1/* 2 Unix SMB/CIFS implementation. 3 SMB NT transaction handling 4 Copyright (C) Jeremy Allison 1994-1998 5 Copyright (C) Stefan (metze) Metzmacher 2003 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 2 of the License, or 10 (at your option) any later version. 11 12 This program is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with this program; if not, write to the Free Software 19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20*/ 21 22#include "includes.h" 23 24extern enum protocol_types Protocol; 25extern int smb_read_error; 26extern int global_oplock_break; 27extern struct current_user current_user; 28 29static const char *known_nt_pipes[] = { 30 "\\LANMAN", 31 "\\srvsvc", 32 "\\samr", 33 "\\wkssvc", 34 "\\NETLOGON", 35 "\\ntlsa", 36 "\\ntsvcs", 37 "\\lsass", 38 "\\lsarpc", 39 "\\winreg", 40 "\\spoolss", 41 "\\netdfs", 42 "\\rpcecho", 43 NULL 44}; 45 46/* Map generic permissions to file object specific permissions */ 47 48struct generic_mapping file_generic_mapping = { 49 FILE_GENERIC_READ, 50 FILE_GENERIC_WRITE, 51 FILE_GENERIC_EXECUTE, 52 FILE_GENERIC_ALL 53}; 54 55static char *nttrans_realloc(char **ptr, size_t size) 56{ 57 char *tptr = NULL; 58 if (ptr==NULL) 59 smb_panic("nttrans_realloc() called with NULL ptr\n"); 60 61 tptr = SMB_REALLOC(*ptr, size); 62 if(tptr == NULL) { 63 *ptr = NULL; 64 return NULL; 65 } 66 memset(tptr,'\0',size); 67 68 *ptr = tptr; 69 70 return tptr; 71} 72 73 74/**************************************************************************** 75 Send the required number of replies back. 76 We assume all fields other than the data fields are 77 set correctly for the type of call. 78 HACK ! Always assumes smb_setup field is zero. 79****************************************************************************/ 80 81static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, NTSTATUS nt_error, char *params, 82 int paramsize, char *pdata, int datasize) 83{ 84 extern int max_send; 85 int data_to_send = datasize; 86 int params_to_send = paramsize; 87 int useable_space; 88 char *pp = params; 89 char *pd = pdata; 90 int params_sent_thistime, data_sent_thistime, total_sent_thistime; 91 int alignment_offset = 3; 92 int data_alignment_offset = 0; 93 94 /* 95 * Initially set the wcnt area to be 18 - this is true for all 96 * transNT replies. 97 */ 98 99 set_message(outbuf,18,0,True); 100 101 if (NT_STATUS_V(nt_error)) 102 ERROR_NT(nt_error); 103 104 /* 105 * If there genuinely are no parameters or data to send just send 106 * the empty packet. 107 */ 108 109 if(params_to_send == 0 && data_to_send == 0) { 110 if (!send_smb(smbd_server_fd(),outbuf)) 111 exit_server("send_nt_replies: send_smb failed."); 112 return 0; 113 } 114 115 /* 116 * When sending params and data ensure that both are nicely aligned. 117 * Only do this alignment when there is also data to send - else 118 * can cause NT redirector problems. 119 */ 120 121 if (((params_to_send % 4) != 0) && (data_to_send != 0)) 122 data_alignment_offset = 4 - (params_to_send % 4); 123 124 /* 125 * Space is bufsize minus Netbios over TCP header minus SMB header. 126 * The alignment_offset is to align the param bytes on a four byte 127 * boundary (2 bytes for data len, one byte pad). 128 * NT needs this to work correctly. 129 */ 130 131 useable_space = bufsize - ((smb_buf(outbuf)+ 132 alignment_offset+data_alignment_offset) - 133 outbuf); 134 135 /* 136 * useable_space can never be more than max_send minus the 137 * alignment offset. 138 */ 139 140 useable_space = MIN(useable_space, 141 max_send - (alignment_offset+data_alignment_offset)); 142 143 144 while (params_to_send || data_to_send) { 145 146 /* 147 * Calculate whether we will totally or partially fill this packet. 148 */ 149 150 total_sent_thistime = params_to_send + data_to_send + 151 alignment_offset + data_alignment_offset; 152 153 /* 154 * We can never send more than useable_space. 155 */ 156 157 total_sent_thistime = MIN(total_sent_thistime, useable_space); 158 159 set_message(outbuf, 18, total_sent_thistime, True); 160 161 /* 162 * Set total params and data to be sent. 163 */ 164 165 SIVAL(outbuf,smb_ntr_TotalParameterCount,paramsize); 166 SIVAL(outbuf,smb_ntr_TotalDataCount,datasize); 167 168 /* 169 * Calculate how many parameters and data we can fit into 170 * this packet. Parameters get precedence. 171 */ 172 173 params_sent_thistime = MIN(params_to_send,useable_space); 174 data_sent_thistime = useable_space - params_sent_thistime; 175 data_sent_thistime = MIN(data_sent_thistime,data_to_send); 176 177 SIVAL(outbuf,smb_ntr_ParameterCount,params_sent_thistime); 178 179 if(params_sent_thistime == 0) { 180 SIVAL(outbuf,smb_ntr_ParameterOffset,0); 181 SIVAL(outbuf,smb_ntr_ParameterDisplacement,0); 182 } else { 183 /* 184 * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the 185 * parameter bytes, however the first 4 bytes of outbuf are 186 * the Netbios over TCP header. Thus use smb_base() to subtract 187 * them from the calculation. 188 */ 189 190 SIVAL(outbuf,smb_ntr_ParameterOffset, 191 ((smb_buf(outbuf)+alignment_offset) - smb_base(outbuf))); 192 /* 193 * Absolute displacement of param bytes sent in this packet. 194 */ 195 196 SIVAL(outbuf,smb_ntr_ParameterDisplacement,pp - params); 197 } 198 199 /* 200 * Deal with the data portion. 201 */ 202 203 SIVAL(outbuf,smb_ntr_DataCount, data_sent_thistime); 204 205 if(data_sent_thistime == 0) { 206 SIVAL(outbuf,smb_ntr_DataOffset,0); 207 SIVAL(outbuf,smb_ntr_DataDisplacement, 0); 208 } else { 209 /* 210 * The offset of the data bytes is the offset of the 211 * parameter bytes plus the number of parameters being sent this time. 212 */ 213 214 SIVAL(outbuf,smb_ntr_DataOffset,((smb_buf(outbuf)+alignment_offset) - 215 smb_base(outbuf)) + params_sent_thistime + data_alignment_offset); 216 SIVAL(outbuf,smb_ntr_DataDisplacement, pd - pdata); 217 } 218 219 /* 220 * Copy the param bytes into the packet. 221 */ 222 223 if(params_sent_thistime) 224 memcpy((smb_buf(outbuf)+alignment_offset),pp,params_sent_thistime); 225 226 /* 227 * Copy in the data bytes 228 */ 229 230 if(data_sent_thistime) 231 memcpy(smb_buf(outbuf)+alignment_offset+params_sent_thistime+ 232 data_alignment_offset,pd,data_sent_thistime); 233 234 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n", 235 params_sent_thistime, data_sent_thistime, useable_space)); 236 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n", 237 params_to_send, data_to_send, paramsize, datasize)); 238 239 /* Send the packet */ 240 if (!send_smb(smbd_server_fd(),outbuf)) 241 exit_server("send_nt_replies: send_smb failed."); 242 243 pp += params_sent_thistime; 244 pd += data_sent_thistime; 245 246 params_to_send -= params_sent_thistime; 247 data_to_send -= data_sent_thistime; 248 249 /* 250 * Sanity check 251 */ 252 253 if(params_to_send < 0 || data_to_send < 0) { 254 DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!", 255 params_to_send, data_to_send)); 256 return -1; 257 } 258 } 259 260 return 0; 261} 262 263/**************************************************************************** 264 Save case statics. 265****************************************************************************/ 266 267static BOOL saved_case_sensitive; 268static BOOL saved_case_preserve; 269static BOOL saved_short_case_preserve; 270 271/**************************************************************************** 272 Save case semantics. 273****************************************************************************/ 274 275static void set_posix_case_semantics(connection_struct *conn, uint32 file_attributes) 276{ 277 if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) 278 return; 279 280 saved_case_sensitive = conn->case_sensitive; 281 saved_case_preserve = conn->case_preserve; 282 saved_short_case_preserve = conn->short_case_preserve; 283 284 /* Set to POSIX. */ 285 conn->case_sensitive = True; 286 conn->case_preserve = True; 287 conn->short_case_preserve = True; 288} 289 290/**************************************************************************** 291 Restore case semantics. 292****************************************************************************/ 293 294static void restore_case_semantics(connection_struct *conn, uint32 file_attributes) 295{ 296 if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) 297 return; 298 299 conn->case_sensitive = saved_case_sensitive; 300 conn->case_preserve = saved_case_preserve; 301 conn->short_case_preserve = saved_short_case_preserve; 302} 303 304/**************************************************************************** 305 Utility function to map create disposition. 306****************************************************************************/ 307 308static int map_create_disposition( uint32 create_disposition) 309{ 310 int ret; 311 312 switch( create_disposition ) { 313 case FILE_CREATE: 314 /* create if not exist, fail if exist */ 315 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_FAIL); 316 break; 317 case FILE_SUPERSEDE: 318 case FILE_OVERWRITE_IF: 319 /* create if not exist, trunc if exist */ 320 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE); 321 break; 322 case FILE_OPEN: 323 /* fail if not exist, open if exists */ 324 ret = (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN); 325 break; 326 case FILE_OPEN_IF: 327 /* create if not exist, open if exists */ 328 ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_OPEN); 329 break; 330 case FILE_OVERWRITE: 331 /* fail if not exist, truncate if exists */ 332 ret = (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE); 333 break; 334 default: 335 DEBUG(0,("map_create_disposition: Incorrect value for create_disposition = %d\n", 336 create_disposition )); 337 return -1; 338 } 339 340 DEBUG(10,("map_create_disposition: Mapped create_disposition 0x%lx to 0x%x\n", 341 (unsigned long)create_disposition, ret )); 342 343 return ret; 344} 345 346/**************************************************************************** 347 Utility function to map share modes. 348****************************************************************************/ 349 350static int map_share_mode( char *fname, uint32 create_options, 351 uint32 *desired_access, uint32 share_access, uint32 file_attributes) 352{ 353 int smb_open_mode = -1; 354 uint32 original_desired_access = *desired_access; 355 356 /* 357 * Convert GENERIC bits to specific bits. 358 */ 359 360 se_map_generic(desired_access, &file_generic_mapping); 361 362 switch( *desired_access & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA) ) { 363 case FILE_READ_DATA: 364 smb_open_mode = DOS_OPEN_RDONLY; 365 break; 366 case FILE_WRITE_DATA: 367 case FILE_APPEND_DATA: 368 case FILE_WRITE_DATA|FILE_APPEND_DATA: 369 smb_open_mode = DOS_OPEN_WRONLY; 370 break; 371 case FILE_READ_DATA|FILE_WRITE_DATA: 372 case FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA: 373 case FILE_READ_DATA|FILE_APPEND_DATA: 374 smb_open_mode = DOS_OPEN_RDWR; 375 break; 376 } 377 378 /* 379 * NB. For DELETE_ACCESS we should really check the 380 * directory permissions, as that is what controls 381 * delete, and for WRITE_DAC_ACCESS we should really 382 * check the ownership, as that is what controls the 383 * chmod. Note that this is *NOT* a security hole (this 384 * note is for you, Andrew) as we are not *allowing* 385 * the access at this point, the actual unlink or 386 * chown or chmod call would do this. We are just helping 387 * clients out by telling them if they have a hope 388 * of any of this succeeding. POSIX acls may still 389 * deny the real call. JRA. 390 */ 391 392 if (smb_open_mode == -1) { 393 394 if(*desired_access & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS| 395 FILE_EXECUTE|FILE_READ_ATTRIBUTES| 396 FILE_READ_EA|FILE_WRITE_EA|SYSTEM_SECURITY_ACCESS| 397 FILE_WRITE_ATTRIBUTES|READ_CONTROL_ACCESS)) { 398 smb_open_mode = DOS_OPEN_RDONLY; 399 } else if(*desired_access == 0) { 400 401 /* 402 * JRA - NT seems to sometimes send desired_access as zero. play it safe 403 * and map to a stat open. 404 */ 405 406 smb_open_mode = DOS_OPEN_RDONLY; 407 408 } else { 409 DEBUG(0,("map_share_mode: Incorrect value 0x%lx for desired_access to file %s\n", 410 (unsigned long)*desired_access, fname)); 411 return -1; 412 } 413 } 414 415 /* 416 * Set the special bit that means allow share delete. 417 * This is held outside the normal share mode bits at 1<<15. 418 * JRA. 419 */ 420 421 if(share_access & FILE_SHARE_DELETE) { 422 smb_open_mode |= ALLOW_SHARE_DELETE; 423 DEBUG(10,("map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x%x\n", smb_open_mode)); 424 } 425 426 if(*desired_access & DELETE_ACCESS) { 427 DEBUG(10,("map_share_mode: DELETE_ACCESS requested. open_mode = 0x%x\n", smb_open_mode)); 428 } 429 430 /* 431 * We need to store the intent to open for Delete. This 432 * is what determines if a delete on close flag can be set. 433 * This is the wrong way (and place) to store this, but for 2.2 this 434 * is the only practical way. JRA. 435 */ 436 437 if (create_options & FILE_DELETE_ON_CLOSE) { 438 /* 439 * W2K3 bug compatibility mode... To set delete on close 440 * the redirector must have *specifically* set DELETE_ACCESS 441 * in the desired_access field. Just asking for GENERIC_ALL won't do. JRA. 442 */ 443 444 if (!(original_desired_access & DELETE_ACCESS)) { 445 DEBUG(5,("map_share_mode: FILE_DELETE_ON_CLOSE requested without \ 446DELETE_ACCESS for file %s. (desired_access = 0x%lx)\n", 447 fname, (unsigned long)*desired_access)); 448 return -1; 449 } 450 /* Implicit delete access is *NOT* requested... */ 451 smb_open_mode |= DELETE_ON_CLOSE_FLAG; 452 DEBUG(10,("map_share_mode: FILE_DELETE_ON_CLOSE requested. open_mode = 0x%x\n", smb_open_mode)); 453 } 454 455 /* Add in the requested share mode. */ 456 switch( share_access & (FILE_SHARE_READ|FILE_SHARE_WRITE)) { 457 case FILE_SHARE_READ: 458 smb_open_mode |= SET_DENY_MODE(DENY_WRITE); 459 break; 460 case FILE_SHARE_WRITE: 461 smb_open_mode |= SET_DENY_MODE(DENY_READ); 462 break; 463 case (FILE_SHARE_READ|FILE_SHARE_WRITE): 464 smb_open_mode |= SET_DENY_MODE(DENY_NONE); 465 break; 466 case FILE_SHARE_NONE: 467 smb_open_mode |= SET_DENY_MODE(DENY_ALL); 468 break; 469 } 470 471 /* 472 * Handle an O_SYNC request. 473 */ 474 475 if(file_attributes & FILE_FLAG_WRITE_THROUGH) 476 smb_open_mode |= FILE_SYNC_OPENMODE; 477 478 DEBUG(10,("map_share_mode: Mapped desired access 0x%lx, share access 0x%lx, file attributes 0x%lx \ 479to open_mode 0x%x\n", (unsigned long)*desired_access, (unsigned long)share_access, 480 (unsigned long)file_attributes, smb_open_mode )); 481 482 return smb_open_mode; 483} 484 485/**************************************************************************** 486 Reply to an NT create and X call on a pipe. 487****************************************************************************/ 488 489static int nt_open_pipe(char *fname, connection_struct *conn, 490 char *inbuf, char *outbuf, int *ppnum) 491{ 492 smb_np_struct *p = NULL; 493 494 uint16 vuid = SVAL(inbuf, smb_uid); 495 int i; 496 497 DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname)); 498 499 /* See if it is one we want to handle. */ 500 501 if (lp_disable_spoolss() && strequal(fname, "\\spoolss")) 502 return(ERROR_BOTH(NT_STATUS_OBJECT_NAME_NOT_FOUND,ERRDOS,ERRbadpipe)); 503 504 for( i = 0; known_nt_pipes[i]; i++ ) 505 if( strequal(fname,known_nt_pipes[i])) 506 break; 507 508 if ( known_nt_pipes[i] == NULL ) 509 return(ERROR_BOTH(NT_STATUS_OBJECT_NAME_NOT_FOUND,ERRDOS,ERRbadpipe)); 510 511 /* Strip \\ off the name. */ 512 fname++; 513 514 DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname)); 515 516 p = open_rpc_pipe_p(fname, conn, vuid); 517 if (!p) 518 return(ERROR_DOS(ERRSRV,ERRnofids)); 519 520 *ppnum = p->pnum; 521 522 return 0; 523} 524 525/**************************************************************************** 526 Reply to an NT create and X call for pipes. 527****************************************************************************/ 528 529static int do_ntcreate_pipe_open(connection_struct *conn, 530 char *inbuf,char *outbuf,int length,int bufsize) 531{ 532 pstring fname; 533 int ret; 534 int pnum = -1; 535 char *p = NULL; 536 537 srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE); 538 539 if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0) 540 return ret; 541 542 /* 543 * Deal with pipe return. 544 */ 545 546 set_message(outbuf,34,0,True); 547 548 p = outbuf + smb_vwv2; 549 p++; 550 SSVAL(p,0,pnum); 551 p += 2; 552 SIVAL(p,0,FILE_WAS_OPENED); 553 p += 4; 554 p += 32; 555 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */ 556 p += 20; 557 /* File type. */ 558 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE); 559 /* Device state. */ 560 SSVAL(p,2, 0x5FF); /* ? */ 561 562 DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname)); 563 564 return chain_reply(inbuf,outbuf,length,bufsize); 565} 566 567/**************************************************************************** 568 Reply to an NT create and X call. 569****************************************************************************/ 570 571int reply_ntcreate_and_X(connection_struct *conn, 572 char *inbuf,char *outbuf,int length,int bufsize) 573{ 574 int result; 575 pstring fname; 576 enum FAKE_FILE_TYPE fake_file_type = FAKE_FILE_TYPE_NONE; 577 uint32 flags = IVAL(inbuf,smb_ntcreate_Flags); 578 uint32 desired_access = IVAL(inbuf,smb_ntcreate_DesiredAccess); 579 uint32 file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes); 580 uint32 share_access = IVAL(inbuf,smb_ntcreate_ShareAccess); 581 uint32 create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition); 582 uint32 create_options = IVAL(inbuf,smb_ntcreate_CreateOptions); 583 uint16 root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid); 584 SMB_BIG_UINT allocation_size = 0; 585 int smb_ofun; 586 int smb_open_mode; 587 /* Breakout the oplock request bits so we can set the 588 reply bits separately. */ 589 int oplock_request = 0; 590 int fmode=0,rmode=0; 591 /* Foxconn modified start pling 11/25/2009 */ 592 //SMB_OFF_T file_len = 0; 593 SMB_BIG_UINT file_len = 0; 594 /* Foxconn modified end pling 11/25/2009 */ 595 SMB_STRUCT_STAT sbuf; 596 int smb_action = 0; 597 BOOL bad_path = False; 598 files_struct *fsp=NULL; 599 char *p = NULL; 600 time_t c_time; 601 BOOL extended_oplock_granted = False; 602 NTSTATUS status; 603 604 START_PROFILE(SMBntcreateX); 605 606 DEBUG(10,("reply_ntcreateX: flags = 0x%x, desired_access = 0x%x \ 607file_attributes = 0x%x, share_access = 0x%x, create_disposition = 0x%x \ 608create_options = 0x%x root_dir_fid = 0x%x\n", flags, desired_access, file_attributes, 609 share_access, create_disposition, 610 create_options, root_dir_fid )); 611 612 /* If it's an IPC, use the pipe handler. */ 613 614 if (IS_IPC(conn)) { 615 if (lp_nt_pipe_support()) { 616 END_PROFILE(SMBntcreateX); 617 return do_ntcreate_pipe_open(conn,inbuf,outbuf,length,bufsize); 618 } else { 619 END_PROFILE(SMBntcreateX); 620 return(ERROR_DOS(ERRDOS,ERRnoaccess)); 621 } 622 } 623 624 if (create_options & FILE_OPEN_BY_FILE_ID) { 625 END_PROFILE(SMBntcreateX); 626 return ERROR_NT(NT_STATUS_NOT_SUPPORTED); 627 } 628 629 /* 630 * We need to construct the open_and_X ofun value from the 631 * NT values, as that's what our code is structured to accept. 632 */ 633 634 if((smb_ofun = map_create_disposition( create_disposition )) == -1) { 635 END_PROFILE(SMBntcreateX); 636 return(ERROR_DOS(ERRDOS,ERRnoaccess)); 637 } 638 639 /* 640 * Get the file name. 641 */ 642 643 if(root_dir_fid != 0) { 644 /* 645 * This filename is relative to a directory fid. 646 */ 647 pstring rel_fname; 648 files_struct *dir_fsp = file_fsp(inbuf,smb_ntcreate_RootDirectoryFid); 649 size_t dir_name_len; 650 651 if(!dir_fsp) { 652 END_PROFILE(SMBntcreateX); 653 return(ERROR_DOS(ERRDOS,ERRbadfid)); 654 } 655 656 if(!dir_fsp->is_directory) { 657 658 srvstr_get_path(inbuf, fname, smb_buf(inbuf), sizeof(fname), 0, STR_TERMINATE, &status,False); 659 if (!NT_STATUS_IS_OK(status)) { 660 END_PROFILE(SMBntcreateX); 661 return ERROR_NT(status); 662 } 663 664 /* 665 * Check to see if this is a mac fork of some kind. 666 */ 667 668 if( strchr_m(fname, ':')) { 669 END_PROFILE(SMBntcreateX); 670 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND); 671 } 672 673 /* 674 we need to handle the case when we get a 675 relative open relative to a file and the 676 pathname is blank - this is a reopen! 677 (hint from demyn plantenberg) 678 */ 679 680 END_PROFILE(SMBntcreateX); 681 return(ERROR_DOS(ERRDOS,ERRbadfid)); 682 } 683 684 /* 685 * Copy in the base directory name. 686 */ 687 688 pstrcpy( fname, dir_fsp->fsp_name ); 689 dir_name_len = strlen(fname); 690 691 /* 692 * Ensure it ends in a '\'. 693 */ 694 695 if(fname[dir_name_len-1] != '\\' && fname[dir_name_len-1] != '/') { 696 pstrcat(fname, "/"); 697 dir_name_len++; 698 } 699 700 srvstr_get_path(inbuf, rel_fname, smb_buf(inbuf), sizeof(rel_fname), 0, STR_TERMINATE, &status,False); 701 if (!NT_STATUS_IS_OK(status)) { 702 END_PROFILE(SMBntcreateX); 703 return ERROR_NT(status); 704 } 705 pstrcat(fname, rel_fname); 706 } else { 707 srvstr_get_path(inbuf, fname, smb_buf(inbuf), sizeof(fname), 0, STR_TERMINATE, &status,False); 708 if (!NT_STATUS_IS_OK(status)) { 709 END_PROFILE(SMBntcreateX); 710 return ERROR_NT(status); 711 } 712 713 /* 714 * Check to see if this is a mac fork of some kind. 715 */ 716 717 if( strchr_m(fname, ':')) { 718 719#ifdef HAVE_SYS_QUOTAS 720 if ((fake_file_type=is_fake_file(fname))!=FAKE_FILE_TYPE_NONE) { 721 /* 722 * here we go! support for changing the disk quotas --metze 723 * 724 * we need to fake up to open this MAGIC QUOTA file 725 * and return a valid FID 726 * 727 * w2k close this file directly after openening 728 * xp also tries a QUERY_FILE_INFO on the file and then close it 729 */ 730 } else { 731#endif 732 END_PROFILE(SMBntcreateX); 733 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND); 734#ifdef HAVE_SYS_QUOTAS 735 } 736#endif 737 } 738 } 739 740 /* 741 * Now contruct the smb_open_mode value from the filename, 742 * desired access and the share access. 743 */ 744 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf); 745 746 if((smb_open_mode = map_share_mode(fname, create_options, &desired_access, 747 share_access, 748 file_attributes)) == -1) { 749 END_PROFILE(SMBntcreateX); 750 return ERROR_NT(NT_STATUS_INVALID_PARAMETER); 751 } 752 753 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0; 754 if (oplock_request) { 755 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0; 756 } 757 758 /* 759 * Ordinary file or directory. 760 */ 761 762 /* 763 * Check if POSIX semantics are wanted. 764 */ 765 766 set_posix_case_semantics(conn, file_attributes); 767 768 unix_convert(fname,conn,0,&bad_path,&sbuf); 769 770 /* FAKE_FILE is a special case */ 771 if (fake_file_type == FAKE_FILE_TYPE_NONE) { 772 /* Normal file. */ 773 if (bad_path) { 774 restore_case_semantics(conn, file_attributes); 775 END_PROFILE(SMBntcreateX); 776 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND); 777 } 778 /* All file access must go through check_name() */ 779 if (!check_name(fname,conn)) { 780 restore_case_semantics(conn, file_attributes); 781 END_PROFILE(SMBntcreateX); 782 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRbadpath); 783 } 784 } 785 786#if 0 787 /* This is the correct thing to do (check every time) but can_delete is 788 expensive (it may have to read the parent directory permissions). So 789 for now we're not doing it unless we have a strong hint the client 790 is really going to delete this file. */ 791 if (desired_access & DELETE_ACCESS) { 792#else 793 /* Setting FILE_SHARE_DELETE is the hint. */ 794 if ((share_access & FILE_SHARE_DELETE) && (desired_access & DELETE_ACCESS)) { 795#endif 796 status = can_delete(conn, fname, file_attributes, bad_path, True); 797 /* We're only going to fail here if it's access denied, as that's the 798 only error we care about for "can we delete this ?" questions. */ 799 if (!NT_STATUS_IS_OK(status) && (NT_STATUS_EQUAL(status,NT_STATUS_ACCESS_DENIED) || 800 NT_STATUS_EQUAL(status,NT_STATUS_CANNOT_DELETE))) { 801 restore_case_semantics(conn, file_attributes); 802 END_PROFILE(SMBntcreateX); 803 return ERROR_NT(status); 804 } 805 } 806 807 /* 808 * If it's a request for a directory open, deal with it separately. 809 */ 810 811 if(create_options & FILE_DIRECTORY_FILE) { 812 oplock_request = 0; 813 814 /* Can't open a temp directory. IFS kit test. */ 815 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) { 816 END_PROFILE(SMBntcreateX); 817 return ERROR_NT(NT_STATUS_INVALID_PARAMETER); 818 } 819 820 fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, &smb_action); 821 822 restore_case_semantics(conn, file_attributes); 823 824 if(!fsp) { 825 END_PROFILE(SMBntcreateX); 826 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRnoaccess); 827 } 828 } else { 829 /* 830 * Ordinary file case. 831 */ 832 833 /* NB. We have a potential bug here. If we 834 * cause an oplock break to ourselves, then we 835 * could end up processing filename related 836 * SMB requests whilst we await the oplock 837 * break response. As we may have changed the 838 * filename case semantics to be POSIX-like, 839 * this could mean a filename request could 840 * fail when it should succeed. This is a rare 841 * condition, but eventually we must arrange 842 * to restore the correct case semantics 843 * before issuing an oplock break request to 844 * our client. JRA. */ 845 846 if (fake_file_type==FAKE_FILE_TYPE_NONE) { 847 fsp = open_file_shared1(conn,fname,&sbuf, 848 desired_access, 849 smb_open_mode, 850 smb_ofun,file_attributes,oplock_request, 851 &rmode,&smb_action); 852 } else { 853 /* to open a fake_file --metze */ 854 fsp = open_fake_file_shared1(fake_file_type,conn,fname,&sbuf, 855 desired_access, 856 smb_open_mode, 857 smb_ofun,file_attributes, oplock_request, 858 &rmode,&smb_action); 859 } 860 861 if (!fsp) { 862 /* We cheat here. There are two cases we 863 * care about. One is a directory rename, 864 * where the NT client will attempt to 865 * open the source directory for 866 * DELETE access. Note that when the 867 * NT client does this it does *not* 868 * set the directory bit in the 869 * request packet. This is translated 870 * into a read/write open 871 * request. POSIX states that any open 872 * for write request on a directory 873 * will generate an EISDIR error, so 874 * we can catch this here and open a 875 * pseudo handle that is flagged as a 876 * directory. The second is an open 877 * for a permissions read only, which 878 * we handle in the open_file_stat case. JRA. 879 */ 880 881 if(errno == EISDIR) { 882 883 /* 884 * Fail the open if it was explicitly a non-directory file. 885 */ 886 887 if (create_options & FILE_NON_DIRECTORY_FILE) { 888 restore_case_semantics(conn, file_attributes); 889 SSVAL(outbuf, smb_flg2, 890 SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES); 891 END_PROFILE(SMBntcreateX); 892 return ERROR_NT(NT_STATUS_FILE_IS_A_DIRECTORY); 893 } 894 895 oplock_request = 0; 896 fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, &smb_action); 897 898 if(!fsp) { 899 restore_case_semantics(conn, file_attributes); 900 END_PROFILE(SMBntcreateX); 901 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRnoaccess); 902 } 903 } else { 904 905 restore_case_semantics(conn, file_attributes); 906 END_PROFILE(SMBntcreateX); 907 if (open_was_deferred(SVAL(inbuf,smb_mid))) { 908 /* We have re-scheduled this call. */ 909 clear_cached_errors(); 910 return -1; 911 } 912 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRnoaccess); 913 } 914 } 915 } 916 917 restore_case_semantics(conn, file_attributes); 918 919 /* Foxconn modified start pling 11/25/2009 */ 920 //file_len = sbuf.st_size; 921 file_len = get_real_file_size(&sbuf); 922 /* Foxconn modified end pling 11/25/2009 */ 923 fmode = dos_mode(conn,fname,&sbuf); 924 if(fmode == 0) 925 fmode = FILE_ATTRIBUTE_NORMAL; 926 if (!fsp->is_directory && (fmode & aDIR)) { 927 close_file(fsp,False); 928 END_PROFILE(SMBntcreateX); 929 return ERROR_DOS(ERRDOS,ERRnoaccess); 930 } 931 932 /* Save the requested allocation size. */ 933 allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize); 934#ifdef LARGE_SMB_OFF_T 935 allocation_size |= (((SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize + 4)) << 32); 936#endif 937 if (allocation_size && (allocation_size > (SMB_BIG_UINT)file_len)) { 938 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size); 939 if (fsp->is_directory) { 940 close_file(fsp,False); 941 END_PROFILE(SMBntcreateX); 942 /* Can't set allocation size on a directory. */ 943 return ERROR_NT(NT_STATUS_ACCESS_DENIED); 944 } 945 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) { 946 close_file(fsp,False); 947 END_PROFILE(SMBntcreateX); 948 return ERROR_NT(NT_STATUS_DISK_FULL); 949 } 950 } else { 951 fsp->initial_allocation_size = smb_roundup(fsp->conn,(SMB_BIG_UINT)file_len); 952 } 953 954 /* 955 * If the caller set the extended oplock request bit 956 * and we granted one (by whatever means) - set the 957 * correct bit for extended oplock reply. 958 */ 959 960 if (oplock_request && lp_fake_oplocks(SNUM(conn))) 961 extended_oplock_granted = True; 962 963 if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) 964 extended_oplock_granted = True; 965 966#if 0 967 /* W2K sends back 42 words here ! If we do the same it breaks offline sync. Go figure... ? JRA. */ 968 set_message(outbuf,42,0,True); 969#else 970 set_message(outbuf,34,0,True); 971#endif 972 973 p = outbuf + smb_vwv2; 974 975 /* 976 * Currently as we don't support level II oplocks we just report 977 * exclusive & batch here. 978 */ 979 980 if (extended_oplock_granted) { 981 if (flags & REQUEST_BATCH_OPLOCK) { 982 SCVAL(p,0, BATCH_OPLOCK_RETURN); 983 } else { 984 SCVAL(p,0, EXCLUSIVE_OPLOCK_RETURN); 985 } 986 } else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type)) { 987 SCVAL(p,0, LEVEL_II_OPLOCK_RETURN); 988 } else { 989 SCVAL(p,0,NO_OPLOCK_RETURN); 990 } 991 992 p++; 993 SSVAL(p,0,fsp->fnum); 994 p += 2; 995 if ((create_disposition == FILE_SUPERSEDE) && (smb_action == FILE_WAS_OVERWRITTEN)) 996 SIVAL(p,0,FILE_WAS_SUPERSEDED); 997 else 998 SIVAL(p,0,smb_action); 999 p += 4; 1000 1001 /* Create time. */ 1002 c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))); 1003 1004 if (lp_dos_filetime_resolution(SNUM(conn))) { 1005 c_time &= ~1; 1006 sbuf.st_atime &= ~1; 1007 sbuf.st_mtime &= ~1; 1008 sbuf.st_mtime &= ~1; 1009 } 1010 1011 put_long_date(p,c_time); 1012 p += 8; 1013 put_long_date(p,sbuf.st_atime); /* access time */ 1014 p += 8; 1015 put_long_date(p,sbuf.st_mtime); /* write time */ 1016 p += 8; 1017 put_long_date(p,sbuf.st_mtime); /* change time */ 1018 p += 8; 1019 SIVAL(p,0,fmode); /* File Attributes. */ 1020 p += 4; 1021 /* Foxconn modified start pling 11/25/2009 */ 1022 /* Use 64 bit file size to support large files */ 1023 //SOFF_T(p, 0, get_allocation_size(conn,fsp,&sbuf)); 1024 SOFF64_T(p, 0, get_allocation_size(conn,fsp,&sbuf)); 1025 /* Foxconn modified end pling 11/25/2009 */ 1026 p += 8; 1027 /* Foxconn modified start pling 11/25/2009 */ 1028 /* Use 64 bit file size to support large files */ 1029 //SOFF_T(p,0,file_len); 1030 SOFF64_T(p,0,file_len); 1031 /* Foxconn modified end pling 11/25/2009 */ 1032 p += 8; 1033 if (flags & EXTENDED_RESPONSE_REQUIRED) 1034 SSVAL(p,2,0x7); 1035 p += 4; 1036 SCVAL(p,0,fsp->is_directory ? 1 : 0); 1037 1038 DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp->fnum, fsp->fsp_name)); 1039 1040 result = chain_reply(inbuf,outbuf,length,bufsize); 1041 END_PROFILE(SMBntcreateX); 1042 return result; 1043} 1044 1045/**************************************************************************** 1046 Reply to a NT_TRANSACT_CREATE call to open a pipe. 1047****************************************************************************/ 1048 1049static int do_nt_transact_create_pipe( connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, 1050 char **ppsetup, uint32 setup_count, 1051 char **ppparams, uint32 parameter_count, 1052 char **ppdata, uint32 data_count) 1053{ 1054 pstring fname; 1055 char *params = *ppparams; 1056 int ret; 1057 int pnum = -1; 1058 char *p = NULL; 1059 NTSTATUS status; 1060 1061 /* 1062 * Ensure minimum number of parameters sent. 1063 */ 1064 1065 if(parameter_count < 54) { 1066 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count)); 1067 return ERROR_DOS(ERRDOS,ERRnoaccess); 1068 } 1069 1070 srvstr_get_path(inbuf, fname, params+53, sizeof(fname), parameter_count-53, STR_TERMINATE, &status, False); 1071 if (!NT_STATUS_IS_OK(status)) { 1072 return ERROR_NT(status); 1073 } 1074 1075 if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0) 1076 return ret; 1077 1078 /* Realloc the size of parameters and data we will return */ 1079 params = nttrans_realloc(ppparams, 69); 1080 if(params == NULL) 1081 return ERROR_DOS(ERRDOS,ERRnomem); 1082 1083 p = params; 1084 SCVAL(p,0,NO_OPLOCK_RETURN); 1085 1086 p += 2; 1087 SSVAL(p,0,pnum); 1088 p += 2; 1089 SIVAL(p,0,FILE_WAS_OPENED); 1090 p += 8; 1091 1092 p += 32; 1093 SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */ 1094 p += 20; 1095 /* File type. */ 1096 SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE); 1097 /* Device state. */ 1098 SSVAL(p,2, 0x5FF); /* ? */ 1099 1100 DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname)); 1101 1102 /* Send the required number of replies */ 1103 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 69, *ppdata, 0); 1104 1105 return -1; 1106} 1107 1108/**************************************************************************** 1109 Internal fn to set security descriptors. 1110****************************************************************************/ 1111 1112static NTSTATUS set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 security_info_sent) 1113{ 1114 prs_struct pd; 1115 SEC_DESC *psd = NULL; 1116 TALLOC_CTX *mem_ctx; 1117 BOOL ret; 1118 1119 if (sd_len == 0 || !lp_nt_acl_support(SNUM(fsp->conn))) { 1120 return NT_STATUS_OK; 1121 } 1122 1123 /* 1124 * Init the parse struct we will unmarshall from. 1125 */ 1126 1127 if ((mem_ctx = talloc_init("set_sd")) == NULL) { 1128 DEBUG(0,("set_sd: talloc_init failed.\n")); 1129 return NT_STATUS_NO_MEMORY; 1130 } 1131 1132 prs_init(&pd, 0, mem_ctx, UNMARSHALL); 1133 1134 /* 1135 * Setup the prs_struct to point at the memory we just 1136 * allocated. 1137 */ 1138 1139 prs_give_memory( &pd, data, sd_len, False); 1140 1141 /* 1142 * Finally, unmarshall from the data buffer. 1143 */ 1144 1145 if(!sec_io_desc( "sd data", &psd, &pd, 1)) { 1146 DEBUG(0,("set_sd: Error in unmarshalling security descriptor.\n")); 1147 /* 1148 * Return access denied for want of a better error message.. 1149 */ 1150 talloc_destroy(mem_ctx); 1151 return NT_STATUS_NO_MEMORY; 1152 } 1153 1154 if (psd->off_owner_sid==0) 1155 security_info_sent &= ~OWNER_SECURITY_INFORMATION; 1156 if (psd->off_grp_sid==0) 1157 security_info_sent &= ~GROUP_SECURITY_INFORMATION; 1158 if (psd->off_sacl==0) 1159 security_info_sent &= ~SACL_SECURITY_INFORMATION; 1160 if (psd->off_dacl==0) 1161 security_info_sent &= ~DACL_SECURITY_INFORMATION; 1162 1163 ret = SMB_VFS_FSET_NT_ACL( fsp, fsp->fd, security_info_sent, psd); 1164 1165 if (!ret) { 1166 talloc_destroy(mem_ctx); 1167 return NT_STATUS_ACCESS_DENIED; 1168 } 1169 1170 talloc_destroy(mem_ctx); 1171 1172 return NT_STATUS_OK; 1173} 1174 1175/**************************************************************************** 1176 Reply to a NT_TRANSACT_CREATE call (needs to process SD's). 1177****************************************************************************/ 1178 1179static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, 1180 char **ppsetup, uint32 setup_count, 1181 char **ppparams, uint32 parameter_count, 1182 char **ppdata, uint32 data_count, uint32 max_data_count) 1183{ 1184 pstring fname; 1185 char *params = *ppparams; 1186 char *data = *ppdata; 1187 /* Breakout the oplock request bits so we can set the reply bits separately. */ 1188 int oplock_request = 0; 1189 int fmode=0,rmode=0; 1190 SMB_OFF_T file_len = 0; 1191 SMB_STRUCT_STAT sbuf; 1192 int smb_action = 0; 1193 BOOL bad_path = False; 1194 files_struct *fsp = NULL; 1195 char *p = NULL; 1196 BOOL extended_oplock_granted = False; 1197 uint32 flags; 1198 uint32 desired_access; 1199 uint32 file_attributes; 1200 uint32 share_access; 1201 uint32 create_disposition; 1202 uint32 create_options; 1203 uint32 sd_len; 1204 uint16 root_dir_fid; 1205 SMB_BIG_UINT allocation_size = 0; 1206 int smb_ofun; 1207 int smb_open_mode; 1208 time_t c_time; 1209 NTSTATUS status; 1210 1211 DEBUG(5,("call_nt_transact_create\n")); 1212 1213 /* 1214 * If it's an IPC, use the pipe handler. 1215 */ 1216 1217 if (IS_IPC(conn)) { 1218 if (lp_nt_pipe_support()) 1219 return do_nt_transact_create_pipe(conn, inbuf, outbuf, length, 1220 bufsize, 1221 ppsetup, setup_count, 1222 ppparams, parameter_count, 1223 ppdata, data_count); 1224 else 1225 return ERROR_DOS(ERRDOS,ERRnoaccess); 1226 } 1227 1228 /* 1229 * Ensure minimum number of parameters sent. 1230 */ 1231 1232 if(parameter_count < 54) { 1233 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)parameter_count)); 1234 return ERROR_DOS(ERRDOS,ERRnoaccess); 1235 } 1236 1237 flags = IVAL(params,0); 1238 desired_access = IVAL(params,8); 1239 file_attributes = IVAL(params,20); 1240 share_access = IVAL(params,24); 1241 create_disposition = IVAL(params,28); 1242 create_options = IVAL(params,32); 1243 sd_len = IVAL(params,36); 1244 root_dir_fid = (uint16)IVAL(params,4); 1245 1246 if (create_options & FILE_OPEN_BY_FILE_ID) { 1247 return ERROR_NT(NT_STATUS_NOT_SUPPORTED); 1248 } 1249 1250 /* 1251 * We need to construct the open_and_X ofun value from the 1252 * NT values, as that's what our code is structured to accept. 1253 */ 1254 1255 if((smb_ofun = map_create_disposition( create_disposition )) == -1) 1256 return ERROR_DOS(ERRDOS,ERRbadmem); 1257 1258 /* 1259 * Get the file name. 1260 */ 1261 1262 if(root_dir_fid != 0) { 1263 /* 1264 * This filename is relative to a directory fid. 1265 */ 1266 files_struct *dir_fsp = file_fsp(params,4); 1267 size_t dir_name_len; 1268 1269 if(!dir_fsp) 1270 return ERROR_DOS(ERRDOS,ERRbadfid); 1271 1272 if(!dir_fsp->is_directory) { 1273 srvstr_get_path(inbuf, fname, params+53, sizeof(fname), parameter_count-53, STR_TERMINATE, &status, False); 1274 if (!NT_STATUS_IS_OK(status)) { 1275 return ERROR_NT(status); 1276 } 1277 1278 /* 1279 * Check to see if this is a mac fork of some kind. 1280 */ 1281 1282 if( strchr_m(fname, ':')) 1283 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND); 1284 1285 return ERROR_DOS(ERRDOS,ERRbadfid); 1286 } 1287 1288 /* 1289 * Copy in the base directory name. 1290 */ 1291 1292 pstrcpy( fname, dir_fsp->fsp_name ); 1293 dir_name_len = strlen(fname); 1294 1295 /* 1296 * Ensure it ends in a '\'. 1297 */ 1298 1299 if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) { 1300 pstrcat(fname, "/"); 1301 dir_name_len++; 1302 } 1303 1304 { 1305 pstring tmpname; 1306 srvstr_get_path(inbuf, tmpname, params+53, sizeof(tmpname), parameter_count-53, STR_TERMINATE, &status, False); 1307 if (!NT_STATUS_IS_OK(status)) { 1308 return ERROR_NT(status); 1309 } 1310 pstrcat(fname, tmpname); 1311 } 1312 } else { 1313 srvstr_get_path(inbuf, fname, params+53, sizeof(fname), parameter_count-53, STR_TERMINATE, &status, False); 1314 if (!NT_STATUS_IS_OK(status)) { 1315 return ERROR_NT(status); 1316 } 1317 1318 /* 1319 * Check to see if this is a mac fork of some kind. 1320 */ 1321 1322 if( strchr_m(fname, ':')) 1323 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND); 1324 } 1325 1326 /* 1327 * Now contruct the smb_open_mode value from the desired access 1328 * and the share access. 1329 */ 1330 1331 if((smb_open_mode = map_share_mode( fname, create_options, &desired_access, 1332 share_access, file_attributes)) == -1) 1333 return ERROR_NT(NT_STATUS_INVALID_PARAMETER); 1334 1335 oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0; 1336 oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0; 1337 1338 /* 1339 * Check if POSIX semantics are wanted. 1340 */ 1341 1342 set_posix_case_semantics(conn, file_attributes); 1343 1344 RESOLVE_DFSPATH(fname, conn, inbuf, outbuf); 1345 1346 unix_convert(fname,conn,0,&bad_path,&sbuf); 1347 if (bad_path) { 1348 restore_case_semantics(conn, file_attributes); 1349 return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND); 1350 } 1351 /* All file access must go through check_name() */ 1352 if (!check_name(fname,conn)) { 1353 restore_case_semantics(conn, file_attributes); 1354 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRbadpath); 1355 } 1356 1357#if 0 1358 /* This is the correct thing to do (check every time) but can_delete is 1359 expensive (it may have to read the parent directory permissions). So 1360 for now we're not doing it unless we have a strong hint the client 1361 is really going to delete this file. */ 1362 if (desired_access & DELETE_ACCESS) { 1363#else 1364 /* Setting FILE_SHARE_DELETE is the hint. */ 1365 if ((share_access & FILE_SHARE_DELETE) && (desired_access & DELETE_ACCESS)) { 1366#endif 1367 status = can_delete(conn, fname, file_attributes, bad_path, True); 1368 /* We're only going to fail here if it's access denied, as that's the 1369 only error we care about for "can we delete this ?" questions. */ 1370 if (!NT_STATUS_IS_OK(status) && (NT_STATUS_EQUAL(status,NT_STATUS_ACCESS_DENIED) || 1371 NT_STATUS_EQUAL(status,NT_STATUS_CANNOT_DELETE))) { 1372 restore_case_semantics(conn, file_attributes); 1373 END_PROFILE(SMBntcreateX); 1374 return ERROR_NT(status); 1375 } 1376 } 1377 1378 /* 1379 * If it's a request for a directory open, deal with it separately. 1380 */ 1381 1382 if(create_options & FILE_DIRECTORY_FILE) { 1383 1384 /* Can't open a temp directory. IFS kit test. */ 1385 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) { 1386 return ERROR_NT(NT_STATUS_INVALID_PARAMETER); 1387 } 1388 1389 oplock_request = 0; 1390 1391 /* 1392 * We will get a create directory here if the Win32 1393 * app specified a security descriptor in the 1394 * CreateDirectory() call. 1395 */ 1396 1397 fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, &smb_action); 1398 1399 if(!fsp) { 1400 restore_case_semantics(conn, file_attributes); 1401 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRnoaccess); 1402 } 1403 1404 } else { 1405 1406 /* 1407 * Ordinary file case. 1408 */ 1409 1410 fsp = open_file_shared1(conn,fname,&sbuf,desired_access, 1411 smb_open_mode,smb_ofun,file_attributes, 1412 oplock_request,&rmode,&smb_action); 1413 1414 if (!fsp) { 1415 1416 if(errno == EISDIR) { 1417 1418 /* 1419 * Fail the open if it was explicitly a non-directory file. 1420 */ 1421 1422 if (create_options & FILE_NON_DIRECTORY_FILE) { 1423 restore_case_semantics(conn, file_attributes); 1424 SSVAL(outbuf, smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES); 1425 return ERROR_NT(NT_STATUS_FILE_IS_A_DIRECTORY); 1426 } 1427 1428 oplock_request = 0; 1429 fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, &smb_action); 1430 1431 if(!fsp) { 1432 restore_case_semantics(conn, file_attributes); 1433 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRnoaccess); 1434 } 1435 } else { 1436 restore_case_semantics(conn, file_attributes); 1437 if (open_was_deferred(SVAL(inbuf,smb_mid))) { 1438 /* We have re-scheduled this call. */ 1439 clear_cached_errors(); 1440 return -1; 1441 } 1442 return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRnoaccess); 1443 } 1444 } 1445 1446 file_len = sbuf.st_size; 1447 fmode = dos_mode(conn,fname,&sbuf); 1448 if(fmode == 0) 1449 fmode = FILE_ATTRIBUTE_NORMAL; 1450 1451 if (fmode & aDIR) { 1452 close_file(fsp,False); 1453 restore_case_semantics(conn, file_attributes); 1454 return ERROR_DOS(ERRDOS,ERRnoaccess); 1455 } 1456 1457 /* 1458 * If the caller set the extended oplock request bit 1459 * and we granted one (by whatever means) - set the 1460 * correct bit for extended oplock reply. 1461 */ 1462 1463 if (oplock_request && lp_fake_oplocks(SNUM(conn))) 1464 extended_oplock_granted = True; 1465 1466 if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) 1467 extended_oplock_granted = True; 1468 } 1469 1470 /* 1471 * Now try and apply the desired SD. 1472 */ 1473 1474 if (lp_nt_acl_support(SNUM(conn)) && sd_len && 1475 !NT_STATUS_IS_OK(status = set_sd( fsp, data, sd_len, ALL_SECURITY_INFORMATION))) { 1476 close_file(fsp,False); 1477 restore_case_semantics(conn, file_attributes); 1478 return ERROR_NT(status); 1479 } 1480 1481 restore_case_semantics(conn, file_attributes); 1482 1483 /* Save the requested allocation size. */ 1484 allocation_size = (SMB_BIG_UINT)IVAL(params,12); 1485#ifdef LARGE_SMB_OFF_T 1486 allocation_size |= (((SMB_BIG_UINT)IVAL(params,16)) << 32); 1487#endif 1488 if (allocation_size && (allocation_size > file_len)) { 1489 fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size); 1490 if (fsp->is_directory) { 1491 close_file(fsp,False); 1492 END_PROFILE(SMBntcreateX); 1493 /* Can't set allocation size on a directory. */ 1494 return ERROR_NT(NT_STATUS_ACCESS_DENIED); 1495 } 1496 if (vfs_allocate_file_space(fsp, fsp->initial_allocation_size) == -1) { 1497 close_file(fsp,False); 1498 return ERROR_NT(NT_STATUS_DISK_FULL); 1499 } 1500 } else { 1501 fsp->initial_allocation_size = smb_roundup(fsp->conn, (SMB_BIG_UINT)file_len); 1502 } 1503 1504 /* Realloc the size of parameters and data we will return */ 1505 params = nttrans_realloc(ppparams, 69); 1506 if(params == NULL) 1507 return ERROR_DOS(ERRDOS,ERRnomem); 1508 1509 p = params; 1510 if (extended_oplock_granted) 1511 SCVAL(p,0, BATCH_OPLOCK_RETURN); 1512 else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type)) 1513 SCVAL(p,0, LEVEL_II_OPLOCK_RETURN); 1514 else 1515 SCVAL(p,0,NO_OPLOCK_RETURN); 1516 1517 p += 2; 1518 SSVAL(p,0,fsp->fnum); 1519 p += 2; 1520 if ((create_disposition == FILE_SUPERSEDE) && (smb_action == FILE_WAS_OVERWRITTEN)) 1521 SIVAL(p,0,FILE_WAS_SUPERSEDED); 1522 else 1523 SIVAL(p,0,smb_action); 1524 p += 8; 1525 1526 /* Create time. */ 1527 c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))); 1528 1529 if (lp_dos_filetime_resolution(SNUM(conn))) { 1530 c_time &= ~1; 1531 sbuf.st_atime &= ~1; 1532 sbuf.st_mtime &= ~1; 1533 sbuf.st_mtime &= ~1; 1534 } 1535 1536 put_long_date(p,c_time); 1537 p += 8; 1538 put_long_date(p,sbuf.st_atime); /* access time */ 1539 p += 8; 1540 put_long_date(p,sbuf.st_mtime); /* write time */ 1541 p += 8; 1542 put_long_date(p,sbuf.st_mtime); /* change time */ 1543 p += 8; 1544 SIVAL(p,0,fmode); /* File Attributes. */ 1545 p += 4; 1546 SOFF_T(p, 0, get_allocation_size(conn,fsp,&sbuf)); 1547 p += 8; 1548 SOFF_T(p,0,file_len); 1549 p += 8; 1550 if (flags & EXTENDED_RESPONSE_REQUIRED) 1551 SSVAL(p,2,0x7); 1552 p += 4; 1553 SCVAL(p,0,fsp->is_directory ? 1 : 0); 1554 1555 DEBUG(5,("call_nt_transact_create: open name = %s\n", fname)); 1556 1557 /* Send the required number of replies */ 1558 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 69, *ppdata, 0); 1559 1560 return -1; 1561} 1562 1563/**************************************************************************** 1564 Reply to a NT CANCEL request. 1565****************************************************************************/ 1566 1567int reply_ntcancel(connection_struct *conn, 1568 char *inbuf,char *outbuf,int length,int bufsize) 1569{ 1570 /* 1571 * Go through and cancel any pending change notifies. 1572 */ 1573 1574 int mid = SVAL(inbuf,smb_mid); 1575 START_PROFILE(SMBntcancel); 1576 remove_pending_change_notify_requests_by_mid(mid); 1577 remove_pending_lock_requests_by_mid(mid); 1578 srv_cancel_sign_response(mid); 1579 1580 DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", mid)); 1581 1582 END_PROFILE(SMBntcancel); 1583 return(-1); 1584} 1585 1586/**************************************************************************** 1587 Copy a file. 1588****************************************************************************/ 1589 1590static NTSTATUS copy_internals(connection_struct *conn, char *oldname, char *newname, uint16 attrs) 1591{ 1592 BOOL bad_path_oldname = False; 1593 BOOL bad_path_newname = False; 1594 SMB_STRUCT_STAT sbuf1, sbuf2; 1595 pstring last_component_oldname; 1596 pstring last_component_newname; 1597 files_struct *fsp1,*fsp2; 1598 uint16 fmode; 1599 int access_mode; 1600 int smb_action; 1601 SMB_OFF_T ret=-1; 1602 int close_ret; 1603 NTSTATUS status = NT_STATUS_OK; 1604 1605 ZERO_STRUCT(sbuf1); 1606 ZERO_STRUCT(sbuf2); 1607 1608 /* No wildcards. */ 1609 if (ms_has_wild(newname) || ms_has_wild(oldname)) { 1610 return NT_STATUS_OBJECT_PATH_SYNTAX_BAD; 1611 } 1612 1613 if (!CAN_WRITE(conn)) 1614 return NT_STATUS_MEDIA_WRITE_PROTECTED; 1615 1616 unix_convert(oldname,conn,last_component_oldname,&bad_path_oldname,&sbuf1); 1617 if (bad_path_oldname) { 1618 return NT_STATUS_OBJECT_PATH_NOT_FOUND; 1619 } 1620 1621 /* Quick check for "." and ".." */ 1622 if (last_component_oldname[0] == '.') { 1623 if (!last_component_oldname[1] || (last_component_oldname[1] == '.' && !last_component_oldname[2])) { 1624 return NT_STATUS_OBJECT_NAME_INVALID; 1625 } 1626 } 1627 1628 /* Source must already exist. */ 1629 if (!VALID_STAT(sbuf1)) { 1630 return NT_STATUS_OBJECT_NAME_NOT_FOUND; 1631 } 1632 if (!check_name(oldname,conn)) { 1633 return NT_STATUS_ACCESS_DENIED; 1634 } 1635 1636 /* Ensure attributes match. */ 1637 fmode = dos_mode(conn,oldname,&sbuf1); 1638 if ((fmode & ~attrs) & (aHIDDEN | aSYSTEM)) 1639 return NT_STATUS_NO_SUCH_FILE; 1640 1641 unix_convert(newname,conn,last_component_newname,&bad_path_newname,&sbuf2); 1642 if (bad_path_newname) { 1643 return NT_STATUS_OBJECT_PATH_NOT_FOUND; 1644 } 1645 1646 /* Quick check for "." and ".." */ 1647 if (last_component_newname[0] == '.') { 1648 if (!last_component_newname[1] || (last_component_newname[1] == '.' && !last_component_newname[2])) { 1649 return NT_STATUS_OBJECT_NAME_INVALID; 1650 } 1651 } 1652 1653 /* Disallow if newname already exists. */ 1654 if (VALID_STAT(sbuf2)) { 1655 return NT_STATUS_OBJECT_NAME_COLLISION; 1656 } 1657 1658 if (!check_name(newname,conn)) { 1659 return NT_STATUS_ACCESS_DENIED; 1660 } 1661 1662 /* No links from a directory. */ 1663 if (S_ISDIR(sbuf1.st_mode)) { 1664 return NT_STATUS_FILE_IS_A_DIRECTORY; 1665 } 1666 1667 /* Ensure this is within the share. */ 1668 if (!reduce_name(conn, oldname) != 0) { 1669 return NT_STATUS_ACCESS_DENIED; 1670 } 1671 1672 DEBUG(10,("copy_internals: doing file copy %s to %s\n", oldname, newname)); 1673 1674 fsp1 = open_file_shared1(conn,oldname,&sbuf1,FILE_READ_DATA,SET_DENY_MODE(DENY_ALL)|SET_OPEN_MODE(DOS_OPEN_RDONLY), 1675 (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN),FILE_ATTRIBUTE_NORMAL,0, 1676 &access_mode,&smb_action); 1677 1678 if (!fsp1) { 1679 status = NT_STATUS_ACCESS_DENIED; 1680 if (unix_ERR_class == ERRDOS && unix_ERR_code == ERRbadshare) 1681 status = NT_STATUS_SHARING_VIOLATION; 1682 unix_ERR_class = 0; 1683 unix_ERR_code = 0; 1684 unix_ERR_ntstatus = NT_STATUS_OK; 1685 return status; 1686 } 1687 1688 fsp2 = open_file_shared1(conn,newname,&sbuf2,FILE_WRITE_DATA,SET_DENY_MODE(DENY_ALL)|SET_OPEN_MODE(DOS_OPEN_WRONLY), 1689 (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_FAIL),fmode,INTERNAL_OPEN_ONLY, 1690 &access_mode,&smb_action); 1691 1692 if (!fsp2) { 1693 status = NT_STATUS_ACCESS_DENIED; 1694 if (unix_ERR_class == ERRDOS && unix_ERR_code == ERRbadshare) 1695 status = NT_STATUS_SHARING_VIOLATION; 1696 unix_ERR_class = 0; 1697 unix_ERR_code = 0; 1698 unix_ERR_ntstatus = NT_STATUS_OK; 1699 close_file(fsp1,False); 1700 return status; 1701 } 1702 1703 if (sbuf1.st_size) 1704 ret = vfs_transfer_file(fsp1, fsp2, sbuf1.st_size); 1705 1706 /* 1707 * As we are opening fsp1 read-only we only expect 1708 * an error on close on fsp2 if we are out of space. 1709 * Thus we don't look at the error return from the 1710 * close of fsp1. 1711 */ 1712 close_file(fsp1,False); 1713 1714 /* Ensure the modtime is set correctly on the destination file. */ 1715 fsp_set_pending_modtime(fsp2, sbuf1.st_mtime); 1716 1717 close_ret = close_file(fsp2,False); 1718 1719 /* Grrr. We have to do this as open_file_shared1 adds aARCH when it 1720 creates the file. This isn't the correct thing to do in the copy case. JRA */ 1721 file_set_dosmode(conn, newname, fmode, &sbuf2, True); 1722 1723 if (ret < (SMB_OFF_T)sbuf1.st_size) { 1724 return NT_STATUS_DISK_FULL; 1725 } 1726 1727 if (close_ret != 0) { 1728 status = map_nt_error_from_unix(close_ret); 1729 DEBUG(3,("copy_internals: Error %s copy file %s to %s\n", 1730 nt_errstr(status), oldname, newname)); 1731 } 1732 return status; 1733} 1734 1735/**************************************************************************** 1736 Reply to a NT rename request. 1737****************************************************************************/ 1738 1739int reply_ntrename(connection_struct *conn, 1740 char *inbuf,char *outbuf,int length,int bufsize) 1741{ 1742 int outsize = 0; 1743 pstring oldname; 1744 pstring newname; 1745 char *p; 1746 NTSTATUS status; 1747 uint16 attrs = SVAL(inbuf,smb_vwv0); 1748 uint16 rename_type = SVAL(inbuf,smb_vwv1); 1749 1750 START_PROFILE(SMBntrename); 1751 1752 p = smb_buf(inbuf) + 1; 1753 p += srvstr_get_path(inbuf, oldname, p, sizeof(oldname), 0, STR_TERMINATE, &status, True); 1754 if (!NT_STATUS_IS_OK(status)) { 1755 END_PROFILE(SMBntrename); 1756 return ERROR_NT(status); 1757 } 1758 1759 if( strchr_m(oldname, ':')) { 1760 /* Can't rename a stream. */ 1761 END_PROFILE(SMBntrename); 1762 return ERROR_NT(NT_STATUS_ACCESS_DENIED); 1763 } 1764 1765 if (ms_has_wild(oldname)) { 1766 END_PROFILE(SMBntrename); 1767 return ERROR_NT(NT_STATUS_OBJECT_PATH_SYNTAX_BAD); 1768 } 1769 1770 p++; 1771 p += srvstr_get_path(inbuf, newname, p, sizeof(newname), 0, STR_TERMINATE, &status, False); 1772 if (!NT_STATUS_IS_OK(status)) { 1773 END_PROFILE(SMBntrename); 1774 return ERROR_NT(status); 1775 } 1776 1777 RESOLVE_DFSPATH(oldname, conn, inbuf, outbuf); 1778 RESOLVE_DFSPATH(newname, conn, inbuf, outbuf); 1779 1780 DEBUG(3,("reply_ntrename : %s -> %s\n",oldname,newname)); 1781 1782 switch(rename_type) { 1783 case RENAME_FLAG_RENAME: 1784 status = rename_internals(conn, oldname, newname, attrs, False); 1785 break; 1786 case RENAME_FLAG_HARD_LINK: 1787 status = hardlink_internals(conn, oldname, newname); 1788 break; 1789 case RENAME_FLAG_COPY: 1790 status = copy_internals(conn, oldname, newname, attrs); 1791 break; 1792 case RENAME_FLAG_MOVE_CLUSTER_INFORMATION: 1793 status = NT_STATUS_INVALID_PARAMETER; 1794 break; 1795 default: 1796 status = NT_STATUS_ACCESS_DENIED; /* Default error. */ 1797 break; 1798 } 1799 1800 if (!NT_STATUS_IS_OK(status)) { 1801 END_PROFILE(SMBntrename); 1802 if (open_was_deferred(SVAL(inbuf,smb_mid))) { 1803 /* We have re-scheduled this call. */ 1804 clear_cached_errors(); 1805 return -1; 1806 } 1807 return ERROR_NT(status); 1808 } 1809 1810 /* 1811 * Win2k needs a changenotify request response before it will 1812 * update after a rename.. 1813 */ 1814 process_pending_change_notify_queue((time_t)0); 1815 outsize = set_message(outbuf,0,0,True); 1816 1817 END_PROFILE(SMBntrename); 1818 return(outsize); 1819} 1820 1821/**************************************************************************** 1822 Reply to an unsolicited SMBNTtranss - just ignore it! 1823****************************************************************************/ 1824 1825int reply_nttranss(connection_struct *conn, 1826 char *inbuf,char *outbuf,int length,int bufsize) 1827{ 1828 START_PROFILE(SMBnttranss); 1829 DEBUG(4,("Ignoring nttranss of length %d\n",length)); 1830 END_PROFILE(SMBnttranss); 1831 return(-1); 1832} 1833 1834/**************************************************************************** 1835 Reply to a notify change - queue the request and 1836 don't allow a directory to be opened. 1837****************************************************************************/ 1838 1839static int call_nt_transact_notify_change(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, 1840 char **ppsetup, uint32 setup_count, 1841 char **ppparams, uint32 parameter_count, 1842 char **ppdata, uint32 data_count, uint32 max_data_count) 1843{ 1844 char *setup = *ppsetup; 1845 files_struct *fsp; 1846 uint32 flags; 1847 1848 if(setup_count < 6) 1849 return ERROR_DOS(ERRDOS,ERRbadfunc); 1850 1851 fsp = file_fsp(setup,4); 1852 flags = IVAL(setup, 0); 1853 1854 DEBUG(3,("call_nt_transact_notify_change\n")); 1855 1856 if(!fsp) 1857 return ERROR_DOS(ERRDOS,ERRbadfid); 1858 1859 if((!fsp->is_directory) || (conn != fsp->conn)) 1860 return ERROR_DOS(ERRDOS,ERRbadfid); 1861 1862 if (!change_notify_set(inbuf, fsp, conn, flags)) 1863 return(UNIXERROR(ERRDOS,ERRbadfid)); 1864 1865 DEBUG(3,("call_nt_transact_notify_change: notify change called on directory \ 1866name = %s\n", fsp->fsp_name )); 1867 1868 return -1; 1869} 1870 1871/**************************************************************************** 1872 Reply to an NT transact rename command. 1873****************************************************************************/ 1874 1875static int call_nt_transact_rename(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, 1876 char **ppsetup, uint32 setup_count, 1877 char **ppparams, uint32 parameter_count, 1878 char **ppdata, uint32 data_count, uint32 max_data_count) 1879{ 1880 char *params = *ppparams; 1881 pstring new_name; 1882 files_struct *fsp = NULL; 1883 BOOL replace_if_exists = False; 1884 NTSTATUS status; 1885 1886 if(parameter_count < 4) 1887 return ERROR_DOS(ERRDOS,ERRbadfunc); 1888 1889 fsp = file_fsp(params, 0); 1890 replace_if_exists = (SVAL(params,2) & RENAME_REPLACE_IF_EXISTS) ? True : False; 1891 CHECK_FSP(fsp, conn); 1892 srvstr_get_path(inbuf, new_name, params+4, sizeof(new_name), -1, STR_TERMINATE, &status, True); 1893 if (!NT_STATUS_IS_OK(status)) { 1894 return ERROR_NT(status); 1895 } 1896 1897 status = rename_internals(conn, fsp->fsp_name, 1898 new_name, 0, replace_if_exists); 1899 if (!NT_STATUS_IS_OK(status)) 1900 return ERROR_NT(status); 1901 1902 /* 1903 * Rename was successful. 1904 */ 1905 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); 1906 1907 DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n", 1908 fsp->fsp_name, new_name)); 1909 1910 /* 1911 * Win2k needs a changenotify request response before it will 1912 * update after a rename.. 1913 */ 1914 1915 process_pending_change_notify_queue((time_t)0); 1916 1917 return -1; 1918} 1919 1920/****************************************************************************** 1921 Fake up a completely empty SD. 1922*******************************************************************************/ 1923 1924static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd) 1925{ 1926 extern DOM_SID global_sid_World; 1927 size_t sd_size; 1928 1929 *ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size); 1930 if(!*ppsd) { 1931 DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n")); 1932 sd_size = 0; 1933 } 1934 1935 return sd_size; 1936} 1937 1938/**************************************************************************** 1939 Reply to query a security descriptor. 1940****************************************************************************/ 1941 1942static int call_nt_transact_query_security_desc(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, 1943 char **ppsetup, uint32 setup_count, 1944 char **ppparams, uint32 parameter_count, 1945 char **ppdata, uint32 data_count, uint32 max_data_count) 1946{ 1947 char *params = *ppparams; 1948 char *data = *ppdata; 1949 prs_struct pd; 1950 SEC_DESC *psd = NULL; 1951 size_t sd_size; 1952 uint32 security_info_wanted; 1953 TALLOC_CTX *mem_ctx; 1954 files_struct *fsp = NULL; 1955 1956 if(parameter_count < 8) 1957 return ERROR_DOS(ERRDOS,ERRbadfunc); 1958 1959 fsp = file_fsp(params,0); 1960 if(!fsp) 1961 return ERROR_DOS(ERRDOS,ERRbadfid); 1962 1963 security_info_wanted = IVAL(params,4); 1964 1965 DEBUG(3,("call_nt_transact_query_security_desc: file = %s\n", fsp->fsp_name )); 1966 1967 params = nttrans_realloc(ppparams, 4); 1968 if(params == NULL) 1969 return ERROR_DOS(ERRDOS,ERRnomem); 1970 1971 if ((mem_ctx = talloc_init("call_nt_transact_query_security_desc")) == NULL) { 1972 DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n")); 1973 return ERROR_DOS(ERRDOS,ERRnomem); 1974 } 1975 1976 /* 1977 * Get the permissions to return. 1978 */ 1979 1980 if (!lp_nt_acl_support(SNUM(conn))) 1981 sd_size = get_null_nt_acl(mem_ctx, &psd); 1982 else 1983 sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fd, security_info_wanted, &psd); 1984 1985 if (sd_size == 0) { 1986 talloc_destroy(mem_ctx); 1987 return(UNIXERROR(ERRDOS,ERRnoaccess)); 1988 } 1989 1990 DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %d.\n",(int)sd_size)); 1991 1992 SIVAL(params,0,(uint32)sd_size); 1993 1994 if(max_data_count < sd_size) { 1995 1996 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_BUFFER_TOO_SMALL, 1997 params, 4, *ppdata, 0); 1998 talloc_destroy(mem_ctx); 1999 return -1; 2000 } 2001 2002 /* 2003 * Allocate the data we will point this at. 2004 */ 2005 2006 data = nttrans_realloc(ppdata, sd_size); 2007 if(data == NULL) { 2008 talloc_destroy(mem_ctx); 2009 return ERROR_DOS(ERRDOS,ERRnomem); 2010 } 2011 2012 /* 2013 * Init the parse struct we will marshall into. 2014 */ 2015 2016 prs_init(&pd, 0, mem_ctx, MARSHALL); 2017 2018 /* 2019 * Setup the prs_struct to point at the memory we just 2020 * allocated. 2021 */ 2022 2023 prs_give_memory( &pd, data, (uint32)sd_size, False); 2024 2025 /* 2026 * Finally, linearize into the outgoing buffer. 2027 */ 2028 2029 if(!sec_io_desc( "sd data", &psd, &pd, 1)) { 2030 DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \ 2031security descriptor.\n")); 2032 /* 2033 * Return access denied for want of a better error message.. 2034 */ 2035 talloc_destroy(mem_ctx); 2036 return(UNIXERROR(ERRDOS,ERRnoaccess)); 2037 } 2038 2039 /* 2040 * Now we can delete the security descriptor. 2041 */ 2042 2043 talloc_destroy(mem_ctx); 2044 2045 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 4, data, (int)sd_size); 2046 return -1; 2047} 2048 2049/**************************************************************************** 2050 Reply to set a security descriptor. Map to UNIX perms or POSIX ACLs. 2051****************************************************************************/ 2052 2053static int call_nt_transact_set_security_desc(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, 2054 char **ppsetup, uint32 setup_count, 2055 char **ppparams, uint32 parameter_count, 2056 char **ppdata, uint32 data_count, uint32 max_data_count) 2057{ 2058 char *params= *ppparams; 2059 char *data = *ppdata; 2060 files_struct *fsp = NULL; 2061 uint32 security_info_sent = 0; 2062 NTSTATUS nt_status; 2063 2064 if(parameter_count < 8) 2065 return ERROR_DOS(ERRDOS,ERRbadfunc); 2066 2067 if((fsp = file_fsp(params,0)) == NULL) 2068 return ERROR_DOS(ERRDOS,ERRbadfid); 2069 2070 if(!lp_nt_acl_support(SNUM(conn))) 2071 goto done; 2072 2073 security_info_sent = IVAL(params,4); 2074 2075 DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name, 2076 (unsigned int)security_info_sent )); 2077 2078 if (data_count == 0) 2079 return ERROR_DOS(ERRDOS, ERRnoaccess); 2080 2081 if (!NT_STATUS_IS_OK(nt_status = set_sd( fsp, data, data_count, security_info_sent))) 2082 return ERROR_NT(nt_status); 2083 2084 done: 2085 2086 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); 2087 return -1; 2088} 2089 2090/**************************************************************************** 2091 Reply to NT IOCTL 2092****************************************************************************/ 2093 2094static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, 2095 char **ppsetup, uint32 setup_count, 2096 char **ppparams, uint32 parameter_count, 2097 char **ppdata, uint32 data_count, uint32 max_data_count) 2098{ 2099 uint32 function; 2100 uint16 fidnum; 2101 files_struct *fsp; 2102 uint8 isFSctl; 2103 uint8 compfilter; 2104 static BOOL logged_message; 2105 char *pdata = *ppdata; 2106 2107 if (setup_count != 8) { 2108 DEBUG(3,("call_nt_transact_ioctl: invalid setup count %d\n", setup_count)); 2109 return ERROR_NT(NT_STATUS_NOT_SUPPORTED); 2110 } 2111 2112 function = IVAL(*ppsetup, 0); 2113 fidnum = SVAL(*ppsetup, 4); 2114 isFSctl = CVAL(*ppsetup, 6); 2115 compfilter = CVAL(*ppsetup, 7); 2116 2117 DEBUG(10,("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n", 2118 function, fidnum, isFSctl, compfilter)); 2119 2120 fsp=file_fsp(*ppsetup, 4); 2121 /* this check is done in each implemented function case for now 2122 because I don't want to break anything... --metze 2123 FSP_BELONGS_CONN(fsp,conn);*/ 2124 2125 switch (function) { 2126 case FSCTL_SET_SPARSE: 2127 /* pretend this succeeded - tho strictly we should 2128 mark the file sparse (if the local fs supports it) 2129 so we can know if we need to pre-allocate or not */ 2130 2131 DEBUG(10,("FSCTL_SET_SPARSE: called on FID[0x%04X](but not implemented)\n", fidnum)); 2132 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); 2133 return -1; 2134 2135 case FSCTL_0x000900C0: 2136 /* pretend this succeeded - don't know what this really is 2137 but works ok like this --metze 2138 */ 2139 2140 DEBUG(10,("FSCTL_0x000900C0: called on FID[0x%04X](but not implemented)\n",fidnum)); 2141 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); 2142 return -1; 2143 2144 case FSCTL_GET_REPARSE_POINT: 2145 /* pretend this fail - my winXP does it like this 2146 * --metze 2147 */ 2148 2149 DEBUG(10,("FSCTL_GET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum)); 2150 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_NOT_A_REPARSE_POINT, NULL, 0, NULL, 0); 2151 return -1; 2152 2153 case FSCTL_SET_REPARSE_POINT: 2154 /* pretend this fail - I'm assuming this because of the FSCTL_GET_REPARSE_POINT case. 2155 * --metze 2156 */ 2157 2158 DEBUG(10,("FSCTL_SET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum)); 2159 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_NOT_A_REPARSE_POINT, NULL, 0, NULL, 0); 2160 return -1; 2161 2162 case FSCTL_GET_SHADOW_COPY_DATA: /* don't know if this name is right...*/ 2163 { 2164 /* 2165 * This is called to retrieve the number of Shadow Copies (a.k.a. snapshots) 2166 * and return their volume names. If max_data_count is 16, then it is just 2167 * asking for the number of volumes and length of the combined names. 2168 * 2169 * pdata is the data allocated by our caller, but that uses 2170 * total_data_count (which is 0 in our case) rather than max_data_count. 2171 * Allocate the correct amount and return the pointer to let 2172 * it be deallocated when we return. 2173 */ 2174 SHADOW_COPY_DATA *shadow_data = NULL; 2175 TALLOC_CTX *shadow_mem_ctx = NULL; 2176 BOOL labels = False; 2177 uint32 labels_data_count = 0; 2178 uint32 i; 2179 char *cur_pdata; 2180 2181 FSP_BELONGS_CONN(fsp,conn); 2182 2183 if (max_data_count < 16) { 2184 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) < 16 is invalid!\n", 2185 max_data_count)); 2186 return ERROR_NT(NT_STATUS_INVALID_PARAMETER); 2187 } 2188 2189 if (max_data_count > 16) { 2190 labels = True; 2191 } 2192 2193 shadow_mem_ctx = talloc_init("SHADOW_COPY_DATA"); 2194 if (shadow_mem_ctx == NULL) { 2195 DEBUG(0,("talloc_init(SHADOW_COPY_DATA) failed!\n")); 2196 return ERROR_NT(NT_STATUS_NO_MEMORY); 2197 } 2198 2199 shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA); 2200 if (shadow_data == NULL) { 2201 DEBUG(0,("talloc_zero() failed!\n")); 2202 talloc_destroy(shadow_mem_ctx); 2203 return ERROR_NT(NT_STATUS_NO_MEMORY); 2204 } 2205 2206 shadow_data->mem_ctx = shadow_mem_ctx; 2207 2208 /* 2209 * Call the VFS routine to actually do the work. 2210 */ 2211 if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp, shadow_data, labels)!=0) { 2212 talloc_destroy(shadow_data->mem_ctx); 2213 if (errno == ENOSYS) { 2214 DEBUG(5,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, not supported.\n", 2215 conn->connectpath)); 2216 return ERROR_NT(NT_STATUS_NOT_SUPPORTED); 2217 } else { 2218 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, failed.\n", 2219 conn->connectpath)); 2220 return ERROR_NT(NT_STATUS_UNSUCCESSFUL); 2221 } 2222 } 2223 2224 labels_data_count = (shadow_data->num_volumes*2*sizeof(SHADOW_COPY_LABEL))+2; 2225 2226 if (!labels) { 2227 data_count = 16; 2228 } else { 2229 data_count = 12+labels_data_count+4; 2230 } 2231 2232 if (max_data_count<data_count) { 2233 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) too small (%u) bytes needed!\n", 2234 max_data_count,data_count)); 2235 talloc_destroy(shadow_data->mem_ctx); 2236 return ERROR_NT(NT_STATUS_BUFFER_TOO_SMALL); 2237 } 2238 2239 pdata = nttrans_realloc(ppdata, data_count); 2240 if (pdata == NULL) { 2241 talloc_destroy(shadow_data->mem_ctx); 2242 return ERROR_NT(NT_STATUS_NO_MEMORY); 2243 } 2244 2245 cur_pdata = pdata; 2246 2247 /* num_volumes 4 bytes */ 2248 SIVAL(pdata,0,shadow_data->num_volumes); 2249 2250 if (labels) { 2251 /* num_labels 4 bytes */ 2252 SIVAL(pdata,4,shadow_data->num_volumes); 2253 } 2254 2255 /* needed_data_count 4 bytes */ 2256 SIVAL(pdata,8,labels_data_count); 2257 2258 cur_pdata+=12; 2259 2260 DEBUG(10,("FSCTL_GET_SHADOW_COPY_DATA: %u volumes for path[%s].\n", 2261 shadow_data->num_volumes,fsp->fsp_name)); 2262 if (labels && shadow_data->labels) { 2263 for (i=0;i<shadow_data->num_volumes;i++) { 2264 srvstr_push(outbuf, cur_pdata, shadow_data->labels[i], 2*sizeof(SHADOW_COPY_LABEL), STR_UNICODE|STR_TERMINATE); 2265 cur_pdata+=2*sizeof(SHADOW_COPY_LABEL); 2266 DEBUGADD(10,("Label[%u]: '%s'\n",i,shadow_data->labels[i])); 2267 } 2268 } 2269 2270 talloc_destroy(shadow_data->mem_ctx); 2271 2272 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, pdata, data_count); 2273 2274 return -1; 2275 } 2276 2277 case FSCTL_FIND_FILES_BY_SID: /* I hope this name is right */ 2278 { 2279 /* pretend this succeeded - 2280 * 2281 * we have to send back a list with all files owned by this SID 2282 * 2283 * but I have to check that --metze 2284 */ 2285 DOM_SID sid; 2286 uid_t uid; 2287 size_t sid_len = MIN(data_count-4,SID_MAX_SIZE); 2288 2289 DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum)); 2290 2291 FSP_BELONGS_CONN(fsp,conn); 2292 2293 /* unknown 4 bytes: this is not the length of the sid :-( */ 2294 /*unknown = IVAL(pdata,0);*/ 2295 2296 sid_parse(pdata+4,sid_len,&sid); 2297 DEBUGADD(10,("for SID: %s\n",sid_string_static(&sid))); 2298 2299 if (!NT_STATUS_IS_OK(sid_to_uid(&sid, &uid))) { 2300 DEBUG(0,("sid_to_uid: failed, sid[%s] sid_len[%lu]\n", 2301 sid_string_static(&sid),(unsigned long)sid_len)); 2302 uid = (-1); 2303 } 2304 2305 /* we can take a look at the find source :-) 2306 * 2307 * find ./ -uid $uid -name '*' is what we need here 2308 * 2309 * 2310 * and send 4bytes len and then NULL terminated unicode strings 2311 * for each file 2312 * 2313 * but I don't know how to deal with the paged results 2314 * (maybe we can hang the result anywhere in the fsp struct) 2315 * 2316 * we don't send all files at once 2317 * and at the next we should *not* start from the beginning, 2318 * so we have to cache the result 2319 * 2320 * --metze 2321 */ 2322 2323 /* this works for now... */ 2324 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); 2325 return -1; 2326 } 2327 default: 2328 if (!logged_message) { 2329 logged_message = True; /* Only print this once... */ 2330 DEBUG(0,("call_nt_transact_ioctl(0x%x): Currently not implemented.\n", 2331 function)); 2332 } 2333 } 2334 2335 return ERROR_NT(NT_STATUS_NOT_SUPPORTED); 2336} 2337 2338 2339#ifdef HAVE_SYS_QUOTAS 2340/**************************************************************************** 2341 Reply to get user quota 2342****************************************************************************/ 2343 2344static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, 2345 char **ppsetup, uint32 setup_count, 2346 char **ppparams, uint32 parameter_count, 2347 char **ppdata, uint32 data_count, uint32 max_data_count) 2348{ 2349 NTSTATUS nt_status = NT_STATUS_OK; 2350 char *params = *ppparams; 2351 char *pdata = *ppdata; 2352 char *entry; 2353 int data_len=0,param_len=0; 2354 int qt_len=0; 2355 int entry_len = 0; 2356 files_struct *fsp = NULL; 2357 uint16 level = 0; 2358 size_t sid_len; 2359 DOM_SID sid; 2360 BOOL start_enum = True; 2361 SMB_NTQUOTA_STRUCT qt; 2362 SMB_NTQUOTA_LIST *tmp_list; 2363 SMB_NTQUOTA_HANDLE *qt_handle = NULL; 2364 extern struct current_user current_user; 2365 2366 ZERO_STRUCT(qt); 2367 2368 /* access check */ 2369 if (current_user.uid != 0) { 2370 DEBUG(1,("get_user_quota: access_denied service [%s] user [%s]\n", 2371 lp_servicename(SNUM(conn)),conn->user)); 2372 return ERROR_DOS(ERRDOS,ERRnoaccess); 2373 } 2374 2375 /* 2376 * Ensure minimum number of parameters sent. 2377 */ 2378 2379 if (parameter_count < 4) { 2380 DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count)); 2381 return ERROR_DOS(ERRDOS,ERRinvalidparam); 2382 } 2383 2384 /* maybe we can check the quota_fnum */ 2385 fsp = file_fsp(params,0); 2386 if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) { 2387 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n")); 2388 return ERROR_NT(NT_STATUS_INVALID_HANDLE); 2389 } 2390 2391 /* the NULL pointer cheking for fsp->fake_file_handle->pd 2392 * is done by CHECK_NTQUOTA_HANDLE_OK() 2393 */ 2394 qt_handle = (SMB_NTQUOTA_HANDLE *)fsp->fake_file_handle->pd; 2395 2396 level = SVAL(params,2); 2397 2398 /* unknown 12 bytes leading in params */ 2399 2400 switch (level) { 2401 case TRANSACT_GET_USER_QUOTA_LIST_CONTINUE: 2402 /* seems that we should continue with the enum here --metze */ 2403 2404 if (qt_handle->quota_list!=NULL && 2405 qt_handle->tmp_list==NULL) { 2406 2407 /* free the list */ 2408 free_ntquota_list(&(qt_handle->quota_list)); 2409 2410 /* Realloc the size of parameters and data we will return */ 2411 param_len = 4; 2412 params = nttrans_realloc(ppparams, param_len); 2413 if(params == NULL) 2414 return ERROR_DOS(ERRDOS,ERRnomem); 2415 2416 data_len = 0; 2417 SIVAL(params,0,data_len); 2418 2419 break; 2420 } 2421 2422 start_enum = False; 2423 2424 case TRANSACT_GET_USER_QUOTA_LIST_START: 2425 2426 if (qt_handle->quota_list==NULL && 2427 qt_handle->tmp_list==NULL) { 2428 start_enum = True; 2429 } 2430 2431 if (start_enum && vfs_get_user_ntquota_list(fsp,&(qt_handle->quota_list))!=0) 2432 return ERROR_DOS(ERRSRV,ERRerror); 2433 2434 /* Realloc the size of parameters and data we will return */ 2435 param_len = 4; 2436 params = nttrans_realloc(ppparams, param_len); 2437 if(params == NULL) 2438 return ERROR_DOS(ERRDOS,ERRnomem); 2439 2440 /* we should not trust the value in max_data_count*/ 2441 max_data_count = MIN(max_data_count,2048); 2442 2443 pdata = nttrans_realloc(ppdata, max_data_count);/* should be max data count from client*/ 2444 if(pdata == NULL) 2445 return ERROR_DOS(ERRDOS,ERRnomem); 2446 2447 entry = pdata; 2448 2449 2450 /* set params Size of returned Quota Data 4 bytes*/ 2451 /* but set it later when we know it */ 2452 2453 /* for each entry push the data */ 2454 2455 if (start_enum) { 2456 qt_handle->tmp_list = qt_handle->quota_list; 2457 } 2458 2459 tmp_list = qt_handle->tmp_list; 2460 2461 for (;((tmp_list!=NULL)&&((qt_len +40+SID_MAX_SIZE)<max_data_count)); 2462 tmp_list=tmp_list->next,entry+=entry_len,qt_len+=entry_len) { 2463 2464 sid_len = sid_size(&tmp_list->quotas->sid); 2465 entry_len = 40 + sid_len; 2466 2467 /* nextoffset entry 4 bytes */ 2468 SIVAL(entry,0,entry_len); 2469 2470 /* then the len of the SID 4 bytes */ 2471 SIVAL(entry,4,sid_len); 2472 2473 /* unknown data 8 bytes SMB_BIG_UINT */ 2474 SBIG_UINT(entry,8,(SMB_BIG_UINT)0); /* this is not 0 in windows...-metze*/ 2475 2476 /* the used disk space 8 bytes SMB_BIG_UINT */ 2477 SBIG_UINT(entry,16,tmp_list->quotas->usedspace); 2478 2479 /* the soft quotas 8 bytes SMB_BIG_UINT */ 2480 SBIG_UINT(entry,24,tmp_list->quotas->softlim); 2481 2482 /* the hard quotas 8 bytes SMB_BIG_UINT */ 2483 SBIG_UINT(entry,32,tmp_list->quotas->hardlim); 2484 2485 /* and now the SID */ 2486 sid_linearize(entry+40, sid_len, &tmp_list->quotas->sid); 2487 } 2488 2489 qt_handle->tmp_list = tmp_list; 2490 2491 /* overwrite the offset of the last entry */ 2492 SIVAL(entry-entry_len,0,0); 2493 2494 data_len = 4+qt_len; 2495 /* overwrite the params quota_data_len */ 2496 SIVAL(params,0,data_len); 2497 2498 break; 2499 2500 case TRANSACT_GET_USER_QUOTA_FOR_SID: 2501 2502 /* unknown 4 bytes IVAL(pdata,0) */ 2503 2504 if (data_count < 8) { 2505 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count,8)); 2506 return ERROR_DOS(ERRDOS,ERRunknownlevel); 2507 } 2508 2509 sid_len = IVAL(pdata,4); 2510 /* Ensure this is less than 1mb. */ 2511 if (sid_len > (1024*1024)) { 2512 return ERROR_DOS(ERRDOS,ERRnomem); 2513 } 2514 2515 if (data_count < 8+sid_len) { 2516 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len))); 2517 return ERROR_DOS(ERRDOS,ERRunknownlevel); 2518 } 2519 2520 data_len = 4+40+sid_len; 2521 2522 if (max_data_count < data_len) { 2523 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: max_data_count(%d) < data_len(%d)\n", 2524 max_data_count, data_len)); 2525 param_len = 4; 2526 SIVAL(params,0,data_len); 2527 data_len = 0; 2528 nt_status = NT_STATUS_BUFFER_TOO_SMALL; 2529 break; 2530 } 2531 2532 sid_parse(pdata+8,sid_len,&sid); 2533 2534 2535 if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) { 2536 ZERO_STRUCT(qt); 2537 /* 2538 * we have to return zero's in all fields 2539 * instead of returning an error here 2540 * --metze 2541 */ 2542 } 2543 2544 /* Realloc the size of parameters and data we will return */ 2545 param_len = 4; 2546 params = nttrans_realloc(ppparams, param_len); 2547 if(params == NULL) 2548 return ERROR_DOS(ERRDOS,ERRnomem); 2549 2550 pdata = nttrans_realloc(ppdata, data_len); 2551 if(pdata == NULL) 2552 return ERROR_DOS(ERRDOS,ERRnomem); 2553 2554 entry = pdata; 2555 2556 /* set params Size of returned Quota Data 4 bytes*/ 2557 SIVAL(params,0,data_len); 2558 2559 /* nextoffset entry 4 bytes */ 2560 SIVAL(entry,0,0); 2561 2562 /* then the len of the SID 4 bytes */ 2563 SIVAL(entry,4,sid_len); 2564 2565 /* unknown data 8 bytes SMB_BIG_UINT */ 2566 SBIG_UINT(entry,8,(SMB_BIG_UINT)0); /* this is not 0 in windows...-mezte*/ 2567 2568 /* the used disk space 8 bytes SMB_BIG_UINT */ 2569 SBIG_UINT(entry,16,qt.usedspace); 2570 2571 /* the soft quotas 8 bytes SMB_BIG_UINT */ 2572 SBIG_UINT(entry,24,qt.softlim); 2573 2574 /* the hard quotas 8 bytes SMB_BIG_UINT */ 2575 SBIG_UINT(entry,32,qt.hardlim); 2576 2577 /* and now the SID */ 2578 sid_linearize(entry+40, sid_len, &sid); 2579 2580 break; 2581 2582 default: 2583 DEBUG(0,("do_nt_transact_get_user_quota: fnum %d unknown level 0x%04hX\n",fsp->fnum,level)); 2584 return ERROR_DOS(ERRSRV,ERRerror); 2585 break; 2586 } 2587 2588 send_nt_replies(inbuf, outbuf, bufsize, nt_status, params, param_len, pdata, data_len); 2589 2590 return -1; 2591} 2592 2593/**************************************************************************** 2594 Reply to set user quota 2595****************************************************************************/ 2596 2597static int call_nt_transact_set_user_quota(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, 2598 char **ppsetup, uint32 setup_count, 2599 char **ppparams, uint32 parameter_count, 2600 char **ppdata, uint32 data_count, uint32 max_data_count) 2601{ 2602 char *params = *ppparams; 2603 char *pdata = *ppdata; 2604 int data_len=0,param_len=0; 2605 SMB_NTQUOTA_STRUCT qt; 2606 size_t sid_len; 2607 DOM_SID sid; 2608 files_struct *fsp = NULL; 2609 2610 ZERO_STRUCT(qt); 2611 2612 /* access check */ 2613 if (current_user.uid != 0) { 2614 DEBUG(1,("set_user_quota: access_denied service [%s] user [%s]\n", 2615 lp_servicename(SNUM(conn)),conn->user)); 2616 return ERROR_DOS(ERRDOS,ERRnoaccess); 2617 } 2618 2619 /* 2620 * Ensure minimum number of parameters sent. 2621 */ 2622 2623 if (parameter_count < 2) { 2624 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count)); 2625 return ERROR_DOS(ERRDOS,ERRinvalidparam); 2626 } 2627 2628 /* maybe we can check the quota_fnum */ 2629 fsp = file_fsp(params,0); 2630 if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) { 2631 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n")); 2632 return ERROR_NT(NT_STATUS_INVALID_HANDLE); 2633 } 2634 2635 if (data_count < 40) { 2636 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count,40)); 2637 return ERROR_DOS(ERRDOS,ERRunknownlevel); 2638 } 2639 2640 /* offset to next quota record. 2641 * 4 bytes IVAL(pdata,0) 2642 * unused here... 2643 */ 2644 2645 /* sid len */ 2646 sid_len = IVAL(pdata,4); 2647 2648 if (data_count < 40+sid_len) { 2649 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count,(unsigned long)40+sid_len)); 2650 return ERROR_DOS(ERRDOS,ERRunknownlevel); 2651 } 2652 2653 /* unknown 8 bytes in pdata 2654 * maybe its the change time in NTTIME 2655 */ 2656 2657 /* the used space 8 bytes (SMB_BIG_UINT)*/ 2658 qt.usedspace = (SMB_BIG_UINT)IVAL(pdata,16); 2659#ifdef LARGE_SMB_OFF_T 2660 qt.usedspace |= (((SMB_BIG_UINT)IVAL(pdata,20)) << 32); 2661#else /* LARGE_SMB_OFF_T */ 2662 if ((IVAL(pdata,20) != 0)&& 2663 ((qt.usedspace != 0xFFFFFFFF)|| 2664 (IVAL(pdata,20)!=0xFFFFFFFF))) { 2665 /* more than 32 bits? */ 2666 return ERROR_DOS(ERRDOS,ERRunknownlevel); 2667 } 2668#endif /* LARGE_SMB_OFF_T */ 2669 2670 /* the soft quotas 8 bytes (SMB_BIG_UINT)*/ 2671 qt.softlim = (SMB_BIG_UINT)IVAL(pdata,24); 2672#ifdef LARGE_SMB_OFF_T 2673 qt.softlim |= (((SMB_BIG_UINT)IVAL(pdata,28)) << 32); 2674#else /* LARGE_SMB_OFF_T */ 2675 if ((IVAL(pdata,28) != 0)&& 2676 ((qt.softlim != 0xFFFFFFFF)|| 2677 (IVAL(pdata,28)!=0xFFFFFFFF))) { 2678 /* more than 32 bits? */ 2679 return ERROR_DOS(ERRDOS,ERRunknownlevel); 2680 } 2681#endif /* LARGE_SMB_OFF_T */ 2682 2683 /* the hard quotas 8 bytes (SMB_BIG_UINT)*/ 2684 qt.hardlim = (SMB_BIG_UINT)IVAL(pdata,32); 2685#ifdef LARGE_SMB_OFF_T 2686 qt.hardlim |= (((SMB_BIG_UINT)IVAL(pdata,36)) << 32); 2687#else /* LARGE_SMB_OFF_T */ 2688 if ((IVAL(pdata,36) != 0)&& 2689 ((qt.hardlim != 0xFFFFFFFF)|| 2690 (IVAL(pdata,36)!=0xFFFFFFFF))) { 2691 /* more than 32 bits? */ 2692 return ERROR_DOS(ERRDOS,ERRunknownlevel); 2693 } 2694#endif /* LARGE_SMB_OFF_T */ 2695 2696 sid_parse(pdata+40,sid_len,&sid); 2697 DEBUGADD(8,("SID: %s\n",sid_string_static(&sid))); 2698 2699 /* 44 unknown bytes left... */ 2700 2701 if (vfs_set_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) { 2702 return ERROR_DOS(ERRSRV,ERRerror); 2703 } 2704 2705 send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, param_len, pdata, data_len); 2706 2707 return -1; 2708} 2709#endif /* HAVE_SYS_QUOTAS */ 2710 2711/**************************************************************************** 2712 Reply to a SMBNTtrans. 2713****************************************************************************/ 2714 2715int reply_nttrans(connection_struct *conn, 2716 char *inbuf,char *outbuf,int length,int bufsize) 2717{ 2718 int outsize = 0; 2719 uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount); 2720#if 0 /* Not used. */ 2721 uint16 max_setup_count = CVAL(inbuf, smb_nt_MaxSetupCount); 2722 uint32 max_parameter_count = IVAL(inbuf, smb_nt_MaxParameterCount); 2723#endif /* Not used. */ 2724 uint32 total_parameter_count = IVAL(inbuf, smb_nt_TotalParameterCount); 2725 uint32 total_data_count = IVAL(inbuf, smb_nt_TotalDataCount); 2726 uint32 parameter_count = IVAL(inbuf,smb_nt_ParameterCount); 2727 uint32 parameter_offset = IVAL(inbuf,smb_nt_ParameterOffset); 2728 uint32 data_count = IVAL(inbuf,smb_nt_DataCount); 2729 uint32 data_offset = IVAL(inbuf,smb_nt_DataOffset); 2730 uint16 setup_count = 2*CVAL(inbuf,smb_nt_SetupCount); /* setup count is in *words* */ 2731 uint16 function_code = SVAL( inbuf, smb_nt_Function); 2732 char *params = NULL, *data = NULL, *setup = NULL; 2733 uint32 num_params_sofar, num_data_sofar; 2734 START_PROFILE(SMBnttrans); 2735 2736 if(global_oplock_break && 2737 ((function_code == NT_TRANSACT_CREATE) || 2738 (function_code == NT_TRANSACT_RENAME))) { 2739 /* 2740 * Queue this open message as we are the process of an oplock break. 2741 */ 2742 2743 DEBUG(2,("reply_nttrans: queueing message code 0x%x \ 2744due to being in oplock break state.\n", (unsigned int)function_code )); 2745 2746 push_oplock_pending_smb_message( inbuf, length); 2747 END_PROFILE(SMBnttrans); 2748 return -1; 2749 } 2750 2751 if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) { 2752 END_PROFILE(SMBnttrans); 2753 return ERROR_DOS(ERRSRV,ERRaccess); 2754 } 2755 2756 outsize = set_message(outbuf,0,0,True); 2757 2758 /* 2759 * All nttrans messages we handle have smb_wct == 19 + setup_count. 2760 * Ensure this is so as a sanity check. 2761 */ 2762 2763 if(CVAL(inbuf, smb_wct) != 19 + (setup_count/2)) { 2764 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n", 2765 CVAL(inbuf, smb_wct), 19 + (setup_count/2))); 2766 goto bad_param; 2767 } 2768 2769 /* Don't allow more than 128mb for each value. */ 2770 if ((total_parameter_count > (1024*1024*128)) || (total_data_count > (1024*1024*128))) { 2771 END_PROFILE(SMBnttrans); 2772 return ERROR_DOS(ERRDOS,ERRnomem); 2773 } 2774 2775 /* Allocate the space for the setup, the maximum needed parameters and data */ 2776 2777 if(setup_count > 0) 2778 setup = (char *)SMB_MALLOC(setup_count); 2779 if (total_parameter_count > 0) 2780 params = (char *)SMB_MALLOC(total_parameter_count); 2781 if (total_data_count > 0) 2782 data = (char *)SMB_MALLOC(total_data_count); 2783 2784 if ((total_parameter_count && !params) || (total_data_count && !data) || 2785 (setup_count && !setup)) { 2786 SAFE_FREE(setup); 2787 SAFE_FREE(params); 2788 SAFE_FREE(data); 2789 DEBUG(0,("reply_nttrans : Out of memory\n")); 2790 END_PROFILE(SMBnttrans); 2791 return ERROR_DOS(ERRDOS,ERRnomem); 2792 } 2793 2794 /* Copy the param and data bytes sent with this request into the params buffer */ 2795 num_params_sofar = parameter_count; 2796 num_data_sofar = data_count; 2797 2798 if (parameter_count > total_parameter_count || data_count > total_data_count) 2799 goto bad_param; 2800 2801 if(setup) { 2802 DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count)); 2803 if ((smb_nt_SetupStart + setup_count < smb_nt_SetupStart) || 2804 (smb_nt_SetupStart + setup_count < setup_count)) 2805 goto bad_param; 2806 if (smb_nt_SetupStart + setup_count > length) 2807 goto bad_param; 2808 2809 memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count); 2810 dump_data(10, setup, setup_count); 2811 } 2812 if(params) { 2813 DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count)); 2814 if ((parameter_offset + parameter_count < parameter_offset) || 2815 (parameter_offset + parameter_count < parameter_count)) 2816 goto bad_param; 2817 if ((smb_base(inbuf) + parameter_offset + parameter_count > inbuf + length)|| 2818 (smb_base(inbuf) + parameter_offset + parameter_count < smb_base(inbuf))) 2819 goto bad_param; 2820 2821 memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count); 2822 dump_data(10, params, parameter_count); 2823 } 2824 if(data) { 2825 DEBUG(10,("reply_nttrans: data_count = %d\n",data_count)); 2826 if ((data_offset + data_count < data_offset) || (data_offset + data_count < data_count)) 2827 goto bad_param; 2828 if ((smb_base(inbuf) + data_offset + data_count > inbuf + length) || 2829 (smb_base(inbuf) + data_offset + data_count < smb_base(inbuf))) 2830 goto bad_param; 2831 2832 memcpy( data, smb_base(inbuf) + data_offset, data_count); 2833 dump_data(10, data, data_count); 2834 } 2835 2836 srv_signing_trans_start(SVAL(inbuf,smb_mid)); 2837 2838 if(num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) { 2839 /* We need to send an interim response then receive the rest 2840 of the parameter/data bytes */ 2841 outsize = set_message(outbuf,0,0,True); 2842 srv_signing_trans_stop(); 2843 if (!send_smb(smbd_server_fd(),outbuf)) 2844 exit_server("reply_nttrans: send_smb failed."); 2845 2846 while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) { 2847 BOOL ret; 2848 uint32 parameter_displacement; 2849 uint32 data_displacement; 2850 2851 ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT); 2852 2853 /* 2854 * The sequence number for the trans reply is always 2855 * based on the last secondary received. 2856 */ 2857 2858 srv_signing_trans_start(SVAL(inbuf,smb_mid)); 2859 2860 if((ret && (CVAL(inbuf, smb_com) != SMBnttranss)) || !ret) { 2861 outsize = set_message(outbuf,0,0,True); 2862 if(ret) { 2863 DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n")); 2864 } else { 2865 DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n", 2866 (smb_read_error == READ_ERROR) ? "error" : "timeout" )); 2867 } 2868 goto bad_param; 2869 } 2870 2871 /* Revise total_params and total_data in case they have changed downwards */ 2872 if (IVAL(inbuf, smb_nts_TotalParameterCount) < total_parameter_count) 2873 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount); 2874 if (IVAL(inbuf, smb_nts_TotalDataCount) < total_data_count) 2875 total_data_count = IVAL(inbuf, smb_nts_TotalDataCount); 2876 2877 parameter_count = IVAL(inbuf,smb_nts_ParameterCount); 2878 parameter_offset = IVAL(inbuf, smb_nts_ParameterOffset); 2879 parameter_displacement = IVAL(inbuf, smb_nts_ParameterDisplacement); 2880 num_params_sofar += parameter_count; 2881 2882 data_count = IVAL(inbuf, smb_nts_DataCount); 2883 data_displacement = IVAL(inbuf, smb_nts_DataDisplacement); 2884 data_offset = IVAL(inbuf, smb_nts_DataOffset); 2885 num_data_sofar += data_count; 2886 2887 if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count) { 2888 DEBUG(0,("reply_nttrans2: data overflow in secondary nttrans packet")); 2889 goto bad_param; 2890 } 2891 2892 if (parameter_count) { 2893 if (parameter_displacement + parameter_count > total_parameter_count) 2894 goto bad_param; 2895 if ((parameter_displacement + parameter_count < parameter_displacement) || 2896 (parameter_displacement + parameter_count < parameter_count)) 2897 goto bad_param; 2898 if (parameter_displacement > total_parameter_count) 2899 goto bad_param; 2900 if ((smb_base(inbuf) + parameter_offset + parameter_count >= inbuf + bufsize) || 2901 (smb_base(inbuf) + parameter_offset + parameter_count < smb_base(inbuf))) 2902 goto bad_param; 2903 if (parameter_displacement + params < params) 2904 goto bad_param; 2905 2906 memcpy( ¶ms[parameter_displacement], smb_base(inbuf) + parameter_offset, parameter_count); 2907 } 2908 2909 if (data_count) { 2910 if (data_displacement + data_count > total_data_count) 2911 goto bad_param; 2912 if ((data_displacement + data_count < data_displacement) || 2913 (data_displacement + data_count < data_count)) 2914 goto bad_param; 2915 if (data_displacement > total_data_count) 2916 goto bad_param; 2917 if ((smb_base(inbuf) + data_offset + data_count >= inbuf + bufsize) || 2918 (smb_base(inbuf) + data_offset + data_count < smb_base(inbuf))) 2919 goto bad_param; 2920 if (data_displacement + data < data) 2921 goto bad_param; 2922 2923 memcpy( &data[data_displacement], smb_base(inbuf)+ data_offset, data_count); 2924 } 2925 } 2926 } 2927 2928 if (Protocol >= PROTOCOL_NT1) 2929 SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | FLAGS2_IS_LONG_NAME); 2930 2931 /* Now we must call the relevant NT_TRANS function */ 2932 switch(function_code) { 2933 case NT_TRANSACT_CREATE: 2934 START_PROFILE_NESTED(NT_transact_create); 2935 outsize = call_nt_transact_create(conn, inbuf, outbuf, 2936 length, bufsize, 2937 &setup, setup_count, 2938 ¶ms, total_parameter_count, 2939 &data, total_data_count, max_data_count); 2940 END_PROFILE_NESTED(NT_transact_create); 2941 break; 2942 case NT_TRANSACT_IOCTL: 2943 START_PROFILE_NESTED(NT_transact_ioctl); 2944 outsize = call_nt_transact_ioctl(conn, inbuf, outbuf, 2945 length, bufsize, 2946 &setup, setup_count, 2947 ¶ms, total_parameter_count, 2948 &data, total_data_count, max_data_count); 2949 END_PROFILE_NESTED(NT_transact_ioctl); 2950 break; 2951 case NT_TRANSACT_SET_SECURITY_DESC: 2952 START_PROFILE_NESTED(NT_transact_set_security_desc); 2953 outsize = call_nt_transact_set_security_desc(conn, inbuf, outbuf, 2954 length, bufsize, 2955 &setup, setup_count, 2956 ¶ms, total_parameter_count, 2957 &data, total_data_count, max_data_count); 2958 END_PROFILE_NESTED(NT_transact_set_security_desc); 2959 break; 2960 case NT_TRANSACT_NOTIFY_CHANGE: 2961 START_PROFILE_NESTED(NT_transact_notify_change); 2962 outsize = call_nt_transact_notify_change(conn, inbuf, outbuf, 2963 length, bufsize, 2964 &setup, setup_count, 2965 ¶ms, total_parameter_count, 2966 &data, total_data_count, max_data_count); 2967 END_PROFILE_NESTED(NT_transact_notify_change); 2968 break; 2969 case NT_TRANSACT_RENAME: 2970 START_PROFILE_NESTED(NT_transact_rename); 2971 outsize = call_nt_transact_rename(conn, inbuf, outbuf, 2972 length, bufsize, 2973 &setup, setup_count, 2974 ¶ms, total_parameter_count, 2975 &data, total_data_count, max_data_count); 2976 END_PROFILE_NESTED(NT_transact_rename); 2977 break; 2978 2979 case NT_TRANSACT_QUERY_SECURITY_DESC: 2980 START_PROFILE_NESTED(NT_transact_query_security_desc); 2981 outsize = call_nt_transact_query_security_desc(conn, inbuf, outbuf, 2982 length, bufsize, 2983 &setup, setup_count, 2984 ¶ms, total_parameter_count, 2985 &data, total_data_count, max_data_count); 2986 END_PROFILE_NESTED(NT_transact_query_security_desc); 2987 break; 2988#ifdef HAVE_SYS_QUOTAS 2989 case NT_TRANSACT_GET_USER_QUOTA: 2990 START_PROFILE_NESTED(NT_transact_get_user_quota); 2991 outsize = call_nt_transact_get_user_quota(conn, inbuf, outbuf, 2992 length, bufsize, 2993 &setup, setup_count, 2994 ¶ms, total_parameter_count, 2995 &data, total_data_count, max_data_count); 2996 END_PROFILE_NESTED(NT_transact_get_user_quota); 2997 break; 2998 case NT_TRANSACT_SET_USER_QUOTA: 2999 START_PROFILE_NESTED(NT_transact_set_user_quota); 3000 outsize = call_nt_transact_set_user_quota(conn, inbuf, outbuf, 3001 length, bufsize, 3002 &setup, setup_count, 3003 ¶ms, total_parameter_count, 3004 &data, total_data_count, max_data_count); 3005 END_PROFILE_NESTED(NT_transact_set_user_quota); 3006 break; 3007#endif /* HAVE_SYS_QUOTAS */ 3008 default: 3009 /* Error in request */ 3010 DEBUG(0,("reply_nttrans: Unknown request %d in nttrans call\n", function_code)); 3011 SAFE_FREE(setup); 3012 SAFE_FREE(params); 3013 SAFE_FREE(data); 3014 END_PROFILE(SMBnttrans); 3015 srv_signing_trans_stop(); 3016 return ERROR_DOS(ERRSRV,ERRerror); 3017 } 3018 3019 /* As we do not know how many data packets will need to be 3020 returned here the various call_nt_transact_xxxx calls 3021 must send their own. Thus a call_nt_transact_xxxx routine only 3022 returns a value other than -1 when it wants to send 3023 an error packet. 3024 */ 3025 3026 srv_signing_trans_stop(); 3027 3028 SAFE_FREE(setup); 3029 SAFE_FREE(params); 3030 SAFE_FREE(data); 3031 END_PROFILE(SMBnttrans); 3032 return outsize; /* If a correct response was needed the call_nt_transact_xxxx 3033 calls have already sent it. If outsize != -1 then it is 3034 returning an error packet. */ 3035 3036 bad_param: 3037 3038 srv_signing_trans_stop(); 3039 SAFE_FREE(params); 3040 SAFE_FREE(data); 3041 SAFE_FREE(setup); 3042 END_PROFILE(SMBnttrans); 3043 return ERROR_NT(NT_STATUS_INVALID_PARAMETER); 3044} 3045