Changeset 740 for vendor/current/source3/smbd/nttrans.c
- Timestamp:
- Nov 14, 2012, 12:59:34 PM (13 years ago)
- File:
-
- 1 edited
-
vendor/current/source3/smbd/nttrans.c (modified) (52 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/smbd/nttrans.c
r597 r740 20 20 21 21 #include "includes.h" 22 #include "system/filesys.h" 23 #include "smbd/smbd.h" 22 24 #include "smbd/globals.h" 25 #include "fake_file.h" 26 #include "../libcli/security/security.h" 27 #include "../librpc/gen_ndr/ndr_security.h" 28 #include "passdb/lookup_sid.h" 29 #include "auth.h" 30 #include "ntioctl.h" 31 #include "smbprofile.h" 32 #include "libsmb/libsmb.h" 23 33 24 34 extern const struct generic_mapping file_generic_mapping; … … 56 66 char *pd = pdata; 57 67 int params_sent_thistime, data_sent_thistime, total_sent_thistime; 58 int alignment_offset = 3;68 int alignment_offset = 1; 59 69 int data_alignment_offset = 0; 60 struct smbd_server_connection *sconn = smbd_server_conn;70 struct smbd_server_connection *sconn = req->sconn; 61 71 int max_send = sconn->smb1.sessions.max_send; 62 72 … … 74 84 } 75 85 show_msg((char *)req->outbuf); 76 if (!srv_send_smb(s mbd_server_fd(),86 if (!srv_send_smb(sconn, 77 87 (char *)req->outbuf, 78 88 true, req->seqnum+1, … … 243 253 /* Send the packet */ 244 254 show_msg((char *)req->outbuf); 245 if (!srv_send_smb(s mbd_server_fd(),255 if (!srv_send_smb(sconn, 246 256 (char *)req->outbuf, 247 257 true, req->seqnum+1, … … 472 482 root_dir_fid = (uint16)IVAL(req->vwv+5, 1); 473 483 474 allocation_size = (uint64_t)IVAL(req->vwv+9, 1); 475 #ifdef LARGE_SMB_OFF_T 476 allocation_size |= (((uint64_t)IVAL(req->vwv+11, 1)) << 32); 477 #endif 484 allocation_size = BVAL(req->vwv+9, 1); 478 485 479 486 srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf, … … 571 578 oplock_request, /* oplock_request */ 572 579 allocation_size, /* allocation_size */ 580 0, /* private_flags */ 573 581 NULL, /* sd */ 574 582 NULL, /* ea_list */ … … 651 659 write time. JRA. */ 652 660 ZERO_STRUCT(write_time_ts); 653 get_file_infos(fsp->file_id, NULL, &write_time_ts);661 get_file_infos(fsp->file_id, 0, NULL, &write_time_ts); 654 662 if (!null_timespec(write_time_ts)) { 655 663 update_stat_ex_mtime(&smb_fname->st, write_time_ts); … … 828 836 ****************************************************************************/ 829 837 830 static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32sd_len,831 uint32 security_info_sent)838 NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len, 839 uint32_t security_info_sent) 832 840 { 833 SEC_DESC*psd = NULL;841 struct security_descriptor *psd = NULL; 834 842 NTSTATUS status; 835 843 … … 853 861 854 862 if (psd->owner_sid == NULL) { 855 security_info_sent &= ~ OWNER_SECURITY_INFORMATION;863 security_info_sent &= ~SECINFO_OWNER; 856 864 } 857 865 if (psd->group_sid == NULL) { 858 security_info_sent &= ~ GROUP_SECURITY_INFORMATION;866 security_info_sent &= ~SECINFO_GROUP; 859 867 } 860 868 … … 1023 1031 ea_len = IVAL(params,40); 1024 1032 root_dir_fid = (uint16)IVAL(params,4); 1025 allocation_size = (uint64_t)IVAL(params,12); 1026 #ifdef LARGE_SMB_OFF_T 1027 allocation_size |= (((uint64_t)IVAL(params,16)) << 32); 1028 #endif 1033 allocation_size = BVAL(params,12); 1029 1034 1030 1035 /* … … 1148 1153 oplock_request, /* oplock_request */ 1149 1154 allocation_size, /* allocation_size */ 1155 0, /* private_flags */ 1150 1156 sd, /* sd */ 1151 1157 ea_list, /* ea_list */ … … 1228 1234 write time. JRA. */ 1229 1235 ZERO_STRUCT(write_time_ts); 1230 get_file_infos(fsp->file_id, NULL, &write_time_ts);1236 get_file_infos(fsp->file_id, 0, NULL, &write_time_ts); 1231 1237 if (!null_timespec(write_time_ts)) { 1232 1238 update_stat_ex_mtime(&smb_fname->st, write_time_ts); … … 1261 1267 p += 8; 1262 1268 if (flags & EXTENDED_RESPONSE_REQUIRED) { 1263 SSVAL(p,2,0x7); 1269 uint16_t file_status = (NO_EAS|NO_SUBSTREAMS|NO_REPARSETAG); 1270 size_t num_names = 0; 1271 unsigned int num_streams; 1272 struct stream_struct *streams = NULL; 1273 1274 /* Do we have any EA's ? */ 1275 status = get_ea_names_from_file(ctx, conn, fsp, 1276 smb_fname->base_name, NULL, &num_names); 1277 if (NT_STATUS_IS_OK(status) && num_names) { 1278 file_status &= ~NO_EAS; 1279 } 1280 status = SMB_VFS_STREAMINFO(conn, NULL, smb_fname->base_name, ctx, 1281 &num_streams, &streams); 1282 /* There is always one stream, ::$DATA. */ 1283 if (NT_STATUS_IS_OK(status) && num_streams > 1) { 1284 file_status &= ~NO_SUBSTREAMS; 1285 } 1286 TALLOC_FREE(streams); 1287 SSVAL(p,2,file_status); 1264 1288 } 1265 1289 p += 4; … … 1299 1323 1300 1324 START_PROFILE(SMBntcancel); 1301 srv_cancel_sign_response(smbd_server_conn); 1302 remove_pending_change_notify_requests_by_mid(req->mid); 1303 remove_pending_lock_requests_by_mid(req->mid); 1304 1305 DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", req->mid)); 1325 srv_cancel_sign_response(req->sconn); 1326 remove_pending_change_notify_requests_by_mid(req->sconn, req->mid); 1327 remove_pending_lock_requests_by_mid_smb1(req->sconn, req->mid); 1328 1329 DEBUG(3,("reply_ntcancel: cancel called on mid = %llu.\n", 1330 (unsigned long long)req->mid)); 1306 1331 1307 1332 END_PROFILE(SMBntcancel); … … 1340 1365 /* Ensure attributes match. */ 1341 1366 fattr = dos_mode(conn, smb_fname_src); 1342 if ((fattr & ~attrs) & ( aHIDDEN | aSYSTEM)) {1367 if ((fattr & ~attrs) & (FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) { 1343 1368 status = NT_STATUS_NO_SUCH_FILE; 1344 1369 goto out; … … 1366 1391 0, /* root_dir_fid */ 1367 1392 smb_fname_src, /* fname */ 1368 FILE_READ_DATA, /* access_mask */ 1393 FILE_READ_DATA|FILE_READ_ATTRIBUTES| 1394 FILE_READ_EA, /* access_mask */ 1369 1395 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ 1370 1396 FILE_SHARE_DELETE), … … 1374 1400 NO_OPLOCK, /* oplock_request */ 1375 1401 0, /* allocation_size */ 1402 0, /* private_flags */ 1376 1403 NULL, /* sd */ 1377 1404 NULL, /* ea_list */ … … 1388 1415 0, /* root_dir_fid */ 1389 1416 smb_fname_dst, /* fname */ 1390 FILE_WRITE_DATA, /* access_mask */ 1417 FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES| 1418 FILE_WRITE_EA, /* access_mask */ 1391 1419 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ 1392 1420 FILE_SHARE_DELETE), … … 1396 1424 NO_OPLOCK, /* oplock_request */ 1397 1425 0, /* allocation_size */ 1426 0, /* private_flags */ 1398 1427 NULL, /* sd */ 1399 1428 NULL, /* ea_list */ … … 1423 1452 status = close_file(NULL, fsp2, NORMAL_CLOSE); 1424 1453 1425 /* Grrr. We have to do this as open_file_ntcreate adds aARCHwhen it1454 /* Grrr. We have to do this as open_file_ntcreate adds FILE_ATTRIBUTE_ARCHIVE when it 1426 1455 creates the file. This isn't the correct thing to do in the copy 1427 1456 case. JRA */ … … 1468 1497 uint16 rename_type; 1469 1498 TALLOC_CTX *ctx = talloc_tos(); 1499 bool stream_rename = false; 1470 1500 1471 1501 START_PROFILE(SMBntrename); … … 1500 1530 } 1501 1531 1502 /* The newname must begin with a ':' if the oldname contains a ':'. */ 1503 if (strchr_m(oldname, ':') && (newname[0] != ':')) { 1504 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 1505 goto out; 1532 if (!lp_posix_pathnames()) { 1533 /* The newname must begin with a ':' if the 1534 oldname contains a ':'. */ 1535 if (strchr_m(oldname, ':')) { 1536 if (newname[0] != ':') { 1537 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 1538 goto out; 1539 } 1540 stream_rename = true; 1541 } 1506 1542 } 1507 1543 … … 1552 1588 } 1553 1589 1590 if (stream_rename) { 1591 /* smb_fname_new must be the same as smb_fname_old. */ 1592 TALLOC_FREE(smb_fname_new->base_name); 1593 smb_fname_new->base_name = talloc_strdup(smb_fname_new, 1594 smb_fname_old->base_name); 1595 if (!smb_fname_new->base_name) { 1596 reply_nterror(req, NT_STATUS_NO_MEMORY); 1597 goto out; 1598 } 1599 } 1600 1554 1601 DEBUG(3,("reply_ntrename: %s -> %s\n", 1555 1602 smb_fname_str_dbg(smb_fname_old), … … 1570 1617 } else { 1571 1618 status = hardlink_internals(ctx, conn, 1619 req, 1620 false, 1572 1621 smb_fname_old, 1573 1622 smb_fname_new); … … 1696 1745 */ 1697 1746 1698 change_notify_reply( fsp->conn,req,1747 change_notify_reply(req, 1699 1748 NT_STATUS_OK, 1700 1749 max_param_count, … … 1775 1824 *******************************************************************************/ 1776 1825 1777 static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC**ppsd)1826 static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, struct security_descriptor **ppsd) 1778 1827 { 1779 1828 size_t sd_size; … … 1790 1839 /**************************************************************************** 1791 1840 Reply to query a security descriptor. 1841 Callable from SMB2 and SMB2. 1842 If it returns NT_STATUS_BUFFER_TOO_SMALL, pdata_size is initialized with 1843 the required size. 1844 ****************************************************************************/ 1845 1846 NTSTATUS smbd_do_query_security_desc(connection_struct *conn, 1847 TALLOC_CTX *mem_ctx, 1848 files_struct *fsp, 1849 uint32_t security_info_wanted, 1850 uint32_t max_data_count, 1851 uint8_t **ppmarshalled_sd, 1852 size_t *psd_size) 1853 { 1854 NTSTATUS status; 1855 struct security_descriptor *psd = NULL; 1856 1857 /* 1858 * Get the permissions to return. 1859 */ 1860 1861 if ((security_info_wanted & SECINFO_SACL) && 1862 !(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) { 1863 return NT_STATUS_ACCESS_DENIED; 1864 } 1865 1866 if ((security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) && 1867 !(fsp->access_mask & SEC_STD_READ_CONTROL)) { 1868 return NT_STATUS_ACCESS_DENIED; 1869 } 1870 1871 if (!lp_nt_acl_support(SNUM(conn))) { 1872 status = get_null_nt_acl(mem_ctx, &psd); 1873 } else { 1874 status = SMB_VFS_FGET_NT_ACL( 1875 fsp, security_info_wanted, &psd); 1876 } 1877 if (!NT_STATUS_IS_OK(status)) { 1878 return status; 1879 } 1880 1881 if (!(security_info_wanted & SECINFO_OWNER)) { 1882 psd->owner_sid = NULL; 1883 } 1884 if (!(security_info_wanted & SECINFO_GROUP)) { 1885 psd->group_sid = NULL; 1886 } 1887 if (!(security_info_wanted & SECINFO_DACL)) { 1888 psd->dacl = NULL; 1889 } 1890 if (!(security_info_wanted & SECINFO_SACL)) { 1891 psd->sacl = NULL; 1892 } 1893 1894 /* If the SACL/DACL is NULL, but was requested, we mark that it is 1895 * present in the reply to match Windows behavior */ 1896 if (psd->sacl == NULL && 1897 security_info_wanted & SECINFO_SACL) 1898 psd->type |= SEC_DESC_SACL_PRESENT; 1899 if (psd->dacl == NULL && 1900 security_info_wanted & SECINFO_DACL) 1901 psd->type |= SEC_DESC_DACL_PRESENT; 1902 1903 *psd_size = ndr_size_security_descriptor(psd, 0); 1904 1905 DEBUG(3,("smbd_do_query_security_desc: sd_size = %lu.\n", 1906 (unsigned long)*psd_size)); 1907 1908 if (DEBUGLEVEL >= 10) { 1909 DEBUG(10,("smbd_do_query_security_desc for file %s\n", 1910 fsp_str_dbg(fsp))); 1911 NDR_PRINT_DEBUG(security_descriptor, psd); 1912 } 1913 1914 if (max_data_count < *psd_size) { 1915 TALLOC_FREE(psd); 1916 return NT_STATUS_BUFFER_TOO_SMALL; 1917 } 1918 1919 status = marshall_sec_desc(mem_ctx, psd, 1920 ppmarshalled_sd, psd_size); 1921 1922 if (!NT_STATUS_IS_OK(status)) { 1923 TALLOC_FREE(psd); 1924 return status; 1925 } 1926 1927 TALLOC_FREE(psd); 1928 return NT_STATUS_OK; 1929 } 1930 1931 /**************************************************************************** 1932 SMB1 reply to query a security descriptor. 1792 1933 ****************************************************************************/ 1793 1934 … … 1804 1945 char *params = *ppparams; 1805 1946 char *data = *ppdata; 1806 SEC_DESC *psd = NULL; 1807 size_t sd_size; 1947 size_t sd_size = 0; 1808 1948 uint32 security_info_wanted; 1809 1949 files_struct *fsp = NULL; 1810 1950 NTSTATUS status; 1811 DATA_BLOB blob;1951 uint8_t *marshalled_sd = NULL; 1812 1952 1813 1953 if(parameter_count < 8) { … … 1838 1978 */ 1839 1979 1840 if ((security_info_wanted & SECINFO_SACL) && 1841 !(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) { 1842 reply_nterror(req, NT_STATUS_ACCESS_DENIED); 1843 return; 1844 } 1845 1846 if ((security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) && 1847 !(fsp->access_mask & SEC_STD_READ_CONTROL)) { 1848 reply_nterror(req, NT_STATUS_ACCESS_DENIED); 1849 return; 1850 } 1851 1852 if (!lp_nt_acl_support(SNUM(conn))) { 1853 status = get_null_nt_acl(talloc_tos(), &psd); 1854 } else { 1855 status = SMB_VFS_FGET_NT_ACL( 1856 fsp, security_info_wanted, &psd); 1857 } 1980 status = smbd_do_query_security_desc(conn, 1981 talloc_tos(), 1982 fsp, 1983 security_info_wanted, 1984 max_data_count, 1985 &marshalled_sd, 1986 &sd_size); 1987 1988 if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) { 1989 SIVAL(params,0,(uint32_t)sd_size); 1990 send_nt_replies(conn, req, NT_STATUS_BUFFER_TOO_SMALL, 1991 params, 4, NULL, 0); 1992 return; 1993 } 1994 1858 1995 if (!NT_STATUS_IS_OK(status)) { 1859 1996 reply_nterror(req, status); … … 1861 1998 } 1862 1999 1863 if (!(security_info_wanted & SECINFO_OWNER)) { 1864 psd->owner_sid = NULL; 1865 } 1866 if (!(security_info_wanted & SECINFO_GROUP)) { 1867 psd->group_sid = NULL; 1868 } 1869 if (!(security_info_wanted & SECINFO_DACL)) { 1870 psd->dacl = NULL; 1871 } 1872 if (!(security_info_wanted & SECINFO_SACL)) { 1873 psd->sacl = NULL; 1874 } 1875 1876 /* If the SACL/DACL is NULL, but was requested, we mark that it is 1877 * present in the reply to match Windows behavior */ 1878 if (psd->sacl == NULL && 1879 security_info_wanted & SACL_SECURITY_INFORMATION) 1880 psd->type |= SEC_DESC_SACL_PRESENT; 1881 if (psd->dacl == NULL && 1882 security_info_wanted & DACL_SECURITY_INFORMATION) 1883 psd->type |= SEC_DESC_DACL_PRESENT; 1884 1885 sd_size = ndr_size_security_descriptor(psd, NULL, 0); 1886 1887 DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size)); 1888 1889 if (DEBUGLEVEL >= 10) { 1890 DEBUG(10,("call_nt_transact_query_security_desc for file %s\n", 1891 fsp_str_dbg(fsp))); 1892 NDR_PRINT_DEBUG(security_descriptor, psd); 1893 } 1894 1895 SIVAL(params,0,(uint32)sd_size); 2000 SMB_ASSERT(sd_size > 0); 2001 2002 SIVAL(params,0,(uint32_t)sd_size); 1896 2003 1897 2004 if (max_data_count < sd_size) { 1898 2005 send_nt_replies(conn, req, NT_STATUS_BUFFER_TOO_SMALL, 1899 params, 4, *ppdata, 0);2006 params, 4, NULL, 0); 1900 2007 return; 1901 2008 } 1902 2009 1903 2010 /* 1904 * Allocate the data we will point this at.2011 * Allocate the data we will return. 1905 2012 */ 1906 2013 … … 1911 2018 } 1912 2019 1913 status = marshall_sec_desc(talloc_tos(), psd, 1914 &blob.data, &blob.length); 1915 1916 if (!NT_STATUS_IS_OK(status)) { 1917 reply_nterror(req, status); 1918 return; 1919 } 1920 1921 SMB_ASSERT(sd_size == blob.length); 1922 memcpy(data, blob.data, sd_size); 2020 memcpy(data, marshalled_sd, sd_size); 1923 2021 1924 2022 send_nt_replies(conn, req, NT_STATUS_OK, params, 4, data, (int)sd_size); … … 1957 2055 } 1958 2056 2057 if (!CAN_WRITE(fsp->conn)) { 2058 reply_nterror(req, NT_STATUS_ACCESS_DENIED); 2059 return; 2060 } 2061 1959 2062 if(!lp_nt_acl_support(SNUM(conn))) { 1960 2063 goto done; … … 2024 2127 switch (function) { 2025 2128 case FSCTL_SET_SPARSE: 2026 /* pretend this succeeded - tho strictly we should 2027 mark the file sparse (if the local fs supports it) 2028 so we can know if we need to pre-allocate or not */ 2029 2030 DEBUG(10,("FSCTL_SET_SPARSE: called on FID[0x%04X](but not implemented)\n", fidnum)); 2129 { 2130 bool set_sparse = true; 2131 NTSTATUS status; 2132 2133 if (data_count >= 1 && pdata[0] == 0) { 2134 set_sparse = false; 2135 } 2136 2137 DEBUG(10,("FSCTL_SET_SPARSE: called on FID[0x%04X]set[%u]\n", 2138 fidnum, set_sparse)); 2139 2140 if (!check_fsp_open(conn, req, fsp)) { 2141 return; 2142 } 2143 2144 status = file_set_sparse(conn, fsp, set_sparse); 2145 if (!NT_STATUS_IS_OK(status)) { 2146 DEBUG(9,("FSCTL_SET_SPARSE: fname[%s] set[%u] - %s\n", 2147 smb_fname_str_dbg(fsp->fsp_name), set_sparse, nt_errstr(status))); 2148 reply_nterror(req, status); 2149 return; 2150 } 2151 2152 DEBUG(10,("FSCTL_SET_SPARSE: fname[%s] set[%u] - %s\n", 2153 smb_fname_str_dbg(fsp->fsp_name), set_sparse, nt_errstr(status))); 2031 2154 send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0); 2032 2155 return; 2033 2156 } 2034 2157 case FSCTL_CREATE_OR_GET_OBJECT_ID: 2035 2158 { … … 2042 2165 DEBUG(10,("FSCTL_CREATE_OR_GET_OBJECT_ID: called on FID[0x%04X]\n",fidnum)); 2043 2166 2044 if (! fsp_belongs_conn(conn, req, fsp)) {2167 if (!check_fsp_open(conn, req, fsp)) { 2045 2168 return; 2046 2169 } … … 2092 2215 * it be deallocated when we return. 2093 2216 */ 2094 SHADOW_COPY_DATA *shadow_data = NULL; 2095 TALLOC_CTX *shadow_mem_ctx = NULL; 2217 struct shadow_copy_data *shadow_data = NULL; 2096 2218 bool labels = False; 2097 2219 uint32 labels_data_count = 0; … … 2099 2221 char *cur_pdata; 2100 2222 2101 if (! fsp_belongs_conn(conn, req, fsp)) {2223 if (!check_fsp_open(conn, req, fsp)) { 2102 2224 return; 2103 2225 } … … 2114 2236 } 2115 2237 2116 shadow_mem_ctx = talloc_init("SHADOW_COPY_DATA"); 2117 if (shadow_mem_ctx == NULL) { 2118 DEBUG(0,("talloc_init(SHADOW_COPY_DATA) failed!\n")); 2238 shadow_data = TALLOC_ZERO_P(talloc_tos(), 2239 struct shadow_copy_data); 2240 if (shadow_data == NULL) { 2241 DEBUG(0,("TALLOC_ZERO() failed!\n")); 2119 2242 reply_nterror(req, NT_STATUS_NO_MEMORY); 2120 2243 return; 2121 2244 } 2122 2123 shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA);2124 if (shadow_data == NULL) {2125 DEBUG(0,("TALLOC_ZERO() failed!\n"));2126 talloc_destroy(shadow_mem_ctx);2127 reply_nterror(req, NT_STATUS_NO_MEMORY);2128 return;2129 }2130 2131 shadow_data->mem_ctx = shadow_mem_ctx;2132 2245 2133 2246 /* … … 2135 2248 */ 2136 2249 if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp, shadow_data, labels)!=0) { 2137 talloc_destroy(shadow_data->mem_ctx);2250 TALLOC_FREE(shadow_data); 2138 2251 if (errno == ENOSYS) { 2139 2252 DEBUG(5,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, not supported.\n", … … 2160 2273 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) too small (%u) bytes needed!\n", 2161 2274 max_data_count,data_count)); 2162 talloc_destroy(shadow_data->mem_ctx);2275 TALLOC_FREE(shadow_data); 2163 2276 reply_nterror(req, NT_STATUS_BUFFER_TOO_SMALL); 2164 2277 return; … … 2167 2280 pdata = nttrans_realloc(ppdata, data_count); 2168 2281 if (pdata == NULL) { 2169 talloc_destroy(shadow_data->mem_ctx);2282 TALLOC_FREE(shadow_data); 2170 2283 reply_nterror(req, NT_STATUS_NO_MEMORY); 2171 2284 return; … … 2200 2313 } 2201 2314 2202 talloc_destroy(shadow_data->mem_ctx);2315 TALLOC_FREE(shadow_data); 2203 2316 2204 2317 send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, … … 2216 2329 * but I have to check that --metze 2217 2330 */ 2218 DOM_SIDsid;2331 struct dom_sid sid; 2219 2332 uid_t uid; 2220 size_t sid_len = MIN(data_count-4,SID_MAX_SIZE);2333 size_t sid_len; 2221 2334 2222 2335 DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum)); 2223 2336 2224 if (! fsp_belongs_conn(conn, req, fsp)) {2337 if (!check_fsp_open(conn, req, fsp)) { 2225 2338 return; 2226 2339 } 2340 2341 if (data_count < 8) { 2342 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 2343 return; 2344 } 2345 2346 sid_len = MIN(data_count-4,SID_MAX_SIZE); 2227 2347 2228 2348 /* unknown 4 bytes: this is not the length of the sid :-( */ … … 2233 2353 return; 2234 2354 } 2235 2236 2355 DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid))); 2237 2356 … … 2265 2384 return; 2266 2385 } 2386 case FSCTL_QUERY_ALLOCATED_RANGES: 2387 { 2388 /* FIXME: This is just a dummy reply, telling that all of the 2389 * file is allocated. MKS cp needs that. 2390 * Adding the real allocated ranges via FIEMAP on Linux 2391 * and SEEK_DATA/SEEK_HOLE on Solaris is needed to make 2392 * this FSCTL correct for sparse files. 2393 */ 2394 NTSTATUS status; 2395 uint64_t offset, length; 2396 2397 if (!check_fsp_open(conn, req, fsp)) { 2398 return; 2399 } 2400 2401 if (data_count != 16) { 2402 DEBUG(0,("FSCTL_QUERY_ALLOCATED_RANGES: data_count(%u) != 16 is invalid!\n", 2403 data_count)); 2404 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 2405 return; 2406 } 2407 2408 if (max_data_count < 16) { 2409 DEBUG(0,("FSCTL_QUERY_ALLOCATED_RANGES: max_data_count(%u) < 16 is invalid!\n", 2410 max_data_count)); 2411 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 2412 return; 2413 } 2414 2415 offset = BVAL(pdata,0); 2416 length = BVAL(pdata,8); 2417 2418 if (offset + length < offset) { 2419 /* No 64-bit integer wrap. */ 2420 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 2421 return; 2422 } 2423 2424 status = vfs_stat_fsp(fsp); 2425 if (!NT_STATUS_IS_OK(status)) { 2426 reply_nterror(req, status); 2427 return; 2428 } 2429 2430 if (offset > fsp->fsp_name->st.st_ex_size || 2431 fsp->fsp_name->st.st_ex_size == 0 || 2432 length == 0) { 2433 send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0); 2434 } else { 2435 uint64_t end = offset + length; 2436 end = MIN(end, fsp->fsp_name->st.st_ex_size); 2437 SBVAL(pdata,0,0); 2438 SBVAL(pdata,8,end); 2439 send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, 2440 pdata, 16); 2441 } 2442 return; 2443 } 2444 case FSCTL_IS_VOLUME_DIRTY: 2445 DEBUG(10,("FSCTL_IS_VOLUME_DIRTY: called on FID[0x%04X] " 2446 "(but not implemented)\n", (int)fidnum)); 2447 /* 2448 * http://msdn.microsoft.com/en-us/library/cc232128%28PROT.10%29.aspx 2449 * says we have to respond with NT_STATUS_INVALID_PARAMETER 2450 */ 2451 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 2452 return; 2267 2453 default: 2454 /* Only print this once... */ 2268 2455 if (!logged_ioctl_message) { 2269 logged_ioctl_message = true; /* Only print this once... */ 2270 DEBUG(0,("call_nt_transact_ioctl(0x%x): Currently not implemented.\n", 2456 logged_ioctl_message = true; 2457 DEBUG(2,("call_nt_transact_ioctl(0x%x): " 2458 "Currently not implemented.\n", 2271 2459 function)); 2272 2460 } … … 2302 2490 uint16 level = 0; 2303 2491 size_t sid_len; 2304 DOM_SIDsid;2492 struct dom_sid sid; 2305 2493 bool start_enum = True; 2306 2494 SMB_NTQUOTA_STRUCT qt; … … 2311 2499 2312 2500 /* access check */ 2313 if ( conn->server_info->utok.uid != 0 && !conn->admin_user) {2501 if (get_current_uid(conn) != 0) { 2314 2502 DEBUG(1,("get_user_quota: access_denied service [%s] user " 2315 2503 "[%s]\n", lp_servicename(SNUM(conn)), 2316 conn->se rver_info->unix_name));2504 conn->session_info->unix_name)); 2317 2505 reply_nterror(req, NT_STATUS_ACCESS_DENIED); 2318 2506 return; … … 2418 2606 2419 2607 sid_len = ndr_size_dom_sid( 2420 &tmp_list->quotas->sid, NULL,0);2608 &tmp_list->quotas->sid, 0); 2421 2609 entry_len = 40 + sid_len; 2422 2610 … … 2575 2763 SMB_NTQUOTA_STRUCT qt; 2576 2764 size_t sid_len; 2577 DOM_SIDsid;2765 struct dom_sid sid; 2578 2766 files_struct *fsp = NULL; 2579 2767 … … 2581 2769 2582 2770 /* access check */ 2583 if ( conn->server_info->utok.uid != 0 && !conn->admin_user) {2771 if (get_current_uid(conn) != 0) { 2584 2772 DEBUG(1,("set_user_quota: access_denied service [%s] user " 2585 2773 "[%s]\n", lp_servicename(SNUM(conn)), 2586 conn->se rver_info->unix_name));2774 conn->session_info->unix_name)); 2587 2775 reply_nterror(req, NT_STATUS_ACCESS_DENIED); 2588 2776 return; … … 2609 2797 if (data_count < 40) { 2610 2798 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count,40)); 2611 reply_nterror(req, NT_STATUS_INVALID_ LEVEL);2799 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 2612 2800 return; 2613 2801 } … … 2621 2809 sid_len = IVAL(pdata,4); 2622 2810 2623 if (data_count < 40+sid_len ) {2811 if (data_count < 40+sid_len || (40+sid_len < sid_len)) { 2624 2812 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count,(unsigned long)40+sid_len)); 2625 reply_nterror(req, NT_STATUS_INVALID_ LEVEL);2813 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 2626 2814 return; 2627 2815 } … … 2632 2820 2633 2821 /* the used space 8 bytes (uint64_t)*/ 2634 qt.usedspace = (uint64_t)IVAL(pdata,16); 2635 #ifdef LARGE_SMB_OFF_T 2636 qt.usedspace |= (((uint64_t)IVAL(pdata,20)) << 32); 2637 #else /* LARGE_SMB_OFF_T */ 2638 if ((IVAL(pdata,20) != 0)&& 2639 ((qt.usedspace != 0xFFFFFFFF)|| 2640 (IVAL(pdata,20)!=0xFFFFFFFF))) { 2641 /* more than 32 bits? */ 2642 reply_nterror(req, NT_STATUS_INVALID_LEVEL); 2643 return; 2644 } 2645 #endif /* LARGE_SMB_OFF_T */ 2822 qt.usedspace = BVAL(pdata,16); 2646 2823 2647 2824 /* the soft quotas 8 bytes (uint64_t)*/ 2648 qt.softlim = (uint64_t)IVAL(pdata,24); 2649 #ifdef LARGE_SMB_OFF_T 2650 qt.softlim |= (((uint64_t)IVAL(pdata,28)) << 32); 2651 #else /* LARGE_SMB_OFF_T */ 2652 if ((IVAL(pdata,28) != 0)&& 2653 ((qt.softlim != 0xFFFFFFFF)|| 2654 (IVAL(pdata,28)!=0xFFFFFFFF))) { 2655 /* more than 32 bits? */ 2656 reply_nterror(req, NT_STATUS_INVALID_LEVEL); 2657 return; 2658 } 2659 #endif /* LARGE_SMB_OFF_T */ 2825 qt.softlim = BVAL(pdata,24); 2660 2826 2661 2827 /* the hard quotas 8 bytes (uint64_t)*/ 2662 qt.hardlim = (uint64_t)IVAL(pdata,32); 2663 #ifdef LARGE_SMB_OFF_T 2664 qt.hardlim |= (((uint64_t)IVAL(pdata,36)) << 32); 2665 #else /* LARGE_SMB_OFF_T */ 2666 if ((IVAL(pdata,36) != 0)&& 2667 ((qt.hardlim != 0xFFFFFFFF)|| 2668 (IVAL(pdata,36)!=0xFFFFFFFF))) { 2669 /* more than 32 bits? */ 2670 reply_nterror(req, NT_STATUS_INVALID_LEVEL); 2671 return; 2672 } 2673 #endif /* LARGE_SMB_OFF_T */ 2828 qt.hardlim = BVAL(pdata,32); 2674 2829 2675 2830 if (!sid_parse(pdata+40,sid_len,&sid)) {
Note:
See TracChangeset
for help on using the changeset viewer.
