root/source3/smbd/nttrans.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. nttrans_realloc
  2. send_nt_replies
  3. is_ntfs_stream_name
  4. nt_open_pipe
  5. do_ntcreate_pipe_open
  6. reply_ntcreate_and_X
  7. do_nt_transact_create_pipe
  8. set_sd
  9. read_nttrans_ea_list
  10. call_nt_transact_create
  11. reply_ntcancel
  12. copy_internals
  13. reply_ntrename
  14. call_nt_transact_notify_change
  15. call_nt_transact_rename
  16. get_null_nt_acl
  17. call_nt_transact_query_security_desc
  18. call_nt_transact_set_security_desc
  19. call_nt_transact_ioctl
  20. call_nt_transact_get_user_quota
  21. call_nt_transact_set_user_quota
  22. handle_nttrans
  23. reply_nttrans
  24. reply_nttranss

   1 /*
   2    Unix SMB/CIFS implementation.
   3    SMB NT transaction handling
   4    Copyright (C) Jeremy Allison                 1994-2007
   5    Copyright (C) Stefan (metze) Metzmacher      2003
   6 
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11 
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16 
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20 
  21 #include "includes.h"
  22 #include "smbd/globals.h"
  23 
  24 extern enum protocol_types Protocol;
  25 extern const struct generic_mapping file_generic_mapping;
  26 
  27 static char *nttrans_realloc(char **ptr, size_t size)
     /* [<][>][^][v][top][bottom][index][help] */
  28 {
  29         if (ptr==NULL) {
  30                 smb_panic("nttrans_realloc() called with NULL ptr");
  31         }
  32 
  33         *ptr = (char *)SMB_REALLOC(*ptr, size);
  34         if(*ptr == NULL) {
  35                 return NULL;
  36         }
  37         memset(*ptr,'\0',size);
  38         return *ptr;
  39 }
  40 
  41 /****************************************************************************
  42  Send the required number of replies back.
  43  We assume all fields other than the data fields are
  44  set correctly for the type of call.
  45  HACK ! Always assumes smb_setup field is zero.
  46 ****************************************************************************/
  47 
  48 void send_nt_replies(connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
  49                         struct smb_request *req, NTSTATUS nt_error,
  50                      char *params, int paramsize,
  51                      char *pdata, int datasize)
  52 {
  53         int data_to_send = datasize;
  54         int params_to_send = paramsize;
  55         int useable_space;
  56         char *pp = params;
  57         char *pd = pdata;
  58         int params_sent_thistime, data_sent_thistime, total_sent_thistime;
  59         int alignment_offset = 3;
  60         int data_alignment_offset = 0;
  61 
  62         /*
  63          * If there genuinely are no parameters or data to send just send
  64          * the empty packet.
  65          */
  66 
  67         if(params_to_send == 0 && data_to_send == 0) {
  68                 reply_outbuf(req, 18, 0);
  69                 show_msg((char *)req->outbuf);
  70                 return;
  71         }
  72 
  73         /*
  74          * When sending params and data ensure that both are nicely aligned.
  75          * Only do this alignment when there is also data to send - else
  76          * can cause NT redirector problems.
  77          */
  78 
  79         if (((params_to_send % 4) != 0) && (data_to_send != 0)) {
  80                 data_alignment_offset = 4 - (params_to_send % 4);
  81         }
  82 
  83         /*
  84          * Space is bufsize minus Netbios over TCP header minus SMB header.
  85          * The alignment_offset is to align the param bytes on a four byte
  86          * boundary (2 bytes for data len, one byte pad).
  87          * NT needs this to work correctly.
  88          */
  89 
  90         useable_space = max_send - (smb_size
  91                                     + 2 * 18 /* wct */
  92                                     + alignment_offset
  93                                     + data_alignment_offset);
  94 
  95         if (useable_space < 0) {
  96                 char *msg = talloc_asprintf(
  97                         talloc_tos(),
  98                         "send_nt_replies failed sanity useable_space = %d!!!",
  99                         useable_space);
 100                 DEBUG(0, ("%s\n", msg));
 101                 exit_server_cleanly(msg);
 102         }
 103 
 104         while (params_to_send || data_to_send) {
 105 
 106                 /*
 107                  * Calculate whether we will totally or partially fill this packet.
 108                  */
 109 
 110                 total_sent_thistime = params_to_send + data_to_send;
 111 
 112                 /*
 113                  * We can never send more than useable_space.
 114                  */
 115 
 116                 total_sent_thistime = MIN(total_sent_thistime, useable_space);
 117 
 118                 reply_outbuf(req, 18,
 119                              total_sent_thistime + alignment_offset
 120                              + data_alignment_offset);
 121 
 122                 /*
 123                  * We might have had SMBnttranss in req->inbuf, fix that.
 124                  */
 125                 SCVAL(req->outbuf, smb_com, SMBnttrans);
 126 
 127                 /*
 128                  * Set total params and data to be sent.
 129                  */
 130 
 131                 SIVAL(req->outbuf,smb_ntr_TotalParameterCount,paramsize);
 132                 SIVAL(req->outbuf,smb_ntr_TotalDataCount,datasize);
 133 
 134                 /*
 135                  * Calculate how many parameters and data we can fit into
 136                  * this packet. Parameters get precedence.
 137                  */
 138 
 139                 params_sent_thistime = MIN(params_to_send,useable_space);
 140                 data_sent_thistime = useable_space - params_sent_thistime;
 141                 data_sent_thistime = MIN(data_sent_thistime,data_to_send);
 142 
 143                 SIVAL(req->outbuf, smb_ntr_ParameterCount,
 144                       params_sent_thistime);
 145 
 146                 if(params_sent_thistime == 0) {
 147                         SIVAL(req->outbuf,smb_ntr_ParameterOffset,0);
 148                         SIVAL(req->outbuf,smb_ntr_ParameterDisplacement,0);
 149                 } else {
 150                         /*
 151                          * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
 152                          * parameter bytes, however the first 4 bytes of outbuf are
 153                          * the Netbios over TCP header. Thus use smb_base() to subtract
 154                          * them from the calculation.
 155                          */
 156 
 157                         SIVAL(req->outbuf,smb_ntr_ParameterOffset,
 158                               ((smb_buf(req->outbuf)+alignment_offset)
 159                                - smb_base(req->outbuf)));
 160                         /*
 161                          * Absolute displacement of param bytes sent in this packet.
 162                          */
 163 
 164                         SIVAL(req->outbuf, smb_ntr_ParameterDisplacement,
 165                               pp - params);
 166                 }
 167 
 168                 /*
 169                  * Deal with the data portion.
 170                  */
 171 
 172                 SIVAL(req->outbuf, smb_ntr_DataCount, data_sent_thistime);
 173 
 174                 if(data_sent_thistime == 0) {
 175                         SIVAL(req->outbuf,smb_ntr_DataOffset,0);
 176                         SIVAL(req->outbuf,smb_ntr_DataDisplacement, 0);
 177                 } else {
 178                         /*
 179                          * The offset of the data bytes is the offset of the
 180                          * parameter bytes plus the number of parameters being sent this time.
 181                          */
 182 
 183                         SIVAL(req->outbuf, smb_ntr_DataOffset,
 184                               ((smb_buf(req->outbuf)+alignment_offset) -
 185                                smb_base(req->outbuf))
 186                               + params_sent_thistime + data_alignment_offset);
 187                         SIVAL(req->outbuf,smb_ntr_DataDisplacement, pd - pdata);
 188                 }
 189 
 190                 /*
 191                  * Copy the param bytes into the packet.
 192                  */
 193 
 194                 if(params_sent_thistime) {
 195                         if (alignment_offset != 0) {
 196                                 memset(smb_buf(req->outbuf), 0,
 197                                        alignment_offset);
 198                         }
 199                         memcpy((smb_buf(req->outbuf)+alignment_offset), pp,
 200                                params_sent_thistime);
 201                 }
 202 
 203                 /*
 204                  * Copy in the data bytes
 205                  */
 206 
 207                 if(data_sent_thistime) {
 208                         if (data_alignment_offset != 0) {
 209                                 memset((smb_buf(req->outbuf)+alignment_offset+
 210                                         params_sent_thistime), 0,
 211                                        data_alignment_offset);
 212                         }
 213                         memcpy(smb_buf(req->outbuf)+alignment_offset
 214                                +params_sent_thistime+data_alignment_offset,
 215                                pd,data_sent_thistime);
 216                 }
 217 
 218                 DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
 219                         params_sent_thistime, data_sent_thistime, useable_space));
 220                 DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
 221                         params_to_send, data_to_send, paramsize, datasize));
 222 
 223                 if (NT_STATUS_V(nt_error)) {
 224                         error_packet_set((char *)req->outbuf,
 225                                          0, 0, nt_error,
 226                                          __LINE__,__FILE__);
 227                 }
 228 
 229                 /* Send the packet */
 230                 show_msg((char *)req->outbuf);
 231                 if (!srv_send_smb(smbd_server_fd(),
 232                                 (char *)req->outbuf,
 233                                 IS_CONN_ENCRYPTED(conn),
 234                                 &req->pcd)) {
 235                         exit_server_cleanly("send_nt_replies: srv_send_smb failed.");
 236                 }
 237 
 238                 TALLOC_FREE(req->outbuf);
 239 
 240                 pp += params_sent_thistime;
 241                 pd += data_sent_thistime;
 242 
 243                 params_to_send -= params_sent_thistime;
 244                 data_to_send -= data_sent_thistime;
 245 
 246                 /*
 247                  * Sanity check
 248                  */
 249 
 250                 if(params_to_send < 0 || data_to_send < 0) {
 251                         DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
 252                                 params_to_send, data_to_send));
 253                         exit_server_cleanly("send_nt_replies: internal error");
 254                 }
 255         }
 256 }
 257 
 258 /****************************************************************************
 259  Is it an NTFS stream name ?
 260  An NTFS file name is <path>.<extention>:<stream name>:<stream type>
 261  $DATA can be used as both a stream name and a stream type. A missing stream
 262  name or type implies $DATA.
 263 
 264  Both Windows stream names and POSIX files can contain the ':' character.
 265  This function first checks for the existence of a colon in the last component
 266  of the given name.  If the name contains a colon we differentiate between a
 267  stream and POSIX file by checking if the latter exists through a POSIX stat.
 268 
 269  Function assumes we've already chdir() to the "root" directory of fname.
 270 ****************************************************************************/
 271 
 272 bool is_ntfs_stream_name(const char *fname)
     /* [<][>][^][v][top][bottom][index][help] */
 273 {
 274         const char *lastcomp;
 275         SMB_STRUCT_STAT sbuf;
 276 
 277         /* If all pathnames are treated as POSIX we ignore streams. */
 278         if (lp_posix_pathnames()) {
 279                 return false;
 280         }
 281 
 282         /* Find the last component of the name. */
 283         if ((lastcomp = strrchr_m(fname, '/')) != NULL)
 284                 ++lastcomp;
 285         else
 286                 lastcomp = fname;
 287 
 288         /* If there is no colon in the last component, it's not a stream. */
 289         if (strchr_m(lastcomp, ':') == NULL)
 290                 return false;
 291 
 292         /*
 293          * If file already exists on disk, it's not a stream. The stat must
 294          * bypass the vfs layer so streams modules don't intefere.
 295          */
 296         if (sys_stat(fname, &sbuf) == 0) {
 297                 DEBUG(5, ("is_ntfs_stream_name: file %s contains a ':' but is "
 298                         "not a stream\n", fname));
 299                 return false;
 300         }
 301 
 302         return true;
 303 }
 304 
 305 /****************************************************************************
 306  Reply to an NT create and X call on a pipe
 307 ****************************************************************************/
 308 
 309 static void nt_open_pipe(char *fname, connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
 310                          struct smb_request *req, int *ppnum)
 311 {
 312         files_struct *fsp;
 313         NTSTATUS status;
 314 
 315         DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
 316 
 317         /* Strip \\ off the name. */
 318         fname++;
 319 
 320         status = open_np_file(req, fname, &fsp);
 321         if (!NT_STATUS_IS_OK(status)) {
 322                 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
 323                         reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
 324                                         ERRDOS, ERRbadpipe);
 325                         return;
 326                 }
 327                 reply_nterror(req, status);
 328                 return;
 329         }
 330 
 331         *ppnum = fsp->fnum;
 332         return;
 333 }
 334 
 335 /****************************************************************************
 336  Reply to an NT create and X call for pipes.
 337 ****************************************************************************/
 338 
 339 static void do_ntcreate_pipe_open(connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
 340                                   struct smb_request *req)
 341 {
 342         char *fname = NULL;
 343         int pnum = -1;
 344         char *p = NULL;
 345         uint32 flags = IVAL(req->vwv+3, 1);
 346         TALLOC_CTX *ctx = talloc_tos();
 347 
 348         srvstr_pull_req_talloc(ctx, req, &fname, req->buf, STR_TERMINATE);
 349 
 350         if (!fname) {
 351                 reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND,
 352                                 ERRDOS, ERRbadpipe);
 353                 return;
 354         }
 355         nt_open_pipe(fname, conn, req, &pnum);
 356 
 357         if (req->outbuf) {
 358                 /* error reply */
 359                 return;
 360         }
 361 
 362         /*
 363          * Deal with pipe return.
 364          */
 365 
 366         if (flags & EXTENDED_RESPONSE_REQUIRED) {
 367                 /* This is very strange. We
 368                  * return 50 words, but only set
 369                  * the wcnt to 42 ? It's definately
 370                  * what happens on the wire....
 371                  */
 372                 reply_outbuf(req, 50, 0);
 373                 SCVAL(req->outbuf,smb_wct,42);
 374         } else {
 375                 reply_outbuf(req, 34, 0);
 376         }
 377 
 378         p = (char *)req->outbuf + smb_vwv2;
 379         p++;
 380         SSVAL(p,0,pnum);
 381         p += 2;
 382         SIVAL(p,0,FILE_WAS_OPENED);
 383         p += 4;
 384         p += 32;
 385         SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
 386         p += 20;
 387         /* File type. */
 388         SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
 389         /* Device state. */
 390         SSVAL(p,2, 0x5FF); /* ? */
 391         p += 4;
 392 
 393         if (flags & EXTENDED_RESPONSE_REQUIRED) {
 394                 p += 25;
 395                 SIVAL(p,0,FILE_GENERIC_ALL);
 396                 /*
 397                  * For pipes W2K3 seems to return
 398                  * 0x12019B next.
 399                  * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
 400                  */
 401                 SIVAL(p,4,(FILE_GENERIC_READ|FILE_GENERIC_WRITE)&~FILE_APPEND_DATA);
 402         }
 403 
 404         DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname));
 405 
 406         chain_reply(req);
 407 }
 408 
 409 /****************************************************************************
 410  Reply to an NT create and X call.
 411 ****************************************************************************/
 412 
 413 void reply_ntcreate_and_X(struct smb_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
 414 {
 415         connection_struct *conn = req->conn;
 416         char *fname = NULL;
 417         uint32 flags;
 418         uint32 access_mask;
 419         uint32 file_attributes;
 420         uint32 share_access;
 421         uint32 create_disposition;
 422         uint32 create_options;
 423         uint16 root_dir_fid;
 424         uint64_t allocation_size;
 425         /* Breakout the oplock request bits so we can set the
 426            reply bits separately. */
 427         uint32 fattr=0;
 428         SMB_OFF_T file_len = 0;
 429         SMB_STRUCT_STAT sbuf;
 430         int info = 0;
 431         files_struct *fsp = NULL;
 432         char *p = NULL;
 433         struct timespec c_timespec;
 434         struct timespec a_timespec;
 435         struct timespec m_timespec;
 436         NTSTATUS status;
 437         int oplock_request;
 438         uint8_t oplock_granted = NO_OPLOCK_RETURN;
 439         TALLOC_CTX *ctx = talloc_tos();
 440 
 441         START_PROFILE(SMBntcreateX);
 442 
 443         SET_STAT_INVALID(sbuf);
 444 
 445         if (req->wct < 24) {
 446                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
 447                 return;
 448         }
 449 
 450         flags = IVAL(req->vwv+3, 1);
 451         access_mask = IVAL(req->vwv+7, 1);
 452         file_attributes = IVAL(req->vwv+13, 1);
 453         share_access = IVAL(req->vwv+15, 1);
 454         create_disposition = IVAL(req->vwv+17, 1);
 455         create_options = IVAL(req->vwv+19, 1);
 456         root_dir_fid = (uint16)IVAL(req->vwv+5, 1);
 457 
 458         allocation_size = (uint64_t)IVAL(req->vwv+9, 1);
 459 #ifdef LARGE_SMB_OFF_T
 460         allocation_size |= (((uint64_t)IVAL(req->vwv+11, 1)) << 32);
 461 #endif
 462 
 463         srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf,
 464                             STR_TERMINATE, &status);
 465 
 466         if (!NT_STATUS_IS_OK(status)) {
 467                 reply_nterror(req, status);
 468                 END_PROFILE(SMBntcreateX);
 469                 return;
 470         }
 471 
 472         DEBUG(10,("reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x "
 473                   "file_attributes = 0x%x, share_access = 0x%x, "
 474                   "create_disposition = 0x%x create_options = 0x%x "
 475                   "root_dir_fid = 0x%x, fname = %s\n",
 476                         (unsigned int)flags,
 477                         (unsigned int)access_mask,
 478                         (unsigned int)file_attributes,
 479                         (unsigned int)share_access,
 480                         (unsigned int)create_disposition,
 481                         (unsigned int)create_options,
 482                         (unsigned int)root_dir_fid,
 483                         fname));
 484 
 485         /*
 486          * we need to remove ignored bits when they come directly from the client
 487          * because we reuse some of them for internal stuff
 488          */
 489         create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
 490 
 491         /*
 492          * If it's an IPC, use the pipe handler.
 493          */
 494 
 495         if (IS_IPC(conn)) {
 496                 if (lp_nt_pipe_support()) {
 497                         do_ntcreate_pipe_open(conn, req);
 498                         END_PROFILE(SMBntcreateX);
 499                         return;
 500                 }
 501                 reply_doserror(req, ERRDOS, ERRnoaccess);
 502                 END_PROFILE(SMBntcreateX);
 503                 return;
 504         }
 505 
 506         oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
 507         if (oplock_request) {
 508                 oplock_request |= (flags & REQUEST_BATCH_OPLOCK)
 509                         ? BATCH_OPLOCK : 0;
 510         }
 511 
 512         status = SMB_VFS_CREATE_FILE(
 513                 conn,                                   /* conn */
 514                 req,                                    /* req */
 515                 root_dir_fid,                           /* root_dir_fid */
 516                 fname,                                  /* fname */
 517                 CFF_DOS_PATH,                           /* create_file_flags */
 518                 access_mask,                            /* access_mask */
 519                 share_access,                           /* share_access */
 520                 create_disposition,                     /* create_disposition*/
 521                 create_options,                         /* create_options */
 522                 file_attributes,                        /* file_attributes */
 523                 oplock_request,                         /* oplock_request */
 524                 allocation_size,                        /* allocation_size */
 525                 NULL,                                   /* sd */
 526                 NULL,                                   /* ea_list */
 527                 &fsp,                                   /* result */
 528                 &info,                                  /* pinfo */
 529                 &sbuf);                                 /* psbuf */
 530 
 531         if (!NT_STATUS_IS_OK(status)) {
 532                 if (open_was_deferred(req->mid)) {
 533                         /* We have re-scheduled this call, no error. */
 534                         END_PROFILE(SMBntcreateX);
 535                         return;
 536                 }
 537                 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
 538                         reply_botherror(req, status, ERRDOS, ERRfilexists);
 539                 }
 540                 else {
 541                         reply_nterror(req, status);
 542                 }
 543                 END_PROFILE(SMBntcreateX);
 544                 return;
 545         }
 546 
 547         /*
 548          * If the caller set the extended oplock request bit
 549          * and we granted one (by whatever means) - set the
 550          * correct bit for extended oplock reply.
 551          */
 552 
 553         if (oplock_request &&
 554             (lp_fake_oplocks(SNUM(conn))
 555              || EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))) {
 556 
 557                 /*
 558                  * Exclusive oplock granted
 559                  */
 560 
 561                 if (flags & REQUEST_BATCH_OPLOCK) {
 562                         oplock_granted = BATCH_OPLOCK_RETURN;
 563                 } else {
 564                         oplock_granted = EXCLUSIVE_OPLOCK_RETURN;
 565                 }
 566         } else if (fsp->oplock_type == LEVEL_II_OPLOCK) {
 567                 oplock_granted = LEVEL_II_OPLOCK_RETURN;
 568         } else {
 569                 oplock_granted = NO_OPLOCK_RETURN;
 570         }
 571 
 572         file_len = sbuf.st_size;
 573         fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
 574         if (fattr == 0) {
 575                 fattr = FILE_ATTRIBUTE_NORMAL;
 576         }
 577 
 578         if (flags & EXTENDED_RESPONSE_REQUIRED) {
 579                 /* This is very strange. We
 580                  * return 50 words, but only set
 581                  * the wcnt to 42 ? It's definately
 582                  * what happens on the wire....
 583                  */
 584                 reply_outbuf(req, 50, 0);
 585                 SCVAL(req->outbuf,smb_wct,42);
 586         } else {
 587                 reply_outbuf(req, 34, 0);
 588         }
 589 
 590         p = (char *)req->outbuf + smb_vwv2;
 591 
 592         SCVAL(p, 0, oplock_granted);
 593 
 594         p++;
 595         SSVAL(p,0,fsp->fnum);
 596         p += 2;
 597         if ((create_disposition == FILE_SUPERSEDE)
 598             && (info == FILE_WAS_OVERWRITTEN)) {
 599                 SIVAL(p,0,FILE_WAS_SUPERSEDED);
 600         } else {
 601                 SIVAL(p,0,info);
 602         }
 603         p += 4;
 604 
 605         /* Create time. */
 606         c_timespec = get_create_timespec(
 607                 &sbuf,lp_fake_dir_create_times(SNUM(conn)));
 608         a_timespec = get_atimespec(&sbuf);
 609         m_timespec = get_mtimespec(&sbuf);
 610 
 611         if (lp_dos_filetime_resolution(SNUM(conn))) {
 612                 dos_filetime_timespec(&c_timespec);
 613                 dos_filetime_timespec(&a_timespec);
 614                 dos_filetime_timespec(&m_timespec);
 615         }
 616 
 617         put_long_date_timespec(conn->ts_res, p, c_timespec); /* create time. */
 618         p += 8;
 619         put_long_date_timespec(conn->ts_res, p, a_timespec); /* access time */
 620         p += 8;
 621         put_long_date_timespec(conn->ts_res, p, m_timespec); /* write time */
 622         p += 8;
 623         put_long_date_timespec(conn->ts_res, p, m_timespec); /* change time */
 624         p += 8;
 625         SIVAL(p,0,fattr); /* File Attributes. */
 626         p += 4;
 627         SOFF_T(p, 0, SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&sbuf));
 628         p += 8;
 629         SOFF_T(p,0,file_len);
 630         p += 8;
 631         if (flags & EXTENDED_RESPONSE_REQUIRED) {
 632                 SSVAL(p,2,0x7);
 633         }
 634         p += 4;
 635         SCVAL(p,0,fsp->is_directory ? 1 : 0);
 636 
 637         if (flags & EXTENDED_RESPONSE_REQUIRED) {
 638                 uint32 perms = 0;
 639                 p += 25;
 640                 if (fsp->is_directory
 641                     || can_write_to_file(conn, fsp->fsp_name, &sbuf)) {
 642                         perms = FILE_GENERIC_ALL;
 643                 } else {
 644                         perms = FILE_GENERIC_READ|FILE_EXECUTE;
 645                 }
 646                 SIVAL(p,0,perms);
 647         }
 648 
 649         DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n",
 650                  fsp->fnum, fsp->fsp_name));
 651 
 652         chain_reply(req);
 653         END_PROFILE(SMBntcreateX);
 654         return;
 655 }
 656 
 657 /****************************************************************************
 658  Reply to a NT_TRANSACT_CREATE call to open a pipe.
 659 ****************************************************************************/
 660 
 661 static void do_nt_transact_create_pipe(connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
 662                                        struct smb_request *req,
 663                                        uint16 **ppsetup, uint32 setup_count,
 664                                        char **ppparams, uint32 parameter_count,
 665                                        char **ppdata, uint32 data_count)
 666 {
 667         char *fname = NULL;
 668         char *params = *ppparams;
 669         int pnum = -1;
 670         char *p = NULL;
 671         NTSTATUS status;
 672         size_t param_len;
 673         uint32 flags;
 674         TALLOC_CTX *ctx = talloc_tos();
 675 
 676         /*
 677          * Ensure minimum number of parameters sent.
 678          */
 679 
 680         if(parameter_count < 54) {
 681                 DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)parameter_count));
 682                 reply_doserror(req, ERRDOS, ERRnoaccess);
 683                 return;
 684         }
 685 
 686         flags = IVAL(params,0);
 687 
 688         srvstr_get_path(ctx, params, req->flags2, &fname, params+53,
 689                         parameter_count-53, STR_TERMINATE,
 690                         &status);
 691         if (!NT_STATUS_IS_OK(status)) {
 692                 reply_nterror(req, status);
 693                 return;
 694         }
 695 
 696         nt_open_pipe(fname, conn, req, &pnum);
 697 
 698         if (req->outbuf) {
 699                 /* Error return */
 700                 return;
 701         }
 702 
 703         /* Realloc the size of parameters and data we will return */
 704         if (flags & EXTENDED_RESPONSE_REQUIRED) {
 705                 /* Extended response is 32 more byyes. */
 706                 param_len = 101;
 707         } else {
 708                 param_len = 69;
 709         }
 710         params = nttrans_realloc(ppparams, param_len);
 711         if(params == NULL) {
 712                 reply_doserror(req, ERRDOS, ERRnomem);
 713                 return;
 714         }
 715 
 716         p = params;
 717         SCVAL(p,0,NO_OPLOCK_RETURN);
 718 
 719         p += 2;
 720         SSVAL(p,0,pnum);
 721         p += 2;
 722         SIVAL(p,0,FILE_WAS_OPENED);
 723         p += 8;
 724 
 725         p += 32;
 726         SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
 727         p += 20;
 728         /* File type. */
 729         SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
 730         /* Device state. */
 731         SSVAL(p,2, 0x5FF); /* ? */
 732         p += 4;
 733 
 734         if (flags & EXTENDED_RESPONSE_REQUIRED) {
 735                 p += 25;
 736                 SIVAL(p,0,FILE_GENERIC_ALL);
 737                 /*
 738                  * For pipes W2K3 seems to return
 739                  * 0x12019B next.
 740                  * This is ((FILE_GENERIC_READ|FILE_GENERIC_WRITE) & ~FILE_APPEND_DATA)
 741                  */
 742                 SIVAL(p,4,(FILE_GENERIC_READ|FILE_GENERIC_WRITE)&~FILE_APPEND_DATA);
 743         }
 744 
 745         DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname));
 746 
 747         /* Send the required number of replies */
 748         send_nt_replies(conn, req, NT_STATUS_OK, params, param_len, *ppdata, 0);
 749 
 750         return;
 751 }
 752 
 753 /****************************************************************************
 754  Internal fn to set security descriptors.
 755 ****************************************************************************/
 756 
 757 static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len,
     /* [<][>][^][v][top][bottom][index][help] */
 758                        uint32 security_info_sent)
 759 {
 760         SEC_DESC *psd = NULL;
 761         NTSTATUS status;
 762 
 763         if (sd_len == 0 || !lp_nt_acl_support(SNUM(fsp->conn))) {
 764                 return NT_STATUS_OK;
 765         }
 766 
 767         status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
 768 
 769         if (!NT_STATUS_IS_OK(status)) {
 770                 return status;
 771         }
 772 
 773         if (psd->owner_sid == NULL) {
 774                 security_info_sent &= ~OWNER_SECURITY_INFORMATION;
 775         }
 776         if (psd->group_sid == NULL) {
 777                 security_info_sent &= ~GROUP_SECURITY_INFORMATION;
 778         }
 779 
 780         /* Convert all the generic bits. */
 781         security_acl_map_generic(psd->dacl, &file_generic_mapping);
 782         security_acl_map_generic(psd->sacl, &file_generic_mapping);
 783 
 784         if (DEBUGLEVEL >= 10) {
 785                 DEBUG(10,("set_sd for file %s\n", fsp->fsp_name ));
 786                 NDR_PRINT_DEBUG(security_descriptor, psd);
 787         }
 788 
 789         status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd);
 790 
 791         TALLOC_FREE(psd);
 792 
 793         return status;
 794 }
 795 
 796 /****************************************************************************
 797  Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
 798 ****************************************************************************/
 799 
 800 static struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
     /* [<][>][^][v][top][bottom][index][help] */
 801 {
 802         struct ea_list *ea_list_head = NULL;
 803         size_t offset = 0;
 804 
 805         if (data_size < 4) {
 806                 return NULL;
 807         }
 808 
 809         while (offset + 4 <= data_size) {
 810                 size_t next_offset = IVAL(pdata,offset);
 811                 struct ea_list *eal = read_ea_list_entry(ctx, pdata + offset + 4, data_size - offset - 4, NULL);
 812 
 813                 if (!eal) {
 814                         return NULL;
 815                 }
 816 
 817                 DLIST_ADD_END(ea_list_head, eal, struct ea_list *);
 818                 if (next_offset == 0) {
 819                         break;
 820                 }
 821                 offset += next_offset;
 822         }
 823 
 824         return ea_list_head;
 825 }
 826 
 827 /****************************************************************************
 828  Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
 829 ****************************************************************************/
 830 
 831 static void call_nt_transact_create(connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
 832                                     struct smb_request *req,
 833                                     uint16 **ppsetup, uint32 setup_count,
 834                                     char **ppparams, uint32 parameter_count,
 835                                     char **ppdata, uint32 data_count,
 836                                     uint32 max_data_count)
 837 {
 838         char *fname = NULL;
 839         char *params = *ppparams;
 840         char *data = *ppdata;
 841         /* Breakout the oplock request bits so we can set the reply bits separately. */
 842         uint32 fattr=0;
 843         SMB_OFF_T file_len = 0;
 844         SMB_STRUCT_STAT sbuf;
 845         int info = 0;
 846         files_struct *fsp = NULL;
 847         char *p = NULL;
 848         uint32 flags;
 849         uint32 access_mask;
 850         uint32 file_attributes;
 851         uint32 share_access;
 852         uint32 create_disposition;
 853         uint32 create_options;
 854         uint32 sd_len;
 855         struct security_descriptor *sd = NULL;
 856         uint32 ea_len;
 857         uint16 root_dir_fid;
 858         struct timespec c_timespec;
 859         struct timespec a_timespec;
 860         struct timespec m_timespec;
 861         struct ea_list *ea_list = NULL;
 862         NTSTATUS status;
 863         size_t param_len;
 864         uint64_t allocation_size;
 865         int oplock_request;
 866         uint8_t oplock_granted;
 867         TALLOC_CTX *ctx = talloc_tos();
 868 
 869         SET_STAT_INVALID(sbuf);
 870 
 871         DEBUG(5,("call_nt_transact_create\n"));
 872 
 873         /*
 874          * If it's an IPC, use the pipe handler.
 875          */
 876 
 877         if (IS_IPC(conn)) {
 878                 if (lp_nt_pipe_support()) {
 879                         do_nt_transact_create_pipe(
 880                                 conn, req,
 881                                 ppsetup, setup_count,
 882                                 ppparams, parameter_count,
 883                                 ppdata, data_count);
 884                         return;
 885                 }
 886                 reply_doserror(req, ERRDOS, ERRnoaccess);
 887                 return;
 888         }
 889 
 890         /*
 891          * Ensure minimum number of parameters sent.
 892          */
 893 
 894         if(parameter_count < 54) {
 895                 DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)parameter_count));
 896                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
 897                 return;
 898         }
 899 
 900         flags = IVAL(params,0);
 901         access_mask = IVAL(params,8);
 902         file_attributes = IVAL(params,20);
 903         share_access = IVAL(params,24);
 904         create_disposition = IVAL(params,28);
 905         create_options = IVAL(params,32);
 906         sd_len = IVAL(params,36);
 907         ea_len = IVAL(params,40);
 908         root_dir_fid = (uint16)IVAL(params,4);
 909         allocation_size = (uint64_t)IVAL(params,12);
 910 #ifdef LARGE_SMB_OFF_T
 911         allocation_size |= (((uint64_t)IVAL(params,16)) << 32);
 912 #endif
 913 
 914         /*
 915          * we need to remove ignored bits when they come directly from the client
 916          * because we reuse some of them for internal stuff
 917          */
 918         create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
 919 
 920         /* Ensure the data_len is correct for the sd and ea values given. */
 921         if ((ea_len + sd_len > data_count)
 922             || (ea_len > data_count) || (sd_len > data_count)
 923             || (ea_len + sd_len < ea_len) || (ea_len + sd_len < sd_len)) {
 924                 DEBUG(10, ("call_nt_transact_create - ea_len = %u, sd_len = "
 925                            "%u, data_count = %u\n", (unsigned int)ea_len,
 926                            (unsigned int)sd_len, (unsigned int)data_count));
 927                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
 928                 return;
 929         }
 930 
 931         if (sd_len) {
 932                 DEBUG(10, ("call_nt_transact_create - sd_len = %d\n",
 933                            sd_len));
 934 
 935                 status = unmarshall_sec_desc(ctx, (uint8_t *)data, sd_len,
 936                                              &sd);
 937                 if (!NT_STATUS_IS_OK(status)) {
 938                         DEBUG(10, ("call_nt_transact_create: "
 939                                    "unmarshall_sec_desc failed: %s\n",
 940                                    nt_errstr(status)));
 941                         reply_nterror(req, status);
 942                         return;
 943                 }
 944         }
 945 
 946         if (ea_len) {
 947                 if (!lp_ea_support(SNUM(conn))) {
 948                         DEBUG(10, ("call_nt_transact_create - ea_len = %u but "
 949                                    "EA's not supported.\n",
 950                                    (unsigned int)ea_len));
 951                         reply_nterror(req, NT_STATUS_EAS_NOT_SUPPORTED);
 952                         return;
 953                 }
 954 
 955                 if (ea_len < 10) {
 956                         DEBUG(10,("call_nt_transact_create - ea_len = %u - "
 957                                   "too small (should be more than 10)\n",
 958                                   (unsigned int)ea_len ));
 959                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
 960                         return;
 961                 }
 962 
 963                 /* We have already checked that ea_len <= data_count here. */
 964                 ea_list = read_nttrans_ea_list(talloc_tos(), data + sd_len,
 965                                                ea_len);
 966                 if (ea_list == NULL) {
 967                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
 968                         return;
 969                 }
 970         }
 971 
 972         srvstr_get_path(ctx, params, req->flags2, &fname,
 973                         params+53, parameter_count-53,
 974                         STR_TERMINATE, &status);
 975         if (!NT_STATUS_IS_OK(status)) {
 976                 reply_nterror(req, status);
 977                 return;
 978         }
 979 
 980         oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
 981         if (oplock_request) {
 982                 oplock_request |= (flags & REQUEST_BATCH_OPLOCK)
 983                         ? BATCH_OPLOCK : 0;
 984         }
 985 
 986         status = SMB_VFS_CREATE_FILE(
 987                 conn,                                   /* conn */
 988                 req,                                    /* req */
 989                 root_dir_fid,                           /* root_dir_fid */
 990                 fname,                                  /* fname */
 991                 CFF_DOS_PATH,                           /* create_file_flags */
 992                 access_mask,                            /* access_mask */
 993                 share_access,                           /* share_access */
 994                 create_disposition,                     /* create_disposition*/
 995                 create_options,                         /* create_options */
 996                 file_attributes,                        /* file_attributes */
 997                 oplock_request,                         /* oplock_request */
 998                 allocation_size,                        /* allocation_size */
 999                 sd,                                     /* sd */
1000                 ea_list,                                /* ea_list */
1001                 &fsp,                                   /* result */
1002                 &info,                                  /* pinfo */
1003                 &sbuf);                                 /* psbuf */
1004 
1005         if(!NT_STATUS_IS_OK(status)) {
1006                 if (open_was_deferred(req->mid)) {
1007                         /* We have re-scheduled this call, no error. */
1008                         return;
1009                 }
1010                 reply_openerror(req, status);
1011                 return;
1012         }
1013 
1014         /*
1015          * If the caller set the extended oplock request bit
1016          * and we granted one (by whatever means) - set the
1017          * correct bit for extended oplock reply.
1018          */
1019 
1020         if (oplock_request &&
1021             (lp_fake_oplocks(SNUM(conn))
1022              || EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))) {
1023 
1024                 /*
1025                  * Exclusive oplock granted
1026                  */
1027 
1028                 if (flags & REQUEST_BATCH_OPLOCK) {
1029                         oplock_granted = BATCH_OPLOCK_RETURN;
1030                 } else {
1031                         oplock_granted = EXCLUSIVE_OPLOCK_RETURN;
1032                 }
1033         } else if (fsp->oplock_type == LEVEL_II_OPLOCK) {
1034                 oplock_granted = LEVEL_II_OPLOCK_RETURN;
1035         } else {
1036                 oplock_granted = NO_OPLOCK_RETURN;
1037         }
1038 
1039         file_len = sbuf.st_size;
1040         fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
1041         if (fattr == 0) {
1042                 fattr = FILE_ATTRIBUTE_NORMAL;
1043         }
1044 
1045         /* Realloc the size of parameters and data we will return */
1046         if (flags & EXTENDED_RESPONSE_REQUIRED) {
1047                 /* Extended response is 32 more byyes. */
1048                 param_len = 101;
1049         } else {
1050                 param_len = 69;
1051         }
1052         params = nttrans_realloc(ppparams, param_len);
1053         if(params == NULL) {
1054                 reply_doserror(req, ERRDOS, ERRnomem);
1055                 return;
1056         }
1057 
1058         p = params;
1059         SCVAL(p, 0, oplock_granted);
1060 
1061         p += 2;
1062         SSVAL(p,0,fsp->fnum);
1063         p += 2;
1064         if ((create_disposition == FILE_SUPERSEDE)
1065             && (info == FILE_WAS_OVERWRITTEN)) {
1066                 SIVAL(p,0,FILE_WAS_SUPERSEDED);
1067         } else {
1068                 SIVAL(p,0,info);
1069         }
1070         p += 8;
1071 
1072         /* Create time. */
1073         c_timespec = get_create_timespec(
1074                 &sbuf,lp_fake_dir_create_times(SNUM(conn)));
1075         a_timespec = get_atimespec(&sbuf);
1076         m_timespec = get_mtimespec(&sbuf);
1077 
1078         if (lp_dos_filetime_resolution(SNUM(conn))) {
1079                 dos_filetime_timespec(&c_timespec);
1080                 dos_filetime_timespec(&a_timespec);
1081                 dos_filetime_timespec(&m_timespec);
1082         }
1083 
1084         put_long_date_timespec(conn->ts_res, p, c_timespec); /* create time. */
1085         p += 8;
1086         put_long_date_timespec(conn->ts_res, p, a_timespec); /* access time */
1087         p += 8;
1088         put_long_date_timespec(conn->ts_res, p, m_timespec); /* write time */
1089         p += 8;
1090         put_long_date_timespec(conn->ts_res, p, m_timespec); /* change time */
1091         p += 8;
1092         SIVAL(p,0,fattr); /* File Attributes. */
1093         p += 4;
1094         SOFF_T(p, 0, SMB_VFS_GET_ALLOC_SIZE(conn,fsp,&sbuf));
1095         p += 8;
1096         SOFF_T(p,0,file_len);
1097         p += 8;
1098         if (flags & EXTENDED_RESPONSE_REQUIRED) {
1099                 SSVAL(p,2,0x7);
1100         }
1101         p += 4;
1102         SCVAL(p,0,fsp->is_directory ? 1 : 0);
1103 
1104         if (flags & EXTENDED_RESPONSE_REQUIRED) {
1105                 uint32 perms = 0;
1106                 p += 25;
1107                 if (fsp->is_directory
1108                     || can_write_to_file(conn, fsp->fsp_name, &sbuf)) {
1109                         perms = FILE_GENERIC_ALL;
1110                 } else {
1111                         perms = FILE_GENERIC_READ|FILE_EXECUTE;
1112                 }
1113                 SIVAL(p,0,perms);
1114         }
1115 
1116         DEBUG(5,("call_nt_transact_create: open name = %s\n", fsp->fsp_name));
1117 
1118         /* Send the required number of replies */
1119         send_nt_replies(conn, req, NT_STATUS_OK, params, param_len, *ppdata, 0);
1120 
1121         return;
1122 }
1123 
1124 /****************************************************************************
1125  Reply to a NT CANCEL request.
1126  conn POINTER CAN BE NULL HERE !
1127 ****************************************************************************/
1128 
1129 void reply_ntcancel(struct smb_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
1130 {
1131         /*
1132          * Go through and cancel any pending change notifies.
1133          */
1134 
1135         START_PROFILE(SMBntcancel);
1136         remove_pending_change_notify_requests_by_mid(req->mid);
1137         remove_pending_lock_requests_by_mid(req->mid);
1138         srv_cancel_sign_response(req->mid, true);
1139 
1140         DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", req->mid));
1141 
1142         END_PROFILE(SMBntcancel);
1143         return;
1144 }
1145 
1146 /****************************************************************************
1147  Copy a file.
1148 ****************************************************************************/
1149 
1150 static NTSTATUS copy_internals(TALLOC_CTX *ctx,
     /* [<][>][^][v][top][bottom][index][help] */
1151                                 connection_struct *conn,
1152                                 struct smb_request *req,
1153                                 const char *oldname_in,
1154                                 const char *newname_in,
1155                                 uint32 attrs)
1156 {
1157         SMB_STRUCT_STAT sbuf1, sbuf2;
1158         char *oldname = NULL;
1159         char *newname = NULL;
1160         char *last_component_oldname = NULL;
1161         char *last_component_newname = NULL;
1162         files_struct *fsp1,*fsp2;
1163         uint32 fattr;
1164         int info;
1165         SMB_OFF_T ret=-1;
1166         NTSTATUS status = NT_STATUS_OK;
1167         char *parent;
1168 
1169         ZERO_STRUCT(sbuf1);
1170         ZERO_STRUCT(sbuf2);
1171 
1172         if (!CAN_WRITE(conn)) {
1173                 return NT_STATUS_MEDIA_WRITE_PROTECTED;
1174         }
1175 
1176         status = unix_convert(ctx, conn, oldname_in, False, &oldname,
1177                         &last_component_oldname, &sbuf1);
1178         if (!NT_STATUS_IS_OK(status)) {
1179                 return status;
1180         }
1181 
1182         status = check_name(conn, oldname);
1183         if (!NT_STATUS_IS_OK(status)) {
1184                 return status;
1185         }
1186 
1187         /* Source must already exist. */
1188         if (!VALID_STAT(sbuf1)) {
1189                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1190         }
1191         /* Ensure attributes match. */
1192         fattr = dos_mode(conn,oldname,&sbuf1);
1193         if ((fattr & ~attrs) & (aHIDDEN | aSYSTEM)) {
1194                 return NT_STATUS_NO_SUCH_FILE;
1195         }
1196 
1197         status = unix_convert(ctx, conn, newname_in, False, &newname,
1198                         &last_component_newname, &sbuf2);
1199         if (!NT_STATUS_IS_OK(status)) {
1200                 return status;
1201         }
1202 
1203         status = check_name(conn, newname);
1204         if (!NT_STATUS_IS_OK(status)) {
1205                 return status;
1206         }
1207 
1208         /* Disallow if newname already exists. */
1209         if (VALID_STAT(sbuf2)) {
1210                 return NT_STATUS_OBJECT_NAME_COLLISION;
1211         }
1212 
1213         /* No links from a directory. */
1214         if (S_ISDIR(sbuf1.st_mode)) {
1215                 return NT_STATUS_FILE_IS_A_DIRECTORY;
1216         }
1217 
1218         /* Ensure this is within the share. */
1219         status = check_reduced_name(conn, oldname);
1220         if (!NT_STATUS_IS_OK(status)) {
1221                 return status;
1222         }
1223 
1224         DEBUG(10,("copy_internals: doing file copy %s to %s\n",
1225                                 oldname, newname));
1226 
1227         status = SMB_VFS_CREATE_FILE(
1228                 conn,                                   /* conn */
1229                 req,                                    /* req */
1230                 0,                                      /* root_dir_fid */
1231                 oldname,                                /* fname */
1232                 0,                                      /* create_file_flags */
1233                 FILE_READ_DATA,                         /* access_mask */
1234                 (FILE_SHARE_READ | FILE_SHARE_WRITE |   /* share_access */
1235                     FILE_SHARE_DELETE),
1236                 FILE_OPEN,                              /* create_disposition*/
1237                 0,                                      /* create_options */
1238                 FILE_ATTRIBUTE_NORMAL,                  /* file_attributes */
1239                 NO_OPLOCK,                              /* oplock_request */
1240                 0,                                      /* allocation_size */
1241                 NULL,                                   /* sd */
1242                 NULL,                                   /* ea_list */
1243                 &fsp1,                                  /* result */
1244                 &info,                                  /* pinfo */
1245                 &sbuf1);                                /* psbuf */
1246 
1247         if (!NT_STATUS_IS_OK(status)) {
1248                 return status;
1249         }
1250 
1251         status = SMB_VFS_CREATE_FILE(
1252                 conn,                                   /* conn */
1253                 req,                                    /* req */
1254                 0,                                      /* root_dir_fid */
1255                 newname,                                /* fname */
1256                 0,                                      /* create_file_flags */
1257                 FILE_WRITE_DATA,                        /* access_mask */
1258                 (FILE_SHARE_READ | FILE_SHARE_WRITE |   /* share_access */
1259                     FILE_SHARE_DELETE),
1260                 FILE_CREATE,                            /* create_disposition*/
1261                 0,                                      /* create_options */
1262                 fattr,                                  /* file_attributes */
1263                 NO_OPLOCK,                              /* oplock_request */
1264                 0,                                      /* allocation_size */
1265                 NULL,                                   /* sd */
1266                 NULL,                                   /* ea_list */
1267                 &fsp2,                                  /* result */
1268                 &info,                                  /* pinfo */
1269                 &sbuf2);                                /* psbuf */
1270 
1271         if (!NT_STATUS_IS_OK(status)) {
1272                 close_file(NULL, fsp1, ERROR_CLOSE);
1273                 return status;
1274         }
1275 
1276         if (sbuf1.st_size) {
1277                 ret = vfs_transfer_file(fsp1, fsp2, sbuf1.st_size);
1278         }
1279 
1280         /*
1281          * As we are opening fsp1 read-only we only expect
1282          * an error on close on fsp2 if we are out of space.
1283          * Thus we don't look at the error return from the
1284          * close of fsp1.
1285          */
1286         close_file(NULL, fsp1, NORMAL_CLOSE);
1287 
1288         /* Ensure the modtime is set correctly on the destination file. */
1289         set_close_write_time(fsp2, get_mtimespec(&sbuf1));
1290 
1291         status = close_file(NULL, fsp2, NORMAL_CLOSE);
1292 
1293         /* Grrr. We have to do this as open_file_ntcreate adds aARCH when it
1294            creates the file. This isn't the correct thing to do in the copy
1295            case. JRA */
1296         if (!parent_dirname(talloc_tos(), newname, &parent, NULL)) {
1297                 return NT_STATUS_NO_MEMORY;
1298         }
1299         file_set_dosmode(conn, newname, fattr, &sbuf2, parent, false);
1300         TALLOC_FREE(parent);
1301 
1302         if (ret < (SMB_OFF_T)sbuf1.st_size) {
1303                 return NT_STATUS_DISK_FULL;
1304         }
1305 
1306         if (!NT_STATUS_IS_OK(status)) {
1307                 DEBUG(3,("copy_internals: Error %s copy file %s to %s\n",
1308                         nt_errstr(status), oldname, newname));
1309         }
1310         return status;
1311 }
1312 
1313 /****************************************************************************
1314  Reply to a NT rename request.
1315 ****************************************************************************/
1316 
1317 void reply_ntrename(struct smb_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
1318 {
1319         connection_struct *conn = req->conn;
1320         char *oldname = NULL;
1321         char *newname = NULL;
1322         const char *p;
1323         NTSTATUS status;
1324         bool src_has_wcard = False;
1325         bool dest_has_wcard = False;
1326         uint32 attrs;
1327         uint16 rename_type;
1328         TALLOC_CTX *ctx = talloc_tos();
1329 
1330         START_PROFILE(SMBntrename);
1331 
1332         if (req->wct < 4) {
1333                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1334                 END_PROFILE(SMBntrename);
1335                 return;
1336         }
1337 
1338         attrs = SVAL(req->vwv+0, 0);
1339         rename_type = SVAL(req->vwv+1, 0);
1340 
1341         p = (const char *)req->buf + 1;
1342         p += srvstr_get_path_req_wcard(ctx, req, &oldname, p, STR_TERMINATE,
1343                                        &status, &src_has_wcard);
1344         if (!NT_STATUS_IS_OK(status)) {
1345                 reply_nterror(req, status);
1346                 END_PROFILE(SMBntrename);
1347                 return;
1348         }
1349 
1350         if (ms_has_wild(oldname)) {
1351                 reply_nterror(req, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
1352                 END_PROFILE(SMBntrename);
1353                 return;
1354         }
1355 
1356         p++;
1357         p += srvstr_get_path_req_wcard(ctx, req, &newname, p, STR_TERMINATE,
1358                                        &status, &dest_has_wcard);
1359         if (!NT_STATUS_IS_OK(status)) {
1360                 reply_nterror(req, status);
1361                 END_PROFILE(SMBntrename);
1362                 return;
1363         }
1364 
1365         status = resolve_dfspath(ctx, conn,
1366                                 req->flags2 & FLAGS2_DFS_PATHNAMES,
1367                                 oldname,
1368                                 &oldname);
1369         if (!NT_STATUS_IS_OK(status)) {
1370                 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1371                         reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1372                                         ERRSRV, ERRbadpath);
1373                         END_PROFILE(SMBntrename);
1374                         return;
1375                 }
1376                 reply_nterror(req, status);
1377                 END_PROFILE(SMBntrename);
1378                 return;
1379         }
1380 
1381         status = resolve_dfspath(ctx, conn,
1382                                 req->flags2 & FLAGS2_DFS_PATHNAMES,
1383                                 newname,
1384                                 &newname);
1385         if (!NT_STATUS_IS_OK(status)) {
1386                 if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
1387                         reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
1388                                         ERRSRV, ERRbadpath);
1389                         END_PROFILE(SMBntrename);
1390                         return;
1391                 }
1392                 reply_nterror(req, status);
1393                 END_PROFILE(SMBntrename);
1394                 return;
1395         }
1396 
1397         /* The new name must begin with a ':' if the old name is a stream. */
1398         if (is_ntfs_stream_name(oldname) && (newname[0] != ':')) {
1399                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1400                 END_PROFILE(SMBntrename);
1401                 return;
1402         }
1403 
1404         DEBUG(3,("reply_ntrename : %s -> %s\n",oldname,newname));
1405 
1406         switch(rename_type) {
1407                 case RENAME_FLAG_RENAME:
1408                         status = rename_internals(ctx, conn, req, oldname,
1409                                         newname, attrs, False, src_has_wcard,
1410                                         dest_has_wcard, DELETE_ACCESS);
1411                         break;
1412                 case RENAME_FLAG_HARD_LINK:
1413                         if (src_has_wcard || dest_has_wcard) {
1414                                 /* No wildcards. */
1415                                 status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
1416                         } else {
1417                                 status = hardlink_internals(ctx,
1418                                                 conn,
1419                                                 oldname,
1420                                                 newname);
1421                         }
1422                         break;
1423                 case RENAME_FLAG_COPY:
1424                         if (src_has_wcard || dest_has_wcard) {
1425                                 /* No wildcards. */
1426                                 status = NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
1427                         } else {
1428                                 status = copy_internals(ctx, conn, req, oldname,
1429                                                         newname, attrs);
1430                         }
1431                         break;
1432                 case RENAME_FLAG_MOVE_CLUSTER_INFORMATION:
1433                         status = NT_STATUS_INVALID_PARAMETER;
1434                         break;
1435                 default:
1436                         status = NT_STATUS_ACCESS_DENIED; /* Default error. */
1437                         break;
1438         }
1439 
1440         if (!NT_STATUS_IS_OK(status)) {
1441                 if (open_was_deferred(req->mid)) {
1442                         /* We have re-scheduled this call. */
1443                         END_PROFILE(SMBntrename);
1444                         return;
1445                 }
1446 
1447                 reply_nterror(req, status);
1448                 END_PROFILE(SMBntrename);
1449                 return;
1450         }
1451 
1452         reply_outbuf(req, 0, 0);
1453 
1454         END_PROFILE(SMBntrename);
1455         return;
1456 }
1457 
1458 /****************************************************************************
1459  Reply to a notify change - queue the request and
1460  don't allow a directory to be opened.
1461 ****************************************************************************/
1462 
1463 static void call_nt_transact_notify_change(connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
1464                                            struct smb_request *req,
1465                                            uint16 **ppsetup,
1466                                            uint32 setup_count,
1467                                            char **ppparams,
1468                                            uint32 parameter_count,
1469                                            char **ppdata, uint32 data_count,
1470                                            uint32 max_data_count,
1471                                            uint32 max_param_count)
1472 {
1473         uint16 *setup = *ppsetup;
1474         files_struct *fsp;
1475         uint32 filter;
1476         NTSTATUS status;
1477         bool recursive;
1478 
1479         if(setup_count < 6) {
1480                 reply_doserror(req, ERRDOS, ERRbadfunc);
1481                 return;
1482         }
1483 
1484         fsp = file_fsp(req, SVAL(setup,4));
1485         filter = IVAL(setup, 0);
1486         recursive = (SVAL(setup, 6) != 0) ? True : False;
1487 
1488         DEBUG(3,("call_nt_transact_notify_change\n"));
1489 
1490         if(!fsp) {
1491                 reply_doserror(req, ERRDOS, ERRbadfid);
1492                 return;
1493         }
1494 
1495         {
1496                 char *filter_string;
1497 
1498                 if (!(filter_string = notify_filter_string(NULL, filter))) {
1499                         reply_nterror(req,NT_STATUS_NO_MEMORY);
1500                         return;
1501                 }
1502 
1503                 DEBUG(3,("call_nt_transact_notify_change: notify change "
1504                          "called on %s, filter = %s, recursive = %d\n",
1505                          fsp->fsp_name, filter_string, recursive));
1506 
1507                 TALLOC_FREE(filter_string);
1508         }
1509 
1510         if((!fsp->is_directory) || (conn != fsp->conn)) {
1511                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1512                 return;
1513         }
1514 
1515         if (fsp->notify == NULL) {
1516 
1517                 status = change_notify_create(fsp, filter, recursive);
1518 
1519                 if (!NT_STATUS_IS_OK(status)) {
1520                         DEBUG(10, ("change_notify_create returned %s\n",
1521                                    nt_errstr(status)));
1522                         reply_nterror(req, status);
1523                         return;
1524                 }
1525         }
1526 
1527         if (fsp->notify->num_changes != 0) {
1528 
1529                 /*
1530                  * We've got changes pending, respond immediately
1531                  */
1532 
1533                 /*
1534                  * TODO: write a torture test to check the filtering behaviour
1535                  * here.
1536                  */
1537 
1538                 change_notify_reply(fsp->conn, req, max_param_count,
1539                                     fsp->notify);
1540 
1541                 /*
1542                  * change_notify_reply() above has independently sent its
1543                  * results
1544                  */
1545                 return;
1546         }
1547 
1548         /*
1549          * No changes pending, queue the request
1550          */
1551 
1552         status = change_notify_add_request(req,
1553                         max_param_count,
1554                         filter,
1555                         recursive, fsp);
1556         if (!NT_STATUS_IS_OK(status)) {
1557                 reply_nterror(req, status);
1558         }
1559         return;
1560 }
1561 
1562 /****************************************************************************
1563  Reply to an NT transact rename command.
1564 ****************************************************************************/
1565 
1566 static void call_nt_transact_rename(connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
1567                                     struct smb_request *req,
1568                                     uint16 **ppsetup, uint32 setup_count,
1569                                     char **ppparams, uint32 parameter_count,
1570                                     char **ppdata, uint32 data_count,
1571                                     uint32 max_data_count)
1572 {
1573         char *params = *ppparams;
1574         char *new_name = NULL;
1575         files_struct *fsp = NULL;
1576         bool dest_has_wcard = False;
1577         NTSTATUS status;
1578         TALLOC_CTX *ctx = talloc_tos();
1579 
1580         if(parameter_count < 5) {
1581                 reply_doserror(req, ERRDOS, ERRbadfunc);
1582                 return;
1583         }
1584 
1585         fsp = file_fsp(req, SVAL(params, 0));
1586         if (!check_fsp(conn, req, fsp)) {
1587                 return;
1588         }
1589         srvstr_get_path_wcard(ctx, params, req->flags2, &new_name, params+4,
1590                               parameter_count - 4,
1591                               STR_TERMINATE, &status, &dest_has_wcard);
1592         if (!NT_STATUS_IS_OK(status)) {
1593                 reply_nterror(req, status);
1594                 return;
1595         }
1596 
1597         /*
1598          * W2K3 ignores this request as the RAW-RENAME test
1599          * demonstrates, so we do.
1600          */
1601         send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
1602 
1603         DEBUG(3,("nt transact rename from = %s, to = %s ignored!\n",
1604                  fsp->fsp_name, new_name));
1605 
1606         return;
1607 }
1608 
1609 /******************************************************************************
1610  Fake up a completely empty SD.
1611 *******************************************************************************/
1612 
1613 static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
     /* [<][>][^][v][top][bottom][index][help] */
1614 {
1615         size_t sd_size;
1616 
1617         *ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
1618         if(!*ppsd) {
1619                 DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
1620                 return NT_STATUS_NO_MEMORY;
1621         }
1622 
1623         return NT_STATUS_OK;
1624 }
1625 
1626 /****************************************************************************
1627  Reply to query a security descriptor.
1628 ****************************************************************************/
1629 
1630 static void call_nt_transact_query_security_desc(connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
1631                                                  struct smb_request *req,
1632                                                  uint16 **ppsetup,
1633                                                  uint32 setup_count,
1634                                                  char **ppparams,
1635                                                  uint32 parameter_count,
1636                                                  char **ppdata,
1637                                                  uint32 data_count,
1638                                                  uint32 max_data_count)
1639 {
1640         char *params = *ppparams;
1641         char *data = *ppdata;
1642         SEC_DESC *psd = NULL;
1643         size_t sd_size;
1644         uint32 security_info_wanted;
1645         files_struct *fsp = NULL;
1646         NTSTATUS status;
1647         DATA_BLOB blob;
1648 
1649         if(parameter_count < 8) {
1650                 reply_doserror(req, ERRDOS, ERRbadfunc);
1651                 return;
1652         }
1653 
1654         fsp = file_fsp(req, SVAL(params,0));
1655         if(!fsp) {
1656                 reply_doserror(req, ERRDOS, ERRbadfid);
1657                 return;
1658         }
1659 
1660         security_info_wanted = IVAL(params,4);
1661 
1662         DEBUG(3,("call_nt_transact_query_security_desc: file = %s, info_wanted = 0x%x\n", fsp->fsp_name,
1663                         (unsigned int)security_info_wanted ));
1664 
1665         params = nttrans_realloc(ppparams, 4);
1666         if(params == NULL) {
1667                 reply_doserror(req, ERRDOS, ERRnomem);
1668                 return;
1669         }
1670 
1671         /*
1672          * Get the permissions to return.
1673          */
1674 
1675         if (!lp_nt_acl_support(SNUM(conn))) {
1676                 status = get_null_nt_acl(talloc_tos(), &psd);
1677         } else {
1678                 status = SMB_VFS_FGET_NT_ACL(
1679                         fsp, security_info_wanted, &psd);
1680         }
1681         if (!NT_STATUS_IS_OK(status)) {
1682                 reply_nterror(req, status);
1683                 return;
1684         }
1685 
1686         /* If the SACL/DACL is NULL, but was requested, we mark that it is
1687          * present in the reply to match Windows behavior */
1688         if (psd->sacl == NULL &&
1689             security_info_wanted & SACL_SECURITY_INFORMATION)
1690                 psd->type |= SEC_DESC_SACL_PRESENT;
1691         if (psd->dacl == NULL &&
1692             security_info_wanted & DACL_SECURITY_INFORMATION)
1693                 psd->type |= SEC_DESC_DACL_PRESENT;
1694 
1695         sd_size = ndr_size_security_descriptor(psd, NULL, 0);
1696 
1697         DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
1698 
1699         if (DEBUGLEVEL >= 10) {
1700                 DEBUG(10,("call_nt_transact_query_security_desc for file %s\n", fsp->fsp_name));
1701                 NDR_PRINT_DEBUG(security_descriptor, psd);
1702         }
1703 
1704         SIVAL(params,0,(uint32)sd_size);
1705 
1706         if (max_data_count < sd_size) {
1707                 send_nt_replies(conn, req, NT_STATUS_BUFFER_TOO_SMALL,
1708                                 params, 4, *ppdata, 0);
1709                 return;
1710         }
1711 
1712         /*
1713          * Allocate the data we will point this at.
1714          */
1715 
1716         data = nttrans_realloc(ppdata, sd_size);
1717         if(data == NULL) {
1718                 reply_doserror(req, ERRDOS, ERRnomem);
1719                 return;
1720         }
1721 
1722         status = marshall_sec_desc(talloc_tos(), psd,
1723                                    &blob.data, &blob.length);
1724 
1725         if (!NT_STATUS_IS_OK(status)) {
1726                 reply_nterror(req, status);
1727                 return;
1728         }
1729 
1730         SMB_ASSERT(sd_size == blob.length);
1731         memcpy(data, blob.data, sd_size);
1732 
1733         send_nt_replies(conn, req, NT_STATUS_OK, params, 4, data, (int)sd_size);
1734 
1735         return;
1736 }
1737 
1738 /****************************************************************************
1739  Reply to set a security descriptor. Map to UNIX perms or POSIX ACLs.
1740 ****************************************************************************/
1741 
1742 static void call_nt_transact_set_security_desc(connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
1743                                                struct smb_request *req,
1744                                                uint16 **ppsetup,
1745                                                uint32 setup_count,
1746                                                char **ppparams,
1747                                                uint32 parameter_count,
1748                                                char **ppdata,
1749                                                uint32 data_count,
1750                                                uint32 max_data_count)
1751 {
1752         char *params= *ppparams;
1753         char *data = *ppdata;
1754         files_struct *fsp = NULL;
1755         uint32 security_info_sent = 0;
1756         NTSTATUS status;
1757 
1758         if(parameter_count < 8) {
1759                 reply_doserror(req, ERRDOS, ERRbadfunc);
1760                 return;
1761         }
1762 
1763         if((fsp = file_fsp(req, SVAL(params,0))) == NULL) {
1764                 reply_doserror(req, ERRDOS, ERRbadfid);
1765                 return;
1766         }
1767 
1768         if(!lp_nt_acl_support(SNUM(conn))) {
1769                 goto done;
1770         }
1771 
1772         security_info_sent = IVAL(params,4);
1773 
1774         DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
1775                 (unsigned int)security_info_sent ));
1776 
1777         if (data_count == 0) {
1778                 reply_doserror(req, ERRDOS, ERRnoaccess);
1779                 return;
1780         }
1781 
1782         status = set_sd(fsp, (uint8 *)data, data_count, security_info_sent);
1783 
1784         if (!NT_STATUS_IS_OK(status)) {
1785                 reply_nterror(req, status);
1786                 return;
1787         }
1788 
1789   done:
1790         send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
1791         return;
1792 }
1793 
1794 /****************************************************************************
1795  Reply to NT IOCTL
1796 ****************************************************************************/
1797 
1798 static void call_nt_transact_ioctl(connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
1799                                    struct smb_request *req,
1800                                    uint16 **ppsetup, uint32 setup_count,
1801                                    char **ppparams, uint32 parameter_count,
1802                                    char **ppdata, uint32 data_count,
1803                                    uint32 max_data_count)
1804 {
1805         uint32 function;
1806         uint16 fidnum;
1807         files_struct *fsp;
1808         uint8 isFSctl;
1809         uint8 compfilter;
1810         char *pdata = *ppdata;
1811 
1812         if (setup_count != 8) {
1813                 DEBUG(3,("call_nt_transact_ioctl: invalid setup count %d\n", setup_count));
1814                 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
1815                 return;
1816         }
1817 
1818         function = IVAL(*ppsetup, 0);
1819         fidnum = SVAL(*ppsetup, 4);
1820         isFSctl = CVAL(*ppsetup, 6);
1821         compfilter = CVAL(*ppsetup, 7);
1822 
1823         DEBUG(10,("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n", 
1824                  function, fidnum, isFSctl, compfilter));
1825 
1826         fsp=file_fsp(req, fidnum);
1827         /* this check is done in each implemented function case for now
1828            because I don't want to break anything... --metze
1829         FSP_BELONGS_CONN(fsp,conn);*/
1830 
1831         SMB_PERFCOUNT_SET_IOCTL(&req->pcd, function);
1832 
1833         switch (function) {
1834         case FSCTL_SET_SPARSE:
1835                 /* pretend this succeeded - tho strictly we should
1836                    mark the file sparse (if the local fs supports it)
1837                    so we can know if we need to pre-allocate or not */
1838 
1839                 DEBUG(10,("FSCTL_SET_SPARSE: called on FID[0x%04X](but not implemented)\n", fidnum));
1840                 send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
1841                 return;
1842 
1843         case FSCTL_CREATE_OR_GET_OBJECT_ID:
1844         {
1845                 unsigned char objid[16];
1846 
1847                 /* This should return the object-id on this file.
1848                  * I think I'll make this be the inode+dev. JRA.
1849                  */
1850 
1851                 DEBUG(10,("FSCTL_CREATE_OR_GET_OBJECT_ID: called on FID[0x%04X]\n",fidnum));
1852 
1853                 if (!fsp_belongs_conn(conn, req, fsp)) {
1854                         return;
1855                 }
1856 
1857                 data_count = 64;
1858                 pdata = nttrans_realloc(ppdata, data_count);
1859                 if (pdata == NULL) {
1860                         reply_nterror(req, NT_STATUS_NO_MEMORY);
1861                         return;
1862                 }
1863 
1864                 /* For backwards compatibility only store the dev/inode. */
1865                 push_file_id_16(pdata, &fsp->file_id);
1866                 memcpy(pdata+16,create_volume_objectid(conn,objid),16);
1867                 push_file_id_16(pdata+32, &fsp->file_id);
1868                 send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0,
1869                                 pdata, data_count);
1870                 return;
1871         }
1872 
1873         case FSCTL_GET_REPARSE_POINT:
1874                 /* pretend this fail - my winXP does it like this
1875                  * --metze
1876                  */
1877 
1878                 DEBUG(10,("FSCTL_GET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum));
1879                 reply_nterror(req, NT_STATUS_NOT_A_REPARSE_POINT);
1880                 return;
1881 
1882         case FSCTL_SET_REPARSE_POINT:
1883                 /* pretend this fail - I'm assuming this because of the FSCTL_GET_REPARSE_POINT case.
1884                  * --metze
1885                  */
1886 
1887                 DEBUG(10,("FSCTL_SET_REPARSE_POINT: called on FID[0x%04X](but not implemented)\n",fidnum));
1888                 reply_nterror(req, NT_STATUS_NOT_A_REPARSE_POINT);
1889                 return;
1890 
1891         case FSCTL_GET_SHADOW_COPY_DATA: /* don't know if this name is right...*/
1892         {
1893                 /*
1894                  * This is called to retrieve the number of Shadow Copies (a.k.a. snapshots)
1895                  * and return their volume names.  If max_data_count is 16, then it is just
1896                  * asking for the number of volumes and length of the combined names.
1897                  *
1898                  * pdata is the data allocated by our caller, but that uses
1899                  * total_data_count (which is 0 in our case) rather than max_data_count.
1900                  * Allocate the correct amount and return the pointer to let
1901                  * it be deallocated when we return.
1902                  */
1903                 SHADOW_COPY_DATA *shadow_data = NULL;
1904                 TALLOC_CTX *shadow_mem_ctx = NULL;
1905                 bool labels = False;
1906                 uint32 labels_data_count = 0;
1907                 uint32 i;
1908                 char *cur_pdata;
1909 
1910                 if (!fsp_belongs_conn(conn, req, fsp)) {
1911                         return;
1912                 }
1913 
1914                 if (max_data_count < 16) {
1915                         DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) < 16 is invalid!\n",
1916                                 max_data_count));
1917                         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
1918                         return;
1919                 }
1920 
1921                 if (max_data_count > 16) {
1922                         labels = True;
1923                 }
1924 
1925                 shadow_mem_ctx = talloc_init("SHADOW_COPY_DATA");
1926                 if (shadow_mem_ctx == NULL) {
1927                         DEBUG(0,("talloc_init(SHADOW_COPY_DATA) failed!\n"));
1928                         reply_nterror(req, NT_STATUS_NO_MEMORY);
1929                         return;
1930                 }
1931 
1932                 shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA);
1933                 if (shadow_data == NULL) {
1934                         DEBUG(0,("TALLOC_ZERO() failed!\n"));
1935                         talloc_destroy(shadow_mem_ctx);
1936                         reply_nterror(req, NT_STATUS_NO_MEMORY);
1937                         return;
1938                 }
1939 
1940                 shadow_data->mem_ctx = shadow_mem_ctx;
1941 
1942                 /*
1943                  * Call the VFS routine to actually do the work.
1944                  */
1945                 if (SMB_VFS_GET_SHADOW_COPY_DATA(fsp, shadow_data, labels)!=0) {
1946                         talloc_destroy(shadow_data->mem_ctx);
1947                         if (errno == ENOSYS) {
1948                                 DEBUG(5,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, not supported.\n", 
1949                                         conn->connectpath));
1950                                 reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
1951                                 return;
1952                         } else {
1953                                 DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: connectpath %s, failed.\n", 
1954                                         conn->connectpath));
1955                                 reply_nterror(req, NT_STATUS_UNSUCCESSFUL);
1956                                 return;
1957                         }
1958                 }
1959 
1960                 labels_data_count = (shadow_data->num_volumes*2*sizeof(SHADOW_COPY_LABEL))+2;
1961 
1962                 if (!labels) {
1963                         data_count = 16;
1964                 } else {
1965                         data_count = 12+labels_data_count+4;
1966                 }
1967 
1968                 if (max_data_count<data_count) {
1969                         DEBUG(0,("FSCTL_GET_SHADOW_COPY_DATA: max_data_count(%u) too small (%u) bytes needed!\n",
1970                                 max_data_count,data_count));
1971                         talloc_destroy(shadow_data->mem_ctx);
1972                         reply_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
1973                         return;
1974                 }
1975 
1976                 pdata = nttrans_realloc(ppdata, data_count);
1977                 if (pdata == NULL) {
1978                         talloc_destroy(shadow_data->mem_ctx);
1979                         reply_nterror(req, NT_STATUS_NO_MEMORY);
1980                         return;
1981                 }
1982 
1983                 cur_pdata = pdata;
1984 
1985                 /* num_volumes 4 bytes */
1986                 SIVAL(pdata,0,shadow_data->num_volumes);
1987 
1988                 if (labels) {
1989                         /* num_labels 4 bytes */
1990                         SIVAL(pdata,4,shadow_data->num_volumes);
1991                 }
1992 
1993                 /* needed_data_count 4 bytes */
1994                 SIVAL(pdata,8,labels_data_count);
1995 
1996                 cur_pdata+=12;
1997 
1998                 DEBUG(10,("FSCTL_GET_SHADOW_COPY_DATA: %u volumes for path[%s].\n",
1999                         shadow_data->num_volumes,fsp->fsp_name));
2000                 if (labels && shadow_data->labels) {
2001                         for (i=0;i<shadow_data->num_volumes;i++) {
2002                                 srvstr_push(pdata, req->flags2,
2003                                             cur_pdata, shadow_data->labels[i],
2004                                             2*sizeof(SHADOW_COPY_LABEL),
2005                                             STR_UNICODE|STR_TERMINATE);
2006                                 cur_pdata+=2*sizeof(SHADOW_COPY_LABEL);
2007                                 DEBUGADD(10,("Label[%u]: '%s'\n",i,shadow_data->labels[i]));
2008                         }
2009                 }
2010 
2011                 talloc_destroy(shadow_data->mem_ctx);
2012 
2013                 send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0,
2014                                 pdata, data_count);
2015 
2016                 return;
2017         }
2018 
2019         case FSCTL_FIND_FILES_BY_SID: /* I hope this name is right */
2020         {
2021                 /* pretend this succeeded -
2022                  *
2023                  * we have to send back a list with all files owned by this SID
2024                  *
2025                  * but I have to check that --metze
2026                  */
2027                 DOM_SID sid;
2028                 uid_t uid;
2029                 size_t sid_len = MIN(data_count-4,SID_MAX_SIZE);
2030 
2031                 DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum));
2032 
2033                 if (!fsp_belongs_conn(conn, req, fsp)) {
2034                         return;
2035                 }
2036 
2037                 /* unknown 4 bytes: this is not the length of the sid :-(  */
2038                 /*unknown = IVAL(pdata,0);*/
2039 
2040                 sid_parse(pdata+4,sid_len,&sid);
2041                 DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
2042 
2043                 if (!sid_to_uid(&sid, &uid)) {
2044                         DEBUG(0,("sid_to_uid: failed, sid[%s] sid_len[%lu]\n",
2045                                  sid_string_dbg(&sid),
2046                                  (unsigned long)sid_len));
2047                         uid = (-1);
2048                 }
2049 
2050                 /* we can take a look at the find source :-)
2051                  *
2052                  * find ./ -uid $uid  -name '*'   is what we need here
2053                  *
2054                  *
2055                  * and send 4bytes len and then NULL terminated unicode strings
2056                  * for each file
2057                  *
2058                  * but I don't know how to deal with the paged results
2059                  * (maybe we can hang the result anywhere in the fsp struct)
2060                  *
2061                  * we don't send all files at once
2062                  * and at the next we should *not* start from the beginning,
2063                  * so we have to cache the result
2064                  *
2065                  * --metze
2066                  */
2067 
2068                 /* this works for now... */
2069                 send_nt_replies(conn, req, NT_STATUS_OK, NULL, 0, NULL, 0);
2070                 return;
2071         }
2072         default:
2073                 if (!logged_ioctl_message) {
2074                         logged_ioctl_message = true; /* Only print this once... */
2075                         DEBUG(0,("call_nt_transact_ioctl(0x%x): Currently not implemented.\n",
2076                                  function));
2077                 }
2078         }
2079 
2080         reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
2081 }
2082 
2083 
2084 #ifdef HAVE_SYS_QUOTAS
2085 /****************************************************************************
2086  Reply to get user quota
2087 ****************************************************************************/
2088 
2089 static void call_nt_transact_get_user_quota(connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
2090                                             struct smb_request *req,
2091                                             uint16 **ppsetup,
2092                                             uint32 setup_count,
2093                                             char **ppparams,
2094                                             uint32 parameter_count,
2095                                             char **ppdata,
2096                                             uint32 data_count,
2097                                             uint32 max_data_count)
2098 {
2099         NTSTATUS nt_status = NT_STATUS_OK;
2100         char *params = *ppparams;
2101         char *pdata = *ppdata;
2102         char *entry;
2103         int data_len=0,param_len=0;
2104         int qt_len=0;
2105         int entry_len = 0;
2106         files_struct *fsp = NULL;
2107         uint16 level = 0;
2108         size_t sid_len;
2109         DOM_SID sid;
2110         bool start_enum = True;
2111         SMB_NTQUOTA_STRUCT qt;
2112         SMB_NTQUOTA_LIST *tmp_list;
2113         SMB_NTQUOTA_HANDLE *qt_handle = NULL;
2114 
2115         ZERO_STRUCT(qt);
2116 
2117         /* access check */
2118         if (conn->server_info->utok.uid != 0) {
2119                 DEBUG(1,("get_user_quota: access_denied service [%s] user "
2120                          "[%s]\n", lp_servicename(SNUM(conn)),
2121                          conn->server_info->unix_name));
2122                 reply_doserror(req, ERRDOS, ERRnoaccess);
2123                 return;
2124         }
2125 
2126         /*
2127          * Ensure minimum number of parameters sent.
2128          */
2129 
2130         if (parameter_count < 4) {
2131                 DEBUG(0,("TRANSACT_GET_USER_QUOTA: requires %d >= 4 bytes parameters\n",parameter_count));
2132                 reply_doserror(req, ERRDOS, ERRinvalidparam);
2133                 return;
2134         }
2135 
2136         /* maybe we can check the quota_fnum */
2137         fsp = file_fsp(req, SVAL(params,0));
2138         if (!check_fsp_ntquota_handle(conn, req, fsp)) {
2139                 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2140                 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
2141                 return;
2142         }
2143 
2144         /* the NULL pointer checking for fsp->fake_file_handle->pd
2145          * is done by CHECK_NTQUOTA_HANDLE_OK()
2146          */
2147         qt_handle = (SMB_NTQUOTA_HANDLE *)fsp->fake_file_handle->private_data;
2148 
2149         level = SVAL(params,2);
2150 
2151         /* unknown 12 bytes leading in params */
2152 
2153         switch (level) {
2154                 case TRANSACT_GET_USER_QUOTA_LIST_CONTINUE:
2155                         /* seems that we should continue with the enum here --metze */
2156 
2157                         if (qt_handle->quota_list!=NULL &&
2158                             qt_handle->tmp_list==NULL) {
2159 
2160                                 /* free the list */
2161                                 free_ntquota_list(&(qt_handle->quota_list));
2162 
2163                                 /* Realloc the size of parameters and data we will return */
2164                                 param_len = 4;
2165                                 params = nttrans_realloc(ppparams, param_len);
2166                                 if(params == NULL) {
2167                                         reply_doserror(req, ERRDOS, ERRnomem);
2168                                         return;
2169                                 }
2170 
2171                                 data_len = 0;
2172                                 SIVAL(params,0,data_len);
2173 
2174                                 break;
2175                         }
2176 
2177                         start_enum = False;
2178 
2179                 case TRANSACT_GET_USER_QUOTA_LIST_START:
2180 
2181                         if (qt_handle->quota_list==NULL &&
2182                                 qt_handle->tmp_list==NULL) {
2183                                 start_enum = True;
2184                         }
2185 
2186                         if (start_enum && vfs_get_user_ntquota_list(fsp,&(qt_handle->quota_list))!=0) {
2187                                 reply_doserror(req, ERRSRV, ERRerror);
2188                                 return;
2189                         }
2190 
2191                         /* Realloc the size of parameters and data we will return */
2192                         param_len = 4;
2193                         params = nttrans_realloc(ppparams, param_len);
2194                         if(params == NULL) {
2195                                 reply_doserror(req, ERRDOS, ERRnomem);
2196                                 return;
2197                         }
2198 
2199                         /* we should not trust the value in max_data_count*/
2200                         max_data_count = MIN(max_data_count,2048);
2201 
2202                         pdata = nttrans_realloc(ppdata, max_data_count);/* should be max data count from client*/
2203                         if(pdata == NULL) {
2204                                 reply_doserror(req, ERRDOS, ERRnomem);
2205                                 return;
2206                         }
2207 
2208                         entry = pdata;
2209 
2210                         /* set params Size of returned Quota Data 4 bytes*/
2211                         /* but set it later when we know it */
2212 
2213                         /* for each entry push the data */
2214 
2215                         if (start_enum) {
2216                                 qt_handle->tmp_list = qt_handle->quota_list;
2217                         }
2218 
2219                         tmp_list = qt_handle->tmp_list;
2220 
2221                         for (;((tmp_list!=NULL)&&((qt_len +40+SID_MAX_SIZE)<max_data_count));
2222                                 tmp_list=tmp_list->next,entry+=entry_len,qt_len+=entry_len) {
2223 
2224                                 sid_len = ndr_size_dom_sid(
2225                                         &tmp_list->quotas->sid, NULL, 0);
2226                                 entry_len = 40 + sid_len;
2227 
2228                                 /* nextoffset entry 4 bytes */
2229                                 SIVAL(entry,0,entry_len);
2230 
2231                                 /* then the len of the SID 4 bytes */
2232                                 SIVAL(entry,4,sid_len);
2233 
2234                                 /* unknown data 8 bytes uint64_t */
2235                                 SBIG_UINT(entry,8,(uint64_t)0); /* this is not 0 in windows...-metze*/
2236 
2237                                 /* the used disk space 8 bytes uint64_t */
2238                                 SBIG_UINT(entry,16,tmp_list->quotas->usedspace);
2239 
2240                                 /* the soft quotas 8 bytes uint64_t */
2241                                 SBIG_UINT(entry,24,tmp_list->quotas->softlim);
2242 
2243                                 /* the hard quotas 8 bytes uint64_t */
2244                                 SBIG_UINT(entry,32,tmp_list->quotas->hardlim);
2245 
2246                                 /* and now the SID */
2247                                 sid_linearize(entry+40, sid_len, &tmp_list->quotas->sid);
2248                         }
2249 
2250                         qt_handle->tmp_list = tmp_list;
2251 
2252                         /* overwrite the offset of the last entry */
2253                         SIVAL(entry-entry_len,0,0);
2254 
2255                         data_len = 4+qt_len;
2256                         /* overwrite the params quota_data_len */
2257                         SIVAL(params,0,data_len);
2258 
2259                         break;
2260 
2261                 case TRANSACT_GET_USER_QUOTA_FOR_SID:
2262 
2263                         /* unknown 4 bytes IVAL(pdata,0) */
2264 
2265                         if (data_count < 8) {
2266                                 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %d bytes data\n",data_count,8));
2267                                 reply_doserror(req, ERRDOS, ERRunknownlevel);
2268                                 return;
2269                         }
2270 
2271                         sid_len = IVAL(pdata,4);
2272                         /* Ensure this is less than 1mb. */
2273                         if (sid_len > (1024*1024)) {
2274                                 reply_doserror(req, ERRDOS, ERRnomem);
2275                                 return;
2276                         }
2277 
2278                         if (data_count < 8+sid_len) {
2279                                 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len)));
2280                                 reply_doserror(req, ERRDOS, ERRunknownlevel);
2281                                 return;
2282                         }
2283 
2284                         data_len = 4+40+sid_len;
2285 
2286                         if (max_data_count < data_len) {
2287                                 DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: max_data_count(%d) < data_len(%d)\n",
2288                                         max_data_count, data_len));
2289                                 param_len = 4;
2290                                 SIVAL(params,0,data_len);
2291                                 data_len = 0;
2292                                 nt_status = NT_STATUS_BUFFER_TOO_SMALL;
2293                                 break;
2294                         }
2295 
2296                         sid_parse(pdata+8,sid_len,&sid);
2297 
2298                         if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
2299                                 ZERO_STRUCT(qt);
2300                                 /*
2301                                  * we have to return zero's in all fields
2302                                  * instead of returning an error here
2303                                  * --metze
2304                                  */
2305                         }
2306 
2307                         /* Realloc the size of parameters and data we will return */
2308                         param_len = 4;
2309                         params = nttrans_realloc(ppparams, param_len);
2310                         if(params == NULL) {
2311                                 reply_doserror(req, ERRDOS, ERRnomem);
2312                                 return;
2313                         }
2314 
2315                         pdata = nttrans_realloc(ppdata, data_len);
2316                         if(pdata == NULL) {
2317                                 reply_doserror(req, ERRDOS, ERRnomem);
2318                                 return;
2319                         }
2320 
2321                         entry = pdata;
2322 
2323                         /* set params Size of returned Quota Data 4 bytes*/
2324                         SIVAL(params,0,data_len);
2325 
2326                         /* nextoffset entry 4 bytes */
2327                         SIVAL(entry,0,0);
2328 
2329                         /* then the len of the SID 4 bytes */
2330                         SIVAL(entry,4,sid_len);
2331 
2332                         /* unknown data 8 bytes uint64_t */
2333                         SBIG_UINT(entry,8,(uint64_t)0); /* this is not 0 in windows...-mezte*/
2334 
2335                         /* the used disk space 8 bytes uint64_t */
2336                         SBIG_UINT(entry,16,qt.usedspace);
2337 
2338                         /* the soft quotas 8 bytes uint64_t */
2339                         SBIG_UINT(entry,24,qt.softlim);
2340 
2341                         /* the hard quotas 8 bytes uint64_t */
2342                         SBIG_UINT(entry,32,qt.hardlim);
2343 
2344                         /* and now the SID */
2345                         sid_linearize(entry+40, sid_len, &sid);
2346 
2347                         break;
2348 
2349                 default:
2350                         DEBUG(0,("do_nt_transact_get_user_quota: fnum %d unknown level 0x%04hX\n",fsp->fnum,level));
2351                         reply_doserror(req, ERRSRV, ERRerror);
2352                         return;
2353                         break;
2354         }
2355 
2356         send_nt_replies(conn, req, nt_status, params, param_len,
2357                         pdata, data_len);
2358 }
2359 
2360 /****************************************************************************
2361  Reply to set user quota
2362 ****************************************************************************/
2363 
2364 static void call_nt_transact_set_user_quota(connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
2365                                             struct smb_request *req,
2366                                             uint16 **ppsetup,
2367                                             uint32 setup_count,
2368                                             char **ppparams,
2369                                             uint32 parameter_count,
2370                                             char **ppdata,
2371                                             uint32 data_count,
2372                                             uint32 max_data_count)
2373 {
2374         char *params = *ppparams;
2375         char *pdata = *ppdata;
2376         int data_len=0,param_len=0;
2377         SMB_NTQUOTA_STRUCT qt;
2378         size_t sid_len;
2379         DOM_SID sid;
2380         files_struct *fsp = NULL;
2381 
2382         ZERO_STRUCT(qt);
2383 
2384         /* access check */
2385         if (conn->server_info->utok.uid != 0) {
2386                 DEBUG(1,("set_user_quota: access_denied service [%s] user "
2387                          "[%s]\n", lp_servicename(SNUM(conn)),
2388                          conn->server_info->unix_name));
2389                 reply_doserror(req, ERRDOS, ERRnoaccess);
2390                 return;
2391         }
2392 
2393         /*
2394          * Ensure minimum number of parameters sent.
2395          */
2396 
2397         if (parameter_count < 2) {
2398                 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= 2 bytes parameters\n",parameter_count));
2399                 reply_doserror(req, ERRDOS, ERRinvalidparam);
2400                 return;
2401         }
2402 
2403         /* maybe we can check the quota_fnum */
2404         fsp = file_fsp(req, SVAL(params,0));
2405         if (!check_fsp_ntquota_handle(conn, req, fsp)) {
2406                 DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
2407                 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
2408                 return;
2409         }
2410 
2411         if (data_count < 40) {
2412                 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %d bytes data\n",data_count,40));
2413                 reply_doserror(req, ERRDOS, ERRunknownlevel);
2414                 return;
2415         }
2416 
2417         /* offset to next quota record.
2418          * 4 bytes IVAL(pdata,0)
2419          * unused here...
2420          */
2421 
2422         /* sid len */
2423         sid_len = IVAL(pdata,4);
2424 
2425         if (data_count < 40+sid_len) {
2426                 DEBUG(0,("TRANSACT_SET_USER_QUOTA: requires %d >= %lu bytes data\n",data_count,(unsigned long)40+sid_len));
2427                 reply_doserror(req, ERRDOS, ERRunknownlevel);
2428                 return;
2429         }
2430 
2431         /* unknown 8 bytes in pdata
2432          * maybe its the change time in NTTIME
2433          */
2434 
2435         /* the used space 8 bytes (uint64_t)*/
2436         qt.usedspace = (uint64_t)IVAL(pdata,16);
2437 #ifdef LARGE_SMB_OFF_T
2438         qt.usedspace |= (((uint64_t)IVAL(pdata,20)) << 32);
2439 #else /* LARGE_SMB_OFF_T */
2440         if ((IVAL(pdata,20) != 0)&&
2441                 ((qt.usedspace != 0xFFFFFFFF)||
2442                 (IVAL(pdata,20)!=0xFFFFFFFF))) {
2443                 /* more than 32 bits? */
2444                 reply_doserror(req, ERRDOS, ERRunknownlevel);
2445                 return;
2446         }
2447 #endif /* LARGE_SMB_OFF_T */
2448 
2449         /* the soft quotas 8 bytes (uint64_t)*/
2450         qt.softlim = (uint64_t)IVAL(pdata,24);
2451 #ifdef LARGE_SMB_OFF_T
2452         qt.softlim |= (((uint64_t)IVAL(pdata,28)) << 32);
2453 #else /* LARGE_SMB_OFF_T */
2454         if ((IVAL(pdata,28) != 0)&&
2455                 ((qt.softlim != 0xFFFFFFFF)||
2456                 (IVAL(pdata,28)!=0xFFFFFFFF))) {
2457                 /* more than 32 bits? */
2458                 reply_doserror(req, ERRDOS, ERRunknownlevel);
2459                 return;
2460         }
2461 #endif /* LARGE_SMB_OFF_T */
2462 
2463         /* the hard quotas 8 bytes (uint64_t)*/
2464         qt.hardlim = (uint64_t)IVAL(pdata,32);
2465 #ifdef LARGE_SMB_OFF_T
2466         qt.hardlim |= (((uint64_t)IVAL(pdata,36)) << 32);
2467 #else /* LARGE_SMB_OFF_T */
2468         if ((IVAL(pdata,36) != 0)&&
2469                 ((qt.hardlim != 0xFFFFFFFF)||
2470                 (IVAL(pdata,36)!=0xFFFFFFFF))) {
2471                 /* more than 32 bits? */
2472                 reply_doserror(req, ERRDOS, ERRunknownlevel);
2473                 return;
2474         }
2475 #endif /* LARGE_SMB_OFF_T */
2476 
2477         sid_parse(pdata+40,sid_len,&sid);
2478         DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid)));
2479 
2480         /* 44 unknown bytes left... */
2481 
2482         if (vfs_set_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
2483                 reply_doserror(req, ERRSRV, ERRerror);
2484                 return;
2485         }
2486 
2487         send_nt_replies(conn, req, NT_STATUS_OK, params, param_len,
2488                         pdata, data_len);
2489 }
2490 #endif /* HAVE_SYS_QUOTAS */
2491 
2492 static void handle_nttrans(connection_struct *conn,
     /* [<][>][^][v][top][bottom][index][help] */
2493                            struct trans_state *state,
2494                            struct smb_request *req)
2495 {
2496         if (Protocol >= PROTOCOL_NT1) {
2497                 req->flags2 |= 0x40; /* IS_LONG_NAME */
2498                 SSVAL(req->inbuf,smb_flg2,req->flags2);
2499         }
2500 
2501 
2502         SMB_PERFCOUNT_SET_SUBOP(&req->pcd, state->call);
2503 
2504         /* Now we must call the relevant NT_TRANS function */
2505         switch(state->call) {
2506                 case NT_TRANSACT_CREATE:
2507                 {
2508                         START_PROFILE(NT_transact_create);
2509                         call_nt_transact_create(
2510                                 conn, req,
2511                                 &state->setup, state->setup_count,
2512                                 &state->param, state->total_param,
2513                                 &state->data, state->total_data,
2514                                 state->max_data_return);
2515                         END_PROFILE(NT_transact_create);
2516                         break;
2517                 }
2518 
2519                 case NT_TRANSACT_IOCTL:
2520                 {
2521                         START_PROFILE(NT_transact_ioctl);
2522                         call_nt_transact_ioctl(
2523                                 conn, req,
2524                                 &state->setup, state->setup_count,
2525                                 &state->param, state->total_param,
2526                                 &state->data, state->total_data,
2527                                 state->max_data_return);
2528                         END_PROFILE(NT_transact_ioctl);
2529                         break;
2530                 }
2531 
2532                 case NT_TRANSACT_SET_SECURITY_DESC:
2533                 {
2534                         START_PROFILE(NT_transact_set_security_desc);
2535                         call_nt_transact_set_security_desc(
2536                                 conn, req,
2537                                 &state->setup, state->setup_count,
2538                                 &state->param, state->total_param,
2539                                 &state->data, state->total_data,
2540                                 state->max_data_return);
2541                         END_PROFILE(NT_transact_set_security_desc);
2542                         break;
2543                 }
2544 
2545                 case NT_TRANSACT_NOTIFY_CHANGE:
2546                 {
2547                         START_PROFILE(NT_transact_notify_change);
2548                         call_nt_transact_notify_change(
2549                                 conn, req,
2550                                 &state->setup, state->setup_count,
2551                                 &state->param, state->total_param,
2552                                 &state->data, state->total_data,
2553                                 state->max_data_return,
2554                                 state->max_param_return);
2555                         END_PROFILE(NT_transact_notify_change);
2556                         break;
2557                 }
2558 
2559                 case NT_TRANSACT_RENAME:
2560                 {
2561                         START_PROFILE(NT_transact_rename);
2562                         call_nt_transact_rename(
2563                                 conn, req,
2564                                 &state->setup, state->setup_count,
2565                                 &state->param, state->total_param,
2566                                 &state->data, state->total_data,
2567                                 state->max_data_return);
2568                         END_PROFILE(NT_transact_rename);
2569                         break;
2570                 }
2571 
2572                 case NT_TRANSACT_QUERY_SECURITY_DESC:
2573                 {
2574                         START_PROFILE(NT_transact_query_security_desc);
2575                         call_nt_transact_query_security_desc(
2576                                 conn, req,
2577                                 &state->setup, state->setup_count,
2578                                 &state->param, state->total_param,
2579                                 &state->data, state->total_data,
2580                                 state->max_data_return);
2581                         END_PROFILE(NT_transact_query_security_desc);
2582                         break;
2583                 }
2584 
2585 #ifdef HAVE_SYS_QUOTAS
2586                 case NT_TRANSACT_GET_USER_QUOTA:
2587                 {
2588                         START_PROFILE(NT_transact_get_user_quota);
2589                         call_nt_transact_get_user_quota(
2590                                 conn, req,
2591                                 &state->setup, state->setup_count,
2592                                 &state->param, state->total_param,
2593                                 &state->data, state->total_data,
2594                                 state->max_data_return);
2595                         END_PROFILE(NT_transact_get_user_quota);
2596                         break;
2597                 }
2598 
2599                 case NT_TRANSACT_SET_USER_QUOTA:
2600                 {
2601                         START_PROFILE(NT_transact_set_user_quota);
2602                         call_nt_transact_set_user_quota(
2603                                 conn, req,
2604                                 &state->setup, state->setup_count,
2605                                 &state->param, state->total_param,
2606                                 &state->data, state->total_data,
2607                                 state->max_data_return);
2608                         END_PROFILE(NT_transact_set_user_quota);
2609                         break;
2610                 }
2611 #endif /* HAVE_SYS_QUOTAS */
2612 
2613                 default:
2614                         /* Error in request */
2615                         DEBUG(0,("handle_nttrans: Unknown request %d in "
2616                                  "nttrans call\n", state->call));
2617                         reply_doserror(req, ERRSRV, ERRerror);
2618                         return;
2619         }
2620         return;
2621 }
2622 
2623 /****************************************************************************
2624  Reply to a SMBNTtrans.
2625 ****************************************************************************/
2626 
2627 void reply_nttrans(struct smb_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
2628 {
2629         connection_struct *conn = req->conn;
2630         uint32_t pscnt;
2631         uint32_t psoff;
2632         uint32_t dscnt;
2633         uint32_t dsoff;
2634         uint16 function_code;
2635         NTSTATUS result;
2636         struct trans_state *state;
2637 
2638         START_PROFILE(SMBnttrans);
2639 
2640         if (req->wct < 19) {
2641                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2642                 END_PROFILE(SMBnttrans);
2643                 return;
2644         }
2645 
2646         pscnt = IVAL(req->vwv+9, 1);
2647         psoff = IVAL(req->vwv+11, 1);
2648         dscnt = IVAL(req->vwv+13, 1);
2649         dsoff = IVAL(req->vwv+15, 1);
2650         function_code = SVAL(req->vwv+18, 0);
2651 
2652         if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
2653                 reply_doserror(req, ERRSRV, ERRaccess);
2654                 END_PROFILE(SMBnttrans);
2655                 return;
2656         }
2657 
2658         result = allow_new_trans(conn->pending_trans, req->mid);
2659         if (!NT_STATUS_IS_OK(result)) {
2660                 DEBUG(2, ("Got invalid nttrans request: %s\n", nt_errstr(result)));
2661                 reply_nterror(req, result);
2662                 END_PROFILE(SMBnttrans);
2663                 return;
2664         }
2665 
2666         if ((state = TALLOC_P(conn, struct trans_state)) == NULL) {
2667                 reply_doserror(req, ERRSRV, ERRaccess);
2668                 END_PROFILE(SMBnttrans);
2669                 return;
2670         }
2671 
2672         state->cmd = SMBnttrans;
2673 
2674         state->mid = req->mid;
2675         state->vuid = req->vuid;
2676         state->total_data = IVAL(req->vwv+3, 1);
2677         state->data = NULL;
2678         state->total_param = IVAL(req->vwv+1, 1);
2679         state->param = NULL;
2680         state->max_data_return = IVAL(req->vwv+7, 1);
2681         state->max_param_return = IVAL(req->vwv+5, 1);
2682 
2683         /* setup count is in *words* */
2684         state->setup_count = 2*CVAL(req->vwv+17, 1);
2685         state->setup = NULL;
2686         state->call = function_code;
2687 
2688         DEBUG(10, ("num_setup=%u, "
2689                    "param_total=%u, this_param=%u, max_param=%u, "
2690                    "data_total=%u, this_data=%u, max_data=%u, "
2691                    "param_offset=%u, data_offset=%u\n",
2692                    (unsigned)state->setup_count,
2693                    (unsigned)state->total_param, (unsigned)pscnt,
2694                    (unsigned)state->max_param_return,
2695                    (unsigned)state->total_data, (unsigned)dscnt,
2696                    (unsigned)state->max_data_return,
2697                    (unsigned)psoff, (unsigned)dsoff));
2698 
2699         /*
2700          * All nttrans messages we handle have smb_wct == 19 +
2701          * state->setup_count.  Ensure this is so as a sanity check.
2702          */
2703 
2704         if(req->wct != 19 + (state->setup_count/2)) {
2705                 DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
2706                          req->wct, 19 + (state->setup_count/2)));
2707                 goto bad_param;
2708         }
2709 
2710         /* Don't allow more than 128mb for each value. */
2711         if ((state->total_data > (1024*1024*128)) ||
2712             (state->total_param > (1024*1024*128))) {
2713                 reply_doserror(req, ERRDOS, ERRnomem);
2714                 END_PROFILE(SMBnttrans);
2715                 return;
2716         }
2717 
2718         if ((dscnt > state->total_data) || (pscnt > state->total_param))
2719                 goto bad_param;
2720 
2721         if (state->total_data)  {
2722 
2723                 if (trans_oob(state->total_data, 0, dscnt)
2724                     || trans_oob(smb_len(req->inbuf), dsoff, dscnt)) {
2725                         goto bad_param;
2726                 }
2727 
2728                 /* Can't use talloc here, the core routines do realloc on the
2729                  * params and data. */
2730                 if ((state->data = (char *)SMB_MALLOC(state->total_data)) == NULL) {
2731                         DEBUG(0,("reply_nttrans: data malloc fail for %u "
2732                                  "bytes !\n", (unsigned int)state->total_data));
2733                         TALLOC_FREE(state);
2734                         reply_doserror(req, ERRDOS, ERRnomem);
2735                         END_PROFILE(SMBnttrans);
2736                         return;
2737                 }
2738 
2739                 memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt);
2740         }
2741 
2742         if (state->total_param) {
2743 
2744                 if (trans_oob(state->total_param, 0, pscnt)
2745                     || trans_oob(smb_len(req->inbuf), psoff, pscnt)) {
2746                         goto bad_param;
2747                 }
2748 
2749                 /* Can't use talloc here, the core routines do realloc on the
2750                  * params and data. */
2751                 if ((state->param = (char *)SMB_MALLOC(state->total_param)) == NULL) {
2752                         DEBUG(0,("reply_nttrans: param malloc fail for %u "
2753                                  "bytes !\n", (unsigned int)state->total_param));
2754                         SAFE_FREE(state->data);
2755                         TALLOC_FREE(state);
2756                         reply_doserror(req, ERRDOS, ERRnomem);
2757                         END_PROFILE(SMBnttrans);
2758                         return;
2759                 }
2760 
2761                 memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt);
2762         }
2763 
2764         state->received_data  = dscnt;
2765         state->received_param = pscnt;
2766 
2767         if(state->setup_count > 0) {
2768                 DEBUG(10,("reply_nttrans: state->setup_count = %d\n",
2769                           state->setup_count));
2770 
2771                 /*
2772                  * No overflow possible here, state->setup_count is an
2773                  * unsigned int, being filled by a single byte from
2774                  * CVAL(req->vwv+13, 0) above. The cast in the comparison
2775                  * below is not necessary, it's here to clarify things. The
2776                  * validity of req->vwv and req->wct has been checked in
2777                  * init_smb_request already.
2778                  */
2779                 if ((state->setup_count/2) + 19 > (unsigned int)req->wct) {
2780                         goto bad_param;
2781                 }
2782 
2783                 state->setup = (uint16 *)TALLOC(state, state->setup_count);
2784                 if (state->setup == NULL) {
2785                         DEBUG(0,("reply_nttrans : Out of memory\n"));
2786                         SAFE_FREE(state->data);
2787                         SAFE_FREE(state->param);
2788                         TALLOC_FREE(state);
2789                         reply_doserror(req, ERRDOS, ERRnomem);
2790                         END_PROFILE(SMBnttrans);
2791                         return;
2792                 }
2793 
2794                 memcpy(state->setup, req->vwv+19, state->setup_count);
2795                 dump_data(10, (uint8 *)state->setup, state->setup_count);
2796         }
2797 
2798         if ((state->received_data == state->total_data) &&
2799             (state->received_param == state->total_param)) {
2800                 handle_nttrans(conn, state, req);
2801                 SAFE_FREE(state->param);
2802                 SAFE_FREE(state->data);
2803                 TALLOC_FREE(state);
2804                 END_PROFILE(SMBnttrans);
2805                 return;
2806         }
2807 
2808         DLIST_ADD(conn->pending_trans, state);
2809 
2810         /* We need to send an interim response then receive the rest
2811            of the parameter/data bytes */
2812         reply_outbuf(req, 0, 0);
2813         show_msg((char *)req->outbuf);
2814         END_PROFILE(SMBnttrans);
2815         return;
2816 
2817   bad_param:
2818 
2819         DEBUG(0,("reply_nttrans: invalid trans parameters\n"));
2820         SAFE_FREE(state->data);
2821         SAFE_FREE(state->param);
2822         TALLOC_FREE(state);
2823         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2824         END_PROFILE(SMBnttrans);
2825         return;
2826 }
2827 
2828 /****************************************************************************
2829  Reply to a SMBnttranss
2830  ****************************************************************************/
2831 
2832 void reply_nttranss(struct smb_request *req)
     /* [<][>][^][v][top][bottom][index][help] */
2833 {
2834         connection_struct *conn = req->conn;
2835         uint32_t pcnt,poff,dcnt,doff,pdisp,ddisp;
2836         struct trans_state *state;
2837 
2838         START_PROFILE(SMBnttranss);
2839 
2840         show_msg((char *)req->inbuf);
2841 
2842         if (req->wct < 18) {
2843                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2844                 END_PROFILE(SMBnttranss);
2845                 return;
2846         }
2847 
2848         for (state = conn->pending_trans; state != NULL;
2849              state = state->next) {
2850                 if (state->mid == req->mid) {
2851                         break;
2852                 }
2853         }
2854 
2855         if ((state == NULL) || (state->cmd != SMBnttrans)) {
2856                 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2857                 END_PROFILE(SMBnttranss);
2858                 return;
2859         }
2860 
2861         /* Revise state->total_param and state->total_data in case they have
2862            changed downwards */
2863         if (IVAL(req->vwv+1, 1) < state->total_param) {
2864                 state->total_param = IVAL(req->vwv+1, 1);
2865         }
2866         if (IVAL(req->vwv+3, 1) < state->total_data) {
2867                 state->total_data = IVAL(req->vwv+3, 1);
2868         }
2869 
2870         pcnt = IVAL(req->vwv+5, 1);
2871         poff = IVAL(req->vwv+7, 1);
2872         pdisp = IVAL(req->vwv+9, 1);
2873 
2874         dcnt = IVAL(req->vwv+11, 1);
2875         doff = IVAL(req->vwv+13, 1);
2876         ddisp = IVAL(req->vwv+15, 1);
2877 
2878         state->received_param += pcnt;
2879         state->received_data += dcnt;
2880 
2881         if ((state->received_data > state->total_data) ||
2882             (state->received_param > state->total_param))
2883                 goto bad_param;
2884 
2885         if (pcnt) {
2886                 if (trans_oob(state->total_param, pdisp, pcnt)
2887                     || trans_oob(smb_len(req->inbuf), poff, pcnt)) {
2888                         goto bad_param;
2889                 }
2890                 memcpy(state->param+pdisp, smb_base(req->inbuf)+poff,pcnt);
2891         }
2892 
2893         if (dcnt) {
2894                 if (trans_oob(state->total_data, ddisp, dcnt)
2895                     || trans_oob(smb_len(req->inbuf), doff, dcnt)) {
2896                         goto bad_param;
2897                 }
2898                 memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt);
2899         }
2900 
2901         if ((state->received_param < state->total_param) ||
2902             (state->received_data < state->total_data)) {
2903                 END_PROFILE(SMBnttranss);
2904                 return;
2905         }
2906 
2907         handle_nttrans(conn, state, req);
2908 
2909         DLIST_REMOVE(conn->pending_trans, state);
2910         SAFE_FREE(state->data);
2911         SAFE_FREE(state->param);
2912         TALLOC_FREE(state);
2913         END_PROFILE(SMBnttranss);
2914         return;
2915 
2916   bad_param:
2917 
2918         DEBUG(0,("reply_nttranss: invalid trans parameters\n"));
2919         DLIST_REMOVE(conn->pending_trans, state);
2920         SAFE_FREE(state->data);
2921         SAFE_FREE(state->param);
2922         TALLOC_FREE(state);
2923         reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
2924         END_PROFILE(SMBnttranss);
2925         return;
2926 }

/* [<][>][^][v][top][bottom][index][help] */