2 Unix SMB/CIFS implementation.
3 SMB NT transaction handling
4 Copyright (C) Jeremy Allison 1994-2007
5 Copyright (C) Stefan (metze) Metzmacher 2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 extern enum protocol_types Protocol
;
25 extern struct current_user current_user
;
27 static const char *known_nt_pipes
[] = {
48 static char *nttrans_realloc(char **ptr
, size_t size
)
51 smb_panic("nttrans_realloc() called with NULL ptr");
54 *ptr
= (char *)SMB_REALLOC(*ptr
, size
);
58 memset(*ptr
,'\0',size
);
62 /****************************************************************************
63 Send the required number of replies back.
64 We assume all fields other than the data fields are
65 set correctly for the type of call.
66 HACK ! Always assumes smb_setup field is zero.
67 ****************************************************************************/
69 void send_nt_replies(struct smb_request
*req
, NTSTATUS nt_error
,
70 char *params
, int paramsize
,
71 char *pdata
, int datasize
)
73 int data_to_send
= datasize
;
74 int params_to_send
= paramsize
;
78 int params_sent_thistime
, data_sent_thistime
, total_sent_thistime
;
79 int alignment_offset
= 3;
80 int data_alignment_offset
= 0;
83 * If there genuinely are no parameters or data to send just send
87 if(params_to_send
== 0 && data_to_send
== 0) {
88 reply_outbuf(req
, 18, 0);
89 show_msg((char *)req
->outbuf
);
94 * When sending params and data ensure that both are nicely aligned.
95 * Only do this alignment when there is also data to send - else
96 * can cause NT redirector problems.
99 if (((params_to_send
% 4) != 0) && (data_to_send
!= 0)) {
100 data_alignment_offset
= 4 - (params_to_send
% 4);
104 * Space is bufsize minus Netbios over TCP header minus SMB header.
105 * The alignment_offset is to align the param bytes on a four byte
106 * boundary (2 bytes for data len, one byte pad).
107 * NT needs this to work correctly.
110 useable_space
= max_send
- (smb_size
113 + data_alignment_offset
);
116 * useable_space can never be more than max_send minus the
120 useable_space
= MIN(useable_space
,
121 max_send
- (alignment_offset
+data_alignment_offset
));
124 while (params_to_send
|| data_to_send
) {
127 * Calculate whether we will totally or partially fill this packet.
130 total_sent_thistime
= params_to_send
+ data_to_send
+
131 alignment_offset
+ data_alignment_offset
;
134 * We can never send more than useable_space.
137 total_sent_thistime
= MIN(total_sent_thistime
, useable_space
);
139 reply_outbuf(req
, 18, total_sent_thistime
);
142 * Set total params and data to be sent.
145 SIVAL(req
->outbuf
,smb_ntr_TotalParameterCount
,paramsize
);
146 SIVAL(req
->outbuf
,smb_ntr_TotalDataCount
,datasize
);
149 * Calculate how many parameters and data we can fit into
150 * this packet. Parameters get precedence.
153 params_sent_thistime
= MIN(params_to_send
,useable_space
);
154 data_sent_thistime
= useable_space
- params_sent_thistime
;
155 data_sent_thistime
= MIN(data_sent_thistime
,data_to_send
);
157 SIVAL(req
->outbuf
, smb_ntr_ParameterCount
,
158 params_sent_thistime
);
160 if(params_sent_thistime
== 0) {
161 SIVAL(req
->outbuf
,smb_ntr_ParameterOffset
,0);
162 SIVAL(req
->outbuf
,smb_ntr_ParameterDisplacement
,0);
165 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
166 * parameter bytes, however the first 4 bytes of outbuf are
167 * the Netbios over TCP header. Thus use smb_base() to subtract
168 * them from the calculation.
171 SIVAL(req
->outbuf
,smb_ntr_ParameterOffset
,
172 ((smb_buf(req
->outbuf
)+alignment_offset
)
173 - smb_base(req
->outbuf
)));
175 * Absolute displacement of param bytes sent in this packet.
178 SIVAL(req
->outbuf
, smb_ntr_ParameterDisplacement
,
183 * Deal with the data portion.
186 SIVAL(req
->outbuf
, smb_ntr_DataCount
, data_sent_thistime
);
188 if(data_sent_thistime
== 0) {
189 SIVAL(req
->outbuf
,smb_ntr_DataOffset
,0);
190 SIVAL(req
->outbuf
,smb_ntr_DataDisplacement
, 0);
193 * The offset of the data bytes is the offset of the
194 * parameter bytes plus the number of parameters being sent this time.
197 SIVAL(req
->outbuf
, smb_ntr_DataOffset
,
198 ((smb_buf(req
->outbuf
)+alignment_offset
) -
199 smb_base(req
->outbuf
))
200 + params_sent_thistime
+ data_alignment_offset
);
201 SIVAL(req
->outbuf
,smb_ntr_DataDisplacement
, pd
- pdata
);
205 * Copy the param bytes into the packet.
208 if(params_sent_thistime
) {
209 if (alignment_offset
!= 0) {
210 memset(smb_buf(req
->outbuf
), 0,
213 memcpy((smb_buf(req
->outbuf
)+alignment_offset
), pp
,
214 params_sent_thistime
);
218 * Copy in the data bytes
221 if(data_sent_thistime
) {
222 if (data_alignment_offset
!= 0) {
223 memset((smb_buf(req
->outbuf
)+alignment_offset
+
224 params_sent_thistime
), 0,
225 data_alignment_offset
);
227 memcpy(smb_buf(req
->outbuf
)+alignment_offset
228 +params_sent_thistime
+data_alignment_offset
,
229 pd
,data_sent_thistime
);
232 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
233 params_sent_thistime
, data_sent_thistime
, useable_space
));
234 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
235 params_to_send
, data_to_send
, paramsize
, datasize
));
237 if (NT_STATUS_V(nt_error
)) {
238 error_packet_set((char *)req
->outbuf
,
243 /* Send the packet */
244 show_msg((char *)req
->outbuf
);
245 if (!send_smb(smbd_server_fd(),(char *)req
->outbuf
)) {
246 exit_server_cleanly("send_nt_replies: send_smb failed.");
249 TALLOC_FREE(req
->outbuf
);
251 pp
+= params_sent_thistime
;
252 pd
+= data_sent_thistime
;
254 params_to_send
-= params_sent_thistime
;
255 data_to_send
-= data_sent_thistime
;
261 if(params_to_send
< 0 || data_to_send
< 0) {
262 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
263 params_to_send
, data_to_send
));
269 /****************************************************************************
270 Is it an NTFS stream name ?
271 ****************************************************************************/
273 bool is_ntfs_stream_name(const char *fname
)
275 if (lp_posix_pathnames()) {
278 return (strchr_m(fname
, ':') != NULL
) ? True
: False
;
281 struct case_semantics_state
{
282 connection_struct
*conn
;
285 bool short_case_preserve
;
288 /****************************************************************************
289 Restore case semantics.
290 ****************************************************************************/
291 static int restore_case_semantics(struct case_semantics_state
*state
)
293 state
->conn
->case_sensitive
= state
->case_sensitive
;
294 state
->conn
->case_preserve
= state
->case_preserve
;
295 state
->conn
->short_case_preserve
= state
->short_case_preserve
;
299 /****************************************************************************
301 ****************************************************************************/
302 static struct case_semantics_state
*set_posix_case_semantics(TALLOC_CTX
*mem_ctx
,
303 connection_struct
*conn
)
305 struct case_semantics_state
*result
;
307 if (!(result
= talloc(mem_ctx
, struct case_semantics_state
))) {
308 DEBUG(0, ("talloc failed\n"));
313 result
->case_sensitive
= conn
->case_sensitive
;
314 result
->case_preserve
= conn
->case_preserve
;
315 result
->short_case_preserve
= conn
->short_case_preserve
;
318 conn
->case_sensitive
= True
;
319 conn
->case_preserve
= True
;
320 conn
->short_case_preserve
= True
;
322 talloc_set_destructor(result
, restore_case_semantics
);
327 /****************************************************************************
328 Reply to an NT create and X call on a pipe
329 ****************************************************************************/
331 static void nt_open_pipe(char *fname
, connection_struct
*conn
,
332 struct smb_request
*req
, int *ppnum
)
334 smb_np_struct
*p
= NULL
;
337 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname
));
339 /* See if it is one we want to handle. */
341 if (lp_disable_spoolss() && strequal(fname
, "\\spoolss")) {
342 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
347 for( i
= 0; known_nt_pipes
[i
]; i
++ ) {
348 if( strequal(fname
,known_nt_pipes
[i
])) {
353 if ( known_nt_pipes
[i
] == NULL
) {
354 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
359 /* Strip \\ off the name. */
362 DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname
));
364 p
= open_rpc_pipe_p(fname
, conn
, req
->vuid
);
366 reply_doserror(req
, ERRSRV
, ERRnofids
);
370 /* TODO: Add pipe to db */
372 if ( !store_pipe_opendb( p
) ) {
373 DEBUG(3,("nt_open_pipe: failed to store %s pipe open.\n", fname
));
380 /****************************************************************************
381 Reply to an NT create and X call for pipes.
382 ****************************************************************************/
384 static void do_ntcreate_pipe_open(connection_struct
*conn
,
385 struct smb_request
*req
)
390 uint32 flags
= IVAL(req
->inbuf
,smb_ntcreate_Flags
);
391 TALLOC_CTX
*ctx
= talloc_tos();
393 srvstr_pull_buf_talloc(ctx
, (char *)req
->inbuf
, req
->flags2
, &fname
,
394 smb_buf(req
->inbuf
), STR_TERMINATE
);
397 reply_botherror(req
, NT_STATUS_OBJECT_NAME_NOT_FOUND
,
401 nt_open_pipe(fname
, conn
, req
, &pnum
);
409 * Deal with pipe return.
412 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
413 /* This is very strange. We
414 * return 50 words, but only set
415 * the wcnt to 42 ? It's definately
416 * what happens on the wire....
418 reply_outbuf(req
, 50, 0);
419 SCVAL(req
->outbuf
,smb_wct
,42);
421 reply_outbuf(req
, 34, 0);
424 p
= (char *)req
->outbuf
+ smb_vwv2
;
428 SIVAL(p
,0,FILE_WAS_OPENED
);
431 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
434 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
436 SSVAL(p
,2, 0x5FF); /* ? */
439 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
441 SIVAL(p
,0,FILE_GENERIC_ALL
);
443 * For pipes W2K3 seems to return
445 * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
447 SIVAL(p
,4,(FILE_GENERIC_READ
|FILE_GENERIC_WRITE
)&~FILE_APPEND_DATA
);
450 DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname
));
455 /****************************************************************************
456 Reply to an NT create and X call for a quota file.
457 ****************************************************************************/
459 static void reply_ntcreate_and_X_quota(connection_struct
*conn
,
460 struct smb_request
*req
,
461 enum FAKE_FILE_TYPE fake_file_type
,
465 uint32 desired_access
= IVAL(req
->inbuf
,smb_ntcreate_DesiredAccess
);
469 status
= open_fake_file(conn
, fake_file_type
, fname
, desired_access
,
472 if (!NT_STATUS_IS_OK(status
)) {
473 reply_nterror(req
, status
);
477 reply_outbuf(req
, 34, 0);
479 p
= (char *)req
->outbuf
+ smb_vwv2
;
481 /* SCVAL(p,0,NO_OPLOCK_RETURN); */
483 SSVAL(p
,0,fsp
->fnum
);
485 DEBUG(5,("reply_ntcreate_and_X_quota: fnum = %d, open name = %s\n", fsp
->fnum
, fsp
->fsp_name
));
490 /****************************************************************************
491 Reply to an NT create and X call.
492 ****************************************************************************/
494 void reply_ntcreate_and_X(connection_struct
*conn
,
495 struct smb_request
*req
)
500 uint32 file_attributes
;
502 uint32 create_disposition
;
503 uint32 create_options
;
505 SMB_BIG_UINT allocation_size
;
506 /* Breakout the oplock request bits so we can set the
507 reply bits separately. */
508 int oplock_request
= 0;
510 SMB_OFF_T file_len
= 0;
511 SMB_STRUCT_STAT sbuf
;
513 files_struct
*fsp
= NULL
;
515 struct timespec c_timespec
;
516 struct timespec a_timespec
;
517 struct timespec m_timespec
;
518 bool extended_oplock_granted
= False
;
520 struct case_semantics_state
*case_state
= NULL
;
521 TALLOC_CTX
*ctx
= talloc_tos();
523 START_PROFILE(SMBntcreateX
);
526 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
530 flags
= IVAL(req
->inbuf
,smb_ntcreate_Flags
);
531 access_mask
= IVAL(req
->inbuf
,smb_ntcreate_DesiredAccess
);
532 file_attributes
= IVAL(req
->inbuf
,smb_ntcreate_FileAttributes
);
533 share_access
= IVAL(req
->inbuf
,smb_ntcreate_ShareAccess
);
534 create_disposition
= IVAL(req
->inbuf
,smb_ntcreate_CreateDisposition
);
535 create_options
= IVAL(req
->inbuf
,smb_ntcreate_CreateOptions
);
536 root_dir_fid
= (uint16
)IVAL(req
->inbuf
,smb_ntcreate_RootDirectoryFid
);
538 allocation_size
= (SMB_BIG_UINT
)IVAL(req
->inbuf
,smb_ntcreate_AllocationSize
);
539 #ifdef LARGE_SMB_OFF_T
540 allocation_size
|= (((SMB_BIG_UINT
)IVAL(req
->inbuf
,smb_ntcreate_AllocationSize
+ 4)) << 32);
543 srvstr_get_path(ctx
, (char *)req
->inbuf
, req
->flags2
, &fname
,
544 smb_buf(req
->inbuf
), 0, STR_TERMINATE
, &status
);
546 if (!NT_STATUS_IS_OK(status
)) {
547 reply_nterror(req
, status
);
548 END_PROFILE(SMBntcreateX
);
552 DEBUG(10,("reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x "
553 "file_attributes = 0x%x, share_access = 0x%x, "
554 "create_disposition = 0x%x create_options = 0x%x "
555 "root_dir_fid = 0x%x, fname = %s\n",
557 (unsigned int)access_mask
,
558 (unsigned int)file_attributes
,
559 (unsigned int)share_access
,
560 (unsigned int)create_disposition
,
561 (unsigned int)create_options
,
562 (unsigned int)root_dir_fid
,
566 * If it's an IPC, use the pipe handler.
570 if (lp_nt_pipe_support()) {
571 do_ntcreate_pipe_open(conn
, req
);
572 END_PROFILE(SMBntcreateX
);
575 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
576 END_PROFILE(SMBntcreateX
);
581 if (create_options
& FILE_OPEN_BY_FILE_ID
) {
582 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
583 END_PROFILE(SMBntcreateX
);
591 if (root_dir_fid
!= 0) {
593 * This filename is relative to a directory fid.
595 char *parent_fname
= NULL
;
597 files_struct
*dir_fsp
= file_fsp(root_dir_fid
);
600 reply_doserror(req
, ERRDOS
, ERRbadfid
);
601 END_PROFILE(SMBntcreateX
);
605 if(!dir_fsp
->is_directory
) {
608 * Check to see if this is a mac fork of some kind.
611 if( is_ntfs_stream_name(fname
)) {
613 req
, NT_STATUS_OBJECT_PATH_NOT_FOUND
);
614 END_PROFILE(SMBntcreateX
);
619 we need to handle the case when we get a
620 relative open relative to a file and the
621 pathname is blank - this is a reopen!
622 (hint from demyn plantenberg)
625 reply_doserror(req
, ERRDOS
, ERRbadfid
);
626 END_PROFILE(SMBntcreateX
);
630 if (ISDOT(dir_fsp
->fsp_name
)) {
632 * We're at the toplevel dir, the final file name
633 * must not contain ./, as this is filtered out
634 * normally by srvstr_get_path and unix_convert
635 * explicitly rejects paths containing ./.
637 parent_fname
= talloc_strdup(ctx
,"");
639 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
640 END_PROFILE(SMBntcreateX
);
644 size_t dir_name_len
= strlen(dir_fsp
->fsp_name
);
647 * Copy in the base directory name.
650 parent_fname
= TALLOC_ARRAY(ctx
, char, dir_name_len
+2);
652 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
653 END_PROFILE(SMBntcreateX
);
656 memcpy(parent_fname
, dir_fsp
->fsp_name
,
660 * Ensure it ends in a '/'.
661 * We used TALLOC_SIZE +2 to add space for the '/'.
665 && (parent_fname
[dir_name_len
-1] != '\\')
666 && (parent_fname
[dir_name_len
-1] != '/')) {
667 parent_fname
[dir_name_len
] = '/';
668 parent_fname
[dir_name_len
+1] = '\0';
672 tmp
= talloc_asprintf(ctx
, "%s%s", parent_fname
, fname
);
674 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
675 END_PROFILE(SMBntcreateX
);
682 * Check to see if this is a mac fork of some kind.
685 if( is_ntfs_stream_name(fname
)) {
686 enum FAKE_FILE_TYPE fake_file_type
= is_fake_file(fname
);
687 if (fake_file_type
!=FAKE_FILE_TYPE_NONE
) {
689 * Here we go! support for changing the disk quotas --metze
691 * We need to fake up to open this MAGIC QUOTA file
692 * and return a valid FID.
694 * w2k close this file directly after openening
695 * xp also tries a QUERY_FILE_INFO on the file and then close it
697 reply_ntcreate_and_X_quota(conn
, req
,
698 fake_file_type
, fname
);
700 reply_nterror(req
, NT_STATUS_OBJECT_PATH_NOT_FOUND
);
702 END_PROFILE(SMBntcreateX
);
708 * Now contruct the smb_open_mode value from the filename,
709 * desired access and the share access.
711 status
= resolve_dfspath(ctx
, conn
,
712 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
715 if (!NT_STATUS_IS_OK(status
)) {
716 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
717 reply_botherror(req
, NT_STATUS_PATH_NOT_COVERED
,
721 reply_nterror(req
, status
);
723 END_PROFILE(SMBntcreateX
);
727 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
728 if (oplock_request
) {
729 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
) ? BATCH_OPLOCK
: 0;
733 * Ordinary file or directory.
737 * Check if POSIX semantics are wanted.
740 if (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
741 case_state
= set_posix_case_semantics(NULL
, conn
);
742 file_attributes
&= ~FILE_FLAG_POSIX_SEMANTICS
;
745 status
= unix_convert(ctx
, conn
, fname
, False
, &fname
, NULL
, &sbuf
);
746 if (!NT_STATUS_IS_OK(status
)) {
747 TALLOC_FREE(case_state
);
748 reply_nterror(req
, status
);
749 END_PROFILE(SMBntcreateX
);
752 /* All file access must go through check_name() */
753 status
= check_name(conn
, fname
);
754 if (!NT_STATUS_IS_OK(status
)) {
755 TALLOC_FREE(case_state
);
756 reply_nterror(req
, status
);
757 END_PROFILE(SMBntcreateX
);
761 /* This is the correct thing to do (check every time) but can_delete is
762 expensive (it may have to read the parent directory permissions). So
763 for now we're not doing it unless we have a strong hint the client
764 is really going to delete this file. If the client is forcing FILE_CREATE
765 let the filesystem take care of the permissions. */
767 /* Setting FILE_SHARE_DELETE is the hint. */
769 if (lp_acl_check_permissions(SNUM(conn
))
770 && (create_disposition
!= FILE_CREATE
)
771 && (share_access
& FILE_SHARE_DELETE
)
772 && (access_mask
& DELETE_ACCESS
)) {
773 if (((dos_mode(conn
, fname
, &sbuf
) & FILE_ATTRIBUTE_READONLY
)
774 && !lp_delete_readonly(SNUM(conn
))) ||
775 !can_delete_file_in_directory(conn
, fname
)) {
776 TALLOC_FREE(case_state
);
777 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
778 END_PROFILE(SMBntcreateX
);
784 /* We need to support SeSecurityPrivilege for this. */
785 if ((access_mask
& SEC_RIGHT_SYSTEM_SECURITY
) &&
786 !user_has_privileges(current_user
.nt_user_token
,
788 TALLOC_FREE(case_state
);
789 END_PROFILE(SMBntcreateX
);
790 return ERROR_NT(NT_STATUS_PRIVILEGE_NOT_HELD
);
795 * If it's a request for a directory open, deal with it separately.
798 if(create_options
& FILE_DIRECTORY_FILE
) {
800 /* Can't open a temp directory. IFS kit test. */
801 if (file_attributes
& FILE_ATTRIBUTE_TEMPORARY
) {
802 TALLOC_FREE(case_state
);
803 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
804 END_PROFILE(SMBntcreateX
);
809 status
= open_directory(conn
, req
, fname
, &sbuf
,
820 * Ordinary file case.
823 /* NB. We have a potential bug here. If we
824 * cause an oplock break to ourselves, then we
825 * could end up processing filename related
826 * SMB requests whilst we await the oplock
827 * break response. As we may have changed the
828 * filename case semantics to be POSIX-like,
829 * this could mean a filename request could
830 * fail when it should succeed. This is a rare
831 * condition, but eventually we must arrange
832 * to restore the correct case semantics
833 * before issuing an oplock break request to
834 * our client. JRA. */
836 status
= open_file_ntcreate(conn
, req
, fname
, &sbuf
,
845 /* We cheat here. There are two cases we
846 * care about. One is a directory rename,
847 * where the NT client will attempt to
848 * open the source directory for
849 * DELETE access. Note that when the
850 * NT client does this it does *not*
851 * set the directory bit in the
852 * request packet. This is translated
853 * into a read/write open
854 * request. POSIX states that any open
855 * for write request on a directory
856 * will generate an EISDIR error, so
857 * we can catch this here and open a
858 * pseudo handle that is flagged as a
859 * directory. The second is an open
860 * for a permissions read only, which
861 * we handle in the open_file_stat case. JRA.
864 if (NT_STATUS_EQUAL(status
, NT_STATUS_FILE_IS_A_DIRECTORY
)) {
867 * Fail the open if it was explicitly a non-directory
871 if (create_options
& FILE_NON_DIRECTORY_FILE
) {
872 TALLOC_FREE(case_state
);
873 reply_force_nterror(req
,
874 NT_STATUS_FILE_IS_A_DIRECTORY
);
875 END_PROFILE(SMBntcreateX
);
880 status
= open_directory(conn
, req
, fname
,
891 TALLOC_FREE(case_state
);
893 if (!NT_STATUS_IS_OK(status
)) {
894 if (open_was_deferred(req
->mid
)) {
895 /* We have re-scheduled this call. */
896 END_PROFILE(SMBntcreateX
);
899 reply_openerror(req
, status
);
900 END_PROFILE(SMBntcreateX
);
904 file_len
= sbuf
.st_size
;
905 fattr
= dos_mode(conn
,fname
,&sbuf
);
907 fattr
= FILE_ATTRIBUTE_NORMAL
;
909 if (!fsp
->is_directory
&& (fattr
& aDIR
)) {
910 close_file(fsp
,ERROR_CLOSE
);
911 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
912 END_PROFILE(SMBntcreateX
);
916 /* Save the requested allocation size. */
917 if ((info
== FILE_WAS_CREATED
) || (info
== FILE_WAS_OVERWRITTEN
)) {
918 if (allocation_size
&& (allocation_size
> (SMB_BIG_UINT
)file_len
)) {
919 fsp
->initial_allocation_size
= smb_roundup(fsp
->conn
, allocation_size
);
920 if (fsp
->is_directory
) {
921 close_file(fsp
,ERROR_CLOSE
);
922 /* Can't set allocation size on a directory. */
923 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
924 END_PROFILE(SMBntcreateX
);
927 if (vfs_allocate_file_space(fsp
, fsp
->initial_allocation_size
) == -1) {
928 close_file(fsp
,ERROR_CLOSE
);
929 reply_nterror(req
, NT_STATUS_DISK_FULL
);
930 END_PROFILE(SMBntcreateX
);
934 fsp
->initial_allocation_size
= smb_roundup(fsp
->conn
,(SMB_BIG_UINT
)file_len
);
939 * If the caller set the extended oplock request bit
940 * and we granted one (by whatever means) - set the
941 * correct bit for extended oplock reply.
944 if (oplock_request
&& lp_fake_oplocks(SNUM(conn
))) {
945 extended_oplock_granted
= True
;
948 if(oplock_request
&& EXCLUSIVE_OPLOCK_TYPE(fsp
->oplock_type
)) {
949 extended_oplock_granted
= True
;
952 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
953 /* This is very strange. We
954 * return 50 words, but only set
955 * the wcnt to 42 ? It's definately
956 * what happens on the wire....
958 reply_outbuf(req
, 50, 0);
959 SCVAL(req
->outbuf
,smb_wct
,42);
961 reply_outbuf(req
, 34, 0);
964 p
= (char *)req
->outbuf
+ smb_vwv2
;
967 * Currently as we don't support level II oplocks we just report
968 * exclusive & batch here.
971 if (extended_oplock_granted
) {
972 if (flags
& REQUEST_BATCH_OPLOCK
) {
973 SCVAL(p
,0, BATCH_OPLOCK_RETURN
);
975 SCVAL(p
,0, EXCLUSIVE_OPLOCK_RETURN
);
977 } else if (fsp
->oplock_type
== LEVEL_II_OPLOCK
) {
978 SCVAL(p
,0, LEVEL_II_OPLOCK_RETURN
);
980 SCVAL(p
,0,NO_OPLOCK_RETURN
);
984 SSVAL(p
,0,fsp
->fnum
);
986 if ((create_disposition
== FILE_SUPERSEDE
) && (info
== FILE_WAS_OVERWRITTEN
)) {
987 SIVAL(p
,0,FILE_WAS_SUPERSEDED
);
994 c_timespec
= get_create_timespec(&sbuf
,lp_fake_dir_create_times(SNUM(conn
)));
995 a_timespec
= get_atimespec(&sbuf
);
996 m_timespec
= get_mtimespec(&sbuf
);
998 if (lp_dos_filetime_resolution(SNUM(conn
))) {
999 dos_filetime_timespec(&c_timespec
);
1000 dos_filetime_timespec(&a_timespec
);
1001 dos_filetime_timespec(&m_timespec
);
1004 put_long_date_timespec(p
, c_timespec
); /* create time. */
1006 put_long_date_timespec(p
, a_timespec
); /* access time */
1008 put_long_date_timespec(p
, m_timespec
); /* write time */
1010 put_long_date_timespec(p
, m_timespec
); /* change time */
1012 SIVAL(p
,0,fattr
); /* File Attributes. */
1014 SOFF_T(p
, 0, get_allocation_size(conn
,fsp
,&sbuf
));
1016 SOFF_T(p
,0,file_len
);
1018 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1022 SCVAL(p
,0,fsp
->is_directory
? 1 : 0);
1024 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1027 if (fsp
->is_directory
|| can_write_to_file(conn
, fname
, &sbuf
)) {
1028 perms
= FILE_GENERIC_ALL
;
1030 perms
= FILE_GENERIC_READ
|FILE_EXECUTE
;
1035 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp
->fnum
, fsp
->fsp_name
));
1038 END_PROFILE(SMBntcreateX
);
1042 /****************************************************************************
1043 Reply to a NT_TRANSACT_CREATE call to open a pipe.
1044 ****************************************************************************/
1046 static void do_nt_transact_create_pipe(connection_struct
*conn
,
1047 struct smb_request
*req
,
1048 uint16
**ppsetup
, uint32 setup_count
,
1049 char **ppparams
, uint32 parameter_count
,
1050 char **ppdata
, uint32 data_count
)
1053 char *params
= *ppparams
;
1059 TALLOC_CTX
*ctx
= talloc_tos();
1062 * Ensure minimum number of parameters sent.
1065 if(parameter_count
< 54) {
1066 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count
));
1067 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
1071 flags
= IVAL(params
,0);
1073 srvstr_get_path(ctx
, params
, req
->flags2
, &fname
, params
+53,
1074 parameter_count
-53, STR_TERMINATE
,
1076 if (!NT_STATUS_IS_OK(status
)) {
1077 reply_nterror(req
, status
);
1081 nt_open_pipe(fname
, conn
, req
, &pnum
);
1088 /* Realloc the size of parameters and data we will return */
1089 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1090 /* Extended response is 32 more byyes. */
1095 params
= nttrans_realloc(ppparams
, param_len
);
1096 if(params
== NULL
) {
1097 reply_doserror(req
, ERRDOS
, ERRnomem
);
1102 SCVAL(p
,0,NO_OPLOCK_RETURN
);
1107 SIVAL(p
,0,FILE_WAS_OPENED
);
1111 SIVAL(p
,0,FILE_ATTRIBUTE_NORMAL
); /* File Attributes. */
1114 SSVAL(p
,0,FILE_TYPE_MESSAGE_MODE_PIPE
);
1116 SSVAL(p
,2, 0x5FF); /* ? */
1119 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1121 SIVAL(p
,0,FILE_GENERIC_ALL
);
1123 * For pipes W2K3 seems to return
1125 * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
1127 SIVAL(p
,4,(FILE_GENERIC_READ
|FILE_GENERIC_WRITE
)&~FILE_APPEND_DATA
);
1130 DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname
));
1132 /* Send the required number of replies */
1133 send_nt_replies(req
, NT_STATUS_OK
, params
, param_len
, *ppdata
, 0);
1138 /****************************************************************************
1139 Internal fn to set security descriptors.
1140 ****************************************************************************/
1142 static NTSTATUS
set_sd(files_struct
*fsp
, char *data
, uint32 sd_len
, uint32 security_info_sent
)
1145 SEC_DESC
*psd
= NULL
;
1146 TALLOC_CTX
*mem_ctx
;
1149 if (sd_len
== 0 || !lp_nt_acl_support(SNUM(fsp
->conn
))) {
1150 return NT_STATUS_OK
;
1154 * Init the parse struct we will unmarshall from.
1157 if ((mem_ctx
= talloc_init("set_sd")) == NULL
) {
1158 DEBUG(0,("set_sd: talloc_init failed.\n"));
1159 return NT_STATUS_NO_MEMORY
;
1162 prs_init(&pd
, 0, mem_ctx
, UNMARSHALL
);
1165 * Setup the prs_struct to point at the memory we just
1169 prs_give_memory( &pd
, data
, sd_len
, False
);
1172 * Finally, unmarshall from the data buffer.
1175 if(!sec_io_desc( "sd data", &psd
, &pd
, 1)) {
1176 DEBUG(0,("set_sd: Error in unmarshalling security descriptor.\n"));
1178 * Return access denied for want of a better error message..
1180 talloc_destroy(mem_ctx
);
1181 return NT_STATUS_NO_MEMORY
;
1184 if (psd
->owner_sid
==0) {
1185 security_info_sent
&= ~OWNER_SECURITY_INFORMATION
;
1187 if (psd
->group_sid
==0) {
1188 security_info_sent
&= ~GROUP_SECURITY_INFORMATION
;
1191 security_info_sent
&= ~SACL_SECURITY_INFORMATION
;
1194 security_info_sent
&= ~DACL_SECURITY_INFORMATION
;
1197 status
= SMB_VFS_FSET_NT_ACL( fsp
, fsp
->fh
->fd
, security_info_sent
, psd
);
1199 talloc_destroy(mem_ctx
);
1203 /****************************************************************************
1204 Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
1205 ****************************************************************************/
1207 static struct ea_list
*read_nttrans_ea_list(TALLOC_CTX
*ctx
, const char *pdata
, size_t data_size
)
1209 struct ea_list
*ea_list_head
= NULL
;
1212 if (data_size
< 4) {
1216 while (offset
+ 4 <= data_size
) {
1217 size_t next_offset
= IVAL(pdata
,offset
);
1218 struct ea_list
*eal
= read_ea_list_entry(ctx
, pdata
+ offset
+ 4, data_size
- offset
- 4, NULL
);
1224 DLIST_ADD_END(ea_list_head
, eal
, struct ea_list
*);
1225 if (next_offset
== 0) {
1228 offset
+= next_offset
;
1231 return ea_list_head
;
1234 /****************************************************************************
1235 Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
1236 ****************************************************************************/
1238 static void call_nt_transact_create(connection_struct
*conn
,
1239 struct smb_request
*req
,
1240 uint16
**ppsetup
, uint32 setup_count
,
1241 char **ppparams
, uint32 parameter_count
,
1242 char **ppdata
, uint32 data_count
,
1243 uint32 max_data_count
)
1246 char *params
= *ppparams
;
1247 char *data
= *ppdata
;
1248 /* Breakout the oplock request bits so we can set the reply bits separately. */
1249 int oplock_request
= 0;
1251 SMB_OFF_T file_len
= 0;
1252 SMB_STRUCT_STAT sbuf
;
1254 files_struct
*fsp
= NULL
;
1256 bool extended_oplock_granted
= False
;
1259 uint32 file_attributes
;
1260 uint32 share_access
;
1261 uint32 create_disposition
;
1262 uint32 create_options
;
1265 uint16 root_dir_fid
;
1266 struct timespec c_timespec
;
1267 struct timespec a_timespec
;
1268 struct timespec m_timespec
;
1269 struct ea_list
*ea_list
= NULL
;
1273 struct case_semantics_state
*case_state
= NULL
;
1274 SMB_BIG_UINT allocation_size
;
1275 TALLOC_CTX
*ctx
= talloc_tos();
1277 DEBUG(5,("call_nt_transact_create\n"));
1280 * If it's an IPC, use the pipe handler.
1284 if (lp_nt_pipe_support()) {
1285 do_nt_transact_create_pipe(
1287 ppsetup
, setup_count
,
1288 ppparams
, parameter_count
,
1289 ppdata
, data_count
);
1292 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
1298 * Ensure minimum number of parameters sent.
1301 if(parameter_count
< 54) {
1302 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)parameter_count
));
1303 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1307 flags
= IVAL(params
,0);
1308 access_mask
= IVAL(params
,8);
1309 file_attributes
= IVAL(params
,20);
1310 share_access
= IVAL(params
,24);
1311 create_disposition
= IVAL(params
,28);
1312 create_options
= IVAL(params
,32);
1313 sd_len
= IVAL(params
,36);
1314 ea_len
= IVAL(params
,40);
1315 root_dir_fid
= (uint16
)IVAL(params
,4);
1316 allocation_size
= (SMB_BIG_UINT
)IVAL(params
,12);
1317 #ifdef LARGE_SMB_OFF_T
1318 allocation_size
|= (((SMB_BIG_UINT
)IVAL(params
,16)) << 32);
1321 /* Ensure the data_len is correct for the sd and ea values given. */
1322 if ((ea_len
+ sd_len
> data_count
) ||
1323 (ea_len
> data_count
) || (sd_len
> data_count
) ||
1324 (ea_len
+ sd_len
< ea_len
) || (ea_len
+ sd_len
< sd_len
)) {
1325 DEBUG(10,("call_nt_transact_create - ea_len = %u, sd_len = %u, data_count = %u\n",
1326 (unsigned int)ea_len
, (unsigned int)sd_len
, (unsigned int)data_count
));
1327 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1332 if (!lp_ea_support(SNUM(conn
))) {
1333 DEBUG(10,("call_nt_transact_create - ea_len = %u but EA's not supported.\n",
1334 (unsigned int)ea_len
));
1335 reply_nterror(req
, NT_STATUS_EAS_NOT_SUPPORTED
);
1340 DEBUG(10,("call_nt_transact_create - ea_len = %u - too small (should be more than 10)\n",
1341 (unsigned int)ea_len
));
1342 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1347 srvstr_get_path(ctx
, params
, req
->flags2
, &fname
,
1348 params
+53, parameter_count
-53,
1349 STR_TERMINATE
, &status
);
1350 if (!NT_STATUS_IS_OK(status
)) {
1351 reply_nterror(req
, status
);
1355 if (create_options
& FILE_OPEN_BY_FILE_ID
) {
1356 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
1361 * Get the file name.
1364 if(root_dir_fid
!= 0) {
1366 * This filename is relative to a directory fid.
1368 char *parent_fname
= NULL
;
1370 files_struct
*dir_fsp
= file_fsp(root_dir_fid
);
1373 reply_doserror(req
, ERRDOS
, ERRbadfid
);
1377 if(!dir_fsp
->is_directory
) {
1380 * Check to see if this is a mac fork of some kind.
1383 if( is_ntfs_stream_name(fname
)) {
1385 NT_STATUS_OBJECT_PATH_NOT_FOUND
);
1390 we need to handle the case when we get a
1391 relative open relative to a file and the
1392 pathname is blank - this is a reopen!
1393 (hint from demyn plantenberg)
1396 reply_doserror(req
, ERRDOS
, ERRbadfid
);
1400 if (ISDOT(dir_fsp
->fsp_name
)) {
1402 * We're at the toplevel dir, the final file name
1403 * must not contain ./, as this is filtered out
1404 * normally by srvstr_get_path and unix_convert
1405 * explicitly rejects paths containing ./.
1407 parent_fname
= talloc_strdup(ctx
,"");
1408 if (!parent_fname
) {
1409 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1413 size_t dir_name_len
= strlen(dir_fsp
->fsp_name
);
1416 * Copy in the base directory name.
1419 parent_fname
= TALLOC_ARRAY(ctx
, char, dir_name_len
+2);
1421 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1424 memcpy(parent_fname
, dir_fsp
->fsp_name
,
1428 * Ensure it ends in a '/'.
1429 * We used TALLOC_SIZE +2 to add space for the '/'.
1433 && (parent_fname
[dir_name_len
-1] != '\\')
1434 && (parent_fname
[dir_name_len
-1] != '/')) {
1435 parent_fname
[dir_name_len
] = '/';
1436 parent_fname
[dir_name_len
+1] = '\0';
1440 tmp
= talloc_asprintf(ctx
, "%s%s", parent_fname
, fname
);
1442 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
1443 END_PROFILE(SMBntcreateX
);
1450 * Check to see if this is a mac fork of some kind.
1453 if( is_ntfs_stream_name(fname
)) {
1454 reply_nterror(req
, NT_STATUS_OBJECT_PATH_NOT_FOUND
);
1459 oplock_request
= (flags
& REQUEST_OPLOCK
) ? EXCLUSIVE_OPLOCK
: 0;
1460 if (oplock_request
) {
1461 oplock_request
|= (flags
& REQUEST_BATCH_OPLOCK
) ? BATCH_OPLOCK
: 0;
1465 * Ordinary file or directory.
1469 * Check if POSIX semantics are wanted.
1472 if (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
1473 case_state
= set_posix_case_semantics(NULL
, conn
);
1474 file_attributes
&= ~FILE_FLAG_POSIX_SEMANTICS
;
1477 status
= resolve_dfspath(ctx
, conn
,
1478 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
1481 if (!NT_STATUS_IS_OK(status
)) {
1482 TALLOC_FREE(case_state
);
1483 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
1484 reply_botherror(req
, NT_STATUS_PATH_NOT_COVERED
,
1485 ERRSRV
, ERRbadpath
);
1488 reply_nterror(req
, status
);
1492 status
= unix_convert(ctx
, conn
, fname
, False
, &fname
, NULL
, &sbuf
);
1493 if (!NT_STATUS_IS_OK(status
)) {
1494 TALLOC_FREE(case_state
);
1495 reply_nterror(req
, status
);
1498 /* All file access must go through check_name() */
1499 status
= check_name(conn
, fname
);
1500 if (!NT_STATUS_IS_OK(status
)) {
1501 TALLOC_FREE(case_state
);
1502 reply_nterror(req
, status
);
1506 /* This is the correct thing to do (check every time) but can_delete is
1507 expensive (it may have to read the parent directory permissions). So
1508 for now we're not doing it unless we have a strong hint the client
1509 is really going to delete this file. If the client is forcing FILE_CREATE
1510 let the filesystem take care of the permissions. */
1512 /* Setting FILE_SHARE_DELETE is the hint. */
1514 if (lp_acl_check_permissions(SNUM(conn
))
1515 && (create_disposition
!= FILE_CREATE
)
1516 && (share_access
& FILE_SHARE_DELETE
)
1517 && (access_mask
& DELETE_ACCESS
)) {
1518 if (((dos_mode(conn
, fname
, &sbuf
) & FILE_ATTRIBUTE_READONLY
)
1519 && !lp_delete_readonly(SNUM(conn
))) ||
1520 !can_delete_file_in_directory(conn
, fname
)) {
1521 TALLOC_FREE(case_state
);
1522 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1528 /* We need to support SeSecurityPrivilege for this. */
1529 if ((access_mask
& SEC_RIGHT_SYSTEM_SECURITY
) &&
1530 !user_has_privileges(current_user
.nt_user_token
,
1532 TALLOC_FREE(case_state
);
1533 reply_nterror(req
, NT_STATUS_PRIVILEGE_NOT_HELD
);
1539 pdata
= data
+ sd_len
;
1541 /* We have already checked that ea_len <= data_count here. */
1542 ea_list
= read_nttrans_ea_list(talloc_tos(), pdata
,
1545 TALLOC_FREE(case_state
);
1546 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1552 * If it's a request for a directory open, deal with it separately.
1555 if(create_options
& FILE_DIRECTORY_FILE
) {
1557 /* Can't open a temp directory. IFS kit test. */
1558 if (file_attributes
& FILE_ATTRIBUTE_TEMPORARY
) {
1559 TALLOC_FREE(case_state
);
1560 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1565 * We will get a create directory here if the Win32
1566 * app specified a security descriptor in the
1567 * CreateDirectory() call.
1571 status
= open_directory(conn
, req
, fname
, &sbuf
,
1581 * Ordinary file case.
1584 status
= open_file_ntcreate(conn
,req
,fname
,&sbuf
,
1593 if (NT_STATUS_EQUAL(status
, NT_STATUS_FILE_IS_A_DIRECTORY
)) {
1596 * Fail the open if it was explicitly a non-directory file.
1599 if (create_options
& FILE_NON_DIRECTORY_FILE
) {
1600 TALLOC_FREE(case_state
);
1601 reply_force_nterror(
1603 NT_STATUS_FILE_IS_A_DIRECTORY
);
1608 status
= open_directory(conn
, req
, fname
,
1619 TALLOC_FREE(case_state
);
1621 if(!NT_STATUS_IS_OK(status
)) {
1622 if (open_was_deferred(req
->mid
)) {
1623 /* We have re-scheduled this call. */
1626 reply_openerror(req
, status
);
1631 * According to the MS documentation, the only time the security
1632 * descriptor is applied to the opened file is iff we *created* the
1633 * file; an existing file stays the same.
1635 * Also, it seems (from observation) that you can open the file with
1636 * any access mask but you can still write the sd. We need to override
1637 * the granted access before we call set_sd
1638 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
1641 if (lp_nt_acl_support(SNUM(conn
)) && sd_len
&& info
== FILE_WAS_CREATED
) {
1642 uint32 saved_access_mask
= fsp
->access_mask
;
1644 /* We have already checked that sd_len <= data_count here. */
1646 fsp
->access_mask
= FILE_GENERIC_ALL
;
1648 status
= set_sd( fsp
, data
, sd_len
, ALL_SECURITY_INFORMATION
);
1649 if (!NT_STATUS_IS_OK(status
)) {
1650 close_file(fsp
,ERROR_CLOSE
);
1651 TALLOC_FREE(case_state
);
1652 reply_nterror(req
, status
);
1655 fsp
->access_mask
= saved_access_mask
;
1658 if (ea_len
&& (info
== FILE_WAS_CREATED
)) {
1659 status
= set_ea(conn
, fsp
, fname
, ea_list
);
1660 if (!NT_STATUS_IS_OK(status
)) {
1661 close_file(fsp
,ERROR_CLOSE
);
1662 TALLOC_FREE(case_state
);
1663 reply_nterror(req
, status
);
1668 TALLOC_FREE(case_state
);
1670 file_len
= sbuf
.st_size
;
1671 fattr
= dos_mode(conn
,fname
,&sbuf
);
1673 fattr
= FILE_ATTRIBUTE_NORMAL
;
1675 if (!fsp
->is_directory
&& (fattr
& aDIR
)) {
1676 close_file(fsp
,ERROR_CLOSE
);
1677 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
1681 /* Save the requested allocation size. */
1682 if ((info
== FILE_WAS_CREATED
) || (info
== FILE_WAS_OVERWRITTEN
)) {
1683 if (allocation_size
&& (allocation_size
> file_len
)) {
1684 fsp
->initial_allocation_size
= smb_roundup(fsp
->conn
, allocation_size
);
1685 if (fsp
->is_directory
) {
1686 close_file(fsp
,ERROR_CLOSE
);
1687 /* Can't set allocation size on a directory. */
1688 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
1691 if (vfs_allocate_file_space(fsp
, fsp
->initial_allocation_size
) == -1) {
1692 close_file(fsp
,ERROR_CLOSE
);
1693 reply_nterror(req
, NT_STATUS_DISK_FULL
);
1697 fsp
->initial_allocation_size
= smb_roundup(fsp
->conn
, (SMB_BIG_UINT
)file_len
);
1702 * If the caller set the extended oplock request bit
1703 * and we granted one (by whatever means) - set the
1704 * correct bit for extended oplock reply.
1707 if (oplock_request
&& lp_fake_oplocks(SNUM(conn
))) {
1708 extended_oplock_granted
= True
;
1711 if(oplock_request
&& EXCLUSIVE_OPLOCK_TYPE(fsp
->oplock_type
)) {
1712 extended_oplock_granted
= True
;
1715 /* Realloc the size of parameters and data we will return */
1716 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1717 /* Extended response is 32 more byyes. */
1722 params
= nttrans_realloc(ppparams
, param_len
);
1723 if(params
== NULL
) {
1724 reply_doserror(req
, ERRDOS
, ERRnomem
);
1729 if (extended_oplock_granted
) {
1730 if (flags
& REQUEST_BATCH_OPLOCK
) {
1731 SCVAL(p
,0, BATCH_OPLOCK_RETURN
);
1733 SCVAL(p
,0, EXCLUSIVE_OPLOCK_RETURN
);
1735 } else if (fsp
->oplock_type
== LEVEL_II_OPLOCK
) {
1736 SCVAL(p
,0, LEVEL_II_OPLOCK_RETURN
);
1738 SCVAL(p
,0,NO_OPLOCK_RETURN
);
1742 SSVAL(p
,0,fsp
->fnum
);
1744 if ((create_disposition
== FILE_SUPERSEDE
) && (info
== FILE_WAS_OVERWRITTEN
)) {
1745 SIVAL(p
,0,FILE_WAS_SUPERSEDED
);
1752 c_timespec
= get_create_timespec(&sbuf
,lp_fake_dir_create_times(SNUM(conn
)));
1753 a_timespec
= get_atimespec(&sbuf
);
1754 m_timespec
= get_mtimespec(&sbuf
);
1756 if (lp_dos_filetime_resolution(SNUM(conn
))) {
1757 dos_filetime_timespec(&c_timespec
);
1758 dos_filetime_timespec(&a_timespec
);
1759 dos_filetime_timespec(&m_timespec
);
1762 put_long_date_timespec(p
, c_timespec
); /* create time. */
1764 put_long_date_timespec(p
, a_timespec
); /* access time */
1766 put_long_date_timespec(p
, m_timespec
); /* write time */
1768 put_long_date_timespec(p
, m_timespec
); /* change time */
1770 SIVAL(p
,0,fattr
); /* File Attributes. */
1772 SOFF_T(p
, 0, get_allocation_size(conn
,fsp
,&sbuf
));
1774 SOFF_T(p
,0,file_len
);
1776 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1780 SCVAL(p
,0,fsp
->is_directory
? 1 : 0);
1782 if (flags
& EXTENDED_RESPONSE_REQUIRED
) {
1785 if (fsp
->is_directory
|| can_write_to_file(conn
, fname
, &sbuf
)) {
1786 perms
= FILE_GENERIC_ALL
;
1788 perms
= FILE_GENERIC_READ
|FILE_EXECUTE
;
1793 DEBUG(5,("call_nt_transact_create: open name = %s\n", fname
));
1795 /* Send the required number of replies */
1796 send_nt_replies(req
, NT_STATUS_OK
, params
, param_len
, *ppdata
, 0);
1801 /****************************************************************************
1802 Reply to a NT CANCEL request.
1803 conn POINTER CAN BE NULL HERE !
1804 ****************************************************************************/
1806 void reply_ntcancel(connection_struct
*conn
, struct smb_request
*req
)
1809 * Go through and cancel any pending change notifies.
1812 START_PROFILE(SMBntcancel
);
1813 remove_pending_change_notify_requests_by_mid(req
->mid
);
1814 remove_pending_lock_requests_by_mid(req
->mid
);
1815 srv_cancel_sign_response(req
->mid
);
1817 DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", req
->mid
));
1819 END_PROFILE(SMBntcancel
);
1823 /****************************************************************************
1825 ****************************************************************************/
1827 static NTSTATUS
copy_internals(TALLOC_CTX
*ctx
,
1828 connection_struct
*conn
,
1829 struct smb_request
*req
,
1830 const char *oldname_in
,
1831 const char *newname_in
,
1834 SMB_STRUCT_STAT sbuf1
, sbuf2
;
1835 char *oldname
= NULL
;
1836 char *newname
= NULL
;
1837 char *last_component_oldname
= NULL
;
1838 char *last_component_newname
= NULL
;
1839 files_struct
*fsp1
,*fsp2
;
1843 NTSTATUS status
= NT_STATUS_OK
;
1848 if (!CAN_WRITE(conn
)) {
1849 return NT_STATUS_MEDIA_WRITE_PROTECTED
;
1852 status
= unix_convert(ctx
, conn
, oldname_in
, False
, &oldname
,
1853 &last_component_oldname
, &sbuf1
);
1854 if (!NT_STATUS_IS_OK(status
)) {
1858 status
= check_name(conn
, oldname
);
1859 if (!NT_STATUS_IS_OK(status
)) {
1863 /* Source must already exist. */
1864 if (!VALID_STAT(sbuf1
)) {
1865 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1867 /* Ensure attributes match. */
1868 fattr
= dos_mode(conn
,oldname
,&sbuf1
);
1869 if ((fattr
& ~attrs
) & (aHIDDEN
| aSYSTEM
)) {
1870 return NT_STATUS_NO_SUCH_FILE
;
1873 status
= unix_convert(ctx
, conn
, newname_in
, False
, &newname
,
1874 &last_component_newname
, &sbuf2
);
1875 if (!NT_STATUS_IS_OK(status
)) {
1879 status
= check_name(conn
, newname
);
1880 if (!NT_STATUS_IS_OK(status
)) {
1884 /* Disallow if newname already exists. */
1885 if (VALID_STAT(sbuf2
)) {
1886 return NT_STATUS_OBJECT_NAME_COLLISION
;
1889 /* No links from a directory. */
1890 if (S_ISDIR(sbuf1
.st_mode
)) {
1891 return NT_STATUS_FILE_IS_A_DIRECTORY
;
1894 /* Ensure this is within the share. */
1895 status
= check_reduced_name(conn
, oldname
);
1896 if (!NT_STATUS_IS_OK(status
)) {
1900 DEBUG(10,("copy_internals: doing file copy %s to %s\n",
1903 status
= open_file_ntcreate(conn
, req
, oldname
, &sbuf1
,
1904 FILE_READ_DATA
, /* Read-only. */
1905 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
,
1907 0, /* No create options. */
1908 FILE_ATTRIBUTE_NORMAL
,
1912 if (!NT_STATUS_IS_OK(status
)) {
1916 status
= open_file_ntcreate(conn
, req
, newname
, &sbuf2
,
1917 FILE_WRITE_DATA
, /* Read-only. */
1918 FILE_SHARE_READ
|FILE_SHARE_WRITE
|FILE_SHARE_DELETE
,
1920 0, /* No create options. */
1925 if (!NT_STATUS_IS_OK(status
)) {
1926 close_file(fsp1
,ERROR_CLOSE
);
1930 if (sbuf1
.st_size
) {
1931 ret
= vfs_transfer_file(fsp1
, fsp2
, sbuf1
.st_size
);
1935 * As we are opening fsp1 read-only we only expect
1936 * an error on close on fsp2 if we are out of space.
1937 * Thus we don't look at the error return from the
1940 close_file(fsp1
,NORMAL_CLOSE
);
1942 /* Ensure the modtime is set correctly on the destination file. */
1943 fsp_set_pending_modtime(fsp2
, get_mtimespec(&sbuf1
));
1945 status
= close_file(fsp2
,NORMAL_CLOSE
);
1947 /* Grrr. We have to do this as open_file_ntcreate adds aARCH when it
1948 creates the file. This isn't the correct thing to do in the copy
1950 file_set_dosmode(conn
, newname
, fattr
, &sbuf2
,
1951 parent_dirname(newname
),false);
1953 if (ret
< (SMB_OFF_T
)sbuf1
.st_size
) {
1954 return NT_STATUS_DISK_FULL
;
1957 if (!NT_STATUS_IS_OK(status
)) {
1958 DEBUG(3,("copy_internals: Error %s copy file %s to %s\n",
1959 nt_errstr(status
), oldname
, newname
));
1964 /****************************************************************************
1965 Reply to a NT rename request.
1966 ****************************************************************************/
1968 void reply_ntrename(connection_struct
*conn
, struct smb_request
*req
)
1970 char *oldname
= NULL
;
1971 char *newname
= NULL
;
1974 bool src_has_wcard
= False
;
1975 bool dest_has_wcard
= False
;
1978 TALLOC_CTX
*ctx
= talloc_tos();
1980 START_PROFILE(SMBntrename
);
1983 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
1984 END_PROFILE(SMBntrename
);
1988 attrs
= SVAL(req
->inbuf
,smb_vwv0
);
1989 rename_type
= SVAL(req
->inbuf
,smb_vwv1
);
1991 p
= smb_buf(req
->inbuf
) + 1;
1992 p
+= srvstr_get_path_wcard(ctx
, (char *)req
->inbuf
, req
->flags2
, &oldname
, p
,
1993 0, STR_TERMINATE
, &status
,
1995 if (!NT_STATUS_IS_OK(status
)) {
1996 reply_nterror(req
, status
);
1997 END_PROFILE(SMBntrename
);
2001 if( is_ntfs_stream_name(oldname
)) {
2002 /* Can't rename a stream. */
2003 reply_nterror(req
, NT_STATUS_ACCESS_DENIED
);
2004 END_PROFILE(SMBntrename
);
2008 if (ms_has_wild(oldname
)) {
2009 reply_nterror(req
, NT_STATUS_OBJECT_PATH_SYNTAX_BAD
);
2010 END_PROFILE(SMBntrename
);
2015 p
+= srvstr_get_path_wcard(ctx
, (char *)req
->inbuf
, req
->flags2
, &newname
, p
,
2016 0, STR_TERMINATE
, &status
,
2018 if (!NT_STATUS_IS_OK(status
)) {
2019 reply_nterror(req
, status
);
2020 END_PROFILE(SMBntrename
);
2024 status
= resolve_dfspath(ctx
, conn
,
2025 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
2028 if (!NT_STATUS_IS_OK(status
)) {
2029 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
2030 reply_botherror(req
, NT_STATUS_PATH_NOT_COVERED
,
2031 ERRSRV
, ERRbadpath
);
2032 END_PROFILE(SMBntrename
);
2035 reply_nterror(req
, status
);
2036 END_PROFILE(SMBntrename
);
2040 status
= resolve_dfspath(ctx
, conn
,
2041 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
2044 if (!NT_STATUS_IS_OK(status
)) {
2045 if (NT_STATUS_EQUAL(status
,NT_STATUS_PATH_NOT_COVERED
)) {
2046 reply_botherror(req
, NT_STATUS_PATH_NOT_COVERED
,
2047 ERRSRV
, ERRbadpath
);
2048 END_PROFILE(SMBntrename
);
2051 reply_nterror(req
, status
);
2052 END_PROFILE(SMBntrename
);
2056 DEBUG(3,("reply_ntrename : %s -> %s\n",oldname
,newname
));
2058 switch(rename_type
) {
2059 case RENAME_FLAG_RENAME
:
2060 status
= rename_internals(ctx
, conn
, req
, oldname
,
2061 newname
, attrs
, False
, src_has_wcard
,
2064 case RENAME_FLAG_HARD_LINK
:
2065 if (src_has_wcard
|| dest_has_wcard
) {
2067 status
= NT_STATUS_OBJECT_PATH_SYNTAX_BAD
;
2069 status
= hardlink_internals(ctx
,
2075 case RENAME_FLAG_COPY
:
2076 if (src_has_wcard
|| dest_has_wcard
) {
2078 status
= NT_STATUS_OBJECT_PATH_SYNTAX_BAD
;
2080 status
= copy_internals(ctx
, conn
, req
, oldname
,
2084 case RENAME_FLAG_MOVE_CLUSTER_INFORMATION
:
2085 status
= NT_STATUS_INVALID_PARAMETER
;
2088 status
= NT_STATUS_ACCESS_DENIED
; /* Default error. */
2092 if (!NT_STATUS_IS_OK(status
)) {
2093 if (open_was_deferred(req
->mid
)) {
2094 /* We have re-scheduled this call. */
2095 END_PROFILE(SMBntrename
);
2099 reply_nterror(req
, status
);
2100 END_PROFILE(SMBntrename
);
2104 reply_outbuf(req
, 0, 0);
2106 END_PROFILE(SMBntrename
);
2110 /****************************************************************************
2111 Reply to a notify change - queue the request and
2112 don't allow a directory to be opened.
2113 ****************************************************************************/
2115 static void call_nt_transact_notify_change(connection_struct
*conn
,
2116 struct smb_request
*req
,
2120 uint32 parameter_count
,
2121 char **ppdata
, uint32 data_count
,
2122 uint32 max_data_count
,
2123 uint32 max_param_count
)
2125 uint16
*setup
= *ppsetup
;
2131 if(setup_count
< 6) {
2132 reply_doserror(req
, ERRDOS
, ERRbadfunc
);
2136 fsp
= file_fsp(SVAL(setup
,4));
2137 filter
= IVAL(setup
, 0);
2138 recursive
= (SVAL(setup
, 6) != 0) ? True
: False
;
2140 DEBUG(3,("call_nt_transact_notify_change\n"));
2143 reply_doserror(req
, ERRDOS
, ERRbadfid
);
2148 char *filter_string
;
2150 if (!(filter_string
= notify_filter_string(NULL
, filter
))) {
2151 reply_nterror(req
,NT_STATUS_NO_MEMORY
);
2155 DEBUG(3,("call_nt_transact_notify_change: notify change "
2156 "called on %s, filter = %s, recursive = %d\n",
2157 fsp
->fsp_name
, filter_string
, recursive
));
2159 TALLOC_FREE(filter_string
);
2162 if((!fsp
->is_directory
) || (conn
!= fsp
->conn
)) {
2163 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2167 if (fsp
->notify
== NULL
) {
2169 status
= change_notify_create(fsp
, filter
, recursive
);
2171 if (!NT_STATUS_IS_OK(status
)) {
2172 DEBUG(10, ("change_notify_create returned %s\n",
2173 nt_errstr(status
)));
2174 reply_nterror(req
, status
);
2179 if (fsp
->notify
->num_changes
!= 0) {
2182 * We've got changes pending, respond immediately
2186 * TODO: write a torture test to check the filtering behaviour
2190 change_notify_reply(req
->inbuf
, max_param_count
, fsp
->notify
);
2193 * change_notify_reply() above has independently sent its
2200 * No changes pending, queue the request
2203 status
= change_notify_add_request(req
->inbuf
, max_param_count
, filter
,
2205 if (!NT_STATUS_IS_OK(status
)) {
2206 reply_nterror(req
, status
);
2211 /****************************************************************************
2212 Reply to an NT transact rename command.
2213 ****************************************************************************/
2215 static void call_nt_transact_rename(connection_struct
*conn
,
2216 struct smb_request
*req
,
2217 uint16
**ppsetup
, uint32 setup_count
,
2218 char **ppparams
, uint32 parameter_count
,
2219 char **ppdata
, uint32 data_count
,
2220 uint32 max_data_count
)
2222 char *params
= *ppparams
;
2223 char *new_name
= NULL
;
2224 files_struct
*fsp
= NULL
;
2225 bool replace_if_exists
= False
;
2226 bool dest_has_wcard
= False
;
2228 TALLOC_CTX
*ctx
= talloc_tos();
2230 if(parameter_count
< 5) {
2231 reply_doserror(req
, ERRDOS
, ERRbadfunc
);
2235 fsp
= file_fsp(SVAL(params
, 0));
2236 replace_if_exists
= (SVAL(params
,2) & RENAME_REPLACE_IF_EXISTS
) ? True
: False
;
2237 if (!check_fsp(conn
, req
, fsp
, ¤t_user
)) {
2240 srvstr_get_path_wcard(ctx
, params
, req
->flags2
, &new_name
, params
+4,
2241 parameter_count
- 4,
2242 STR_TERMINATE
, &status
, &dest_has_wcard
);
2243 if (!NT_STATUS_IS_OK(status
)) {
2244 reply_nterror(req
, status
);
2248 status
= rename_internals(ctx
,
2258 if (!NT_STATUS_IS_OK(status
)) {
2259 if (open_was_deferred(req
->mid
)) {
2260 /* We have re-scheduled this call. */
2263 reply_nterror(req
, status
);
2268 * Rename was successful.
2270 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2272 DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n",
2273 fsp
->fsp_name
, new_name
));
2278 /******************************************************************************
2279 Fake up a completely empty SD.
2280 *******************************************************************************/
2282 static NTSTATUS
get_null_nt_acl(TALLOC_CTX
*mem_ctx
, SEC_DESC
**ppsd
)
2286 *ppsd
= make_standard_sec_desc( mem_ctx
, &global_sid_World
, &global_sid_World
, NULL
, &sd_size
);
2288 DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
2289 return NT_STATUS_NO_MEMORY
;
2292 return NT_STATUS_OK
;
2295 /****************************************************************************
2296 Reply to query a security descriptor.
2297 ****************************************************************************/
2299 static void call_nt_transact_query_security_desc(connection_struct
*conn
,
2300 struct smb_request
*req
,
2304 uint32 parameter_count
,
2307 uint32 max_data_count
)
2309 char *params
= *ppparams
;
2310 char *data
= *ppdata
;
2312 SEC_DESC
*psd
= NULL
;
2314 uint32 security_info_wanted
;
2315 TALLOC_CTX
*mem_ctx
;
2316 files_struct
*fsp
= NULL
;
2319 if(parameter_count
< 8) {
2320 reply_doserror(req
, ERRDOS
, ERRbadfunc
);
2324 fsp
= file_fsp(SVAL(params
,0));
2326 reply_doserror(req
, ERRDOS
, ERRbadfid
);
2330 security_info_wanted
= IVAL(params
,4);
2332 DEBUG(3,("call_nt_transact_query_security_desc: file = %s, info_wanted = 0x%x\n", fsp
->fsp_name
,
2333 (unsigned int)security_info_wanted
));
2335 params
= nttrans_realloc(ppparams
, 4);
2336 if(params
== NULL
) {
2337 reply_doserror(req
, ERRDOS
, ERRnomem
);
2341 if ((mem_ctx
= talloc_init("call_nt_transact_query_security_desc")) == NULL
) {
2342 DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
2343 reply_doserror(req
, ERRDOS
, ERRnomem
);
2348 * Get the permissions to return.
2351 if (!lp_nt_acl_support(SNUM(conn
))) {
2352 status
= get_null_nt_acl(mem_ctx
, &psd
);
2354 status
= SMB_VFS_FGET_NT_ACL(fsp
, fsp
->fh
->fd
,
2355 security_info_wanted
, &psd
);
2358 if (!NT_STATUS_IS_OK(status
)) {
2359 talloc_destroy(mem_ctx
);
2360 reply_nterror(req
, status
);
2364 sd_size
= sec_desc_size(psd
);
2366 DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size
));
2368 SIVAL(params
,0,(uint32
)sd_size
);
2370 if(max_data_count
< sd_size
) {
2372 send_nt_replies(req
, NT_STATUS_BUFFER_TOO_SMALL
,
2373 params
, 4, *ppdata
, 0);
2374 talloc_destroy(mem_ctx
);
2379 * Allocate the data we will point this at.
2382 data
= nttrans_realloc(ppdata
, sd_size
);
2384 talloc_destroy(mem_ctx
);
2385 reply_doserror(req
, ERRDOS
, ERRnomem
);
2390 * Init the parse struct we will marshall into.
2393 prs_init(&pd
, 0, mem_ctx
, MARSHALL
);
2396 * Setup the prs_struct to point at the memory we just
2400 prs_give_memory( &pd
, data
, (uint32
)sd_size
, False
);
2403 * Finally, linearize into the outgoing buffer.
2406 if(!sec_io_desc( "sd data", &psd
, &pd
, 1)) {
2407 DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \
2408 security descriptor.\n"));
2410 * Return access denied for want of a better error message..
2412 talloc_destroy(mem_ctx
);
2413 reply_unixerror(req
, ERRDOS
, ERRnoaccess
);
2418 * Now we can delete the security descriptor.
2421 talloc_destroy(mem_ctx
);
2423 send_nt_replies(req
, NT_STATUS_OK
, params
, 4, data
, (int)sd_size
);
2427 /****************************************************************************
2428 Reply to set a security descriptor. Map to UNIX perms or POSIX ACLs.
2429 ****************************************************************************/
2431 static void call_nt_transact_set_security_desc(connection_struct
*conn
,
2432 struct smb_request
*req
,
2436 uint32 parameter_count
,
2439 uint32 max_data_count
)
2441 char *params
= *ppparams
;
2442 char *data
= *ppdata
;
2443 files_struct
*fsp
= NULL
;
2444 uint32 security_info_sent
= 0;
2447 if(parameter_count
< 8) {
2448 reply_doserror(req
, ERRDOS
, ERRbadfunc
);
2452 if((fsp
= file_fsp(SVAL(params
,0))) == NULL
) {
2453 reply_doserror(req
, ERRDOS
, ERRbadfid
);
2457 if(!lp_nt_acl_support(SNUM(conn
))) {
2461 security_info_sent
= IVAL(params
,4);
2463 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp
->fsp_name
,
2464 (unsigned int)security_info_sent
));
2466 if (data_count
== 0) {
2467 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
2471 if (!NT_STATUS_IS_OK(nt_status
= set_sd( fsp
, data
, data_count
, security_info_sent
))) {
2472 reply_nterror(req
, nt_status
);
2478 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2482 /****************************************************************************
2484 ****************************************************************************/
2486 static void call_nt_transact_ioctl(connection_struct
*conn
,
2487 struct smb_request
*req
,
2488 uint16
**ppsetup
, uint32 setup_count
,
2489 char **ppparams
, uint32 parameter_count
,
2490 char **ppdata
, uint32 data_count
,
2491 uint32 max_data_count
)
2498 static bool logged_message
;
2499 char *pdata
= *ppdata
;
2501 if (setup_count
!= 8) {
2502 DEBUG(3,("call_nt_transact_ioctl: invalid setup count %d\n", setup_count
));
2503 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2507 function
= IVAL(*ppsetup
, 0);
2508 fidnum
= SVAL(*ppsetup
, 4);
2509 isFSctl
= CVAL(*ppsetup
, 6);
2510 compfilter
= CVAL(*ppsetup
, 7);
2512 DEBUG(10,("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n",
2513 function
, fidnum
, isFSctl
, compfilter
));
2515 fsp
=file_fsp(fidnum
);
2516 /* this check is done in each implemented function case for now
2517 because I don't want to break anything... --metze
2518 FSP_BELONGS_CONN(fsp,conn);*/
2521 case FSCTL_SET_SPARSE
:
2522 /* pretend this succeeded - tho strictly we should
2523 mark the file sparse (if the local fs supports it)
2524 so we can know if we need to pre-allocate or not */
2526 DEBUG(10,("FSCTL_SET_SPARSE: called on FID[0x%04X](but not implemented)\n", fidnum
));
2527 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2530 case FSCTL_CREATE_OR_GET_OBJECT_ID
:
2532 unsigned char objid
[16];
2534 /* This should return the object-id on this file.
2535 * I think I'll make this be the inode+dev. JRA.
2538 DEBUG(10,("FSCTL_CREATE_OR_GET_OBJECT_ID: called on FID[0x%04X]\n",fidnum
));
2540 if (!fsp_belongs_conn(conn
, req
, fsp
, ¤t_user
)) {
2545 pdata
= nttrans_realloc(ppdata
, data_count
);
2546 if (pdata
== NULL
) {
2547 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2550 push_file_id_16(pdata
, &fsp
->file_id
);
2551 memcpy(pdata
+16,create_volume_objectid(conn
,objid
),16);
2552 push_file_id_16(pdata
+32, &fsp
->file_id
);
2553 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0,
2558 case FSCTL_GET_REPARSE_POINT
:
2559 /* pretend this fail - my winXP does it like this
2563 DEBUG(10,("FSCTL_GET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum
));
2564 reply_nterror(req
, NT_STATUS_NOT_A_REPARSE_POINT
);
2567 case FSCTL_SET_REPARSE_POINT
:
2568 /* pretend this fail - I'm assuming this because of the FSCTL_GET_REPARSE_POINT case.
2572 DEBUG(10,("FSCTL_SET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum
));
2573 reply_nterror(req
, NT_STATUS_NOT_A_REPARSE_POINT
);
2576 case FSCTL_GET_SHADOW_COPY_DATA
: /* don't know if this name is right...*/
2579 * This is called to retrieve the number of Shadow Copies (a.k.a. snapshots)
2580 * and return their volume names. If max_data_count is 16, then it is just
2581 * asking for the number of volumes and length of the combined names.
2583 * pdata is the data allocated by our caller, but that uses
2584 * total_data_count (which is 0 in our case) rather than max_data_count.
2585 * Allocate the correct amount and return the pointer to let
2586 * it be deallocated when we return.
2588 SHADOW_COPY_DATA
*shadow_data
= NULL
;
2589 TALLOC_CTX
*shadow_mem_ctx
= NULL
;
2590 bool labels
= False
;
2591 uint32 labels_data_count
= 0;
2595 if (!fsp_belongs_conn(conn
, req
, fsp
, ¤t_user
)) {
2599 if (max_data_count
< 16) {
2600 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) < 16 is invalid!\n",
2602 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
2606 if (max_data_count
> 16) {
2610 shadow_mem_ctx
= talloc_init("SHADOW_COPY_DATA");
2611 if (shadow_mem_ctx
== NULL
) {
2612 DEBUG(0,("talloc_init(SHADOW_COPY_DATA) failed!\n"));
2613 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2617 shadow_data
= TALLOC_ZERO_P(shadow_mem_ctx
,SHADOW_COPY_DATA
);
2618 if (shadow_data
== NULL
) {
2619 DEBUG(0,("TALLOC_ZERO() failed!\n"));
2620 talloc_destroy(shadow_mem_ctx
);
2621 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2625 shadow_data
->mem_ctx
= shadow_mem_ctx
;
2628 * Call the VFS routine to actually do the work.
2630 if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp
, shadow_data
, labels
)!=0) {
2631 talloc_destroy(shadow_data
->mem_ctx
);
2632 if (errno
== ENOSYS
) {
2633 DEBUG(5,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, not supported.\n",
2634 conn
->connectpath
));
2635 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2638 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, failed.\n",
2639 conn
->connectpath
));
2640 reply_nterror(req
, NT_STATUS_UNSUCCESSFUL
);
2645 labels_data_count
= (shadow_data
->num_volumes
*2*sizeof(SHADOW_COPY_LABEL
))+2;
2650 data_count
= 12+labels_data_count
+4;
2653 if (max_data_count
<data_count
) {
2654 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) too small (%u) bytes needed!\n",
2655 max_data_count
,data_count
));
2656 talloc_destroy(shadow_data
->mem_ctx
);
2657 reply_nterror(req
, NT_STATUS_BUFFER_TOO_SMALL
);
2661 pdata
= nttrans_realloc(ppdata
, data_count
);
2662 if (pdata
== NULL
) {
2663 talloc_destroy(shadow_data
->mem_ctx
);
2664 reply_nterror(req
, NT_STATUS_NO_MEMORY
);
2670 /* num_volumes 4 bytes */
2671 SIVAL(pdata
,0,shadow_data
->num_volumes
);
2674 /* num_labels 4 bytes */
2675 SIVAL(pdata
,4,shadow_data
->num_volumes
);
2678 /* needed_data_count 4 bytes */
2679 SIVAL(pdata
,8,labels_data_count
);
2683 DEBUG(10,("FSCTL_GET_SHADOW_COPY_DATA: %u volumes for path[%s].\n",
2684 shadow_data
->num_volumes
,fsp
->fsp_name
));
2685 if (labels
&& shadow_data
->labels
) {
2686 for (i
=0;i
<shadow_data
->num_volumes
;i
++) {
2687 srvstr_push(pdata
, req
->flags2
,
2688 cur_pdata
, shadow_data
->labels
[i
],
2689 2*sizeof(SHADOW_COPY_LABEL
),
2690 STR_UNICODE
|STR_TERMINATE
);
2691 cur_pdata
+=2*sizeof(SHADOW_COPY_LABEL
);
2692 DEBUGADD(10,("Label[%u]: '%s'\n",i
,shadow_data
->labels
[i
]));
2696 talloc_destroy(shadow_data
->mem_ctx
);
2698 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0,
2704 case FSCTL_FIND_FILES_BY_SID
: /* I hope this name is right */
2706 /* pretend this succeeded -
2708 * we have to send back a list with all files owned by this SID
2710 * but I have to check that --metze
2714 size_t sid_len
= MIN(data_count
-4,SID_MAX_SIZE
);
2716 DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum
));
2718 if (!fsp_belongs_conn(conn
, req
, fsp
, ¤t_user
)) {
2722 /* unknown 4 bytes: this is not the length of the sid :-( */
2723 /*unknown = IVAL(pdata,0);*/
2725 sid_parse(pdata
+4,sid_len
,&sid
);
2726 DEBUGADD(10,("for SID: %s\n",sid_string_static(&sid
)));
2728 if (!sid_to_uid(&sid
, &uid
)) {
2729 DEBUG(0,("sid_to_uid: failed, sid[%s] sid_len[%lu]\n",
2730 sid_string_static(&sid
),(unsigned long)sid_len
));
2734 /* we can take a look at the find source :-)
2736 * find ./ -uid $uid -name '*' is what we need here
2739 * and send 4bytes len and then NULL terminated unicode strings
2742 * but I don't know how to deal with the paged results
2743 * (maybe we can hang the result anywhere in the fsp struct)
2745 * we don't send all files at once
2746 * and at the next we should *not* start from the beginning,
2747 * so we have to cache the result
2752 /* this works for now... */
2753 send_nt_replies(req
, NT_STATUS_OK
, NULL
, 0, NULL
, 0);
2757 if (!logged_message
) {
2758 logged_message
= True
; /* Only print this once... */
2759 DEBUG(0,("call_nt_transact_ioctl(0x%x): Currently not implemented.\n",
2764 reply_nterror(req
, NT_STATUS_NOT_SUPPORTED
);
2768 #ifdef HAVE_SYS_QUOTAS
2769 /****************************************************************************
2770 Reply to get user quota
2771 ****************************************************************************/
2773 static void call_nt_transact_get_user_quota(connection_struct
*conn
,
2774 struct smb_request
*req
,
2778 uint32 parameter_count
,
2781 uint32 max_data_count
)
2783 NTSTATUS nt_status
= NT_STATUS_OK
;
2784 char *params
= *ppparams
;
2785 char *pdata
= *ppdata
;
2787 int data_len
=0,param_len
=0;
2790 files_struct
*fsp
= NULL
;
2794 bool start_enum
= True
;
2795 SMB_NTQUOTA_STRUCT qt
;
2796 SMB_NTQUOTA_LIST
*tmp_list
;
2797 SMB_NTQUOTA_HANDLE
*qt_handle
= NULL
;
2802 if (current_user
.ut
.uid
!= 0) {
2803 DEBUG(1,("get_user_quota: access_denied service [%s] user [%s]\n",
2804 lp_servicename(SNUM(conn
)),conn
->user
));
2805 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
2810 * Ensure minimum number of parameters sent.
2813 if (parameter_count
< 4) {
2814 DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count
));
2815 reply_doserror(req
, ERRDOS
, ERRinvalidparam
);
2819 /* maybe we can check the quota_fnum */
2820 fsp
= file_fsp(SVAL(params
,0));
2821 if (!CHECK_NTQUOTA_HANDLE_OK(fsp
,conn
)) {
2822 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2823 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
2827 /* the NULL pointer checking for fsp->fake_file_handle->pd
2828 * is done by CHECK_NTQUOTA_HANDLE_OK()
2830 qt_handle
= (SMB_NTQUOTA_HANDLE
*)fsp
->fake_file_handle
->pd
;
2832 level
= SVAL(params
,2);
2834 /* unknown 12 bytes leading in params */
2837 case TRANSACT_GET_USER_QUOTA_LIST_CONTINUE
:
2838 /* seems that we should continue with the enum here --metze */
2840 if (qt_handle
->quota_list
!=NULL
&&
2841 qt_handle
->tmp_list
==NULL
) {
2844 free_ntquota_list(&(qt_handle
->quota_list
));
2846 /* Realloc the size of parameters and data we will return */
2848 params
= nttrans_realloc(ppparams
, param_len
);
2849 if(params
== NULL
) {
2850 reply_doserror(req
, ERRDOS
, ERRnomem
);
2855 SIVAL(params
,0,data_len
);
2862 case TRANSACT_GET_USER_QUOTA_LIST_START
:
2864 if (qt_handle
->quota_list
==NULL
&&
2865 qt_handle
->tmp_list
==NULL
) {
2869 if (start_enum
&& vfs_get_user_ntquota_list(fsp
,&(qt_handle
->quota_list
))!=0) {
2870 reply_doserror(req
, ERRSRV
, ERRerror
);
2874 /* Realloc the size of parameters and data we will return */
2876 params
= nttrans_realloc(ppparams
, param_len
);
2877 if(params
== NULL
) {
2878 reply_doserror(req
, ERRDOS
, ERRnomem
);
2882 /* we should not trust the value in max_data_count*/
2883 max_data_count
= MIN(max_data_count
,2048);
2885 pdata
= nttrans_realloc(ppdata
, max_data_count
);/* should be max data count from client*/
2887 reply_doserror(req
, ERRDOS
, ERRnomem
);
2893 /* set params Size of returned Quota Data 4 bytes*/
2894 /* but set it later when we know it */
2896 /* for each entry push the data */
2899 qt_handle
->tmp_list
= qt_handle
->quota_list
;
2902 tmp_list
= qt_handle
->tmp_list
;
2904 for (;((tmp_list
!=NULL
)&&((qt_len
+40+SID_MAX_SIZE
)<max_data_count
));
2905 tmp_list
=tmp_list
->next
,entry
+=entry_len
,qt_len
+=entry_len
) {
2907 sid_len
= sid_size(&tmp_list
->quotas
->sid
);
2908 entry_len
= 40 + sid_len
;
2910 /* nextoffset entry 4 bytes */
2911 SIVAL(entry
,0,entry_len
);
2913 /* then the len of the SID 4 bytes */
2914 SIVAL(entry
,4,sid_len
);
2916 /* unknown data 8 bytes SMB_BIG_UINT */
2917 SBIG_UINT(entry
,8,(SMB_BIG_UINT
)0); /* this is not 0 in windows...-metze*/
2919 /* the used disk space 8 bytes SMB_BIG_UINT */
2920 SBIG_UINT(entry
,16,tmp_list
->quotas
->usedspace
);
2922 /* the soft quotas 8 bytes SMB_BIG_UINT */
2923 SBIG_UINT(entry
,24,tmp_list
->quotas
->softlim
);
2925 /* the hard quotas 8 bytes SMB_BIG_UINT */
2926 SBIG_UINT(entry
,32,tmp_list
->quotas
->hardlim
);
2928 /* and now the SID */
2929 sid_linearize(entry
+40, sid_len
, &tmp_list
->quotas
->sid
);
2932 qt_handle
->tmp_list
= tmp_list
;
2934 /* overwrite the offset of the last entry */
2935 SIVAL(entry
-entry_len
,0,0);
2937 data_len
= 4+qt_len
;
2938 /* overwrite the params quota_data_len */
2939 SIVAL(params
,0,data_len
);
2943 case TRANSACT_GET_USER_QUOTA_FOR_SID
:
2945 /* unknown 4 bytes IVAL(pdata,0) */
2947 if (data_count
< 8) {
2948 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count
,8));
2949 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
2953 sid_len
= IVAL(pdata
,4);
2954 /* Ensure this is less than 1mb. */
2955 if (sid_len
> (1024*1024)) {
2956 reply_doserror(req
, ERRDOS
, ERRnomem
);
2960 if (data_count
< 8+sid_len
) {
2961 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count
,(unsigned long)(8+sid_len
)));
2962 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
2966 data_len
= 4+40+sid_len
;
2968 if (max_data_count
< data_len
) {
2969 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: max_data_count(%d) < data_len(%d)\n",
2970 max_data_count
, data_len
));
2972 SIVAL(params
,0,data_len
);
2974 nt_status
= NT_STATUS_BUFFER_TOO_SMALL
;
2978 sid_parse(pdata
+8,sid_len
,&sid
);
2980 if (vfs_get_ntquota(fsp
, SMB_USER_QUOTA_TYPE
, &sid
, &qt
)!=0) {
2983 * we have to return zero's in all fields
2984 * instead of returning an error here
2989 /* Realloc the size of parameters and data we will return */
2991 params
= nttrans_realloc(ppparams
, param_len
);
2992 if(params
== NULL
) {
2993 reply_doserror(req
, ERRDOS
, ERRnomem
);
2997 pdata
= nttrans_realloc(ppdata
, data_len
);
2999 reply_doserror(req
, ERRDOS
, ERRnomem
);
3005 /* set params Size of returned Quota Data 4 bytes*/
3006 SIVAL(params
,0,data_len
);
3008 /* nextoffset entry 4 bytes */
3011 /* then the len of the SID 4 bytes */
3012 SIVAL(entry
,4,sid_len
);
3014 /* unknown data 8 bytes SMB_BIG_UINT */
3015 SBIG_UINT(entry
,8,(SMB_BIG_UINT
)0); /* this is not 0 in windows...-mezte*/
3017 /* the used disk space 8 bytes SMB_BIG_UINT */
3018 SBIG_UINT(entry
,16,qt
.usedspace
);
3020 /* the soft quotas 8 bytes SMB_BIG_UINT */
3021 SBIG_UINT(entry
,24,qt
.softlim
);
3023 /* the hard quotas 8 bytes SMB_BIG_UINT */
3024 SBIG_UINT(entry
,32,qt
.hardlim
);
3026 /* and now the SID */
3027 sid_linearize(entry
+40, sid_len
, &sid
);
3032 DEBUG(0,("do_nt_transact_get_user_quota: fnum %d unknown level 0x%04hX\n",fsp
->fnum
,level
));
3033 reply_doserror(req
, ERRSRV
, ERRerror
);
3038 send_nt_replies(req
, nt_status
, params
, param_len
,
3042 /****************************************************************************
3043 Reply to set user quota
3044 ****************************************************************************/
3046 static void call_nt_transact_set_user_quota(connection_struct
*conn
,
3047 struct smb_request
*req
,
3051 uint32 parameter_count
,
3054 uint32 max_data_count
)
3056 char *params
= *ppparams
;
3057 char *pdata
= *ppdata
;
3058 int data_len
=0,param_len
=0;
3059 SMB_NTQUOTA_STRUCT qt
;
3062 files_struct
*fsp
= NULL
;
3067 if (current_user
.ut
.uid
!= 0) {
3068 DEBUG(1,("set_user_quota: access_denied service [%s] user [%s]\n",
3069 lp_servicename(SNUM(conn
)),conn
->user
));
3070 reply_doserror(req
, ERRDOS
, ERRnoaccess
);
3075 * Ensure minimum number of parameters sent.
3078 if (parameter_count
< 2) {
3079 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count
));
3080 reply_doserror(req
, ERRDOS
, ERRinvalidparam
);
3084 /* maybe we can check the quota_fnum */
3085 fsp
= file_fsp(SVAL(params
,0));
3086 if (!CHECK_NTQUOTA_HANDLE_OK(fsp
,conn
)) {
3087 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
3088 reply_nterror(req
, NT_STATUS_INVALID_HANDLE
);
3092 if (data_count
< 40) {
3093 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count
,40));
3094 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3098 /* offset to next quota record.
3099 * 4 bytes IVAL(pdata,0)
3104 sid_len
= IVAL(pdata
,4);
3106 if (data_count
< 40+sid_len
) {
3107 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count
,(unsigned long)40+sid_len
));
3108 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3112 /* unknown 8 bytes in pdata
3113 * maybe its the change time in NTTIME
3116 /* the used space 8 bytes (SMB_BIG_UINT)*/
3117 qt
.usedspace
= (SMB_BIG_UINT
)IVAL(pdata
,16);
3118 #ifdef LARGE_SMB_OFF_T
3119 qt
.usedspace
|= (((SMB_BIG_UINT
)IVAL(pdata
,20)) << 32);
3120 #else /* LARGE_SMB_OFF_T */
3121 if ((IVAL(pdata
,20) != 0)&&
3122 ((qt
.usedspace
!= 0xFFFFFFFF)||
3123 (IVAL(pdata
,20)!=0xFFFFFFFF))) {
3124 /* more than 32 bits? */
3125 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3128 #endif /* LARGE_SMB_OFF_T */
3130 /* the soft quotas 8 bytes (SMB_BIG_UINT)*/
3131 qt
.softlim
= (SMB_BIG_UINT
)IVAL(pdata
,24);
3132 #ifdef LARGE_SMB_OFF_T
3133 qt
.softlim
|= (((SMB_BIG_UINT
)IVAL(pdata
,28)) << 32);
3134 #else /* LARGE_SMB_OFF_T */
3135 if ((IVAL(pdata
,28) != 0)&&
3136 ((qt
.softlim
!= 0xFFFFFFFF)||
3137 (IVAL(pdata
,28)!=0xFFFFFFFF))) {
3138 /* more than 32 bits? */
3139 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3142 #endif /* LARGE_SMB_OFF_T */
3144 /* the hard quotas 8 bytes (SMB_BIG_UINT)*/
3145 qt
.hardlim
= (SMB_BIG_UINT
)IVAL(pdata
,32);
3146 #ifdef LARGE_SMB_OFF_T
3147 qt
.hardlim
|= (((SMB_BIG_UINT
)IVAL(pdata
,36)) << 32);
3148 #else /* LARGE_SMB_OFF_T */
3149 if ((IVAL(pdata
,36) != 0)&&
3150 ((qt
.hardlim
!= 0xFFFFFFFF)||
3151 (IVAL(pdata
,36)!=0xFFFFFFFF))) {
3152 /* more than 32 bits? */
3153 reply_doserror(req
, ERRDOS
, ERRunknownlevel
);
3156 #endif /* LARGE_SMB_OFF_T */
3158 sid_parse(pdata
+40,sid_len
,&sid
);
3159 DEBUGADD(8,("SID: %s\n",sid_string_static(&sid
)));
3161 /* 44 unknown bytes left... */
3163 if (vfs_set_ntquota(fsp
, SMB_USER_QUOTA_TYPE
, &sid
, &qt
)!=0) {
3164 reply_doserror(req
, ERRSRV
, ERRerror
);
3168 send_nt_replies(req
, NT_STATUS_OK
, params
, param_len
,
3171 #endif /* HAVE_SYS_QUOTAS */
3173 static void handle_nttrans(connection_struct
*conn
,
3174 struct trans_state
*state
,
3175 struct smb_request
*req
)
3177 if (Protocol
>= PROTOCOL_NT1
) {
3178 req
->flags2
|= 0x40; /* IS_LONG_NAME */
3179 SSVAL(req
->inbuf
,smb_flg2
,req
->flags2
);
3182 /* Now we must call the relevant NT_TRANS function */
3183 switch(state
->call
) {
3184 case NT_TRANSACT_CREATE
:
3186 START_PROFILE(NT_transact_create
);
3187 call_nt_transact_create(
3189 &state
->setup
, state
->setup_count
,
3190 &state
->param
, state
->total_param
,
3191 &state
->data
, state
->total_data
,
3192 state
->max_data_return
);
3193 END_PROFILE(NT_transact_create
);
3197 case NT_TRANSACT_IOCTL
:
3199 START_PROFILE(NT_transact_ioctl
);
3200 call_nt_transact_ioctl(
3202 &state
->setup
, state
->setup_count
,
3203 &state
->param
, state
->total_param
,
3204 &state
->data
, state
->total_data
,
3205 state
->max_data_return
);
3206 END_PROFILE(NT_transact_ioctl
);
3210 case NT_TRANSACT_SET_SECURITY_DESC
:
3212 START_PROFILE(NT_transact_set_security_desc
);
3213 call_nt_transact_set_security_desc(
3215 &state
->setup
, state
->setup_count
,
3216 &state
->param
, state
->total_param
,
3217 &state
->data
, state
->total_data
,
3218 state
->max_data_return
);
3219 END_PROFILE(NT_transact_set_security_desc
);
3223 case NT_TRANSACT_NOTIFY_CHANGE
:
3225 START_PROFILE(NT_transact_notify_change
);
3226 call_nt_transact_notify_change(
3228 &state
->setup
, state
->setup_count
,
3229 &state
->param
, state
->total_param
,
3230 &state
->data
, state
->total_data
,
3231 state
->max_data_return
,
3232 state
->max_param_return
);
3233 END_PROFILE(NT_transact_notify_change
);
3237 case NT_TRANSACT_RENAME
:
3239 START_PROFILE(NT_transact_rename
);
3240 call_nt_transact_rename(
3242 &state
->setup
, state
->setup_count
,
3243 &state
->param
, state
->total_param
,
3244 &state
->data
, state
->total_data
,
3245 state
->max_data_return
);
3246 END_PROFILE(NT_transact_rename
);
3250 case NT_TRANSACT_QUERY_SECURITY_DESC
:
3252 START_PROFILE(NT_transact_query_security_desc
);
3253 call_nt_transact_query_security_desc(
3255 &state
->setup
, state
->setup_count
,
3256 &state
->param
, state
->total_param
,
3257 &state
->data
, state
->total_data
,
3258 state
->max_data_return
);
3259 END_PROFILE(NT_transact_query_security_desc
);
3263 #ifdef HAVE_SYS_QUOTAS
3264 case NT_TRANSACT_GET_USER_QUOTA
:
3266 START_PROFILE(NT_transact_get_user_quota
);
3267 call_nt_transact_get_user_quota(
3269 &state
->setup
, state
->setup_count
,
3270 &state
->param
, state
->total_param
,
3271 &state
->data
, state
->total_data
,
3272 state
->max_data_return
);
3273 END_PROFILE(NT_transact_get_user_quota
);
3277 case NT_TRANSACT_SET_USER_QUOTA
:
3279 START_PROFILE(NT_transact_set_user_quota
);
3280 call_nt_transact_set_user_quota(
3282 &state
->setup
, state
->setup_count
,
3283 &state
->param
, state
->total_param
,
3284 &state
->data
, state
->total_data
,
3285 state
->max_data_return
);
3286 END_PROFILE(NT_transact_set_user_quota
);
3289 #endif /* HAVE_SYS_QUOTAS */
3292 /* Error in request */
3293 DEBUG(0,("handle_nttrans: Unknown request %d in "
3294 "nttrans call\n", state
->call
));
3295 reply_doserror(req
, ERRSRV
, ERRerror
);
3301 /****************************************************************************
3302 Reply to a SMBNTtrans.
3303 ****************************************************************************/
3305 void reply_nttrans(connection_struct
*conn
, struct smb_request
*req
)
3311 uint16 function_code
;
3313 struct trans_state
*state
;
3316 START_PROFILE(SMBnttrans
);
3318 if (req
->wct
< 19) {
3319 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3320 END_PROFILE(SMBnttrans
);
3324 size
= smb_len(req
->inbuf
) + 4;
3325 pscnt
= IVAL(req
->inbuf
,smb_nt_ParameterCount
);
3326 psoff
= IVAL(req
->inbuf
,smb_nt_ParameterOffset
);
3327 dscnt
= IVAL(req
->inbuf
,smb_nt_DataCount
);
3328 dsoff
= IVAL(req
->inbuf
,smb_nt_DataOffset
);
3329 function_code
= SVAL(req
->inbuf
, smb_nt_Function
);
3331 if (IS_IPC(conn
) && (function_code
!= NT_TRANSACT_CREATE
)) {
3332 reply_doserror(req
, ERRSRV
, ERRaccess
);
3333 END_PROFILE(SMBnttrans
);
3337 result
= allow_new_trans(conn
->pending_trans
, req
->mid
);
3338 if (!NT_STATUS_IS_OK(result
)) {
3339 DEBUG(2, ("Got invalid nttrans request: %s\n", nt_errstr(result
)));
3340 reply_nterror(req
, result
);
3341 END_PROFILE(SMBnttrans
);
3345 if ((state
= TALLOC_P(conn
->mem_ctx
, struct trans_state
)) == NULL
) {
3346 reply_doserror(req
, ERRSRV
, ERRaccess
);
3347 END_PROFILE(SMBnttrans
);
3351 state
->cmd
= SMBnttrans
;
3353 state
->mid
= req
->mid
;
3354 state
->vuid
= req
->vuid
;
3355 state
->total_data
= IVAL(req
->inbuf
, smb_nt_TotalDataCount
);
3357 state
->total_param
= IVAL(req
->inbuf
, smb_nt_TotalParameterCount
);
3358 state
->param
= NULL
;
3359 state
->max_data_return
= IVAL(req
->inbuf
,smb_nt_MaxDataCount
);
3360 state
->max_param_return
= IVAL(req
->inbuf
,smb_nt_MaxParameterCount
);
3362 /* setup count is in *words* */
3363 state
->setup_count
= 2*CVAL(req
->inbuf
,smb_nt_SetupCount
);
3364 state
->setup
= NULL
;
3365 state
->call
= function_code
;
3368 * All nttrans messages we handle have smb_wct == 19 +
3369 * state->setup_count. Ensure this is so as a sanity check.
3372 if(req
->wct
!= 19 + (state
->setup_count
/2)) {
3373 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
3374 req
->wct
, 19 + (state
->setup_count
/2)));
3378 /* Don't allow more than 128mb for each value. */
3379 if ((state
->total_data
> (1024*1024*128)) ||
3380 (state
->total_param
> (1024*1024*128))) {
3381 reply_doserror(req
, ERRDOS
, ERRnomem
);
3382 END_PROFILE(SMBnttrans
);
3386 if ((dscnt
> state
->total_data
) || (pscnt
> state
->total_param
))
3389 if (state
->total_data
) {
3390 /* Can't use talloc here, the core routines do realloc on the
3391 * params and data. */
3392 if ((state
->data
= (char *)SMB_MALLOC(state
->total_data
)) == NULL
) {
3393 DEBUG(0,("reply_nttrans: data malloc fail for %u "
3394 "bytes !\n", (unsigned int)state
->total_data
));
3396 reply_doserror(req
, ERRDOS
, ERRnomem
);
3397 END_PROFILE(SMBnttrans
);
3400 if ((dsoff
+dscnt
< dsoff
) || (dsoff
+dscnt
< dscnt
))
3402 if ((smb_base(req
->inbuf
)+dsoff
+dscnt
3403 > (char *)req
->inbuf
+ size
) ||
3404 (smb_base(req
->inbuf
)+dsoff
+dscnt
< smb_base(req
->inbuf
)))
3407 memcpy(state
->data
,smb_base(req
->inbuf
)+dsoff
,dscnt
);
3410 if (state
->total_param
) {
3411 /* Can't use talloc here, the core routines do realloc on the
3412 * params and data. */
3413 if ((state
->param
= (char *)SMB_MALLOC(state
->total_param
)) == NULL
) {
3414 DEBUG(0,("reply_nttrans: param malloc fail for %u "
3415 "bytes !\n", (unsigned int)state
->total_param
));
3416 SAFE_FREE(state
->data
);
3418 reply_doserror(req
, ERRDOS
, ERRnomem
);
3419 END_PROFILE(SMBnttrans
);
3422 if ((psoff
+pscnt
< psoff
) || (psoff
+pscnt
< pscnt
))
3424 if ((smb_base(req
->inbuf
)+psoff
+pscnt
3425 > (char *)req
->inbuf
+ size
) ||
3426 (smb_base(req
->inbuf
)+psoff
+pscnt
< smb_base(req
->inbuf
)))
3429 memcpy(state
->param
,smb_base(req
->inbuf
)+psoff
,pscnt
);
3432 state
->received_data
= dscnt
;
3433 state
->received_param
= pscnt
;
3435 if(state
->setup_count
> 0) {
3436 DEBUG(10,("reply_nttrans: state->setup_count = %d\n",
3437 state
->setup_count
));
3438 state
->setup
= (uint16
*)TALLOC(state
, state
->setup_count
);
3439 if (state
->setup
== NULL
) {
3440 DEBUG(0,("reply_nttrans : Out of memory\n"));
3441 SAFE_FREE(state
->data
);
3442 SAFE_FREE(state
->param
);
3444 reply_doserror(req
, ERRDOS
, ERRnomem
);
3445 END_PROFILE(SMBnttrans
);
3449 if ((smb_nt_SetupStart
+ state
->setup_count
< smb_nt_SetupStart
) ||
3450 (smb_nt_SetupStart
+ state
->setup_count
< state
->setup_count
)) {
3453 if (smb_nt_SetupStart
+ state
->setup_count
> size
) {
3457 memcpy( state
->setup
, &req
->inbuf
[smb_nt_SetupStart
],
3458 state
->setup_count
);
3459 dump_data(10, (uint8
*)state
->setup
, state
->setup_count
);
3462 if ((state
->received_data
== state
->total_data
) &&
3463 (state
->received_param
== state
->total_param
)) {
3464 handle_nttrans(conn
, state
, req
);
3465 SAFE_FREE(state
->param
);
3466 SAFE_FREE(state
->data
);
3468 END_PROFILE(SMBnttrans
);
3472 DLIST_ADD(conn
->pending_trans
, state
);
3474 /* We need to send an interim response then receive the rest
3475 of the parameter/data bytes */
3476 reply_outbuf(req
, 0, 0);
3477 show_msg((char *)req
->outbuf
);
3478 END_PROFILE(SMBnttrans
);
3483 DEBUG(0,("reply_nttrans: invalid trans parameters\n"));
3484 SAFE_FREE(state
->data
);
3485 SAFE_FREE(state
->param
);
3487 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3488 END_PROFILE(SMBnttrans
);
3492 /****************************************************************************
3493 Reply to a SMBnttranss
3494 ****************************************************************************/
3496 void reply_nttranss(connection_struct
*conn
, struct smb_request
*req
)
3498 unsigned int pcnt
,poff
,dcnt
,doff
,pdisp
,ddisp
;
3499 struct trans_state
*state
;
3503 START_PROFILE(SMBnttranss
);
3505 show_msg((char *)req
->inbuf
);
3507 if (req
->wct
< 18) {
3508 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3509 END_PROFILE(SMBnttranss
);
3513 for (state
= conn
->pending_trans
; state
!= NULL
;
3514 state
= state
->next
) {
3515 if (state
->mid
== req
->mid
) {
3520 if ((state
== NULL
) || (state
->cmd
!= SMBnttrans
)) {
3521 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3522 END_PROFILE(SMBnttranss
);
3526 /* Revise state->total_param and state->total_data in case they have
3527 changed downwards */
3528 if (IVAL(req
->inbuf
, smb_nts_TotalParameterCount
)
3529 < state
->total_param
) {
3530 state
->total_param
= IVAL(req
->inbuf
,
3531 smb_nts_TotalParameterCount
);
3533 if (IVAL(req
->inbuf
, smb_nts_TotalDataCount
) < state
->total_data
) {
3534 state
->total_data
= IVAL(req
->inbuf
, smb_nts_TotalDataCount
);
3537 size
= smb_len(req
->inbuf
) + 4;
3539 pcnt
= IVAL(req
->inbuf
,smb_nts_ParameterCount
);
3540 poff
= IVAL(req
->inbuf
, smb_nts_ParameterOffset
);
3541 pdisp
= IVAL(req
->inbuf
, smb_nts_ParameterDisplacement
);
3543 dcnt
= IVAL(req
->inbuf
, smb_nts_DataCount
);
3544 ddisp
= IVAL(req
->inbuf
, smb_nts_DataDisplacement
);
3545 doff
= IVAL(req
->inbuf
, smb_nts_DataOffset
);
3547 state
->received_param
+= pcnt
;
3548 state
->received_data
+= dcnt
;
3550 if ((state
->received_data
> state
->total_data
) ||
3551 (state
->received_param
> state
->total_param
))
3555 if (pdisp
+pcnt
> state
->total_param
)
3557 if ((pdisp
+pcnt
< pdisp
) || (pdisp
+pcnt
< pcnt
))
3559 if (pdisp
> state
->total_param
)
3561 if ((smb_base(req
->inbuf
) + poff
+ pcnt
3562 > (char *)req
->inbuf
+ size
) ||
3563 (smb_base(req
->inbuf
) + poff
+ pcnt
3564 < smb_base(req
->inbuf
)))
3566 if (state
->param
+ pdisp
< state
->param
)
3569 memcpy(state
->param
+pdisp
, smb_base(req
->inbuf
)+poff
,
3574 if (ddisp
+dcnt
> state
->total_data
)
3576 if ((ddisp
+dcnt
< ddisp
) || (ddisp
+dcnt
< dcnt
))
3578 if (ddisp
> state
->total_data
)
3580 if ((smb_base(req
->inbuf
) + doff
+ dcnt
3581 > (char *)req
->inbuf
+ size
) ||
3582 (smb_base(req
->inbuf
) + doff
+ dcnt
3583 < smb_base(req
->inbuf
)))
3585 if (state
->data
+ ddisp
< state
->data
)
3588 memcpy(state
->data
+ddisp
, smb_base(req
->inbuf
)+doff
,
3592 if ((state
->received_param
< state
->total_param
) ||
3593 (state
->received_data
< state
->total_data
)) {
3594 END_PROFILE(SMBnttranss
);
3599 * construct_reply_common will copy smb_com from inbuf to
3600 * outbuf. SMBnttranss is wrong here.
3602 SCVAL(req
->inbuf
,smb_com
,SMBnttrans
);
3604 handle_nttrans(conn
, state
, req
);
3606 DLIST_REMOVE(conn
->pending_trans
, state
);
3607 SAFE_FREE(state
->data
);
3608 SAFE_FREE(state
->param
);
3610 END_PROFILE(SMBnttranss
);
3615 DEBUG(0,("reply_nttranss: invalid trans parameters\n"));
3616 DLIST_REMOVE(conn
->pending_trans
, state
);
3617 SAFE_FREE(state
->data
);
3618 SAFE_FREE(state
->param
);
3620 reply_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
3621 END_PROFILE(SMBnttranss
);