source: branches/samba-3.2.x/source/smbd/reply.c@ 203

Last change on this file since 203 was 149, checked in by Paul Smedley, 17 years ago

Update trunk to v3.2.2
File size: 180.5 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001
6 Copyright (C) Jeremy Allison 1992-2007.
7 Copyright (C) Volker Lendecke 2007
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21*/
22/*
23 This file handles most of the reply_ calls that the server
24 makes to handle specific protocols
25*/
26
27#include "includes.h"
28
29/* look in server.c for some explanation of these variables */
30extern enum protocol_types Protocol;
31extern int max_recv;
32unsigned int smb_echo_count = 0;
33extern uint32 global_client_caps;
34
35extern struct current_user current_user;
36extern bool global_encrypted_passwords_negotiated;
37
38/****************************************************************************
39 Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
40 path or anything including wildcards.
41 We're assuming here that '/' is not the second byte in any multibyte char
42 set (a safe assumption). '\\' *may* be the second byte in a multibyte char
43 set.
44****************************************************************************/
45
46/* Custom version for processing POSIX paths. */
47#define IS_PATH_SEP(c,posix_only) ((c) == '/' || (!(posix_only) && (c) == '\\'))
48
49static NTSTATUS check_path_syntax_internal(char *path,
50 bool posix_path,
51 bool *p_last_component_contains_wcard)
52{
53 char *d = path;
54 const char *s = path;
55 NTSTATUS ret = NT_STATUS_OK;
56 bool start_of_name_component = True;
57
58 *p_last_component_contains_wcard = False;
59
60 while (*s) {
61 if (IS_PATH_SEP(*s,posix_path)) {
62 /*
63 * Safe to assume is not the second part of a mb char
64 * as this is handled below.
65 */
66 /* Eat multiple '/' or '\\' */
67 while (IS_PATH_SEP(*s,posix_path)) {
68 s++;
69 }
70 if ((d != path) && (*s != '\0')) {
71 /* We only care about non-leading or trailing '/' or '\\' */
72 *d++ = '/';
73 }
74
75 start_of_name_component = True;
76 /* New component. */
77 *p_last_component_contains_wcard = False;
78 continue;
79 }
80
81 if (start_of_name_component) {
82 if ((s[0] == '.') && (s[1] == '.') && (IS_PATH_SEP(s[2],posix_path) || s[2] == '\0')) {
83 /* Uh oh - "/../" or "\\..\\" or "/..\0" or "\\..\0" ! */
84
85 /*
86 * No mb char starts with '.' so we're safe checking the directory separator here.
87 */
88
89 /* If we just added a '/' - delete it */
90 if ((d > path) && (*(d-1) == '/')) {
91 *(d-1) = '\0';
92 d--;
93 }
94
95 /* Are we at the start ? Can't go back further if so. */
96 if (d <= path) {
97 ret = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
98 break;
99 }
100 /* Go back one level... */
101 /* We know this is safe as '/' cannot be part of a mb sequence. */
102 /* NOTE - if this assumption is invalid we are not in good shape... */
103 /* Decrement d first as d points to the *next* char to write into. */
104 for (d--; d > path; d--) {
105 if (*d == '/')
106 break;
107 }
108 s += 2; /* Else go past the .. */
109 /* We're still at the start of a name component, just the previous one. */
110 continue;
111
112 } else if ((s[0] == '.') && ((s[1] == '\0') || IS_PATH_SEP(s[1],posix_path))) {
113 if (posix_path) {
114 /* Eat the '.' */
115 s++;
116 continue;
117 }
118 }
119
120 }
121
122 if (!(*s & 0x80)) {
123 if (!posix_path) {
124 if (*s <= 0x1f) {
125 return NT_STATUS_OBJECT_NAME_INVALID;
126 }
127 switch (*s) {
128 case '*':
129 case '?':
130 case '<':
131 case '>':
132 case '"':
133 *p_last_component_contains_wcard = True;
134 break;
135 default:
136 break;
137 }
138 }
139 *d++ = *s++;
140 } else {
141 size_t siz;
142 /* Get the size of the next MB character. */
143 next_codepoint(s,&siz);
144 switch(siz) {
145 case 5:
146 *d++ = *s++;
147 /*fall through*/
148 case 4:
149 *d++ = *s++;
150 /*fall through*/
151 case 3:
152 *d++ = *s++;
153 /*fall through*/
154 case 2:
155 *d++ = *s++;
156 /*fall through*/
157 case 1:
158 *d++ = *s++;
159 break;
160 default:
161 DEBUG(0,("check_path_syntax_internal: character length assumptions invalid !\n"));
162 *d = '\0';
163 return NT_STATUS_INVALID_PARAMETER;
164 }
165 }
166 start_of_name_component = False;
167 }
168
169 *d = '\0';
170
171 return ret;
172}
173
174/****************************************************************************
175 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
176 No wildcards allowed.
177****************************************************************************/
178
179NTSTATUS check_path_syntax(char *path)
180{
181 bool ignore;
182 return check_path_syntax_internal(path, False, &ignore);
183}
184
185/****************************************************************************
186 Ensure we check the path in *exactly* the same way as W2K for regular pathnames.
187 Wildcards allowed - p_contains_wcard returns true if the last component contained
188 a wildcard.
189****************************************************************************/
190
191NTSTATUS check_path_syntax_wcard(char *path, bool *p_contains_wcard)
192{
193 return check_path_syntax_internal(path, False, p_contains_wcard);
194}
195
196/****************************************************************************
197 Check the path for a POSIX client.
198 We're assuming here that '/' is not the second byte in any multibyte char
199 set (a safe assumption).
200****************************************************************************/
201
202NTSTATUS check_path_syntax_posix(char *path)
203{
204 bool ignore;
205 return check_path_syntax_internal(path, True, &ignore);
206}
207
208/****************************************************************************
209 Pull a string and check the path allowing a wilcard - provide for error return.
210****************************************************************************/
211
212size_t srvstr_get_path_wcard(TALLOC_CTX *ctx,
213 const char *inbuf,
214 uint16 smb_flags2,
215 char **pp_dest,
216 const char *src,
217 size_t src_len,
218 int flags,
219 NTSTATUS *err,
220 bool *contains_wcard)
221{
222 size_t ret;
223
224 *pp_dest = NULL;
225
226 if (src_len == 0) {
227 ret = srvstr_pull_buf_talloc(ctx,
228 inbuf,
229 smb_flags2,
230 pp_dest,
231 src,
232 flags);
233 } else {
234 ret = srvstr_pull_talloc(ctx,
235 inbuf,
236 smb_flags2,
237 pp_dest,
238 src,
239 src_len,
240 flags);
241 }
242
243 if (!*pp_dest) {
244 *err = NT_STATUS_INVALID_PARAMETER;
245 return ret;
246 }
247
248 *contains_wcard = False;
249
250 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
251 /*
252 * For a DFS path the function parse_dfs_path()
253 * will do the path processing, just make a copy.
254 */
255 *err = NT_STATUS_OK;
256 return ret;
257 }
258
259 if (lp_posix_pathnames()) {
260 *err = check_path_syntax_posix(*pp_dest);
261 } else {
262 *err = check_path_syntax_wcard(*pp_dest, contains_wcard);
263 }
264
265 return ret;
266}
267
268/****************************************************************************
269 Pull a string and check the path - provide for error return.
270****************************************************************************/
271
272size_t srvstr_get_path(TALLOC_CTX *ctx,
273 const char *inbuf,
274 uint16 smb_flags2,
275 char **pp_dest,
276 const char *src,
277 size_t src_len,
278 int flags,
279 NTSTATUS *err)
280{
281 size_t ret;
282
283 *pp_dest = NULL;
284
285 if (src_len == 0) {
286 ret = srvstr_pull_buf_talloc(ctx,
287 inbuf,
288 smb_flags2,
289 pp_dest,
290 src,
291 flags);
292 } else {
293 ret = srvstr_pull_talloc(ctx,
294 inbuf,
295 smb_flags2,
296 pp_dest,
297 src,
298 src_len,
299 flags);
300 }
301
302 if (!*pp_dest) {
303 *err = NT_STATUS_INVALID_PARAMETER;
304 return ret;
305 }
306
307 if (smb_flags2 & FLAGS2_DFS_PATHNAMES) {
308 /*
309 * For a DFS path the function parse_dfs_path()
310 * will do the path processing, just make a copy.
311 */
312 *err = NT_STATUS_OK;
313 return ret;
314 }
315
316 if (lp_posix_pathnames()) {
317 *err = check_path_syntax_posix(*pp_dest);
318 } else {
319 *err = check_path_syntax(*pp_dest);
320 }
321
322 return ret;
323}
324
325/****************************************************************************
326 Check if we have a correct fsp pointing to a file. Basic check for open fsp.
327****************************************************************************/
328
329bool check_fsp_open(connection_struct *conn, struct smb_request *req,
330 files_struct *fsp, struct current_user *user)
331{
332 if (!(fsp) || !(conn)) {
333 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
334 return False;
335 }
336 if (((conn) != (fsp)->conn) || user->vuid != (fsp)->vuid) {
337 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
338 return False;
339 }
340 return True;
341}
342
343/****************************************************************************
344 Check if we have a correct fsp pointing to a file. Replacement for the
345 CHECK_FSP macro.
346****************************************************************************/
347
348bool check_fsp(connection_struct *conn, struct smb_request *req,
349 files_struct *fsp, struct current_user *user)
350{
351 if (!check_fsp_open(conn, req, fsp, user)) {
352 return False;
353 }
354 if ((fsp)->is_directory) {
355 reply_nterror(req, NT_STATUS_INVALID_DEVICE_REQUEST);
356 return False;
357 }
358 if ((fsp)->fh->fd == -1) {
359 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
360 return False;
361 }
362 (fsp)->num_smb_operations++;
363 return True;
364}
365
366/****************************************************************************
367 Check if we have a correct fsp. Replacement for the FSP_BELONGS_CONN macro
368****************************************************************************/
369
370bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
371 files_struct *fsp, struct current_user *user)
372{
373 if ((fsp) && (conn) && ((conn)==(fsp)->conn)
374 && (current_user.vuid==(fsp)->vuid)) {
375 return True;
376 }
377
378 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
379 return False;
380}
381
382/****************************************************************************
383 Reply to a (netbios-level) special message.
384****************************************************************************/
385
386void reply_special(char *inbuf)
387{
388 int msg_type = CVAL(inbuf,0);
389 int msg_flags = CVAL(inbuf,1);
390 fstring name1,name2;
391 char name_type = 0;
392
393 /*
394 * We only really use 4 bytes of the outbuf, but for the smb_setlen
395 * calculation & friends (srv_send_smb uses that) we need the full smb
396 * header.
397 */
398 char outbuf[smb_size];
399
400 static bool already_got_session = False;
401
402 *name1 = *name2 = 0;
403
404 memset(outbuf, '\0', sizeof(outbuf));
405
406 smb_setlen(outbuf,0);
407
408 switch (msg_type) {
409 case 0x81: /* session request */
410
411 if (already_got_session) {
412 exit_server_cleanly("multiple session request not permitted");
413 }
414
415 SCVAL(outbuf,0,0x82);
416 SCVAL(outbuf,3,0);
417 if (name_len(inbuf+4) > 50 ||
418 name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
419 DEBUG(0,("Invalid name length in session request\n"));
420 return;
421 }
422 name_extract(inbuf,4,name1);
423 name_type = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
424 DEBUG(2,("netbios connect: name1=%s name2=%s\n",
425 name1,name2));
426
427 set_local_machine_name(name1, True);
428 set_remote_machine_name(name2, True);
429
430 DEBUG(2,("netbios connect: local=%s remote=%s, name type = %x\n",
431 get_local_machine_name(), get_remote_machine_name(),
432 name_type));
433
434 if (name_type == 'R') {
435 /* We are being asked for a pathworks session ---
436 no thanks! */
437 SCVAL(outbuf, 0,0x83);
438 break;
439 }
440
441 /* only add the client's machine name to the list
442 of possibly valid usernames if we are operating
443 in share mode security */
444 if (lp_security() == SEC_SHARE) {
445 add_session_user(get_remote_machine_name());
446 }
447
448 reload_services(True);
449 reopen_logs();
450
451 already_got_session = True;
452 break;
453
454 case 0x89: /* session keepalive request
455 (some old clients produce this?) */
456 SCVAL(outbuf,0,SMBkeepalive);
457 SCVAL(outbuf,3,0);
458 break;
459
460 case 0x82: /* positive session response */
461 case 0x83: /* negative session response */
462 case 0x84: /* retarget session response */
463 DEBUG(0,("Unexpected session response\n"));
464 break;
465
466 case SMBkeepalive: /* session keepalive */
467 default:
468 return;
469 }
470
471 DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
472 msg_type, msg_flags));
473
474 srv_send_smb(smbd_server_fd(), outbuf, false);
475 return;
476}
477
478/****************************************************************************
479 Reply to a tcon.
480 conn POINTER CAN BE NULL HERE !
481****************************************************************************/
482
483void reply_tcon(struct smb_request *req)
484{
485 connection_struct *conn = req->conn;
486 const char *service;
487 char *service_buf = NULL;
488 char *password = NULL;
489 char *dev = NULL;
490 int pwlen=0;
491 NTSTATUS nt_status;
492 char *p;
493 DATA_BLOB password_blob;
494 TALLOC_CTX *ctx = talloc_tos();
495
496 START_PROFILE(SMBtcon);
497
498 if (smb_buflen(req->inbuf) < 4) {
499 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
500 END_PROFILE(SMBtcon);
501 return;
502 }
503
504 p = smb_buf(req->inbuf)+1;
505 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
506 &service_buf, p, STR_TERMINATE) + 1;
507 pwlen = srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
508 &password, p, STR_TERMINATE) + 1;
509 p += pwlen;
510 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2,
511 &dev, p, STR_TERMINATE) + 1;
512
513 if (service_buf == NULL || password == NULL || dev == NULL) {
514 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
515 END_PROFILE(SMBtcon);
516 return;
517 }
518 p = strrchr_m(service_buf,'\\');
519 if (p) {
520 service = p+1;
521 } else {
522 service = service_buf;
523 }
524
525 password_blob = data_blob(password, pwlen+1);
526
527 conn = make_connection(service,password_blob,dev,req->vuid,&nt_status);
528 req->conn = conn;
529
530 data_blob_clear_free(&password_blob);
531
532 if (!conn) {
533 reply_nterror(req, nt_status);
534 END_PROFILE(SMBtcon);
535 return;
536 }
537
538 reply_outbuf(req, 2, 0);
539 SSVAL(req->outbuf,smb_vwv0,max_recv);
540 SSVAL(req->outbuf,smb_vwv1,conn->cnum);
541 SSVAL(req->outbuf,smb_tid,conn->cnum);
542
543 DEBUG(3,("tcon service=%s cnum=%d\n",
544 service, conn->cnum));
545
546 END_PROFILE(SMBtcon);
547 return;
548}
549
550/****************************************************************************
551 Reply to a tcon and X.
552 conn POINTER CAN BE NULL HERE !
553****************************************************************************/
554
555void reply_tcon_and_X(struct smb_request *req)
556{
557 connection_struct *conn = req->conn;
558 char *service = NULL;
559 DATA_BLOB password;
560 TALLOC_CTX *ctx = talloc_tos();
561 /* what the cleint thinks the device is */
562 char *client_devicetype = NULL;
563 /* what the server tells the client the share represents */
564 const char *server_devicetype;
565 NTSTATUS nt_status;
566 int passlen;
567 char *path = NULL;
568 char *p, *q;
569 uint16 tcon_flags;
570
571 START_PROFILE(SMBtconX);
572
573 if (req->wct < 4) {
574 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
575 END_PROFILE(SMBtconX);
576 return;
577 }
578
579 passlen = SVAL(req->inbuf,smb_vwv3);
580 tcon_flags = SVAL(req->inbuf,smb_vwv2);
581
582 /* we might have to close an old one */
583 if ((tcon_flags & 0x1) && conn) {
584 close_cnum(conn,req->vuid);
585 req->conn = NULL;
586 conn = NULL;
587 }
588
589 if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
590 reply_doserror(req, ERRDOS, ERRbuftoosmall);
591 END_PROFILE(SMBtconX);
592 return;
593 }
594
595 if (global_encrypted_passwords_negotiated) {
596 password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf),
597 passlen);
598 if (lp_security() == SEC_SHARE) {
599 /*
600 * Security = share always has a pad byte
601 * after the password.
602 */
603 p = smb_buf(req->inbuf) + passlen + 1;
604 } else {
605 p = smb_buf(req->inbuf) + passlen;
606 }
607 } else {
608 password = data_blob_talloc(talloc_tos(), smb_buf(req->inbuf),
609 passlen+1);
610 /* Ensure correct termination */
611 password.data[passlen]=0;
612 p = smb_buf(req->inbuf) + passlen + 1;
613 }
614
615 p += srvstr_pull_buf_talloc(ctx, req->inbuf, req->flags2, &path, p,
616 STR_TERMINATE);
617
618 if (path == NULL) {
619 data_blob_clear_free(&password);
620 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
621 END_PROFILE(SMBtconX);
622 return;
623 }
624
625 /*
626 * the service name can be either: \\server\share
627 * or share directly like on the DELL PowerVault 705
628 */
629 if (*path=='\\') {
630 q = strchr_m(path+2,'\\');
631 if (!q) {
632 data_blob_clear_free(&password);
633 reply_doserror(req, ERRDOS, ERRnosuchshare);
634 END_PROFILE(SMBtconX);
635 return;
636 }
637 service = q+1;
638 } else {
639 service = path;
640 }
641
642 p += srvstr_pull_talloc(ctx, req->inbuf, req->flags2,
643 &client_devicetype, p,
644 MIN(6,smb_bufrem(req->inbuf, p)), STR_ASCII);
645
646 if (client_devicetype == NULL) {
647 data_blob_clear_free(&password);
648 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
649 END_PROFILE(SMBtconX);
650 return;
651 }
652
653 DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));
654
655 conn = make_connection(service, password, client_devicetype,
656 req->vuid, &nt_status);
657 req->conn =conn;
658
659 data_blob_clear_free(&password);
660
661 if (!conn) {
662 reply_nterror(req, nt_status);
663 END_PROFILE(SMBtconX);
664 return;
665 }
666
667 if ( IS_IPC(conn) )
668 server_devicetype = "IPC";
669 else if ( IS_PRINT(conn) )
670 server_devicetype = "LPT1:";
671 else
672 server_devicetype = "A:";
673
674 if (Protocol < PROTOCOL_NT1) {
675 reply_outbuf(req, 2, 0);
676 if (message_push_string(&req->outbuf, server_devicetype,
677 STR_TERMINATE|STR_ASCII) == -1) {
678 reply_nterror(req, NT_STATUS_NO_MEMORY);
679 END_PROFILE(SMBtconX);
680 return;
681 }
682 } else {
683 /* NT sets the fstype of IPC$ to the null string */
684 const char *fstype = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
685
686 if (tcon_flags & TCONX_FLAG_EXTENDED_RESPONSE) {
687 /* Return permissions. */
688 uint32 perm1 = 0;
689 uint32 perm2 = 0;
690
691 reply_outbuf(req, 7, 0);
692
693 if (IS_IPC(conn)) {
694 perm1 = FILE_ALL_ACCESS;
695 perm2 = FILE_ALL_ACCESS;
696 } else {
697 perm1 = CAN_WRITE(conn) ?
698 SHARE_ALL_ACCESS :
699 SHARE_READ_ONLY;
700 }
701
702 SIVAL(req->outbuf, smb_vwv3, perm1);
703 SIVAL(req->outbuf, smb_vwv5, perm2);
704 } else {
705 reply_outbuf(req, 3, 0);
706 }
707
708 if ((message_push_string(&req->outbuf, server_devicetype,
709 STR_TERMINATE|STR_ASCII) == -1)
710 || (message_push_string(&req->outbuf, fstype,
711 STR_TERMINATE) == -1)) {
712 reply_nterror(req, NT_STATUS_NO_MEMORY);
713 END_PROFILE(SMBtconX);
714 return;
715 }
716
717 /* what does setting this bit do? It is set by NT4 and
718 may affect the ability to autorun mounted cdroms */
719 SSVAL(req->outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
720 (lp_csc_policy(SNUM(conn)) << 2));
721
722 init_dfsroot(conn, req->inbuf, req->outbuf);
723 }
724
725
726 DEBUG(3,("tconX service=%s \n",
727 service));
728
729 /* set the incoming and outgoing tid to the just created one */
730 SSVAL(req->inbuf,smb_tid,conn->cnum);
731 SSVAL(req->outbuf,smb_tid,conn->cnum);
732
733 END_PROFILE(SMBtconX);
734
735 chain_reply(req);
736 return;
737}
738
739/****************************************************************************
740 Reply to an unknown type.
741****************************************************************************/
742
743void reply_unknown_new(struct smb_request *req, uint8 type)
744{
745 DEBUG(0, ("unknown command type (%s): type=%d (0x%X)\n",
746 smb_fn_name(type), type, type));
747 reply_doserror(req, ERRSRV, ERRunknownsmb);
748 return;
749}
750
751/****************************************************************************
752 Reply to an ioctl.
753 conn POINTER CAN BE NULL HERE !
754****************************************************************************/
755
756void reply_ioctl(struct smb_request *req)
757{
758 connection_struct *conn = req->conn;
759 uint16 device;
760 uint16 function;
761 uint32 ioctl_code;
762 int replysize;
763 char *p;
764
765 START_PROFILE(SMBioctl);
766
767 if (req->wct < 3) {
768 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
769 END_PROFILE(SMBioctl);
770 return;
771 }
772
773 device = SVAL(req->inbuf,smb_vwv1);
774 function = SVAL(req->inbuf,smb_vwv2);
775 ioctl_code = (device << 16) + function;
776
777 DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
778
779 switch (ioctl_code) {
780 case IOCTL_QUERY_JOB_INFO:
781 replysize = 32;
782 break;
783 default:
784 reply_doserror(req, ERRSRV, ERRnosupport);
785 END_PROFILE(SMBioctl);
786 return;
787 }
788
789 reply_outbuf(req, 8, replysize+1);
790 SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
791 SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
792 SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
793 p = smb_buf(req->outbuf);
794 memset(p, '\0', replysize+1); /* valgrind-safe. */
795 p += 1; /* Allow for alignment */
796
797 switch (ioctl_code) {
798 case IOCTL_QUERY_JOB_INFO:
799 {
800 files_struct *fsp = file_fsp(SVAL(req->inbuf,
801 smb_vwv0));
802 if (!fsp) {
803 reply_doserror(req, ERRDOS, ERRbadfid);
804 END_PROFILE(SMBioctl);
805 return;
806 }
807 SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
808 srvstr_push((char *)req->outbuf, req->flags2, p+2,
809 global_myname(), 15,
810 STR_TERMINATE|STR_ASCII);
811 if (conn) {
812 srvstr_push((char *)req->outbuf, req->flags2,
813 p+18, lp_servicename(SNUM(conn)),
814 13, STR_TERMINATE|STR_ASCII);
815 } else {
816 memset(p+18, 0, 13);
817 }
818 break;
819 }
820 }
821
822 END_PROFILE(SMBioctl);
823 return;
824}
825
826/****************************************************************************
827 Strange checkpath NTSTATUS mapping.
828****************************************************************************/
829
830static NTSTATUS map_checkpath_error(const char *inbuf, NTSTATUS status)
831{
832 /* Strange DOS error code semantics only for checkpath... */
833 if (!(SVAL(inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) {
834 if (NT_STATUS_EQUAL(NT_STATUS_OBJECT_NAME_INVALID,status)) {
835 /* We need to map to ERRbadpath */
836 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
837 }
838 }
839 return status;
840}
841
842/****************************************************************************
843 Reply to a checkpath.
844****************************************************************************/
845
846void reply_checkpath(struct smb_request *req)
847{
848 connection_struct *conn = req->conn;
849 char *name = NULL;
850 SMB_STRUCT_STAT sbuf;
851 NTSTATUS status;
852 TALLOC_CTX *ctx = talloc_tos();
853
854 START_PROFILE(SMBcheckpath);
855
856 srvstr_get_path(ctx,(char *)req->inbuf, req->flags2, &name,
857 smb_buf(req->inbuf) + 1, 0,
858 STR_TERMINATE, &status);
859 if (!NT_STATUS_IS_OK(status)) {
860 status = map_checkpath_error((char *)req->inbuf, status);
861 reply_nterror(req, status);
862 END_PROFILE(SMBcheckpath);
863 return;
864 }
865
866 status = resolve_dfspath(ctx, conn,
867 req->flags2 & FLAGS2_DFS_PATHNAMES,
868 name,
869 &name);
870 if (!NT_STATUS_IS_OK(status)) {
871 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
872 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
873 ERRSRV, ERRbadpath);
874 END_PROFILE(SMBcheckpath);
875 return;
876 }
877 goto path_err;
878 }
879
880 DEBUG(3,("reply_checkpath %s mode=%d\n", name, (int)SVAL(req->inbuf,smb_vwv0)));
881
882 status = unix_convert(ctx, conn, name, False, &name, NULL, &sbuf);
883 if (!NT_STATUS_IS_OK(status)) {
884 goto path_err;
885 }
886
887 status = check_name(conn, name);
888 if (!NT_STATUS_IS_OK(status)) {
889 DEBUG(3,("reply_checkpath: check_name of %s failed (%s)\n",name,nt_errstr(status)));
890 goto path_err;
891 }
892
893 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,name,&sbuf) != 0)) {
894 DEBUG(3,("reply_checkpath: stat of %s failed (%s)\n",name,strerror(errno)));
895 status = map_nt_error_from_unix(errno);
896 goto path_err;
897 }
898
899 if (!S_ISDIR(sbuf.st_mode)) {
900 reply_botherror(req, NT_STATUS_NOT_A_DIRECTORY,
901 ERRDOS, ERRbadpath);
902 END_PROFILE(SMBcheckpath);
903 return;
904 }
905
906 reply_outbuf(req, 0, 0);
907
908 END_PROFILE(SMBcheckpath);
909 return;
910
911 path_err:
912
913 END_PROFILE(SMBcheckpath);
914
915 /* We special case this - as when a Windows machine
916 is parsing a path is steps through the components
917 one at a time - if a component fails it expects
918 ERRbadpath, not ERRbadfile.
919 */
920 status = map_checkpath_error((char *)req->inbuf, status);
921 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
922 /*
923 * Windows returns different error codes if
924 * the parent directory is valid but not the
925 * last component - it returns NT_STATUS_OBJECT_NAME_NOT_FOUND
926 * for that case and NT_STATUS_OBJECT_PATH_NOT_FOUND
927 * if the path is invalid.
928 */
929 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
930 ERRDOS, ERRbadpath);
931 return;
932 }
933
934 reply_nterror(req, status);
935}
936
937/****************************************************************************
938 Reply to a getatr.
939****************************************************************************/
940
941void reply_getatr(struct smb_request *req)
942{
943 connection_struct *conn = req->conn;
944 char *fname = NULL;
945 SMB_STRUCT_STAT sbuf;
946 int mode=0;
947 SMB_OFF_T size=0;
948 time_t mtime=0;
949 char *p;
950 NTSTATUS status;
951 TALLOC_CTX *ctx = talloc_tos();
952
953 START_PROFILE(SMBgetatr);
954
955 p = smb_buf(req->inbuf) + 1;
956 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
957 0, STR_TERMINATE, &status);
958 if (!NT_STATUS_IS_OK(status)) {
959 reply_nterror(req, status);
960 END_PROFILE(SMBgetatr);
961 return;
962 }
963
964 status = resolve_dfspath(ctx, conn,
965 req->flags2 & FLAGS2_DFS_PATHNAMES,
966 fname,
967 &fname);
968 if (!NT_STATUS_IS_OK(status)) {
969 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
970 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
971 ERRSRV, ERRbadpath);
972 END_PROFILE(SMBgetatr);
973 return;
974 }
975 reply_nterror(req, status);
976 END_PROFILE(SMBgetatr);
977 return;
978 }
979
980 /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
981 under WfWg - weird! */
982 if (*fname == '\0') {
983 mode = aHIDDEN | aDIR;
984 if (!CAN_WRITE(conn)) {
985 mode |= aRONLY;
986 }
987 size = 0;
988 mtime = 0;
989 } else {
990 status = unix_convert(ctx, conn, fname, False, &fname, NULL,&sbuf);
991 if (!NT_STATUS_IS_OK(status)) {
992 reply_nterror(req, status);
993 END_PROFILE(SMBgetatr);
994 return;
995 }
996 status = check_name(conn, fname);
997 if (!NT_STATUS_IS_OK(status)) {
998 DEBUG(3,("reply_getatr: check_name of %s failed (%s)\n",fname,nt_errstr(status)));
999 reply_nterror(req, status);
1000 END_PROFILE(SMBgetatr);
1001 return;
1002 }
1003 if (!VALID_STAT(sbuf) && (SMB_VFS_STAT(conn,fname,&sbuf) != 0)) {
1004 DEBUG(3,("reply_getatr: stat of %s failed (%s)\n",fname,strerror(errno)));
1005 reply_unixerror(req, ERRDOS,ERRbadfile);
1006 END_PROFILE(SMBgetatr);
1007 return;
1008 }
1009
1010 mode = dos_mode(conn,fname,&sbuf);
1011 size = sbuf.st_size;
1012 mtime = sbuf.st_mtime;
1013 if (mode & aDIR) {
1014 size = 0;
1015 }
1016 }
1017
1018 reply_outbuf(req, 10, 0);
1019
1020 SSVAL(req->outbuf,smb_vwv0,mode);
1021 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1022 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime & ~1);
1023 } else {
1024 srv_put_dos_date3((char *)req->outbuf,smb_vwv1,mtime);
1025 }
1026 SIVAL(req->outbuf,smb_vwv3,(uint32)size);
1027
1028 if (Protocol >= PROTOCOL_NT1) {
1029 SSVAL(req->outbuf, smb_flg2,
1030 SVAL(req->outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
1031 }
1032
1033 DEBUG(3,("reply_getatr: name=%s mode=%d size=%u\n", fname, mode, (unsigned int)size ) );
1034
1035 END_PROFILE(SMBgetatr);
1036 return;
1037}
1038
1039/****************************************************************************
1040 Reply to a setatr.
1041****************************************************************************/
1042
1043void reply_setatr(struct smb_request *req)
1044{
1045 struct timespec ts[2];
1046 connection_struct *conn = req->conn;
1047 char *fname = NULL;
1048 int mode;
1049 time_t mtime;
1050 SMB_STRUCT_STAT sbuf;
1051 char *p;
1052 NTSTATUS status;
1053 TALLOC_CTX *ctx = talloc_tos();
1054
1055 START_PROFILE(SMBsetatr);
1056
1057 ZERO_STRUCT(ts);
1058
1059 if (req->wct < 2) {
1060 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1061 return;
1062 }
1063
1064 p = smb_buf(req->inbuf) + 1;
1065 p += srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname, p,
1066 0, STR_TERMINATE, &status);
1067 if (!NT_STATUS_IS_OK(status)) {
1068 reply_nterror(req, status);
1069 END_PROFILE(SMBsetatr);
1070 return;
1071 }
1072
1073 status = resolve_dfspath(ctx, conn,
1074 req->flags2 & FLAGS2_DFS_PATHNAMES,
1075 fname,
1076 &fname);
1077 if (!NT_STATUS_IS_OK(status)) {
1078 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1079 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1080 ERRSRV, ERRbadpath);
1081 END_PROFILE(SMBsetatr);
1082 return;
1083 }
1084 reply_nterror(req, status);
1085 END_PROFILE(SMBsetatr);
1086 return;
1087 }
1088
1089 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
1090 if (!NT_STATUS_IS_OK(status)) {
1091 reply_nterror(req, status);
1092 END_PROFILE(SMBsetatr);
1093 return;
1094 }
1095
1096 status = check_name(conn, fname);
1097 if (!NT_STATUS_IS_OK(status)) {
1098 reply_nterror(req, status);
1099 END_PROFILE(SMBsetatr);
1100 return;
1101 }
1102
1103 if (fname[0] == '.' && fname[1] == '\0') {
1104 /*
1105 * Not sure here is the right place to catch this
1106 * condition. Might be moved to somewhere else later -- vl
1107 */
1108 reply_nterror(req, NT_STATUS_ACCESS_DENIED);
1109 END_PROFILE(SMBsetatr);
1110 return;
1111 }
1112
1113 mode = SVAL(req->inbuf,smb_vwv0);
1114 mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
1115
1116 ts[1] = convert_time_t_to_timespec(mtime);
1117 status = smb_set_file_time(conn, NULL, fname,
1118 &sbuf, ts, true);
1119 if (!NT_STATUS_IS_OK(status)) {
1120 reply_unixerror(req, ERRDOS, ERRnoaccess);
1121 END_PROFILE(SMBsetatr);
1122 return;
1123 }
1124
1125 if (mode != FILE_ATTRIBUTE_NORMAL) {
1126 if (VALID_STAT_OF_DIR(sbuf))
1127 mode |= aDIR;
1128 else
1129 mode &= ~aDIR;
1130
1131 if (file_set_dosmode(conn,fname,mode,&sbuf,NULL,false) != 0) {
1132 reply_unixerror(req, ERRDOS, ERRnoaccess);
1133 END_PROFILE(SMBsetatr);
1134 return;
1135 }
1136 }
1137
1138 reply_outbuf(req, 0, 0);
1139
1140 DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
1141
1142 END_PROFILE(SMBsetatr);
1143 return;
1144}
1145
1146/****************************************************************************
1147 Reply to a dskattr.
1148****************************************************************************/
1149
1150void reply_dskattr(struct smb_request *req)
1151{
1152 connection_struct *conn = req->conn;
1153 SMB_BIG_UINT dfree,dsize,bsize;
1154 START_PROFILE(SMBdskattr);
1155
1156 if (get_dfree_info(conn,".",True,&bsize,&dfree,&dsize) == (SMB_BIG_UINT)-1) {
1157 reply_unixerror(req, ERRHRD, ERRgeneral);
1158 END_PROFILE(SMBdskattr);
1159 return;
1160 }
1161
1162 reply_outbuf(req, 5, 0);
1163
1164 if (Protocol <= PROTOCOL_LANMAN2) {
1165 double total_space, free_space;
1166 /* we need to scale this to a number that DOS6 can handle. We
1167 use floating point so we can handle large drives on systems
1168 that don't have 64 bit integers
1169
1170 we end up displaying a maximum of 2G to DOS systems
1171 */
1172 total_space = dsize * (double)bsize;
1173 free_space = dfree * (double)bsize;
1174
1175 dsize = (SMB_BIG_UINT)((total_space+63*512) / (64*512));
1176 dfree = (SMB_BIG_UINT)((free_space+63*512) / (64*512));
1177
1178 if (dsize > 0xFFFF) dsize = 0xFFFF;
1179 if (dfree > 0xFFFF) dfree = 0xFFFF;
1180
1181 SSVAL(req->outbuf,smb_vwv0,dsize);
1182 SSVAL(req->outbuf,smb_vwv1,64); /* this must be 64 for dos systems */
1183 SSVAL(req->outbuf,smb_vwv2,512); /* and this must be 512 */
1184 SSVAL(req->outbuf,smb_vwv3,dfree);
1185 } else {
1186 SSVAL(req->outbuf,smb_vwv0,dsize);
1187 SSVAL(req->outbuf,smb_vwv1,bsize/512);
1188 SSVAL(req->outbuf,smb_vwv2,512);
1189 SSVAL(req->outbuf,smb_vwv3,dfree);
1190 }
1191
1192 DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
1193
1194 END_PROFILE(SMBdskattr);
1195 return;
1196}
1197
1198/****************************************************************************
1199 Reply to a search.
1200 Can be called from SMBsearch, SMBffirst or SMBfunique.
1201****************************************************************************/
1202
1203void reply_search(struct smb_request *req)
1204{
1205 connection_struct *conn = req->conn;
1206 char *mask = NULL;
1207 char *directory = NULL;
1208 char *fname = NULL;
1209 SMB_OFF_T size;
1210 uint32 mode;
1211 time_t date;
1212 uint32 dirtype;
1213 unsigned int numentries = 0;
1214 unsigned int maxentries = 0;
1215 bool finished = False;
1216 char *p;
1217 int status_len;
1218 char *path = NULL;
1219 char status[21];
1220 int dptr_num= -1;
1221 bool check_descend = False;
1222 bool expect_close = False;
1223 NTSTATUS nt_status;
1224 bool mask_contains_wcard = False;
1225 bool allow_long_path_components = (req->flags2 & FLAGS2_LONG_PATH_COMPONENTS) ? True : False;
1226 TALLOC_CTX *ctx = talloc_tos();
1227 bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
1228
1229 START_PROFILE(SMBsearch);
1230
1231 if (req->wct < 2) {
1232 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1233 END_PROFILE(SMBsearch);
1234 return;
1235 }
1236
1237 if (lp_posix_pathnames()) {
1238 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1239 END_PROFILE(SMBsearch);
1240 return;
1241 }
1242
1243 /* If we were called as SMBffirst then we must expect close. */
1244 if(CVAL(req->inbuf,smb_com) == SMBffirst) {
1245 expect_close = True;
1246 }
1247
1248 reply_outbuf(req, 1, 3);
1249 maxentries = SVAL(req->inbuf,smb_vwv0);
1250 dirtype = SVAL(req->inbuf,smb_vwv1);
1251 p = smb_buf(req->inbuf) + 1;
1252 p += srvstr_get_path_wcard(ctx,
1253 (char *)req->inbuf,
1254 req->flags2,
1255 &path,
1256 p,
1257 0,
1258 STR_TERMINATE,
1259 &nt_status,
1260 &mask_contains_wcard);
1261 if (!NT_STATUS_IS_OK(nt_status)) {
1262 reply_nterror(req, nt_status);
1263 END_PROFILE(SMBsearch);
1264 return;
1265 }
1266
1267 nt_status = resolve_dfspath_wcard(ctx, conn,
1268 req->flags2 & FLAGS2_DFS_PATHNAMES,
1269 path,
1270 &path,
1271 &mask_contains_wcard);
1272 if (!NT_STATUS_IS_OK(nt_status)) {
1273 if (NT_STATUS_EQUAL(nt_status,NT_STATUS_PATH_NOT_COVERED)) {
1274 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1275 ERRSRV, ERRbadpath);
1276 END_PROFILE(SMBsearch);
1277 return;
1278 }
1279 reply_nterror(req, nt_status);
1280 END_PROFILE(SMBsearch);
1281 return;
1282 }
1283
1284 p++;
1285 status_len = SVAL(p, 0);
1286 p += 2;
1287
1288 /* dirtype &= ~aDIR; */
1289
1290 if (status_len == 0) {
1291 SMB_STRUCT_STAT sbuf;
1292
1293 nt_status = unix_convert(ctx, conn, path, True,
1294 &directory, NULL, &sbuf);
1295 if (!NT_STATUS_IS_OK(nt_status)) {
1296 reply_nterror(req, nt_status);
1297 END_PROFILE(SMBsearch);
1298 return;
1299 }
1300
1301 nt_status = check_name(conn, directory);
1302 if (!NT_STATUS_IS_OK(nt_status)) {
1303 reply_nterror(req, nt_status);
1304 END_PROFILE(SMBsearch);
1305 return;
1306 }
1307
1308 p = strrchr_m(directory,'/');
1309 if (!p) {
1310 mask = directory;
1311 directory = talloc_strdup(ctx,".");
1312 if (!directory) {
1313 reply_nterror(req, NT_STATUS_NO_MEMORY);
1314 END_PROFILE(SMBsearch);
1315 return;
1316 }
1317 } else {
1318 *p = 0;
1319 mask = p+1;
1320 }
1321
1322 if (*directory == '\0') {
1323 directory = talloc_strdup(ctx,".");
1324 if (!directory) {
1325 reply_nterror(req, NT_STATUS_NO_MEMORY);
1326 END_PROFILE(SMBsearch);
1327 return;
1328 }
1329 }
1330 memset((char *)status,'\0',21);
1331 SCVAL(status,0,(dirtype & 0x1F));
1332
1333 nt_status = dptr_create(conn,
1334 directory,
1335 True,
1336 expect_close,
1337 req->smbpid,
1338 mask,
1339 mask_contains_wcard,
1340 dirtype,
1341 &conn->dirptr);
1342 if (!NT_STATUS_IS_OK(nt_status)) {
1343 reply_nterror(req, nt_status);
1344 END_PROFILE(SMBsearch);
1345 return;
1346 }
1347 dptr_num = dptr_dnum(conn->dirptr);
1348 } else {
1349 int status_dirtype;
1350
1351 memcpy(status,p,21);
1352 status_dirtype = CVAL(status,0) & 0x1F;
1353 if (status_dirtype != (dirtype & 0x1F)) {
1354 dirtype = status_dirtype;
1355 }
1356
1357 conn->dirptr = dptr_fetch(status+12,&dptr_num);
1358 if (!conn->dirptr) {
1359 goto SearchEmpty;
1360 }
1361 string_set(&conn->dirpath,dptr_path(dptr_num));
1362 mask = dptr_wcard(dptr_num);
1363 if (!mask) {
1364 goto SearchEmpty;
1365 }
1366 /*
1367 * For a 'continue' search we have no string. So
1368 * check from the initial saved string.
1369 */
1370 mask_contains_wcard = ms_has_wild(mask);
1371 dirtype = dptr_attr(dptr_num);
1372 }
1373
1374 DEBUG(4,("dptr_num is %d\n",dptr_num));
1375
1376 if ((dirtype&0x1F) == aVOLID) {
1377 char buf[DIR_STRUCT_SIZE];
1378 memcpy(buf,status,21);
1379 if (!make_dir_struct(ctx,buf,"???????????",volume_label(SNUM(conn)),
1380 0,aVOLID,0,!allow_long_path_components)) {
1381 reply_nterror(req, NT_STATUS_NO_MEMORY);
1382 END_PROFILE(SMBsearch);
1383 return;
1384 }
1385 dptr_fill(buf+12,dptr_num);
1386 if (dptr_zero(buf+12) && (status_len==0)) {
1387 numentries = 1;
1388 } else {
1389 numentries = 0;
1390 }
1391 if (message_push_blob(&req->outbuf,
1392 data_blob_const(buf, sizeof(buf)))
1393 == -1) {
1394 reply_nterror(req, NT_STATUS_NO_MEMORY);
1395 END_PROFILE(SMBsearch);
1396 return;
1397 }
1398 } else {
1399 unsigned int i;
1400 maxentries = MIN(
1401 maxentries,
1402 ((BUFFER_SIZE -
1403 ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
1404 /DIR_STRUCT_SIZE));
1405
1406 DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
1407 conn->dirpath,lp_dontdescend(SNUM(conn))));
1408 if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True)) {
1409 check_descend = True;
1410 }
1411
1412 for (i=numentries;(i<maxentries) && !finished;i++) {
1413 finished = !get_dir_entry(ctx,
1414 conn,
1415 mask,
1416 dirtype,
1417 &fname,
1418 &size,
1419 &mode,
1420 &date,
1421 check_descend,
1422 ask_sharemode);
1423 if (!finished) {
1424 char buf[DIR_STRUCT_SIZE];
1425 memcpy(buf,status,21);
1426 if (!make_dir_struct(ctx,
1427 buf,
1428 mask,
1429 fname,
1430 size,
1431 mode,
1432 date,
1433 !allow_long_path_components)) {
1434 reply_nterror(req, NT_STATUS_NO_MEMORY);
1435 END_PROFILE(SMBsearch);
1436 return;
1437 }
1438 if (!dptr_fill(buf+12,dptr_num)) {
1439 break;
1440 }
1441 if (message_push_blob(&req->outbuf,
1442 data_blob_const(buf, sizeof(buf)))
1443 == -1) {
1444 reply_nterror(req, NT_STATUS_NO_MEMORY);
1445 END_PROFILE(SMBsearch);
1446 return;
1447 }
1448 numentries++;
1449 }
1450 }
1451 }
1452
1453 SearchEmpty:
1454
1455 /* If we were called as SMBffirst with smb_search_id == NULL
1456 and no entries were found then return error and close dirptr
1457 (X/Open spec) */
1458
1459 if (numentries == 0) {
1460 dptr_close(&dptr_num);
1461 } else if(expect_close && status_len == 0) {
1462 /* Close the dptr - we know it's gone */
1463 dptr_close(&dptr_num);
1464 }
1465
1466 /* If we were called as SMBfunique, then we can close the dirptr now ! */
1467 if(dptr_num >= 0 && CVAL(req->inbuf,smb_com) == SMBfunique) {
1468 dptr_close(&dptr_num);
1469 }
1470
1471 if ((numentries == 0) && !mask_contains_wcard) {
1472 reply_botherror(req, STATUS_NO_MORE_FILES, ERRDOS, ERRnofiles);
1473 END_PROFILE(SMBsearch);
1474 return;
1475 }
1476
1477 SSVAL(req->outbuf,smb_vwv0,numentries);
1478 SSVAL(req->outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
1479 SCVAL(smb_buf(req->outbuf),0,5);
1480 SSVAL(smb_buf(req->outbuf),1,numentries*DIR_STRUCT_SIZE);
1481
1482 /* The replies here are never long name. */
1483 SSVAL(req->outbuf, smb_flg2,
1484 SVAL(req->outbuf, smb_flg2) & (~FLAGS2_IS_LONG_NAME));
1485 if (!allow_long_path_components) {
1486 SSVAL(req->outbuf, smb_flg2,
1487 SVAL(req->outbuf, smb_flg2)
1488 & (~FLAGS2_LONG_PATH_COMPONENTS));
1489 }
1490
1491 /* This SMB *always* returns ASCII names. Remove the unicode bit in flags2. */
1492 SSVAL(req->outbuf, smb_flg2,
1493 (SVAL(req->outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
1494
1495 if (!directory) {
1496 directory = dptr_path(dptr_num);
1497 }
1498
1499 DEBUG(4,("%s mask=%s path=%s dtype=%d nument=%u of %u\n",
1500 smb_fn_name(CVAL(req->inbuf,smb_com)),
1501 mask,
1502 directory ? directory : "./",
1503 dirtype,
1504 numentries,
1505 maxentries ));
1506
1507 END_PROFILE(SMBsearch);
1508 return;
1509}
1510
1511/****************************************************************************
1512 Reply to a fclose (stop directory search).
1513****************************************************************************/
1514
1515void reply_fclose(struct smb_request *req)
1516{
1517 int status_len;
1518 char status[21];
1519 int dptr_num= -2;
1520 char *p;
1521 char *path = NULL;
1522 NTSTATUS err;
1523 bool path_contains_wcard = False;
1524 TALLOC_CTX *ctx = talloc_tos();
1525
1526 START_PROFILE(SMBfclose);
1527
1528 if (lp_posix_pathnames()) {
1529 reply_unknown_new(req, CVAL(req->inbuf, smb_com));
1530 END_PROFILE(SMBfclose);
1531 return;
1532 }
1533
1534 p = smb_buf(req->inbuf) + 1;
1535 p += srvstr_get_path_wcard(ctx,
1536 (char *)req->inbuf,
1537 req->flags2,
1538 &path,
1539 p,
1540 0,
1541 STR_TERMINATE,
1542 &err,
1543 &path_contains_wcard);
1544 if (!NT_STATUS_IS_OK(err)) {
1545 reply_nterror(req, err);
1546 END_PROFILE(SMBfclose);
1547 return;
1548 }
1549 p++;
1550 status_len = SVAL(p,0);
1551 p += 2;
1552
1553 if (status_len == 0) {
1554 reply_doserror(req, ERRSRV, ERRsrverror);
1555 END_PROFILE(SMBfclose);
1556 return;
1557 }
1558
1559 memcpy(status,p,21);
1560
1561 if(dptr_fetch(status+12,&dptr_num)) {
1562 /* Close the dptr - we know it's gone */
1563 dptr_close(&dptr_num);
1564 }
1565
1566 reply_outbuf(req, 1, 0);
1567 SSVAL(req->outbuf,smb_vwv0,0);
1568
1569 DEBUG(3,("search close\n"));
1570
1571 END_PROFILE(SMBfclose);
1572 return;
1573}
1574
1575/****************************************************************************
1576 Reply to an open.
1577****************************************************************************/
1578
1579void reply_open(struct smb_request *req)
1580{
1581 connection_struct *conn = req->conn;
1582 char *fname = NULL;
1583 uint32 fattr=0;
1584 SMB_OFF_T size = 0;
1585 time_t mtime=0;
1586 int info;
1587 SMB_STRUCT_STAT sbuf;
1588 files_struct *fsp;
1589 int oplock_request;
1590 int deny_mode;
1591 uint32 dos_attr;
1592 uint32 access_mask;
1593 uint32 share_mode;
1594 uint32 create_disposition;
1595 uint32 create_options = 0;
1596 NTSTATUS status;
1597 TALLOC_CTX *ctx = talloc_tos();
1598
1599 START_PROFILE(SMBopen);
1600
1601 if (req->wct < 2) {
1602 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1603 END_PROFILE(SMBopen);
1604 return;
1605 }
1606
1607 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1608 deny_mode = SVAL(req->inbuf,smb_vwv0);
1609 dos_attr = SVAL(req->inbuf,smb_vwv1);
1610
1611 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1612 smb_buf(req->inbuf)+1, 0,
1613 STR_TERMINATE, &status);
1614 if (!NT_STATUS_IS_OK(status)) {
1615 reply_nterror(req, status);
1616 END_PROFILE(SMBopen);
1617 return;
1618 }
1619
1620 if (!map_open_params_to_ntcreate(
1621 fname, deny_mode, OPENX_FILE_EXISTS_OPEN, &access_mask,
1622 &share_mode, &create_disposition, &create_options)) {
1623 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1624 END_PROFILE(SMBopen);
1625 return;
1626 }
1627
1628 status = create_file(conn, /* conn */
1629 req, /* req */
1630 0, /* root_dir_fid */
1631 fname, /* fname */
1632 access_mask, /* access_mask */
1633 share_mode, /* share_access */
1634 create_disposition, /* create_disposition*/
1635 create_options, /* create_options */
1636 dos_attr, /* file_attributes */
1637 oplock_request, /* oplock_request */
1638 0, /* allocation_size */
1639 NULL, /* sd */
1640 NULL, /* ea_list */
1641 &fsp, /* result */
1642 &info, /* pinfo */
1643 &sbuf); /* psbuf */
1644
1645 if (!NT_STATUS_IS_OK(status)) {
1646 if (open_was_deferred(req->mid)) {
1647 /* We have re-scheduled this call. */
1648 END_PROFILE(SMBopen);
1649 return;
1650 }
1651 reply_openerror(req, status);
1652 END_PROFILE(SMBopen);
1653 return;
1654 }
1655
1656 size = sbuf.st_size;
1657 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1658 mtime = sbuf.st_mtime;
1659
1660 if (fattr & aDIR) {
1661 DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
1662 close_file(fsp,ERROR_CLOSE);
1663 reply_doserror(req, ERRDOS,ERRnoaccess);
1664 END_PROFILE(SMBopen);
1665 return;
1666 }
1667
1668 reply_outbuf(req, 7, 0);
1669 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
1670 SSVAL(req->outbuf,smb_vwv1,fattr);
1671 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1672 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime & ~1);
1673 } else {
1674 srv_put_dos_date3((char *)req->outbuf,smb_vwv2,mtime);
1675 }
1676 SIVAL(req->outbuf,smb_vwv4,(uint32)size);
1677 SSVAL(req->outbuf,smb_vwv6,deny_mode);
1678
1679 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
1680 SCVAL(req->outbuf,smb_flg,
1681 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1682 }
1683
1684 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1685 SCVAL(req->outbuf,smb_flg,
1686 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1687 }
1688 END_PROFILE(SMBopen);
1689 return;
1690}
1691
1692/****************************************************************************
1693 Reply to an open and X.
1694****************************************************************************/
1695
1696void reply_open_and_X(struct smb_request *req)
1697{
1698 connection_struct *conn = req->conn;
1699 char *fname = NULL;
1700 uint16 open_flags;
1701 int deny_mode;
1702 uint32 smb_attr;
1703 /* Breakout the oplock request bits so we can set the
1704 reply bits separately. */
1705 int ex_oplock_request;
1706 int core_oplock_request;
1707 int oplock_request;
1708#if 0
1709 int smb_sattr = SVAL(req->inbuf,smb_vwv4);
1710 uint32 smb_time = make_unix_date3(req->inbuf+smb_vwv6);
1711#endif
1712 int smb_ofun;
1713 uint32 fattr=0;
1714 int mtime=0;
1715 SMB_STRUCT_STAT sbuf;
1716 int smb_action = 0;
1717 files_struct *fsp;
1718 NTSTATUS status;
1719 SMB_BIG_UINT allocation_size;
1720 ssize_t retval = -1;
1721 uint32 access_mask;
1722 uint32 share_mode;
1723 uint32 create_disposition;
1724 uint32 create_options = 0;
1725 TALLOC_CTX *ctx = talloc_tos();
1726
1727 START_PROFILE(SMBopenX);
1728
1729 if (req->wct < 15) {
1730 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1731 END_PROFILE(SMBopenX);
1732 return;
1733 }
1734
1735 open_flags = SVAL(req->inbuf,smb_vwv2);
1736 deny_mode = SVAL(req->inbuf,smb_vwv3);
1737 smb_attr = SVAL(req->inbuf,smb_vwv5);
1738 ex_oplock_request = EXTENDED_OPLOCK_REQUEST(req->inbuf);
1739 core_oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1740 oplock_request = ex_oplock_request | core_oplock_request;
1741 smb_ofun = SVAL(req->inbuf,smb_vwv8);
1742 allocation_size = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv9);
1743
1744 /* If it's an IPC, pass off the pipe handler. */
1745 if (IS_IPC(conn)) {
1746 if (lp_nt_pipe_support()) {
1747 reply_open_pipe_and_X(conn, req);
1748 } else {
1749 reply_doserror(req, ERRSRV, ERRaccess);
1750 }
1751 END_PROFILE(SMBopenX);
1752 return;
1753 }
1754
1755 /* XXXX we need to handle passed times, sattr and flags */
1756 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1757 smb_buf(req->inbuf), 0, STR_TERMINATE,
1758 &status);
1759 if (!NT_STATUS_IS_OK(status)) {
1760 reply_nterror(req, status);
1761 END_PROFILE(SMBopenX);
1762 return;
1763 }
1764
1765 if (!map_open_params_to_ntcreate(
1766 fname, deny_mode, smb_ofun, &access_mask,
1767 &share_mode, &create_disposition, &create_options)) {
1768 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRbadaccess));
1769 END_PROFILE(SMBopenX);
1770 return;
1771 }
1772
1773 status = create_file(conn, /* conn */
1774 req, /* req */
1775 0, /* root_dir_fid */
1776 fname, /* fname */
1777 access_mask, /* access_mask */
1778 share_mode, /* share_access */
1779 create_disposition, /* create_disposition*/
1780 create_options, /* create_options */
1781 smb_attr, /* file_attributes */
1782 oplock_request, /* oplock_request */
1783 0, /* allocation_size */
1784 NULL, /* sd */
1785 NULL, /* ea_list */
1786 &fsp, /* result */
1787 &smb_action, /* pinfo */
1788 &sbuf); /* psbuf */
1789
1790 if (!NT_STATUS_IS_OK(status)) {
1791 END_PROFILE(SMBopenX);
1792 if (open_was_deferred(req->mid)) {
1793 /* We have re-scheduled this call. */
1794 return;
1795 }
1796 reply_openerror(req, status);
1797 return;
1798 }
1799
1800 /* Setting the "size" field in vwv9 and vwv10 causes the file to be set to this size,
1801 if the file is truncated or created. */
1802 if (((smb_action == FILE_WAS_CREATED) || (smb_action == FILE_WAS_OVERWRITTEN)) && allocation_size) {
1803 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
1804 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) {
1805 close_file(fsp,ERROR_CLOSE);
1806 reply_nterror(req, NT_STATUS_DISK_FULL);
1807 END_PROFILE(SMBopenX);
1808 return;
1809 }
1810 retval = vfs_set_filelen(fsp, (SMB_OFF_T)allocation_size);
1811 if (retval < 0) {
1812 close_file(fsp,ERROR_CLOSE);
1813 reply_nterror(req, NT_STATUS_DISK_FULL);
1814 END_PROFILE(SMBopenX);
1815 return;
1816 }
1817 sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
1818 }
1819
1820 fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1821 mtime = sbuf.st_mtime;
1822 if (fattr & aDIR) {
1823 close_file(fsp,ERROR_CLOSE);
1824 reply_doserror(req, ERRDOS, ERRnoaccess);
1825 END_PROFILE(SMBopenX);
1826 return;
1827 }
1828
1829 /* If the caller set the extended oplock request bit
1830 and we granted one (by whatever means) - set the
1831 correct bit for extended oplock reply.
1832 */
1833
1834 if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1835 smb_action |= EXTENDED_OPLOCK_GRANTED;
1836 }
1837
1838 if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1839 smb_action |= EXTENDED_OPLOCK_GRANTED;
1840 }
1841
1842 /* If the caller set the core oplock request bit
1843 and we granted one (by whatever means) - set the
1844 correct bit for core oplock reply.
1845 */
1846
1847 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1848 reply_outbuf(req, 19, 0);
1849 } else {
1850 reply_outbuf(req, 15, 0);
1851 }
1852
1853 if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
1854 SCVAL(req->outbuf, smb_flg,
1855 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1856 }
1857
1858 if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1859 SCVAL(req->outbuf, smb_flg,
1860 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
1861 }
1862
1863 SSVAL(req->outbuf,smb_vwv2,fsp->fnum);
1864 SSVAL(req->outbuf,smb_vwv3,fattr);
1865 if(lp_dos_filetime_resolution(SNUM(conn)) ) {
1866 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime & ~1);
1867 } else {
1868 srv_put_dos_date3((char *)req->outbuf,smb_vwv4,mtime);
1869 }
1870 SIVAL(req->outbuf,smb_vwv6,(uint32)sbuf.st_size);
1871 SSVAL(req->outbuf,smb_vwv8,GET_OPENX_MODE(deny_mode));
1872 SSVAL(req->outbuf,smb_vwv11,smb_action);
1873
1874 if (open_flags & EXTENDED_RESPONSE_REQUIRED) {
1875 SIVAL(req->outbuf, smb_vwv15, STD_RIGHT_ALL_ACCESS);
1876 }
1877
1878 END_PROFILE(SMBopenX);
1879 chain_reply(req);
1880 return;
1881}
1882
1883/****************************************************************************
1884 Reply to a SMBulogoffX.
1885****************************************************************************/
1886
1887void reply_ulogoffX(struct smb_request *req)
1888{
1889 user_struct *vuser;
1890
1891 START_PROFILE(SMBulogoffX);
1892
1893 vuser = get_valid_user_struct(req->vuid);
1894
1895 if(vuser == NULL) {
1896 DEBUG(3,("ulogoff, vuser id %d does not map to user.\n",
1897 req->vuid));
1898 }
1899
1900 /* in user level security we are supposed to close any files
1901 open by this user */
1902 if ((vuser != NULL) && (lp_security() != SEC_SHARE)) {
1903 file_close_user(req->vuid);
1904 }
1905
1906 invalidate_vuid(req->vuid);
1907
1908 reply_outbuf(req, 2, 0);
1909
1910 DEBUG( 3, ( "ulogoffX vuid=%d\n", req->vuid ) );
1911
1912 END_PROFILE(SMBulogoffX);
1913 chain_reply(req);
1914}
1915
1916/****************************************************************************
1917 Reply to a mknew or a create.
1918****************************************************************************/
1919
1920void reply_mknew(struct smb_request *req)
1921{
1922 connection_struct *conn = req->conn;
1923 char *fname = NULL;
1924 int com;
1925 uint32 fattr = 0;
1926 struct timespec ts[2];
1927 files_struct *fsp;
1928 int oplock_request = 0;
1929 SMB_STRUCT_STAT sbuf;
1930 NTSTATUS status;
1931 uint32 access_mask = FILE_GENERIC_READ | FILE_GENERIC_WRITE;
1932 uint32 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1933 uint32 create_disposition;
1934 uint32 create_options = 0;
1935 TALLOC_CTX *ctx = talloc_tos();
1936
1937 START_PROFILE(SMBcreate);
1938
1939 if (req->wct < 3) {
1940 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1941 END_PROFILE(SMBcreate);
1942 return;
1943 }
1944
1945 fattr = SVAL(req->inbuf,smb_vwv0);
1946 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
1947 com = SVAL(req->inbuf,smb_com);
1948
1949 ts[1] =convert_time_t_to_timespec(
1950 srv_make_unix_date3(req->inbuf + smb_vwv1));
1951 /* mtime. */
1952
1953 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
1954 smb_buf(req->inbuf) + 1, 0,
1955 STR_TERMINATE, &status);
1956 if (!NT_STATUS_IS_OK(status)) {
1957 reply_nterror(req, status);
1958 END_PROFILE(SMBcreate);
1959 return;
1960 }
1961
1962 if (fattr & aVOLID) {
1963 DEBUG(0,("Attempt to create file (%s) with volid set - "
1964 "please report this\n", fname));
1965 }
1966
1967 if(com == SMBmknew) {
1968 /* We should fail if file exists. */
1969 create_disposition = FILE_CREATE;
1970 } else {
1971 /* Create if file doesn't exist, truncate if it does. */
1972 create_disposition = FILE_OVERWRITE_IF;
1973 }
1974
1975 status = create_file(conn, /* conn */
1976 req, /* req */
1977 0, /* root_dir_fid */
1978 fname, /* fname */
1979 access_mask, /* access_mask */
1980 share_mode, /* share_access */
1981 create_disposition, /* create_disposition*/
1982 create_options, /* create_options */
1983 fattr, /* file_attributes */
1984 oplock_request, /* oplock_request */
1985 0, /* allocation_size */
1986 NULL, /* sd */
1987 NULL, /* ea_list */
1988 &fsp, /* result */
1989 NULL, /* pinfo */
1990 &sbuf); /* psbuf */
1991
1992 if (!NT_STATUS_IS_OK(status)) {
1993 END_PROFILE(SMBcreate);
1994 if (open_was_deferred(req->mid)) {
1995 /* We have re-scheduled this call. */
1996 return;
1997 }
1998 reply_openerror(req, status);
1999 return;
2000 }
2001
2002 ts[0] = get_atimespec(&sbuf); /* atime. */
2003 status = smb_set_file_time(conn, fsp, fsp->fsp_name, &sbuf, ts, true);
2004 if (!NT_STATUS_IS_OK(status)) {
2005 END_PROFILE(SMBcreate);
2006 reply_openerror(req, status);
2007 return;
2008 }
2009
2010 reply_outbuf(req, 1, 0);
2011 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2012
2013 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2014 SCVAL(req->outbuf,smb_flg,
2015 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2016 }
2017
2018 if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2019 SCVAL(req->outbuf,smb_flg,
2020 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2021 }
2022
2023 DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
2024 DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
2025 fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
2026
2027 END_PROFILE(SMBcreate);
2028 return;
2029}
2030
2031/****************************************************************************
2032 Reply to a create temporary file.
2033****************************************************************************/
2034
2035void reply_ctemp(struct smb_request *req)
2036{
2037 connection_struct *conn = req->conn;
2038 char *fname = NULL;
2039 uint32 fattr;
2040 files_struct *fsp;
2041 int oplock_request;
2042 int tmpfd;
2043 SMB_STRUCT_STAT sbuf;
2044 char *s;
2045 NTSTATUS status;
2046 TALLOC_CTX *ctx = talloc_tos();
2047
2048 START_PROFILE(SMBctemp);
2049
2050 if (req->wct < 3) {
2051 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2052 END_PROFILE(SMBctemp);
2053 return;
2054 }
2055
2056 fattr = SVAL(req->inbuf,smb_vwv0);
2057 oplock_request = CORE_OPLOCK_REQUEST(req->inbuf);
2058
2059 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &fname,
2060 smb_buf(req->inbuf)+1, 0, STR_TERMINATE,
2061 &status);
2062 if (!NT_STATUS_IS_OK(status)) {
2063 reply_nterror(req, status);
2064 END_PROFILE(SMBctemp);
2065 return;
2066 }
2067 if (*fname) {
2068 fname = talloc_asprintf(ctx,
2069 "%s/TMXXXXXX",
2070 fname);
2071 } else {
2072 fname = talloc_strdup(ctx, "TMXXXXXX");
2073 }
2074
2075 if (!fname) {
2076 reply_nterror(req, NT_STATUS_NO_MEMORY);
2077 END_PROFILE(SMBctemp);
2078 return;
2079 }
2080
2081 status = resolve_dfspath(ctx, conn,
2082 req->flags2 & FLAGS2_DFS_PATHNAMES,
2083 fname,
2084 &fname);
2085 if (!NT_STATUS_IS_OK(status)) {
2086 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2087 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2088 ERRSRV, ERRbadpath);
2089 END_PROFILE(SMBctemp);
2090 return;
2091 }
2092 reply_nterror(req, status);
2093 END_PROFILE(SMBctemp);
2094 return;
2095 }
2096
2097 status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
2098 if (!NT_STATUS_IS_OK(status)) {
2099 reply_nterror(req, status);
2100 END_PROFILE(SMBctemp);
2101 return;
2102 }
2103
2104 status = check_name(conn, CONST_DISCARD(char *,fname));
2105 if (!NT_STATUS_IS_OK(status)) {
2106 reply_nterror(req, status);
2107 END_PROFILE(SMBctemp);
2108 return;
2109 }
2110
2111 tmpfd = smb_mkstemp(fname);
2112 if (tmpfd == -1) {
2113 reply_unixerror(req, ERRDOS, ERRnoaccess);
2114 END_PROFILE(SMBctemp);
2115 return;
2116 }
2117
2118 SMB_VFS_STAT(conn,fname,&sbuf);
2119
2120 /* We should fail if file does not exist. */
2121 status = open_file_ntcreate(conn, req, fname, &sbuf,
2122 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
2123 FILE_SHARE_READ|FILE_SHARE_WRITE,
2124 FILE_OPEN,
2125 0,
2126 fattr,
2127 oplock_request,
2128 NULL, &fsp);
2129
2130 /* close fd from smb_mkstemp() */
2131 close(tmpfd);
2132
2133 if (!NT_STATUS_IS_OK(status)) {
2134 if (open_was_deferred(req->mid)) {
2135 /* We have re-scheduled this call. */
2136 END_PROFILE(SMBctemp);
2137 return;
2138 }
2139 reply_openerror(req, status);
2140 END_PROFILE(SMBctemp);
2141 return;
2142 }
2143
2144 reply_outbuf(req, 1, 0);
2145 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
2146
2147 /* the returned filename is relative to the directory */
2148 s = strrchr_m(fsp->fsp_name, '/');
2149 if (!s) {
2150 s = fsp->fsp_name;
2151 } else {
2152 s++;
2153 }
2154
2155#if 0
2156 /* Tested vs W2K3 - this doesn't seem to be here - null terminated filename is the only
2157 thing in the byte section. JRA */
2158 SSVALS(p, 0, -1); /* what is this? not in spec */
2159#endif
2160 if (message_push_string(&req->outbuf, s, STR_ASCII|STR_TERMINATE)
2161 == -1) {
2162 reply_nterror(req, NT_STATUS_NO_MEMORY);
2163 END_PROFILE(SMBctemp);
2164 return;
2165 }
2166
2167 if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
2168 SCVAL(req->outbuf, smb_flg,
2169 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2170 }
2171
2172 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
2173 SCVAL(req->outbuf, smb_flg,
2174 CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
2175 }
2176
2177 DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
2178 DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
2179 fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
2180
2181 END_PROFILE(SMBctemp);
2182 return;
2183}
2184
2185/*******************************************************************
2186 Check if a user is allowed to rename a file.
2187********************************************************************/
2188
2189static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
2190 uint16 dirtype, SMB_STRUCT_STAT *pst)
2191{
2192 uint32 fmode;
2193
2194 if (!CAN_WRITE(conn)) {
2195 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2196 }
2197
2198 fmode = dos_mode(conn, fsp->fsp_name, pst);
2199 if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM)) {
2200 return NT_STATUS_NO_SUCH_FILE;
2201 }
2202
2203 if (S_ISDIR(pst->st_mode)) {
2204 return NT_STATUS_OK;
2205 }
2206
2207 if (fsp->access_mask & (DELETE_ACCESS|FILE_WRITE_ATTRIBUTES)) {
2208 return NT_STATUS_OK;
2209 }
2210
2211 return NT_STATUS_ACCESS_DENIED;
2212}
2213
2214/*******************************************************************
2215 * unlink a file with all relevant access checks
2216 *******************************************************************/
2217
2218static NTSTATUS do_unlink(connection_struct *conn,
2219 struct smb_request *req,
2220 const char *fname,
2221 uint32 dirtype)
2222{
2223 SMB_STRUCT_STAT sbuf;
2224 uint32 fattr;
2225 files_struct *fsp;
2226 uint32 dirtype_orig = dirtype;
2227 NTSTATUS status;
2228
2229 DEBUG(10,("do_unlink: %s, dirtype = %d\n", fname, dirtype ));
2230
2231 if (!CAN_WRITE(conn)) {
2232 return NT_STATUS_MEDIA_WRITE_PROTECTED;
2233 }
2234
2235 if (SMB_VFS_LSTAT(conn,fname,&sbuf) != 0) {
2236 return map_nt_error_from_unix(errno);
2237 }
2238
2239 fattr = dos_mode(conn,fname,&sbuf);
2240
2241 if (dirtype & FILE_ATTRIBUTE_NORMAL) {
2242 dirtype = aDIR|aARCH|aRONLY;
2243 }
2244
2245 dirtype &= (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM);
2246 if (!dirtype) {
2247 return NT_STATUS_NO_SUCH_FILE;
2248 }
2249
2250 if (!dir_check_ftype(conn, fattr, dirtype)) {
2251 if (fattr & aDIR) {
2252 return NT_STATUS_FILE_IS_A_DIRECTORY;
2253 }
2254 return NT_STATUS_NO_SUCH_FILE;
2255 }
2256
2257 if (dirtype_orig & 0x8000) {
2258 /* These will never be set for POSIX. */
2259 return NT_STATUS_NO_SUCH_FILE;
2260 }
2261
2262#if 0
2263 if ((fattr & dirtype) & FILE_ATTRIBUTE_DIRECTORY) {
2264 return NT_STATUS_FILE_IS_A_DIRECTORY;
2265 }
2266
2267 if ((fattr & ~dirtype) & (FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM)) {
2268 return NT_STATUS_NO_SUCH_FILE;
2269 }
2270
2271 if (dirtype & 0xFF00) {
2272 /* These will never be set for POSIX. */
2273 return NT_STATUS_NO_SUCH_FILE;
2274 }
2275
2276 dirtype &= 0xFF;
2277 if (!dirtype) {
2278 return NT_STATUS_NO_SUCH_FILE;
2279 }
2280
2281 /* Can't delete a directory. */
2282 if (fattr & aDIR) {
2283 return NT_STATUS_FILE_IS_A_DIRECTORY;
2284 }
2285#endif
2286
2287#if 0 /* JRATEST */
2288 else if (dirtype & aDIR) /* Asked for a directory and it isn't. */
2289 return NT_STATUS_OBJECT_NAME_INVALID;
2290#endif /* JRATEST */
2291
2292 /* Fix for bug #3035 from SATOH Fumiyasu <fumiyas@miraclelinux.com>
2293
2294 On a Windows share, a file with read-only dosmode can be opened with
2295 DELETE_ACCESS. But on a Samba share (delete readonly = no), it
2296 fails with NT_STATUS_CANNOT_DELETE error.
2297
2298 This semantic causes a problem that a user can not
2299 rename a file with read-only dosmode on a Samba share
2300 from a Windows command prompt (i.e. cmd.exe, but can rename
2301 from Windows Explorer).
2302 */
2303
2304 if (!lp_delete_readonly(SNUM(conn))) {
2305 if (fattr & aRONLY) {
2306 return NT_STATUS_CANNOT_DELETE;
2307 }
2308 }
2309
2310 /* On open checks the open itself will check the share mode, so
2311 don't do it here as we'll get it wrong. */
2312
2313 status = create_file_unixpath
2314 (conn, /* conn */
2315 req, /* req */
2316 fname, /* fname */
2317 DELETE_ACCESS, /* access_mask */
2318 FILE_SHARE_NONE, /* share_access */
2319 FILE_OPEN, /* create_disposition*/
2320 FILE_NON_DIRECTORY_FILE, /* create_options */
2321 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2322 0, /* oplock_request */
2323 0, /* allocation_size */
2324 NULL, /* sd */
2325 NULL, /* ea_list */
2326 &fsp, /* result */
2327 NULL, /* pinfo */
2328 &sbuf); /* psbuf */
2329
2330 if (!NT_STATUS_IS_OK(status)) {
2331 DEBUG(10, ("open_file_ntcreate failed: %s\n",
2332 nt_errstr(status)));
2333 return status;
2334 }
2335
2336 /* The set is across all open files on this dev/inode pair. */
2337 if (!set_delete_on_close(fsp, True, &current_user.ut)) {
2338 close_file(fsp, NORMAL_CLOSE);
2339 return NT_STATUS_ACCESS_DENIED;
2340 }
2341
2342 return close_file(fsp,NORMAL_CLOSE);
2343}
2344
2345/****************************************************************************
2346 The guts of the unlink command, split out so it may be called by the NT SMB
2347 code.
2348****************************************************************************/
2349
2350NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
2351 uint32 dirtype, const char *name_in, bool has_wild)
2352{
2353 const char *directory = NULL;
2354 char *mask = NULL;
2355 char *name = NULL;
2356 char *p = NULL;
2357 int count=0;
2358 NTSTATUS status = NT_STATUS_OK;
2359 SMB_STRUCT_STAT sbuf;
2360 TALLOC_CTX *ctx = talloc_tos();
2361
2362 status = unix_convert(ctx, conn, name_in, has_wild, &name, NULL, &sbuf);
2363 if (!NT_STATUS_IS_OK(status)) {
2364 return status;
2365 }
2366
2367 p = strrchr_m(name,'/');
2368 if (!p) {
2369 directory = talloc_strdup(ctx, ".");
2370 if (!directory) {
2371 return NT_STATUS_NO_MEMORY;
2372 }
2373 mask = name;
2374 } else {
2375 *p = 0;
2376 directory = name;
2377 mask = p+1;
2378 }
2379
2380 /*
2381 * We should only check the mangled cache
2382 * here if unix_convert failed. This means
2383 * that the path in 'mask' doesn't exist
2384 * on the file system and so we need to look
2385 * for a possible mangle. This patch from
2386 * Tine Smukavec <valentin.smukavec@hermes.si>.
2387 */
2388
2389 if (!VALID_STAT(sbuf) && mangle_is_mangled(mask,conn->params)) {
2390 char *new_mask = NULL;
2391 mangle_lookup_name_from_8_3(ctx,
2392 mask,
2393 &new_mask,
2394 conn->params );
2395 if (new_mask) {
2396 mask = new_mask;
2397 }
2398 }
2399
2400 if (!has_wild) {
2401 directory = talloc_asprintf(ctx,
2402 "%s/%s",
2403 directory,
2404 mask);
2405 if (!directory) {
2406 return NT_STATUS_NO_MEMORY;
2407 }
2408 if (dirtype == 0) {
2409 dirtype = FILE_ATTRIBUTE_NORMAL;
2410 }
2411
2412 status = check_name(conn, directory);
2413 if (!NT_STATUS_IS_OK(status)) {
2414 return status;
2415 }
2416
2417 status = do_unlink(conn, req, directory, dirtype);
2418 if (!NT_STATUS_IS_OK(status)) {
2419 return status;
2420 }
2421
2422 count++;
2423 } else {
2424 struct smb_Dir *dir_hnd = NULL;
2425 long offset = 0;
2426 const char *dname;
2427
2428 if ((dirtype & SAMBA_ATTRIBUTES_MASK) == aDIR) {
2429 return NT_STATUS_OBJECT_NAME_INVALID;
2430 }
2431
2432 if (strequal(mask,"????????.???")) {
2433 mask[0] = '*';
2434 mask[1] = '\0';
2435 }
2436
2437 status = check_name(conn, directory);
2438 if (!NT_STATUS_IS_OK(status)) {
2439 return status;
2440 }
2441
2442 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask,
2443 dirtype);
2444 if (dir_hnd == NULL) {
2445 return map_nt_error_from_unix(errno);
2446 }
2447
2448 /* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
2449 the pattern matches against the long name, otherwise the short name
2450 We don't implement this yet XXXX
2451 */
2452
2453 status = NT_STATUS_NO_SUCH_FILE;
2454
2455 while ((dname = ReadDirName(dir_hnd, &offset))) {
2456 SMB_STRUCT_STAT st;
2457 char *fname = NULL;
2458
2459 if (!is_visible_file(conn, directory, dname, &st, True)) {
2460 continue;
2461 }
2462
2463 /* Quick check for "." and ".." */
2464 if (ISDOT(dname) || ISDOTDOT(dname)) {
2465 continue;
2466 }
2467
2468 if(!mask_match(dname, mask, conn->case_sensitive)) {
2469 continue;
2470 }
2471
2472 fname = talloc_asprintf(ctx, "%s/%s",
2473 directory,
2474 dname);
2475 if (!fname) {
2476 return NT_STATUS_NO_MEMORY;
2477 }
2478
2479 status = check_name(conn, fname);
2480 if (!NT_STATUS_IS_OK(status)) {
2481 TALLOC_FREE(dir_hnd);
2482 return status;
2483 }
2484
2485 status = do_unlink(conn, req, fname, dirtype);
2486 if (!NT_STATUS_IS_OK(status)) {
2487 TALLOC_FREE(fname);
2488 continue;
2489 }
2490
2491 count++;
2492 DEBUG(3,("unlink_internals: successful unlink [%s]\n",
2493 fname));
2494
2495 TALLOC_FREE(fname);
2496 }
2497 TALLOC_FREE(dir_hnd);
2498 }
2499
2500 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
2501 status = map_nt_error_from_unix(errno);
2502 }
2503
2504 return status;
2505}
2506
2507/****************************************************************************
2508 Reply to a unlink
2509****************************************************************************/
2510
2511void reply_unlink(struct smb_request *req)
2512{
2513 connection_struct *conn = req->conn;
2514 char *name = NULL;
2515 uint32 dirtype;
2516 NTSTATUS status;
2517 bool path_contains_wcard = False;
2518 TALLOC_CTX *ctx = talloc_tos();
2519
2520 START_PROFILE(SMBunlink);
2521
2522 if (req->wct < 1) {
2523 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2524 END_PROFILE(SMBunlink);
2525 return;
2526 }
2527
2528 dirtype = SVAL(req->inbuf,smb_vwv0);
2529
2530 srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name,
2531 smb_buf(req->inbuf) + 1, 0,
2532 STR_TERMINATE, &status, &path_contains_wcard);
2533 if (!NT_STATUS_IS_OK(status)) {
2534 reply_nterror(req, status);
2535 END_PROFILE(SMBunlink);
2536 return;
2537 }
2538
2539 status = resolve_dfspath_wcard(ctx, conn,
2540 req->flags2 & FLAGS2_DFS_PATHNAMES,
2541 name,
2542 &name,
2543 &path_contains_wcard);
2544 if (!NT_STATUS_IS_OK(status)) {
2545 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
2546 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2547 ERRSRV, ERRbadpath);
2548 END_PROFILE(SMBunlink);
2549 return;
2550 }
2551 reply_nterror(req, status);
2552 END_PROFILE(SMBunlink);
2553 return;
2554 }
2555
2556 DEBUG(3,("reply_unlink : %s\n",name));
2557
2558 status = unlink_internals(conn, req, dirtype, name,
2559 path_contains_wcard);
2560 if (!NT_STATUS_IS_OK(status)) {
2561 if (open_was_deferred(req->mid)) {
2562 /* We have re-scheduled this call. */
2563 END_PROFILE(SMBunlink);
2564 return;
2565 }
2566 reply_nterror(req, status);
2567 END_PROFILE(SMBunlink);
2568 return;
2569 }
2570
2571 reply_outbuf(req, 0, 0);
2572 END_PROFILE(SMBunlink);
2573
2574 return;
2575}
2576
2577/****************************************************************************
2578 Fail for readbraw.
2579****************************************************************************/
2580
2581static void fail_readraw(void)
2582{
2583 const char *errstr = talloc_asprintf(talloc_tos(),
2584 "FAIL ! reply_readbraw: socket write fail (%s)",
2585 strerror(errno));
2586 if (!errstr) {
2587 errstr = "";
2588 }
2589 exit_server_cleanly(errstr);
2590}
2591
2592/****************************************************************************
2593 Fake (read/write) sendfile. Returns -1 on read or write fail.
2594****************************************************************************/
2595
2596static ssize_t fake_sendfile(files_struct *fsp, SMB_OFF_T startpos,
2597 size_t nread)
2598{
2599 size_t bufsize;
2600 size_t tosend = nread;
2601 char *buf;
2602
2603 if (nread == 0) {
2604 return 0;
2605 }
2606
2607 bufsize = MIN(nread, 65536);
2608
2609 if (!(buf = SMB_MALLOC_ARRAY(char, bufsize))) {
2610 return -1;
2611 }
2612
2613 while (tosend > 0) {
2614 ssize_t ret;
2615 size_t cur_read;
2616
2617 if (tosend > bufsize) {
2618 cur_read = bufsize;
2619 } else {
2620 cur_read = tosend;
2621 }
2622 ret = read_file(fsp,buf,startpos,cur_read);
2623 if (ret == -1) {
2624 SAFE_FREE(buf);
2625 return -1;
2626 }
2627
2628 /* If we had a short read, fill with zeros. */
2629 if (ret < cur_read) {
2630 memset(buf, '\0', cur_read - ret);
2631 }
2632
2633 if (write_data(smbd_server_fd(),buf,cur_read) != cur_read) {
2634 SAFE_FREE(buf);
2635 return -1;
2636 }
2637 tosend -= cur_read;
2638 startpos += cur_read;
2639 }
2640
2641 SAFE_FREE(buf);
2642 return (ssize_t)nread;
2643}
2644
2645/****************************************************************************
2646 Return a readbraw error (4 bytes of zero).
2647****************************************************************************/
2648
2649static void reply_readbraw_error(void)
2650{
2651 char header[4];
2652 SIVAL(header,0,0);
2653 if (write_data(smbd_server_fd(),header,4) != 4) {
2654 fail_readraw();
2655 }
2656}
2657
2658/****************************************************************************
2659 Use sendfile in readbraw.
2660****************************************************************************/
2661
2662void send_file_readbraw(connection_struct *conn,
2663 files_struct *fsp,
2664 SMB_OFF_T startpos,
2665 size_t nread,
2666 ssize_t mincount)
2667{
2668 char *outbuf = NULL;
2669 ssize_t ret=0;
2670
2671#if defined(WITH_SENDFILE)
2672 /*
2673 * We can only use sendfile on a non-chained packet
2674 * but we can use on a non-oplocked file. tridge proved this
2675 * on a train in Germany :-). JRA.
2676 * reply_readbraw has already checked the length.
2677 */
2678
2679 if ( (chain_size == 0) && (nread > 0) && (fsp->base_fsp == NULL) &&
2680 (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn)) ) {
2681 char header[4];
2682 DATA_BLOB header_blob;
2683
2684 _smb_setlen(header,nread);
2685 header_blob = data_blob_const(header, 4);
2686
2687 if (SMB_VFS_SENDFILE(smbd_server_fd(), fsp,
2688 &header_blob, startpos, nread) == -1) {
2689 /* Returning ENOSYS means no data at all was sent.
2690 * Do this as a normal read. */
2691 if (errno == ENOSYS) {
2692 goto normal_readbraw;
2693 }
2694
2695 /*
2696 * Special hack for broken Linux with no working sendfile. If we
2697 * return EINTR we sent the header but not the rest of the data.
2698 * Fake this up by doing read/write calls.
2699 */
2700 if (errno == EINTR) {
2701 /* Ensure we don't do this again. */
2702 set_use_sendfile(SNUM(conn), False);
2703 DEBUG(0,("send_file_readbraw: sendfile not available. Faking..\n"));
2704
2705 if (fake_sendfile(fsp, startpos, nread) == -1) {
2706 DEBUG(0,("send_file_readbraw: fake_sendfile failed for file %s (%s).\n",
2707 fsp->fsp_name, strerror(errno) ));
2708 exit_server_cleanly("send_file_readbraw fake_sendfile failed");
2709 }
2710 return;
2711 }
2712
2713 DEBUG(0,("send_file_readbraw: sendfile failed for file %s (%s). Terminating\n",
2714 fsp->fsp_name, strerror(errno) ));
2715 exit_server_cleanly("send_file_readbraw sendfile failed");
2716 }
2717
2718 return;
2719 }
2720#endif
2721
2722normal_readbraw:
2723
2724 outbuf = TALLOC_ARRAY(NULL, char, nread+4);
2725 if (!outbuf) {
2726 DEBUG(0,("send_file_readbraw: TALLOC_ARRAY failed for size %u.\n",
2727 (unsigned)(nread+4)));
2728 reply_readbraw_error();
2729 return;
2730 }
2731
2732 if (nread > 0) {
2733 ret = read_file(fsp,outbuf+4,startpos,nread);
2734#if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2735 if (ret < mincount)
2736 ret = 0;
2737#else
2738 if (ret < nread)
2739 ret = 0;
2740#endif
2741 }
2742
2743 _smb_setlen(outbuf,ret);
2744 if (write_data(smbd_server_fd(),outbuf,4+ret) != 4+ret)
2745 fail_readraw();
2746
2747 TALLOC_FREE(outbuf);
2748}
2749
2750/****************************************************************************
2751 Reply to a readbraw (core+ protocol).
2752****************************************************************************/
2753
2754void reply_readbraw(struct smb_request *req)
2755{
2756 connection_struct *conn = req->conn;
2757 ssize_t maxcount,mincount;
2758 size_t nread = 0;
2759 SMB_OFF_T startpos;
2760 files_struct *fsp;
2761 SMB_STRUCT_STAT st;
2762 SMB_OFF_T size = 0;
2763
2764 START_PROFILE(SMBreadbraw);
2765
2766 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
2767 exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
2768 "raw reads/writes are disallowed.");
2769 }
2770
2771 if (req->wct < 8) {
2772 reply_readbraw_error();
2773 END_PROFILE(SMBreadbraw);
2774 return;
2775 }
2776
2777 /*
2778 * Special check if an oplock break has been issued
2779 * and the readraw request croses on the wire, we must
2780 * return a zero length response here.
2781 */
2782
2783 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2784
2785 /*
2786 * We have to do a check_fsp by hand here, as
2787 * we must always return 4 zero bytes on error,
2788 * not a NTSTATUS.
2789 */
2790
2791 if (!fsp || !conn || conn != fsp->conn ||
2792 current_user.vuid != fsp->vuid ||
2793 fsp->is_directory || fsp->fh->fd == -1) {
2794 /*
2795 * fsp could be NULL here so use the value from the packet. JRA.
2796 */
2797 DEBUG(3,("reply_readbraw: fnum %d not valid "
2798 "- cache prime?\n",
2799 (int)SVAL(req->inbuf,smb_vwv0)));
2800 reply_readbraw_error();
2801 END_PROFILE(SMBreadbraw);
2802 return;
2803 }
2804
2805 /* Do a "by hand" version of CHECK_READ. */
2806 if (!(fsp->can_read ||
2807 ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) &&
2808 (fsp->access_mask & FILE_EXECUTE)))) {
2809 DEBUG(3,("reply_readbraw: fnum %d not readable.\n",
2810 (int)SVAL(req->inbuf,smb_vwv0)));
2811 reply_readbraw_error();
2812 END_PROFILE(SMBreadbraw);
2813 return;
2814 }
2815
2816 flush_write_cache(fsp, READRAW_FLUSH);
2817
2818 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv1);
2819 if(req->wct == 10) {
2820 /*
2821 * This is a large offset (64 bit) read.
2822 */
2823#ifdef LARGE_SMB_OFF_T
2824
2825 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv8)) << 32);
2826
2827#else /* !LARGE_SMB_OFF_T */
2828
2829 /*
2830 * Ensure we haven't been sent a >32 bit offset.
2831 */
2832
2833 if(IVAL(req->inbuf,smb_vwv8) != 0) {
2834 DEBUG(0,("reply_readbraw: large offset "
2835 "(%x << 32) used and we don't support "
2836 "64 bit offsets.\n",
2837 (unsigned int)IVAL(req->inbuf,smb_vwv8) ));
2838 reply_readbraw_error();
2839 END_PROFILE(SMBreadbraw);
2840 return;
2841 }
2842
2843#endif /* LARGE_SMB_OFF_T */
2844
2845 if(startpos < 0) {
2846 DEBUG(0,("reply_readbraw: negative 64 bit "
2847 "readraw offset (%.0f) !\n",
2848 (double)startpos ));
2849 reply_readbraw_error();
2850 END_PROFILE(SMBreadbraw);
2851 return;
2852 }
2853 }
2854
2855 maxcount = (SVAL(req->inbuf,smb_vwv3) & 0xFFFF);
2856 mincount = (SVAL(req->inbuf,smb_vwv4) & 0xFFFF);
2857
2858 /* ensure we don't overrun the packet size */
2859 maxcount = MIN(65535,maxcount);
2860
2861 if (is_locked(fsp,(uint32)req->smbpid,
2862 (SMB_BIG_UINT)maxcount,
2863 (SMB_BIG_UINT)startpos,
2864 READ_LOCK)) {
2865 reply_readbraw_error();
2866 END_PROFILE(SMBreadbraw);
2867 return;
2868 }
2869
2870 if (SMB_VFS_FSTAT(fsp, &st) == 0) {
2871 size = st.st_size;
2872 }
2873
2874 if (startpos >= size) {
2875 nread = 0;
2876 } else {
2877 nread = MIN(maxcount,(size - startpos));
2878 }
2879
2880#if 0 /* mincount appears to be ignored in a W2K server. JRA. */
2881 if (nread < mincount)
2882 nread = 0;
2883#endif
2884
2885 DEBUG( 3, ( "reply_readbraw: fnum=%d start=%.0f max=%lu "
2886 "min=%lu nread=%lu\n",
2887 fsp->fnum, (double)startpos,
2888 (unsigned long)maxcount,
2889 (unsigned long)mincount,
2890 (unsigned long)nread ) );
2891
2892 send_file_readbraw(conn, fsp, startpos, nread, mincount);
2893
2894 DEBUG(5,("reply_readbraw finished\n"));
2895 END_PROFILE(SMBreadbraw);
2896}
2897
2898#undef DBGC_CLASS
2899#define DBGC_CLASS DBGC_LOCKING
2900
2901/****************************************************************************
2902 Reply to a lockread (core+ protocol).
2903****************************************************************************/
2904
2905void reply_lockread(struct smb_request *req)
2906{
2907 connection_struct *conn = req->conn;
2908 ssize_t nread = -1;
2909 char *data;
2910 SMB_OFF_T startpos;
2911 size_t numtoread;
2912 NTSTATUS status;
2913 files_struct *fsp;
2914 struct byte_range_lock *br_lck = NULL;
2915 char *p = NULL;
2916
2917 START_PROFILE(SMBlockread);
2918
2919 if (req->wct < 5) {
2920 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2921 END_PROFILE(SMBlockread);
2922 return;
2923 }
2924
2925 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
2926
2927 if (!check_fsp(conn, req, fsp, &current_user)) {
2928 END_PROFILE(SMBlockread);
2929 return;
2930 }
2931
2932 if (!CHECK_READ(fsp,req->inbuf)) {
2933 reply_doserror(req, ERRDOS, ERRbadaccess);
2934 END_PROFILE(SMBlockread);
2935 return;
2936 }
2937
2938 release_level_2_oplocks_on_change(fsp);
2939
2940 numtoread = SVAL(req->inbuf,smb_vwv1);
2941 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
2942
2943 numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
2944
2945 reply_outbuf(req, 5, numtoread + 3);
2946
2947 data = smb_buf(req->outbuf) + 3;
2948
2949 /*
2950 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
2951 * protocol request that predates the read/write lock concept.
2952 * Thus instead of asking for a read lock here we need to ask
2953 * for a write lock. JRA.
2954 * Note that the requested lock size is unaffected by max_recv.
2955 */
2956
2957 br_lck = do_lock(smbd_messaging_context(),
2958 fsp,
2959 req->smbpid,
2960 (SMB_BIG_UINT)numtoread,
2961 (SMB_BIG_UINT)startpos,
2962 WRITE_LOCK,
2963 WINDOWS_LOCK,
2964 False, /* Non-blocking lock. */
2965 &status,
2966 NULL);
2967 TALLOC_FREE(br_lck);
2968
2969 if (NT_STATUS_V(status)) {
2970 reply_nterror(req, status);
2971 END_PROFILE(SMBlockread);
2972 return;
2973 }
2974
2975 /*
2976 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
2977 */
2978
2979 if (numtoread > max_recv) {
2980 DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
2981Returning short read of maximum allowed for compatibility with Windows 2000.\n",
2982 (unsigned int)numtoread, (unsigned int)max_recv ));
2983 numtoread = MIN(numtoread,max_recv);
2984 }
2985 nread = read_file(fsp,data,startpos,numtoread);
2986
2987 if (nread < 0) {
2988 reply_unixerror(req, ERRDOS, ERRnoaccess);
2989 END_PROFILE(SMBlockread);
2990 return;
2991 }
2992
2993 srv_set_message((char *)req->outbuf, 5, nread+3, False);
2994
2995 SSVAL(req->outbuf,smb_vwv0,nread);
2996 SSVAL(req->outbuf,smb_vwv5,nread+3);
2997 p = smb_buf(req->outbuf);
2998 SCVAL(p,0,0); /* pad byte. */
2999 SSVAL(p,1,nread);
3000
3001 DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
3002 fsp->fnum, (int)numtoread, (int)nread));
3003
3004 END_PROFILE(SMBlockread);
3005 return;
3006}
3007
3008#undef DBGC_CLASS
3009#define DBGC_CLASS DBGC_ALL
3010
3011/****************************************************************************
3012 Reply to a read.
3013****************************************************************************/
3014
3015void reply_read(struct smb_request *req)
3016{
3017 connection_struct *conn = req->conn;
3018 size_t numtoread;
3019 ssize_t nread = 0;
3020 char *data;
3021 SMB_OFF_T startpos;
3022 int outsize = 0;
3023 files_struct *fsp;
3024
3025 START_PROFILE(SMBread);
3026
3027 if (req->wct < 3) {
3028 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3029 END_PROFILE(SMBread);
3030 return;
3031 }
3032
3033 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3034
3035 if (!check_fsp(conn, req, fsp, &current_user)) {
3036 END_PROFILE(SMBread);
3037 return;
3038 }
3039
3040 if (!CHECK_READ(fsp,req->inbuf)) {
3041 reply_doserror(req, ERRDOS, ERRbadaccess);
3042 END_PROFILE(SMBread);
3043 return;
3044 }
3045
3046 numtoread = SVAL(req->inbuf,smb_vwv1);
3047 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3048
3049 numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
3050
3051 /*
3052 * The requested read size cannot be greater than max_recv. JRA.
3053 */
3054 if (numtoread > max_recv) {
3055 DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
3056Returning short read of maximum allowed for compatibility with Windows 2000.\n",
3057 (unsigned int)numtoread, (unsigned int)max_recv ));
3058 numtoread = MIN(numtoread,max_recv);
3059 }
3060
3061 reply_outbuf(req, 5, numtoread+3);
3062
3063 data = smb_buf(req->outbuf) + 3;
3064
3065 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtoread,
3066 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3067 reply_doserror(req, ERRDOS,ERRlock);
3068 END_PROFILE(SMBread);
3069 return;
3070 }
3071
3072 if (numtoread > 0)
3073 nread = read_file(fsp,data,startpos,numtoread);
3074
3075 if (nread < 0) {
3076 reply_unixerror(req, ERRDOS,ERRnoaccess);
3077 END_PROFILE(SMBread);
3078 return;
3079 }
3080
3081 srv_set_message((char *)req->outbuf, 5, nread+3, False);
3082
3083 SSVAL(req->outbuf,smb_vwv0,nread);
3084 SSVAL(req->outbuf,smb_vwv5,nread+3);
3085 SCVAL(smb_buf(req->outbuf),0,1);
3086 SSVAL(smb_buf(req->outbuf),1,nread);
3087
3088 DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
3089 fsp->fnum, (int)numtoread, (int)nread ) );
3090
3091 END_PROFILE(SMBread);
3092 return;
3093}
3094
3095/****************************************************************************
3096 Setup readX header.
3097****************************************************************************/
3098
3099static int setup_readX_header(char *outbuf, size_t smb_maxcnt)
3100{
3101 int outsize;
3102 char *data;
3103
3104 outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
3105 data = smb_buf(outbuf);
3106
3107 memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
3108
3109 SCVAL(outbuf,smb_vwv0,0xFF);
3110 SSVAL(outbuf,smb_vwv2,0xFFFF); /* Remaining - must be -1. */
3111 SSVAL(outbuf,smb_vwv5,smb_maxcnt);
3112 SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
3113 SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
3114 SSVAL(smb_buf(outbuf),-2,smb_maxcnt);
3115 /* Reset the outgoing length, set_message truncates at 0x1FFFF. */
3116 _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
3117 return outsize;
3118}
3119
3120/****************************************************************************
3121 Reply to a read and X - possibly using sendfile.
3122****************************************************************************/
3123
3124static void send_file_readX(connection_struct *conn, struct smb_request *req,
3125 files_struct *fsp, SMB_OFF_T startpos,
3126 size_t smb_maxcnt)
3127{
3128 SMB_STRUCT_STAT sbuf;
3129 ssize_t nread = -1;
3130
3131 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
3132 reply_unixerror(req, ERRDOS, ERRnoaccess);
3133 return;
3134 }
3135
3136 if (startpos > sbuf.st_size) {
3137 smb_maxcnt = 0;
3138 } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
3139 smb_maxcnt = (sbuf.st_size - startpos);
3140 }
3141
3142 if (smb_maxcnt == 0) {
3143 goto normal_read;
3144 }
3145
3146#if defined(WITH_SENDFILE)
3147 /*
3148 * We can only use sendfile on a non-chained packet
3149 * but we can use on a non-oplocked file. tridge proved this
3150 * on a train in Germany :-). JRA.
3151 */
3152
3153 if ((chain_size == 0) && (CVAL(req->inbuf,smb_vwv0) == 0xFF) &&
3154 !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) &&
3155 lp_use_sendfile(SNUM(conn)) && (fsp->wcp == NULL) ) {
3156 uint8 headerbuf[smb_size + 12 * 2];
3157 DATA_BLOB header;
3158
3159 /*
3160 * Set up the packet header before send. We
3161 * assume here the sendfile will work (get the
3162 * correct amount of data).
3163 */
3164
3165 header = data_blob_const(headerbuf, sizeof(headerbuf));
3166
3167 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3168 setup_readX_header((char *)headerbuf, smb_maxcnt);
3169
3170 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) {
3171 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */
3172 if (errno == ENOSYS) {
3173 goto normal_read;
3174 }
3175
3176 /*
3177 * Special hack for broken Linux with no working sendfile. If we
3178 * return EINTR we sent the header but not the rest of the data.
3179 * Fake this up by doing read/write calls.
3180 */
3181
3182 if (errno == EINTR) {
3183 /* Ensure we don't do this again. */
3184 set_use_sendfile(SNUM(conn), False);
3185 DEBUG(0,("send_file_readX: sendfile not available. Faking..\n"));
3186 nread = fake_sendfile(fsp, startpos,
3187 smb_maxcnt);
3188 if (nread == -1) {
3189 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3190 fsp->fsp_name, strerror(errno) ));
3191 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3192 }
3193 DEBUG( 3, ( "send_file_readX: fake_sendfile fnum=%d max=%d nread=%d\n",
3194 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3195 /* No outbuf here means successful sendfile. */
3196 TALLOC_FREE(req->outbuf);
3197 return;
3198 }
3199
3200 DEBUG(0,("send_file_readX: sendfile failed for file %s (%s). Terminating\n",
3201 fsp->fsp_name, strerror(errno) ));
3202 exit_server_cleanly("send_file_readX sendfile failed");
3203 }
3204
3205 DEBUG( 3, ( "send_file_readX: sendfile fnum=%d max=%d nread=%d\n",
3206 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3207 /* No outbuf here means successful sendfile. */
3208 TALLOC_FREE(req->outbuf);
3209 return;
3210 }
3211#endif
3212
3213normal_read:
3214
3215 if ((smb_maxcnt & 0xFF0000) > 0x10000) {
3216 uint8 headerbuf[smb_size + 2*12];
3217
3218 construct_reply_common((char *)req->inbuf, (char *)headerbuf);
3219 setup_readX_header((char *)headerbuf, smb_maxcnt);
3220
3221 /* Send out the header. */
3222 if (write_data(smbd_server_fd(), (char *)headerbuf,
3223 sizeof(headerbuf)) != sizeof(headerbuf)) {
3224 DEBUG(0,("send_file_readX: write_data failed for file %s (%s). Terminating\n",
3225 fsp->fsp_name, strerror(errno) ));
3226 exit_server_cleanly("send_file_readX sendfile failed");
3227 }
3228 nread = fake_sendfile(fsp, startpos, smb_maxcnt);
3229 if (nread == -1) {
3230 DEBUG(0,("send_file_readX: fake_sendfile failed for file %s (%s).\n",
3231 fsp->fsp_name, strerror(errno) ));
3232 exit_server_cleanly("send_file_readX: fake_sendfile failed");
3233 }
3234 TALLOC_FREE(req->outbuf);
3235 return;
3236 } else {
3237 reply_outbuf(req, 12, smb_maxcnt);
3238
3239 nread = read_file(fsp, smb_buf(req->outbuf), startpos,
3240 smb_maxcnt);
3241 if (nread < 0) {
3242 reply_unixerror(req, ERRDOS, ERRnoaccess);
3243 return;
3244 }
3245
3246 setup_readX_header((char *)req->outbuf, nread);
3247
3248 DEBUG( 3, ( "send_file_readX fnum=%d max=%d nread=%d\n",
3249 fsp->fnum, (int)smb_maxcnt, (int)nread ) );
3250
3251 chain_reply(req);
3252
3253 return;
3254 }
3255}
3256
3257/****************************************************************************
3258 Reply to a read and X.
3259****************************************************************************/
3260
3261void reply_read_and_X(struct smb_request *req)
3262{
3263 connection_struct *conn = req->conn;
3264 files_struct *fsp;
3265 SMB_OFF_T startpos;
3266 size_t smb_maxcnt;
3267 bool big_readX = False;
3268#if 0
3269 size_t smb_mincnt = SVAL(req->inbuf,smb_vwv6);
3270#endif
3271
3272 START_PROFILE(SMBreadX);
3273
3274 if ((req->wct != 10) && (req->wct != 12)) {
3275 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3276 return;
3277 }
3278
3279 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3280 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3281 smb_maxcnt = SVAL(req->inbuf,smb_vwv5);
3282
3283 /* If it's an IPC, pass off the pipe handler. */
3284 if (IS_IPC(conn)) {
3285 reply_pipe_read_and_X(req);
3286 END_PROFILE(SMBreadX);
3287 return;
3288 }
3289
3290 if (!check_fsp(conn, req, fsp, &current_user)) {
3291 END_PROFILE(SMBreadX);
3292 return;
3293 }
3294
3295 if (!CHECK_READ(fsp,req->inbuf)) {
3296 reply_doserror(req, ERRDOS,ERRbadaccess);
3297 END_PROFILE(SMBreadX);
3298 return;
3299 }
3300
3301 if (global_client_caps & CAP_LARGE_READX) {
3302 size_t upper_size = SVAL(req->inbuf,smb_vwv7);
3303 smb_maxcnt |= (upper_size<<16);
3304 if (upper_size > 1) {
3305 /* Can't do this on a chained packet. */
3306 if ((CVAL(req->inbuf,smb_vwv0) != 0xFF)) {
3307 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3308 END_PROFILE(SMBreadX);
3309 return;
3310 }
3311 /* We currently don't do this on signed or sealed data. */
3312 if (srv_is_signing_active() || is_encrypted_packet(req->inbuf)) {
3313 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
3314 END_PROFILE(SMBreadX);
3315 return;
3316 }
3317 /* Is there room in the reply for this data ? */
3318 if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
3319 reply_nterror(req,
3320 NT_STATUS_INVALID_PARAMETER);
3321 END_PROFILE(SMBreadX);
3322 return;
3323 }
3324 big_readX = True;
3325 }
3326 }
3327
3328 if (req->wct == 12) {
3329#ifdef LARGE_SMB_OFF_T
3330 /*
3331 * This is a large offset (64 bit) read.
3332 */
3333 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv10)) << 32);
3334
3335#else /* !LARGE_SMB_OFF_T */
3336
3337 /*
3338 * Ensure we haven't been sent a >32 bit offset.
3339 */
3340
3341 if(IVAL(req->inbuf,smb_vwv10) != 0) {
3342 DEBUG(0,("reply_read_and_X - large offset (%x << 32) "
3343 "used and we don't support 64 bit offsets.\n",
3344 (unsigned int)IVAL(req->inbuf,smb_vwv10) ));
3345 END_PROFILE(SMBreadX);
3346 reply_doserror(req, ERRDOS, ERRbadaccess);
3347 return;
3348 }
3349
3350#endif /* LARGE_SMB_OFF_T */
3351
3352 }
3353
3354 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)smb_maxcnt,
3355 (SMB_BIG_UINT)startpos, READ_LOCK)) {
3356 END_PROFILE(SMBreadX);
3357 reply_doserror(req, ERRDOS, ERRlock);
3358 return;
3359 }
3360
3361 if (!big_readX &&
3362 schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
3363 END_PROFILE(SMBreadX);
3364 return;
3365 }
3366
3367 send_file_readX(conn, req, fsp, startpos, smb_maxcnt);
3368
3369 END_PROFILE(SMBreadX);
3370 return;
3371}
3372
3373/****************************************************************************
3374 Error replies to writebraw must have smb_wct == 1. Fix this up.
3375****************************************************************************/
3376
3377void error_to_writebrawerr(struct smb_request *req)
3378{
3379 uint8 *old_outbuf = req->outbuf;
3380
3381 reply_outbuf(req, 1, 0);
3382
3383 memcpy(req->outbuf, old_outbuf, smb_size);
3384 TALLOC_FREE(old_outbuf);
3385}
3386
3387/****************************************************************************
3388 Reply to a writebraw (core+ or LANMAN1.0 protocol).
3389****************************************************************************/
3390
3391void reply_writebraw(struct smb_request *req)
3392{
3393 connection_struct *conn = req->conn;
3394 char *buf = NULL;
3395 ssize_t nwritten=0;
3396 ssize_t total_written=0;
3397 size_t numtowrite=0;
3398 size_t tcount;
3399 SMB_OFF_T startpos;
3400 char *data=NULL;
3401 bool write_through;
3402 files_struct *fsp;
3403 NTSTATUS status;
3404
3405 START_PROFILE(SMBwritebraw);
3406
3407 /*
3408 * If we ever reply with an error, it must have the SMB command
3409 * type of SMBwritec, not SMBwriteBraw, as this tells the client
3410 * we're finished.
3411 */
3412 SCVAL(req->inbuf,smb_com,SMBwritec);
3413
3414 if (srv_is_signing_active()) {
3415 END_PROFILE(SMBwritebraw);
3416 exit_server_cleanly("reply_writebraw: SMB signing is active - "
3417 "raw reads/writes are disallowed.");
3418 }
3419
3420 if (req->wct < 12) {
3421 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3422 error_to_writebrawerr(req);
3423 END_PROFILE(SMBwritebraw);
3424 return;
3425 }
3426
3427 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3428 if (!check_fsp(conn, req, fsp, &current_user)) {
3429 error_to_writebrawerr(req);
3430 END_PROFILE(SMBwritebraw);
3431 return;
3432 }
3433
3434 if (!CHECK_WRITE(fsp)) {
3435 reply_doserror(req, ERRDOS, ERRbadaccess);
3436 error_to_writebrawerr(req);
3437 END_PROFILE(SMBwritebraw);
3438 return;
3439 }
3440
3441 tcount = IVAL(req->inbuf,smb_vwv1);
3442 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3443 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3444
3445 /* We have to deal with slightly different formats depending
3446 on whether we are using the core+ or lanman1.0 protocol */
3447
3448 if(Protocol <= PROTOCOL_COREPLUS) {
3449 numtowrite = SVAL(smb_buf(req->inbuf),-2);
3450 data = smb_buf(req->inbuf);
3451 } else {
3452 numtowrite = SVAL(req->inbuf,smb_vwv10);
3453 data = smb_base(req->inbuf) + SVAL(req->inbuf, smb_vwv11);
3454 }
3455
3456 /* Ensure we don't write bytes past the end of this packet. */
3457 if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
3458 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3459 error_to_writebrawerr(req);
3460 END_PROFILE(SMBwritebraw);
3461 return;
3462 }
3463
3464 if (is_locked(fsp,(uint32)req->smbpid,(SMB_BIG_UINT)tcount,
3465 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3466 reply_doserror(req, ERRDOS, ERRlock);
3467 error_to_writebrawerr(req);
3468 END_PROFILE(SMBwritebraw);
3469 return;
3470 }
3471
3472 if (numtowrite>0) {
3473 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3474 }
3475
3476 DEBUG(3,("reply_writebraw: initial write fnum=%d start=%.0f num=%d "
3477 "wrote=%d sync=%d\n",
3478 fsp->fnum, (double)startpos, (int)numtowrite,
3479 (int)nwritten, (int)write_through));
3480
3481 if (nwritten < (ssize_t)numtowrite) {
3482 reply_unixerror(req, ERRHRD, ERRdiskfull);
3483 error_to_writebrawerr(req);
3484 END_PROFILE(SMBwritebraw);
3485 return;
3486 }
3487
3488 total_written = nwritten;
3489
3490 /* Allocate a buffer of 64k + length. */
3491 buf = TALLOC_ARRAY(NULL, char, 65540);
3492 if (!buf) {
3493 reply_doserror(req, ERRDOS, ERRnomem);
3494 error_to_writebrawerr(req);
3495 END_PROFILE(SMBwritebraw);
3496 return;
3497 }
3498
3499 /* Return a SMBwritebraw message to the redirector to tell
3500 * it to send more bytes */
3501
3502 memcpy(buf, req->inbuf, smb_size);
3503 srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
3504 SCVAL(buf,smb_com,SMBwritebraw);
3505 SSVALS(buf,smb_vwv0,0xFFFF);
3506 show_msg(buf);
3507 if (!srv_send_smb(smbd_server_fd(),
3508 buf,
3509 IS_CONN_ENCRYPTED(conn))) {
3510 exit_server_cleanly("reply_writebraw: srv_send_smb "
3511 "failed.");
3512 }
3513
3514 /* Now read the raw data into the buffer and write it */
3515 status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
3516 &numtowrite);
3517 if (!NT_STATUS_IS_OK(status)) {
3518 exit_server_cleanly("secondary writebraw failed");
3519 }
3520
3521 /* Set up outbuf to return the correct size */
3522 reply_outbuf(req, 1, 0);
3523
3524 if (numtowrite != 0) {
3525
3526 if (numtowrite > 0xFFFF) {
3527 DEBUG(0,("reply_writebraw: Oversize secondary write "
3528 "raw requested (%u). Terminating\n",
3529 (unsigned int)numtowrite ));
3530 exit_server_cleanly("secondary writebraw failed");
3531 }
3532
3533 if (tcount > nwritten+numtowrite) {
3534 DEBUG(3,("reply_writebraw: Client overestimated the "
3535 "write %d %d %d\n",
3536 (int)tcount,(int)nwritten,(int)numtowrite));
3537 }
3538
3539 status = read_data(smbd_server_fd(), buf+4, numtowrite);
3540
3541 if (!NT_STATUS_IS_OK(status)) {
3542 DEBUG(0,("reply_writebraw: Oversize secondary write "
3543 "raw read failed (%s). Terminating\n",
3544 nt_errstr(status)));
3545 exit_server_cleanly("secondary writebraw failed");
3546 }
3547
3548 nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
3549 if (nwritten == -1) {
3550 TALLOC_FREE(buf);
3551 reply_unixerror(req, ERRHRD, ERRdiskfull);
3552 error_to_writebrawerr(req);
3553 END_PROFILE(SMBwritebraw);
3554 return;
3555 }
3556
3557 if (nwritten < (ssize_t)numtowrite) {
3558 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3559 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3560 }
3561
3562 if (nwritten > 0) {
3563 total_written += nwritten;
3564 }
3565 }
3566
3567 TALLOC_FREE(buf);
3568 SSVAL(req->outbuf,smb_vwv0,total_written);
3569
3570 status = sync_file(conn, fsp, write_through);
3571 if (!NT_STATUS_IS_OK(status)) {
3572 DEBUG(5,("reply_writebraw: sync_file for %s returned %s\n",
3573 fsp->fsp_name, nt_errstr(status) ));
3574 reply_nterror(req, status);
3575 error_to_writebrawerr(req);
3576 END_PROFILE(SMBwritebraw);
3577 return;
3578 }
3579
3580 DEBUG(3,("reply_writebraw: secondart write fnum=%d start=%.0f num=%d "
3581 "wrote=%d\n",
3582 fsp->fnum, (double)startpos, (int)numtowrite,
3583 (int)total_written));
3584
3585 /* We won't return a status if write through is not selected - this
3586 * follows what WfWg does */
3587 END_PROFILE(SMBwritebraw);
3588
3589 if (!write_through && total_written==tcount) {
3590
3591#if RABBIT_PELLET_FIX
3592 /*
3593 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
3594 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this.
3595 * JRA.
3596 */
3597 if (!send_keepalive(smbd_server_fd())) {
3598 exit_server_cleanly("reply_writebraw: send of "
3599 "keepalive failed");
3600 }
3601#endif
3602 TALLOC_FREE(req->outbuf);
3603 }
3604 return;
3605}
3606
3607#undef DBGC_CLASS
3608#define DBGC_CLASS DBGC_LOCKING
3609
3610/****************************************************************************
3611 Reply to a writeunlock (core+).
3612****************************************************************************/
3613
3614void reply_writeunlock(struct smb_request *req)
3615{
3616 connection_struct *conn = req->conn;
3617 ssize_t nwritten = -1;
3618 size_t numtowrite;
3619 SMB_OFF_T startpos;
3620 char *data;
3621 NTSTATUS status = NT_STATUS_OK;
3622 files_struct *fsp;
3623
3624 START_PROFILE(SMBwriteunlock);
3625
3626 if (req->wct < 5) {
3627 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3628 END_PROFILE(SMBwriteunlock);
3629 return;
3630 }
3631
3632 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3633
3634 if (!check_fsp(conn, req, fsp, &current_user)) {
3635 END_PROFILE(SMBwriteunlock);
3636 return;
3637 }
3638
3639 if (!CHECK_WRITE(fsp)) {
3640 reply_doserror(req, ERRDOS,ERRbadaccess);
3641 END_PROFILE(SMBwriteunlock);
3642 return;
3643 }
3644
3645 numtowrite = SVAL(req->inbuf,smb_vwv1);
3646 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3647 data = smb_buf(req->inbuf) + 3;
3648
3649 if (numtowrite
3650 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3651 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3652 reply_doserror(req, ERRDOS, ERRlock);
3653 END_PROFILE(SMBwriteunlock);
3654 return;
3655 }
3656
3657 /* The special X/Open SMB protocol handling of
3658 zero length writes is *NOT* done for
3659 this call */
3660 if(numtowrite == 0) {
3661 nwritten = 0;
3662 } else {
3663 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3664 }
3665
3666 status = sync_file(conn, fsp, False /* write through */);
3667 if (!NT_STATUS_IS_OK(status)) {
3668 DEBUG(5,("reply_writeunlock: sync_file for %s returned %s\n",
3669 fsp->fsp_name, nt_errstr(status) ));
3670 reply_nterror(req, status);
3671 END_PROFILE(SMBwriteunlock);
3672 return;
3673 }
3674
3675 if(((nwritten < numtowrite) && (numtowrite != 0))||(nwritten < 0)) {
3676 reply_unixerror(req, ERRHRD, ERRdiskfull);
3677 END_PROFILE(SMBwriteunlock);
3678 return;
3679 }
3680
3681 if (numtowrite) {
3682 status = do_unlock(smbd_messaging_context(),
3683 fsp,
3684 req->smbpid,
3685 (SMB_BIG_UINT)numtowrite,
3686 (SMB_BIG_UINT)startpos,
3687 WINDOWS_LOCK);
3688
3689 if (NT_STATUS_V(status)) {
3690 reply_nterror(req, status);
3691 END_PROFILE(SMBwriteunlock);
3692 return;
3693 }
3694 }
3695
3696 reply_outbuf(req, 1, 0);
3697
3698 SSVAL(req->outbuf,smb_vwv0,nwritten);
3699
3700 DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
3701 fsp->fnum, (int)numtowrite, (int)nwritten));
3702
3703 END_PROFILE(SMBwriteunlock);
3704 return;
3705}
3706
3707#undef DBGC_CLASS
3708#define DBGC_CLASS DBGC_ALL
3709
3710/****************************************************************************
3711 Reply to a write.
3712****************************************************************************/
3713
3714void reply_write(struct smb_request *req)
3715{
3716 connection_struct *conn = req->conn;
3717 size_t numtowrite;
3718 ssize_t nwritten = -1;
3719 SMB_OFF_T startpos;
3720 char *data;
3721 files_struct *fsp;
3722 NTSTATUS status;
3723
3724 START_PROFILE(SMBwrite);
3725
3726 if (req->wct < 5) {
3727 END_PROFILE(SMBwrite);
3728 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3729 return;
3730 }
3731
3732 /* If it's an IPC, pass off the pipe handler. */
3733 if (IS_IPC(conn)) {
3734 reply_pipe_write(req);
3735 END_PROFILE(SMBwrite);
3736 return;
3737 }
3738
3739 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
3740
3741 if (!check_fsp(conn, req, fsp, &current_user)) {
3742 END_PROFILE(SMBwrite);
3743 return;
3744 }
3745
3746 if (!CHECK_WRITE(fsp)) {
3747 reply_doserror(req, ERRDOS, ERRbadaccess);
3748 END_PROFILE(SMBwrite);
3749 return;
3750 }
3751
3752 numtowrite = SVAL(req->inbuf,smb_vwv1);
3753 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
3754 data = smb_buf(req->inbuf) + 3;
3755
3756 if (is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
3757 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
3758 reply_doserror(req, ERRDOS, ERRlock);
3759 END_PROFILE(SMBwrite);
3760 return;
3761 }
3762
3763 /*
3764 * X/Open SMB protocol says that if smb_vwv1 is
3765 * zero then the file size should be extended or
3766 * truncated to the size given in smb_vwv[2-3].
3767 */
3768
3769 if(numtowrite == 0) {
3770 /*
3771 * This is actually an allocate call, and set EOF. JRA.
3772 */
3773 nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
3774 if (nwritten < 0) {
3775 reply_nterror(req, NT_STATUS_DISK_FULL);
3776 END_PROFILE(SMBwrite);
3777 return;
3778 }
3779 nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
3780 if (nwritten < 0) {
3781 reply_nterror(req, NT_STATUS_DISK_FULL);
3782 END_PROFILE(SMBwrite);
3783 return;
3784 }
3785 } else
3786 nwritten = write_file(req,fsp,data,startpos,numtowrite);
3787
3788 status = sync_file(conn, fsp, False);
3789 if (!NT_STATUS_IS_OK(status)) {
3790 DEBUG(5,("reply_write: sync_file for %s returned %s\n",
3791 fsp->fsp_name, nt_errstr(status) ));
3792 reply_nterror(req, status);
3793 END_PROFILE(SMBwrite);
3794 return;
3795 }
3796
3797 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
3798 reply_unixerror(req, ERRHRD, ERRdiskfull);
3799 END_PROFILE(SMBwrite);
3800 return;
3801 }
3802
3803 reply_outbuf(req, 1, 0);
3804
3805 SSVAL(req->outbuf,smb_vwv0,nwritten);
3806
3807 if (nwritten < (ssize_t)numtowrite) {
3808 SCVAL(req->outbuf,smb_rcls,ERRHRD);
3809 SSVAL(req->outbuf,smb_err,ERRdiskfull);
3810 }
3811
3812 DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
3813
3814 END_PROFILE(SMBwrite);
3815 return;
3816}
3817
3818/****************************************************************************
3819 Ensure a buffer is a valid writeX for recvfile purposes.
3820****************************************************************************/
3821
3822#define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
3823 (2*14) + /* word count (including bcc) */ \
3824 1 /* pad byte */)
3825
3826bool is_valid_writeX_buffer(const uint8_t *inbuf)
3827{
3828 size_t numtowrite;
3829 connection_struct *conn = NULL;
3830 unsigned int doff = 0;
3831 size_t len = smb_len_large(inbuf);
3832
3833 if (is_encrypted_packet(inbuf)) {
3834 /* Can't do this on encrypted
3835 * connections. */
3836 return false;
3837 }
3838
3839 if (CVAL(inbuf,smb_com) != SMBwriteX) {
3840 return false;
3841 }
3842
3843 if (CVAL(inbuf,smb_vwv0) != 0xFF ||
3844 CVAL(inbuf,smb_wct) != 14) {
3845 DEBUG(10,("is_valid_writeX_buffer: chained or "
3846 "invalid word length.\n"));
3847 return false;
3848 }
3849
3850 conn = conn_find(SVAL(inbuf, smb_tid));
3851 if (conn == NULL) {
3852 DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
3853 return false;
3854 }
3855 if (IS_IPC(conn)) {
3856 DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
3857 return false;
3858 }
3859 doff = SVAL(inbuf,smb_vwv11);
3860
3861 numtowrite = SVAL(inbuf,smb_vwv10);
3862
3863 if (len > doff && len - doff > 0xFFFF) {
3864 numtowrite |= (((size_t)SVAL(inbuf,smb_vwv9))<<16);
3865 }
3866
3867 if (numtowrite == 0) {
3868 DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
3869 return false;
3870 }
3871
3872 /* Ensure the sizes match up. */
3873 if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
3874 /* no pad byte...old smbclient :-( */
3875 DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
3876 (unsigned int)doff,
3877 (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
3878 return false;
3879 }
3880
3881 if (len - doff != numtowrite) {
3882 DEBUG(10,("is_valid_writeX_buffer: doff mismatch "
3883 "len = %u, doff = %u, numtowrite = %u\n",
3884 (unsigned int)len,
3885 (unsigned int)doff,
3886 (unsigned int)numtowrite ));
3887 return false;
3888 }
3889
3890 DEBUG(10,("is_valid_writeX_buffer: true "
3891 "len = %u, doff = %u, numtowrite = %u\n",
3892 (unsigned int)len,
3893 (unsigned int)doff,
3894 (unsigned int)numtowrite ));
3895
3896 return true;
3897}
3898
3899/****************************************************************************
3900 Reply to a write and X.
3901****************************************************************************/
3902
3903void reply_write_and_X(struct smb_request *req)
3904{
3905 connection_struct *conn = req->conn;
3906 files_struct *fsp;
3907 SMB_OFF_T startpos;
3908 size_t numtowrite;
3909 bool write_through;
3910 ssize_t nwritten;
3911 unsigned int smb_doff;
3912 unsigned int smblen;
3913 char *data;
3914 NTSTATUS status;
3915
3916 START_PROFILE(SMBwriteX);
3917
3918 if ((req->wct != 12) && (req->wct != 14)) {
3919 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3920 END_PROFILE(SMBwriteX);
3921 return;
3922 }
3923
3924 numtowrite = SVAL(req->inbuf,smb_vwv10);
3925 smb_doff = SVAL(req->inbuf,smb_vwv11);
3926 smblen = smb_len(req->inbuf);
3927
3928 if (req->unread_bytes > 0xFFFF ||
3929 (smblen > smb_doff &&
3930 smblen - smb_doff > 0xFFFF)) {
3931 numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16);
3932 }
3933
3934 if (req->unread_bytes) {
3935 /* Can't do a recvfile write on IPC$ */
3936 if (IS_IPC(conn)) {
3937 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
3938 END_PROFILE(SMBwriteX);
3939 return;
3940 }
3941 if (numtowrite != req->unread_bytes) {
3942 reply_doserror(req, ERRDOS, ERRbadmem);
3943 END_PROFILE(SMBwriteX);
3944 return;
3945 }
3946 } else {
3947 if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
3948 smb_doff + numtowrite > smblen) {
3949 reply_doserror(req, ERRDOS, ERRbadmem);
3950 END_PROFILE(SMBwriteX);
3951 return;
3952 }
3953 }
3954
3955 /* If it's an IPC, pass off the pipe handler. */
3956 if (IS_IPC(conn)) {
3957 if (req->unread_bytes) {
3958 reply_doserror(req, ERRDOS, ERRbadmem);
3959 END_PROFILE(SMBwriteX);
3960 return;
3961 }
3962 reply_pipe_write_and_X(req);
3963 END_PROFILE(SMBwriteX);
3964 return;
3965 }
3966
3967 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
3968 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv3);
3969 write_through = BITSETW(req->inbuf+smb_vwv7,0);
3970
3971 if (!check_fsp(conn, req, fsp, &current_user)) {
3972 END_PROFILE(SMBwriteX);
3973 return;
3974 }
3975
3976 if (!CHECK_WRITE(fsp)) {
3977 reply_doserror(req, ERRDOS, ERRbadaccess);
3978 END_PROFILE(SMBwriteX);
3979 return;
3980 }
3981
3982 data = smb_base(req->inbuf) + smb_doff;
3983
3984 if(req->wct == 14) {
3985#ifdef LARGE_SMB_OFF_T
3986 /*
3987 * This is a large offset (64 bit) write.
3988 */
3989 startpos |= (((SMB_OFF_T)IVAL(req->inbuf,smb_vwv12)) << 32);
3990
3991#else /* !LARGE_SMB_OFF_T */
3992
3993 /*
3994 * Ensure we haven't been sent a >32 bit offset.
3995 */
3996
3997 if(IVAL(req->inbuf,smb_vwv12) != 0) {
3998 DEBUG(0,("reply_write_and_X - large offset (%x << 32) "
3999 "used and we don't support 64 bit offsets.\n",
4000 (unsigned int)IVAL(req->inbuf,smb_vwv12) ));
4001 reply_doserror(req, ERRDOS, ERRbadaccess);
4002 END_PROFILE(SMBwriteX);
4003 return;
4004 }
4005
4006#endif /* LARGE_SMB_OFF_T */
4007 }
4008
4009 if (is_locked(fsp,(uint32)req->smbpid,
4010 (SMB_BIG_UINT)numtowrite,
4011 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4012 reply_doserror(req, ERRDOS, ERRlock);
4013 END_PROFILE(SMBwriteX);
4014 return;
4015 }
4016
4017 /* X/Open SMB protocol says that, unlike SMBwrite
4018 if the length is zero then NO truncation is
4019 done, just a write of zero. To truncate a file,
4020 use SMBwrite. */
4021
4022 if(numtowrite == 0) {
4023 nwritten = 0;
4024 } else {
4025
4026 if ((req->unread_bytes == 0) &&
4027 schedule_aio_write_and_X(conn, req, fsp, data, startpos,
4028 numtowrite)) {
4029 END_PROFILE(SMBwriteX);
4030 return;
4031 }
4032
4033 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4034 }
4035
4036 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4037 reply_unixerror(req, ERRHRD, ERRdiskfull);
4038 END_PROFILE(SMBwriteX);
4039 return;
4040 }
4041
4042 reply_outbuf(req, 6, 0);
4043 SSVAL(req->outbuf,smb_vwv2,nwritten);
4044 SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
4045
4046 if (nwritten < (ssize_t)numtowrite) {
4047 SCVAL(req->outbuf,smb_rcls,ERRHRD);
4048 SSVAL(req->outbuf,smb_err,ERRdiskfull);
4049 }
4050
4051 DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
4052 fsp->fnum, (int)numtowrite, (int)nwritten));
4053
4054 status = sync_file(conn, fsp, write_through);
4055 if (!NT_STATUS_IS_OK(status)) {
4056 DEBUG(5,("reply_write_and_X: sync_file for %s returned %s\n",
4057 fsp->fsp_name, nt_errstr(status) ));
4058 reply_nterror(req, status);
4059 END_PROFILE(SMBwriteX);
4060 return;
4061 }
4062
4063 END_PROFILE(SMBwriteX);
4064 chain_reply(req);
4065 return;
4066}
4067
4068/****************************************************************************
4069 Reply to a lseek.
4070****************************************************************************/
4071
4072void reply_lseek(struct smb_request *req)
4073{
4074 connection_struct *conn = req->conn;
4075 SMB_OFF_T startpos;
4076 SMB_OFF_T res= -1;
4077 int mode,umode;
4078 files_struct *fsp;
4079
4080 START_PROFILE(SMBlseek);
4081
4082 if (req->wct < 4) {
4083 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4084 END_PROFILE(SMBlseek);
4085 return;
4086 }
4087
4088 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4089
4090 if (!check_fsp(conn, req, fsp, &current_user)) {
4091 return;
4092 }
4093
4094 flush_write_cache(fsp, SEEK_FLUSH);
4095
4096 mode = SVAL(req->inbuf,smb_vwv1) & 3;
4097 /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */
4098 startpos = (SMB_OFF_T)IVALS(req->inbuf,smb_vwv2);
4099
4100 switch (mode) {
4101 case 0:
4102 umode = SEEK_SET;
4103 res = startpos;
4104 break;
4105 case 1:
4106 umode = SEEK_CUR;
4107 res = fsp->fh->pos + startpos;
4108 break;
4109 case 2:
4110 umode = SEEK_END;
4111 break;
4112 default:
4113 umode = SEEK_SET;
4114 res = startpos;
4115 break;
4116 }
4117
4118 if (umode == SEEK_END) {
4119 if((res = SMB_VFS_LSEEK(fsp,startpos,umode)) == -1) {
4120 if(errno == EINVAL) {
4121 SMB_OFF_T current_pos = startpos;
4122 SMB_STRUCT_STAT sbuf;
4123
4124 if(SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
4125 reply_unixerror(req, ERRDOS,
4126 ERRnoaccess);
4127 END_PROFILE(SMBlseek);
4128 return;
4129 }
4130
4131 current_pos += sbuf.st_size;
4132 if(current_pos < 0)
4133 res = SMB_VFS_LSEEK(fsp,0,SEEK_SET);
4134 }
4135 }
4136
4137 if(res == -1) {
4138 reply_unixerror(req, ERRDOS, ERRnoaccess);
4139 END_PROFILE(SMBlseek);
4140 return;
4141 }
4142 }
4143
4144 fsp->fh->pos = res;
4145
4146 reply_outbuf(req, 2, 0);
4147 SIVAL(req->outbuf,smb_vwv0,res);
4148
4149 DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
4150 fsp->fnum, (double)startpos, (double)res, mode));
4151
4152 END_PROFILE(SMBlseek);
4153 return;
4154}
4155
4156/****************************************************************************
4157 Reply to a flush.
4158****************************************************************************/
4159
4160void reply_flush(struct smb_request *req)
4161{
4162 connection_struct *conn = req->conn;
4163 uint16 fnum;
4164 files_struct *fsp;
4165
4166 START_PROFILE(SMBflush);
4167
4168 if (req->wct < 1) {
4169 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4170 return;
4171 }
4172
4173 fnum = SVAL(req->inbuf,smb_vwv0);
4174 fsp = file_fsp(fnum);
4175
4176 if ((fnum != 0xFFFF) && !check_fsp(conn, req, fsp, &current_user)) {
4177 return;
4178 }
4179
4180 if (!fsp) {
4181 file_sync_all(conn);
4182 } else {
4183 NTSTATUS status = sync_file(conn, fsp, True);
4184 if (!NT_STATUS_IS_OK(status)) {
4185 DEBUG(5,("reply_flush: sync_file for %s returned %s\n",
4186 fsp->fsp_name, nt_errstr(status) ));
4187 reply_nterror(req, status);
4188 END_PROFILE(SMBflush);
4189 return;
4190 }
4191 }
4192
4193 reply_outbuf(req, 0, 0);
4194
4195 DEBUG(3,("flush\n"));
4196 END_PROFILE(SMBflush);
4197 return;
4198}
4199
4200/****************************************************************************
4201 Reply to a exit.
4202 conn POINTER CAN BE NULL HERE !
4203****************************************************************************/
4204
4205void reply_exit(struct smb_request *req)
4206{
4207 START_PROFILE(SMBexit);
4208
4209 file_close_pid(req->smbpid, req->vuid);
4210
4211 reply_outbuf(req, 0, 0);
4212
4213 DEBUG(3,("exit\n"));
4214
4215 END_PROFILE(SMBexit);
4216 return;
4217}
4218
4219/****************************************************************************
4220 Reply to a close - has to deal with closing a directory opened by NT SMB's.
4221****************************************************************************/
4222
4223void reply_close(struct smb_request *req)
4224{
4225 connection_struct *conn = req->conn;
4226 NTSTATUS status = NT_STATUS_OK;
4227 files_struct *fsp = NULL;
4228 START_PROFILE(SMBclose);
4229
4230 if (req->wct < 3) {
4231 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4232 END_PROFILE(SMBclose);
4233 return;
4234 }
4235
4236 /* If it's an IPC, pass off to the pipe handler. */
4237 if (IS_IPC(conn)) {
4238 reply_pipe_close(conn, req);
4239 END_PROFILE(SMBclose);
4240 return;
4241 }
4242
4243 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4244
4245 /*
4246 * We can only use CHECK_FSP if we know it's not a directory.
4247 */
4248
4249 if(!fsp || (fsp->conn != conn) || (fsp->vuid != current_user.vuid)) {
4250 reply_doserror(req, ERRDOS, ERRbadfid);
4251 END_PROFILE(SMBclose);
4252 return;
4253 }
4254
4255 if(fsp->is_directory) {
4256 /*
4257 * Special case - close NT SMB directory handle.
4258 */
4259 DEBUG(3,("close directory fnum=%d\n", fsp->fnum));
4260 status = close_file(fsp,NORMAL_CLOSE);
4261 } else {
4262 time_t t;
4263 /*
4264 * Close ordinary file.
4265 */
4266
4267 DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
4268 fsp->fh->fd, fsp->fnum,
4269 conn->num_files_open));
4270
4271 /*
4272 * Take care of any time sent in the close.
4273 */
4274
4275 t = srv_make_unix_date3(req->inbuf+smb_vwv1);
4276 set_close_write_time(fsp, convert_time_t_to_timespec(t));
4277
4278 /*
4279 * close_file() returns the unix errno if an error
4280 * was detected on close - normally this is due to
4281 * a disk full error. If not then it was probably an I/O error.
4282 */
4283
4284 status = close_file(fsp,NORMAL_CLOSE);
4285 }
4286
4287 if (!NT_STATUS_IS_OK(status)) {
4288 reply_nterror(req, status);
4289 END_PROFILE(SMBclose);
4290 return;
4291 }
4292
4293 reply_outbuf(req, 0, 0);
4294 END_PROFILE(SMBclose);
4295 return;
4296}
4297
4298/****************************************************************************
4299 Reply to a writeclose (Core+ protocol).
4300****************************************************************************/
4301
4302void reply_writeclose(struct smb_request *req)
4303{
4304 connection_struct *conn = req->conn;
4305 size_t numtowrite;
4306 ssize_t nwritten = -1;
4307 NTSTATUS close_status = NT_STATUS_OK;
4308 SMB_OFF_T startpos;
4309 char *data;
4310 struct timespec mtime;
4311 files_struct *fsp;
4312
4313 START_PROFILE(SMBwriteclose);
4314
4315 if (req->wct < 6) {
4316 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4317 END_PROFILE(SMBwriteclose);
4318 return;
4319 }
4320
4321 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4322
4323 if (!check_fsp(conn, req, fsp, &current_user)) {
4324 END_PROFILE(SMBwriteclose);
4325 return;
4326 }
4327 if (!CHECK_WRITE(fsp)) {
4328 reply_doserror(req, ERRDOS,ERRbadaccess);
4329 END_PROFILE(SMBwriteclose);
4330 return;
4331 }
4332
4333 numtowrite = SVAL(req->inbuf,smb_vwv1);
4334 startpos = IVAL_TO_SMB_OFF_T(req->inbuf,smb_vwv2);
4335 mtime = convert_time_t_to_timespec(srv_make_unix_date3(
4336 req->inbuf+smb_vwv4));
4337 data = smb_buf(req->inbuf) + 1;
4338
4339 if (numtowrite
4340 && is_locked(fsp, (uint32)req->smbpid, (SMB_BIG_UINT)numtowrite,
4341 (SMB_BIG_UINT)startpos, WRITE_LOCK)) {
4342 reply_doserror(req, ERRDOS,ERRlock);
4343 END_PROFILE(SMBwriteclose);
4344 return;
4345 }
4346
4347 nwritten = write_file(req,fsp,data,startpos,numtowrite);
4348
4349 set_close_write_time(fsp, mtime);
4350
4351 /*
4352 * More insanity. W2K only closes the file if writelen > 0.
4353 * JRA.
4354 */
4355
4356 if (numtowrite) {
4357 DEBUG(3,("reply_writeclose: zero length write doesn't close file %s\n",
4358 fsp->fsp_name ));
4359 close_status = close_file(fsp,NORMAL_CLOSE);
4360 }
4361
4362 DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
4363 fsp->fnum, (int)numtowrite, (int)nwritten,
4364 conn->num_files_open));
4365
4366 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
4367 reply_doserror(req, ERRHRD, ERRdiskfull);
4368 END_PROFILE(SMBwriteclose);
4369 return;
4370 }
4371
4372 if(!NT_STATUS_IS_OK(close_status)) {
4373 reply_nterror(req, close_status);
4374 END_PROFILE(SMBwriteclose);
4375 return;
4376 }
4377
4378 reply_outbuf(req, 1, 0);
4379
4380 SSVAL(req->outbuf,smb_vwv0,nwritten);
4381 END_PROFILE(SMBwriteclose);
4382 return;
4383}
4384
4385#undef DBGC_CLASS
4386#define DBGC_CLASS DBGC_LOCKING
4387
4388/****************************************************************************
4389 Reply to a lock.
4390****************************************************************************/
4391
4392void reply_lock(struct smb_request *req)
4393{
4394 connection_struct *conn = req->conn;
4395 SMB_BIG_UINT count,offset;
4396 NTSTATUS status;
4397 files_struct *fsp;
4398 struct byte_range_lock *br_lck = NULL;
4399
4400 START_PROFILE(SMBlock);
4401
4402 if (req->wct < 5) {
4403 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4404 END_PROFILE(SMBlock);
4405 return;
4406 }
4407
4408 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4409
4410 if (!check_fsp(conn, req, fsp, &current_user)) {
4411 END_PROFILE(SMBlock);
4412 return;
4413 }
4414
4415 release_level_2_oplocks_on_change(fsp);
4416
4417 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4418 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4419
4420 DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4421 fsp->fh->fd, fsp->fnum, (double)offset, (double)count));
4422
4423 br_lck = do_lock(smbd_messaging_context(),
4424 fsp,
4425 req->smbpid,
4426 count,
4427 offset,
4428 WRITE_LOCK,
4429 WINDOWS_LOCK,
4430 False, /* Non-blocking lock. */
4431 &status,
4432 NULL);
4433
4434 TALLOC_FREE(br_lck);
4435
4436 if (NT_STATUS_V(status)) {
4437 reply_nterror(req, status);
4438 END_PROFILE(SMBlock);
4439 return;
4440 }
4441
4442 reply_outbuf(req, 0, 0);
4443
4444 END_PROFILE(SMBlock);
4445 return;
4446}
4447
4448/****************************************************************************
4449 Reply to a unlock.
4450****************************************************************************/
4451
4452void reply_unlock(struct smb_request *req)
4453{
4454 connection_struct *conn = req->conn;
4455 SMB_BIG_UINT count,offset;
4456 NTSTATUS status;
4457 files_struct *fsp;
4458
4459 START_PROFILE(SMBunlock);
4460
4461 if (req->wct < 5) {
4462 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4463 END_PROFILE(SMBunlock);
4464 return;
4465 }
4466
4467 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4468
4469 if (!check_fsp(conn, req, fsp, &current_user)) {
4470 END_PROFILE(SMBunlock);
4471 return;
4472 }
4473
4474 count = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv1);
4475 offset = (SMB_BIG_UINT)IVAL(req->inbuf,smb_vwv3);
4476
4477 status = do_unlock(smbd_messaging_context(),
4478 fsp,
4479 req->smbpid,
4480 count,
4481 offset,
4482 WINDOWS_LOCK);
4483
4484 if (NT_STATUS_V(status)) {
4485 reply_nterror(req, status);
4486 END_PROFILE(SMBunlock);
4487 return;
4488 }
4489
4490 DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
4491 fsp->fh->fd, fsp->fnum, (double)offset, (double)count ) );
4492
4493 reply_outbuf(req, 0, 0);
4494
4495 END_PROFILE(SMBunlock);
4496 return;
4497}
4498
4499#undef DBGC_CLASS
4500#define DBGC_CLASS DBGC_ALL
4501
4502/****************************************************************************
4503 Reply to a tdis.
4504 conn POINTER CAN BE NULL HERE !
4505****************************************************************************/
4506
4507void reply_tdis(struct smb_request *req)
4508{
4509 connection_struct *conn = req->conn;
4510 START_PROFILE(SMBtdis);
4511
4512 if (!conn) {
4513 DEBUG(4,("Invalid connection in tdis\n"));
4514 reply_doserror(req, ERRSRV, ERRinvnid);
4515 END_PROFILE(SMBtdis);
4516 return;
4517 }
4518
4519 conn->used = False;
4520
4521 close_cnum(conn,req->vuid);
4522 req->conn = NULL;
4523
4524 reply_outbuf(req, 0, 0);
4525 END_PROFILE(SMBtdis);
4526 return;
4527}
4528
4529/****************************************************************************
4530 Reply to a echo.
4531 conn POINTER CAN BE NULL HERE !
4532****************************************************************************/
4533
4534void reply_echo(struct smb_request *req)
4535{
4536 connection_struct *conn = req->conn;
4537 int smb_reverb;
4538 int seq_num;
4539 unsigned int data_len = smb_buflen(req->inbuf);
4540
4541 START_PROFILE(SMBecho);
4542
4543 if (req->wct < 1) {
4544 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4545 END_PROFILE(SMBecho);
4546 return;
4547 }
4548
4549 if (data_len > BUFFER_SIZE) {
4550 DEBUG(0,("reply_echo: data_len too large.\n"));
4551 reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
4552 END_PROFILE(SMBecho);
4553 return;
4554 }
4555
4556 smb_reverb = SVAL(req->inbuf,smb_vwv0);
4557
4558 reply_outbuf(req, 1, data_len);
4559
4560 /* copy any incoming data back out */
4561 if (data_len > 0) {
4562 memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
4563 }
4564
4565 if (smb_reverb > 100) {
4566 DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
4567 smb_reverb = 100;
4568 }
4569
4570 for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
4571 SSVAL(req->outbuf,smb_vwv0,seq_num);
4572
4573 show_msg((char *)req->outbuf);
4574 if (!srv_send_smb(smbd_server_fd(),
4575 (char *)req->outbuf,
4576 IS_CONN_ENCRYPTED(conn)||req->encrypted))
4577 exit_server_cleanly("reply_echo: srv_send_smb failed.");
4578 }
4579
4580 DEBUG(3,("echo %d times\n", smb_reverb));
4581
4582 TALLOC_FREE(req->outbuf);
4583
4584 smb_echo_count++;
4585
4586 END_PROFILE(SMBecho);
4587 return;
4588}
4589
4590/****************************************************************************
4591 Reply to a printopen.
4592****************************************************************************/
4593
4594void reply_printopen(struct smb_request *req)
4595{
4596 connection_struct *conn = req->conn;
4597 files_struct *fsp;
4598 NTSTATUS status;
4599
4600 START_PROFILE(SMBsplopen);
4601
4602 if (req->wct < 2) {
4603 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4604 END_PROFILE(SMBsplopen);
4605 return;
4606 }
4607
4608 if (!CAN_PRINT(conn)) {
4609 reply_doserror(req, ERRDOS, ERRnoaccess);
4610 END_PROFILE(SMBsplopen);
4611 return;
4612 }
4613
4614 /* Open for exclusive use, write only. */
4615 status = print_fsp_open(conn, NULL, &fsp);
4616
4617 if (!NT_STATUS_IS_OK(status)) {
4618 reply_nterror(req, status);
4619 END_PROFILE(SMBsplopen);
4620 return;
4621 }
4622
4623 reply_outbuf(req, 1, 0);
4624 SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
4625
4626 DEBUG(3,("openprint fd=%d fnum=%d\n",
4627 fsp->fh->fd, fsp->fnum));
4628
4629 END_PROFILE(SMBsplopen);
4630 return;
4631}
4632
4633/****************************************************************************
4634 Reply to a printclose.
4635****************************************************************************/
4636
4637void reply_printclose(struct smb_request *req)
4638{
4639 connection_struct *conn = req->conn;
4640 files_struct *fsp;
4641 NTSTATUS status;
4642
4643 START_PROFILE(SMBsplclose);
4644
4645 if (req->wct < 1) {
4646 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4647 END_PROFILE(SMBsplclose);
4648 return;
4649 }
4650
4651 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4652
4653 if (!check_fsp(conn, req, fsp, &current_user)) {
4654 END_PROFILE(SMBsplclose);
4655 return;
4656 }
4657
4658 if (!CAN_PRINT(conn)) {
4659 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRerror));
4660 END_PROFILE(SMBsplclose);
4661 return;
4662 }
4663
4664 DEBUG(3,("printclose fd=%d fnum=%d\n",
4665 fsp->fh->fd,fsp->fnum));
4666
4667 status = close_file(fsp,NORMAL_CLOSE);
4668
4669 if(!NT_STATUS_IS_OK(status)) {
4670 reply_nterror(req, status);
4671 END_PROFILE(SMBsplclose);
4672 return;
4673 }
4674
4675 reply_outbuf(req, 0, 0);
4676
4677 END_PROFILE(SMBsplclose);
4678 return;
4679}
4680
4681/****************************************************************************
4682 Reply to a printqueue.
4683****************************************************************************/
4684
4685void reply_printqueue(struct smb_request *req)
4686{
4687 connection_struct *conn = req->conn;
4688 int max_count;
4689 int start_index;
4690
4691 START_PROFILE(SMBsplretq);
4692
4693 if (req->wct < 2) {
4694 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4695 END_PROFILE(SMBsplretq);
4696 return;
4697 }
4698
4699 max_count = SVAL(req->inbuf,smb_vwv0);
4700 start_index = SVAL(req->inbuf,smb_vwv1);
4701
4702 /* we used to allow the client to get the cnum wrong, but that
4703 is really quite gross and only worked when there was only
4704 one printer - I think we should now only accept it if they
4705 get it right (tridge) */
4706 if (!CAN_PRINT(conn)) {
4707 reply_doserror(req, ERRDOS, ERRnoaccess);
4708 END_PROFILE(SMBsplretq);
4709 return;
4710 }
4711
4712 reply_outbuf(req, 2, 3);
4713 SSVAL(req->outbuf,smb_vwv0,0);
4714 SSVAL(req->outbuf,smb_vwv1,0);
4715 SCVAL(smb_buf(req->outbuf),0,1);
4716 SSVAL(smb_buf(req->outbuf),1,0);
4717
4718 DEBUG(3,("printqueue start_index=%d max_count=%d\n",
4719 start_index, max_count));
4720
4721 {
4722 print_queue_struct *queue = NULL;
4723 print_status_struct status;
4724 int count = print_queue_status(SNUM(conn), &queue, &status);
4725 int num_to_get = ABS(max_count);
4726 int first = (max_count>0?start_index:start_index+max_count+1);
4727 int i;
4728
4729 if (first >= count)
4730 num_to_get = 0;
4731 else
4732 num_to_get = MIN(num_to_get,count-first);
4733
4734
4735 for (i=first;i<first+num_to_get;i++) {
4736 char blob[28];
4737 char *p = blob;
4738
4739 srv_put_dos_date2(p,0,queue[i].time);
4740 SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
4741 SSVAL(p,5, queue[i].job);
4742 SIVAL(p,7,queue[i].size);
4743 SCVAL(p,11,0);
4744 srvstr_push(blob, req->flags2, p+12,
4745 queue[i].fs_user, 16, STR_ASCII);
4746
4747 if (message_push_blob(
4748 &req->outbuf,
4749 data_blob_const(
4750 blob, sizeof(blob))) == -1) {
4751 reply_nterror(req, NT_STATUS_NO_MEMORY);
4752 END_PROFILE(SMBsplretq);
4753 return;
4754 }
4755 }
4756
4757 if (count > 0) {
4758 SSVAL(req->outbuf,smb_vwv0,count);
4759 SSVAL(req->outbuf,smb_vwv1,
4760 (max_count>0?first+count:first-1));
4761 SCVAL(smb_buf(req->outbuf),0,1);
4762 SSVAL(smb_buf(req->outbuf),1,28*count);
4763 }
4764
4765 SAFE_FREE(queue);
4766
4767 DEBUG(3,("%d entries returned in queue\n",count));
4768 }
4769
4770 END_PROFILE(SMBsplretq);
4771 return;
4772}
4773
4774/****************************************************************************
4775 Reply to a printwrite.
4776****************************************************************************/
4777
4778void reply_printwrite(struct smb_request *req)
4779{
4780 connection_struct *conn = req->conn;
4781 int numtowrite;
4782 char *data;
4783 files_struct *fsp;
4784
4785 START_PROFILE(SMBsplwr);
4786
4787 if (req->wct < 1) {
4788 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4789 END_PROFILE(SMBsplwr);
4790 return;
4791 }
4792
4793 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
4794
4795 if (!check_fsp(conn, req, fsp, &current_user)) {
4796 END_PROFILE(SMBsplwr);
4797 return;
4798 }
4799
4800 if (!CAN_PRINT(conn)) {
4801 reply_doserror(req, ERRDOS, ERRnoaccess);
4802 END_PROFILE(SMBsplwr);
4803 return;
4804 }
4805
4806 if (!CHECK_WRITE(fsp)) {
4807 reply_doserror(req, ERRDOS, ERRbadaccess);
4808 END_PROFILE(SMBsplwr);
4809 return;
4810 }
4811
4812 numtowrite = SVAL(smb_buf(req->inbuf),1);
4813
4814 if (smb_buflen(req->inbuf) < numtowrite + 3) {
4815 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
4816 END_PROFILE(SMBsplwr);
4817 return;
4818 }
4819
4820 data = smb_buf(req->inbuf) + 3;
4821
4822 if (write_file(req,fsp,data,-1,numtowrite) != numtowrite) {
4823 reply_unixerror(req, ERRHRD, ERRdiskfull);
4824 END_PROFILE(SMBsplwr);
4825 return;
4826 }
4827
4828 DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
4829
4830 END_PROFILE(SMBsplwr);
4831 return;
4832}
4833
4834/****************************************************************************
4835 Reply to a mkdir.
4836****************************************************************************/
4837
4838void reply_mkdir(struct smb_request *req)
4839{
4840 connection_struct *conn = req->conn;
4841 char *directory = NULL;
4842 NTSTATUS status;
4843 SMB_STRUCT_STAT sbuf;
4844 TALLOC_CTX *ctx = talloc_tos();
4845
4846 START_PROFILE(SMBmkdir);
4847
4848 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
4849 smb_buf(req->inbuf) + 1, 0,
4850 STR_TERMINATE, &status);
4851 if (!NT_STATUS_IS_OK(status)) {
4852 reply_nterror(req, status);
4853 END_PROFILE(SMBmkdir);
4854 return;
4855 }
4856
4857 status = resolve_dfspath(ctx, conn,
4858 req->flags2 & FLAGS2_DFS_PATHNAMES,
4859 directory,
4860 &directory);
4861 if (!NT_STATUS_IS_OK(status)) {
4862 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
4863 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
4864 ERRSRV, ERRbadpath);
4865 END_PROFILE(SMBmkdir);
4866 return;
4867 }
4868 reply_nterror(req, status);
4869 END_PROFILE(SMBmkdir);
4870 return;
4871 }
4872
4873 status = unix_convert(ctx, conn, directory, False, &directory, NULL, &sbuf);
4874 if (!NT_STATUS_IS_OK(status)) {
4875 reply_nterror(req, status);
4876 END_PROFILE(SMBmkdir);
4877 return;
4878 }
4879
4880 status = check_name(conn, directory);
4881 if (!NT_STATUS_IS_OK(status)) {
4882 reply_nterror(req, status);
4883 END_PROFILE(SMBmkdir);
4884 return;
4885 }
4886
4887 status = create_directory(conn, req, directory);
4888
4889 DEBUG(5, ("create_directory returned %s\n", nt_errstr(status)));
4890
4891 if (!NT_STATUS_IS_OK(status)) {
4892
4893 if (!use_nt_status()
4894 && NT_STATUS_EQUAL(status,
4895 NT_STATUS_OBJECT_NAME_COLLISION)) {
4896 /*
4897 * Yes, in the DOS error code case we get a
4898 * ERRDOS:ERRnoaccess here. See BASE-SAMBA3ERROR
4899 * samba4 torture test.
4900 */
4901 status = NT_STATUS_DOS(ERRDOS, ERRnoaccess);
4902 }
4903
4904 reply_nterror(req, status);
4905 END_PROFILE(SMBmkdir);
4906 return;
4907 }
4908
4909 reply_outbuf(req, 0, 0);
4910
4911 DEBUG( 3, ( "mkdir %s\n", directory ) );
4912
4913 END_PROFILE(SMBmkdir);
4914 return;
4915}
4916
4917/****************************************************************************
4918 Static function used by reply_rmdir to delete an entire directory
4919 tree recursively. Return True on ok, False on fail.
4920****************************************************************************/
4921
4922static bool recursive_rmdir(TALLOC_CTX *ctx,
4923 connection_struct *conn,
4924 char *directory)
4925{
4926 const char *dname = NULL;
4927 bool ret = True;
4928 long offset = 0;
4929 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, directory,
4930 NULL, 0);
4931
4932 if(dir_hnd == NULL)
4933 return False;
4934
4935 while((dname = ReadDirName(dir_hnd, &offset))) {
4936 char *fullname = NULL;
4937 SMB_STRUCT_STAT st;
4938
4939 if (ISDOT(dname) || ISDOTDOT(dname)) {
4940 continue;
4941 }
4942
4943 if (!is_visible_file(conn, directory, dname, &st, False)) {
4944 continue;
4945 }
4946
4947 /* Construct the full name. */
4948 fullname = talloc_asprintf(ctx,
4949 "%s/%s",
4950 directory,
4951 dname);
4952 if (!fullname) {
4953 errno = ENOMEM;
4954 ret = False;
4955 break;
4956 }
4957
4958 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
4959 ret = False;
4960 break;
4961 }
4962
4963 if(st.st_mode & S_IFDIR) {
4964 if(!recursive_rmdir(ctx, conn, fullname)) {
4965 ret = False;
4966 break;
4967 }
4968 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
4969 ret = False;
4970 break;
4971 }
4972 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
4973 ret = False;
4974 break;
4975 }
4976 TALLOC_FREE(fullname);
4977 }
4978 TALLOC_FREE(dir_hnd);
4979 return ret;
4980}
4981
4982/****************************************************************************
4983 The internals of the rmdir code - called elsewhere.
4984****************************************************************************/
4985
4986NTSTATUS rmdir_internals(TALLOC_CTX *ctx,
4987 connection_struct *conn,
4988 const char *directory)
4989{
4990 int ret;
4991 SMB_STRUCT_STAT st;
4992
4993 /* Might be a symlink. */
4994 if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
4995 return map_nt_error_from_unix(errno);
4996 }
4997
4998 if (S_ISLNK(st.st_mode)) {
4999 /* Is what it points to a directory ? */
5000 if(SMB_VFS_STAT(conn, directory, &st) != 0) {
5001 return map_nt_error_from_unix(errno);
5002 }
5003 if (!(S_ISDIR(st.st_mode))) {
5004 return NT_STATUS_NOT_A_DIRECTORY;
5005 }
5006 ret = SMB_VFS_UNLINK(conn,directory);
5007 } else {
5008 ret = SMB_VFS_RMDIR(conn,directory);
5009 }
5010 if (ret == 0) {
5011 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5012 FILE_NOTIFY_CHANGE_DIR_NAME,
5013 directory);
5014 return NT_STATUS_OK;
5015 }
5016
5017 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
5018 /*
5019 * Check to see if the only thing in this directory are
5020 * vetoed files/directories. If so then delete them and
5021 * retry. If we fail to delete any of them (and we *don't*
5022 * do a recursive delete) then fail the rmdir.
5023 */
5024 const char *dname;
5025 long dirpos = 0;
5026 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
5027 directory, NULL, 0);
5028
5029 if(dir_hnd == NULL) {
5030 errno = ENOTEMPTY;
5031 goto err;
5032 }
5033
5034 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5035 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
5036 continue;
5037 if (!is_visible_file(conn, directory, dname, &st, False))
5038 continue;
5039 if(!IS_VETO_PATH(conn, dname)) {
5040 TALLOC_FREE(dir_hnd);
5041 errno = ENOTEMPTY;
5042 goto err;
5043 }
5044 }
5045
5046 /* We only have veto files/directories. Recursive delete. */
5047
5048 RewindDir(dir_hnd,&dirpos);
5049 while ((dname = ReadDirName(dir_hnd,&dirpos))) {
5050 char *fullname = NULL;
5051
5052 if (ISDOT(dname) || ISDOTDOT(dname)) {
5053 continue;
5054 }
5055 if (!is_visible_file(conn, directory, dname, &st, False)) {
5056 continue;
5057 }
5058
5059 fullname = talloc_asprintf(ctx,
5060 "%s/%s",
5061 directory,
5062 dname);
5063
5064 if(!fullname) {
5065 errno = ENOMEM;
5066 break;
5067 }
5068
5069 if(SMB_VFS_LSTAT(conn,fullname, &st) != 0) {
5070 break;
5071 }
5072 if(st.st_mode & S_IFDIR) {
5073 if(lp_recursive_veto_delete(SNUM(conn))) {
5074 if(!recursive_rmdir(ctx, conn, fullname))
5075 break;
5076 }
5077 if(SMB_VFS_RMDIR(conn,fullname) != 0) {
5078 break;
5079 }
5080 } else if(SMB_VFS_UNLINK(conn,fullname) != 0) {
5081 break;
5082 }
5083 TALLOC_FREE(fullname);
5084 }
5085 TALLOC_FREE(dir_hnd);
5086 /* Retry the rmdir */
5087 ret = SMB_VFS_RMDIR(conn,directory);
5088 }
5089
5090 err:
5091
5092 if (ret != 0) {
5093 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
5094 "%s\n", directory,strerror(errno)));
5095 return map_nt_error_from_unix(errno);
5096 }
5097
5098 notify_fname(conn, NOTIFY_ACTION_REMOVED,
5099 FILE_NOTIFY_CHANGE_DIR_NAME,
5100 directory);
5101
5102 return NT_STATUS_OK;
5103}
5104
5105/****************************************************************************
5106 Reply to a rmdir.
5107****************************************************************************/
5108
5109void reply_rmdir(struct smb_request *req)
5110{
5111 connection_struct *conn = req->conn;
5112 char *directory = NULL;
5113 SMB_STRUCT_STAT sbuf;
5114 NTSTATUS status;
5115 TALLOC_CTX *ctx = talloc_tos();
5116
5117 START_PROFILE(SMBrmdir);
5118
5119 srvstr_get_path(ctx, (char *)req->inbuf, req->flags2, &directory,
5120 smb_buf(req->inbuf) + 1, 0,
5121 STR_TERMINATE, &status);
5122 if (!NT_STATUS_IS_OK(status)) {
5123 reply_nterror(req, status);
5124 END_PROFILE(SMBrmdir);
5125 return;
5126 }
5127
5128 status = resolve_dfspath(ctx, conn,
5129 req->flags2 & FLAGS2_DFS_PATHNAMES,
5130 directory,
5131 &directory);
5132 if (!NT_STATUS_IS_OK(status)) {
5133 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5134 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5135 ERRSRV, ERRbadpath);
5136 END_PROFILE(SMBrmdir);
5137 return;
5138 }
5139 reply_nterror(req, status);
5140 END_PROFILE(SMBrmdir);
5141 return;
5142 }
5143
5144 status = unix_convert(ctx, conn, directory, False, &directory,
5145 NULL, &sbuf);
5146 if (!NT_STATUS_IS_OK(status)) {
5147 reply_nterror(req, status);
5148 END_PROFILE(SMBrmdir);
5149 return;
5150 }
5151
5152 status = check_name(conn, directory);
5153 if (!NT_STATUS_IS_OK(status)) {
5154 reply_nterror(req, status);
5155 END_PROFILE(SMBrmdir);
5156 return;
5157 }
5158
5159 dptr_closepath(directory, req->smbpid);
5160 status = rmdir_internals(ctx, conn, directory);
5161 if (!NT_STATUS_IS_OK(status)) {
5162 reply_nterror(req, status);
5163 END_PROFILE(SMBrmdir);
5164 return;
5165 }
5166
5167 reply_outbuf(req, 0, 0);
5168
5169 DEBUG( 3, ( "rmdir %s\n", directory ) );
5170
5171 END_PROFILE(SMBrmdir);
5172 return;
5173}
5174
5175/*******************************************************************
5176 Resolve wildcards in a filename rename.
5177********************************************************************/
5178
5179static bool resolve_wildcards(TALLOC_CTX *ctx,
5180 const char *name1,
5181 const char *name2,
5182 char **pp_newname)
5183{
5184 char *name2_copy = NULL;
5185 char *root1 = NULL;
5186 char *root2 = NULL;
5187 char *ext1 = NULL;
5188 char *ext2 = NULL;
5189 char *p,*p2, *pname1, *pname2;
5190
5191 name2_copy = talloc_strdup(ctx, name2);
5192 if (!name2_copy) {
5193 return False;
5194 }
5195
5196 pname1 = strrchr_m(name1,'/');
5197 pname2 = strrchr_m(name2_copy,'/');
5198
5199 if (!pname1 || !pname2) {
5200 return False;
5201 }
5202
5203 /* Truncate the copy of name2 at the last '/' */
5204 *pname2 = '\0';
5205
5206 /* Now go past the '/' */
5207 pname1++;
5208 pname2++;
5209
5210 root1 = talloc_strdup(ctx, pname1);
5211 root2 = talloc_strdup(ctx, pname2);
5212
5213 if (!root1 || !root2) {
5214 return False;
5215 }
5216
5217 p = strrchr_m(root1,'.');
5218 if (p) {
5219 *p = 0;
5220 ext1 = talloc_strdup(ctx, p+1);
5221 } else {
5222 ext1 = talloc_strdup(ctx, "");
5223 }
5224 p = strrchr_m(root2,'.');
5225 if (p) {
5226 *p = 0;
5227 ext2 = talloc_strdup(ctx, p+1);
5228 } else {
5229 ext2 = talloc_strdup(ctx, "");
5230 }
5231
5232 if (!ext1 || !ext2) {
5233 return False;
5234 }
5235
5236 p = root1;
5237 p2 = root2;
5238 while (*p2) {
5239 if (*p2 == '?') {
5240 /* Hmmm. Should this be mb-aware ? */
5241 *p2 = *p;
5242 p2++;
5243 } else if (*p2 == '*') {
5244 *p2 = '\0';
5245 root2 = talloc_asprintf(ctx, "%s%s",
5246 root2,
5247 p);
5248 if (!root2) {
5249 return False;
5250 }
5251 break;
5252 } else {
5253 p2++;
5254 }
5255 if (*p) {
5256 p++;
5257 }
5258 }
5259
5260 p = ext1;
5261 p2 = ext2;
5262 while (*p2) {
5263 if (*p2 == '?') {
5264 /* Hmmm. Should this be mb-aware ? */
5265 *p2 = *p;
5266 p2++;
5267 } else if (*p2 == '*') {
5268 *p2 = '\0';
5269 ext2 = talloc_asprintf(ctx, "%s%s",
5270 ext2,
5271 p);
5272 if (!ext2) {
5273 return False;
5274 }
5275 break;
5276 } else {
5277 p2++;
5278 }
5279 if (*p) {
5280 p++;
5281 }
5282 }
5283
5284 if (*ext2) {
5285 *pp_newname = talloc_asprintf(ctx, "%s/%s.%s",
5286 name2_copy,
5287 root2,
5288 ext2);
5289 } else {
5290 *pp_newname = talloc_asprintf(ctx, "%s/%s",
5291 name2_copy,
5292 root2);
5293 }
5294
5295 if (!*pp_newname) {
5296 return False;
5297 }
5298
5299 return True;
5300}
5301
5302/****************************************************************************
5303 Ensure open files have their names updated. Updated to notify other smbd's
5304 asynchronously.
5305****************************************************************************/
5306
5307static void rename_open_files(connection_struct *conn,
5308 struct share_mode_lock *lck,
5309 const char *newname)
5310{
5311 files_struct *fsp;
5312 bool did_rename = False;
5313
5314 for(fsp = file_find_di_first(lck->id); fsp;
5315 fsp = file_find_di_next(fsp)) {
5316 /* fsp_name is a relative path under the fsp. To change this for other
5317 sharepaths we need to manipulate relative paths. */
5318 /* TODO - create the absolute path and manipulate the newname
5319 relative to the sharepath. */
5320 if (!strequal(fsp->conn->connectpath, conn->connectpath)) {
5321 continue;
5322 }
5323 DEBUG(10,("rename_open_files: renaming file fnum %d (file_id %s) from %s -> %s\n",
5324 fsp->fnum, file_id_string_tos(&fsp->file_id),
5325 fsp->fsp_name, newname ));
5326 string_set(&fsp->fsp_name, newname);
5327 did_rename = True;
5328 }
5329
5330 if (!did_rename) {
5331 DEBUG(10,("rename_open_files: no open files on file_id %s for %s\n",
5332 file_id_string_tos(&lck->id), newname ));
5333 }
5334
5335 /* Send messages to all smbd's (not ourself) that the name has changed. */
5336 rename_share_filename(smbd_messaging_context(), lck, conn->connectpath,
5337 newname);
5338}
5339
5340/****************************************************************************
5341 We need to check if the source path is a parent directory of the destination
5342 (ie. a rename of /foo/bar/baz -> /foo/bar/baz/bibble/bobble. If so we must
5343 refuse the rename with a sharing violation. Under UNIX the above call can
5344 *succeed* if /foo/bar/baz is a symlink to another area in the share. We
5345 probably need to check that the client is a Windows one before disallowing
5346 this as a UNIX client (one with UNIX extensions) can know the source is a
5347 symlink and make this decision intelligently. Found by an excellent bug
5348 report from <AndyLiebman@aol.com>.
5349****************************************************************************/
5350
5351static bool rename_path_prefix_equal(const char *src, const char *dest)
5352{
5353 const char *psrc = src;
5354 const char *pdst = dest;
5355 size_t slen;
5356
5357 if (psrc[0] == '.' && psrc[1] == '/') {
5358 psrc += 2;
5359 }
5360 if (pdst[0] == '.' && pdst[1] == '/') {
5361 pdst += 2;
5362 }
5363 if ((slen = strlen(psrc)) > strlen(pdst)) {
5364 return False;
5365 }
5366 return ((memcmp(psrc, pdst, slen) == 0) && pdst[slen] == '/');
5367}
5368
5369/*
5370 * Do the notify calls from a rename
5371 */
5372
5373static void notify_rename(connection_struct *conn, bool is_dir,
5374 const char *oldpath, const char *newpath)
5375{
5376 char *olddir, *newdir;
5377 const char *oldname, *newname;
5378 uint32 mask;
5379
5380 mask = is_dir ? FILE_NOTIFY_CHANGE_DIR_NAME
5381 : FILE_NOTIFY_CHANGE_FILE_NAME;
5382
5383 if (!parent_dirname_talloc(NULL, oldpath, &olddir, &oldname)
5384 || !parent_dirname_talloc(NULL, newpath, &newdir, &newname)) {
5385 TALLOC_FREE(olddir);
5386 return;
5387 }
5388
5389 if (strcmp(olddir, newdir) == 0) {
5390 notify_fname(conn, NOTIFY_ACTION_OLD_NAME, mask, oldpath);
5391 notify_fname(conn, NOTIFY_ACTION_NEW_NAME, mask, newpath);
5392 }
5393 else {
5394 notify_fname(conn, NOTIFY_ACTION_REMOVED, mask, oldpath);
5395 notify_fname(conn, NOTIFY_ACTION_ADDED, mask, newpath);
5396 }
5397 TALLOC_FREE(olddir);
5398 TALLOC_FREE(newdir);
5399
5400 /* this is a strange one. w2k3 gives an additional event for
5401 CHANGE_ATTRIBUTES and CHANGE_CREATION on the new file when renaming
5402 files, but not directories */
5403 if (!is_dir) {
5404 notify_fname(conn, NOTIFY_ACTION_MODIFIED,
5405 FILE_NOTIFY_CHANGE_ATTRIBUTES
5406 |FILE_NOTIFY_CHANGE_CREATION,
5407 newpath);
5408 }
5409}
5410
5411/****************************************************************************
5412 Rename an open file - given an fsp.
5413****************************************************************************/
5414
5415NTSTATUS rename_internals_fsp(connection_struct *conn,
5416 files_struct *fsp,
5417 char *newname,
5418 const char *newname_last_component,
5419 uint32 attrs,
5420 bool replace_if_exists)
5421{
5422 TALLOC_CTX *ctx = talloc_tos();
5423 SMB_STRUCT_STAT sbuf, sbuf1;
5424 NTSTATUS status = NT_STATUS_OK;
5425 struct share_mode_lock *lck = NULL;
5426 bool dst_exists;
5427
5428 ZERO_STRUCT(sbuf);
5429
5430 status = check_name(conn, newname);
5431 if (!NT_STATUS_IS_OK(status)) {
5432 return status;
5433 }
5434
5435 /* Ensure newname contains a '/' */
5436 if(strrchr_m(newname,'/') == 0) {
5437 newname = talloc_asprintf(ctx,
5438 "./%s",
5439 newname);
5440 if (!newname) {
5441 return NT_STATUS_NO_MEMORY;
5442 }
5443 }
5444
5445 /*
5446 * Check for special case with case preserving and not
5447 * case sensitive. If the old last component differs from the original
5448 * last component only by case, then we should allow
5449 * the rename (user is trying to change the case of the
5450 * filename).
5451 */
5452
5453 if((conn->case_sensitive == False) && (conn->case_preserve == True) &&
5454 strequal(newname, fsp->fsp_name)) {
5455 char *p;
5456 char *newname_modified_last_component = NULL;
5457
5458 /*
5459 * Get the last component of the modified name.
5460 * Note that we guarantee that newname contains a '/'
5461 * character above.
5462 */
5463 p = strrchr_m(newname,'/');
5464 newname_modified_last_component = talloc_strdup(ctx,
5465 p+1);
5466 if (!newname_modified_last_component) {
5467 return NT_STATUS_NO_MEMORY;
5468 }
5469
5470 if(strcsequal(newname_modified_last_component,
5471 newname_last_component) == False) {
5472 /*
5473 * Replace the modified last component with
5474 * the original.
5475 */
5476 *p = '\0'; /* Truncate at the '/' */
5477 newname = talloc_asprintf(ctx,
5478 "%s/%s",
5479 newname,
5480 newname_last_component);
5481 }
5482 }
5483
5484 /*
5485 * If the src and dest names are identical - including case,
5486 * don't do the rename, just return success.
5487 */
5488
5489 if (strcsequal(fsp->fsp_name, newname)) {
5490 DEBUG(3,("rename_internals_fsp: identical names in rename %s - returning success\n",
5491 newname));
5492 return NT_STATUS_OK;
5493 }
5494
5495 /*
5496 * Have vfs_object_exist also fill sbuf1
5497 */
5498 dst_exists = vfs_object_exist(conn, newname, &sbuf1);
5499
5500 if(!replace_if_exists && dst_exists) {
5501 DEBUG(3,("rename_internals_fsp: dest exists doing rename %s -> %s\n",
5502 fsp->fsp_name,newname));
5503 return NT_STATUS_OBJECT_NAME_COLLISION;
5504 }
5505
5506 if (dst_exists) {
5507 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1);
5508 files_struct *dst_fsp = file_find_di_first(fileid);
5509 if (dst_fsp) {
5510 DEBUG(3, ("rename_internals_fsp: Target file open\n"));
5511 return NT_STATUS_ACCESS_DENIED;
5512 }
5513 }
5514
5515 /* Ensure we have a valid stat struct for the source. */
5516 if (fsp->fh->fd != -1) {
5517 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
5518 return map_nt_error_from_unix(errno);
5519 }
5520 } else {
5521 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) {
5522 return map_nt_error_from_unix(errno);
5523 }
5524 }
5525
5526 status = can_rename(conn, fsp, attrs, &sbuf);
5527
5528 if (!NT_STATUS_IS_OK(status)) {
5529 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5530 nt_errstr(status), fsp->fsp_name,newname));
5531 if (NT_STATUS_EQUAL(status,NT_STATUS_SHARING_VIOLATION))
5532 status = NT_STATUS_ACCESS_DENIED;
5533 return status;
5534 }
5535
5536 if (rename_path_prefix_equal(fsp->fsp_name, newname)) {
5537 return NT_STATUS_ACCESS_DENIED;
5538 }
5539
5540 lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
5541 NULL);
5542
5543 /*
5544 * We have the file open ourselves, so not being able to get the
5545 * corresponding share mode lock is a fatal error.
5546 */
5547
5548 SMB_ASSERT(lck != NULL);
5549
5550 if(SMB_VFS_RENAME(conn,fsp->fsp_name, newname) == 0) {
5551 uint32 create_options = fsp->fh->private_options;
5552
5553 DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n",
5554 fsp->fsp_name,newname));
5555
5556 rename_open_files(conn, lck, newname);
5557
5558 notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname);
5559
5560 /*
5561 * A rename acts as a new file create w.r.t. allowing an initial delete
5562 * on close, probably because in Windows there is a new handle to the
5563 * new file. If initial delete on close was requested but not
5564 * originally set, we need to set it here. This is probably not 100% correct,
5565 * but will work for the CIFSFS client which in non-posix mode
5566 * depends on these semantics. JRA.
5567 */
5568
5569 set_allow_initial_delete_on_close(lck, fsp, True);
5570
5571 if (create_options & FILE_DELETE_ON_CLOSE) {
5572 status = can_set_delete_on_close(fsp, True, 0);
5573
5574 if (NT_STATUS_IS_OK(status)) {
5575 /* Note that here we set the *inital* delete on close flag,
5576 * not the regular one. The magic gets handled in close. */
5577 fsp->initial_delete_on_close = True;
5578 }
5579 }
5580 TALLOC_FREE(lck);
5581 return NT_STATUS_OK;
5582 }
5583
5584 TALLOC_FREE(lck);
5585
5586 if (errno == ENOTDIR || errno == EISDIR) {
5587 DEBUG( 0, ( "PS - ENOTDIR3\n" ) );
5588 status = NT_STATUS_OBJECT_NAME_COLLISION;
5589 } else {
5590 status = map_nt_error_from_unix(errno);
5591 }
5592
5593 DEBUG(3,("rename_internals_fsp: Error %s rename %s -> %s\n",
5594 nt_errstr(status), fsp->fsp_name,newname));
5595
5596 return status;
5597}
5598
5599/****************************************************************************
5600 The guts of the rename command, split out so it may be called by the NT SMB
5601 code.
5602****************************************************************************/
5603
5604NTSTATUS rename_internals(TALLOC_CTX *ctx,
5605 connection_struct *conn,
5606 struct smb_request *req,
5607 const char *name_in,
5608 const char *newname_in,
5609 uint32 attrs,
5610 bool replace_if_exists,
5611 bool src_has_wild,
5612 bool dest_has_wild,
5613 uint32_t access_mask)
5614{
5615 char *directory = NULL;
5616 char *mask = NULL;
5617 char *last_component_src = NULL;
5618 char *last_component_dest = NULL;
5619 char *name = NULL;
5620 char *newname = NULL;
5621 char *p;
5622 int count=0;
5623 NTSTATUS status = NT_STATUS_OK;
5624 SMB_STRUCT_STAT sbuf1, sbuf2;
5625 struct smb_Dir *dir_hnd = NULL;
5626 const char *dname;
5627 long offset = 0;
5628
5629 ZERO_STRUCT(sbuf1);
5630 ZERO_STRUCT(sbuf2);
5631
5632 status = unix_convert(ctx, conn, name_in, src_has_wild, &name,
5633 &last_component_src, &sbuf1);
5634 if (!NT_STATUS_IS_OK(status)) {
5635 return status;
5636 }
5637
5638 status = unix_convert(ctx, conn, newname_in, dest_has_wild, &newname,
5639 &last_component_dest, &sbuf2);
5640 if (!NT_STATUS_IS_OK(status)) {
5641 return status;
5642 }
5643
5644 /*
5645 * Split the old name into directory and last component
5646 * strings. Note that unix_convert may have stripped off a
5647 * leading ./ from both name and newname if the rename is
5648 * at the root of the share. We need to make sure either both
5649 * name and newname contain a / character or neither of them do
5650 * as this is checked in resolve_wildcards().
5651 */
5652
5653 p = strrchr_m(name,'/');
5654 if (!p) {
5655 directory = talloc_strdup(ctx, ".");
5656 if (!directory) {
5657 return NT_STATUS_NO_MEMORY;
5658 }
5659 mask = name;
5660 } else {
5661 *p = 0;
5662 directory = talloc_strdup(ctx, name);
5663 if (!directory) {
5664 return NT_STATUS_NO_MEMORY;
5665 }
5666 mask = p+1;
5667 *p = '/'; /* Replace needed for exceptional test below. */
5668 }
5669
5670 /*
5671 * We should only check the mangled cache
5672 * here if unix_convert failed. This means
5673 * that the path in 'mask' doesn't exist
5674 * on the file system and so we need to look
5675 * for a possible mangle. This patch from
5676 * Tine Smukavec <valentin.smukavec@hermes.si>.
5677 */
5678
5679 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
5680 char *new_mask = NULL;
5681 mangle_lookup_name_from_8_3(ctx,
5682 mask,
5683 &new_mask,
5684 conn->params );
5685 if (new_mask) {
5686 mask = new_mask;
5687 }
5688 }
5689
5690 if (!src_has_wild) {
5691 files_struct *fsp;
5692
5693 /*
5694 * No wildcards - just process the one file.
5695 */
5696 bool is_short_name = mangle_is_8_3(name, True, conn->params);
5697
5698 /* Add a terminating '/' to the directory name. */
5699 directory = talloc_asprintf_append(directory,
5700 "/%s",
5701 mask);
5702 if (!directory) {
5703 return NT_STATUS_NO_MEMORY;
5704 }
5705
5706 /* Ensure newname contains a '/' also */
5707 if(strrchr_m(newname,'/') == 0) {
5708 newname = talloc_asprintf(ctx,
5709 "./%s",
5710 newname);
5711 if (!newname) {
5712 return NT_STATUS_NO_MEMORY;
5713 }
5714 }
5715
5716 DEBUG(3, ("rename_internals: case_sensitive = %d, "
5717 "case_preserve = %d, short case preserve = %d, "
5718 "directory = %s, newname = %s, "
5719 "last_component_dest = %s, is_8_3 = %d\n",
5720 conn->case_sensitive, conn->case_preserve,
5721 conn->short_case_preserve, directory,
5722 newname, last_component_dest, is_short_name));
5723
5724 /* The dest name still may have wildcards. */
5725 if (dest_has_wild) {
5726 char *mod_newname = NULL;
5727 if (!resolve_wildcards(ctx,
5728 directory,newname,&mod_newname)) {
5729 DEBUG(6, ("rename_internals: resolve_wildcards "
5730 "%s %s failed\n",
5731 directory,
5732 newname));
5733 return NT_STATUS_NO_MEMORY;
5734 }
5735 newname = mod_newname;
5736 }
5737
5738 ZERO_STRUCT(sbuf1);
5739 SMB_VFS_STAT(conn, directory, &sbuf1);
5740
5741 status = S_ISDIR(sbuf1.st_mode) ?
5742 open_directory(conn, req, directory, &sbuf1,
5743 access_mask,
5744 FILE_SHARE_READ|FILE_SHARE_WRITE,
5745 FILE_OPEN, 0, 0, NULL,
5746 &fsp)
5747 : open_file_ntcreate(conn, req, directory, &sbuf1,
5748 access_mask,
5749 FILE_SHARE_READ|FILE_SHARE_WRITE,
5750 FILE_OPEN, 0, 0, 0, NULL,
5751 &fsp);
5752
5753 if (!NT_STATUS_IS_OK(status)) {
5754 DEBUG(3, ("Could not open rename source %s: %s\n",
5755 directory, nt_errstr(status)));
5756 return status;
5757 }
5758
5759 status = rename_internals_fsp(conn, fsp, newname,
5760 last_component_dest,
5761 attrs, replace_if_exists);
5762
5763 close_file(fsp, NORMAL_CLOSE);
5764
5765 DEBUG(3, ("rename_internals: Error %s rename %s -> %s\n",
5766 nt_errstr(status), directory,newname));
5767
5768 return status;
5769 }
5770
5771 /*
5772 * Wildcards - process each file that matches.
5773 */
5774 if (strequal(mask,"????????.???")) {
5775 mask[0] = '*';
5776 mask[1] = '\0';
5777 }
5778
5779 status = check_name(conn, directory);
5780 if (!NT_STATUS_IS_OK(status)) {
5781 return status;
5782 }
5783
5784 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, attrs);
5785 if (dir_hnd == NULL) {
5786 return map_nt_error_from_unix(errno);
5787 }
5788
5789 status = NT_STATUS_NO_SUCH_FILE;
5790 /*
5791 * Was status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5792 * - gentest fix. JRA
5793 */
5794
5795 while ((dname = ReadDirName(dir_hnd, &offset))) {
5796 files_struct *fsp = NULL;
5797 char *fname = NULL;
5798 char *destname = NULL;
5799 bool sysdir_entry = False;
5800
5801 /* Quick check for "." and ".." */
5802 if (ISDOT(dname) || ISDOTDOT(dname)) {
5803 if (attrs & aDIR) {
5804 sysdir_entry = True;
5805 } else {
5806 continue;
5807 }
5808 }
5809
5810 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
5811 continue;
5812 }
5813
5814 if(!mask_match(dname, mask, conn->case_sensitive)) {
5815 continue;
5816 }
5817
5818 if (sysdir_entry) {
5819 status = NT_STATUS_OBJECT_NAME_INVALID;
5820 break;
5821 }
5822
5823 fname = talloc_asprintf(ctx,
5824 "%s/%s",
5825 directory,
5826 dname);
5827 if (!fname) {
5828 return NT_STATUS_NO_MEMORY;
5829 }
5830
5831 if (!resolve_wildcards(ctx,
5832 fname,newname,&destname)) {
5833 DEBUG(6, ("resolve_wildcards %s %s failed\n",
5834 fname, destname));
5835 TALLOC_FREE(fname);
5836 continue;
5837 }
5838 if (!destname) {
5839 return NT_STATUS_NO_MEMORY;
5840 }
5841
5842 ZERO_STRUCT(sbuf1);
5843 SMB_VFS_STAT(conn, fname, &sbuf1);
5844
5845 status = S_ISDIR(sbuf1.st_mode) ?
5846 open_directory(conn, req, fname, &sbuf1,
5847 access_mask,
5848 FILE_SHARE_READ|FILE_SHARE_WRITE,
5849 FILE_OPEN, 0, 0, NULL,
5850 &fsp)
5851 : open_file_ntcreate(conn, req, fname, &sbuf1,
5852 access_mask,
5853 FILE_SHARE_READ|FILE_SHARE_WRITE,
5854 FILE_OPEN, 0, 0, 0, NULL,
5855 &fsp);
5856
5857 if (!NT_STATUS_IS_OK(status)) {
5858 DEBUG(3,("rename_internals: open_file_ntcreate "
5859 "returned %s rename %s -> %s\n",
5860 nt_errstr(status), directory, newname));
5861 break;
5862 }
5863
5864 status = rename_internals_fsp(conn, fsp, destname, dname,
5865 attrs, replace_if_exists);
5866
5867 close_file(fsp, NORMAL_CLOSE);
5868
5869 if (!NT_STATUS_IS_OK(status)) {
5870 DEBUG(3, ("rename_internals_fsp returned %s for "
5871 "rename %s -> %s\n", nt_errstr(status),
5872 directory, newname));
5873 break;
5874 }
5875
5876 count++;
5877
5878 DEBUG(3,("rename_internals: doing rename on %s -> "
5879 "%s\n",fname,destname));
5880
5881 TALLOC_FREE(fname);
5882 TALLOC_FREE(destname);
5883 }
5884 TALLOC_FREE(dir_hnd);
5885
5886 if (count == 0 && NT_STATUS_IS_OK(status) && errno != 0) {
5887 status = map_nt_error_from_unix(errno);
5888 }
5889
5890 return status;
5891}
5892
5893/****************************************************************************
5894 Reply to a mv.
5895****************************************************************************/
5896
5897void reply_mv(struct smb_request *req)
5898{
5899 connection_struct *conn = req->conn;
5900 char *name = NULL;
5901 char *newname = NULL;
5902 char *p;
5903 uint32 attrs;
5904 NTSTATUS status;
5905 bool src_has_wcard = False;
5906 bool dest_has_wcard = False;
5907 TALLOC_CTX *ctx = talloc_tos();
5908
5909 START_PROFILE(SMBmv);
5910
5911 if (req->wct < 1) {
5912 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
5913 END_PROFILE(SMBmv);
5914 return;
5915 }
5916
5917 attrs = SVAL(req->inbuf,smb_vwv0);
5918
5919 p = smb_buf(req->inbuf) + 1;
5920 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
5921 0, STR_TERMINATE, &status,
5922 &src_has_wcard);
5923 if (!NT_STATUS_IS_OK(status)) {
5924 reply_nterror(req, status);
5925 END_PROFILE(SMBmv);
5926 return;
5927 }
5928 p++;
5929 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
5930 0, STR_TERMINATE, &status,
5931 &dest_has_wcard);
5932 if (!NT_STATUS_IS_OK(status)) {
5933 reply_nterror(req, status);
5934 END_PROFILE(SMBmv);
5935 return;
5936 }
5937
5938 status = resolve_dfspath_wcard(ctx, conn,
5939 req->flags2 & FLAGS2_DFS_PATHNAMES,
5940 name,
5941 &name,
5942 &src_has_wcard);
5943 if (!NT_STATUS_IS_OK(status)) {
5944 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5945 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5946 ERRSRV, ERRbadpath);
5947 END_PROFILE(SMBmv);
5948 return;
5949 }
5950 reply_nterror(req, status);
5951 END_PROFILE(SMBmv);
5952 return;
5953 }
5954
5955 status = resolve_dfspath_wcard(ctx, conn,
5956 req->flags2 & FLAGS2_DFS_PATHNAMES,
5957 newname,
5958 &newname,
5959 &dest_has_wcard);
5960 if (!NT_STATUS_IS_OK(status)) {
5961 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
5962 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
5963 ERRSRV, ERRbadpath);
5964 END_PROFILE(SMBmv);
5965 return;
5966 }
5967 reply_nterror(req, status);
5968 END_PROFILE(SMBmv);
5969 return;
5970 }
5971
5972 DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
5973
5974 status = rename_internals(ctx, conn, req, name, newname, attrs, False,
5975 src_has_wcard, dest_has_wcard, DELETE_ACCESS);
5976 if (!NT_STATUS_IS_OK(status)) {
5977 if (open_was_deferred(req->mid)) {
5978 /* We have re-scheduled this call. */
5979 END_PROFILE(SMBmv);
5980 return;
5981 }
5982 reply_nterror(req, status);
5983 END_PROFILE(SMBmv);
5984 return;
5985 }
5986
5987 reply_outbuf(req, 0, 0);
5988
5989 END_PROFILE(SMBmv);
5990 return;
5991}
5992
5993/*******************************************************************
5994 Copy a file as part of a reply_copy.
5995******************************************************************/
5996
5997/*
5998 * TODO: check error codes on all callers
5999 */
6000
6001NTSTATUS copy_file(TALLOC_CTX *ctx,
6002 connection_struct *conn,
6003 const char *src,
6004 const char *dest1,
6005 int ofun,
6006 int count,
6007 bool target_is_directory)
6008{
6009 SMB_STRUCT_STAT src_sbuf, sbuf2;
6010 SMB_OFF_T ret=-1;
6011 files_struct *fsp1,*fsp2;
6012 char *dest = NULL;
6013 uint32 dosattrs;
6014 uint32 new_create_disposition;
6015 NTSTATUS status;
6016
6017 dest = talloc_strdup(ctx, dest1);
6018 if (!dest) {
6019 return NT_STATUS_NO_MEMORY;
6020 }
6021 if (target_is_directory) {
6022 const char *p = strrchr_m(src,'/');
6023 if (p) {
6024 p++;
6025 } else {
6026 p = src;
6027 }
6028 dest = talloc_asprintf_append(dest,
6029 "/%s",
6030 p);
6031 if (!dest) {
6032 return NT_STATUS_NO_MEMORY;
6033 }
6034 }
6035
6036 if (!vfs_file_exist(conn,src,&src_sbuf)) {
6037 TALLOC_FREE(dest);
6038 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
6039 }
6040
6041 if (!target_is_directory && count) {
6042 new_create_disposition = FILE_OPEN;
6043 } else {
6044 if (!map_open_params_to_ntcreate(dest1,0,ofun,
6045 NULL, NULL, &new_create_disposition, NULL)) {
6046 TALLOC_FREE(dest);
6047 return NT_STATUS_INVALID_PARAMETER;
6048 }
6049 }
6050
6051 status = open_file_ntcreate(conn, NULL, src, &src_sbuf,
6052 FILE_GENERIC_READ,
6053 FILE_SHARE_READ|FILE_SHARE_WRITE,
6054 FILE_OPEN,
6055 0,
6056 FILE_ATTRIBUTE_NORMAL,
6057 INTERNAL_OPEN_ONLY,
6058 NULL, &fsp1);
6059
6060 if (!NT_STATUS_IS_OK(status)) {
6061 TALLOC_FREE(dest);
6062 return status;
6063 }
6064
6065 dosattrs = dos_mode(conn, src, &src_sbuf);
6066 if (SMB_VFS_STAT(conn,dest,&sbuf2) == -1) {
6067 ZERO_STRUCTP(&sbuf2);
6068 }
6069
6070 status = open_file_ntcreate(conn, NULL, dest, &sbuf2,
6071 FILE_GENERIC_WRITE,
6072 FILE_SHARE_READ|FILE_SHARE_WRITE,
6073 new_create_disposition,
6074 0,
6075 dosattrs,
6076 INTERNAL_OPEN_ONLY,
6077 NULL, &fsp2);
6078
6079 TALLOC_FREE(dest);
6080
6081 if (!NT_STATUS_IS_OK(status)) {
6082 close_file(fsp1,ERROR_CLOSE);
6083 return status;
6084 }
6085
6086 if ((ofun&3) == 1) {
6087 if(SMB_VFS_LSEEK(fsp2,0,SEEK_END) == -1) {
6088 DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
6089 /*
6090 * Stop the copy from occurring.
6091 */
6092 ret = -1;
6093 src_sbuf.st_size = 0;
6094 }
6095 }
6096
6097 if (src_sbuf.st_size) {
6098 ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
6099 }
6100
6101 close_file(fsp1,NORMAL_CLOSE);
6102
6103 /* Ensure the modtime is set correctly on the destination file. */
6104 set_close_write_time(fsp2, get_mtimespec(&src_sbuf));
6105
6106 /*
6107 * As we are opening fsp1 read-only we only expect
6108 * an error on close on fsp2 if we are out of space.
6109 * Thus we don't look at the error return from the
6110 * close of fsp1.
6111 */
6112 status = close_file(fsp2,NORMAL_CLOSE);
6113
6114 if (!NT_STATUS_IS_OK(status)) {
6115 return status;
6116 }
6117
6118 if (ret != (SMB_OFF_T)src_sbuf.st_size) {
6119 return NT_STATUS_DISK_FULL;
6120 }
6121
6122 return NT_STATUS_OK;
6123}
6124
6125/****************************************************************************
6126 Reply to a file copy.
6127****************************************************************************/
6128
6129void reply_copy(struct smb_request *req)
6130{
6131 connection_struct *conn = req->conn;
6132 char *name = NULL;
6133 char *newname = NULL;
6134 char *directory = NULL;
6135 char *mask = NULL;
6136 char *p;
6137 int count=0;
6138 int error = ERRnoaccess;
6139 int err = 0;
6140 int tid2;
6141 int ofun;
6142 int flags;
6143 bool target_is_directory=False;
6144 bool source_has_wild = False;
6145 bool dest_has_wild = False;
6146 SMB_STRUCT_STAT sbuf1, sbuf2;
6147 NTSTATUS status;
6148 TALLOC_CTX *ctx = talloc_tos();
6149
6150 START_PROFILE(SMBcopy);
6151
6152 if (req->wct < 3) {
6153 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6154 END_PROFILE(SMBcopy);
6155 return;
6156 }
6157
6158 tid2 = SVAL(req->inbuf,smb_vwv0);
6159 ofun = SVAL(req->inbuf,smb_vwv1);
6160 flags = SVAL(req->inbuf,smb_vwv2);
6161
6162 p = smb_buf(req->inbuf);
6163 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &name, p,
6164 0, STR_TERMINATE, &status,
6165 &source_has_wild);
6166 if (!NT_STATUS_IS_OK(status)) {
6167 reply_nterror(req, status);
6168 END_PROFILE(SMBcopy);
6169 return;
6170 }
6171 p += srvstr_get_path_wcard(ctx, (char *)req->inbuf, req->flags2, &newname, p,
6172 0, STR_TERMINATE, &status,
6173 &dest_has_wild);
6174 if (!NT_STATUS_IS_OK(status)) {
6175 reply_nterror(req, status);
6176 END_PROFILE(SMBcopy);
6177 return;
6178 }
6179
6180 DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
6181
6182 if (tid2 != conn->cnum) {
6183 /* can't currently handle inter share copies XXXX */
6184 DEBUG(3,("Rejecting inter-share copy\n"));
6185 reply_doserror(req, ERRSRV, ERRinvdevice);
6186 END_PROFILE(SMBcopy);
6187 return;
6188 }
6189
6190 status = resolve_dfspath_wcard(ctx, conn,
6191 req->flags2 & FLAGS2_DFS_PATHNAMES,
6192 name,
6193 &name,
6194 &source_has_wild);
6195 if (!NT_STATUS_IS_OK(status)) {
6196 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6197 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6198 ERRSRV, ERRbadpath);
6199 END_PROFILE(SMBcopy);
6200 return;
6201 }
6202 reply_nterror(req, status);
6203 END_PROFILE(SMBcopy);
6204 return;
6205 }
6206
6207 status = resolve_dfspath_wcard(ctx, conn,
6208 req->flags2 & FLAGS2_DFS_PATHNAMES,
6209 newname,
6210 &newname,
6211 &dest_has_wild);
6212 if (!NT_STATUS_IS_OK(status)) {
6213 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
6214 reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
6215 ERRSRV, ERRbadpath);
6216 END_PROFILE(SMBcopy);
6217 return;
6218 }
6219 reply_nterror(req, status);
6220 END_PROFILE(SMBcopy);
6221 return;
6222 }
6223
6224 status = unix_convert(ctx, conn, name, source_has_wild,
6225 &name, NULL, &sbuf1);
6226 if (!NT_STATUS_IS_OK(status)) {
6227 reply_nterror(req, status);
6228 END_PROFILE(SMBcopy);
6229 return;
6230 }
6231
6232 status = unix_convert(ctx, conn, newname, dest_has_wild,
6233 &newname, NULL, &sbuf2);
6234 if (!NT_STATUS_IS_OK(status)) {
6235 reply_nterror(req, status);
6236 END_PROFILE(SMBcopy);
6237 return;
6238 }
6239
6240 target_is_directory = VALID_STAT_OF_DIR(sbuf2);
6241
6242 if ((flags&1) && target_is_directory) {
6243 reply_doserror(req, ERRDOS, ERRbadfile);
6244 END_PROFILE(SMBcopy);
6245 return;
6246 }
6247
6248 if ((flags&2) && !target_is_directory) {
6249 reply_doserror(req, ERRDOS, ERRbadpath);
6250 END_PROFILE(SMBcopy);
6251 return;
6252 }
6253
6254 if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
6255 /* wants a tree copy! XXXX */
6256 DEBUG(3,("Rejecting tree copy\n"));
6257 reply_doserror(req, ERRSRV, ERRerror);
6258 END_PROFILE(SMBcopy);
6259 return;
6260 }
6261
6262 p = strrchr_m(name,'/');
6263 if (!p) {
6264 directory = talloc_strdup(ctx, "./");
6265 if (!directory) {
6266 reply_nterror(req, NT_STATUS_NO_MEMORY);
6267 END_PROFILE(SMBcopy);
6268 return;
6269 }
6270 mask = name;
6271 } else {
6272 *p = 0;
6273 directory = talloc_strdup(ctx, name);
6274 if (!directory) {
6275 reply_nterror(req, NT_STATUS_NO_MEMORY);
6276 END_PROFILE(SMBcopy);
6277 return;
6278 }
6279 mask = p+1;
6280 }
6281
6282 /*
6283 * We should only check the mangled cache
6284 * here if unix_convert failed. This means
6285 * that the path in 'mask' doesn't exist
6286 * on the file system and so we need to look
6287 * for a possible mangle. This patch from
6288 * Tine Smukavec <valentin.smukavec@hermes.si>.
6289 */
6290
6291 if (!VALID_STAT(sbuf1) && mangle_is_mangled(mask, conn->params)) {
6292 char *new_mask = NULL;
6293 mangle_lookup_name_from_8_3(ctx,
6294 mask,
6295 &new_mask,
6296 conn->params );
6297 if (new_mask) {
6298 mask = new_mask;
6299 }
6300 }
6301
6302 if (!source_has_wild) {
6303 directory = talloc_asprintf_append(directory,
6304 "/%s",
6305 mask);
6306 if (dest_has_wild) {
6307 char *mod_newname = NULL;
6308 if (!resolve_wildcards(ctx,
6309 directory,newname,&mod_newname)) {
6310 reply_nterror(req, NT_STATUS_NO_MEMORY);
6311 END_PROFILE(SMBcopy);
6312 return;
6313 }
6314 newname = mod_newname;
6315 }
6316
6317 status = check_name(conn, directory);
6318 if (!NT_STATUS_IS_OK(status)) {
6319 reply_nterror(req, status);
6320 END_PROFILE(SMBcopy);
6321 return;
6322 }
6323
6324 status = check_name(conn, newname);
6325 if (!NT_STATUS_IS_OK(status)) {
6326 reply_nterror(req, status);
6327 END_PROFILE(SMBcopy);
6328 return;
6329 }
6330
6331 status = copy_file(ctx,conn,directory,newname,ofun,
6332 count,target_is_directory);
6333
6334 if(!NT_STATUS_IS_OK(status)) {
6335 reply_nterror(req, status);
6336 END_PROFILE(SMBcopy);
6337 return;
6338 } else {
6339 count++;
6340 }
6341 } else {
6342 struct smb_Dir *dir_hnd = NULL;
6343 const char *dname = NULL;
6344 long offset = 0;
6345
6346 if (strequal(mask,"????????.???")) {
6347 mask[0] = '*';
6348 mask[1] = '\0';
6349 }
6350
6351 status = check_name(conn, directory);
6352 if (!NT_STATUS_IS_OK(status)) {
6353 reply_nterror(req, status);
6354 END_PROFILE(SMBcopy);
6355 return;
6356 }
6357
6358 dir_hnd = OpenDir(talloc_tos(), conn, directory, mask, 0);
6359 if (dir_hnd == NULL) {
6360 status = map_nt_error_from_unix(errno);
6361 reply_nterror(req, status);
6362 END_PROFILE(SMBcopy);
6363 return;
6364 }
6365
6366 error = ERRbadfile;
6367
6368 while ((dname = ReadDirName(dir_hnd, &offset))) {
6369 char *destname = NULL;
6370 char *fname = NULL;
6371
6372 if (ISDOT(dname) || ISDOTDOT(dname)) {
6373 continue;
6374 }
6375
6376 if (!is_visible_file(conn, directory, dname, &sbuf1, False)) {
6377 continue;
6378 }
6379
6380 if(!mask_match(dname, mask, conn->case_sensitive)) {
6381 continue;
6382 }
6383
6384 error = ERRnoaccess;
6385 fname = talloc_asprintf(ctx,
6386 "%s/%s",
6387 directory,
6388 dname);
6389 if (!fname) {
6390 TALLOC_FREE(dir_hnd);
6391 reply_nterror(req, NT_STATUS_NO_MEMORY);
6392 END_PROFILE(SMBcopy);
6393 return;
6394 }
6395
6396 if (!resolve_wildcards(ctx,
6397 fname,newname,&destname)) {
6398 continue;
6399 }
6400 if (!destname) {
6401 TALLOC_FREE(dir_hnd);
6402 reply_nterror(req, NT_STATUS_NO_MEMORY);
6403 END_PROFILE(SMBcopy);
6404 return;
6405 }
6406
6407 status = check_name(conn, fname);
6408 if (!NT_STATUS_IS_OK(status)) {
6409 TALLOC_FREE(dir_hnd);
6410 reply_nterror(req, status);
6411 END_PROFILE(SMBcopy);
6412 return;
6413 }
6414
6415 status = check_name(conn, destname);
6416 if (!NT_STATUS_IS_OK(status)) {
6417 TALLOC_FREE(dir_hnd);
6418 reply_nterror(req, status);
6419 END_PROFILE(SMBcopy);
6420 return;
6421 }
6422
6423 DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname, destname));
6424
6425 status = copy_file(ctx,conn,fname,destname,ofun,
6426 count,target_is_directory);
6427 if (NT_STATUS_IS_OK(status)) {
6428 count++;
6429 }
6430 TALLOC_FREE(fname);
6431 TALLOC_FREE(destname);
6432 }
6433 TALLOC_FREE(dir_hnd);
6434 }
6435
6436 if (count == 0) {
6437 if(err) {
6438 /* Error on close... */
6439 errno = err;
6440 reply_unixerror(req, ERRHRD, ERRgeneral);
6441 END_PROFILE(SMBcopy);
6442 return;
6443 }
6444
6445 reply_doserror(req, ERRDOS, error);
6446 END_PROFILE(SMBcopy);
6447 return;
6448 }
6449
6450 reply_outbuf(req, 1, 0);
6451 SSVAL(req->outbuf,smb_vwv0,count);
6452
6453 END_PROFILE(SMBcopy);
6454 return;
6455}
6456
6457#undef DBGC_CLASS
6458#define DBGC_CLASS DBGC_LOCKING
6459
6460/****************************************************************************
6461 Get a lock pid, dealing with large count requests.
6462****************************************************************************/
6463
6464uint32 get_lock_pid( char *data, int data_offset, bool large_file_format)
6465{
6466 if(!large_file_format)
6467 return (uint32)SVAL(data,SMB_LPID_OFFSET(data_offset));
6468 else
6469 return (uint32)SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
6470}
6471
6472/****************************************************************************
6473 Get a lock count, dealing with large count requests.
6474****************************************************************************/
6475
6476SMB_BIG_UINT get_lock_count( char *data, int data_offset, bool large_file_format)
6477{
6478 SMB_BIG_UINT count = 0;
6479
6480 if(!large_file_format) {
6481 count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
6482 } else {
6483
6484#if defined(HAVE_LONGLONG)
6485 count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
6486 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
6487#else /* HAVE_LONGLONG */
6488
6489 /*
6490 * NT4.x seems to be broken in that it sends large file (64 bit)
6491 * lockingX calls even if the CAP_LARGE_FILES was *not*
6492 * negotiated. For boxes without large unsigned ints truncate the
6493 * lock count by dropping the top 32 bits.
6494 */
6495
6496 if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
6497 DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
6498 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
6499 (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
6500 SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
6501 }
6502
6503 count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
6504#endif /* HAVE_LONGLONG */
6505 }
6506
6507 return count;
6508}
6509
6510#if !defined(HAVE_LONGLONG)
6511/****************************************************************************
6512 Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
6513****************************************************************************/
6514
6515static uint32 map_lock_offset(uint32 high, uint32 low)
6516{
6517 unsigned int i;
6518 uint32 mask = 0;
6519 uint32 highcopy = high;
6520
6521 /*
6522 * Try and find out how many significant bits there are in high.
6523 */
6524
6525 for(i = 0; highcopy; i++)
6526 highcopy >>= 1;
6527
6528 /*
6529 * We use 31 bits not 32 here as POSIX
6530 * lock offsets may not be negative.
6531 */
6532
6533 mask = (~0) << (31 - i);
6534
6535 if(low & mask)
6536 return 0; /* Fail. */
6537
6538 high <<= (31 - i);
6539
6540 return (high|low);
6541}
6542#endif /* !defined(HAVE_LONGLONG) */
6543
6544/****************************************************************************
6545 Get a lock offset, dealing with large offset requests.
6546****************************************************************************/
6547
6548SMB_BIG_UINT get_lock_offset( char *data, int data_offset, bool large_file_format, bool *err)
6549{
6550 SMB_BIG_UINT offset = 0;
6551
6552 *err = False;
6553
6554 if(!large_file_format) {
6555 offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
6556 } else {
6557
6558#if defined(HAVE_LONGLONG)
6559 offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
6560 ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
6561#else /* HAVE_LONGLONG */
6562
6563 /*
6564 * NT4.x seems to be broken in that it sends large file (64 bit)
6565 * lockingX calls even if the CAP_LARGE_FILES was *not*
6566 * negotiated. For boxes without large unsigned ints mangle the
6567 * lock offset by mapping the top 32 bits onto the lower 32.
6568 */
6569
6570 if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
6571 uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6572 uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
6573 uint32 new_low = 0;
6574
6575 if((new_low = map_lock_offset(high, low)) == 0) {
6576 *err = True;
6577 return (SMB_BIG_UINT)-1;
6578 }
6579
6580 DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
6581 (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
6582 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
6583 SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
6584 }
6585
6586 offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
6587#endif /* HAVE_LONGLONG */
6588 }
6589
6590 return offset;
6591}
6592
6593/****************************************************************************
6594 Reply to a lockingX request.
6595****************************************************************************/
6596
6597void reply_lockingX(struct smb_request *req)
6598{
6599 connection_struct *conn = req->conn;
6600 files_struct *fsp;
6601 unsigned char locktype;
6602 unsigned char oplocklevel;
6603 uint16 num_ulocks;
6604 uint16 num_locks;
6605 SMB_BIG_UINT count = 0, offset = 0;
6606 uint32 lock_pid;
6607 int32 lock_timeout;
6608 int i;
6609 char *data;
6610 bool large_file_format;
6611 bool err;
6612 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
6613
6614 START_PROFILE(SMBlockingX);
6615
6616 if (req->wct < 8) {
6617 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6618 END_PROFILE(SMBlockingX);
6619 return;
6620 }
6621
6622 fsp = file_fsp(SVAL(req->inbuf,smb_vwv2));
6623 locktype = CVAL(req->inbuf,smb_vwv3);
6624 oplocklevel = CVAL(req->inbuf,smb_vwv3+1);
6625 num_ulocks = SVAL(req->inbuf,smb_vwv6);
6626 num_locks = SVAL(req->inbuf,smb_vwv7);
6627 lock_timeout = IVAL(req->inbuf,smb_vwv4);
6628 large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
6629
6630 if (!check_fsp(conn, req, fsp, &current_user)) {
6631 END_PROFILE(SMBlockingX);
6632 return;
6633 }
6634
6635 data = smb_buf(req->inbuf);
6636
6637 if (locktype & LOCKING_ANDX_CHANGE_LOCKTYPE) {
6638 /* we don't support these - and CANCEL_LOCK makes w2k
6639 and XP reboot so I don't really want to be
6640 compatible! (tridge) */
6641 reply_nterror(req, NT_STATUS_DOS(ERRDOS, ERRnoatomiclocks));
6642 END_PROFILE(SMBlockingX);
6643 return;
6644 }
6645
6646 /* Check if this is an oplock break on a file
6647 we have granted an oplock on.
6648 */
6649 if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
6650 /* Client can insist on breaking to none. */
6651 bool break_to_none = (oplocklevel == 0);
6652 bool result;
6653
6654 DEBUG(5,("reply_lockingX: oplock break reply (%u) from client "
6655 "for fnum = %d\n", (unsigned int)oplocklevel,
6656 fsp->fnum ));
6657
6658 /*
6659 * Make sure we have granted an exclusive or batch oplock on
6660 * this file.
6661 */
6662
6663 if (fsp->oplock_type == 0) {
6664
6665 /* The Samba4 nbench simulator doesn't understand
6666 the difference between break to level2 and break
6667 to none from level2 - it sends oplock break
6668 replies in both cases. Don't keep logging an error
6669 message here - just ignore it. JRA. */
6670
6671 DEBUG(5,("reply_lockingX: Error : oplock break from "
6672 "client for fnum = %d (oplock=%d) and no "
6673 "oplock granted on this file (%s).\n",
6674 fsp->fnum, fsp->oplock_type, fsp->fsp_name));
6675
6676 /* if this is a pure oplock break request then don't
6677 * send a reply */
6678 if (num_locks == 0 && num_ulocks == 0) {
6679 END_PROFILE(SMBlockingX);
6680 return;
6681 } else {
6682 END_PROFILE(SMBlockingX);
6683 reply_doserror(req, ERRDOS, ERRlock);
6684 return;
6685 }
6686 }
6687
6688 if ((fsp->sent_oplock_break == BREAK_TO_NONE_SENT) ||
6689 (break_to_none)) {
6690 result = remove_oplock(fsp);
6691 } else {
6692 result = downgrade_oplock(fsp);
6693 }
6694
6695 if (!result) {
6696 DEBUG(0, ("reply_lockingX: error in removing "
6697 "oplock on file %s\n", fsp->fsp_name));
6698 /* Hmmm. Is this panic justified? */
6699 smb_panic("internal tdb error");
6700 }
6701
6702 reply_to_oplock_break_requests(fsp);
6703
6704 /* if this is a pure oplock break request then don't send a
6705 * reply */
6706 if (num_locks == 0 && num_ulocks == 0) {
6707 /* Sanity check - ensure a pure oplock break is not a
6708 chained request. */
6709 if(CVAL(req->inbuf,smb_vwv0) != 0xff)
6710 DEBUG(0,("reply_lockingX: Error : pure oplock "
6711 "break is a chained %d request !\n",
6712 (unsigned int)CVAL(req->inbuf,
6713 smb_vwv0) ));
6714 END_PROFILE(SMBlockingX);
6715 return;
6716 }
6717 }
6718
6719 /*
6720 * We do this check *after* we have checked this is not a oplock break
6721 * response message. JRA.
6722 */
6723
6724 release_level_2_oplocks_on_change(fsp);
6725
6726 if (smb_buflen(req->inbuf) <
6727 (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
6728 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6729 END_PROFILE(SMBlockingX);
6730 return;
6731 }
6732
6733 /* Data now points at the beginning of the list
6734 of smb_unlkrng structs */
6735 for(i = 0; i < (int)num_ulocks; i++) {
6736 lock_pid = get_lock_pid( data, i, large_file_format);
6737 count = get_lock_count( data, i, large_file_format);
6738 offset = get_lock_offset( data, i, large_file_format, &err);
6739
6740 /*
6741 * There is no error code marked "stupid client bug".... :-).
6742 */
6743 if(err) {
6744 END_PROFILE(SMBlockingX);
6745 reply_doserror(req, ERRDOS, ERRnoaccess);
6746 return;
6747 }
6748
6749 DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for "
6750 "pid %u, file %s\n", (double)offset, (double)count,
6751 (unsigned int)lock_pid, fsp->fsp_name ));
6752
6753 status = do_unlock(smbd_messaging_context(),
6754 fsp,
6755 lock_pid,
6756 count,
6757 offset,
6758 WINDOWS_LOCK);
6759
6760 if (NT_STATUS_V(status)) {
6761 END_PROFILE(SMBlockingX);
6762 reply_nterror(req, status);
6763 return;
6764 }
6765 }
6766
6767 /* Setup the timeout in seconds. */
6768
6769 if (!lp_blocking_locks(SNUM(conn))) {
6770 lock_timeout = 0;
6771 }
6772
6773 /* Now do any requested locks */
6774 data += ((large_file_format ? 20 : 10)*num_ulocks);
6775
6776 /* Data now points at the beginning of the list
6777 of smb_lkrng structs */
6778
6779 for(i = 0; i < (int)num_locks; i++) {
6780 enum brl_type lock_type = ((locktype & LOCKING_ANDX_SHARED_LOCK) ?
6781 READ_LOCK:WRITE_LOCK);
6782 lock_pid = get_lock_pid( data, i, large_file_format);
6783 count = get_lock_count( data, i, large_file_format);
6784 offset = get_lock_offset( data, i, large_file_format, &err);
6785
6786 /*
6787 * There is no error code marked "stupid client bug".... :-).
6788 */
6789 if(err) {
6790 END_PROFILE(SMBlockingX);
6791 reply_doserror(req, ERRDOS, ERRnoaccess);
6792 return;
6793 }
6794
6795 DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid "
6796 "%u, file %s timeout = %d\n", (double)offset,
6797 (double)count, (unsigned int)lock_pid,
6798 fsp->fsp_name, (int)lock_timeout ));
6799
6800 if (locktype & LOCKING_ANDX_CANCEL_LOCK) {
6801 if (lp_blocking_locks(SNUM(conn))) {
6802
6803 /* Schedule a message to ourselves to
6804 remove the blocking lock record and
6805 return the right error. */
6806
6807 if (!blocking_lock_cancel(fsp,
6808 lock_pid,
6809 offset,
6810 count,
6811 WINDOWS_LOCK,
6812 locktype,
6813 NT_STATUS_FILE_LOCK_CONFLICT)) {
6814 END_PROFILE(SMBlockingX);
6815 reply_nterror(
6816 req,
6817 NT_STATUS_DOS(
6818 ERRDOS,
6819 ERRcancelviolation));
6820 return;
6821 }
6822 }
6823 /* Remove a matching pending lock. */
6824 status = do_lock_cancel(fsp,
6825 lock_pid,
6826 count,
6827 offset,
6828 WINDOWS_LOCK);
6829 } else {
6830 bool blocking_lock = lock_timeout ? True : False;
6831 bool defer_lock = False;
6832 struct byte_range_lock *br_lck;
6833 uint32 block_smbpid;
6834
6835 br_lck = do_lock(smbd_messaging_context(),
6836 fsp,
6837 lock_pid,
6838 count,
6839 offset,
6840 lock_type,
6841 WINDOWS_LOCK,
6842 blocking_lock,
6843 &status,
6844 &block_smbpid);
6845
6846 if (br_lck && blocking_lock && ERROR_WAS_LOCK_DENIED(status)) {
6847 /* Windows internal resolution for blocking locks seems
6848 to be about 200ms... Don't wait for less than that. JRA. */
6849 if (lock_timeout != -1 && lock_timeout < lp_lock_spin_time()) {
6850 lock_timeout = lp_lock_spin_time();
6851 }
6852 defer_lock = True;
6853 }
6854
6855 /* This heuristic seems to match W2K3 very well. If a
6856 lock sent with timeout of zero would fail with NT_STATUS_FILE_LOCK_CONFLICT
6857 it pretends we asked for a timeout of between 150 - 300 milliseconds as
6858 far as I can tell. Replacement for do_lock_spin(). JRA. */
6859
6860 if (br_lck && lp_blocking_locks(SNUM(conn)) && !blocking_lock &&
6861 NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT)) {
6862 defer_lock = True;
6863 lock_timeout = lp_lock_spin_time();
6864 }
6865
6866 if (br_lck && defer_lock) {
6867 /*
6868 * A blocking lock was requested. Package up
6869 * this smb into a queued request and push it
6870 * onto the blocking lock queue.
6871 */
6872 if(push_blocking_lock_request(br_lck,
6873 req,
6874 fsp,
6875 lock_timeout,
6876 i,
6877 lock_pid,
6878 lock_type,
6879 WINDOWS_LOCK,
6880 offset,
6881 count,
6882 block_smbpid)) {
6883 TALLOC_FREE(br_lck);
6884 END_PROFILE(SMBlockingX);
6885 return;
6886 }
6887 }
6888
6889 TALLOC_FREE(br_lck);
6890 }
6891
6892 if (NT_STATUS_V(status)) {
6893 END_PROFILE(SMBlockingX);
6894 reply_nterror(req, status);
6895 return;
6896 }
6897 }
6898
6899 /* If any of the above locks failed, then we must unlock
6900 all of the previous locks (X/Open spec). */
6901
6902 if (!(locktype & LOCKING_ANDX_CANCEL_LOCK) &&
6903 (i != num_locks) &&
6904 (num_locks != 0)) {
6905 /*
6906 * Ensure we don't do a remove on the lock that just failed,
6907 * as under POSIX rules, if we have a lock already there, we
6908 * will delete it (and we shouldn't) .....
6909 */
6910 for(i--; i >= 0; i--) {
6911 lock_pid = get_lock_pid( data, i, large_file_format);
6912 count = get_lock_count( data, i, large_file_format);
6913 offset = get_lock_offset( data, i, large_file_format,
6914 &err);
6915
6916 /*
6917 * There is no error code marked "stupid client
6918 * bug".... :-).
6919 */
6920 if(err) {
6921 END_PROFILE(SMBlockingX);
6922 reply_doserror(req, ERRDOS, ERRnoaccess);
6923 return;
6924 }
6925
6926 do_unlock(smbd_messaging_context(),
6927 fsp,
6928 lock_pid,
6929 count,
6930 offset,
6931 WINDOWS_LOCK);
6932 }
6933 END_PROFILE(SMBlockingX);
6934 reply_nterror(req, status);
6935 return;
6936 }
6937
6938 reply_outbuf(req, 2, 0);
6939
6940 DEBUG(3, ("lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
6941 fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks));
6942
6943 END_PROFILE(SMBlockingX);
6944 chain_reply(req);
6945}
6946
6947#undef DBGC_CLASS
6948#define DBGC_CLASS DBGC_ALL
6949
6950/****************************************************************************
6951 Reply to a SMBreadbmpx (read block multiplex) request.
6952 Always reply with an error, if someone has a platform really needs this,
6953 please contact vl@samba.org
6954****************************************************************************/
6955
6956void reply_readbmpx(struct smb_request *req)
6957{
6958 START_PROFILE(SMBreadBmpx);
6959 reply_doserror(req, ERRSRV, ERRuseSTD);
6960 END_PROFILE(SMBreadBmpx);
6961 return;
6962}
6963
6964/****************************************************************************
6965 Reply to a SMBreadbs (read block multiplex secondary) request.
6966 Always reply with an error, if someone has a platform really needs this,
6967 please contact vl@samba.org
6968****************************************************************************/
6969
6970void reply_readbs(struct smb_request *req)
6971{
6972 START_PROFILE(SMBreadBs);
6973 reply_doserror(req, ERRSRV, ERRuseSTD);
6974 END_PROFILE(SMBreadBs);
6975 return;
6976}
6977
6978/****************************************************************************
6979 Reply to a SMBsetattrE.
6980****************************************************************************/
6981
6982void reply_setattrE(struct smb_request *req)
6983{
6984 connection_struct *conn = req->conn;
6985 struct timespec ts[2];
6986 files_struct *fsp;
6987 SMB_STRUCT_STAT sbuf;
6988 NTSTATUS status;
6989
6990 START_PROFILE(SMBsetattrE);
6991
6992 if (req->wct < 7) {
6993 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
6994 END_PROFILE(SMBsetattrE);
6995 return;
6996 }
6997
6998 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
6999
7000 if(!fsp || (fsp->conn != conn)) {
7001 reply_doserror(req, ERRDOS, ERRbadfid);
7002 END_PROFILE(SMBsetattrE);
7003 return;
7004 }
7005
7006
7007 /*
7008 * Convert the DOS times into unix times. Ignore create
7009 * time as UNIX can't set this.
7010 */
7011
7012 ts[0] = convert_time_t_to_timespec(
7013 srv_make_unix_date2(req->inbuf+smb_vwv3)); /* atime. */
7014 ts[1] = convert_time_t_to_timespec(
7015 srv_make_unix_date2(req->inbuf+smb_vwv5)); /* mtime. */
7016
7017 reply_outbuf(req, 0, 0);
7018
7019 /*
7020 * Patch from Ray Frush <frush@engr.colostate.edu>
7021 * Sometimes times are sent as zero - ignore them.
7022 */
7023
7024 /* Ensure we have a valid stat struct for the source. */
7025 if (fsp->fh->fd != -1) {
7026 if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
7027 status = map_nt_error_from_unix(errno);
7028 reply_nterror(req, status);
7029 END_PROFILE(SMBsetattrE);
7030 return;
7031 }
7032 } else {
7033 if (SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf) == -1) {
7034 status = map_nt_error_from_unix(errno);
7035 reply_nterror(req, status);
7036 END_PROFILE(SMBsetattrE);
7037 return;
7038 }
7039 }
7040
7041 status = smb_set_file_time(conn, fsp, fsp->fsp_name,
7042 &sbuf, ts, true);
7043 if (!NT_STATUS_IS_OK(status)) {
7044 reply_doserror(req, ERRDOS, ERRnoaccess);
7045 END_PROFILE(SMBsetattrE);
7046 return;
7047 }
7048
7049 DEBUG( 3, ( "reply_setattrE fnum=%d actime=%u modtime=%u\n",
7050 fsp->fnum,
7051 (unsigned int)ts[0].tv_sec,
7052 (unsigned int)ts[1].tv_sec));
7053
7054 END_PROFILE(SMBsetattrE);
7055 return;
7056}
7057
7058
7059/* Back from the dead for OS/2..... JRA. */
7060
7061/****************************************************************************
7062 Reply to a SMBwritebmpx (write block multiplex primary) request.
7063 Always reply with an error, if someone has a platform really needs this,
7064 please contact vl@samba.org
7065****************************************************************************/
7066
7067void reply_writebmpx(struct smb_request *req)
7068{
7069 START_PROFILE(SMBwriteBmpx);
7070 reply_doserror(req, ERRSRV, ERRuseSTD);
7071 END_PROFILE(SMBwriteBmpx);
7072 return;
7073}
7074
7075/****************************************************************************
7076 Reply to a SMBwritebs (write block multiplex secondary) request.
7077 Always reply with an error, if someone has a platform really needs this,
7078 please contact vl@samba.org
7079****************************************************************************/
7080
7081void reply_writebs(struct smb_request *req)
7082{
7083 START_PROFILE(SMBwriteBs);
7084 reply_doserror(req, ERRSRV, ERRuseSTD);
7085 END_PROFILE(SMBwriteBs);
7086 return;
7087}
7088
7089/****************************************************************************
7090 Reply to a SMBgetattrE.
7091****************************************************************************/
7092
7093void reply_getattrE(struct smb_request *req)
7094{
7095 connection_struct *conn = req->conn;
7096 SMB_STRUCT_STAT sbuf;
7097 int mode;
7098 files_struct *fsp;
7099
7100 START_PROFILE(SMBgetattrE);
7101
7102 if (req->wct < 1) {
7103 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
7104 END_PROFILE(SMBgetattrE);
7105 return;
7106 }
7107
7108 fsp = file_fsp(SVAL(req->inbuf,smb_vwv0));
7109
7110 if(!fsp || (fsp->conn != conn)) {
7111 reply_doserror(req, ERRDOS, ERRbadfid);
7112 END_PROFILE(SMBgetattrE);
7113 return;
7114 }
7115
7116 /* Do an fstat on this file */
7117 if(fsp_stat(fsp, &sbuf)) {
7118 reply_unixerror(req, ERRDOS, ERRnoaccess);
7119 END_PROFILE(SMBgetattrE);
7120 return;
7121 }
7122
7123 mode = dos_mode(conn,fsp->fsp_name,&sbuf);
7124
7125 /*
7126 * Convert the times into dos times. Set create
7127 * date to be last modify date as UNIX doesn't save
7128 * this.
7129 */
7130
7131 reply_outbuf(req, 11, 0);
7132
7133 srv_put_dos_date2((char *)req->outbuf, smb_vwv0,
7134 get_create_time(&sbuf,
7135 lp_fake_dir_create_times(SNUM(conn))));
7136 srv_put_dos_date2((char *)req->outbuf, smb_vwv2, sbuf.st_atime);
7137 /* Should we check pending modtime here ? JRA */
7138 srv_put_dos_date2((char *)req->outbuf, smb_vwv4, sbuf.st_mtime);
7139
7140 if (mode & aDIR) {
7141 SIVAL(req->outbuf, smb_vwv6, 0);
7142 SIVAL(req->outbuf, smb_vwv8, 0);
7143 } else {
7144 uint32 allocation_size = get_allocation_size(conn,fsp, &sbuf);
7145 SIVAL(req->outbuf, smb_vwv6, (uint32)sbuf.st_size);
7146 SIVAL(req->outbuf, smb_vwv8, allocation_size);
7147 }
7148 SSVAL(req->outbuf,smb_vwv10, mode);
7149
7150 DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
7151
7152 END_PROFILE(SMBgetattrE);
7153 return;
7154}
Note: See TracBrowser for help on using the repository browser.