Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2886 lines
82 KiB

  1. /*++
  2. Copyright (c) 1989 Microsoft Corporation
  3. Module Name:
  4. smbfile.c
  5. Abstract:
  6. This module implements file-control SMB processors:
  7. Flush
  8. Delete
  9. Rename
  10. Move
  11. Copy
  12. Author:
  13. David Treadwell (davidtr) 15-Dec-1989
  14. Revision History:
  15. --*/
  16. #include "precomp.h"
  17. #include "smbfile.tmh"
  18. #pragma hdrstop
  19. #define BugCheckFileId SRV_FILE_SMBFILE
  20. //
  21. // Forward declarations
  22. //
  23. VOID SRVFASTCALL
  24. BlockingDelete (
  25. IN OUT PWORK_CONTEXT WorkContext
  26. );
  27. VOID SRVFASTCALL
  28. BlockingMove (
  29. IN OUT PWORK_CONTEXT WorkContext
  30. );
  31. VOID SRVFASTCALL
  32. BlockingRename (
  33. IN OUT PWORK_CONTEXT WorkContext
  34. );
  35. NTSTATUS
  36. DoDelete (
  37. IN PUNICODE_STRING FullFileName,
  38. IN PUNICODE_STRING RelativeFileName,
  39. IN PWORK_CONTEXT WorkContext,
  40. IN USHORT SmbSearchAttributes,
  41. IN PSHARE Share
  42. );
  43. NTSTATUS
  44. FindAndFlushFile (
  45. IN PWORK_CONTEXT WorkContext
  46. );
  47. VOID SRVFASTCALL
  48. RestartFlush (
  49. IN OUT PWORK_CONTEXT WorkContext
  50. );
  51. NTSTATUS
  52. StartFlush (
  53. IN PWORK_CONTEXT WorkContext,
  54. IN PRFCB Rfcb
  55. );
  56. #ifdef ALLOC_PRAGMA
  57. #pragma alloc_text( PAGE, SrvSmbFlush )
  58. #pragma alloc_text( PAGE, RestartFlush )
  59. #pragma alloc_text( PAGE, StartFlush )
  60. #pragma alloc_text( PAGE, SrvSmbDelete )
  61. #pragma alloc_text( PAGE, BlockingDelete )
  62. #pragma alloc_text( PAGE, DoDelete )
  63. #pragma alloc_text( PAGE, SrvSmbRename )
  64. #pragma alloc_text( PAGE, BlockingRename )
  65. #pragma alloc_text( PAGE, SrvSmbMove )
  66. #pragma alloc_text( PAGE, BlockingMove )
  67. #pragma alloc_text( PAGE, SrvSmbNtRename )
  68. #endif
  69. #if 0
  70. #pragma alloc_text( PAGECONN, FindAndFlushFile )
  71. #endif
  72. SMB_PROCESSOR_RETURN_TYPE
  73. SrvSmbFlush (
  74. SMB_PROCESSOR_PARAMETERS
  75. )
  76. /*++
  77. Routine Description:
  78. This routine processes the Flush SMB. It ensures that all data and
  79. allocation information for the specified file has been written out
  80. before the response is sent.
  81. Arguments:
  82. SMB_PROCESSOR_PARAMETERS - See smbtypes.h for a description
  83. of the parameters to SMB processor routines.
  84. Return Value:
  85. SMB_PROCESSOR_RETURN_TYPE - See smbtypes.h
  86. --*/
  87. {
  88. PREQ_FLUSH request;
  89. PRESP_FLUSH response;
  90. NTSTATUS status = STATUS_SUCCESS;
  91. SMB_STATUS SmbStatus = SmbStatusInProgress;
  92. PRFCB rfcb;
  93. PAGED_CODE( );
  94. if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT)
  95. WorkContext->PreviousSMB = EVENT_TYPE_SMB_FLUSH;
  96. SrvWmiStartContext(WorkContext);
  97. request = (PREQ_FLUSH)WorkContext->RequestParameters;
  98. response = (PRESP_FLUSH)WorkContext->ResponseParameters;
  99. IF_SMB_DEBUG(FILE_CONTROL1) {
  100. KdPrint(( "Flush request; FID 0x%lx\n",
  101. SmbGetUshort( &request->Fid ) ));
  102. }
  103. //
  104. // If a FID was specified, flush just that file. If FID == -1,
  105. // then flush all files corresponding to the PID passed in the
  106. // SMB header.
  107. //
  108. if ( SmbGetUshort( &request->Fid ) == (USHORT)0xFFFF ) {
  109. //
  110. // Find a single file to flush and flush it. We'll start one
  111. // flush here, then RestartFlush will handle flushing the rest
  112. // of the files.
  113. //
  114. WorkContext->Parameters.CurrentTableIndex = 0;
  115. status = FindAndFlushFile( WorkContext );
  116. if ( status == STATUS_NO_MORE_FILES ) {
  117. //
  118. // There were no files that needed to be flushed. Build and
  119. // send a response SMB.
  120. //
  121. response->WordCount = 0;
  122. SmbPutUshort( &response->ByteCount, 0 );
  123. WorkContext->ResponseParameters =
  124. NEXT_LOCATION( response, RESP_FLUSH, 0 );
  125. SmbStatus = SmbStatusSendResponse;
  126. goto Cleanup;
  127. }
  128. SmbStatus = SmbStatusInProgress;
  129. goto Cleanup;
  130. }
  131. //
  132. // Flush of a specific file. Verify the FID. If verified, the
  133. // RFCB block is referenced and its address is stored in the
  134. // WorkContext block, and the RFCB address is returned.
  135. //
  136. rfcb = SrvVerifyFid(
  137. WorkContext,
  138. SmbGetUshort( &request->Fid ),
  139. TRUE,
  140. SrvRestartSmbReceived, // serialize with raw write
  141. &status
  142. );
  143. if ( rfcb == SRV_INVALID_RFCB_POINTER ) {
  144. if ( !NT_SUCCESS( status ) ) {
  145. //
  146. // Invalid file ID or write behind error. Reject the request.
  147. //
  148. IF_DEBUG(ERRORS) {
  149. KdPrint((
  150. "SrvSmbFlush: Status %X on FID: 0x%lx\n",
  151. status,
  152. SmbGetUshort( &request->Fid )
  153. ));
  154. }
  155. SrvSetSmbError( WorkContext, status );
  156. SmbStatus = SmbStatusSendResponse;
  157. goto Cleanup;
  158. }
  159. //
  160. // The work item has been queued because a raw write is in
  161. // progress.
  162. //
  163. SmbStatus = SmbStatusInProgress;
  164. goto Cleanup;
  165. }
  166. //
  167. // Set the CurrentTableIndex field of the work context block to
  168. // NULL so that the restart routine will know that only a single
  169. // file is to be flushed.
  170. //
  171. WorkContext->Parameters.CurrentTableIndex = -1;
  172. IF_SMB_DEBUG(FILE_CONTROL2) {
  173. KdPrint(( "Flushing buffers for FID %lx, RFCB %p\n", rfcb->Fid, rfcb ));
  174. }
  175. //
  176. // Start the flush operation on the file corresponding to the RFCB.
  177. //
  178. status = StartFlush( WorkContext, rfcb );
  179. if ( !NT_SUCCESS(status) ) {
  180. //
  181. // Unable to start the I/O. Clean up the I/O request. Return
  182. // an error to the client.
  183. //
  184. SrvSetSmbError( WorkContext, status );
  185. SmbStatus = SmbStatusSendResponse;
  186. goto Cleanup;
  187. }
  188. //
  189. // The flush request was successfully started. Return the InProgress
  190. // status to the caller, indicating that the caller should do
  191. // nothing further with the SMB/WorkContext at the present time.
  192. //
  193. SmbStatus = SmbStatusInProgress;
  194. IF_DEBUG(TRACE2) KdPrint(( "SrvSmbFlush complete\n" ));
  195. Cleanup:
  196. SrvWmiEndContext(WorkContext);
  197. return SmbStatus;
  198. } // SrvSmbFlush
  199. NTSTATUS
  200. FindAndFlushFile (
  201. IN PWORK_CONTEXT WorkContext
  202. )
  203. {
  204. NTSTATUS status;
  205. LONG currentTableIndex;
  206. PRFCB rfcb;
  207. USHORT pid = SmbGetAlignedUshort( &WorkContext->RequestHeader->Pid );
  208. PCONNECTION connection = WorkContext->Connection;
  209. PTABLE_HEADER tableHeader;
  210. KIRQL oldIrql;
  211. //UNLOCKABLE_CODE( CONN );
  212. IF_SMB_DEBUG(FILE_CONTROL1) {
  213. KdPrint(( "Flush FID == -1; flush all files for PID %lx\n", pid ));
  214. }
  215. //
  216. // Walk the connection's file table, looking an RFCB with a PID
  217. // equal to the PID passed in the SMB header.
  218. //
  219. // Acquire the lock that protects the connection's file table.
  220. // This prevents an RFCB from going away between when we find a
  221. // pointer to it and when we reference it.
  222. //
  223. tableHeader = &connection->FileTable;
  224. ACQUIRE_SPIN_LOCK( &connection->SpinLock, &oldIrql );
  225. for ( currentTableIndex = WorkContext->Parameters.CurrentTableIndex;
  226. currentTableIndex < (LONG)tableHeader->TableSize;
  227. currentTableIndex++ ) {
  228. rfcb = tableHeader->Table[currentTableIndex].Owner;
  229. IF_SMB_DEBUG(FILE_CONTROL1) {
  230. KdPrint(( "Looking at RFCB %p, PID %lx, FID %lx\n",
  231. rfcb, rfcb != NULL ? rfcb->Pid : 0,
  232. rfcb != NULL ? rfcb->Fid : 0 ));
  233. }
  234. if ( rfcb == NULL || rfcb->Pid != pid ) {
  235. continue;
  236. }
  237. //
  238. // Reference the rfcb if it is active.
  239. //
  240. if ( GET_BLOCK_STATE(rfcb) != BlockStateActive ) {
  241. continue;
  242. }
  243. rfcb->BlockHeader.ReferenceCount++;
  244. //
  245. // Now that the RFCB has been referenced, we can safely
  246. // release the lock that protects the connection's file
  247. // table.
  248. //
  249. RELEASE_SPIN_LOCK( &connection->SpinLock, oldIrql );
  250. WorkContext->Rfcb = rfcb;
  251. //
  252. // Mark the rfcb as active
  253. //
  254. rfcb->IsActive = TRUE;
  255. //
  256. // Set the CurrentTableIndex field of the work context
  257. // block so that the restart routine knows where to
  258. // continue looking for RFCBs to flush.
  259. //
  260. WorkContext->Parameters.CurrentTableIndex = currentTableIndex;
  261. IF_SMB_DEBUG(FILE_CONTROL2) {
  262. KdPrint(( "Flushing buffers for FID %lx, RFCB %p\n",
  263. rfcb->Fid, rfcb ));
  264. }
  265. //
  266. // Start the I/O to flush the file.
  267. //
  268. status = StartFlush( WorkContext, rfcb );
  269. //
  270. // If there was an access violation or some other error,
  271. // simply continue walking through the file table.
  272. // We ignore these errors for flush with FID=-1.
  273. //
  274. // Note that StartFlush only returns an error if the IO
  275. // operation *was*not* started. If the operation was
  276. // started, then errors will be processed in this routine
  277. // when it is called later by IoCompleteRequest.
  278. //
  279. if ( status != STATUS_PENDING ) {
  280. SrvDereferenceRfcb( rfcb );
  281. WorkContext->Rfcb = NULL;
  282. ACQUIRE_SPIN_LOCK( &connection->SpinLock, &oldIrql );
  283. continue;
  284. }
  285. //
  286. // The flush request has been started.
  287. //
  288. IF_DEBUG(TRACE2) KdPrint(( "RestartFlush complete\n" ));
  289. return STATUS_SUCCESS;
  290. } // for ( ; ; ) (walk file table)
  291. RELEASE_SPIN_LOCK( &connection->SpinLock, oldIrql );
  292. return STATUS_NO_MORE_FILES;
  293. } // FindAndFlushFile
  294. VOID SRVFASTCALL
  295. RestartFlush (
  296. IN OUT PWORK_CONTEXT WorkContext
  297. )
  298. /*++
  299. Routine Description:
  300. Processes flush completion.
  301. Arguments:
  302. WorkContext - Supplies a pointer to the work context block
  303. describing server-specific context for the request.
  304. Return Value:
  305. None.
  306. --*/
  307. {
  308. NTSTATUS status = STATUS_SUCCESS;
  309. PRESP_FLUSH response;
  310. PAGED_CODE( );
  311. if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT)
  312. WorkContext->PreviousSMB = EVENT_TYPE_SMB_FLUSH;
  313. SrvWmiStartContext(WorkContext);
  314. IF_DEBUG(WORKER1) KdPrint(( " - RestartFlush\n" ));
  315. response = (PRESP_FLUSH)WorkContext->ResponseParameters;
  316. //
  317. // If the flush request failed, set an error status in the response
  318. // header.
  319. //
  320. status = WorkContext->Irp->IoStatus.Status;
  321. //
  322. // If an error occurred during processing of the flush, return the
  323. // error to the client. No more further files will be flushed.
  324. //
  325. // *** This should be very rare. STATUS_DISK_FULL is probably the
  326. // main culprit.
  327. if ( !NT_SUCCESS(status) ) {
  328. IF_DEBUG(ERRORS) KdPrint(( "Flush failed: %X\n", status ));
  329. SrvSetSmbError( WorkContext, status );
  330. SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse );
  331. IF_DEBUG(TRACE2) KdPrint(( "RestartFlush complete\n" ));
  332. return;
  333. }
  334. IF_SMB_DEBUG(FILE_CONTROL1) {
  335. KdPrint(( "Flush operation for RFCB %p was successful.\n",
  336. WorkContext->Rfcb ));
  337. }
  338. //
  339. // If the FID in the original request was -1, look for more files
  340. // to flush.
  341. //
  342. if ( WorkContext->Parameters.CurrentTableIndex != -1 ) {
  343. //
  344. // Dereference the RFCB that was stored in the work context block,
  345. // and set the pointer to NULL so that it isn't accidentally
  346. // dereferenced again later.
  347. //
  348. SrvDereferenceRfcb( WorkContext->Rfcb );
  349. WorkContext->Rfcb = NULL;
  350. //
  351. // Find a file to flush and flush it.
  352. //
  353. WorkContext->Parameters.CurrentTableIndex++;
  354. status = FindAndFlushFile( WorkContext );
  355. //
  356. // If a file was found and IO operation started, then return. If
  357. // all the appropriate files have been flushed, send a response SMB.
  358. //
  359. if ( status != STATUS_NO_MORE_FILES ) {
  360. return;
  361. }
  362. } // if ( WorkContext->Parameters.CurrentTableIndex != -1 )
  363. //
  364. // All files have been flushed. Build the response SMB.
  365. //
  366. response->WordCount = 0;
  367. SmbPutUshort( &response->ByteCount, 0 );
  368. WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_FLUSH, 0 );
  369. //
  370. // Processing of the SMB is complete. Call SrvEndSmbProcessing to
  371. // send the response.
  372. //
  373. SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse );
  374. IF_DEBUG(TRACE2) KdPrint(( "SrvSmbFlush complete.\n" ));
  375. SrvWmiEndContext(WorkContext);
  376. return;
  377. } // RestartFlush
  378. NTSTATUS
  379. StartFlush (
  380. IN PWORK_CONTEXT WorkContext,
  381. IN PRFCB Rfcb
  382. )
  383. /*++
  384. Routine Description:
  385. Processes the actual file flush.
  386. Arguments:
  387. WorkContext - Supplies a pointer to the work context block
  388. describing server-specific context for the request.
  389. Rfcb - a pointer to the RFCB corresponding to the file to flush.
  390. Return Value:
  391. STATUS_PENDING if the IO operation was started, or an error from
  392. CHECK_FUNCTION_ACCESS (STATUS_ACCESS_DENIED, for example).
  393. --*/
  394. {
  395. NTSTATUS status;
  396. PAGED_CODE( );
  397. //
  398. // Verify that the client has write access to the file via the
  399. // specified handle.
  400. //
  401. CHECK_FUNCTION_ACCESS(
  402. Rfcb->GrantedAccess,
  403. IRP_MJ_FLUSH_BUFFERS,
  404. 0,
  405. 0,
  406. &status
  407. );
  408. if ( !NT_SUCCESS(status) ) {
  409. IF_DEBUG(ERRORS) {
  410. KdPrint(( "StartFlush: IoCheckFunctionAccess failed: "
  411. "0x%X, GrantedAccess: %lx. Access granted anyway.\n",
  412. status, Rfcb->GrantedAccess ));
  413. }
  414. //
  415. // Some dumb apps flush files opened for r/o. If this happens,
  416. // assume the flush worked. OS/2 let's the
  417. // flush through and we should do the same.
  418. //
  419. WorkContext->Irp->IoStatus.Status = STATUS_SUCCESS;
  420. RestartFlush( WorkContext );
  421. return(STATUS_PENDING);
  422. }
  423. //
  424. // Flush the file's buffers.
  425. //
  426. SrvBuildFlushRequest(
  427. WorkContext->Irp, // input IRP address
  428. Rfcb->Lfcb->FileObject, // target file object address
  429. WorkContext // context
  430. );
  431. //
  432. // Pass the request to the file system.
  433. //
  434. WorkContext->FsdRestartRoutine = SrvQueueWorkToFspAtDpcLevel;
  435. WorkContext->FspRestartRoutine = RestartFlush;
  436. (VOID)IoCallDriver( Rfcb->Lfcb->DeviceObject, WorkContext->Irp );
  437. return STATUS_PENDING;
  438. } // StartFlush
  439. SMB_PROCESSOR_RETURN_TYPE
  440. SrvSmbDelete (
  441. SMB_PROCESSOR_PARAMETERS
  442. )
  443. /*++
  444. Routine Description:
  445. Processes the Delete SMB.
  446. Arguments:
  447. SMB_PROCESSOR_PARAMETERS - See smbprocs.h for a description
  448. of the parameters to SMB processor routines.
  449. Return Value:
  450. SMB_PROCESSOR_RETURN_TYPE - See smbprocs.h
  451. --*/
  452. {
  453. PAGED_CODE();
  454. //
  455. // This SMB must be processed in a blocking thread.
  456. //
  457. if( !WorkContext->UsingBlockingThread ) {
  458. WorkContext->FspRestartRoutine = BlockingDelete;
  459. SrvQueueWorkToBlockingThread( WorkContext );
  460. } else {
  461. BlockingDelete( WorkContext );
  462. }
  463. return SmbStatusInProgress;
  464. } // SrvSmbDelete
  465. VOID SRVFASTCALL
  466. BlockingDelete (
  467. IN OUT PWORK_CONTEXT WorkContext
  468. )
  469. /*++
  470. Routine Description:
  471. This routine processes the Delete SMB.
  472. Arguments:
  473. SMB_PROCESSOR_PARAMETERS - See smbtypes.h for a description
  474. of the parameters to SMB processor routines.
  475. Return Value:
  476. SMB_PROCESSOR_RETURN_TYPE - See smbtypes.h
  477. --*/
  478. {
  479. PREQ_DELETE request;
  480. PRESP_DELETE response;
  481. NTSTATUS status = STATUS_SUCCESS;
  482. UNICODE_STRING filePathName;
  483. UNICODE_STRING fullPathName;
  484. PTREE_CONNECT treeConnect;
  485. PSESSION session;
  486. PSHARE share;
  487. BOOLEAN isUnicode;
  488. ULONG deleteRetries;
  489. PSRV_DIRECTORY_INFORMATION directoryInformation;
  490. PAGED_CODE( );
  491. if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT)
  492. WorkContext->PreviousSMB = EVENT_TYPE_SMB_DELETE;
  493. SrvWmiStartContext(WorkContext);
  494. IF_SMB_DEBUG(FILE_CONTROL1) {
  495. KdPrint(( "Delete file request header at 0x%p, response header at 0x%p\n",
  496. WorkContext->RequestHeader,
  497. WorkContext->ResponseHeader ));
  498. KdPrint(( "Delete file request parameters at 0x%p, response parameters at 0x%p\n",
  499. WorkContext->RequestParameters,
  500. WorkContext->ResponseParameters ));
  501. }
  502. request = (PREQ_DELETE)WorkContext->RequestParameters;
  503. response = (PRESP_DELETE)WorkContext->ResponseParameters;
  504. //
  505. // If a session block has not already been assigned to the current
  506. // work context , verify the UID. If verified, the address of the
  507. // session block corresponding to this user is stored in the
  508. // WorkContext block and the session block is referenced.
  509. //
  510. // Find tree connect corresponding to given TID if a tree connect
  511. // pointer has not already been put in the WorkContext block by an
  512. // AndX command.
  513. //
  514. status = SrvVerifyUidAndTid(
  515. WorkContext,
  516. &session,
  517. &treeConnect,
  518. ShareTypeDisk
  519. );
  520. if ( !NT_SUCCESS(status) ) {
  521. IF_DEBUG(SMB_ERRORS) {
  522. KdPrint(( "SrvSmbDelete: Invalid UID or TID\n" ));
  523. }
  524. goto error_exit;
  525. }
  526. //
  527. // If the session has expired, return that info
  528. //
  529. if( session->IsSessionExpired )
  530. {
  531. status = SESSION_EXPIRED_STATUS_CODE;
  532. goto error_exit;
  533. }
  534. //
  535. // Get the share block from the tree connect block. This doesn't need
  536. // to be a referenced pointer becsue the tree connect has it referenced,
  537. // and we just referenced the tree connect.
  538. //
  539. share = treeConnect->Share;
  540. //
  541. // Initialize the string containing the path name. The +1 is to account
  542. // for the ASCII token in the Buffer field of the request SMB.
  543. //
  544. isUnicode = SMB_IS_UNICODE( WorkContext );
  545. status = SrvCanonicalizePathName(
  546. WorkContext,
  547. share,
  548. NULL,
  549. (PVOID)(request->Buffer + 1),
  550. END_OF_REQUEST_SMB( WorkContext ),
  551. TRUE,
  552. isUnicode,
  553. &filePathName
  554. );
  555. if( !NT_SUCCESS( status ) ) {
  556. IF_DEBUG(SMB_ERRORS) {
  557. KdPrint(( "SrvSmbDelete: illegal path name: %s\n",
  558. (PSZ)request->Buffer + 1 ));
  559. }
  560. goto error_exit;
  561. }
  562. //
  563. // Find out whether there are wildcards in the file name. If so,
  564. // then call SrvQueryDirectoryFile to expand the wildcards; if not,
  565. // just delete the file directly.
  566. //
  567. if ( !FsRtlDoesNameContainWildCards( &filePathName ) ) {
  568. //
  569. // Build a full pathname to the file.
  570. //
  571. SrvAllocateAndBuildPathName(
  572. &treeConnect->Share->DosPathName,
  573. &filePathName,
  574. NULL,
  575. &fullPathName
  576. );
  577. if ( fullPathName.Buffer == NULL ) {
  578. IF_DEBUG(ERRORS) {
  579. KdPrint(( "SrvSmbDelete: SrvAllocateAndBuildPathName failed\n" ));
  580. }
  581. if ( !isUnicode ) {
  582. RtlFreeUnicodeString( &filePathName );
  583. }
  584. status = STATUS_INSUFF_SERVER_RESOURCES;
  585. goto error_exit;
  586. }
  587. IF_SMB_DEBUG(FILE_CONTROL2) {
  588. KdPrint(( "Full path name to file is %wZ\n", &fullPathName ));
  589. }
  590. //
  591. // Perform the actual delete operation on this filename.
  592. //
  593. deleteRetries = SrvSharingViolationRetryCount;
  594. start_retry1:
  595. status = DoDelete(
  596. &fullPathName,
  597. &filePathName,
  598. WorkContext,
  599. SmbGetUshort( &request->SearchAttributes ),
  600. treeConnect->Share
  601. );
  602. if ( (status == STATUS_SHARING_VIOLATION) &&
  603. (deleteRetries-- > 0) ) {
  604. (VOID) KeDelayExecutionThread(
  605. KernelMode,
  606. FALSE,
  607. &SrvSharingViolationDelay
  608. );
  609. goto start_retry1;
  610. }
  611. FREE_HEAP( fullPathName.Buffer );
  612. if ( !isUnicode ) {
  613. RtlFreeUnicodeString( &filePathName );
  614. }
  615. if ( !NT_SUCCESS(status) ) {
  616. goto error_exit;
  617. }
  618. } else {
  619. BOOLEAN firstCall = TRUE;
  620. CLONG bufferLength;
  621. UNICODE_STRING subdirInfo;
  622. BOOLEAN filterLongNames;
  623. //
  624. // A buffer of non-paged pool is required for
  625. // SrvQueryDirectoryFile. Since this routine does not use any
  626. // of the SMB buffer after the pathname of the file to delete,
  627. // we can use this. The buffer should be quadword-aligned.
  628. //
  629. directoryInformation =
  630. (PSRV_DIRECTORY_INFORMATION)( (ULONG_PTR)((PCHAR)request->Buffer +
  631. SmbGetUshort( &request->ByteCount ) + 7) & ~7 );
  632. bufferLength = WorkContext->RequestBuffer->BufferLength -
  633. PTR_DIFF(directoryInformation,
  634. WorkContext->RequestBuffer->Buffer);
  635. //
  636. // We need the full path name of each file that is returned by
  637. // SrvQueryDirectoryFile, so we need to find the part of the
  638. // passed filename that contains subdirectory information (e.g.
  639. // for a\b\c\*.*, we want a string that indicates a\b\c).
  640. //
  641. subdirInfo.Buffer = filePathName.Buffer;
  642. subdirInfo.Length = SrvGetSubdirectoryLength( &filePathName );
  643. subdirInfo.MaximumLength = subdirInfo.Length;
  644. IF_SMB_DEBUG(FILE_CONTROL2) {
  645. KdPrint(( "Subdirectory info is %wZ\n", &subdirInfo ));
  646. }
  647. //
  648. // Determine whether long filenames (non-8.3) should be filtered out
  649. // or processed.
  650. //
  651. if ( (SmbGetAlignedUshort( &WorkContext->RequestHeader->Flags2 ) &
  652. SMB_FLAGS2_KNOWS_LONG_NAMES) != 0 ) {
  653. filterLongNames = FALSE;
  654. } else {
  655. filterLongNames = TRUE;
  656. }
  657. //
  658. // When we call SrvQueryDirectoryFile, it will open the file for
  659. // us, so all we have to do is delete it with
  660. // NtSetInformationFile.
  661. //
  662. // *** We ask for FileBothDirectoryInformation so that we will
  663. // pick up long names on NTFS that have short name
  664. // equivalents. Without this, DOS clients will not be able
  665. // to delete long names on NTFS volumes.
  666. //
  667. while ( ( status = SrvQueryDirectoryFile(
  668. WorkContext,
  669. firstCall,
  670. filterLongNames,
  671. FALSE,
  672. FileBothDirectoryInformation,
  673. 0,
  674. &filePathName,
  675. NULL,
  676. SmbGetUshort( &request->SearchAttributes ),
  677. directoryInformation,
  678. bufferLength
  679. ) ) != STATUS_NO_MORE_FILES ) {
  680. PFILE_BOTH_DIR_INFORMATION bothDirInfo;
  681. UNICODE_STRING name;
  682. UNICODE_STRING relativeName;
  683. if ( !NT_SUCCESS(status) ) {
  684. IF_DEBUG(ERRORS) {
  685. KdPrint(( "SrvSmbDelete: SrvQueryDirectoryFile failed: "
  686. "%X\n", status ));
  687. }
  688. if ( !isUnicode ) {
  689. RtlFreeUnicodeString( &filePathName );
  690. }
  691. goto error_exit1;
  692. }
  693. bothDirInfo =
  694. (PFILE_BOTH_DIR_INFORMATION)directoryInformation->CurrentEntry;
  695. //
  696. // Note that we use the standard name to do the delete, even
  697. // though we may have matched on the NTFS short name. The
  698. // client doesn't care which name we use to do the delete.
  699. //
  700. name.Length = (SHORT)bothDirInfo->FileNameLength;
  701. name.MaximumLength = name.Length;
  702. name.Buffer = bothDirInfo->FileName;
  703. IF_SMB_DEBUG(FILE_CONTROL2) {
  704. KdPrint(( "SrvQueryDirectoryFile--name %wZ, length = %ld, "
  705. "status = %X\n",
  706. &name,
  707. directoryInformation->CurrentEntry->FileNameLength,
  708. status ));
  709. }
  710. firstCall = FALSE;
  711. //
  712. // Build a full pathname to the file.
  713. //
  714. SrvAllocateAndBuildPathName(
  715. &treeConnect->Share->DosPathName,
  716. &subdirInfo,
  717. &name,
  718. &fullPathName
  719. );
  720. if ( fullPathName.Buffer == NULL ) {
  721. IF_DEBUG(ERRORS) {
  722. KdPrint(( "SrvSmbDelete: SrvAllocateAndBuildPathName "
  723. "failed\n" ));
  724. }
  725. if ( !isUnicode ) {
  726. RtlFreeUnicodeString( &filePathName );
  727. }
  728. status = STATUS_INSUFFICIENT_RESOURCES;
  729. goto error_exit1;
  730. }
  731. IF_SMB_DEBUG(FILE_CONTROL2) {
  732. KdPrint(( "Full path name to file is %wZ\n", &fullPathName ));
  733. }
  734. //
  735. // Build the relative path name to the file.
  736. //
  737. SrvAllocateAndBuildPathName(
  738. &subdirInfo,
  739. &name,
  740. NULL,
  741. &relativeName
  742. );
  743. if ( relativeName.Buffer == NULL ) {
  744. IF_DEBUG(ERRORS) {
  745. KdPrint(( "SrvSmbDelete: SrvAllocateAndBuildPathName failed\n" ));
  746. }
  747. FREE_HEAP( fullPathName.Buffer );
  748. if ( !isUnicode ) {
  749. RtlFreeUnicodeString( &filePathName );
  750. }
  751. status = STATUS_INSUFF_SERVER_RESOURCES;
  752. goto error_exit1;
  753. }
  754. IF_SMB_DEBUG(FILE_CONTROL2) {
  755. KdPrint(( "Full path name to file is %wZ\n", &fullPathName ));
  756. }
  757. //
  758. // Perform the actual delete operation on this filename.
  759. //
  760. // *** SrvQueryDirectoryFile has already filtered based on
  761. // the search attributes, so tell DoDelete that files
  762. // with the system and hidden bits are OK. This will
  763. // prevent the call to NtQueryDirectoryFile performed
  764. // in SrvCheckSearchAttributesForHandle.
  765. deleteRetries = SrvSharingViolationRetryCount;
  766. start_retry2:
  767. status = DoDelete(
  768. &fullPathName,
  769. &relativeName,
  770. WorkContext,
  771. (USHORT)(FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN),
  772. treeConnect->Share
  773. );
  774. if ( (status == STATUS_SHARING_VIOLATION) &&
  775. (deleteRetries-- > 0) ) {
  776. (VOID) KeDelayExecutionThread(
  777. KernelMode,
  778. FALSE,
  779. &SrvSharingViolationDelay
  780. );
  781. goto start_retry2;
  782. }
  783. FREE_HEAP( relativeName.Buffer );
  784. FREE_HEAP( fullPathName.Buffer );
  785. if ( !NT_SUCCESS(status) ) {
  786. if ( !isUnicode ) {
  787. RtlFreeUnicodeString( &filePathName );
  788. }
  789. goto error_exit1;
  790. }
  791. }
  792. //
  793. // Close the directory search.
  794. //
  795. if ( !isUnicode ) {
  796. RtlFreeUnicodeString( &filePathName );
  797. }
  798. SrvCloseQueryDirectory( directoryInformation );
  799. //
  800. // If no files were found, return an error to the client.
  801. //
  802. if ( firstCall ) {
  803. status = STATUS_NO_SUCH_FILE;
  804. goto error_exit;
  805. }
  806. }
  807. //
  808. // Build the response SMB.
  809. //
  810. response->WordCount = 0;
  811. SmbPutUshort( &response->ByteCount, 0 );
  812. WorkContext->ResponseParameters = NEXT_LOCATION(
  813. response,
  814. RESP_DELETE,
  815. 0
  816. );
  817. IF_DEBUG(TRACE2) KdPrint(( "SrvSmbDelete complete.\n" ));
  818. goto normal_exit;
  819. error_exit1:
  820. SrvCloseQueryDirectory( directoryInformation );
  821. error_exit:
  822. SrvSetSmbError( WorkContext, status );
  823. normal_exit:
  824. SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse );
  825. SrvWmiEndContext(WorkContext);
  826. return;
  827. } // BlockingDelete
  828. NTSTATUS
  829. DoDelete (
  830. IN PUNICODE_STRING FullFileName,
  831. IN PUNICODE_STRING RelativeFileName,
  832. IN PWORK_CONTEXT WorkContext,
  833. IN USHORT SmbSearchAttributes,
  834. IN PSHARE Share
  835. )
  836. /*++
  837. Routine Description:
  838. This routine performs the core of a file delete.
  839. Arguments:
  840. FileName - a full path name, from the system name space root, to the
  841. file to delete.
  842. RelativeFileName - the name of the file relative to the share root.
  843. WorkContext - context block for the operation. The RequestHeader and
  844. Session fields are used.
  845. SmbSearchAttributes - the search attributes passed in the request
  846. SMB. The actual file attributes are verified against these to
  847. make sure that the operation is legitimate.
  848. Return Value:
  849. NTSTATUS - indicates result of operation.
  850. --*/
  851. {
  852. NTSTATUS status;
  853. PMFCB mfcb;
  854. PNONPAGED_MFCB nonpagedMfcb;
  855. FILE_DISPOSITION_INFORMATION fileDispositionInformation;
  856. HANDLE fileHandle = NULL;
  857. ULONG caseInsensitive;
  858. IO_STATUS_BLOCK ioStatusBlock;
  859. PSRV_LOCK mfcbLock;
  860. ULONG hashValue;
  861. PAGED_CODE( );
  862. //
  863. // See if that file is already open. If it is open in
  864. // compatibility mode or is an FCB open, we have to close all of
  865. // that client's opens.
  866. //
  867. // *** SrvFindMfcb references the MFCB--remember to dereference it.
  868. //
  869. if ( (WorkContext->RequestHeader->Flags & SMB_FLAGS_CASE_INSENSITIVE) ||
  870. WorkContext->Session->UsingUppercasePaths ) {
  871. caseInsensitive = OBJ_CASE_INSENSITIVE;
  872. mfcb = SrvFindMfcb( FullFileName, TRUE, &mfcbLock, &hashValue, WorkContext );
  873. } else {
  874. caseInsensitive = 0;
  875. mfcb = SrvFindMfcb( FullFileName, FALSE, &mfcbLock, &hashValue, WorkContext );
  876. }
  877. if ( mfcb != NULL ) {
  878. nonpagedMfcb = mfcb->NonpagedMfcb;
  879. ACQUIRE_LOCK( &nonpagedMfcb->Lock );
  880. }
  881. if( mfcbLock ) {
  882. RELEASE_LOCK( mfcbLock );
  883. }
  884. if ( mfcb == NULL || !mfcb->CompatibilityOpen ) {
  885. ACCESS_MASK deleteAccess = DELETE;
  886. OBJECT_ATTRIBUTES objectAttributes;
  887. //
  888. // Either the file wasn't opened by the server or it was not
  889. // a compatibility/FCB open, so open it here for the delete.
  890. //
  891. del_no_file_handle:
  892. //
  893. // If there was an MFCB for this file, we now hold its lock and a
  894. // referenced pointer. Undo both.
  895. //
  896. if ( mfcb != NULL ) {
  897. RELEASE_LOCK( &nonpagedMfcb->Lock );
  898. SrvDereferenceMfcb( mfcb );
  899. }
  900. SrvInitializeObjectAttributes_U(
  901. &objectAttributes,
  902. RelativeFileName,
  903. caseInsensitive,
  904. NULL,
  905. NULL
  906. );
  907. INCREMENT_DEBUG_STAT( SrvDbgStatistics.TotalOpenAttempts );
  908. INCREMENT_DEBUG_STAT( SrvDbgStatistics.TotalOpensForPathOperations );
  909. //
  910. // !!! Currently we can't specify complete if oplocked, because
  911. // this won't break a batch oplock. Unfortunately this also
  912. // means that we can't timeout the open (if the oplock break
  913. // takes too long) and fail this SMB gracefully.
  914. //
  915. status = SrvIoCreateFile(
  916. WorkContext,
  917. &fileHandle,
  918. DELETE, // DesiredAccess
  919. &objectAttributes,
  920. &ioStatusBlock,
  921. NULL, // AllocationSize
  922. 0L, // FileAttributes
  923. 0L, // ShareAccess
  924. FILE_OPEN, // Disposition
  925. FILE_NON_DIRECTORY_FILE | FILE_OPEN_REPARSE_POINT, // CreateOptions
  926. NULL, // EaBuffer
  927. 0L, // EaLength
  928. CreateFileTypeNone,
  929. NULL, // ExtraCreateParameters
  930. IO_FORCE_ACCESS_CHECK, // Options
  931. WorkContext->TreeConnect->Share
  932. );
  933. if( status == STATUS_INVALID_PARAMETER ) {
  934. status = SrvIoCreateFile(
  935. WorkContext,
  936. &fileHandle,
  937. DELETE, // DesiredAccess
  938. &objectAttributes,
  939. &ioStatusBlock,
  940. NULL, // AllocationSize
  941. 0L, // FileAttributes
  942. 0L, // ShareAccess
  943. FILE_OPEN, // Disposition
  944. FILE_NON_DIRECTORY_FILE, // CreateOptions
  945. NULL, // EaBuffer
  946. 0L, // EaLength
  947. CreateFileTypeNone,
  948. NULL, // ExtraCreateParameters
  949. IO_FORCE_ACCESS_CHECK, // Options
  950. WorkContext->TreeConnect->Share
  951. );
  952. }
  953. if ( NT_SUCCESS(status) ) {
  954. SRVDBG_CLAIM_HANDLE( fileHandle, "FIL", 27, 0 );
  955. }
  956. ASSERT( status != STATUS_OPLOCK_BREAK_IN_PROGRESS );
  957. if ( !NT_SUCCESS(status) ) {
  958. IF_DEBUG(ERRORS) {
  959. KdPrint(( "SrvSmbDelete: SrvIoCreateFile failed: %X\n",
  960. status ));
  961. }
  962. //
  963. // If the user didn't have this permission, update the
  964. // statistics database.
  965. //
  966. if ( status == STATUS_ACCESS_DENIED ) {
  967. SrvStatistics.AccessPermissionErrors++;
  968. }
  969. if ( fileHandle != NULL ) {
  970. SRVDBG_RELEASE_HANDLE( fileHandle, "FIL", 41, 0 );
  971. SrvNtClose( fileHandle, TRUE );
  972. }
  973. return status;
  974. }
  975. //
  976. // Make sure that the search attributes jive with the attributes
  977. // on the file.
  978. //
  979. status = SrvCheckSearchAttributesForHandle( fileHandle, SmbSearchAttributes );
  980. if ( !NT_SUCCESS(status) ) {
  981. SRVDBG_RELEASE_HANDLE( fileHandle, "FIL", 42, 0 );
  982. SrvNtClose( fileHandle, TRUE );
  983. return status;
  984. }
  985. //
  986. // Now that the file has been opened, delete it with
  987. // NtSetInformationFile.
  988. //
  989. SrvStatistics.TotalFilesOpened++;
  990. fileDispositionInformation.DeleteFile = TRUE;
  991. status = NtSetInformationFile(
  992. fileHandle,
  993. &ioStatusBlock,
  994. &fileDispositionInformation,
  995. sizeof(FILE_DISPOSITION_INFORMATION),
  996. FileDispositionInformation
  997. );
  998. if ( !NT_SUCCESS(status) ) {
  999. INTERNAL_ERROR(
  1000. ERROR_LEVEL_UNEXPECTED,
  1001. "SrvSmbDelete: NtSetInformationFile (file disposition) "
  1002. "returned %X",
  1003. status,
  1004. NULL
  1005. );
  1006. SrvLogServiceFailure( SRV_SVC_NT_SET_INFO_FILE, status );
  1007. SRVDBG_RELEASE_HANDLE( fileHandle, "FIL", 43, 0 );
  1008. SrvNtClose( fileHandle, TRUE );
  1009. return status;
  1010. }
  1011. IF_SMB_DEBUG(FILE_CONTROL2) {
  1012. if( NT_SUCCESS( status ) ) {
  1013. KdPrint(( "SrvSmbDelete: %wZ successfully deleted.\n", FullFileName ));
  1014. }
  1015. }
  1016. //
  1017. // Close the opened file so that it can be deleted. This will
  1018. // happen automatically, since the FCB_STATE_FLAG_DELETE_ON_CLOSE
  1019. // flag of the FCB has been set by NtSetInformationFile.
  1020. //
  1021. SRVDBG_RELEASE_HANDLE( fileHandle, "FIL", 44, 0 );
  1022. SrvNtClose( fileHandle, TRUE );
  1023. } else {
  1024. //
  1025. // The file was opened by the server in compatibility mode
  1026. // or as an FCB open. Check the granted access to make sure
  1027. // that the file can be deleted.
  1028. //
  1029. ACCESS_MASK deleteAccess = DELETE;
  1030. PLFCB lfcb = CONTAINING_RECORD( mfcb->LfcbList.Blink, LFCB, MfcbListEntry );
  1031. //
  1032. // If this file has been closed. Go back to no mfcb case.
  1033. //
  1034. // *** The specific motivation for this change was to fix a problem
  1035. // where a compatibility mode open was closed, the response was
  1036. // sent, and a Delete SMB was received before the mfcb was
  1037. // completely cleaned up. This resulted in the MFCB and LFCB
  1038. // still being present, which caused the delete processing to
  1039. // try to use the file handle in the LFCB.
  1040. //
  1041. if ( lfcb->FileHandle == 0 ) {
  1042. goto del_no_file_handle;
  1043. }
  1044. //
  1045. // Make sure that the session which sent this request is the
  1046. // same as the one which has the file open.
  1047. //
  1048. if ( lfcb->Session != WorkContext->Session ) {
  1049. //
  1050. // A different session has the file open in compatibility
  1051. // mode, so reject the request.
  1052. //
  1053. RELEASE_LOCK( &nonpagedMfcb->Lock );
  1054. SrvDereferenceMfcb( mfcb );
  1055. return STATUS_SHARING_VIOLATION;
  1056. }
  1057. if ( !NT_SUCCESS(IoCheckDesiredAccess(
  1058. &deleteAccess,
  1059. lfcb->GrantedAccess )) ) {
  1060. //
  1061. // The client cannot delete this file, so close all the
  1062. // RFCBs and return an error.
  1063. //
  1064. SrvCloseRfcbsOnLfcb( lfcb );
  1065. RELEASE_LOCK( &nonpagedMfcb->Lock );
  1066. SrvDereferenceMfcb( mfcb );
  1067. return STATUS_ACCESS_DENIED;
  1068. }
  1069. //
  1070. // Delete the file with NtSetInformationFile.
  1071. //
  1072. fileHandle = lfcb->FileHandle;
  1073. fileDispositionInformation.DeleteFile = TRUE;
  1074. status = NtSetInformationFile(
  1075. fileHandle,
  1076. &ioStatusBlock,
  1077. &fileDispositionInformation,
  1078. sizeof(FILE_DISPOSITION_INFORMATION),
  1079. FileDispositionInformation
  1080. );
  1081. if ( !NT_SUCCESS(status) ) {
  1082. INTERNAL_ERROR(
  1083. ERROR_LEVEL_EXPECTED,
  1084. "SrvSmbDelete: NtSetInformationFile (disposition) "
  1085. "returned %X",
  1086. status,
  1087. NULL
  1088. );
  1089. SrvLogServiceFailure( SRV_SVC_NT_SET_INFO_FILE, status );
  1090. SrvCloseRfcbsOnLfcb( lfcb );
  1091. RELEASE_LOCK( &nonpagedMfcb->Lock );
  1092. SrvDereferenceMfcb( mfcb );
  1093. return status;
  1094. }
  1095. IF_SMB_DEBUG(FILE_CONTROL2) {
  1096. KdPrint(( "SrvSmbDelete: %wZ successfully deleted.\n", FullFileName ));
  1097. }
  1098. //
  1099. // Close the RFCBs on the MFCB. Since this is a compatability
  1100. // or FCB open, there is only a single LFCB for the MFCB. This
  1101. // will result in the LFCB's file handle being closed, so there
  1102. // is no need to call NtClose here.
  1103. //
  1104. SrvCloseRfcbsOnLfcb( lfcb );
  1105. RELEASE_LOCK( &nonpagedMfcb->Lock );
  1106. SrvDereferenceMfcb( mfcb );
  1107. }
  1108. return STATUS_SUCCESS;
  1109. } // DoDelete
  1110. SMB_PROCESSOR_RETURN_TYPE
  1111. SrvSmbRename (
  1112. SMB_PROCESSOR_PARAMETERS
  1113. )
  1114. /*++
  1115. Routine Description:
  1116. Processes the Rename SMB.
  1117. Arguments:
  1118. SMB_PROCESSOR_PARAMETERS - See smbprocs.h for a description
  1119. of the parameters to SMB processor routines.
  1120. Return Value:
  1121. SMB_PROCESSOR_RETURN_TYPE - See smbprocs.h
  1122. --*/
  1123. {
  1124. PAGED_CODE();
  1125. if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT)
  1126. WorkContext->PreviousSMB = EVENT_TYPE_SMB_RENAME;
  1127. SrvWmiStartContext(WorkContext);
  1128. //
  1129. // This SMB must be processed in a blocking thread.
  1130. //
  1131. WorkContext->FspRestartRoutine = BlockingRename;
  1132. SrvQueueWorkToBlockingThread( WorkContext );
  1133. SrvWmiEndContext(WorkContext);
  1134. return SmbStatusInProgress;
  1135. } // SrvSmbRename
  1136. VOID SRVFASTCALL
  1137. BlockingRename (
  1138. IN OUT PWORK_CONTEXT WorkContext
  1139. )
  1140. /*++
  1141. Routine Description:
  1142. This routine processes the Rename SMB.
  1143. Arguments:
  1144. WorkContext - work context block
  1145. Return Value:
  1146. None.
  1147. --*/
  1148. {
  1149. PREQ_RENAME request;
  1150. PREQ_NTRENAME ntrequest;
  1151. PUCHAR RenameBuffer;
  1152. PRESP_RENAME response;
  1153. NTSTATUS status = STATUS_SUCCESS;
  1154. UNICODE_STRING sourceName;
  1155. UNICODE_STRING targetName;
  1156. USHORT smbFlags;
  1157. USHORT ByteCount;
  1158. PCHAR target;
  1159. PCHAR lastPositionInBuffer;
  1160. PTREE_CONNECT treeConnect;
  1161. PSESSION session;
  1162. PSHARE share;
  1163. BOOLEAN isUnicode;
  1164. BOOLEAN isNtRename;
  1165. BOOLEAN isDfs;
  1166. PSRV_DIRECTORY_INFORMATION directoryInformation;
  1167. ULONG renameRetries;
  1168. PAGED_CODE( );
  1169. if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT)
  1170. WorkContext->PreviousSMB = EVENT_TYPE_SMB_RENAME;
  1171. SrvWmiStartContext(WorkContext);
  1172. IF_SMB_DEBUG(FILE_CONTROL1) {
  1173. KdPrint(( "Rename file request header at 0x%p, response header at 0x%p\n",
  1174. WorkContext->RequestHeader,
  1175. WorkContext->ResponseHeader ));
  1176. KdPrint(( "Rename file request parameters at 0x%p, response parameters at 0x%p\n",
  1177. WorkContext->RequestParameters,
  1178. WorkContext->ResponseParameters ));
  1179. }
  1180. response = (PRESP_RENAME)WorkContext->ResponseParameters;
  1181. request = (PREQ_RENAME)WorkContext->RequestParameters;
  1182. ntrequest = (PREQ_NTRENAME)WorkContext->RequestParameters;
  1183. isNtRename =
  1184. (BOOLEAN)(WorkContext->RequestHeader->Command == SMB_COM_NT_RENAME);
  1185. if (isNtRename) {
  1186. RenameBuffer = ntrequest->Buffer;
  1187. ByteCount = MIN(SmbGetUshort(&ntrequest->ByteCount), (USHORT)(END_OF_REQUEST_SMB(WorkContext) + 1 - (PCHAR)RenameBuffer));
  1188. } else {
  1189. RenameBuffer = request->Buffer;
  1190. ByteCount = MIN(SmbGetUshort(&request->ByteCount), (USHORT)(END_OF_REQUEST_SMB(WorkContext) + 1 - (PCHAR)RenameBuffer));
  1191. }
  1192. //
  1193. // If a session block has not already been assigned to the current
  1194. // work context , verify the UID. If verified, the address of the
  1195. // session block corresponding to this user is stored in the
  1196. // WorkContext block and the session block is referenced.
  1197. //
  1198. // Find tree connect corresponding to given TID if a tree connect
  1199. // pointer has not already been put in the WorkContext block by an
  1200. // AndX command.
  1201. //
  1202. status = SrvVerifyUidAndTid(
  1203. WorkContext,
  1204. &session,
  1205. &treeConnect,
  1206. ShareTypeDisk
  1207. );
  1208. if ( !NT_SUCCESS(status) ) {
  1209. IF_DEBUG(SMB_ERRORS) {
  1210. KdPrint(( "BlockingRename: Invalid UID or TID\n" ));
  1211. }
  1212. goto error_exit;
  1213. }
  1214. //
  1215. // If the session has expired, return that info
  1216. //
  1217. if( session->IsSessionExpired )
  1218. {
  1219. status = SESSION_EXPIRED_STATUS_CODE;
  1220. goto error_exit;
  1221. }
  1222. //
  1223. // Get the share block from the tree connect block. This does not need
  1224. // to be a referenced pointer because we have referenced the tree
  1225. // connect, and it has the share referenced.
  1226. //
  1227. share = treeConnect->Share;
  1228. //
  1229. // Set up the path name for the file we will search for. The +1
  1230. // accounts for the ASCII token of the SMB protocol.
  1231. //
  1232. isUnicode = SMB_IS_UNICODE( WorkContext );
  1233. isDfs = SMB_CONTAINS_DFS_NAME( WorkContext );
  1234. //
  1235. // Get a pointer to the new pathname of the file. This is in the
  1236. // buffer field of the request SMB after the source name. The
  1237. // target is delimited by the SMB_FORMAT_ASCII.
  1238. //
  1239. // While doing this, make sure that we do not walk off the end of the
  1240. // SMB buffer if the client did not include the SMB_FORMAT_ASCII
  1241. // token.
  1242. //
  1243. lastPositionInBuffer = (PCHAR)RenameBuffer + ByteCount;
  1244. if( !isUnicode ) {
  1245. for ( target = (PCHAR)RenameBuffer + 1;
  1246. (target < lastPositionInBuffer) && (*target != SMB_FORMAT_ASCII);
  1247. target++ ) {
  1248. ;
  1249. }
  1250. } else {
  1251. PWCHAR p = (PWCHAR)(RenameBuffer + 1);
  1252. //
  1253. // Skip the Original filename part. The name is null-terminated
  1254. // (see rdr\utils.c RdrCopyNetworkPath())
  1255. //
  1256. //
  1257. // Ensure p is suitably aligned
  1258. //
  1259. p = ALIGN_SMB_WSTR(p);
  1260. //
  1261. // Skip over the source filename
  1262. //
  1263. for( p = ALIGN_SMB_WSTR(p);
  1264. p < (PWCHAR)lastPositionInBuffer && *p != UNICODE_NULL;
  1265. p++ ) {
  1266. ;
  1267. }
  1268. //
  1269. // Search for SMB_FORMAT_ASCII which preceeds the target name
  1270. //
  1271. //
  1272. for ( target = (PUCHAR)(p + 1);
  1273. target < lastPositionInBuffer && *target != SMB_FORMAT_ASCII;
  1274. target++ ) {
  1275. ;
  1276. }
  1277. }
  1278. //
  1279. // If there was no SMB_FORMAT_ASCII in the passed buffer, fail.
  1280. //
  1281. if ( (target >= lastPositionInBuffer) || (*target != SMB_FORMAT_ASCII) ) {
  1282. if ( !isUnicode ) {
  1283. RtlFreeUnicodeString( &sourceName );
  1284. }
  1285. status = STATUS_INVALID_SMB;
  1286. goto error_exit;
  1287. }
  1288. // Canonicalize out the Source name
  1289. status = SrvCanonicalizePathName(
  1290. WorkContext,
  1291. share,
  1292. NULL,
  1293. (PVOID)(RenameBuffer + 1),
  1294. target,
  1295. TRUE,
  1296. isUnicode,
  1297. &sourceName
  1298. );
  1299. if( !NT_SUCCESS( status ) ) {
  1300. IF_DEBUG(SMB_ERRORS) {
  1301. KdPrint(( "BlockingRename: illegal path name: %s\n",
  1302. (PSZ)RenameBuffer + 1 ));
  1303. }
  1304. goto error_exit;
  1305. }
  1306. if( !sourceName.Length ) {
  1307. IF_DEBUG(SMB_ERRORS) {
  1308. KdPrint(( "BlockingRename: No source name\n" ));
  1309. }
  1310. status = STATUS_OBJECT_PATH_SYNTAX_BAD;
  1311. goto error_exit;
  1312. }
  1313. //
  1314. // If the SMB was originally marked as containing Dfs names, then the
  1315. // call to SrvCanonicalizePathName for the source path has cleared that
  1316. // flag. So, re-mark the SMB as containing Dfs names before calling
  1317. // SrvCanonicalizePathName on the target path.
  1318. //
  1319. if (isDfs) {
  1320. SMB_MARK_AS_DFS_NAME( WorkContext );
  1321. }
  1322. status = SrvCanonicalizePathName(
  1323. WorkContext,
  1324. share,
  1325. NULL,
  1326. target + 1,
  1327. END_OF_REQUEST_SMB( WorkContext ),
  1328. TRUE,
  1329. isUnicode,
  1330. &targetName
  1331. );
  1332. if( !NT_SUCCESS( status ) ) {
  1333. IF_DEBUG(SMB_ERRORS) {
  1334. KdPrint(( "BlockingRename: illegal path name: %s\n", target + 1 ));
  1335. }
  1336. if ( !isUnicode ) {
  1337. RtlFreeUnicodeString( &sourceName );
  1338. }
  1339. goto error_exit;
  1340. }
  1341. if( !targetName.Length ) {
  1342. IF_DEBUG(SMB_ERRORS) {
  1343. KdPrint(( "BlockingRename: No target name\n" ));
  1344. }
  1345. if( !isUnicode ) {
  1346. RtlFreeUnicodeString( &sourceName );
  1347. }
  1348. status = STATUS_OBJECT_PATH_SYNTAX_BAD;
  1349. goto error_exit;
  1350. }
  1351. //
  1352. // Ensure this client's RFCB cache is empty. This covers the case
  1353. // where a client has open files in a directory we are trying
  1354. // to rename.
  1355. //
  1356. SrvCloseCachedRfcbsOnConnection( WorkContext->Connection );
  1357. if ( !FsRtlDoesNameContainWildCards( &sourceName ) ) {
  1358. USHORT InformationLevel = SMB_NT_RENAME_RENAME_FILE;
  1359. ULONG ClusterCount = 0;
  1360. if (isNtRename) {
  1361. InformationLevel = SmbGetUshort(&ntrequest->InformationLevel);
  1362. ClusterCount = SmbGetUlong(&ntrequest->ClusterCount);
  1363. }
  1364. smbFlags = 0;
  1365. //
  1366. // Use SrvMoveFile to rename the file. The SmbOpenFunction is
  1367. // set to indicate that existing files may not be overwritten,
  1368. // and we may create new files. Also, the target may not be
  1369. // a directory; if it already exists as a directory, fail.
  1370. //
  1371. renameRetries = SrvSharingViolationRetryCount;
  1372. start_retry1:
  1373. status = SrvMoveFile(
  1374. WorkContext,
  1375. WorkContext->TreeConnect->Share,
  1376. SMB_OFUN_CREATE_CREATE | SMB_OFUN_OPEN_FAIL,
  1377. &smbFlags,
  1378. SmbGetUshort( &request->SearchAttributes ),
  1379. TRUE,
  1380. InformationLevel,
  1381. ClusterCount,
  1382. &sourceName,
  1383. &targetName
  1384. );
  1385. if ( (status == STATUS_SHARING_VIOLATION) &&
  1386. (renameRetries-- > 0) ) {
  1387. (VOID) KeDelayExecutionThread(
  1388. KernelMode,
  1389. FALSE,
  1390. &SrvSharingViolationDelay
  1391. );
  1392. goto start_retry1;
  1393. }
  1394. if ( !isUnicode ) {
  1395. RtlFreeUnicodeString( &targetName );
  1396. RtlFreeUnicodeString( &sourceName );
  1397. }
  1398. if ( !NT_SUCCESS(status) ) {
  1399. goto error_exit;
  1400. }
  1401. } else if (isNtRename) { // Wild cards not allowed!
  1402. status = STATUS_OBJECT_PATH_SYNTAX_BAD;
  1403. goto error_exit;
  1404. } else {
  1405. BOOLEAN firstCall = TRUE;
  1406. UNICODE_STRING subdirInfo;
  1407. CLONG bufferLength;
  1408. BOOLEAN filterLongNames;
  1409. //
  1410. // We need the full path name of each file that is returned by
  1411. // SrvQueryDirectoryFile, so we need to find the part of the
  1412. // passed filename that contains subdirectory information (e.g.
  1413. // for a\b\c\*.*, we want a string that indicates a\b\c).
  1414. //
  1415. subdirInfo.Buffer = sourceName.Buffer;
  1416. subdirInfo.Length = SrvGetSubdirectoryLength( &sourceName );
  1417. subdirInfo.MaximumLength = subdirInfo.Length;
  1418. //
  1419. // SrvQueryDirectoryFile requires a buffer from nonpaged pool.
  1420. // Since this routine does not use the buffer field of the
  1421. // request SMB after the pathname, use this. The buffer must be
  1422. // quadword-aligned.
  1423. //
  1424. directoryInformation =
  1425. (PSRV_DIRECTORY_INFORMATION)((ULONG_PTR)((PCHAR)RenameBuffer + ByteCount + 7) & ~7);
  1426. bufferLength = WorkContext->RequestBuffer->BufferLength -
  1427. PTR_DIFF(directoryInformation,
  1428. WorkContext->RequestBuffer->Buffer);
  1429. smbFlags = 0;
  1430. //
  1431. // Determine whether long filenames (non-8.3) should be filtered out
  1432. // or processed.
  1433. //
  1434. if ( (SmbGetAlignedUshort( &WorkContext->RequestHeader->Flags2 ) &
  1435. SMB_FLAGS2_KNOWS_LONG_NAMES) != 0 ) {
  1436. filterLongNames = FALSE;
  1437. } else {
  1438. filterLongNames = TRUE;
  1439. }
  1440. //
  1441. // Call SrvQueryDirectoryFile to get file(s) to rename, renaming as
  1442. // we get each file.
  1443. //
  1444. // *** We ask for FileBothDirectoryInformation so that we will
  1445. // pick up long names on NTFS that have short name
  1446. // equivalents. Without this, DOS clients will not be able
  1447. // to rename long names on NTFS volumes.
  1448. //
  1449. while ( ( status = SrvQueryDirectoryFile(
  1450. WorkContext,
  1451. firstCall,
  1452. filterLongNames,
  1453. FALSE,
  1454. FileBothDirectoryInformation,
  1455. 0,
  1456. &sourceName,
  1457. NULL,
  1458. SmbGetUshort( &request->SearchAttributes ),
  1459. directoryInformation,
  1460. bufferLength
  1461. ) ) != STATUS_NO_MORE_FILES ) {
  1462. PFILE_BOTH_DIR_INFORMATION bothDirInfo;
  1463. UNICODE_STRING sourceFileName;
  1464. UNICODE_STRING sourcePathName;
  1465. if ( !NT_SUCCESS(status) ) {
  1466. IF_DEBUG(ERRORS) {
  1467. KdPrint(( "BlockingRename: SrvQueryDirectoryFile failed: %X\n",
  1468. status ));
  1469. }
  1470. if ( !isUnicode ) {
  1471. RtlFreeUnicodeString( &targetName );
  1472. RtlFreeUnicodeString( &sourceName );
  1473. }
  1474. goto error_exit1;
  1475. }
  1476. bothDirInfo =
  1477. (PFILE_BOTH_DIR_INFORMATION)directoryInformation->CurrentEntry;
  1478. //
  1479. // Note that we use the standard name to do the delete, even
  1480. // though we may have matched on the NTFS short name. The
  1481. // client doesn't care which name we use to do the delete.
  1482. //
  1483. sourceFileName.Length = (SHORT)bothDirInfo->FileNameLength;
  1484. sourceFileName.MaximumLength = sourceFileName.Length;
  1485. sourceFileName.Buffer = bothDirInfo->FileName;
  1486. IF_SMB_DEBUG(FILE_CONTROL2) {
  1487. KdPrint(( "SrvQueryDirectoryFile--name %wZ, length = %ld, "
  1488. "status = %X\n",
  1489. &sourceFileName,
  1490. sourceFileName.Length,
  1491. status ));
  1492. }
  1493. firstCall = FALSE;
  1494. //
  1495. // Set up the full source name string.
  1496. //
  1497. SrvAllocateAndBuildPathName(
  1498. &subdirInfo,
  1499. &sourceFileName,
  1500. NULL,
  1501. &sourcePathName
  1502. );
  1503. if ( sourcePathName.Buffer == NULL ) {
  1504. IF_DEBUG(ERRORS) {
  1505. KdPrint(( "BlockingRename: SrvAllocateAndBuildPathName failed: "
  1506. "%X\n", status ));
  1507. }
  1508. if ( !isUnicode ) {
  1509. RtlFreeUnicodeString( &targetName );
  1510. RtlFreeUnicodeString( &sourceName );
  1511. }
  1512. status = STATUS_INSUFF_SERVER_RESOURCES;
  1513. goto error_exit1;
  1514. }
  1515. //
  1516. // Use SrvMoveFile to copy or rename the file. The
  1517. // SmbOpenFunction is set to indicate that existing files
  1518. // may not be overwritten, and we may create new files.
  1519. //
  1520. // *** SrvQueryDirectoryFile has already filtered based on
  1521. // the search attributes, so tell SrvMoveFile that files
  1522. // with the system and hidden bits are OK. This will
  1523. // prevent the call to NtQueryDirectoryFile performed in
  1524. // SrvCheckSearchAttributesForHandle.
  1525. //
  1526. renameRetries = SrvSharingViolationRetryCount;
  1527. start_retry2:
  1528. status = SrvMoveFile(
  1529. WorkContext,
  1530. WorkContext->TreeConnect->Share,
  1531. SMB_OFUN_CREATE_CREATE | SMB_OFUN_OPEN_FAIL,
  1532. &smbFlags,
  1533. (USHORT)(FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN),
  1534. TRUE,
  1535. SMB_NT_RENAME_RENAME_FILE,
  1536. 0,
  1537. &sourcePathName,
  1538. &targetName
  1539. );
  1540. if ( (status == STATUS_SHARING_VIOLATION) &&
  1541. (renameRetries-- > 0) ) {
  1542. (VOID) KeDelayExecutionThread(
  1543. KernelMode,
  1544. FALSE,
  1545. &SrvSharingViolationDelay
  1546. );
  1547. goto start_retry2;
  1548. }
  1549. FREE_HEAP( sourcePathName.Buffer );
  1550. if ( !NT_SUCCESS(status) ) {
  1551. if ( !isUnicode ) {
  1552. RtlFreeUnicodeString( &targetName );
  1553. RtlFreeUnicodeString( &sourceName );
  1554. }
  1555. goto error_exit1;
  1556. }
  1557. }
  1558. //
  1559. // Clean up now that the search is done.
  1560. //
  1561. if ( !isUnicode ) {
  1562. RtlFreeUnicodeString( &targetName );
  1563. RtlFreeUnicodeString( &sourceName );
  1564. }
  1565. SrvCloseQueryDirectory( directoryInformation );
  1566. //
  1567. // If no files were found, return an error to the client.
  1568. //
  1569. if ( firstCall ) {
  1570. status = STATUS_NO_SUCH_FILE;
  1571. goto error_exit;
  1572. }
  1573. }
  1574. //
  1575. // Build the response SMB.
  1576. //
  1577. response->WordCount = 0;
  1578. SmbPutUshort( &response->ByteCount, 0 );
  1579. WorkContext->ResponseParameters = NEXT_LOCATION(
  1580. response,
  1581. RESP_RENAME,
  1582. 0
  1583. );
  1584. IF_DEBUG(TRACE2) KdPrint(( "BlockingRename complete.\n" ));
  1585. goto normal_exit;
  1586. error_exit1:
  1587. SrvCloseQueryDirectory( directoryInformation );
  1588. error_exit:
  1589. SrvSetSmbError( WorkContext, status );
  1590. normal_exit:
  1591. SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse );
  1592. SrvWmiEndContext(WorkContext);
  1593. return;
  1594. } // BlockingRename
  1595. SMB_PROCESSOR_RETURN_TYPE
  1596. SrvSmbMove (
  1597. SMB_PROCESSOR_PARAMETERS
  1598. )
  1599. /*++
  1600. Routine Description:
  1601. Processes the Move SMB.
  1602. Arguments:
  1603. SMB_PROCESSOR_PARAMETERS - See smbprocs.h for a description
  1604. of the parameters to SMB processor routines.
  1605. Return Value:
  1606. SMB_PROCESSOR_RETURN_TYPE - See smbprocs.h
  1607. --*/
  1608. {
  1609. PAGED_CODE();
  1610. if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT)
  1611. WorkContext->PreviousSMB = EVENT_TYPE_SMB_MOVE;
  1612. SrvWmiStartContext(WorkContext);
  1613. //
  1614. // This SMB must be processed in a blocking thread.
  1615. //
  1616. WorkContext->FspRestartRoutine = BlockingMove;
  1617. SrvQueueWorkToBlockingThread( WorkContext );
  1618. SrvWmiEndContext(WorkContext);
  1619. return SmbStatusInProgress;
  1620. } // SrvSmbMove
  1621. VOID SRVFASTCALL
  1622. BlockingMove (
  1623. IN OUT PWORK_CONTEXT WorkContext
  1624. )
  1625. /*++
  1626. Routine Description:
  1627. This routine processes the Move SMB.
  1628. Arguments:
  1629. WorkContext - work context block
  1630. Return Value:
  1631. None.
  1632. --*/
  1633. {
  1634. PREQ_MOVE request;
  1635. PRESP_MOVE response;
  1636. NTSTATUS status = STATUS_SUCCESS;
  1637. UNICODE_STRING sourceName;
  1638. UNICODE_STRING sourceFileName;
  1639. UNICODE_STRING sourcePathName;
  1640. UNICODE_STRING targetName;
  1641. PSRV_DIRECTORY_INFORMATION directoryInformation;
  1642. USHORT tid2;
  1643. USHORT smbFlags;
  1644. PCHAR lastPositionInBuffer;
  1645. PCHAR target;
  1646. BOOLEAN isRenameOperation;
  1647. BOOLEAN isUnicode = TRUE;
  1648. BOOLEAN isDfs;
  1649. USHORT smbOpenFunction;
  1650. USHORT errorPathNameLength = 0;
  1651. USHORT count = 0;
  1652. PTREE_CONNECT sourceTreeConnect, targetTreeConnect;
  1653. PSESSION session;
  1654. PSHARE share;
  1655. PAGED_CODE( );
  1656. if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT)
  1657. WorkContext->PreviousSMB = EVENT_TYPE_SMB_MOVE;
  1658. SrvWmiStartContext(WorkContext);
  1659. IF_SMB_DEBUG(FILE_CONTROL1) {
  1660. KdPrint(( "Move/Copy request header at 0x%p, response header at 0x%p\n",
  1661. WorkContext->RequestHeader,
  1662. WorkContext->ResponseHeader ));
  1663. KdPrint(( "Move/Copy request parameters at 0x%p, response parameters at 0x%p\n",
  1664. WorkContext->RequestParameters,
  1665. WorkContext->ResponseParameters ));
  1666. }
  1667. request = (PREQ_MOVE)WorkContext->RequestParameters;
  1668. response = (PRESP_MOVE)WorkContext->ResponseParameters;
  1669. //
  1670. // Set pointers to NULL so that we know how to clean up on exit.
  1671. //
  1672. directoryInformation = NULL;
  1673. targetTreeConnect = NULL;
  1674. sourceName.Buffer = NULL;
  1675. targetName.Buffer = NULL;
  1676. sourcePathName.Buffer = NULL;
  1677. //
  1678. // If a session block has not already been assigned to the current
  1679. // work context , verify the UID. If verified, the address of the
  1680. // session block corresponding to this user is stored in the WorkContext
  1681. // block and the session block is referenced.
  1682. //
  1683. // Find tree connect corresponding to given TID if a tree connect
  1684. // pointer has not already been put in the WorkContext block by an
  1685. // AndX command.
  1686. //
  1687. status = SrvVerifyUidAndTid(
  1688. WorkContext,
  1689. &session,
  1690. &sourceTreeConnect,
  1691. ShareTypeDisk
  1692. );
  1693. if ( !NT_SUCCESS(status) ) {
  1694. IF_DEBUG(SMB_ERRORS) {
  1695. KdPrint(( "BlockingMove: Invalid UID or TID\n" ));
  1696. }
  1697. goto exit;
  1698. }
  1699. if( session->IsSessionExpired )
  1700. {
  1701. status = SESSION_EXPIRED_STATUS_CODE;
  1702. goto exit;
  1703. }
  1704. //
  1705. // Get the share block from the tree connect block. This does not need
  1706. // to be a referenced pointer because we have referenced the tree
  1707. // connect, and it has the share referenced.
  1708. //
  1709. share = sourceTreeConnect->Share;
  1710. //
  1711. // Get the target tree connect. The TID for this is in the Tid2
  1712. // field of the request SMB. Because SrvVerifyTid sets the
  1713. // TreeConnect field of the WorkContext block, set it back after
  1714. // calling the routine. Remember to dereference this pointer before
  1715. // exiting this routine, as it will not be automatically
  1716. // dereferenced because it is not in the WorkContext block.
  1717. //
  1718. // If Tid2 is -1 (0xFFFF), then the TID specified in the SMB header
  1719. // is used.
  1720. //
  1721. tid2 = SmbGetUshort( &request->Tid2 );
  1722. if ( tid2 == (USHORT)0xFFFF ) {
  1723. tid2 = SmbGetAlignedUshort( &WorkContext->RequestHeader->Tid );
  1724. }
  1725. WorkContext->TreeConnect = NULL; // Must be NULL for SrvVerifyTid
  1726. targetTreeConnect = SrvVerifyTid( WorkContext, tid2 );
  1727. WorkContext->TreeConnect = sourceTreeConnect;
  1728. if ( targetTreeConnect == NULL ||
  1729. targetTreeConnect->Share->ShareType != ShareTypeDisk ) {
  1730. IF_DEBUG(SMB_ERRORS) {
  1731. KdPrint(( "BlockingMove: Invalid TID2: 0x%lx\n", tid2 ));
  1732. }
  1733. status = STATUS_SMB_BAD_TID;
  1734. goto exit;
  1735. }
  1736. //
  1737. // Determine whether this is a rename or a copy.
  1738. //
  1739. if ( WorkContext->RequestHeader->Command == SMB_COM_MOVE ) {
  1740. isRenameOperation = TRUE;
  1741. } else {
  1742. isRenameOperation = FALSE;
  1743. }
  1744. //
  1745. // Store the open function.
  1746. //
  1747. smbOpenFunction = SmbGetUshort( &request->OpenFunction );
  1748. //
  1749. // Set up the target pathnames. We must do the target first, as the
  1750. // SMB rename extended protocol does not use the ASCII tokens, so we
  1751. // will lose the information about the start of the target name when
  1752. // we canonicalize the source name.
  1753. //
  1754. // Instead of using strlen() to find the end of the source string,
  1755. // do it here so that we can make a check to ensure that we don't
  1756. // walk off the end of the SMB buffer and cause an access violation.
  1757. //
  1758. lastPositionInBuffer = (PCHAR)request->Buffer +
  1759. SmbGetUshort( &request->ByteCount );
  1760. if( lastPositionInBuffer > END_OF_REQUEST_SMB( WorkContext )+1 )
  1761. {
  1762. SrvLogInvalidSmb( WorkContext );
  1763. status = STATUS_INVALID_SMB;
  1764. goto exit;
  1765. }
  1766. for ( target = (PCHAR)request->Buffer;
  1767. (target < lastPositionInBuffer) && (*target != 0);
  1768. target++ ) {
  1769. ;
  1770. }
  1771. //
  1772. // If there was no zero terminator in the buffer, fail.
  1773. //
  1774. if ( (target == lastPositionInBuffer) || (*target != 0) ) {
  1775. IF_DEBUG(SMB_ERRORS) {
  1776. KdPrint(( "No terminator on first name.\n" ));
  1777. }
  1778. SrvLogInvalidSmb( WorkContext );
  1779. status = STATUS_INVALID_SMB;
  1780. goto exit;
  1781. }
  1782. target++;
  1783. isUnicode = SMB_IS_UNICODE( WorkContext );
  1784. isDfs = SMB_CONTAINS_DFS_NAME( WorkContext );
  1785. status = SrvCanonicalizePathName(
  1786. WorkContext,
  1787. share,
  1788. NULL,
  1789. target,
  1790. END_OF_REQUEST_SMB( WorkContext ),
  1791. TRUE,
  1792. isUnicode,
  1793. &targetName
  1794. );
  1795. if( !NT_SUCCESS( status ) ) {
  1796. IF_DEBUG(SMB_ERRORS) {
  1797. KdPrint(( "BlockingMove: illegal path name (target): %wZ\n",
  1798. &targetName ));
  1799. }
  1800. goto exit;
  1801. }
  1802. //
  1803. // If the SMB was originally marked as containing Dfs names, then the
  1804. // call to SrvCanonicalizePathName for the target path has cleared that
  1805. // flag. So, re-mark the SMB as containing Dfs names before calling
  1806. // SrvCanonicalizePathName on the source path.
  1807. //
  1808. if (isDfs) {
  1809. SMB_MARK_AS_DFS_NAME( WorkContext );
  1810. }
  1811. //
  1812. // Set up the source name.
  1813. //
  1814. status = SrvCanonicalizePathName(
  1815. WorkContext,
  1816. share,
  1817. NULL,
  1818. request->Buffer,
  1819. END_OF_REQUEST_SMB( WorkContext ),
  1820. TRUE,
  1821. isUnicode,
  1822. &sourceName
  1823. );
  1824. if( !NT_SUCCESS( status ) ) {
  1825. IF_DEBUG(SMB_ERRORS) {
  1826. KdPrint(( "BlockingMove: illegal path name (source): %s\n",
  1827. request->Buffer ));
  1828. }
  1829. goto exit;
  1830. }
  1831. smbFlags = SmbGetUshort( &request->Flags );
  1832. //
  1833. // Copy interprets ; as *. If the last character was ; and this was
  1834. // not at the end of a file name with other characters (as in
  1835. // "file;" then convert the ; to *.
  1836. //
  1837. if ( sourceName.Buffer[(sourceName.Length/sizeof(WCHAR))-1] == ';' &&
  1838. ( sourceName.Length == 2 ||
  1839. sourceName.Buffer[(sourceName.Length/sizeof(WCHAR))-2] == '\\' ) ) {
  1840. sourceName.Buffer[(sourceName.Length/sizeof(WCHAR))-1] = '*';
  1841. }
  1842. //
  1843. // Tree copy not implemented. If this is a single file copy,
  1844. // let it go through. For now, we make sure that it does not
  1845. // have any wild card characters, we do additional checking
  1846. // inside SrvMoveFile.
  1847. //
  1848. if ( ( (smbFlags & SMB_COPY_TREE) != 0 ) &&
  1849. FsRtlDoesNameContainWildCards(&sourceName) ) {
  1850. INTERNAL_ERROR(
  1851. ERROR_LEVEL_EXPECTED,
  1852. "Tree copy not implemented.",
  1853. NULL,
  1854. NULL
  1855. );
  1856. status = STATUS_NOT_IMPLEMENTED;
  1857. goto exit;
  1858. }
  1859. if ( !FsRtlDoesNameContainWildCards( &sourceName ) ) {
  1860. //
  1861. // Use SrvMoveFile to copy or move the file.
  1862. //
  1863. // *** These SMBs do not include search attributes, so set
  1864. // this field equal to zero. If will not be possible
  1865. // to move a file that has the system or hidden bits on.
  1866. status = SrvMoveFile(
  1867. WorkContext,
  1868. targetTreeConnect->Share,
  1869. smbOpenFunction,
  1870. &smbFlags,
  1871. (USHORT)0, // SmbSearchAttributes
  1872. FALSE,
  1873. (USHORT)(isRenameOperation?
  1874. SMB_NT_RENAME_RENAME_FILE : SMB_NT_RENAME_MOVE_FILE),
  1875. 0,
  1876. &sourceName,
  1877. &targetName
  1878. );
  1879. if ( !NT_SUCCESS(status) ) {
  1880. goto exit;
  1881. }
  1882. count = 1;
  1883. } else {
  1884. UNICODE_STRING subdirInfo;
  1885. BOOLEAN firstCall = TRUE;
  1886. CLONG bufferLength;
  1887. BOOLEAN filterLongNames;
  1888. //
  1889. // If wildcards were in the original source name, we set the
  1890. // SmbFlags to SMB_TARGET_IS_DIRECTORY to indicate that the
  1891. // target must be a directory--this is always the case when
  1892. // wildcards are used for a rename. (For a copy, it is legal to
  1893. // specify that the destination is a file and append to that
  1894. // file--then all the source files are concatenated to that one
  1895. // target file.)
  1896. //
  1897. if ( isRenameOperation ) {
  1898. smbFlags |= SMB_TARGET_IS_DIRECTORY;
  1899. }
  1900. //
  1901. // SrvQueryDirectoryFile requires a buffer from nonpaged pool.
  1902. // Since this routine does not use the buffer field of the
  1903. // request SMB after the pathname, use this. The buffer must be
  1904. // quadword-aligned.
  1905. //
  1906. directoryInformation =
  1907. (PSRV_DIRECTORY_INFORMATION)( (ULONG_PTR)((PCHAR)request->Buffer +
  1908. SmbGetUshort( &request->ByteCount ) + 7) & ~7 );
  1909. bufferLength = WorkContext->RequestBuffer->BufferLength -
  1910. PTR_DIFF(directoryInformation,
  1911. WorkContext->RequestBuffer->Buffer);
  1912. //
  1913. // We need the full path name of each file that is returned by
  1914. // SrvQueryDirectoryFile, so we need to find the part of the
  1915. // passed filename that contains subdirectory information (e.g.
  1916. // for a\b\c\*.*, we want a string that indicates a\b\c).
  1917. //
  1918. subdirInfo.Buffer = sourceName.Buffer;
  1919. subdirInfo.Length = SrvGetSubdirectoryLength( &sourceName );
  1920. subdirInfo.MaximumLength = subdirInfo.Length;
  1921. //
  1922. // Determine whether long filenames (non-8.3) should be filtered out
  1923. // or processed.
  1924. //
  1925. if ( (SmbGetAlignedUshort( &WorkContext->RequestHeader->Flags2 ) &
  1926. SMB_FLAGS2_KNOWS_LONG_NAMES) != 0 ) {
  1927. filterLongNames = FALSE;
  1928. } else {
  1929. filterLongNames = TRUE;
  1930. }
  1931. //
  1932. // As long as SrvQueryDirectoryFile is able to return file names,
  1933. // keep renaming.
  1934. //
  1935. // *** Set search attributes to find archive files, but not
  1936. // system or hidden files. This duplicates the LM 2.0
  1937. // server behavior.
  1938. //
  1939. // *** We ask for FileBothDirectoryInformation so that we will
  1940. // pick up long names on NTFS that have short name
  1941. // equivalents. Without this, DOS clients will not be able
  1942. // to move long names on NTFS volumes.
  1943. //
  1944. while ( ( status = SrvQueryDirectoryFile(
  1945. WorkContext,
  1946. firstCall,
  1947. filterLongNames,
  1948. FALSE,
  1949. FileBothDirectoryInformation,
  1950. 0,
  1951. &sourceName,
  1952. NULL,
  1953. FILE_ATTRIBUTE_ARCHIVE, // SmbSearchAttributes
  1954. directoryInformation,
  1955. bufferLength
  1956. ) ) != STATUS_NO_MORE_FILES ) {
  1957. PFILE_BOTH_DIR_INFORMATION bothDirInfo;
  1958. if ( !NT_SUCCESS(status) ) {
  1959. IF_DEBUG(ERRORS) {
  1960. KdPrint(( "BlockingMove: SrvQueryDirectoryFile failed: %X\n",
  1961. status ));
  1962. }
  1963. goto exit;
  1964. }
  1965. bothDirInfo =
  1966. (PFILE_BOTH_DIR_INFORMATION)directoryInformation->CurrentEntry;
  1967. //
  1968. // If we're filtering long names, and the file has a short
  1969. // name equivalent, then use that name to do the delete. We
  1970. // do this because we need to return a name to the client if
  1971. // the operation fails, and we don't want to return a long
  1972. // name. Note that if the file has no short name, and we're
  1973. // filtering, then the standard name must be a valid 8.3
  1974. // name, so it's OK to return to the client.
  1975. //
  1976. if ( filterLongNames && (bothDirInfo->ShortNameLength != 0) ) {
  1977. sourceFileName.Length = (SHORT)bothDirInfo->ShortNameLength;
  1978. sourceFileName.Buffer = bothDirInfo->ShortName;
  1979. } else {
  1980. sourceFileName.Length = (SHORT)bothDirInfo->FileNameLength;
  1981. sourceFileName.Buffer = bothDirInfo->FileName;
  1982. }
  1983. sourceFileName.MaximumLength = sourceFileName.Length;
  1984. IF_SMB_DEBUG(FILE_CONTROL2) {
  1985. KdPrint(( "SrvQueryDirectoryFile--name %wZ, length = %ld, "
  1986. "status = %X\n",
  1987. &sourceFileName,
  1988. sourceFileName.Length,
  1989. status ));
  1990. }
  1991. firstCall = FALSE;
  1992. //
  1993. // Set up the full source name string.
  1994. //
  1995. SrvAllocateAndBuildPathName(
  1996. &subdirInfo,
  1997. &sourceFileName,
  1998. NULL,
  1999. &sourcePathName
  2000. );
  2001. if ( sourcePathName.Buffer == NULL ) {
  2002. status = STATUS_INSUFF_SERVER_RESOURCES;
  2003. goto exit;
  2004. }
  2005. //
  2006. // Use SrvMoveFile to copy or rename the file.
  2007. //
  2008. status = SrvMoveFile(
  2009. WorkContext,
  2010. targetTreeConnect->Share,
  2011. smbOpenFunction,
  2012. &smbFlags,
  2013. (USHORT)0, // SmbSearchAttributes
  2014. FALSE,
  2015. (USHORT)(isRenameOperation?
  2016. SMB_NT_RENAME_RENAME_FILE : SMB_NT_RENAME_MOVE_FILE),
  2017. 0,
  2018. &sourcePathName,
  2019. &targetName
  2020. );
  2021. if ( !NT_SUCCESS(status) ) {
  2022. goto exit;
  2023. }
  2024. count++;
  2025. //
  2026. // Free the buffer that holds that source name.
  2027. //
  2028. FREE_HEAP( sourcePathName.Buffer );
  2029. sourcePathName.Buffer = NULL;
  2030. //
  2031. // If this is a copy operation with wildcards and the target is
  2032. // a file, then all files should be appended to the target. The
  2033. // target is truncated on the first call to SrvMoveFile if that
  2034. // was specified by the caller.
  2035. //
  2036. // This is done by turning off the truncate bit in the
  2037. // SmbOpenFunction and turning on the append bit.
  2038. //
  2039. if ( !isRenameOperation && directoryInformation->Wildcards &&
  2040. (smbFlags & SMB_TARGET_IS_FILE) ) {
  2041. smbOpenFunction &= ~SMB_OFUN_OPEN_TRUNCATE;
  2042. smbOpenFunction |= SMB_OFUN_OPEN_APPEND;
  2043. }
  2044. }
  2045. //
  2046. // If no files were found, return an error to the client.
  2047. //
  2048. if ( firstCall ) {
  2049. status = STATUS_NO_SUCH_FILE;
  2050. goto exit;
  2051. }
  2052. }
  2053. //
  2054. // Build the response SMB.
  2055. //
  2056. SmbPutUshort( &response->ByteCount, 0 );
  2057. WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_MOVE, 0 );
  2058. status = STATUS_SUCCESS;
  2059. exit:
  2060. response->WordCount = 1;
  2061. SmbPutUshort( &response->Count, count );
  2062. if ( directoryInformation != NULL ) {
  2063. SrvCloseQueryDirectory( directoryInformation );
  2064. }
  2065. if ( targetTreeConnect != NULL) {
  2066. SrvDereferenceTreeConnect( targetTreeConnect );
  2067. }
  2068. if ( !NT_SUCCESS(status) ) {
  2069. SrvSetSmbError( WorkContext, status );
  2070. if ( sourcePathName.Buffer != NULL ) {
  2071. //
  2072. // Put the name of the file where the error occurred in the
  2073. // buffer field of the response SMB.
  2074. //
  2075. RtlCopyMemory(
  2076. response->Buffer,
  2077. sourcePathName.Buffer,
  2078. sourcePathName.Length
  2079. );
  2080. response->Buffer[sourcePathName.Length] = '\0';
  2081. SmbPutUshort( &response->ByteCount, (SHORT)(sourcePathName.Length+1) );
  2082. WorkContext->ResponseParameters = NEXT_LOCATION(
  2083. response,
  2084. RESP_MOVE,
  2085. sourcePathName.Length+1
  2086. );
  2087. FREE_HEAP( sourcePathName.Buffer );
  2088. } else if ( sourceName.Buffer != NULL ) {
  2089. //
  2090. // Put the name of the file where the error occurred in the
  2091. // buffer field of the response SMB.
  2092. //
  2093. RtlCopyMemory(
  2094. response->Buffer,
  2095. sourceName.Buffer,
  2096. sourceName.Length
  2097. );
  2098. response->Buffer[sourceName.Length] = '\0';
  2099. SmbPutUshort( &response->ByteCount, (SHORT)(sourceName.Length+1) );
  2100. WorkContext->ResponseParameters = NEXT_LOCATION(
  2101. response,
  2102. RESP_MOVE,
  2103. sourceName.Length+1
  2104. );
  2105. }
  2106. }
  2107. if ( !isUnicode ) {
  2108. if ( targetName.Buffer != NULL ) {
  2109. RtlFreeUnicodeString( &targetName );
  2110. }
  2111. if ( sourceName.Buffer != NULL ) {
  2112. RtlFreeUnicodeString( &sourceName );
  2113. }
  2114. }
  2115. IF_DEBUG(TRACE2) KdPrint(( "BlockingMove complete.\n" ));
  2116. SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse );
  2117. SrvWmiEndContext(WorkContext);
  2118. return;
  2119. } // BlockingMove
  2120. SMB_TRANS_STATUS
  2121. SrvSmbNtRename (
  2122. IN OUT PWORK_CONTEXT WorkContext
  2123. )
  2124. /*++
  2125. Routine Description:
  2126. Processes the NT rename request. This request arrives in an NT
  2127. transact SMB.
  2128. Arguments:
  2129. WorkContext - Supplies the address of a Work Context Block
  2130. describing the current request. See smbtypes.h for a more
  2131. complete description of the valid fields.
  2132. Return Value:
  2133. SMB_TRANS_STATUS - Indicates whether an error occurred, and, if so,
  2134. whether data should be returned to the client. See smbtypes.h
  2135. for a more complete description.
  2136. --*/
  2137. {
  2138. PREQ_NT_RENAME request;
  2139. NTSTATUS status;
  2140. PTRANSACTION transaction;
  2141. PRFCB rfcb;
  2142. PAGED_CODE( );
  2143. transaction = WorkContext->Parameters.Transaction;
  2144. IF_SMB_DEBUG( FILE_CONTROL1 ) {
  2145. KdPrint(( "SrvSmbNtRename entered; transaction 0x%p\n",
  2146. transaction ));
  2147. }
  2148. request = (PREQ_NT_RENAME)transaction->InParameters;
  2149. //
  2150. // Verify that enough parameter bytes were sent and that we're allowed
  2151. // to return enough parameter bytes.
  2152. //
  2153. if ( transaction->ParameterCount < sizeof(REQ_NT_RENAME) ) {
  2154. //
  2155. // Not enough parameter bytes were sent.
  2156. //
  2157. IF_SMB_DEBUG( FILE_CONTROL1 ) {
  2158. KdPrint(( "SrvSmbNtRename: bad parameter byte count: "
  2159. "%ld\n", transaction->ParameterCount ));
  2160. }
  2161. SrvSetSmbError( WorkContext, STATUS_INVALID_SMB );
  2162. return SmbTransStatusErrorWithoutData;
  2163. }
  2164. //
  2165. // Verify the FID. If verified, the RFCB block is referenced
  2166. // and its addresses is stored in the WorkContext block, and the
  2167. // RFCB address is returned.
  2168. //
  2169. rfcb = SrvVerifyFid(
  2170. WorkContext,
  2171. SmbGetUshort( &request->Fid ),
  2172. TRUE,
  2173. NULL, // don't serialize with raw write
  2174. &status
  2175. );
  2176. if ( rfcb == SRV_INVALID_RFCB_POINTER ) {
  2177. //
  2178. // Invalid file ID or write behind error. Reject the request.
  2179. //
  2180. IF_DEBUG(ERRORS) {
  2181. KdPrint((
  2182. "SrvSmbNtRename: Status %X on FID: 0x%lx\n",
  2183. status,
  2184. SmbGetUshort( &request->Fid )
  2185. ));
  2186. }
  2187. SrvSetSmbError( WorkContext, status );
  2188. return SmbTransStatusErrorWithoutData;
  2189. }
  2190. //
  2191. // Verify the information level and the number of input and output
  2192. // data bytes available.
  2193. //
  2194. IF_DEBUG(TRACE2) KdPrint(( "SrvSmbNtRename complete.\n" ));
  2195. return SmbTransStatusSuccess;
  2196. } // SrvSmbNtRename