
1785 status = SMB_VFS_CREATE_FILE(
1786 conn, /* conn */
1787 req, /* req */
1788 0, /* root_dir_fid */
1789 fname, /* fname */
1790 CFF_DOS_PATH, /* create_file_flags */
1791 access_mask, /* access_mask */
1792 share_mode, /* share_access */
1793 create_disposition, /* create_disposition*/
1794 create_options, /* create_options */
1795 smb_attr, /* file_attributes */
1796 oplock_request, /* oplock_request */
1797 0, /* allocation_size */
1798 NULL, /* sd */
1799 NULL, /* ea_list */
1800 &fsp, /* result */
1801 &smb_action, /* pinfo */
1802 &sbuf); /* psbuf */
1803
1804 if (!NT_STATUS_IS_OK(status)) {
1805 END_PROFILE(SMBopenX);
1806 if (open_was_deferred(req->mid)) {
1807 /* We have re-scheduled this call. */
1808 return;
1809 }
1810 reply_openerror(req, status);
1811 return;
1812 }
1813
1814 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1815 if the file is truncated or created. */
1816 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1817 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1818 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1819 close_file(req, fsp, ERROR_CLOSE);
1820 reply_nterror(req, NT_STATUS_DISK_FULL);
1821 END_PROFILE(SMBopenX);
1822 return;
1823 }
1824 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1825 if (retval < 0) {
1826 close_file(req, fsp, ERROR_CLOSE);
1827 reply_nterror(req, NT_STATUS_DISK_FULL);
1828 END_PROFILE(SMBopenX);
1829 return;
1830 }
1831 sbuf.st_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&sbuf);
1832 }
1833
1834 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1835 mtime = sbuf.st_mtime;
1836 if (fattr & aDIR) {
1837 close_file(req, fsp, ERROR_CLOSE);
1838 reply_doserror(req, ERRDOS, ERRnoaccess);
1839 END_PROFILE(SMBopenX);
1840 return;
1841 }
1842
1843 /* If the caller set the extended oplock request bit
1844 and we granted one (by whatever means) - set the
1845 correct bit for extended oplock reply.
1846 */
1847
1848 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1849 smb_action |= EXTENDED_OPLOCK_GRANTED;
1850 }
1851
1852 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1853 smb_action |= EXTENDED_OPLOCK_GRANTED;
1854 }
1855
1856 /* If the caller set the core oplock request bit
1857 and we granted one (by whatever means) - set the
1858 correct bit for core oplock reply.
1859 */
1860
1861 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1862 reply_outbuf(req, 19, 0);
1863 } else {
1864 reply_outbuf(req, 15, 0);
1865 }
1866
1867 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1868 SCVAL(req->outbuf, smb_flg,
1869 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1870 }
1871
1872 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1873 SCVAL(req->outbuf, smb_flg,
1874 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1875 }
1876
1877 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1878 SSVAL(req->outbuf,smb_vwv3,fattr);
1879 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1880 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1881 } else {
1882 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1883 }
1884 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1885 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1886 SSVAL(req->outbuf,smb_vwv11,smb_action);
1887
1888 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1889 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1890 }
1891
1892 END_PROFILE(SMBopenX);
1893 chain_reply(req);
1894 return;
1895 }
1896
1897 /****************************************************************************
1898 Reply to a SMBulogoffX.
1899 ****************************************************************************/
1900
1901 void reply_ulogoffX(struct smb_request *req)
1902 {
1903 user_struct *vuser;
1904
1905 START_PROFILE(SMBulogoffX);
1906
1907 vuser = get_valid_user_struct(req->vuid);
1908
1909 if(vuser == NULL) {
1910 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1911 req->vuid));
1912 }
1913
1914 /* in user level security we are supposed to close any files
1915 open by this user */
1916 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1917 file_close_user(req->vuid);
1918 }
1919
1920 invalidate_vuid(req->vuid);
1921
1922 reply_outbuf(req, 2, 0);
1923
1924 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1925
1926 END_PROFILE(SMBulogoffX);
1927 chain_reply(req);
1928 }
1929
1930 /****************************************************************************
1931 Reply to a mknew or a create.
1932 ****************************************************************************/
1933
1934 void reply_mknew(struct smb_request *req)
1935 {
1936 connection_struct *conn = req->conn;
1937 char *fname = NULL;
1938 uint32 fattr = 0;
1939 struct smb_file_time ft;
1940 files_struct *fsp;
1941 int oplock_request = 0;
1942 SMB_STRUCT_STAT sbuf;
1943 NTSTATUS status;
1944 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1945 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1946 uint32 create_disposition;
1947 uint32 create_options = 0;
1948 TALLOC_CTX *ctx = talloc_tos();
1949
1950 START_PROFILE(SMBcreate);
1951 ZERO_STRUCT(ft);
1952 SET_STAT_INVALID(sbuf);
1953
1954 if (req->wct < 3) {
1955 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1956 END_PROFILE(SMBcreate);
1957 return;
1958 }
1959
1960 fattr = SVAL(req->vwv+0, 0);
1961 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1962
1963 /* mtime. */
1964 ft.mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+1));
1965
1966 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf + 1,
1967 STR_TERMINATE, &status);
1968 if (!NT_STATUS_IS_OK(status)) {
1969 reply_nterror(req, status);
1970 END_PROFILE(SMBcreate);
1971 return;
1972 }
1973
1974 if (fattr & aVOLID) {
1975 DEBUG(0,("Attempt to create file (%s) with volid set - "
1976 "please report this\n", fname));
1977 }
1978
1979 if(req->cmd == SMBmknew) {
1980 /* We should fail if file exists. */
1981 create_disposition = FILE_CREATE;
1982 } else {
1983 /* Create if file doesn't exist, truncate if it does. */
1984 create_disposition = FILE_OVERWRITE_IF;
1985 }
1986
1987 status = SMB_VFS_CREATE_FILE(
1988 conn, /* conn */
1989 req, /* req */
1990 0, /* root_dir_fid */
1991 fname, /* fname */
1992 CFF_DOS_PATH, /* create_file_flags */
1993 access_mask, /* access_mask */
1994 share_mode, /* share_access */
1995 create_disposition, /* create_disposition*/
1996 create_options, /* create_options */
1997 fattr, /* file_attributes */
1998 oplock_request, /* oplock_request */
1999 0, /* allocation_size */
2000 NULL, /* sd */
2001 NULL, /* ea_list */
2002 &fsp, /* result */
2003 NULL, /* pinfo */
2004 &sbuf); /* psbuf */
2005
2006 if (!NT_STATUS_IS_OK(status)) {
2007 END_PROFILE(SMBcreate);
2008 if (open_was_deferred(req->mid)) {
2009 /* We have re-scheduled this call. */
2010 return;
2011 }
2012 reply_openerror(req, status);
2013 return;
2014 }
2015
2016 ft.atime = get_atimespec(&sbuf); /* atime. */
2017 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &sbuf, &ft, true);
2018 if (!NT_STATUS_IS_OK(status)) {
2019 END_PROFILE(SMBcreate);
2020 reply_openerror(req, status);
2021 return;
2022 }
2023
2024 reply_outbuf(req, 1, 0);
2025 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2026
2027 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2028 SCVAL(req->outbuf,smb_flg,
2029 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2030 }
2031
2032 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2033 SCVAL(req->outbuf,smb_flg,
2034 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2035 }
2036
2037 DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
2038 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2039 fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
2040
2041 END_PROFILE(SMBcreate);
2042 return;
2043 }
2044
2045 /****************************************************************************
2046 Reply to a create temporary file.
2047 ****************************************************************************/
2048
2049 void reply_ctemp(struct smb_request *req)
2050 {
2051 connection_struct *conn = req->conn;
2052 char *fname = NULL;
2053 uint32 fattr;
2054 files_struct *fsp;
2055 int oplock_request;
2056 int tmpfd;
2057 SMB_STRUCT_STAT sbuf;
2058 char *s;
2059 NTSTATUS status;
2060 TALLOC_CTX *ctx = talloc_tos();
2061
2062 START_PROFILE(SMBctemp);
2063
2064 if (req->wct < 3) {
2065 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2066 END_PROFILE(SMBctemp);
2067 return;
2068 }
2069
2070 fattr = SVAL(req->vwv+0, 0);
2071 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2072
2073 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1,
2074 STR_TERMINATE, &status);
2075 if (!NT_STATUS_IS_OK(status)) {
2076 reply_nterror(req, status);
2077 END_PROFILE(SMBctemp);
2078 return;
2079 }
2080 if (*fname) {
2081 fname = talloc_asprintf(ctx,
2082 "%s/TMXXXXXX",
2083 fname);
2084 } else {
2085 fname = talloc_strdup(ctx, "TMXXXXXX");
2086 }
2087
2088 if (!fname) {
2089 reply_nterror(req, NT_STATUS_NO_MEMORY);
2090 END_PROFILE(SMBctemp);
2091 return;
2092 }
2093
2094 status = resolve_dfspath(ctx, conn,
2095 req->flags2 & FLAGS2_DFS_PATHNAMES,
2096 fname,
2097 &fname);
2098 if (!NT_STATUS_IS_OK(status)) {
2099 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2100 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2101 ERRSRV, ERRbadpath);
2102 END_PROFILE(SMBctemp);
2103 return;
2104 }
2105 reply_nterror(req, status);
2106 END_PROFILE(SMBctemp);
2107 return;
2108 }
2109
2110 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2111 if (!NT_STATUS_IS_OK(status)) {
2112 reply_nterror(req, status);
2113 END_PROFILE(SMBctemp);
2114 return;
2115 }
2116
2117 status = check_name(conn, fname);
2118 if (!NT_STATUS_IS_OK(status)) {
2119 reply_nterror(req, status);
2120 END_PROFILE(SMBctemp);
2121 return;
2122 }
2123
2124 tmpfd = smb_mkstemp(fname);
2125 if (tmpfd == -1) {
2126 reply_unixerror(req, ERRDOS, ERRnoaccess);
2127 END_PROFILE(SMBctemp);
2128 return;
2129 }
2130
2131 SET_STAT_INVALID(sbuf);
2132 SMB_VFS_STAT(conn,fname,&sbuf);
2133
2134 /* We should fail if file does not exist. */
2135 status = SMB_VFS_CREATE_FILE(
2136 conn, /* conn */
2137 req, /* req */
2138 0, /* root_dir_fid */
2139 fname, /* fname */
2140 0, /* create_file_flags */
2141 FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */
2142 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
2143 FILE_OPEN, /* create_disposition*/
2144 0, /* create_options */
2145 fattr, /* file_attributes */
2146 oplock_request, /* oplock_request */
2147 0, /* allocation_size */
2148 NULL, /* sd */
2149 NULL, /* ea_list */
2150 &fsp, /* result */
2151 NULL, /* pinfo */
2152 &sbuf); /* psbuf */
2153
2154 /* close fd from smb_mkstemp() */
2155 close(tmpfd);
2156
2157 if (!NT_STATUS_IS_OK(status)) {
2158 if (open_was_deferred(req->mid)) {
2159 /* We have re-scheduled this call. */
2160 END_PROFILE(SMBctemp);
2161 return;
2162 }
2163 reply_openerror(req, status);
2164 END_PROFILE(SMBctemp);
2165 return;
2166 }
2167
2168 reply_outbuf(req, 1, 0);
2169 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2170
2171 /* the returned filename is relative to the directory */
2172 s = strrchr_m(fsp->fsp_name, '/');
2173 if (!s) {
2174 s = fsp->fsp_name;
2175 } else {
2176 s++;
2177 }
2178
2179 #if 0
2180 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2181 thing in the byte section. JRA */
2182 SSVALS(p, 0, -1); /* what is this? not in spec */
2183 #endif
2184 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2185 == -1) {
2186 reply_nterror(req, NT_STATUS_NO_MEMORY);
2187 END_PROFILE(SMBctemp);
2188 return;
2189 }
2190
2191 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2192 SCVAL(req->outbuf, smb_flg,
2193 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2194 }
2195
2196 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2197 SCVAL(req->outbuf, smb_flg,
2198 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2199 }
2200
2201 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
2202 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
2203 fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
2204
2205 END_PROFILE(SMBctemp);
2206 return;
2207 }
2208
2209 /*******************************************************************
2210 Check if a user is allowed to rename a file.
2211 ********************************************************************/
2212
2213 static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2214 uint16 dirtype, SMB_STRUCT_STAT *pst)
2215 {
2216 uint32 fmode;
2217
2218 if (!CAN_WRITE(conn)) {
2219 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2220 }
2221
2222 fmode = dos_mode(conn, fsp->fsp_name, pst);
2223 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2224 return NT_STATUS_NO_SUCH_FILE;
2225 }
2226
2227 if (S_ISDIR(pst->st_mode)) {
2228 if (fsp->posix_open) {
2229 return NT_STATUS_OK;
2230 }
2231
2232 /* If no pathnames are open below this
2233 directory, allow the rename. */
2234
2235 if (file_find_subpath(fsp)) {
2236 return NT_STATUS_ACCESS_DENIED;
2237 }
2238 return NT_STATUS_OK;
2239 }
2240
2241 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2242 return NT_STATUS_OK;
2243 }
2244
2245 return NT_STATUS_ACCESS_DENIED;
2246 }
2247
2248 /*******************************************************************
2249 * unlink a file with all relevant access checks
2250 *******************************************************************/
2251
2252 static NTSTATUS do_unlink(connection_struct *conn,
2253 struct smb_request *req,
2254 const char *fname,
2255 uint32 dirtype)
2256 {
2257 SMB_STRUCT_STAT sbuf;
2258 uint32 fattr;
2259 files_struct *fsp;
2260 uint32 dirtype_orig = dirtype;
2261 NTSTATUS status;
2262
2263 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2264
2265 if (!CAN_WRITE(conn)) {
2266 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2267 }
2268
2269 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2270 return map_nt_error_from_unix(errno);
2271 }
2272
2273 fattr = dos_mode(conn,fname,&sbuf);
2274
2275 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2276 dirtype = aDIR|aARCH|aRONLY;
2277 }
2278
2279 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2280 if (!dirtype) {
2281 return NT_STATUS_NO_SUCH_FILE;
2282 }
2283
2284 if (!dir_check_ftype(conn, fattr, dirtype)) {
2285 if (fattr & aDIR) {
2286 return NT_STATUS_FILE_IS_A_DIRECTORY;
2287 }
2288 return NT_STATUS_NO_SUCH_FILE;
2289 }
2290
2291 if (dirtype_orig & 0x8000) {
2292 /* These will never be set for POSIX. */
2293 return NT_STATUS_NO_SUCH_FILE;
2294 }
2295
2296 #if 0
2297 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2298 return NT_STATUS_FILE_IS_A_DIRECTORY;
2299 }
2300
2301 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2302 return NT_STATUS_NO_SUCH_FILE;
2303 }
2304
2305 if (dirtype & 0xFF00) {
2306 /* These will never be set for POSIX. */
2307 return NT_STATUS_NO_SUCH_FILE;
2308 }
2309
2310 dirtype &= 0xFF;
2311 if (!dirtype) {
2312 return NT_STATUS_NO_SUCH_FILE;
2313 }
2314
2315 /* Can't delete a directory. */
2316 if (fattr & aDIR) {
2317 return NT_STATUS_FILE_IS_A_DIRECTORY;
2318 }
2319 #endif
2320
2321 #if 0 /* JRATEST */
2322 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2323 return NT_STATUS_OBJECT_NAME_INVALID;
2324 #endif /* JRATEST */
2325
2326 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2327
2328 On a Windows share, a file with read-only dosmode can be opened with
2329 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2330 fails with NT_STATUS_CANNOT_DELETE error.
2331
2332 This semantic causes a problem that a user can not
2333 rename a file with read-only dosmode on a Samba share
2334 from a Windows command prompt (i.e. cmd.exe, but can rename
2335 from Windows Explorer).
2336 */
2337
2338 if (!lp_delete_readonly(SNUM(conn))) {
2339 if (fattr & aRONLY) {
2340 return NT_STATUS_CANNOT_DELETE;
2341 }
2342 }
2343
2344 /* On open checks the open itself will check the share mode, so
2345 don't do it here as we'll get it wrong. */
2346
2347 status = SMB_VFS_CREATE_FILE
2348 (conn, /* conn */
2349 req, /* req */
2350 0, /* root_dir_fid */
2351 fname, /* fname */
2352 0, /* create_file_flags */
2353 DELETE_ACCESS, /* access_mask */
2354 FILE_SHARE_NONE, /* share_access */
2355 FILE_OPEN, /* create_disposition*/
2356 FILE_NON_DIRECTORY_FILE, /* create_options */
2357 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2358 0, /* oplock_request */
2359 0, /* allocation_size */
2360 NULL, /* sd */
2361 NULL, /* ea_list */
2362 &fsp, /* result */
2363 NULL, /* pinfo */
2364 &sbuf); /* psbuf */
2365
2366 if (!NT_STATUS_IS_OK(status)) {
2367 DEBUG(10, ("SMB_VFS_CREATEFILE failed: %s\n",
2368 nt_errstr(status)));
2369 return status;
2370 }
2371
2372 /* The set is across all open files on this dev/inode pair. */
2373 if (!set_delete_on_close(fsp, True, &conn->server_info->utok)) {
2374 close_file(req, fsp, NORMAL_CLOSE);
2375 return NT_STATUS_ACCESS_DENIED;
2376 }
2377
2378 return close_file(req, fsp, NORMAL_CLOSE);
2379 }
2380
2381 /****************************************************************************
2382 The guts of the unlink command, split out so it may be called by the NT SMB
2383 code.
2384 ****************************************************************************/
2385
2386 NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2387 uint32 dirtype, const char *name_in, bool has_wild)
2388 {
2389 const char *directory = NULL;
2390 char *mask = NULL;
2391 char *name = NULL;
2392 char *p = NULL;
2393 int count=0;
2394 NTSTATUS status = NT_STATUS_OK;
2395 SMB_STRUCT_STAT sbuf, st;
2396 TALLOC_CTX *ctx = talloc_tos();
2397
2398 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2399 if (!NT_STATUS_IS_OK(status)) {
2400 return status;
2401 }
2402
2403 p = strrchr_m(name,'/');
2404 if (!p) {
2405 directory = talloc_strdup(ctx, ".");
2406 if (!directory) {
2407 return NT_STATUS_NO_MEMORY;
2408 }
2409 mask = name;
2410 } else {
2411 *p = 0;
2412 directory = name;
2413 mask = p+1;
2414 }
2415
2416 /*
2417 * We should only check the mangled cache
2418 * here if unix_convert failed. This means
2419 * that the path in 'mask' doesn't exist
2420 * on the file system and so we need to look
2421 * for a possible mangle. This patch from
2422 * Tine Smukavec <valentin.smukavec@hermes.si>.
2423 */
2424
2425 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2426 char *new_mask = NULL;
2427 mangle_lookup_name_from_8_3(ctx,
2428 mask,
2429 &new_mask,
2430 conn->params );
2431 if (new_mask) {
2432 mask = new_mask;
2433 }
2434 }
2435
2436 if (!has_wild) {
2437 directory = talloc_asprintf(ctx,
2438 "%s/%s",
2439 directory,
2440 mask);
2441 if (!directory) {
2442 return NT_STATUS_NO_MEMORY;
2443 }
2444 if (dirtype == 0) {
2445 dirtype = FILE_ATTRIBUTE_NORMAL;
2446 }
2447
2448 status = check_name(conn, directory);
2449 if (!NT_STATUS_IS_OK(status)) {
2450 return status;
2451 }
2452
2453 status = do_unlink(conn, req, directory, dirtype);
2454 if (!NT_STATUS_IS_OK(status)) {
2455 return status;
2456 }
2457
2458 count++;
2459 } else {
2460 struct smb_Dir *dir_hnd = NULL;
2461 long offset = 0;
2462 const char *dname;
2463
2464 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2465 return NT_STATUS_OBJECT_NAME_INVALID;
2466 }
2467
2468 if (strequal(mask,"????????.???")) {
2469 mask[0] = '*';
2470 mask[1] = '\0';
2471 }
2472
2473 status = check_name(conn, directory);
2474 if (!NT_STATUS_IS_OK(status)) {
2475 return status;
2476 }
2477
2478 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2479 dirtype);
2480 if (dir_hnd == NULL) {
2481 return map_nt_error_from_unix(errno);
2482 }
2483
2484 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2485 the pattern matches against the long name, otherwise the short name
2486 We don't implement this yet XXXX
2487 */
2488
2489 status = NT_STATUS_NO_SUCH_FILE;
2490
2491 while ((dname = ReadDirName(dir_hnd, &offset, &st))) {
2492 char *fname = NULL;
2493
2494 if (!is_visible_file(conn, directory, dname, &st,
2495 true))
2496 {
2497 continue;
2498 }
2499
2500 /* Quick check for "." and ".." */
2501 if (ISDOT(dname) || ISDOTDOT(dname)) {
2502 continue;
2503 }
2504
2505 if(!mask_match(dname, mask, conn->case_sensitive)) {
2506 continue;
2507 }
2508
2509 fname = talloc_asprintf(ctx, "%s/%s",
2510 directory,
2511 dname);
2512 if (!fname) {
2513 return NT_STATUS_NO_MEMORY;
2514 }
2515
2516 status = check_name(conn, fname);
2517 if (!NT_STATUS_IS_OK(status)) {
2518 TALLOC_FREE(dir_hnd);
2519 return status;
2520 }
2521
2522 status = do_unlink(conn, req, fname, dirtype);
2523 if (!NT_STATUS_IS_OK(status)) {
2524 TALLOC_FREE(fname);
2525 continue;
2526 }
2527
2528 count++;
2529 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2530 fname));
2531
2532 TALLOC_FREE(fname);
2533 }
2534 TALLOC_FREE(dir_hnd);
2535 }
2536
2537 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2538 status = map_nt_error_from_unix(errno);
2539 }
2540
2541 return status;
2542 }
2543
2544 /****************************************************************************
2545 Reply to a unlink
2546 ****************************************************************************/
2547
2548 void reply_unlink(struct smb_request *req)
2549 {
2550 connection_struct *conn = req->conn;
2551 char *name = NULL;
2552 uint32 dirtype;
2553 NTSTATUS status;
2554 bool path_contains_wcard = False;
2555 TALLOC_CTX *ctx = talloc_tos();
2556
2557 START_PROFILE(SMBunlink);
2558
2559 if (req->wct < 1) {
2560 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2561 END_PROFILE(SMBunlink);
2562 return;
2563 }
2564
2565 dirtype = SVAL(req->vwv+0, 0);
2566
2567 srvstr_get_path_req_wcard(ctx, req, &name, (const char *)req->buf + 1,
2568 STR_TERMINATE, &status,
2569 &path_contains_wcard);
2570 if (!NT_STATUS_IS_OK(status)) {
2571 reply_nterror(req, status);
2572 END_PROFILE(SMBunlink);
2573 return;
2574 }
2575
2576 status = resolve_dfspath_wcard(ctx, conn,
2577 req->flags2 & FLAGS2_DFS_PATHNAMES,
2578 name,
2579 &name,
2580 &path_contains_wcard);
2581 if (!NT_STATUS_IS_OK(status)) {
2582 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2583 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2584 ERRSRV, ERRbadpath);
2585 END_PROFILE(SMBunlink);
2586 return;
2587 }
2588 reply_nterror(req, status);
2589 END_PROFILE(SMBunlink);
2590 return;
2591 }
2592
2593 DEBUG(3,("reply_unlink : %s\n",name));
2594
2595 status = unlink_internals(conn, req, dirtype, name,
2596 path_contains_wcard);
2597 if (!NT_STATUS_IS_OK(status)) {
2598 if (open_was_deferred(req->mid)) {
2599 /* We have re-scheduled this call. */
2600 END_PROFILE(SMBunlink);
2601 return;
2602 }
2603 reply_nterror(req, status);
2604 END_PROFILE(SMBunlink);
2605 return;
2606 }
2607
2608 reply_outbuf(req, 0, 0);
2609 END_PROFILE(SMBunlink);
2610
2611 return;
2612 }
2613
2614 /****************************************************************************
2615 Fail for readbraw.
2616 ****************************************************************************/
2617
2618 static void fail_readraw(void)
2619 {
2620 const char *errstr = talloc_asprintf(talloc_tos(),
2621 "FAIL ! reply_readbraw: socket write fail (%s)",
2622 strerror(errno));
2623 if (!errstr) {
2624 errstr = "";
2625 }
2626 exit_server_cleanly(errstr);
2627 }
2628
2629 /****************************************************************************
2630 Fake (read/write) sendfile. Returns -1 on read or write fail.
2631 ****************************************************************************/
2632
2633 static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2634 size_t nread)
2635 {
2636 size_t bufsize;
2637 size_t tosend = nread;
2638 char *buf;
2639
2640 if (nread == 0) {
2641 return 0;
2642 }
2643
2644 bufsize = MIN(nread, 65536);
2645
2646 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2647 return -1;
2648 }
2649
2650 while (tosend > 0) {
2651 ssize_t ret;
2652 size_t cur_read;
2653
2654 if (tosend > bufsize) {
2655 cur_read = bufsize;
2656 } else {
2657 cur_read = tosend;
2658 }
2659 ret = read_file(fsp,buf,startpos,cur_read);
2660 if (ret == -1) {
2661 SAFE_FREE(buf);
2662 return -1;
2663 }
2664
2665 /* If we had a short read, fill with zeros. */
2666 if (ret < cur_read) {
2667 memset(buf, '\0', cur_read - ret);
2668 }
2669
2670 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2671 SAFE_FREE(buf);
2672 return -1;
2673 }
2674 tosend -= cur_read;
2675 startpos += cur_read;
2676 }
2677
2678 SAFE_FREE(buf);
2679 return (ssize_t)nread;
2680 }
2681
2682 #if defined(WITH_SENDFILE)
2683 /****************************************************************************
2684 Deal with the case of sendfile reading less bytes from the file than
2685 requested. Fill with zeros (all we can do).
2686 ****************************************************************************/
2687
2688 static void sendfile_short_send(files_struct *fsp,
2689 ssize_t nread,
2690 size_t headersize,
2691 size_t smb_maxcnt)
2692 {
2693 if (nread < headersize) {
2694 DEBUG(0,("sendfile_short_send: sendfile failed to send "
2695 "header for file %s (%s). Terminating\n",
2696 fsp->fsp_name, strerror(errno) ));
2697 exit_server_cleanly("sendfile_short_send failed");
2698 }
2699
2700 nread -= headersize;
2701
2702 if (nread < smb_maxcnt) {
2703 char *buf = SMB_CALLOC_ARRAY(char, 1024);
2704 if (!buf) {
2705 exit_server_cleanly("sendfile_short_send: "
2706 "malloc failed");
2707 }
2708
2709 DEBUG(0,("sendfile_short_send: filling truncated file %s "
2710 "with zeros !\n", fsp->fsp_name));
2711
2712 while (nread < smb_maxcnt) {
2713 /*
2714 * We asked for the real file size and told sendfile
2715 * to not go beyond the end of the file. But it can
2716 * happen that in between our fstat call and the
2717 * sendfile call the file was truncated. This is very
2718 * bad because we have already announced the larger
2719 * number of bytes to the client.
2720 *
2721 * The best we can do now is to send 0-bytes, just as
2722 * a read from a hole in a sparse file would do.
2723 *
2724 * This should happen rarely enough that I don't care
2725 * about efficiency here :-)
2726 */
2727 size_t to_write;
2728
2729 to_write = MIN(sizeof(buf), smb_maxcnt - nread);
2730 if (write_data(smbd_server_fd(), buf, to_write) != to_write) {
2731 exit_server_cleanly("sendfile_short_send: "
2732 "write_data failed");
2733 }
2734 nread += to_write;
2735 }
2736 SAFE_FREE(buf);
2737 }
2738 }
2739 #endif /* defined WITH_SENDFILE */
2740
2741 /****************************************************************************
2742 Return a readbraw error (4 bytes of zero).
2743 ****************************************************************************/
2744
2745 static void reply_readbraw_error(void)
2746 {
2747 char header[4];
2748 SIVAL(header,0,0);
2749 if (write_data(smbd_server_fd(),header,4) != 4) {
2750 fail_readraw();
2751 }
2752 }
2753
2754 /****************************************************************************
2755 Use sendfile in readbraw.
2756 ****************************************************************************/
2757
2758 static void send_file_readbraw(connection_struct *conn,
2759 struct smb_request *req,
2760 files_struct *fsp,
2761 SMB_OFF_T startpos,
2762 size_t nread,
2763 ssize_t mincount)
2764 {
2765 char *outbuf = NULL;
2766 ssize_t ret=0;
2767
2768 #if defined(WITH_SENDFILE)
2769 /*
2770 * We can only use sendfile on a non-chained packet
2771 * but we can use on a non-oplocked file. tridge proved this
2772 * on a train in Germany :-). JRA.
2773 * reply_readbraw has already checked the length.
2774 */
2775
2776 if ( !req_is_in_chain(req) && (nread > 0) && (fsp->base_fsp == NULL) &&
2777 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2778 ssize_t sendfile_read = -1;
2779 char header[4];
2780 DATA_BLOB header_blob;
2781
2782 _smb_setlen(header,nread);
2783 header_blob = data_blob_const(header, 4);
2784
2785 if ((sendfile_read = SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2786 &header_blob, startpos, nread)) == -1) {
2787 /* Returning ENOSYS means no data at all was sent.
2788 * Do this as a normal read. */
2789 if (errno == ENOSYS) {
2790 goto normal_readbraw;
2791 }
2792
2793 /*
2794 * Special hack for broken Linux with no working sendfile. If we
2795 * return EINTR we sent the header but not the rest of the data.
2796 * Fake this up by doing read/write calls.
2797 */
2798 if (errno == EINTR) {
2799 /* Ensure we don't do this again. */
2800 set_use_sendfile(SNUM(conn), False);
2801 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2802
2803 if (fake_sendfile(fsp, startpos, nread) == -1) {
2804 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2805 fsp->fsp_name, strerror(errno) ));
2806 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2807 }
2808 return;
2809 }
2810
2811 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2812 fsp->fsp_name, strerror(errno) ));
2813 exit_server_cleanly("send_file_readbraw sendfile failed");
2814 } else if (sendfile_read == 0) {
2815 /*
2816 * Some sendfile implementations return 0 to indicate
2817 * that there was a short read, but nothing was
2818 * actually written to the socket. In this case,
2819 * fallback to the normal read path so the header gets
2820 * the correct byte count.
2821 */
2822 DEBUG(3, ("send_file_readbraw: sendfile sent zero "
2823 "bytes falling back to the normal read: "
2824 "%s\n", fsp->fsp_name));
2825 goto normal_readbraw;
2826 }
2827
2828 /* Deal with possible short send. */
2829 if (sendfile_read != 4+nread) {
2830 sendfile_short_send(fsp, sendfile_read, 4, nread);
2831 }
2832 return;
2833 }
2834
2835 normal_readbraw:
2836 #endif
2837
2838 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2839 if (!outbuf) {
2840 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2841 (unsigned)(nread+4)));
2842 reply_readbraw_error();
2843 return;
2844 }
2845
2846 if (nread > 0) {
2847 ret = read_file(fsp,outbuf+4,startpos,nread);
2848 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2849 if (ret < mincount)
2850 ret = 0;
2851 #else
2852 if (ret < nread)
2853 ret = 0;
2854 #endif
2855 }
2856
2857 _smb_setlen(outbuf,ret);
2858 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2859 fail_readraw();
2860
2861 TALLOC_FREE(outbuf);
2862 }
2863
2864 /****************************************************************************
2865 Reply to a readbraw (core+ protocol).
2866 ****************************************************************************/
2867
2868 void reply_readbraw(struct smb_request *req)
2869 {
2870 connection_struct *conn = req->conn;
2871 ssize_t maxcount,mincount;
2872 size_t nread = 0;
2873 SMB_OFF_T startpos;
2874 files_struct *fsp;
2875 struct lock_struct lock;
2876 SMB_STRUCT_STAT st;
2877 SMB_OFF_T size = 0;
2878
2879 START_PROFILE(SMBreadbraw);
2880
2881 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2882 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2883 "raw reads/writes are disallowed.");
2884 }
2885
2886 if (req->wct < 8) {
2887 reply_readbraw_error();
2888 END_PROFILE(SMBreadbraw);
2889 return;
2890 }
2891
2892 /*
2893 * Special check if an oplock break has been issued
2894 * and the readraw request croses on the wire, we must
2895 * return a zero length response here.
2896 */
2897
2898 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
2899
2900 /*
2901 * We have to do a check_fsp by hand here, as
2902 * we must always return 4 zero bytes on error,
2903 * not a NTSTATUS.
2904 */
2905
2906 if (!fsp || !conn || conn != fsp->conn ||
2907 req->vuid != fsp->vuid ||
2908 fsp->is_directory || fsp->fh->fd == -1) {
2909 /*
2910 * fsp could be NULL here so use the value from the packet. JRA.
2911 */
2912 DEBUG(3,("reply_readbraw: fnum %d not valid "
2913 "- cache prime?\n",
2914 (int)SVAL(req->vwv+0, 0)));
2915 reply_readbraw_error();
2916 END_PROFILE(SMBreadbraw);
2917 return;
2918 }
2919
2920 /* Do a "by hand" version of CHECK_READ. */
2921 if (!(fsp->can_read ||
2922 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2923 (fsp->access_mask & FILE_EXECUTE)))) {
2924 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2925 (int)SVAL(req->vwv+0, 0)));
2926 reply_readbraw_error();
2927 END_PROFILE(SMBreadbraw);
2928 return;
2929 }
2930
2931 flush_write_cache(fsp, READRAW_FLUSH);
2932
2933 startpos = IVAL_TO_SMB_OFF_T(req->vwv+1, 0);
2934 if(req->wct == 10) {
2935 /*
2936 * This is a large offset (64 bit) read.
2937 */
2938 #ifdef LARGE_SMB_OFF_T
2939
2940 startpos |= (((SMB_OFF_T)IVAL(req->vwv+8, 0)) << 32);
2941
2942 #else /* !LARGE_SMB_OFF_T */
2943
2944 /*
2945 * Ensure we haven't been sent a >32 bit offset.
2946 */
2947
2948 if(IVAL(req->vwv+8, 0) != 0) {
2949 DEBUG(0,("reply_readbraw: large offset "
2950 "(%x << 32) used and we don't support "
2951 "64 bit offsets.\n",
2952 (unsigned int)IVAL(req->vwv+8, 0) ));
2953 reply_readbraw_error();
2954 END_PROFILE(SMBreadbraw);
2955 return;
2956 }
2957
2958 #endif /* LARGE_SMB_OFF_T */
2959
2960 if(startpos < 0) {
2961 DEBUG(0,("reply_readbraw: negative 64 bit "
2962 "readraw offset (%.0f) !\n",
2963 (double)startpos ));
2964 reply_readbraw_error();
2965 END_PROFILE(SMBreadbraw);
2966 return;
2967 }
2968 }
2969
2970 maxcount = (SVAL(req->vwv+3, 0) & 0xFFFF);
2971 mincount = (SVAL(req->vwv+4, 0) & 0xFFFF);
2972
2973 /* ensure we don't overrun the packet size */
2974 maxcount = MIN(65535,maxcount);
2975
2976 init_strict_lock_struct(fsp, (uint32)req->smbpid,
2977 (uint64_t)startpos, (uint64_t)maxcount, READ_LOCK,
2978 &lock);
2979
2980 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
2981 reply_readbraw_error();
2982 END_PROFILE(SMBreadbraw);
2983 return;
2984 }
2985
2986 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2987 size = st.st_size;
2988 }
2989
2990 if (startpos >= size) {
2991 nread = 0;
2992 } else {
2993 nread = MIN(maxcount,(size - startpos));
2994 }
2995
2996 #if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2997 if (nread < mincount)
2998 nread = 0;
2999 #endif
3000
3001 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
3002 "min=%lu nread=%lu\n",
3003 fsp->fnum, (double)startpos,
3004 (unsigned long)maxcount,
3005 (unsigned long)mincount,
3006 (unsigned long)nread ) );
3007
3008 send_file_readbraw(conn, req, fsp, startpos, nread, mincount);
3009
3010 DEBUG(5,("reply_readbraw finished\n"));
3011
3012 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3013
3014 END_PROFILE(SMBreadbraw);
3015 return;
3016 }
3017
3018 #undef DBGC_CLASS
3019 #define DBGC_CLASS DBGC_LOCKING
3020
3021 /****************************************************************************
3022 Reply to a lockread (core+ protocol).
3023 ****************************************************************************/
3024
3025 void reply_lockread(struct smb_request *req)
3026 {
3027 connection_struct *conn = req->conn;
3028 ssize_t nread = -1;
3029 char *data;
3030 SMB_OFF_T startpos;
3031 size_t numtoread;
3032 NTSTATUS status;
3033 files_struct *fsp;
3034 struct byte_range_lock *br_lck = NULL;
3035 char *p = NULL;
3036
3037 START_PROFILE(SMBlockread);
3038
3039 if (req->wct < 5) {
3040 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3041 END_PROFILE(SMBlockread);
3042 return;
3043 }
3044
3045 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3046
3047 if (!check_fsp(conn, req, fsp)) {
3048 END_PROFILE(SMBlockread);
3049 return;
3050 }
3051
3052 if (!CHECK_READ(fsp,req)) {
3053 reply_doserror(req, ERRDOS, ERRbadaccess);
3054 END_PROFILE(SMBlockread);
3055 return;
3056 }
3057
3058 numtoread = SVAL(req->vwv+1, 0);
3059 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3060
3061 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
3062
3063 reply_outbuf(req, 5, numtoread + 3);
3064
3065 data = smb_buf(req->outbuf) + 3;
3066
3067 /*
3068 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
3069 * protocol request that predates the read/write lock concept.
3070 * Thus instead of asking for a read lock here we need to ask
3071 * for a write lock. JRA.
3072 * Note that the requested lock size is unaffected by max_recv.
3073 */
3074
3075 br_lck = do_lock(smbd_messaging_context(),
3076 fsp,
3077 req->smbpid,
3078 (uint64_t)numtoread,
3079 (uint64_t)startpos,
3080 WRITE_LOCK,
3081 WINDOWS_LOCK,
3082 False, /* Non-blocking lock. */
3083 &status,
3084 NULL,
3085 NULL);
3086 TALLOC_FREE(br_lck);
3087
3088 if (NT_STATUS_V(status)) {
3089 reply_nterror(req, status);
3090 END_PROFILE(SMBlockread);
3091 return;
3092 }
3093
3094 /*
3095 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
3096 */
3097
3098 if (numtoread > max_recv) {
3099 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
3100 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3101 (unsigned int)numtoread, (unsigned int)max_recv ));
3102 numtoread = MIN(numtoread,max_recv);
3103 }
3104 nread = read_file(fsp,data,startpos,numtoread);
3105
3106 if (nread < 0) {
3107 reply_unixerror(req, ERRDOS, ERRnoaccess);
3108 END_PROFILE(SMBlockread);
3109 return;
3110 }
3111
3112 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3113
3114 SSVAL(req->outbuf,smb_vwv0,nread);
3115 SSVAL(req->outbuf,smb_vwv5,nread+3);
3116 p = smb_buf(req->outbuf);
3117 SCVAL(p,0,0); /* pad byte. */
3118 SSVAL(p,1,nread);
3119
3120 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3121 fsp->fnum, (int)numtoread, (int)nread));
3122
3123 END_PROFILE(SMBlockread);
3124 return;
3125 }
3126
3127 #undef DBGC_CLASS
3128 #define DBGC_CLASS DBGC_ALL
3129
3130 /****************************************************************************
3131 Reply to a read.
3132 ****************************************************************************/
3133
3134 void reply_read(struct smb_request *req)
3135 {
3136 connection_struct *conn = req->conn;
3137 size_t numtoread;
3138 ssize_t nread = 0;
3139 char *data;
3140 SMB_OFF_T startpos;
3141 int outsize = 0;
3142 files_struct *fsp;
3143 struct lock_struct lock;
3144
3145 START_PROFILE(SMBread);
3146
3147 if (req->wct < 3) {
3148 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3149 END_PROFILE(SMBread);
3150 return;
3151 }
3152
3153 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3154
3155 if (!check_fsp(conn, req, fsp)) {
3156 END_PROFILE(SMBread);
3157 return;
3158 }
3159
3160 if (!CHECK_READ(fsp,req)) {
3161 reply_doserror(req, ERRDOS, ERRbadaccess);
3162 END_PROFILE(SMBread);
3163 return;
3164 }
3165
3166 numtoread = SVAL(req->vwv+1, 0);
3167 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3168
3169 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3170
3171 /*
3172 * The requested read size cannot be greater than max_recv. JRA.
3173 */
3174 if (numtoread > max_recv) {
3175 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3176 Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3177 (unsigned int)numtoread, (unsigned int)max_recv ));
3178 numtoread = MIN(numtoread,max_recv);
3179 }
3180
3181 reply_outbuf(req, 5, numtoread+3);
3182
3183 data = smb_buf(req->outbuf) + 3;
3184
3185 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3186 (uint64_t)startpos, (uint64_t)numtoread, READ_LOCK,
3187 &lock);
3188
3189 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3190 reply_doserror(req, ERRDOS,ERRlock);
3191 END_PROFILE(SMBread);
3192 return;
3193 }
3194
3195 if (numtoread > 0)
3196 nread = read_file(fsp,data,startpos,numtoread);
3197
3198 if (nread < 0) {
3199 reply_unixerror(req, ERRDOS,ERRnoaccess);
3200 goto strict_unlock;
3201 }
3202
3203 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3204
3205 SSVAL(req->outbuf,smb_vwv0,nread);
3206 SSVAL(req->outbuf,smb_vwv5,nread+3);
3207 SCVAL(smb_buf(req->outbuf),0,1);
3208 SSVAL(smb_buf(req->outbuf),1,nread);
3209
3210 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3211 fsp->fnum, (int)numtoread, (int)nread ) );
3212
3213 strict_unlock:
3214 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3215
3216 END_PROFILE(SMBread);
3217 return;
3218 }
3219
3220 /****************************************************************************
3221 Setup readX header.
3222 ****************************************************************************/
3223
3224 static int setup_readX_header(struct smb_request *req, char *outbuf,
3225 size_t smb_maxcnt)
3226 {
3227 int outsize;
3228 char *data;
3229
3230 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3231 data = smb_buf(outbuf);
3232
3233 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3234
3235 SCVAL(outbuf,smb_vwv0,0xFF);
3236 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3237 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3238 SSVAL(outbuf,smb_vwv6,
3239 req_wct_ofs(req)
3240 + 1 /* the wct field */
3241 + 12 * sizeof(uint16_t) /* vwv */
3242 + 2); /* the buflen field */
3243 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3244 SSVAL(outbuf,smb_vwv11,smb_maxcnt);
3245 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3246 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3247 return outsize;
3248 }
3249
3250 /****************************************************************************
3251 Reply to a read and X - possibly using sendfile.
3252 ****************************************************************************/
3253
3254 static void send_file_readX(connection_struct *conn, struct smb_request *req,
3255 files_struct *fsp, SMB_OFF_T startpos,
3256 size_t smb_maxcnt)
3257 {
3258 SMB_STRUCT_STAT sbuf;
3259 ssize_t nread = -1;
3260
3261 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3262 reply_unixerror(req, ERRDOS, ERRnoaccess);
3263 return;
3264 }
3265
3266 if (!S_ISREG(sbuf.st_mode) || (startpos > sbuf.st_size)
3267 || (smb_maxcnt > (sbuf.st_size - startpos))) {
3268 /*
3269 * We already know that we would do a short read, so don't
3270 * try the sendfile() path.
3271 */
3272 goto nosendfile_read;
3273 }
3274
3275 #if defined(WITH_SENDFILE)
3276 /*
3277 * We can only use sendfile on a non-chained packet
3278 * but we can use on a non-oplocked file. tridge proved this
3279 * on a train in Germany :-). JRA.
3280 */
3281
3282 if (!req_is_in_chain(req) &&
3283 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3284 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3285 uint8 headerbuf[smb_size + 12 * 2];
3286 DATA_BLOB header;
3287
3288 /*
3289 * Set up the packet header before send. We
3290 * assume here the sendfile will work (get the
3291 * correct amount of data).
3292 */
3293
3294 header = data_blob_const(headerbuf, sizeof(headerbuf));
3295
3296 construct_reply_common_req(req, (char *)headerbuf);
3297 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3298
3299 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3300 /* Returning ENOSYS means no data at all was sent.
3301 Do this as a normal read. */
3302 if (errno == ENOSYS) {
3303 goto normal_read;
3304 }
3305
3306 /*
3307 * Special hack for broken Linux with no working sendfile. If we
3308 * return EINTR we sent the header but not the rest of the data.
3309 * Fake this up by doing read/write calls.
3310 */
3311
3312 if (errno == EINTR) {
3313 /* Ensure we don't do this again. */
3314 set_use_sendfile(SNUM(conn), False);
3315 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3316 nread = fake_sendfile(fsp, startpos,
3317 smb_maxcnt);
3318 if (nread == -1) {
3319 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3320 fsp->fsp_name, strerror(errno) ));
3321 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3322 }
3323 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3324 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3325 /* No outbuf here means successful sendfile. */
3326 TALLOC_FREE(req->outbuf);
3327 return;
3328 }
3329
3330 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3331 fsp->fsp_name, strerror(errno) ));
3332 exit_server_cleanly("send_file_readX sendfile failed");
3333 } else if (nread == 0) {
3334 /*
3335 * Some sendfile implementations return 0 to indicate
3336 * that there was a short read, but nothing was
3337 * actually written to the socket. In this case,
3338 * fallback to the normal read path so the header gets
3339 * the correct byte count.
3340 */
3341 DEBUG(3, ("send_file_readX: sendfile sent zero bytes "
3342 "falling back to the normal read: %s\n",
3343 fsp->fsp_name));
3344 goto normal_read;
3345 }
3346
3347 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3348 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3349
3350 /* Deal with possible short send. */
3351 if (nread != smb_maxcnt + sizeof(headerbuf)) {
3352 sendfile_short_send(fsp, nread, sizeof(headerbuf), smb_maxcnt);
3353 }
3354
3355 /* No outbuf here means successful sendfile. */
3356 TALLOC_FREE(req->outbuf);
3357 SMB_PERFCOUNT_SET_MSGLEN_OUT(&req->pcd, nread);
3358 SMB_PERFCOUNT_END(&req->pcd);
3359 return;
3360 }
3361
3362 normal_read:
3363
3364 #endif
3365
3366 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3367 uint8 headerbuf[smb_size + 2*12];
3368
3369 construct_reply_common_req(req, (char *)headerbuf);
3370 setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
3371
3372 /* Send out the header. */
3373 if (write_data(smbd_server_fd(), (char *)headerbuf,
3374 sizeof(headerbuf)) != sizeof(headerbuf)) {
3375 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3376 fsp->fsp_name, strerror(errno) ));
3377 exit_server_cleanly("send_file_readX sendfile failed");
3378 }
3379 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3380 if (nread == -1) {
3381 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3382 fsp->fsp_name, strerror(errno) ));
3383 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3384 }
3385 TALLOC_FREE(req->outbuf);
3386 return;
3387 }
3388
3389 nosendfile_read:
3390
3391 reply_outbuf(req, 12, smb_maxcnt);
3392
3393 nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
3394 if (nread < 0) {
3395 reply_unixerror(req, ERRDOS, ERRnoaccess);
3396 return;
3397 }
3398
3399 setup_readX_header(req, (char *)req->outbuf, nread);
3400
3401 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3402 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3403
3404 chain_reply(req);
3405 }
3406
3407 /****************************************************************************
3408 Reply to a read and X.
3409 ****************************************************************************/
3410
3411 void reply_read_and_X(struct smb_request *req)
3412 {
3413 connection_struct *conn = req->conn;
3414 files_struct *fsp;
3415 SMB_OFF_T startpos;
3416 size_t smb_maxcnt;
3417 struct lock_struct lock;
3418 bool big_readX = False;
3419 #if 0
3420 size_t smb_mincnt = SVAL(req->vwv+6, 0);
3421 #endif
3422
3423 START_PROFILE(SMBreadX);
3424
3425 if ((req->wct != 10) && (req->wct != 12)) {
3426 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3427 return;
3428 }
3429
3430 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
3431 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3432 smb_maxcnt = SVAL(req->vwv+5, 0);
3433
3434 /* If it's an IPC, pass off the pipe handler. */
3435 if (IS_IPC(conn)) {
3436 reply_pipe_read_and_X(req);
3437 END_PROFILE(SMBreadX);
3438 return;
3439 }
3440
3441 if (!check_fsp(conn, req, fsp)) {
3442 END_PROFILE(SMBreadX);
3443 return;
3444 }
3445
3446 if (!CHECK_READ(fsp,req)) {
3447 reply_doserror(req, ERRDOS,ERRbadaccess);
3448 END_PROFILE(SMBreadX);
3449 return;
3450 }
3451
3452 if (global_client_caps & CAP_LARGE_READX) {
3453 size_t upper_size = SVAL(req->vwv+7, 0);
3454 smb_maxcnt |= (upper_size<<16);
3455 if (upper_size > 1) {
3456 /* Can't do this on a chained packet. */
3457 if ((CVAL(req->vwv+0, 0) != 0xFF)) {
3458 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3459 END_PROFILE(SMBreadX);
3460 return;
3461 }
3462 /* We currently don't do this on signed or sealed data. */
3463 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3464 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3465 END_PROFILE(SMBreadX);
3466 return;
3467 }
3468 /* Is there room in the reply for this data ? */
3469 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3470 reply_nterror(req,
3471 NT_STATUS_INVALID_PARAMETER);
3472 END_PROFILE(SMBreadX);
3473 return;
3474 }
3475 big_readX = True;
3476 }
3477 }
3478
3479 if (req->wct == 12) {
3480 #ifdef LARGE_SMB_OFF_T
3481 /*
3482 * This is a large offset (64 bit) read.
3483 */
3484 startpos |= (((SMB_OFF_T)IVAL(req->vwv+10, 0)) << 32);
3485
3486 #else /* !LARGE_SMB_OFF_T */
3487
3488 /*
3489 * Ensure we haven't been sent a >32 bit offset.
3490 */
3491
3492 if(IVAL(req->vwv+10, 0) != 0) {
3493 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3494 "used and we don't support 64 bit offsets.\n",
3495 (unsigned int)IVAL(req->vwv+10, 0) ));
3496 END_PROFILE(SMBreadX);
3497 reply_doserror(req, ERRDOS, ERRbadaccess);
3498 return;
3499 }
3500
3501 #endif /* LARGE_SMB_OFF_T */
3502
3503 }
3504
3505 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3506 (uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
3507 &lock);
3508
3509 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3510 END_PROFILE(SMBreadX);
3511 reply_doserror(req, ERRDOS, ERRlock);
3512 return;
3513 }
3514
3515 if (!big_readX &&
3516 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3517 goto strict_unlock;
3518 }
3519
3520 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3521
3522 strict_unlock:
3523 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3524
3525 END_PROFILE(SMBreadX);
3526 return;
3527 }
3528
3529 /****************************************************************************
3530 Error replies to writebraw must have smb_wct == 1. Fix this up.
3531 ****************************************************************************/
3532
3533 void error_to_writebrawerr(struct smb_request *req)
3534 {
3535 uint8 *old_outbuf = req->outbuf;
3536
3537 reply_outbuf(req, 1, 0);
3538
3539 memcpy(req->outbuf, old_outbuf, smb_size);
3540 TALLOC_FREE(old_outbuf);
3541 }
3542
3543 /****************************************************************************
3544 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3545 ****************************************************************************/
3546
3547 void reply_writebraw(struct smb_request *req)
3548 {
3549 connection_struct *conn = req->conn;
3550 char *buf = NULL;
3551 ssize_t nwritten=0;
3552 ssize_t total_written=0;
3553 size_t numtowrite=0;
3554 size_t tcount;
3555 SMB_OFF_T startpos;
3556 char *data=NULL;
3557 bool write_through;
3558 files_struct *fsp;
3559 struct lock_struct lock;
3560 NTSTATUS status;
3561
3562 START_PROFILE(SMBwritebraw);
3563
3564 /*
3565 * If we ever reply with an error, it must have the SMB command
3566 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3567 * we're finished.
3568 */
3569 SCVAL(req->inbuf,smb_com,SMBwritec);
3570
3571 if (srv_is_signing_active()) {
3572 END_PROFILE(SMBwritebraw);
3573 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3574 "raw reads/writes are disallowed.");
3575 }
3576
3577 if (req->wct < 12) {
3578 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3579 error_to_writebrawerr(req);
3580 END_PROFILE(SMBwritebraw);
3581 return;
3582 }
3583
3584 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3585 if (!check_fsp(conn, req, fsp)) {
3586 error_to_writebrawerr(req);
3587 END_PROFILE(SMBwritebraw);
3588 return;
3589 }
3590
3591 if (!CHECK_WRITE(fsp)) {
3592 reply_doserror(req, ERRDOS, ERRbadaccess);
3593 error_to_writebrawerr(req);
3594 END_PROFILE(SMBwritebraw);
3595 return;
3596 }
3597
3598 tcount = IVAL(req->vwv+1, 0);
3599 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
3600 write_through = BITSETW(req->vwv+7,0);
3601
3602 /* We have to deal with slightly different formats depending
3603 on whether we are using the core+ or lanman1.0 protocol */
3604
3605 if(Protocol <= PROTOCOL_COREPLUS) {
3606 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3607 data = smb_buf(req->inbuf);
3608 } else {
3609 numtowrite = SVAL(req->vwv+10, 0);
3610 data = smb_base(req->inbuf) + SVAL(req->vwv+11, 0);
3611 }
3612
3613 /* Ensure we don't write bytes past the end of this packet. */
3614 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3615 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3616 error_to_writebrawerr(req);
3617 END_PROFILE(SMBwritebraw);
3618 return;
3619 }
3620
3621 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3622 (uint64_t)startpos, (uint64_t)tcount, WRITE_LOCK,
3623 &lock);
3624
3625 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3626 reply_doserror(req, ERRDOS, ERRlock);
3627 error_to_writebrawerr(req);
3628 END_PROFILE(SMBwritebraw);
3629 return;
3630 }
3631
3632 if (numtowrite>0) {
3633 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3634 }
3635
3636 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3637 "wrote=%d sync=%d\n",
3638 fsp->fnum, (double)startpos, (int)numtowrite,
3639 (int)nwritten, (int)write_through));
3640
3641 if (nwritten < (ssize_t)numtowrite) {
3642 reply_unixerror(req, ERRHRD, ERRdiskfull);
3643 error_to_writebrawerr(req);
3644 goto strict_unlock;
3645 }
3646
3647 total_written = nwritten;
3648
3649 /* Allocate a buffer of 64k + length. */
3650 buf = TALLOC_ARRAY(NULL, char, 65540);
3651 if (!buf) {
3652 reply_doserror(req, ERRDOS, ERRnomem);
3653 error_to_writebrawerr(req);
3654 goto strict_unlock;
3655 }
3656
3657 /* Return a SMBwritebraw message to the redirector to tell
3658 * it to send more bytes */
3659
3660 memcpy(buf, req->inbuf, smb_size);
3661 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3662 SCVAL(buf,smb_com,SMBwritebraw);
3663 SSVALS(buf,smb_vwv0,0xFFFF);
3664 show_msg(buf);
3665 if (!srv_send_smb(smbd_server_fd(),
3666 buf,
3667 IS_CONN_ENCRYPTED(conn),
3668 &req->pcd)) {
3669 exit_server_cleanly("reply_writebraw: srv_send_smb "
3670 "failed.");
3671 }
3672
3673 /* Now read the raw data into the buffer and write it */
3674 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3675 &numtowrite);
3676 if (!NT_STATUS_IS_OK(status)) {
3677 exit_server_cleanly("secondary writebraw failed");
3678 }
3679
3680 /* Set up outbuf to return the correct size */
3681 reply_outbuf(req, 1, 0);
3682
3683 if (numtowrite != 0) {
3684
3685 if (numtowrite > 0xFFFF) {
3686 DEBUG(0,("reply_writebraw: Oversize secondary write "
3687 "raw requested (%u). Terminating\n",
3688 (unsigned int)numtowrite ));
3689 exit_server_cleanly("secondary writebraw failed");
3690 }
3691
3692 if (tcount > nwritten+numtowrite) {
3693 DEBUG(3,("reply_writebraw: Client overestimated the "
3694 "write %d %d %d\n",
3695 (int)tcount,(int)nwritten,(int)numtowrite));
3696 }
3697
3698 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3699
3700 if (!NT_STATUS_IS_OK(status)) {
3701 DEBUG(0,("reply_writebraw: Oversize secondary write "
3702 "raw read failed (%s). Terminating\n",
3703 nt_errstr(status)));
3704 exit_server_cleanly("secondary writebraw failed");
3705 }
3706
3707 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3708 if (nwritten == -1) {
3709 TALLOC_FREE(buf);
3710 reply_unixerror(req, ERRHRD, ERRdiskfull);
3711 error_to_writebrawerr(req);
3712 goto strict_unlock;
3713 }
3714
3715 if (nwritten < (ssize_t)numtowrite) {
3716 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3717 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3718 }
3719
3720 if (nwritten > 0) {
3721 total_written += nwritten;
3722 }
3723 }
3724
3725 TALLOC_FREE(buf);
3726 SSVAL(req->outbuf,smb_vwv0,total_written);
3727
3728 status = sync_file(conn, fsp, write_through);
3729 if (!NT_STATUS_IS_OK(status)) {
3730 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3731 fsp->fsp_name, nt_errstr(status) ));
3732 reply_nterror(req, status);
3733 error_to_writebrawerr(req);
3734 goto strict_unlock;
3735 }
3736
3737 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3738 "wrote=%d\n",
3739 fsp->fnum, (double)startpos, (int)numtowrite,
3740 (int)total_written));
3741
3742 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3743
3744 /* We won't return a status if write through is not selected - this
3745 * follows what WfWg does */
3746 END_PROFILE(SMBwritebraw);
3747
3748 if (!write_through && total_written==tcount) {
3749
3750 #if RABBIT_PELLET_FIX
3751 /*
3752 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3753 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3754 * JRA.
3755 */
3756 if (!send_keepalive(smbd_server_fd())) {
3757 exit_server_cleanly("reply_writebraw: send of "
3758 "keepalive failed");
3759 }
3760 #endif
3761 TALLOC_FREE(req->outbuf);
3762 }
3763 return;
3764
3765 strict_unlock:
3766 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3767
3768 END_PROFILE(SMBwritebraw);
3769 return;
3770 }
3771
3772 #undef DBGC_CLASS
3773 #define DBGC_CLASS DBGC_LOCKING
3774
3775 /****************************************************************************
3776 Reply to a writeunlock (core+).
3777 ****************************************************************************/
3778
3779 void reply_writeunlock(struct smb_request *req)
3780 {
3781 connection_struct *conn = req->conn;
3782 ssize_t nwritten = -1;
3783 size_t numtowrite;
3784 SMB_OFF_T startpos;
3785 const char *data;
3786 NTSTATUS status = NT_STATUS_OK;
3787 files_struct *fsp;
3788 struct lock_struct lock;
3789
3790 START_PROFILE(SMBwriteunlock);
3791
3792 if (req->wct < 5) {
3793 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3794 END_PROFILE(SMBwriteunlock);
3795 return;
3796 }
3797
3798 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3799
3800 if (!check_fsp(conn, req, fsp)) {
3801 END_PROFILE(SMBwriteunlock);
3802 return;
3803 }
3804
3805 if (!CHECK_WRITE(fsp)) {
3806 reply_doserror(req, ERRDOS,ERRbadaccess);
3807 END_PROFILE(SMBwriteunlock);
3808 return;
3809 }
3810
3811 numtowrite = SVAL(req->vwv+1, 0);
3812 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3813 data = (const char *)req->buf + 3;
3814
3815 if (numtowrite) {
3816 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3817 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3818 &lock);
3819
3820 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3821 reply_doserror(req, ERRDOS, ERRlock);
3822 END_PROFILE(SMBwriteunlock);
3823 return;
3824 }
3825 }
3826
3827 /* The special X/Open SMB protocol handling of
3828 zero length writes is *NOT* done for
3829 this call */
3830 if(numtowrite == 0) {
3831 nwritten = 0;
3832 } else {
3833 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3834 }
3835
3836 status = sync_file(conn, fsp, False /* write through */);
3837 if (!NT_STATUS_IS_OK(status)) {
3838 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3839 fsp->fsp_name, nt_errstr(status) ));
3840 reply_nterror(req, status);
3841 goto strict_unlock;
3842 }
3843
3844 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3845 reply_unixerror(req, ERRHRD, ERRdiskfull);
3846 goto strict_unlock;
3847 }
3848
3849 if (numtowrite) {
3850 status = do_unlock(smbd_messaging_context(),
3851 fsp,
3852 req->smbpid,
3853 (uint64_t)numtowrite,
3854 (uint64_t)startpos,
3855 WINDOWS_LOCK);
3856
3857 if (NT_STATUS_V(status)) {
3858 reply_nterror(req, status);
3859 goto strict_unlock;
3860 }
3861 }
3862
3863 reply_outbuf(req, 1, 0);
3864
3865 SSVAL(req->outbuf,smb_vwv0,nwritten);
3866
3867 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3868 fsp->fnum, (int)numtowrite, (int)nwritten));
3869
3870 strict_unlock:
3871 if (numtowrite) {
3872 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3873 }
3874
3875 END_PROFILE(SMBwriteunlock);
3876 return;
3877 }
3878
3879 #undef DBGC_CLASS
3880 #define DBGC_CLASS DBGC_ALL
3881
3882 /****************************************************************************
3883 Reply to a write.
3884 ****************************************************************************/
3885
3886 void reply_write(struct smb_request *req)
3887 {
3888 connection_struct *conn = req->conn;
3889 size_t numtowrite;
3890 ssize_t nwritten = -1;
3891 SMB_OFF_T startpos;
3892 const char *data;
3893 files_struct *fsp;
3894 struct lock_struct lock;
3895 NTSTATUS status;
3896
3897 START_PROFILE(SMBwrite);
3898
3899 if (req->wct < 5) {
3900 END_PROFILE(SMBwrite);
3901 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3902 return;
3903 }
3904
3905 /* If it's an IPC, pass off the pipe handler. */
3906 if (IS_IPC(conn)) {
3907 reply_pipe_write(req);
3908 END_PROFILE(SMBwrite);
3909 return;
3910 }
3911
3912 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
3913
3914 if (!check_fsp(conn, req, fsp)) {
3915 END_PROFILE(SMBwrite);
3916 return;
3917 }
3918
3919 if (!CHECK_WRITE(fsp)) {
3920 reply_doserror(req, ERRDOS, ERRbadaccess);
3921 END_PROFILE(SMBwrite);
3922 return;
3923 }
3924
3925 numtowrite = SVAL(req->vwv+1, 0);
3926 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
3927 data = (const char *)req->buf + 3;
3928
3929 init_strict_lock_struct(fsp, (uint32)req->smbpid,
3930 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
3931 &lock);
3932
3933 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
3934 reply_doserror(req, ERRDOS, ERRlock);
3935 END_PROFILE(SMBwrite);
3936 return;
3937 }
3938
3939 /*
3940 * X/Open SMB protocol says that if smb_vwv1 is
3941 * zero then the file size should be extended or
3942 * truncated to the size given in smb_vwv[2-3].
3943 */
3944
3945 if(numtowrite == 0) {
3946 /*
3947 * This is actually an allocate call, and set EOF. JRA.
3948 */
3949 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3950 if (nwritten < 0) {
3951 reply_nterror(req, NT_STATUS_DISK_FULL);
3952 goto strict_unlock;
3953 }
3954 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3955 if (nwritten < 0) {
3956 reply_nterror(req, NT_STATUS_DISK_FULL);
3957 goto strict_unlock;
3958 }
3959 trigger_write_time_update_immediate(fsp);
3960 } else {
3961 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3962 }
3963
3964 status = sync_file(conn, fsp, False);
3965 if (!NT_STATUS_IS_OK(status)) {
3966 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3967 fsp->fsp_name, nt_errstr(status) ));
3968 reply_nterror(req, status);
3969 goto strict_unlock;
3970 }
3971
3972 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3973 reply_unixerror(req, ERRHRD, ERRdiskfull);
3974 goto strict_unlock;
3975 }
3976
3977 reply_outbuf(req, 1, 0);
3978
3979 SSVAL(req->outbuf,smb_vwv0,nwritten);
3980
3981 if (nwritten < (ssize_t)numtowrite) {
3982 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3983 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3984 }
3985
3986 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3987
3988 strict_unlock:
3989 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
3990
3991 END_PROFILE(SMBwrite);
3992 return;
3993 }
3994
3995 /****************************************************************************
3996 Ensure a buffer is a valid writeX for recvfile purposes.
3997 ****************************************************************************/
3998
3999 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
4000 (2*14) + /* word count (including bcc) */ \
4001 1 /* pad byte */)
4002
4003 bool is_valid_writeX_buffer(const uint8_t *inbuf)
4004 {
4005 size_t numtowrite;
4006 connection_struct *conn = NULL;
4007 unsigned int doff = 0;
4008 size_t len = smb_len_large(inbuf);
4009
4010 if (is_encrypted_packet(inbuf)) {
4011 /* Can't do this on encrypted
4012 * connections. */
4013 return false;
4014 }
4015
4016 if (CVAL(inbuf,smb_com) != SMBwriteX) {
4017 return false;
4018 }
4019
4020 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
4021 CVAL(inbuf,smb_wct) != 14) {
4022 DEBUG(10,("is_valid_writeX_buffer: chained or "
4023 "invalid word length.\n"));
4024 return false;
4025 }
4026
4027 conn = conn_find(SVAL(inbuf, smb_tid));
4028 if (conn == NULL) {
4029 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
4030 return false;
4031 }
4032 if (IS_IPC(conn)) {
4033 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
4034 return false;
4035 }
4036 if (IS_PRINT(conn)) {
4037 DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
4038 return false;
4039 }
4040 doff = SVAL(inbuf,smb_vwv11);
4041
4042 numtowrite = SVAL(inbuf,smb_vwv10);
4043
4044 if (len > doff && len - doff > 0xFFFF) {
4045 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
4046 }
4047
4048 if (numtowrite == 0) {
4049 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
4050 return false;
4051 }
4052
4053 /* Ensure the sizes match up. */
4054 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
4055 /* no pad byte...old smbclient :-( */
4056 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
4057 (unsigned int)doff,
4058 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
4059 return false;
4060 }
4061
4062 if (len - doff != numtowrite) {
4063 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
4064 "len = %u, doff = %u, numtowrite = %u\n",
4065 (unsigned int)len,
4066 (unsigned int)doff,
4067 (unsigned int)numtowrite ));
4068 return false;
4069 }
4070
4071 DEBUG(10,("is_valid_writeX_buffer: true "
4072 "len = %u, doff = %u, numtowrite = %u\n",
4073 (unsigned int)len,
4074 (unsigned int)doff,
4075 (unsigned int)numtowrite ));
4076
4077 return true;
4078 }
4079
4080 /****************************************************************************
4081 Reply to a write and X.
4082 ****************************************************************************/
4083
4084 void reply_write_and_X(struct smb_request *req)
4085 {
4086 connection_struct *conn = req->conn;
4087 files_struct *fsp;
4088 struct lock_struct lock;
4089 SMB_OFF_T startpos;
4090 size_t numtowrite;
4091 bool write_through;
4092 ssize_t nwritten;
4093 unsigned int smb_doff;
4094 unsigned int smblen;
4095 char *data;
4096 NTSTATUS status;
4097
4098 START_PROFILE(SMBwriteX);
4099
4100 if ((req->wct != 12) && (req->wct != 14)) {
4101 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4102 END_PROFILE(SMBwriteX);
4103 return;
4104 }
4105
4106 numtowrite = SVAL(req->vwv+10, 0);
4107 smb_doff = SVAL(req->vwv+11, 0);
4108 smblen = smb_len(req->inbuf);
4109
4110 if (req->unread_bytes > 0xFFFF ||
4111 (smblen > smb_doff &&
4112 smblen - smb_doff > 0xFFFF)) {
4113 numtowrite |= (((size_t)SVAL(req->vwv+9, 0))<<16);
4114 }
4115
4116 if (req->unread_bytes) {
4117 /* Can't do a recvfile write on IPC$ */
4118 if (IS_IPC(conn)) {
4119 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4120 END_PROFILE(SMBwriteX);
4121 return;
4122 }
4123 if (numtowrite != req->unread_bytes) {
4124 reply_doserror(req, ERRDOS, ERRbadmem);
4125 END_PROFILE(SMBwriteX);
4126 return;
4127 }
4128 } else {
4129 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
4130 smb_doff + numtowrite > smblen) {
4131 reply_doserror(req, ERRDOS, ERRbadmem);
4132 END_PROFILE(SMBwriteX);
4133 return;
4134 }
4135 }
4136
4137 /* If it's an IPC, pass off the pipe handler. */
4138 if (IS_IPC(conn)) {
4139 if (req->unread_bytes) {
4140 reply_doserror(req, ERRDOS, ERRbadmem);
4141 END_PROFILE(SMBwriteX);
4142 return;
4143 }
4144 reply_pipe_write_and_X(req);
4145 END_PROFILE(SMBwriteX);
4146 return;
4147 }
4148
4149 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
4150 startpos = IVAL_TO_SMB_OFF_T(req->vwv+3, 0);
4151 write_through = BITSETW(req->vwv+7,0);
4152
4153 if (!check_fsp(conn, req, fsp)) {
4154 END_PROFILE(SMBwriteX);
4155 return;
4156 }
4157
4158 if (!CHECK_WRITE(fsp)) {
4159 reply_doserror(req, ERRDOS, ERRbadaccess);
4160 END_PROFILE(SMBwriteX);
4161 return;
4162 }
4163
4164 data = smb_base(req->inbuf) + smb_doff;
4165
4166 if(req->wct == 14) {
4167 #ifdef LARGE_SMB_OFF_T
4168 /*
4169 * This is a large offset (64 bit) write.
4170 */
4171 startpos |= (((SMB_OFF_T)IVAL(req->vwv+12, 0)) << 32);
4172
4173 #else /* !LARGE_SMB_OFF_T */
4174
4175 /*
4176 * Ensure we haven't been sent a >32 bit offset.
4177 */
4178
4179 if(IVAL(req->vwv+12, 0) != 0) {
4180 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
4181 "used and we don't support 64 bit offsets.\n",
4182 (unsigned int)IVAL(req->vwv+12, 0) ));
4183 reply_doserror(req, ERRDOS, ERRbadaccess);
4184 END_PROFILE(SMBwriteX);
4185 return;
4186 }
4187
4188 #endif /* LARGE_SMB_OFF_T */
4189 }
4190
4191 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4192 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4193 &lock);
4194
4195 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4196 reply_doserror(req, ERRDOS, ERRlock);
4197 END_PROFILE(SMBwriteX);
4198 return;
4199 }
4200
4201 /* X/Open SMB protocol says that, unlike SMBwrite
4202 if the length is zero then NO truncation is
4203 done, just a write of zero. To truncate a file,
4204 use SMBwrite. */
4205
4206 if(numtowrite == 0) {
4207 nwritten = 0;
4208 } else {
4209
4210 if ((req->unread_bytes == 0) &&
4211 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4212 numtowrite)) {
4213 goto strict_unlock;
4214 }
4215
4216 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4217 }
4218
4219 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4220 reply_unixerror(req, ERRHRD, ERRdiskfull);
4221 goto strict_unlock;
4222 }
4223
4224 reply_outbuf(req, 6, 0);
4225 SSVAL(req->outbuf,smb_vwv2,nwritten);
4226 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4227
4228 if (nwritten < (ssize_t)numtowrite) {
4229 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4230 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4231 }
4232
4233 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4234 fsp->fnum, (int)numtowrite, (int)nwritten));
4235
4236 status = sync_file(conn, fsp, write_through);
4237 if (!NT_STATUS_IS_OK(status)) {
4238 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4239 fsp->fsp_name, nt_errstr(status) ));
4240 reply_nterror(req, status);
4241 goto strict_unlock;
4242 }
4243
4244 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4245
4246 END_PROFILE(SMBwriteX);
4247 chain_reply(req);
4248 return;
4249
4250 strict_unlock:
4251 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4252
4253 END_PROFILE(SMBwriteX);
4254 return;
4255 }
4256
4257 /****************************************************************************
4258 Reply to a lseek.
4259 ****************************************************************************/
4260
4261 void reply_lseek(struct smb_request *req)
4262 {
4263 connection_struct *conn = req->conn;
4264 SMB_OFF_T startpos;
4265 SMB_OFF_T res= -1;
4266 int mode,umode;
4267 files_struct *fsp;
4268
4269 START_PROFILE(SMBlseek);
4270
4271 if (req->wct < 4) {
4272 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4273 END_PROFILE(SMBlseek);
4274 return;
4275 }
4276
4277 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4278
4279 if (!check_fsp(conn, req, fsp)) {
4280 return;
4281 }
4282
4283 flush_write_cache(fsp, SEEK_FLUSH);
4284
4285 mode = SVAL(req->vwv+1, 0) & 3;
4286 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4287 startpos = (SMB_OFF_T)IVALS(req->vwv+2, 0);
4288
4289 switch (mode) {
4290 case 0:
4291 umode = SEEK_SET;
4292 res = startpos;
4293 break;
4294 case 1:
4295 umode = SEEK_CUR;
4296 res = fsp->fh->pos + startpos;
4297 break;
4298 case 2:
4299 umode = SEEK_END;
4300 break;
4301 default:
4302 umode = SEEK_SET;
4303 res = startpos;
4304 break;
4305 }
4306
4307 if (umode == SEEK_END) {
4308 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4309 if(errno == EINVAL) {
4310 SMB_OFF_T current_pos = startpos;
4311 SMB_STRUCT_STAT sbuf;
4312
4313 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4314 reply_unixerror(req, ERRDOS,
4315 ERRnoaccess);
4316 END_PROFILE(SMBlseek);
4317 return;
4318 }
4319
4320 current_pos += sbuf.st_size;
4321 if(current_pos < 0)
4322 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4323 }
4324 }
4325
4326 if(res == -1) {
4327 reply_unixerror(req, ERRDOS, ERRnoaccess);
4328 END_PROFILE(SMBlseek);
4329 return;
4330 }
4331 }
4332
4333 fsp->fh->pos = res;
4334
4335 reply_outbuf(req, 2, 0);
4336 SIVAL(req->outbuf,smb_vwv0,res);
4337
4338 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4339 fsp->fnum, (double)startpos, (double)res, mode));
4340
4341 END_PROFILE(SMBlseek);
4342 return;
4343 }
4344
4345 /****************************************************************************
4346 Reply to a flush.
4347 ****************************************************************************/
4348
4349 void reply_flush(struct smb_request *req)
4350 {
4351 connection_struct *conn = req->conn;
4352 uint16 fnum;
4353 files_struct *fsp;
4354
4355 START_PROFILE(SMBflush);
4356
4357 if (req->wct < 1) {
4358 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4359 return;
4360 }
4361
4362 fnum = SVAL(req->vwv+0, 0);
4363 fsp = file_fsp(req, fnum);
4364
4365 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp)) {
4366 return;
4367 }
4368
4369 if (!fsp) {
4370 file_sync_all(conn);
4371 } else {
4372 NTSTATUS status = sync_file(conn, fsp, True);
4373 if (!NT_STATUS_IS_OK(status)) {
4374 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4375 fsp->fsp_name, nt_errstr(status) ));
4376 reply_nterror(req, status);
4377 END_PROFILE(SMBflush);
4378 return;
4379 }
4380 }
4381
4382 reply_outbuf(req, 0, 0);
4383
4384 DEBUG(3,("flush\n"));
4385 END_PROFILE(SMBflush);
4386 return;
4387 }
4388
4389 /****************************************************************************
4390 Reply to a exit.
4391 conn POINTER CAN BE NULL HERE !
4392 ****************************************************************************/
4393
4394 void reply_exit(struct smb_request *req)
4395 {
4396 START_PROFILE(SMBexit);
4397
4398 file_close_pid(req->smbpid, req->vuid);
4399
4400 reply_outbuf(req, 0, 0);
4401
4402 DEBUG(3,("exit\n"));
4403
4404 END_PROFILE(SMBexit);
4405 return;
4406 }
4407
4408 /****************************************************************************
4409 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4410 ****************************************************************************/
4411
4412 void reply_close(struct smb_request *req)
4413 {
4414 connection_struct *conn = req->conn;
4415 NTSTATUS status = NT_STATUS_OK;
4416 files_struct *fsp = NULL;
4417 START_PROFILE(SMBclose);
4418
4419 if (req->wct < 3) {
4420 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4421 END_PROFILE(SMBclose);
4422 return;
4423 }
4424
4425 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4426
4427 /*
4428 * We can only use check_fsp if we know it's not a directory.
4429 */
4430
4431 if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) {
4432 reply_doserror(req, ERRDOS, ERRbadfid);
4433 END_PROFILE(SMBclose);
4434 return;
4435 }
4436
4437 if(fsp->is_directory) {
4438 /*
4439 * Special case - close NT SMB directory handle.
4440 */
4441 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4442 status = close_file(req, fsp, NORMAL_CLOSE);
4443 } else {
4444 time_t t;
4445 /*
4446 * Close ordinary file.
4447 */
4448
4449 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4450 fsp->fh->fd, fsp->fnum,
4451 conn->num_files_open));
4452
4453 /*
4454 * Take care of any time sent in the close.
4455 */
4456
4457 t = srv_make_unix_date3(req->vwv+1);
4458 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4459
4460 /*
4461 * close_file() returns the unix errno if an error
4462 * was detected on close - normally this is due to
4463 * a disk full error. If not then it was probably an I/O error.
4464 */
4465
4466 status = close_file(req, fsp, NORMAL_CLOSE);
4467 }
4468
4469 if (!NT_STATUS_IS_OK(status)) {
4470 reply_nterror(req, status);
4471 END_PROFILE(SMBclose);
4472 return;
4473 }
4474
4475 reply_outbuf(req, 0, 0);
4476 END_PROFILE(SMBclose);
4477 return;
4478 }
4479
4480 /****************************************************************************
4481 Reply to a writeclose (Core+ protocol).
4482 ****************************************************************************/
4483
4484 void reply_writeclose(struct smb_request *req)
4485 {
4486 connection_struct *conn = req->conn;
4487 size_t numtowrite;
4488 ssize_t nwritten = -1;
4489 NTSTATUS close_status = NT_STATUS_OK;
4490 SMB_OFF_T startpos;
4491 const char *data;
4492 struct timespec mtime;
4493 files_struct *fsp;
4494 struct lock_struct lock;
4495
4496 START_PROFILE(SMBwriteclose);
4497
4498 if (req->wct < 6) {
4499 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4500 END_PROFILE(SMBwriteclose);
4501 return;
4502 }
4503
4504 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4505
4506 if (!check_fsp(conn, req, fsp)) {
4507 END_PROFILE(SMBwriteclose);
4508 return;
4509 }
4510 if (!CHECK_WRITE(fsp)) {
4511 reply_doserror(req, ERRDOS,ERRbadaccess);
4512 END_PROFILE(SMBwriteclose);
4513 return;
4514 }
4515
4516 numtowrite = SVAL(req->vwv+1, 0);
4517 startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
4518 mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
4519 data = (const char *)req->buf + 1;
4520
4521 if (numtowrite) {
4522 init_strict_lock_struct(fsp, (uint32)req->smbpid,
4523 (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
4524 &lock);
4525
4526 if (!SMB_VFS_STRICT_LOCK(conn, fsp, &lock)) {
4527 reply_doserror(req, ERRDOS,ERRlock);
4528 END_PROFILE(SMBwriteclose);
4529 return;
4530 }
4531 }
4532
4533 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4534
4535 set_close_write_time(fsp, mtime);
4536
4537 /*
4538 * More insanity. W2K only closes the file if writelen > 0.
4539 * JRA.
4540 */
4541
4542 if (numtowrite) {
4543 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4544 fsp->fsp_name ));
4545 close_status = close_file(req, fsp, NORMAL_CLOSE);
4546 }
4547
4548 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4549 fsp->fnum, (int)numtowrite, (int)nwritten,
4550 conn->num_files_open));
4551
4552 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4553 reply_doserror(req, ERRHRD, ERRdiskfull);
4554 goto strict_unlock;
4555 }
4556
4557 if(!NT_STATUS_IS_OK(close_status)) {
4558 reply_nterror(req, close_status);
4559 goto strict_unlock;
4560 }
4561
4562 reply_outbuf(req, 1, 0);
4563
4564 SSVAL(req->outbuf,smb_vwv0,nwritten);
4565
4566 strict_unlock:
4567 if (numtowrite) {
4568 SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
4569 }
4570
4571 END_PROFILE(SMBwriteclose);
4572 return;
4573 }
4574
4575 #undef DBGC_CLASS
4576 #define DBGC_CLASS DBGC_LOCKING
4577
4578 /****************************************************************************
4579 Reply to a lock.
4580 ****************************************************************************/
4581
4582 void reply_lock(struct smb_request *req)
4583 {
4584 connection_struct *conn = req->conn;
4585 uint64_t count,offset;
4586 NTSTATUS status;
4587 files_struct *fsp;
4588 struct byte_range_lock *br_lck = NULL;
4589
4590 START_PROFILE(SMBlock);
4591
4592 if (req->wct < 5) {
4593 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4594 END_PROFILE(SMBlock);
4595 return;
4596 }
4597
4598 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4599
4600 if (!check_fsp(conn, req, fsp)) {
4601 END_PROFILE(SMBlock);
4602 return;
4603 }
4604
4605 count = (uint64_t)IVAL(req->vwv+1, 0);
4606 offset = (uint64_t)IVAL(req->vwv+3, 0);
4607
4608 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4609 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4610
4611 br_lck = do_lock(smbd_messaging_context(),
4612 fsp,
4613 req->smbpid,
4614 count,
4615 offset,
4616 WRITE_LOCK,
4617 WINDOWS_LOCK,
4618 False, /* Non-blocking lock. */
4619 &status,
4620 NULL,
4621 NULL);
4622
4623 TALLOC_FREE(br_lck);
4624
4625 if (NT_STATUS_V(status)) {
4626 reply_nterror(req, status);
4627 END_PROFILE(SMBlock);
4628 return;
4629 }
4630
4631 reply_outbuf(req, 0, 0);
4632
4633 END_PROFILE(SMBlock);
4634 return;
4635 }
4636
4637 /****************************************************************************
4638 Reply to a unlock.
4639 ****************************************************************************/
4640
4641 void reply_unlock(struct smb_request *req)
4642 {
4643 connection_struct *conn = req->conn;
4644 uint64_t count,offset;
4645 NTSTATUS status;
4646 files_struct *fsp;
4647
4648 START_PROFILE(SMBunlock);
4649
4650 if (req->wct < 5) {
4651 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4652 END_PROFILE(SMBunlock);
4653 return;
4654 }
4655
4656 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4657
4658 if (!check_fsp(conn, req, fsp)) {
4659 END_PROFILE(SMBunlock);
4660 return;
4661 }
4662
4663 count = (uint64_t)IVAL(req->vwv+1, 0);
4664 offset = (uint64_t)IVAL(req->vwv+3, 0);
4665
4666 status = do_unlock(smbd_messaging_context(),
4667 fsp,
4668 req->smbpid,
4669 count,
4670 offset,
4671 WINDOWS_LOCK);
4672
4673 if (NT_STATUS_V(status)) {
4674 reply_nterror(req, status);
4675 END_PROFILE(SMBunlock);
4676 return;
4677 }
4678
4679 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4680 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4681
4682 reply_outbuf(req, 0, 0);
4683
4684 END_PROFILE(SMBunlock);
4685 return;
4686 }
4687
4688 #undef DBGC_CLASS
4689 #define DBGC_CLASS DBGC_ALL
4690
4691 /****************************************************************************
4692 Reply to a tdis.
4693 conn POINTER CAN BE NULL HERE !
4694 ****************************************************************************/
4695
4696 void reply_tdis(struct smb_request *req)
4697 {
4698 connection_struct *conn = req->conn;
4699 START_PROFILE(SMBtdis);
4700
4701 if (!conn) {
4702 DEBUG(4,("Invalid connection in tdis\n"));
4703 reply_doserror(req, ERRSRV, ERRinvnid);
4704 END_PROFILE(SMBtdis);
4705 return;
4706 }
4707
4708 conn->used = False;
4709
4710 close_cnum(conn,req->vuid);
4711 req->conn = NULL;
4712
4713 reply_outbuf(req, 0, 0);
4714 END_PROFILE(SMBtdis);
4715 return;
4716 }
4717
4718 /****************************************************************************
4719 Reply to a echo.
4720 conn POINTER CAN BE NULL HERE !
4721 ****************************************************************************/
4722
4723 void reply_echo(struct smb_request *req)
4724 {
4725 connection_struct *conn = req->conn;
4726 struct smb_perfcount_data local_pcd;
4727 struct smb_perfcount_data *cur_pcd;
4728 int smb_reverb;
4729 int seq_num;
4730
4731 START_PROFILE(SMBecho);
4732
4733 smb_init_perfcount_data(&local_pcd);
4734
4735 if (req->wct < 1) {
4736 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4737 END_PROFILE(SMBecho);
4738 return;
4739 }
4740
4741 smb_reverb = SVAL(req->vwv+0, 0);
4742
4743 reply_outbuf(req, 1, req->buflen);
4744
4745 /* copy any incoming data back out */
4746 if (req->buflen > 0) {
4747 memcpy(smb_buf(req->outbuf), req->buf, req->buflen);
4748 }
4749
4750 if (smb_reverb > 100) {
4751 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4752 smb_reverb = 100;
4753 }
4754
4755 for (seq_num = 1 ; seq_num <= smb_reverb ; seq_num++) {
4756
4757 /* this makes sure we catch the request pcd */
4758 if (seq_num == smb_reverb) {
4759 cur_pcd = &req->pcd;
4760 } else {
4761 SMB_PERFCOUNT_COPY_CONTEXT(&req->pcd, &local_pcd);
4762 cur_pcd = &local_pcd;
4763 }
4764
4765 SSVAL(req->outbuf,smb_vwv0,seq_num);
4766
4767 show_msg((char *)req->outbuf);
4768 if (!srv_send_smb(smbd_server_fd(),
4769 (char *)req->outbuf,
4770 IS_CONN_ENCRYPTED(conn)||req->encrypted,
4771 cur_pcd))
4772 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4773 }
4774
4775 DEBUG(3,("echo %d times\n", smb_reverb));
4776
4777 TALLOC_FREE(req->outbuf);
4778
4779 END_PROFILE(SMBecho);
4780 return;
4781 }
4782
4783 /****************************************************************************
4784 Reply to a printopen.
4785 ****************************************************************************/
4786
4787 void reply_printopen(struct smb_request *req)
4788 {
4789 connection_struct *conn = req->conn;
4790 files_struct *fsp;
4791 SMB_STRUCT_STAT sbuf;
4792 NTSTATUS status;
4793
4794 START_PROFILE(SMBsplopen);
4795
4796 if (req->wct < 2) {
4797 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4798 END_PROFILE(SMBsplopen);
4799 return;
4800 }
4801
4802 if (!CAN_PRINT(conn)) {
4803 reply_doserror(req, ERRDOS, ERRnoaccess);
4804 END_PROFILE(SMBsplopen);
4805 return;
4806 }
4807
4808 status = file_new(req, conn, &fsp);
4809 if(!NT_STATUS_IS_OK(status)) {
4810 reply_nterror(req, status);
4811 END_PROFILE(SMBsplopen);
4812 return;
4813 }
4814
4815 /* Open for exclusive use, write only. */
4816 status = print_fsp_open(req, conn, NULL, req->vuid, fsp, &sbuf);
4817
4818 if (!NT_STATUS_IS_OK(status)) {
4819 reply_nterror(req, status);
4820 END_PROFILE(SMBsplopen);
4821 return;
4822 }
4823
4824 reply_outbuf(req, 1, 0);
4825 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4826
4827 DEBUG(3,("openprint fd=%d fnum=%d\n",
4828 fsp->fh->fd, fsp->fnum));
4829
4830 END_PROFILE(SMBsplopen);
4831 return;
4832 }
4833
4834 /****************************************************************************
4835 Reply to a printclose.
4836 ****************************************************************************/
4837
4838 void reply_printclose(struct smb_request *req)
4839 {
4840 connection_struct *conn = req->conn;
4841 files_struct *fsp;
4842 NTSTATUS status;
4843
4844 START_PROFILE(SMBsplclose);
4845
4846 if (req->wct < 1) {
4847 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4848 END_PROFILE(SMBsplclose);
4849 return;
4850 }
4851
4852 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4853
4854 if (!check_fsp(conn, req, fsp)) {
4855 END_PROFILE(SMBsplclose);
4856 return;
4857 }
4858
4859 if (!CAN_PRINT(conn)) {
4860 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4861 END_PROFILE(SMBsplclose);
4862 return;
4863 }
4864
4865 DEBUG(3,("printclose fd=%d fnum=%d\n",
4866 fsp->fh->fd,fsp->fnum));
4867
4868 status = close_file(req, fsp, NORMAL_CLOSE);
4869
4870 if(!NT_STATUS_IS_OK(status)) {
4871 reply_nterror(req, status);
4872 END_PROFILE(SMBsplclose);
4873 return;
4874 }
4875
4876 reply_outbuf(req, 0, 0);
4877
4878 END_PROFILE(SMBsplclose);
4879 return;
4880 }
4881
4882 /****************************************************************************
4883 Reply to a printqueue.
4884 ****************************************************************************/
4885
4886 void reply_printqueue(struct smb_request *req)
4887 {
4888 connection_struct *conn = req->conn;
4889 int max_count;
4890 int start_index;
4891
4892 START_PROFILE(SMBsplretq);
4893
4894 if (req->wct < 2) {
4895 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4896 END_PROFILE(SMBsplretq);
4897 return;
4898 }
4899
4900 max_count = SVAL(req->vwv+0, 0);
4901 start_index = SVAL(req->vwv+1, 0);
4902
4903 /* we used to allow the client to get the cnum wrong, but that
4904 is really quite gross and only worked when there was only
4905 one printer - I think we should now only accept it if they
4906 get it right (tridge) */
4907 if (!CAN_PRINT(conn)) {
4908 reply_doserror(req, ERRDOS, ERRnoaccess);
4909 END_PROFILE(SMBsplretq);
4910 return;
4911 }
4912
4913 reply_outbuf(req, 2, 3);
4914 SSVAL(req->outbuf,smb_vwv0,0);
4915 SSVAL(req->outbuf,smb_vwv1,0);
4916 SCVAL(smb_buf(req->outbuf),0,1);
4917 SSVAL(smb_buf(req->outbuf),1,0);
4918
4919 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4920 start_index, max_count));
4921
4922 {
4923 print_queue_struct *queue = NULL;
4924 print_status_struct status;
4925 int count = print_queue_status(SNUM(conn), &queue, &status);
4926 int num_to_get = ABS(max_count);
4927 int first = (max_count>0?start_index:start_index+max_count+1);
4928 int i;
4929
4930 if (first >= count)
4931 num_to_get = 0;
4932 else
4933 num_to_get = MIN(num_to_get,count-first);
4934
4935
4936 for (i=first;i<first+num_to_get;i++) {
4937 char blob[28];
4938 char *p = blob;
4939
4940 srv_put_dos_date2(p,0,queue[i].time);
4941 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4942 SSVAL(p,5, queue[i].job);
4943 SIVAL(p,7,queue[i].size);
4944 SCVAL(p,11,0);
4945 srvstr_push(blob, req->flags2, p+12,
4946 queue[i].fs_user, 16, STR_ASCII);
4947
4948 if (message_push_blob(
4949 &req->outbuf,
4950 data_blob_const(
4951 blob, sizeof(blob))) == -1) {
4952 reply_nterror(req, NT_STATUS_NO_MEMORY);
4953 END_PROFILE(SMBsplretq);
4954 return;
4955 }
4956 }
4957
4958 if (count > 0) {
4959 SSVAL(req->outbuf,smb_vwv0,count);
4960 SSVAL(req->outbuf,smb_vwv1,
4961 (max_count>0?first+count:first-1));
4962 SCVAL(smb_buf(req->outbuf),0,1);
4963 SSVAL(smb_buf(req->outbuf),1,28*count);
4964 }
4965
4966 SAFE_FREE(queue);
4967
4968 DEBUG(3,("%d entries returned in queue\n",count));
4969 }
4970
4971 END_PROFILE(SMBsplretq);
4972 return;
4973 }
4974
4975 /****************************************************************************
4976 Reply to a printwrite.
4977 ****************************************************************************/
4978
4979 void reply_printwrite(struct smb_request *req)
4980 {
4981 connection_struct *conn = req->conn;
4982 int numtowrite;
4983 const char *data;
4984 files_struct *fsp;
4985
4986 START_PROFILE(SMBsplwr);
4987
4988 if (req->wct < 1) {
4989 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4990 END_PROFILE(SMBsplwr);
4991 return;
4992 }
4993
4994 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
4995
4996 if (!check_fsp(conn, req, fsp)) {
4997 END_PROFILE(SMBsplwr);
4998 return;
4999 }
5000
5001 if (!CAN_PRINT(conn)) {
5002 reply_doserror(req, ERRDOS, ERRnoaccess);
5003 END_PROFILE(SMBsplwr);
5004 return;
5005 }
5006
5007 if (!CHECK_WRITE(fsp)) {
5008 reply_doserror(req, ERRDOS, ERRbadaccess);
5009 END_PROFILE(SMBsplwr);
5010 return;
5011 }
5012
5013 numtowrite = SVAL(req->buf, 1);
5014
5015 if (req->buflen < numtowrite + 3) {
5016 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5017 END_PROFILE(SMBsplwr);
5018 return;
5019 }
5020
5021 data = (const char *)req->buf + 3;
5022
5023 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
5024 reply_unixerror(req, ERRHRD, ERRdiskfull);
5025 END_PROFILE(SMBsplwr);
5026 return;
5027 }
5028
5029 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
5030
5031 END_PROFILE(SMBsplwr);
5032 return;
5033 }
5034
5035 /****************************************************************************
5036 Reply to a mkdir.
5037 ****************************************************************************/
5038
5039 void reply_mkdir(struct smb_request *req)
5040 {
5041 connection_struct *conn = req->conn;
5042 char *directory = NULL;
5043 NTSTATUS status;
5044 SMB_STRUCT_STAT sbuf;
5045 TALLOC_CTX *ctx = talloc_tos();
5046
5047 START_PROFILE(SMBmkdir);
5048
5049 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5050 STR_TERMINATE, &status);
5051 if (!NT_STATUS_IS_OK(status)) {
5052 reply_nterror(req, status);
5053 END_PROFILE(SMBmkdir);
5054 return;
5055 }
5056
5057 status = resolve_dfspath(ctx, conn,
5058 req->flags2 & FLAGS2_DFS_PATHNAMES,
5059 directory,
5060 &directory);
5061 if (!NT_STATUS_IS_OK(status)) {
5062 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5063 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5064 ERRSRV, ERRbadpath);
5065 END_PROFILE(SMBmkdir);
5066 return;
5067 }
5068 reply_nterror(req, status);
5069 END_PROFILE(SMBmkdir);
5070 return;
5071 }
5072
5073 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
5074 if (!NT_STATUS_IS_OK(status)) {
5075 reply_nterror(req, status);
5076 END_PROFILE(SMBmkdir);
5077 return;
5078 }
5079
5080 status = check_name(conn, directory);
5081 if (!NT_STATUS_IS_OK(status)) {
5082 reply_nterror(req, status);
5083 END_PROFILE(SMBmkdir);
5084 return;
5085 }
5086
5087 status = create_directory(conn, req, directory);
5088
5089 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
5090
5091 if (!NT_STATUS_IS_OK(status)) {
5092
5093 if (!use_nt_status()
5094 && NT_STATUS_EQUAL(status,
5095 NT_STATUS_OBJECT_NAME_COLLISION)) {
5096 /*
5097 * Yes, in the DOS error code case we get a
5098 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
5099 * samba4 torture test.
5100 */
5101 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
5102 }
5103
5104 reply_nterror(req, status);
5105 END_PROFILE(SMBmkdir);
5106 return;
5107 }
5108
5109 reply_outbuf(req, 0, 0);
5110
5111 DEBUG( 3, ( "mkdir %s\n", directory ) );
5112
5113 END_PROFILE(SMBmkdir);
5114 return;
5115 }
5116
5117 /****************************************************************************
5118 Static function used by reply_rmdir to delete an entire directory
5119 tree recursively. Return True on ok, False on fail.
5120 ****************************************************************************/
5121
5122 static bool recursive_rmdir(TALLOC_CTX *ctx,
5123 connection_struct *conn,
5124 char *directory)
5125 {
5126 const char *dname = NULL;
5127 bool ret = True;
5128 long offset = 0;
5129 SMB_STRUCT_STAT st;
5130 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
5131 NULL, 0);
5132
5133 if(dir_hnd == NULL)
5134 return False;
5135
5136 while((dname = ReadDirName(dir_hnd, &offset, &st))) {
5137 char *fullname = NULL;
5138
5139 if (ISDOT(dname) || ISDOTDOT(dname)) {
5140 continue;
5141 }
5142
5143 if (!is_visible_file(conn, directory, dname, &st, False)) {
5144 continue;
5145 }
5146
5147 /* Construct the full name. */
5148 fullname = talloc_asprintf(ctx,
5149 "%s/%s",
5150 directory,
5151 dname);
5152 if (!fullname) {
5153 errno = ENOMEM;
5154 ret = False;
5155 break;
5156 }
5157
5158 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5159 ret = False;
5160 break;
5161 }
5162
5163 if(st.st_mode & S_IFDIR) {
5164 if(!recursive_rmdir(ctx, conn, fullname)) {
5165 ret = False;
5166 break;
5167 }
5168 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5169 ret = False;
5170 break;
5171 }
5172 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5173 ret = False;
5174 break;
5175 }
5176 TALLOC_FREE(fullname);
5177 }
5178 TALLOC_FREE(dir_hnd);
5179 return ret;
5180 }
5181
5182 /****************************************************************************
5183 The internals of the rmdir code - called elsewhere.
5184 ****************************************************************************/
5185
5186 NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
5187 connection_struct *conn,
5188 const char *directory)
5189 {
5190 int ret;
5191 SMB_STRUCT_STAT st;
5192
5193 /* Might be a symlink. */
5194 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
5195 return map_nt_error_from_unix(errno);
5196 }
5197
5198 if (S_ISLNK(st.st_mode)) {
5199 /* Is what it points to a directory ? */
5200 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
5201 return map_nt_error_from_unix(errno);
5202 }
5203 if (!(S_ISDIR(st.st_mode))) {
5204 return NT_STATUS_NOT_A_DIRECTORY;
5205 }
5206 ret = SMB_VFS_UNLINK(conn,directory);
5207 } else {
5208 ret = SMB_VFS_RMDIR(conn,directory);
5209 }
5210 if (ret == 0) {
5211 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5212 FILE_NOTIFY_CHANGE_DIR_NAME,
5213 directory);
5214 return NT_STATUS_OK;
5215 }
5216
5217 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
5218 /*
5219 * Check to see if the only thing in this directory are
5220 * vetoed files/directories. If so then delete them and
5221 * retry. If we fail to delete any of them (and we *don't*
5222 * do a recursive delete) then fail the rmdir.
5223 */
5224 const char *dname;
5225 long dirpos = 0;
5226 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5227 directory, NULL, 0);
5228
5229 if(dir_hnd == NULL) {
5230 errno = ENOTEMPTY;
5231 goto err;
5232 }
5233
5234 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5235 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5236 continue;
5237 if (!is_visible_file(conn, directory, dname, &st, False))
5238 continue;
5239 if(!IS_VETO_PATH(conn, dname)) {
5240 TALLOC_FREE(dir_hnd);
5241 errno = ENOTEMPTY;
5242 goto err;
5243 }
5244 }
5245
5246 /* We only have veto files/directories.
5247 * Are we allowed to delete them ? */
5248
5249 if(!lp_recursive_veto_delete(SNUM(conn))) {
5250 TALLOC_FREE(dir_hnd);
5251 errno = ENOTEMPTY;
5252 goto err;
5253 }
5254
5255 /* Do a recursive delete. */
5256 RewindDir(dir_hnd,&dirpos);
5257 while ((dname = ReadDirName(dir_hnd, &dirpos, &st))) {
5258 char *fullname = NULL;
5259
5260 if (ISDOT(dname) || ISDOTDOT(dname)) {
5261 continue;
5262 }
5263 if (!is_visible_file(conn, directory, dname, &st, False)) {
5264 continue;
5265 }
5266
5267 fullname = talloc_asprintf(ctx,
5268 "%s/%s",
5269 directory,
5270 dname);
5271
5272 if(!fullname) {
5273 errno = ENOMEM;
5274 break;
5275 }
5276
5277 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5278 break;
5279 }
5280 if(st.st_mode & S_IFDIR) {
5281 if(!recursive_rmdir(ctx, conn, fullname)) {
5282 break;
5283 }
5284 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5285 break;
5286 }
5287 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5288 break;
5289 }
5290 TALLOC_FREE(fullname);
5291 }
5292 TALLOC_FREE(dir_hnd);
5293 /* Retry the rmdir */
5294 ret = SMB_VFS_RMDIR(conn,directory);
5295 }
5296
5297 err:
5298
5299 if (ret != 0) {
5300 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5301 "%s\n", directory,strerror(errno)));
5302 return map_nt_error_from_unix(errno);
5303 }
5304
5305 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5306 FILE_NOTIFY_CHANGE_DIR_NAME,
5307 directory);
5308
5309 return NT_STATUS_OK;
5310 }
5311
5312 /****************************************************************************
5313 Reply to a rmdir.
5314 ****************************************************************************/
5315
5316 void reply_rmdir(struct smb_request *req)
5317 {
5318 connection_struct *conn = req->conn;
5319 char *directory = NULL;
5320 SMB_STRUCT_STAT sbuf;
5321 NTSTATUS status;
5322 TALLOC_CTX *ctx = talloc_tos();
5323
5324 START_PROFILE(SMBrmdir);
5325
5326 srvstr_get_path_req(ctx, req, &directory, (const char *)req->buf + 1,
5327 STR_TERMINATE, &status);
5328 if (!NT_STATUS_IS_OK(status)) {
5329 reply_nterror(req, status);
5330 END_PROFILE(SMBrmdir);
5331 return;
5332 }
5333
5334 status = resolve_dfspath(ctx, conn,
5335 req->flags2 & FLAGS2_DFS_PATHNAMES,
5336 directory,
5337 &directory);
5338 if (!NT_STATUS_IS_OK(status)) {
5339 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5340 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5341 ERRSRV, ERRbadpath);
5342 END_PROFILE(SMBrmdir);
5343 return;
5344 }
5345 reply_nterror(req, status);
5346 END_PROFILE(SMBrmdir);
5347 return;
5348 }
5349
5350 status = unix_convert(ctx, conn, directory, False, &directory,
5351 NULL, &sbuf);
5352 if (!NT_STATUS_IS_OK(status)) {
5353 reply_nterror(req, status);
5354 END_PROFILE(SMBrmdir);
5355 return;
5356 }
5357
5358 status = check_name(conn, directory);
5359 if (!NT_STATUS_IS_OK(status)) {
5360 reply_nterror(req, status);
5361 END_PROFILE(SMBrmdir);
5362 return;
5363 }
5364
5365 dptr_closepath(directory, req->smbpid);
5366 status = rmdir_internals(ctx, conn, directory);
5367 if (!NT_STATUS_IS_OK(status)) {
5368 reply_nterror(req, status);
5369 END_PROFILE(SMBrmdir);
5370 return;
5371 }
5372
5373 reply_outbuf(req, 0, 0);
5374
5375 DEBUG( 3, ( "rmdir %s\n", directory ) );
5376
5377 END_PROFILE(SMBrmdir);
5378 return;
5379 }
5380
5381 /*******************************************************************
5382 Resolve wildcards in a filename rename.
5383 ********************************************************************/
5384
5385 static bool resolve_wildcards(TALLOC_CTX *ctx,
5386 const char *name1,
5387 const char *name2,
5388 char **pp_newname)
5389 {
5390 char *name2_copy = NULL;
5391 char *root1 = NULL;
5392 char *root2 = NULL;
5393 char *ext1 = NULL;
5394 char *ext2 = NULL;
5395 char *p,*p2, *pname1, *pname2;
5396
5397 name2_copy = talloc_strdup(ctx, name2);
5398 if (!name2_copy) {
5399 return False;
5400 }
5401
5402 pname1 = strrchr_m(name1,'/');
5403 pname2 = strrchr_m(name2_copy,'/');
5404
5405 if (!pname1 || !pname2) {
5406 return False;
5407 }
5408
5409 /* Truncate the copy of name2 at the last '/' */
5410 *pname2 = '\0';
5411
5412 /* Now go past the '/' */
5413 pname1++;
5414 pname2++;
5415
5416 root1 = talloc_strdup(ctx, pname1);
5417 root2 = talloc_strdup(ctx, pname2);
5418
5419 if (!root1 || !root2) {
5420 return False;
5421 }
5422
5423 p = strrchr_m(root1,'.');
5424 if (p) {
5425 *p = 0;
5426 ext1 = talloc_strdup(ctx, p+1);
5427 } else {
5428 ext1 = talloc_strdup(ctx, "");
5429 }
5430 p = strrchr_m(root2,'.');
5431 if (p) {
5432 *p = 0;
5433 ext2 = talloc_strdup(ctx, p+1);
5434 } else {
5435 ext2 = talloc_strdup(ctx, "");
5436 }
5437
5438 if (!ext1 || !ext2) {
5439 return False;
5440 }
5441
5442 p = root1;
5443 p2 = root2;
5444 while (*p2) {
5445 if (*p2 == '?') {
5446 /* Hmmm. Should this be mb-aware ? */
5447 *p2 = *p;
5448 p2++;
5449 } else if (*p2 == '*') {
5450 *p2 = '\0';
5451 root2 = talloc_asprintf(ctx, "%s%s",
5452 root2,
5453 p);
5454 if (!root2) {
5455 return False;
5456 }
5457 break;
5458 } else {
5459 p2++;
5460 }
5461 if (*p) {
5462 p++;
5463 }
5464 }
5465
5466 p = ext1;
5467 p2 = ext2;
5468 while (*p2) {
5469 if (*p2 == '?') {
5470 /* Hmmm. Should this be mb-aware ? */
5471 *p2 = *p;
5472 p2++;
5473 } else if (*p2 == '*') {
5474 *p2 = '\0';
5475 ext2 = talloc_asprintf(ctx, "%s%s",
5476 ext2,
5477 p);
5478 if (!ext2) {
5479 return False;
5480 }
5481 break;
5482 } else {
5483 p2++;
5484 }
5485 if (*p) {
5486 p++;
5487 }
5488 }
5489
5490 if (*ext2) {
5491 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5492 name2_copy,
5493 root2,
5494 ext2);
5495 } else {
5496 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5497 name2_copy,
5498 root2);
5499 }
5500
5501 if (!*pp_newname) {
5502 return False;
5503 }
5504
5505 return True;
5506 }
5507
5508 /****************************************************************************
5509 Ensure open files have their names updated. Updated to notify other smbd's
5510 asynchronously.
5511 ****************************************************************************/
5512
5513 static void rename_open_files(connection_struct *conn,
5514 struct share_mode_lock *lck,
5515 const char *newname)
5516 {
5517 files_struct *fsp;
5518 bool did_rename = False;
5519
5520 for(fsp = file_find_di_first(lck->id); fsp;
5521 fsp = file_find_di_next(fsp)) {
5522 /* fsp_name is a relative path under the fsp. To change this for other
5523 sharepaths we need to manipulate relative paths. */
5524 /* TODO - create the absolute path and manipulate the newname
5525 relative to the sharepath. */
5526 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5527 continue;
5528 }
5529 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5530 fsp->fnum, file_id_string_tos(&fsp->file_id),
5531 fsp->fsp_name, newname ));
5532 string_set(&fsp->fsp_name, newname);
5533 did_rename = True;
5534 }
5535
5536 if (!did_rename) {
5537 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5538 file_id_string_tos(&lck->id), newname ));
5539 }
5540
5541 /* Send messages to all smbd's (not ourself) that the name has changed. */
5542 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5543 newname);
5544 }
5545
5546 /****************************************************************************
5547 We need to check if the source path is a parent directory of the destination
5548 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5549 refuse the rename with a sharing violation. Under UNIX the above call can
5550 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5551 probably need to check that the client is a Windows one before disallowing
5552 this as a UNIX client (one with UNIX extensions) can know the source is a
5553 symlink and make this decision intelligently. Found by an excellent bug
5554 report from <AndyLiebman@aol.com>.
5555 ****************************************************************************/
5556
5557 static bool rename_path_prefix_equal(const char *src, const char *dest)
5558 {
5559 const char *psrc = src;
5560 const char *pdst = dest;
5561 size_t slen;
5562
5563 if (psrc[0] == '.' && psrc[1] == '/') {
5564 psrc += 2;
5565 }
5566 if (pdst[0] == '.' && pdst[1] == '/') {
5567 pdst += 2;
5568 }
5569 if ((slen = strlen(psrc)) > strlen(pdst)) {
5570 return False;
5571 }
5572 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5573 }
5574
5575 /*
5576 * Do the notify calls from a rename
5577 */
5578
5579 static void notify_rename(connection_struct *conn, bool is_dir,
5580 const char *oldpath, const char *newpath)
5581 {
5582 char *olddir, *newdir;
5583 const char *oldname, *newname;
5584 uint32 mask;
5585
5586 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5587 : FILE_NOTIFY_CHANGE_FILE_NAME;
5588
5589 if (!parent_dirname(talloc_tos(), oldpath, &olddir, &oldname)
5590 || !parent_dirname(talloc_tos(), newpath, &newdir, &newname)) {
5591 TALLOC_FREE(olddir);
5592 return;
5593 }
5594
5595 if (strcmp(olddir, newdir) == 0) {
5596 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5597 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5598 }
5599 else {
5600 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5601 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5602 }
5603 TALLOC_FREE(olddir);
5604 TALLOC_FREE(newdir);
5605
5606 /* this is a strange one. w2k3 gives an additional event for
5607 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5608 files, but not directories */
5609 if (!is_dir) {
5610 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5611 FILE_NOTIFY_CHANGE_ATTRIBUTES
5612 |FILE_NOTIFY_CHANGE_CREATION,
5613 newpath);
5614 }
5615 }
5616
5617 /****************************************************************************
5618 Rename an open file - given an fsp.
5619 ****************************************************************************/
5620
5621 NTSTATUS rename_internals_fsp(connection_struct *conn,
5622 files_struct *fsp,
5623 char *newname,
5624 const char *newname_last_component,
5625 uint32 attrs,
5626 bool replace_if_exists)
5627 {
5628 TALLOC_CTX *ctx = talloc_tos();
5629 SMB_STRUCT_STAT sbuf, sbuf1;
5630 NTSTATUS status = NT_STATUS_OK;
5631 struct share_mode_lock *lck = NULL;
5632 bool dst_exists, old_is_stream, new_is_stream;
5633
5634 ZERO_STRUCT(sbuf);
5635
5636 status = check_name(conn, newname);
5637 if (!NT_STATUS_IS_OK(status)) {
5638 return status;
5639 }
5640
5641 /* Ensure newname contains a '/' */
5642 if(strrchr_m(newname,'/') == 0) {
5643 newname = talloc_asprintf(ctx,
5644 "./%s",
5645 newname);
5646 if (!newname) {
5647 return NT_STATUS_NO_MEMORY;
5648 }
5649 }
5650
5651 /*
5652 * Check for special case with case preserving and not
5653 * case sensitive. If the old last component differs from the original
5654 * last component only by case, then we should allow
5655 * the rename (user is trying to change the case of the
5656 * filename).
5657 */
5658
5659 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5660 strequal(newname, fsp->fsp_name)) {
5661 char *p;
5662 char *newname_modified_last_component = NULL;
5663
5664 /*
5665 * Get the last component of the modified name.
5666 * Note that we guarantee that newname contains a '/'
5667 * character above.
5668 */
5669 p = strrchr_m(newname,'/');
5670 newname_modified_last_component = talloc_strdup(ctx,
5671 p+1);
5672 if (!newname_modified_last_component) {
5673 return NT_STATUS_NO_MEMORY;
5674 }
5675
5676 if(strcsequal(newname_modified_last_component,
5677 newname_last_component) == False) {
5678 /*
5679 * Replace the modified last component with
5680 * the original.
5681 */
5682 *p = '\0'; /* Truncate at the '/' */
5683 newname = talloc_asprintf(ctx,
5684 "%s/%s",
5685 newname,
5686 newname_last_component);
5687 }
5688 }
5689
5690 /*
5691 * If the src and dest names are identical - including case,
5692 * don't do the rename, just return success.
5693 */
5694
5695 if (strcsequal(fsp->fsp_name, newname)) {
5696 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5697 newname));
5698 return NT_STATUS_OK;
5699 }
5700
5701 old_is_stream = is_ntfs_stream_name(fsp->fsp_name);
5702 new_is_stream = is_ntfs_stream_name(newname);
5703
5704 /* Return the correct error code if both names aren't streams. */
5705 if (!old_is_stream && new_is_stream) {
5706 return NT_STATUS_OBJECT_NAME_INVALID;
5707 }
5708
5709 if (old_is_stream && !new_is_stream) {
5710 return NT_STATUS_INVALID_PARAMETER;
5711 }
5712
5713 /*
5714 * Have vfs_object_exist also fill sbuf1
5715 */
5716 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5717
5718 if(!replace_if_exists && dst_exists) {
5719 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5720 fsp->fsp_name,newname));
5721 return NT_STATUS_OBJECT_NAME_COLLISION;
5722 }
5723
5724 if (dst_exists) {
5725 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5726 files_struct *dst_fsp = file_find_di_first(fileid);
5727 /* The file can be open when renaming a stream */
5728 if (dst_fsp && !new_is_stream) {
5729 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5730 return NT_STATUS_ACCESS_DENIED;
5731 }
5732 }
5733
5734 /* Ensure we have a valid stat struct for the source. */
5735 if (fsp->fh->fd != -1) {
5736 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5737 return map_nt_error_from_unix(errno);
5738 }
5739 } else {
5740 int ret = -1;
5741 if (fsp->posix_open) {
5742 ret = SMB_VFS_LSTAT(conn,fsp->fsp_name,&sbuf);
5743 } else {
5744 ret = SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf);
5745 }
5746 if (ret == -1) {
5747 return map_nt_error_from_unix(errno);
5748 }
5749 }
5750
5751 status = can_rename(conn, fsp, attrs, &sbuf);
5752
5753 if (!NT_STATUS_IS_OK(status)) {
5754 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5755 nt_errstr(status), fsp->fsp_name,newname));
5756 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5757 status = NT_STATUS_ACCESS_DENIED;
5758 return status;
5759 }
5760
5761 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5762 return NT_STATUS_ACCESS_DENIED;
5763 }
5764
5765 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5766 NULL);
5767
5768 /*
5769 * We have the file open ourselves, so not being able to get the
5770 * corresponding share mode lock is a fatal error.
5771 */
5772
5773 SMB_ASSERT(lck != NULL);
5774
5775 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5776 uint32 create_options = fsp->fh->private_options;
5777
5778 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5779 fsp->fsp_name,newname));
5780
5781 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5782
5783 rename_open_files(conn, lck, newname);
5784
5785 /*
5786 * A rename acts as a new file create w.r.t. allowing an initial delete
5787 * on close, probably because in Windows there is a new handle to the
5788 * new file. If initial delete on close was requested but not
5789 * originally set, we need to set it here. This is probably not 100% correct,
5790 * but will work for the CIFSFS client which in non-posix mode
5791 * depends on these semantics. JRA.
5792 */
5793
5794 if (create_options & FILE_DELETE_ON_CLOSE) {
5795 status = can_set_delete_on_close(fsp, True, 0);
5796
5797 if (NT_STATUS_IS_OK(status)) {
5798 /* Note that here we set the *inital* delete on close flag,
5799 * not the regular one. The magic gets handled in close. */
5800 fsp->initial_delete_on_close = True;
5801 }
5802 }
5803 TALLOC_FREE(lck);
5804 return NT_STATUS_OK;
5805 }
5806
5807 TALLOC_FREE(lck);
5808
5809 if (errno == ENOTDIR || errno == EISDIR) {
5810 status = NT_STATUS_OBJECT_NAME_COLLISION;
5811 } else {
5812 status = map_nt_error_from_unix(errno);
5813 }
5814
5815 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5816 nt_errstr(status), fsp->fsp_name,newname));
5817
5818 return status;
5819 }
5820
5821 /****************************************************************************
5822 The guts of the rename command, split out so it may be called by the NT SMB
5823 code.
5824 ****************************************************************************/
5825
5826 NTSTATUS rename_internals(TALLOC_CTX *ctx,
5827 connection_struct *conn,
5828 struct smb_request *req,
5829 const char *name_in,
5830 const char *newname_in,
5831 uint32 attrs,
5832 bool replace_if_exists,
5833 bool src_has_wild,
5834 bool dest_has_wild,
5835 uint32_t access_mask)
5836 {
5837 char *directory = NULL;
5838 char *mask = NULL;
5839 char *last_component_src = NULL;
5840 char *last_component_dest = NULL;
5841 char *name = NULL;
5842 char *newname = NULL;
5843 char *p;
5844 int count=0;
5845 NTSTATUS status = NT_STATUS_OK;
5846 SMB_STRUCT_STAT sbuf1, sbuf2;
5847 struct smb_Dir *dir_hnd = NULL;
5848 const char *dname;
5849 long offset = 0;
5850 int create_options = 0;
5851 bool posix_pathnames = lp_posix_pathnames();
5852
5853 ZERO_STRUCT(sbuf1);
5854 ZERO_STRUCT(sbuf2);
5855
5856 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5857 &last_component_src, &sbuf1);
5858 if (!NT_STATUS_IS_OK(status)) {
5859 return status;
5860 }
5861
5862 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5863 &last_component_dest, &sbuf2);
5864 if (!NT_STATUS_IS_OK(status)) {
5865 return status;
5866 }
5867
5868 /*
5869 * Split the old name into directory and last component
5870 * strings. Note that unix_convert may have stripped off a
5871 * leading ./ from both name and newname if the rename is
5872 * at the root of the share. We need to make sure either both
5873 * name and newname contain a / character or neither of them do
5874 * as this is checked in resolve_wildcards().
5875 */
5876
5877 p = strrchr_m(name,'/');
5878 if (!p) {
5879 directory = talloc_strdup(ctx, ".");
5880 if (!directory) {
5881 return NT_STATUS_NO_MEMORY;
5882 }
5883 mask = name;
5884 } else {
5885 *p = 0;
5886 directory = talloc_strdup(ctx, name);
5887 if (!directory) {
5888 return NT_STATUS_NO_MEMORY;
5889 }
5890 mask = p+1;
5891 *p = '/'; /* Replace needed for exceptional test below. */
5892 }
5893
5894 /*
5895 * We should only check the mangled cache
5896 * here if unix_convert failed. This means
5897 * that the path in 'mask' doesn't exist
5898 * on the file system and so we need to look
5899 * for a possible mangle. This patch from
5900 * Tine Smukavec <valentin.smukavec@hermes.si>.
5901 */
5902
5903 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5904 char *new_mask = NULL;
5905 mangle_lookup_name_from_8_3(ctx,
5906 mask,
5907 &new_mask,
5908 conn->params );
5909 if (new_mask) {
5910 mask = new_mask;
5911 }
5912 }
5913
5914 if (!src_has_wild) {
5915 files_struct *fsp;
5916
5917 /*
5918 * No wildcards - just process the one file.
5919 */
5920 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5921
5922 /* Add a terminating '/' to the directory name. */
5923 directory = talloc_asprintf_append(directory,
5924 "/%s",
5925 mask);
5926 if (!directory) {
5927 return NT_STATUS_NO_MEMORY;
5928 }
5929
5930 /* Ensure newname contains a '/' also */
5931 if(strrchr_m(newname,'/') == 0) {
5932 newname = talloc_asprintf(ctx,
5933 "./%s",
5934 newname);
5935 if (!newname) {
5936 return NT_STATUS_NO_MEMORY;
5937 }
5938 }
5939
5940 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5941 "case_preserve = %d, short case preserve = %d, "
5942 "directory = %s, newname = %s, "
5943 "last_component_dest = %s, is_8_3 = %d\n",
5944 conn->case_sensitive, conn->case_preserve,
5945 conn->short_case_preserve, directory,
5946 newname, last_component_dest, is_short_name));
5947
5948 /* The dest name still may have wildcards. */
5949 if (dest_has_wild) {
5950 char *mod_newname = NULL;
5951 if (!resolve_wildcards(ctx,
5952 directory,newname,&mod_newname)) {
5953 DEBUG(6, ("rename_internals: resolve_wildcards "
5954 "%s %s failed\n",
5955 directory,
5956 newname));
5957 return NT_STATUS_NO_MEMORY;
5958 }
5959 newname = mod_newname;
5960 }
5961
5962 ZERO_STRUCT(sbuf1);
5963 if (posix_pathnames) {
5964 SMB_VFS_LSTAT(conn, directory, &sbuf1);
5965 } else {
5966 SMB_VFS_STAT(conn, directory, &sbuf1);
5967 }
5968
5969 if (S_ISDIR(sbuf1.st_mode)) {
5970 create_options |= FILE_DIRECTORY_FILE;
5971 }
5972
5973 status = SMB_VFS_CREATE_FILE(
5974 conn, /* conn */
5975 req, /* req */
5976 0, /* root_dir_fid */
5977 directory, /* fname */
5978 0, /* create_file_flags */
5979 access_mask, /* access_mask */
5980 (FILE_SHARE_READ | /* share_access */
5981 FILE_SHARE_WRITE),
5982 FILE_OPEN, /* create_disposition*/
5983 create_options, /* create_options */
5984 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
5985 0, /* oplock_request */
5986 0, /* allocation_size */
5987 NULL, /* sd */
5988 NULL, /* ea_list */
5989 &fsp, /* result */
5990 NULL, /* pinfo */
5991 &sbuf1); /* psbuf */
5992
5993 if (!NT_STATUS_IS_OK(status)) {
5994 DEBUG(3, ("Could not open rename source %s: %s\n",
5995 directory, nt_errstr(status)));
5996 return status;
5997 }
5998
5999 status = rename_internals_fsp(conn, fsp, newname,
6000 last_component_dest,
6001 attrs, replace_if_exists);
6002
6003 close_file(req, fsp, NORMAL_CLOSE);
6004
6005 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
6006 nt_errstr(status), directory,newname));
6007
6008 return status;
6009 }
6010
6011 /*
6012 * Wildcards - process each file that matches.
6013 */
6014 if (strequal(mask,"????????.???")) {
6015 mask[0] = '*';
6016 mask[1] = '\0';
6017 }
6018
6019 status = check_name(conn, directory);
6020 if (!NT_STATUS_IS_OK(status)) {
6021 return status;
6022 }
6023
6024 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
6025 if (dir_hnd == NULL) {
6026 return map_nt_error_from_unix(errno);
6027 }
6028
6029 status = NT_STATUS_NO_SUCH_FILE;
6030 /*
6031 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
6032 * - gentest fix. JRA
6033 */
6034
6035 while ((dname = ReadDirName(dir_hnd, &offset, &sbuf1))) {
6036 files_struct *fsp = NULL;
6037 char *fname = NULL;
6038 char *destname = NULL;
6039 bool sysdir_entry = False;
6040
6041 /* Quick check for "." and ".." */
6042 if (ISDOT(dname) || ISDOTDOT(dname)) {
6043 if (attrs & aDIR) {
6044 sysdir_entry = True;
6045 } else {
6046 continue;
6047 }
6048 }
6049
6050 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6051 continue;
6052 }
6053
6054 if(!mask_match(dname, mask, conn->case_sensitive)) {
6055 continue;
6056 }
6057
6058 if (sysdir_entry) {
6059 status = NT_STATUS_OBJECT_NAME_INVALID;
6060 break;
6061 }
6062
6063 fname = talloc_asprintf(ctx,
6064 "%s/%s",
6065 directory,
6066 dname);
6067 if (!fname) {
6068 return NT_STATUS_NO_MEMORY;
6069 }
6070
6071 if (!resolve_wildcards(ctx,
6072 fname,newname,&destname)) {
6073 DEBUG(6, ("resolve_wildcards %s %s failed\n",
6074 fname, destname));
6075 TALLOC_FREE(fname);
6076 continue;
6077 }
6078 if (!destname) {
6079 return NT_STATUS_NO_MEMORY;
6080 }
6081
6082 ZERO_STRUCT(sbuf1);
6083 if (posix_pathnames) {
6084 SMB_VFS_LSTAT(conn, fname, &sbuf1);
6085 } else {
6086 SMB_VFS_STAT(conn, fname, &sbuf1);
6087 }
6088
6089 create_options = 0;
6090
6091 if (S_ISDIR(sbuf1.st_mode)) {
6092 create_options |= FILE_DIRECTORY_FILE;
6093 }
6094
6095 status = SMB_VFS_CREATE_FILE(
6096 conn, /* conn */
6097 req, /* req */
6098 0, /* root_dir_fid */
6099 fname, /* fname */
6100 0, /* create_file_flags */
6101 access_mask, /* access_mask */
6102 (FILE_SHARE_READ | /* share_access */
6103 FILE_SHARE_WRITE),
6104 FILE_OPEN, /* create_disposition*/
6105 create_options, /* create_options */
6106 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, /* file_attributes */
6107 0, /* oplock_request */
6108 0, /* allocation_size */
6109 NULL, /* sd */
6110 NULL, /* ea_list */
6111 &fsp, /* result */
6112 NULL, /* pinfo */
6113 &sbuf1); /* psbuf */
6114
6115 if (!NT_STATUS_IS_OK(status)) {
6116 DEBUG(3,("rename_internals: SMB_VFS_CREATE_FILE "
6117 "returned %s rename %s -> %s\n",
6118 nt_errstr(status), directory, newname));
6119 break;
6120 }
6121
6122 status = rename_internals_fsp(conn, fsp, destname, dname,
6123 attrs, replace_if_exists);
6124
6125 close_file(req, fsp, NORMAL_CLOSE);
6126
6127 if (!NT_STATUS_IS_OK(status)) {
6128 DEBUG(3, ("rename_internals_fsp returned %s for "
6129 "rename %s -> %s\n", nt_errstr(status),
6130 directory, newname));
6131 break;
6132 }
6133
6134 count++;
6135
6136 DEBUG(3,("rename_internals: doing rename on %s -> "
6137 "%s\n",fname,destname));
6138
6139 TALLOC_FREE(fname);
6140 TALLOC_FREE(destname);
6141 }
6142 TALLOC_FREE(dir_hnd);
6143
6144 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
6145 status = map_nt_error_from_unix(errno);
6146 }
6147
6148 return status;
6149 }
6150
6151 /****************************************************************************
6152 Reply to a mv.
6153 ****************************************************************************/
6154
6155 void reply_mv(struct smb_request *req)
6156 {
6157 connection_struct *conn = req->conn;
6158 char *name = NULL;
6159 char *newname = NULL;
6160 const char *p;
6161 uint32 attrs;
6162 NTSTATUS status;
6163 bool src_has_wcard = False;
6164 bool dest_has_wcard = False;
6165 TALLOC_CTX *ctx = talloc_tos();
6166
6167 START_PROFILE(SMBmv);
6168
6169 if (req->wct < 1) {
6170 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6171 END_PROFILE(SMBmv);
6172 return;
6173 }
6174
6175 attrs = SVAL(req->vwv+0, 0);
6176
6177 p = (const char *)req->buf + 1;
6178 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6179 &status, &src_has_wcard);
6180 if (!NT_STATUS_IS_OK(status)) {
6181 reply_nterror(req, status);
6182 END_PROFILE(SMBmv);
6183 return;
6184 }
6185 p++;
6186 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6187 &status, &dest_has_wcard);
6188 if (!NT_STATUS_IS_OK(status)) {
6189 reply_nterror(req, status);
6190 END_PROFILE(SMBmv);
6191 return;
6192 }
6193
6194 status = resolve_dfspath_wcard(ctx, conn,
6195 req->flags2 & FLAGS2_DFS_PATHNAMES,
6196 name,
6197 &name,
6198 &src_has_wcard);
6199 if (!NT_STATUS_IS_OK(status)) {
6200 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6201 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6202 ERRSRV, ERRbadpath);
6203 END_PROFILE(SMBmv);
6204 return;
6205 }
6206 reply_nterror(req, status);
6207 END_PROFILE(SMBmv);
6208 return;
6209 }
6210
6211 status = resolve_dfspath_wcard(ctx, conn,
6212 req->flags2 & FLAGS2_DFS_PATHNAMES,
6213 newname,
6214 &newname,
6215 &dest_has_wcard);
6216 if (!NT_STATUS_IS_OK(status)) {
6217 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6218 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6219 ERRSRV, ERRbadpath);
6220 END_PROFILE(SMBmv);
6221 return;
6222 }
6223 reply_nterror(req, status);
6224 END_PROFILE(SMBmv);
6225 return;
6226 }
6227
6228 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
6229
6230 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
6231 src_has_wcard, dest_has_wcard, DELETE_ACCESS);
6232 if (!NT_STATUS_IS_OK(status)) {
6233 if (open_was_deferred(req->mid)) {
6234 /* We have re-scheduled this call. */
6235 END_PROFILE(SMBmv);
6236 return;
6237 }
6238 reply_nterror(req, status);
6239 END_PROFILE(SMBmv);
6240 return;
6241 }
6242
6243 reply_outbuf(req, 0, 0);
6244
6245 END_PROFILE(SMBmv);
6246 return;
6247 }
6248
6249 /*******************************************************************
6250 Copy a file as part of a reply_copy.
6251 ******************************************************************/
6252
6253 /*
6254 * TODO: check error codes on all callers
6255 */
6256
6257 NTSTATUS copy_file(TALLOC_CTX *ctx,
6258 connection_struct *conn,
6259 const char *src,
6260 const char *dest1,
6261 int ofun,
6262 int count,
6263 bool target_is_directory)
6264 {
6265 SMB_STRUCT_STAT src_sbuf, sbuf2;
6266 SMB_OFF_T ret=-1;
6267 files_struct *fsp1,*fsp2;
6268 char *dest = NULL;
6269 uint32 dosattrs;
6270 uint32 new_create_disposition;
6271 NTSTATUS status;
6272
6273 dest = talloc_strdup(ctx, dest1);
6274 if (!dest) {
6275 return NT_STATUS_NO_MEMORY;
6276 }
6277 if (target_is_directory) {
6278 const char *p = strrchr_m(src,'/');
6279 if (p) {
6280 p++;
6281 } else {
6282 p = src;
6283 }
6284 dest = talloc_asprintf_append(dest,
6285 "/%s",
6286 p);
6287 if (!dest) {
6288 return NT_STATUS_NO_MEMORY;
6289 }
6290 }
6291
6292 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6293 TALLOC_FREE(dest);
6294 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6295 }
6296
6297 if (!target_is_directory && count) {
6298 new_create_disposition = FILE_OPEN;
6299 } else {
6300 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6301 NULL, NULL, &new_create_disposition, NULL)) {
6302 TALLOC_FREE(dest);
6303 return NT_STATUS_INVALID_PARAMETER;
6304 }
6305 }
6306
6307 status = SMB_VFS_CREATE_FILE(
6308 conn, /* conn */
6309 NULL, /* req */
6310 0, /* root_dir_fid */
6311 src, /* fname */
6312 0, /* create_file_flags */
6313 FILE_GENERIC_READ, /* access_mask */
6314 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6315 FILE_OPEN, /* create_disposition*/
6316 0, /* create_options */
6317 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
6318 INTERNAL_OPEN_ONLY, /* oplock_request */
6319 0, /* allocation_size */
6320 NULL, /* sd */
6321 NULL, /* ea_list */
6322 &fsp1, /* result */
6323 NULL, /* pinfo */
6324 &src_sbuf); /* psbuf */
6325
6326 if (!NT_STATUS_IS_OK(status)) {
6327 TALLOC_FREE(dest);
6328 return status;
6329 }
6330
6331 dosattrs = dos_mode(conn, src, &src_sbuf);
6332 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6333 ZERO_STRUCTP(&sbuf2);
6334 }
6335
6336 status = SMB_VFS_CREATE_FILE(
6337 conn, /* conn */
6338 NULL, /* req */
6339 0, /* root_dir_fid */
6340 dest, /* fname */
6341 0, /* create_file_flags */
6342 FILE_GENERIC_WRITE, /* access_mask */
6343 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
6344 new_create_disposition, /* create_disposition*/
6345 0, /* create_options */
6346 dosattrs, /* file_attributes */
6347 INTERNAL_OPEN_ONLY, /* oplock_request */
6348 0, /* allocation_size */
6349 NULL, /* sd */
6350 NULL, /* ea_list */
6351 &fsp2, /* result */
6352 NULL, /* pinfo */
6353 &sbuf2); /* psbuf */
6354
6355 TALLOC_FREE(dest);
6356
6357 if (!NT_STATUS_IS_OK(status)) {
6358 close_file(NULL, fsp1, ERROR_CLOSE);
6359 return status;
6360 }
6361
6362 if ((ofun&3) == 1) {
6363 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6364 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6365 /*
6366 * Stop the copy from occurring.
6367 */
6368 ret = -1;
6369 src_sbuf.st_size = 0;
6370 }
6371 }
6372
6373 if (src_sbuf.st_size) {
6374 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6375 }
6376
6377 close_file(NULL, fsp1, NORMAL_CLOSE);
6378
6379 /* Ensure the modtime is set correctly on the destination file. */
6380 set_close_write_time(fsp2, get_mtimespec(&src_sbuf));
6381
6382 /*
6383 * As we are opening fsp1 read-only we only expect
6384 * an error on close on fsp2 if we are out of space.
6385 * Thus we don't look at the error return from the
6386 * close of fsp1.
6387 */
6388 status = close_file(NULL, fsp2, NORMAL_CLOSE);
6389
6390 if (!NT_STATUS_IS_OK(status)) {
6391 return status;
6392 }
6393
6394 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6395 return NT_STATUS_DISK_FULL;
6396 }
6397
6398 return NT_STATUS_OK;
6399 }
6400
6401 /****************************************************************************
6402 Reply to a file copy.
6403 ****************************************************************************/
6404
6405 void reply_copy(struct smb_request *req)
6406 {
6407 connection_struct *conn = req->conn;
6408 char *name = NULL;
6409 char *newname = NULL;
6410 char *directory = NULL;
6411 const char *mask = NULL;
6412 const char mask_star[] = "*";
6413 const char *p;
6414 int count=0;
6415 int error = ERRnoaccess;
6416 int err = 0;
6417 int tid2;
6418 int ofun;
6419 int flags;
6420 bool target_is_directory=False;
6421 bool source_has_wild = False;
6422 bool dest_has_wild = False;
6423 SMB_STRUCT_STAT sbuf1, sbuf2;
6424 NTSTATUS status;
6425 TALLOC_CTX *ctx = talloc_tos();
6426
6427 START_PROFILE(SMBcopy);
6428
6429 if (req->wct < 3) {
6430 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6431 END_PROFILE(SMBcopy);
6432 return;
6433 }
6434
6435 tid2 = SVAL(req->vwv+0, 0);
6436 ofun = SVAL(req->vwv+1, 0);
6437 flags = SVAL(req->vwv+2, 0);
6438
6439 p = (const char *)req->buf;
6440 p += srvstr_get_path_req_wcard(ctx, req, &name, p, STR_TERMINATE,
6441 &status, &source_has_wild);
6442 if (!NT_STATUS_IS_OK(status)) {
6443 reply_nterror(req, status);
6444 END_PROFILE(SMBcopy);
6445 return;
6446 }
6447 p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
6448 &status, &dest_has_wild);
6449 if (!NT_STATUS_IS_OK(status)) {
6450 reply_nterror(req, status);
6451 END_PROFILE(SMBcopy);
6452 return;
6453 }
6454
6455 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6456
6457 if (tid2 != conn->cnum) {
6458 /* can't currently handle inter share copies XXXX */
6459 DEBUG(3,("Rejecting inter-share copy\n"));
6460 reply_doserror(req, ERRSRV, ERRinvdevice);
6461 END_PROFILE(SMBcopy);
6462 return;
6463 }
6464
6465 status = resolve_dfspath_wcard(ctx, conn,
6466 req->flags2 & FLAGS2_DFS_PATHNAMES,
6467 name,
6468 &name,
6469 &source_has_wild);
6470 if (!NT_STATUS_IS_OK(status)) {
6471 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6472 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6473 ERRSRV, ERRbadpath);
6474 END_PROFILE(SMBcopy);
6475 return;
6476 }
6477 reply_nterror(req, status);
6478 END_PROFILE(SMBcopy);
6479 return;
6480 }
6481
6482 status = resolve_dfspath_wcard(ctx, conn,
6483 req->flags2 & FLAGS2_DFS_PATHNAMES,
6484 newname,
6485 &newname,
6486 &dest_has_wild);
6487 if (!NT_STATUS_IS_OK(status)) {
6488 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6489 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6490 ERRSRV, ERRbadpath);
6491 END_PROFILE(SMBcopy);
6492 return;
6493 }
6494 reply_nterror(req, status);
6495 END_PROFILE(SMBcopy);
6496 return;
6497 }
6498
6499 status = unix_convert(ctx, conn, name, source_has_wild,
6500 &name, NULL, &sbuf1);
6501 if (!NT_STATUS_IS_OK(status)) {
6502 reply_nterror(req, status);
6503 END_PROFILE(SMBcopy);
6504 return;
6505 }
6506
6507 status = unix_convert(ctx, conn, newname, dest_has_wild,
6508 &newname, NULL, &sbuf2);
6509 if (!NT_STATUS_IS_OK(status)) {
6510 reply_nterror(req, status);
6511 END_PROFILE(SMBcopy);
6512 return;
6513 }
6514
6515 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6516
6517 if ((flags&1) && target_is_directory) {
6518 reply_doserror(req, ERRDOS, ERRbadfile);
6519 END_PROFILE(SMBcopy);
6520 return;
6521 }
6522
6523 if ((flags&2) && !target_is_directory) {
6524 reply_doserror(req, ERRDOS, ERRbadpath);
6525 END_PROFILE(SMBcopy);
6526 return;
6527 }
6528
6529 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6530 /* wants a tree copy! XXXX */
6531 DEBUG(3,("Rejecting tree copy\n"));
6532 reply_doserror(req, ERRSRV, ERRerror);
6533 END_PROFILE(SMBcopy);
6534 return;
6535 }
6536
6537 p = strrchr_m(name,'/');
6538 if (p != NULL) {
6539 directory = talloc_strndup(ctx, name, PTR_DIFF(p, name));
6540 mask = p+1;
6541 } else {
6542 directory = talloc_strdup(ctx, "./");
6543 mask = name;
6544 }
6545
6546 if (!directory) {
6547 reply_nterror(req, NT_STATUS_NO_MEMORY);
6548 END_PROFILE(SMBcopy);
6549 return;
6550 }
6551
6552 /*
6553 * We should only check the mangled cache
6554 * here if unix_convert failed. This means
6555 * that the path in 'mask' doesn't exist
6556 * on the file system and so we need to look
6557 * for a possible mangle. This patch from
6558 * Tine Smukavec <valentin.smukavec@hermes.si>.
6559 */
6560
6561 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6562 char *new_mask = NULL;
6563 mangle_lookup_name_from_8_3(ctx,
6564 mask,
6565 &new_mask,
6566 conn->params );
6567 if (new_mask) {
6568 mask = new_mask;
6569 }
6570 }
6571
6572 if (!source_has_wild) {
6573 directory = talloc_asprintf_append(directory,
6574 "/%s",
6575 mask);
6576 if (dest_has_wild) {
6577 char *mod_newname = NULL;
6578 if (!resolve_wildcards(ctx,
6579 directory,newname,&mod_newname)) {
6580 reply_nterror(req, NT_STATUS_NO_MEMORY);
6581 END_PROFILE(SMBcopy);
6582 return;
6583 }
6584 newname = mod_newname;
6585 }
6586
6587 status = check_name(conn, directory);
6588 if (!NT_STATUS_IS_OK(status)) {
6589 reply_nterror(req, status);
6590 END_PROFILE(SMBcopy);
6591 return;
6592 }
6593
6594 status = check_name(conn, newname);
6595 if (!NT_STATUS_IS_OK(status)) {
6596 reply_nterror(req, status);
6597 END_PROFILE(SMBcopy);
6598 return;
6599 }
6600
6601 status = copy_file(ctx,conn,directory,newname,ofun,
6602 count,target_is_directory);
6603
6604 if(!NT_STATUS_IS_OK(status)) {
6605 reply_nterror(req, status);
6606 END_PROFILE(SMBcopy);
6607 return;
6608 } else {
6609 count++;
6610 }
6611 } else {
6612 struct smb_Dir *dir_hnd = NULL;
6613 const char *dname = NULL;
6614 long offset = 0;
6615
6616 if (strequal(mask,"????????.???")) {
6617 mask = mask_star;
6618 }
6619
6620 status = check_name(conn, directory);
6621 if (!NT_STATUS_IS_OK(status)) {
6622 reply_nterror(req, status);
6623 END_PROFILE(SMBcopy);
6624 return;
6625 }
6626
6627 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6628 if (dir_hnd == NULL) {
6629 status = map_nt_error_from_unix(errno);
6630 reply_nterror(req, status);
6631 END_PROFILE(SMBcopy);
6632 return;
6633 }
6634
6635 error = ERRbadfile;
6636
6637 while ((dname = ReadDirName(dir_hnd, &offset, &sbuf1))) {
6638 char *destname = NULL;
6639 char *fname = NULL;
6640
6641 if (ISDOT(dname) || ISDOTDOT(dname)) {
6642 continue;
6643 }
6644
6645 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6646 continue;
6647 }
6648
6649 if(!mask_match(dname, mask, conn->case_sensitive)) {
6650 continue;
6651 }
6652
6653 error = ERRnoaccess;
6654 fname = talloc_asprintf(ctx,
6655 "%s/%s",
6656 directory,
6657 dname);
6658 if (!fname) {
6659 TALLOC_FREE(dir_hnd);
6660 reply_nterror(req, NT_STATUS_NO_MEMORY);
6661 END_PROFILE(SMBcopy);
6662 return;
6663 }
6664
6665 if (!resolve_wildcards(ctx,
6666 fname,newname,&destname)) {
6667 continue;
6668 }
6669 if (!destname) {
6670 TALLOC_FREE(dir_hnd);
6671 reply_nterror(req, NT_STATUS_NO_MEMORY);
6672 END_PROFILE(SMBcopy);
6673 return;
6674 }
6675
6676 status = check_name(conn, fname);
6677 if (!NT_STATUS_IS_OK(status)) {
6678 TALLOC_FREE(dir_hnd);
6679 reply_nterror(req, status);
6680 END_PROFILE(SMBcopy);
6681 return;
6682 }
6683
6684 status = check_name(conn, destname);
6685 if (!NT_STATUS_IS_OK(status)) {
6686 TALLOC_FREE(dir_hnd);
6687 reply_nterror(req, status);
6688 END_PROFILE(SMBcopy);
6689 return;
6690 }
6691
6692 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6693
6694 status = copy_file(ctx,conn,fname,destname,ofun,
6695 count,target_is_directory);
6696 if (NT_STATUS_IS_OK(status)) {
6697 count++;
6698 }
6699 TALLOC_FREE(fname);
6700 TALLOC_FREE(destname);
6701 }
6702 TALLOC_FREE(dir_hnd);
6703 }
6704
6705 if (count == 0) {
6706 if(err) {
6707 /* Error on close... */
6708 errno = err;
6709 reply_unixerror(req, ERRHRD, ERRgeneral);
6710 END_PROFILE(SMBcopy);
6711 return;
6712 }
6713
6714 reply_doserror(req, ERRDOS, error);
6715 END_PROFILE(SMBcopy);
6716 return;
6717 }
6718
6719 reply_outbuf(req, 1, 0);
6720 SSVAL(req->outbuf,smb_vwv0,count);
6721
6722 END_PROFILE(SMBcopy);
6723 return;
6724 }
6725
6726 #undef DBGC_CLASS
6727 #define DBGC_CLASS DBGC_LOCKING
6728
6729 /****************************************************************************
6730 Get a lock pid, dealing with large count requests.
6731 ****************************************************************************/
6732
6733 uint32 get_lock_pid(const uint8_t *data, int data_offset,
6734 bool large_file_format)
6735 {
6736 if(!large_file_format)
6737 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6738 else
6739 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6740 }
6741
6742 /****************************************************************************
6743 Get a lock count, dealing with large count requests.
6744 ****************************************************************************/
6745
6746 uint64_t get_lock_count(const uint8_t *data, int data_offset,
6747 bool large_file_format)
6748 {
6749 uint64_t count = 0;
6750
6751 if(!large_file_format) {
6752 count = (uint64_t)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6753 } else {
6754
6755 #if defined(HAVE_LONGLONG)
6756 count = (((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6757 ((uint64_t) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6758 #else /* HAVE_LONGLONG */
6759
6760 /*
6761 * NT4.x seems to be broken in that it sends large file (64 bit)
6762 * lockingX calls even if the CAP_LARGE_FILES was *not*
6763 * negotiated. For boxes without large unsigned ints truncate the
6764 * lock count by dropping the top 32 bits.
6765 */
6766
6767 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6768 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6769 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6770 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6771 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6772 }
6773
6774 count = (uint64_t)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6775 #endif /* HAVE_LONGLONG */
6776 }
6777
6778 return count;
6779 }
6780
6781 #if !defined(HAVE_LONGLONG)
6782 /****************************************************************************
6783 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6784 ****************************************************************************/
6785
6786 static uint32 map_lock_offset(uint32 high, uint32 low)
6787 {
6788 unsigned int i;
6789 uint32 mask = 0;
6790 uint32 highcopy = high;
6791
6792 /*
6793 * Try and find out how many significant bits there are in high.
6794 */
6795
6796 for(i = 0; highcopy; i++)
6797 highcopy >>= 1;
6798
6799 /*
6800 * We use 31 bits not 32 here as POSIX
6801 * lock offsets may not be negative.
6802 */
6803
6804 mask = (~0) << (31 - i);
6805
6806 if(low & mask)
6807 return 0; /* Fail. */
6808
6809 high <<= (31 - i);
6810
6811 return (high|low);
6812 }
6813 #endif /* !defined(HAVE_LONGLONG) */
6814
6815 /****************************************************************************
6816 Get a lock offset, dealing with large offset requests.
6817 ****************************************************************************/
6818
6819 uint64_t get_lock_offset(const uint8_t *data, int data_offset,
6820 bool large_file_format, bool *err)
6821 {
6822 uint64_t offset = 0;
6823
6824 *err = False;
6825
6826 if(!large_file_format) {
6827 offset = (uint64_t)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6828 } else {
6829
6830 #if defined(HAVE_LONGLONG)
6831 offset = (((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6832 ((uint64_t) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6833 #else /* HAVE_LONGLONG */
6834
6835 /*
6836 * NT4.x seems to be broken in that it sends large file (64 bit)
6837 * lockingX calls even if the CAP_LARGE_FILES was *not*
6838 * negotiated. For boxes without large unsigned ints mangle the
6839 * lock offset by mapping the top 32 bits onto the lower 32.
6840 */
6841
6842 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6843 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6844 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6845 uint32 new_low = 0;
6846
6847 if((new_low = map_lock_offset(high, low)) == 0) {
6848 *err = True;
6849 return (uint64_t)-1;
6850 }
6851
6852 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6853 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6854 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6855 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6856 }
6857
6858 offset = (uint64_t)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6859 #endif /* HAVE_LONGLONG */
6860 }
6861
6862 return offset;
6863 }
6864
6865 /****************************************************************************
6866 Reply to a lockingX request.
6867 ****************************************************************************/
6868
6869 void reply_lockingX(struct smb_request *req)
6870 {
6871 connection_struct *conn = req->conn;
6872 files_struct *fsp;
6873 unsigned char locktype;
6874 unsigned char oplocklevel;
6875 uint16 num_ulocks;
6876 uint16 num_locks;
6877 uint64_t count = 0, offset = 0;
6878 uint32 lock_pid;
6879 int32 lock_timeout;
6880 int i;
6881 const uint8_t *data;
6882 bool large_file_format;
6883 bool err;
6884 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6885
6886 START_PROFILE(SMBlockingX);
6887
6888 if (req->wct < 8) {
6889 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6890 END_PROFILE(SMBlockingX);
6891 return;
6892 }
6893
6894 fsp = file_fsp(req, SVAL(req->vwv+2, 0));
6895 locktype = CVAL(req->vwv+3, 0);
6896 oplocklevel = CVAL(req->vwv+3, 1);
6897 num_ulocks = SVAL(req->vwv+6, 0);
6898 num_locks = SVAL(req->vwv+7, 0);
6899 lock_timeout = IVAL(req->vwv+4, 0);
6900 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6901
6902 if (!check_fsp(conn, req, fsp)) {
6903 END_PROFILE(SMBlockingX);
6904 return;
6905 }
6906
6907 data = req->buf;
6908
6909 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6910 /* we don't support these - and CANCEL_LOCK makes w2k
6911 and XP reboot so I don't really want to be
6912 compatible! (tridge) */
6913 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6914 END_PROFILE(SMBlockingX);
6915 return;
6916 }
6917
6918 /* Check if this is an oplock break on a file
6919 we have granted an oplock on.
6920 */
6921 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6922 /* Client can insist on breaking to none. */
6923 bool break_to_none = (oplocklevel == 0);
6924 bool result;
6925
6926 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6927 "for fnum = %d\n", (unsigned int)oplocklevel,
6928 fsp->fnum ));
6929
6930 /*
6931 * Make sure we have granted an exclusive or batch oplock on
6932 * this file.
6933 */
6934
6935 if (fsp->oplock_type == 0) {
6936
6937 /* The Samba4 nbench simulator doesn't understand
6938 the difference between break to level2 and break
6939 to none from level2 - it sends oplock break
6940 replies in both cases. Don't keep logging an error
6941 message here - just ignore it. JRA. */
6942
6943 DEBUG(5,("reply_lockingX: Error : oplock break from "
6944 "client for fnum = %d (oplock=%d) and no "
6945 "oplock granted on this file (%s).\n",
6946 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6947
6948 /* if this is a pure oplock break request then don't
6949 * send a reply */
6950 if (num_locks == 0 && num_ulocks == 0) {
6951 END_PROFILE(SMBlockingX);
6952 return;
6953 } else {
6954 END_PROFILE(SMBlockingX);
6955 reply_doserror(req, ERRDOS, ERRlock);
6956 return;
6957 }
6958 }
6959
6960 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6961 (break_to_none)) {
6962 result = remove_oplock(fsp);
6963 } else {
6964 result = downgrade_oplock(fsp);
6965 }
6966
6967 if (!result) {
6968 DEBUG(0, ("reply_lockingX: error in removing "
6969 "oplock on file %s\n", fsp->fsp_name));
6970 /* Hmmm. Is this panic justified? */
6971 smb_panic("internal tdb error");
6972 }
6973
6974 reply_to_oplock_break_requests(fsp);
6975
6976 /* if this is a pure oplock break request then don't send a
6977 * reply */
6978 if (num_locks == 0 && num_ulocks == 0) {
6979 /* Sanity check - ensure a pure oplock break is not a
6980 chained request. */
6981 if(CVAL(req->vwv+0, 0) != 0xff)
6982 DEBUG(0,("reply_lockingX: Error : pure oplock "
6983 "break is a chained %d request !\n",
6984 (unsigned int)CVAL(req->vwv+0, 0)));
6985 END_PROFILE(SMBlockingX);
6986 return;
6987 }
6988 }
6989
6990 if (req->buflen <
6991 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6992 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6993 END_PROFILE(SMBlockingX);
6994 return;
6995 }
6996
6997 /* Data now points at the beginning of the list
6998 of smb_unlkrng structs */
6999 for(i = 0; i < (int)num_ulocks; i++) {
7000 lock_pid = get_lock_pid( data, i, large_file_format);
7001 count = get_lock_count( data, i, large_file_format);
7002 offset = get_lock_offset( data, i, large_file_format, &err);
7003
7004 /*
7005 * There is no error code marked "stupid client bug".... :-).
7006 */
7007 if(err) {
7008 END_PROFILE(SMBlockingX);
7009 reply_doserror(req, ERRDOS, ERRnoaccess);
7010 return;
7011 }
7012
7013 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
7014 "pid %u, file %s\n", (double)offset, (double)count,
7015 (unsigned int)lock_pid, fsp->fsp_name ));
7016
7017 status = do_unlock(smbd_messaging_context(),
7018 fsp,
7019 lock_pid,
7020 count,
7021 offset,
7022 WINDOWS_LOCK);
7023
7024 DEBUG(10, ("reply_lockingX: unlock returned %s\n",
7025 nt_errstr(status)));
7026
7027 if (NT_STATUS_V(status)) {
7028 END_PROFILE(SMBlockingX);
7029 reply_nterror(req, status);
7030 return;
7031 }
7032 }
7033
7034 /* Setup the timeout in seconds. */
7035
7036 if (!lp_blocking_locks(SNUM(conn))) {
7037 lock_timeout = 0;
7038 }
7039
7040 /* Now do any requested locks */
7041 data += ((large_file_format ? 20 : 10)*num_ulocks);
7042
7043 /* Data now points at the beginning of the list
7044 of smb_lkrng structs */
7045
7046 for(i = 0; i < (int)num_locks; i++) {
7047 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
7048 READ_LOCK:WRITE_LOCK);
7049 lock_pid = get_lock_pid( data, i, large_file_format);
7050 count = get_lock_count( data, i, large_file_format);
7051 offset = get_lock_offset( data, i, large_file_format, &err);
7052
7053 /*
7054 * There is no error code marked "stupid client bug".... :-).
7055 */
7056 if(err) {
7057 END_PROFILE(SMBlockingX);
7058 reply_doserror(req, ERRDOS, ERRnoaccess);
7059 return;
7060 }
7061
7062 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
7063 "%u, file %s timeout = %d\n", (double)offset,
7064 (double)count, (unsigned int)lock_pid,
7065 fsp->fsp_name, (int)lock_timeout ));
7066
7067 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
7068 struct blocking_lock_record *blr = NULL;
7069
7070 if (lp_blocking_locks(SNUM(conn))) {
7071
7072 /* Schedule a message to ourselves to
7073 remove the blocking lock record and
7074 return the right error. */
7075
7076 blr = blocking_lock_cancel(fsp,
7077 lock_pid,
7078 offset,
7079 count,
7080 WINDOWS_LOCK,
7081 locktype,
7082 NT_STATUS_FILE_LOCK_CONFLICT);
7083 if (blr == NULL) {
7084 END_PROFILE(SMBlockingX);
7085 reply_nterror(
7086 req,
7087 NT_STATUS_DOS(
7088 ERRDOS,
7089 ERRcancelviolation));
7090 return;
7091 }
7092 }
7093 /* Remove a matching pending lock. */
7094 status = do_lock_cancel(fsp,
7095 lock_pid,
7096 count,
7097 offset,
7098 WINDOWS_LOCK,
7099 blr);
7100 } else {
7101 bool blocking_lock = lock_timeout ? True : False;
7102 bool defer_lock = False;
7103 struct byte_range_lock *br_lck;
7104 uint32 block_smbpid;
7105
7106 br_lck = do_lock(smbd_messaging_context(),
7107 fsp,
7108 lock_pid,
7109 count,
7110 offset,
7111 lock_type,
7112 WINDOWS_LOCK,
7113 blocking_lock,
7114 &status,
7115 &block_smbpid,
7116 NULL);
7117
7118 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
7119 /* Windows internal resolution for blocking locks seems
7120 to be about 200ms... Don't wait for less than that. JRA. */
7121 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
7122 lock_timeout = lp_lock_spin_time();
7123 }
7124 defer_lock = True;
7125 }
7126
7127 /* This heuristic seems to match W2K3 very well. If a
7128 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
7129 it pretends we asked for a timeout of between 150 - 300 milliseconds as
7130 far as I can tell. Replacement for do_lock_spin(). JRA. */
7131
7132 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
7133 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
7134 defer_lock = True;
7135 lock_timeout = lp_lock_spin_time();
7136 }
7137
7138 if (br_lck && defer_lock) {
7139 /*
7140 * A blocking lock was requested. Package up
7141 * this smb into a queued request and push it
7142 * onto the blocking lock queue.
7143 */
7144 if(push_blocking_lock_request(br_lck,
7145 req,
7146 fsp,
7147 lock_timeout,
7148 i,
7149 lock_pid,
7150 lock_type,
7151 WINDOWS_LOCK,
7152 offset,
7153 count,
7154 block_smbpid)) {
7155 TALLOC_FREE(br_lck);
7156 END_PROFILE(SMBlockingX);
7157 return;
7158 }
7159 }
7160
7161 TALLOC_FREE(br_lck);
7162 }
7163
7164 if (NT_STATUS_V(status)) {
7165 END_PROFILE(SMBlockingX);
7166 reply_nterror(req, status);
7167 return;
7168 }
7169 }
7170
7171 /* If any of the above locks failed, then we must unlock
7172 all of the previous locks (X/Open spec). */
7173
7174 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
7175 (i != num_locks) &&
7176 (num_locks != 0)) {
7177 /*
7178 * Ensure we don't do a remove on the lock that just failed,
7179 * as under POSIX rules, if we have a lock already there, we
7180 * will delete it (and we shouldn't) .....
7181 */
7182 for(i--; i >= 0; i--) {
7183 lock_pid = get_lock_pid( data, i, large_file_format);
7184 count = get_lock_count( data, i, large_file_format);
7185 offset = get_lock_offset( data, i, large_file_format,
7186 &err);
7187
7188 /*
7189 * There is no error code marked "stupid client
7190 * bug".... :-).
7191 */
7192 if(err) {
7193 END_PROFILE(SMBlockingX);
7194 reply_doserror(req, ERRDOS, ERRnoaccess);
7195 return;
7196 }
7197
7198 do_unlock(smbd_messaging_context(),
7199 fsp,
7200 lock_pid,
7201 count,
7202 offset,
7203 WINDOWS_LOCK);
7204 }
7205 END_PROFILE(SMBlockingX);
7206 reply_nterror(req, status);
7207 return;
7208 }
7209
7210 reply_outbuf(req, 2, 0);
7211
7212 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
7213 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
7214
7215 END_PROFILE(SMBlockingX);
7216 chain_reply(req);
7217 }
7218
7219 #undef DBGC_CLASS
7220 #define DBGC_CLASS DBGC_ALL
7221
7222 /****************************************************************************
7223 Reply to a SMBreadbmpx (read block multiplex) request.
7224 Always reply with an error, if someone has a platform really needs this,
7225 please contact vl@samba.org
7226 ****************************************************************************/
7227
7228 void reply_readbmpx(struct smb_request *req)
7229 {
7230 START_PROFILE(SMBreadBmpx);
7231 reply_doserror(req, ERRSRV, ERRuseSTD);
7232 END_PROFILE(SMBreadBmpx);
7233 return;
7234 }
7235
7236 /****************************************************************************
7237 Reply to a SMBreadbs (read block multiplex secondary) request.
7238 Always reply with an error, if someone has a platform really needs this,
7239 please contact vl@samba.org
7240 ****************************************************************************/
7241
7242 void reply_readbs(struct smb_request *req)
7243 {
7244 START_PROFILE(SMBreadBs);
7245 reply_doserror(req, ERRSRV, ERRuseSTD);
7246 END_PROFILE(SMBreadBs);
7247 return;
7248 }
7249
7250 /****************************************************************************
7251 Reply to a SMBsetattrE.
7252 ****************************************************************************/
7253
7254 void reply_setattrE(struct smb_request *req)
7255 {
7256 connection_struct *conn = req->conn;
7257 struct smb_file_time ft;
7258 files_struct *fsp;
7259 SMB_STRUCT_STAT sbuf;
7260 NTSTATUS status;
7261
7262 START_PROFILE(SMBsetattrE);
7263 ZERO_STRUCT(ft);
7264
7265 if (req->wct < 7) {
7266 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7267 END_PROFILE(SMBsetattrE);
7268 return;
7269 }
7270
7271 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7272
7273 if(!fsp || (fsp->conn != conn)) {
7274 reply_doserror(req, ERRDOS, ERRbadfid);
7275 END_PROFILE(SMBsetattrE);
7276 return;
7277 }
7278
7279
7280 /*
7281 * Convert the DOS times into unix times.
7282 */
7283
7284 ft.atime = convert_time_t_to_timespec(
7285 srv_make_unix_date2(req->vwv+3));
7286 ft.mtime = convert_time_t_to_timespec(
7287 srv_make_unix_date2(req->vwv+5));
7288 ft.create_time = convert_time_t_to_timespec(
7289 srv_make_unix_date2(req->vwv+1));
7290
7291 reply_outbuf(req, 0, 0);
7292
7293 /*
7294 * Patch from Ray Frush <frush@engr.colostate.edu>
7295 * Sometimes times are sent as zero - ignore them.
7296 */
7297
7298 /* Ensure we have a valid stat struct for the source. */
7299 if (fsp->fh->fd != -1) {
7300 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
7301 status = map_nt_error_from_unix(errno);
7302 reply_nterror(req, status);
7303 END_PROFILE(SMBsetattrE);
7304 return;
7305 }
7306 } else {
7307 int ret = -1;
7308
7309 if (fsp->posix_open) {
7310 ret = SMB_VFS_LSTAT(conn, fsp->fsp_name, &sbuf);
7311 } else {
7312 ret = SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf);
7313 }
7314 if (ret == -1) {
7315 status = map_nt_error_from_unix(errno);
7316 reply_nterror(req, status);
7317 END_PROFILE(SMBsetattrE);
7318 return;
7319 }
7320 }
7321
7322 status = smb_set_file_time(conn, fsp, fsp->fsp_name,
7323 &sbuf, &ft, true);
7324 if (!NT_STATUS_IS_OK(status)) {
7325 reply_doserror(req, ERRDOS, ERRnoaccess);
7326 END_PROFILE(SMBsetattrE);
7327 return;
7328 }
7329
7330 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u "
7331 " createtime=%u\n",
7332 fsp->fnum,
7333 (unsigned int)ft.atime.tv_sec,
7334 (unsigned int)ft.mtime.tv_sec,
7335 (unsigned int)ft.create_time.tv_sec
7336 ));
7337
7338 END_PROFILE(SMBsetattrE);
7339 return;
7340 }
7341
7342
7343 /* Back from the dead for OS/2..... JRA. */
7344
7345 /****************************************************************************
7346 Reply to a SMBwritebmpx (write block multiplex primary) request.
7347 Always reply with an error, if someone has a platform really needs this,
7348 please contact vl@samba.org
7349 ****************************************************************************/
7350
7351 void reply_writebmpx(struct smb_request *req)
7352 {
7353 START_PROFILE(SMBwriteBmpx);
7354 reply_doserror(req, ERRSRV, ERRuseSTD);
7355 END_PROFILE(SMBwriteBmpx);
7356 return;
7357 }
7358
7359 /****************************************************************************
7360 Reply to a SMBwritebs (write block multiplex secondary) request.
7361 Always reply with an error, if someone has a platform really needs this,
7362 please contact vl@samba.org
7363 ****************************************************************************/
7364
7365 void reply_writebs(struct smb_request *req)
7366 {
7367 START_PROFILE(SMBwriteBs);
7368 reply_doserror(req, ERRSRV, ERRuseSTD);
7369 END_PROFILE(SMBwriteBs);
7370 return;
7371 }
7372
7373 /****************************************************************************
7374 Reply to a SMBgetattrE.
7375 ****************************************************************************/
7376
7377 void reply_getattrE(struct smb_request *req)
7378 {
7379 connection_struct *conn = req->conn;
7380 SMB_STRUCT_STAT sbuf;
7381 int mode;
7382 files_struct *fsp;
7383 struct timespec create_ts;
7384
7385 START_PROFILE(SMBgetattrE);
7386
7387 if (req->wct < 1) {
7388 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7389 END_PROFILE(SMBgetattrE);
7390 return;
7391 }
7392
7393 fsp = file_fsp(req, SVAL(req->vwv+0, 0));
7394
7395 if(!fsp || (fsp->conn != conn)) {
7396 reply_doserror(req, ERRDOS, ERRbadfid);
7397 END_PROFILE(SMBgetattrE);
7398 return;
7399 }
7400
7401 /* Do an fstat on this file */
7402 if(fsp_stat(fsp, &sbuf)) {
7403 reply_unixerror(req, ERRDOS, ERRnoaccess);
7404 END_PROFILE(SMBgetattrE);
7405 return;
7406 }
7407
7408 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7409
7410 /*
7411 * Convert the times into dos times. Set create
7412 * date to be last modify date as UNIX doesn't save
7413 * this.
7414 */
7415
7416 reply_outbuf(req, 11, 0);
7417
7418 create_ts = get_create_timespec(&sbuf,
7419 lp_fake_dir_create_times(SNUM(conn)));
7420 srv_put_dos_date2((char *)req->outbuf, smb_vwv0, create_ts.tv_sec);
7421 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7422 /* Should we check pending modtime here ? JRA */
7423 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7424
7425 if (mode & aDIR) {
7426 SIVAL(req->outbuf, smb_vwv6, 0);
7427 SIVAL(req->outbuf, smb_vwv8, 0);
7428 } else {
7429 uint32 allocation_size = SMB_VFS_GET_ALLOC_SIZE(conn,fsp, &sbuf);
7430 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7431 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7432 }
7433 SSVAL(req->outbuf,smb_vwv10, mode);
7434
7435 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7436
7437 END_PROFILE(SMBgetattrE);
7438 return;
7439 }
WIP