/*++ Copyright (c) 1989 Microsoft Corporation Module Name: smbfile.c Abstract: This module implements file-control SMB processors: Flush Delete Rename Move Copy Author: David Treadwell (davidtr) 15-Dec-1989 Revision History: --*/ #include "precomp.h" #include "smbfile.tmh" #pragma hdrstop #define BugCheckFileId SRV_FILE_SMBFILE // // Forward declarations // VOID SRVFASTCALL BlockingDelete ( IN OUT PWORK_CONTEXT WorkContext ); VOID SRVFASTCALL BlockingMove ( IN OUT PWORK_CONTEXT WorkContext ); VOID SRVFASTCALL BlockingRename ( IN OUT PWORK_CONTEXT WorkContext ); NTSTATUS DoDelete ( IN PUNICODE_STRING FullFileName, IN PUNICODE_STRING RelativeFileName, IN PWORK_CONTEXT WorkContext, IN USHORT SmbSearchAttributes, IN PSHARE Share ); NTSTATUS FindAndFlushFile ( IN PWORK_CONTEXT WorkContext ); VOID SRVFASTCALL RestartFlush ( IN OUT PWORK_CONTEXT WorkContext ); NTSTATUS StartFlush ( IN PWORK_CONTEXT WorkContext, IN PRFCB Rfcb ); #ifdef ALLOC_PRAGMA #pragma alloc_text( PAGE, SrvSmbFlush ) #pragma alloc_text( PAGE, RestartFlush ) #pragma alloc_text( PAGE, StartFlush ) #pragma alloc_text( PAGE, SrvSmbDelete ) #pragma alloc_text( PAGE, BlockingDelete ) #pragma alloc_text( PAGE, DoDelete ) #pragma alloc_text( PAGE, SrvSmbRename ) #pragma alloc_text( PAGE, BlockingRename ) #pragma alloc_text( PAGE, SrvSmbMove ) #pragma alloc_text( PAGE, BlockingMove ) #pragma alloc_text( PAGE, SrvSmbNtRename ) #endif #if 0 #pragma alloc_text( PAGECONN, FindAndFlushFile ) #endif SMB_PROCESSOR_RETURN_TYPE SrvSmbFlush ( SMB_PROCESSOR_PARAMETERS ) /*++ Routine Description: This routine processes the Flush SMB. It ensures that all data and allocation information for the specified file has been written out before the response is sent. Arguments: SMB_PROCESSOR_PARAMETERS - See smbtypes.h for a description of the parameters to SMB processor routines. Return Value: SMB_PROCESSOR_RETURN_TYPE - See smbtypes.h --*/ { PREQ_FLUSH request; PRESP_FLUSH response; NTSTATUS status = STATUS_SUCCESS; SMB_STATUS SmbStatus = SmbStatusInProgress; PRFCB rfcb; PAGED_CODE( ); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_FLUSH; SrvWmiStartContext(WorkContext); request = (PREQ_FLUSH)WorkContext->RequestParameters; response = (PRESP_FLUSH)WorkContext->ResponseParameters; IF_SMB_DEBUG(FILE_CONTROL1) { KdPrint(( "Flush request; FID 0x%lx\n", SmbGetUshort( &request->Fid ) )); } // // If a FID was specified, flush just that file. If FID == -1, // then flush all files corresponding to the PID passed in the // SMB header. // if ( SmbGetUshort( &request->Fid ) == (USHORT)0xFFFF ) { // // Find a single file to flush and flush it. We'll start one // flush here, then RestartFlush will handle flushing the rest // of the files. // WorkContext->Parameters.CurrentTableIndex = 0; status = FindAndFlushFile( WorkContext ); if ( status == STATUS_NO_MORE_FILES ) { // // There were no files that needed to be flushed. Build and // send a response SMB. // response->WordCount = 0; SmbPutUshort( &response->ByteCount, 0 ); WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_FLUSH, 0 ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } SmbStatus = SmbStatusInProgress; goto Cleanup; } // // Flush of a specific file. Verify the FID. If verified, the // RFCB block is referenced and its address is stored in the // WorkContext block, and the RFCB address is returned. // rfcb = SrvVerifyFid( WorkContext, SmbGetUshort( &request->Fid ), TRUE, SrvRestartSmbReceived, // serialize with raw write &status ); if ( rfcb == SRV_INVALID_RFCB_POINTER ) { if ( !NT_SUCCESS( status ) ) { // // Invalid file ID or write behind error. Reject the request. // IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbFlush: Status %X on FID: 0x%lx\n", status, SmbGetUshort( &request->Fid ) )); } SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } // // The work item has been queued because a raw write is in // progress. // SmbStatus = SmbStatusInProgress; goto Cleanup; } // // Set the CurrentTableIndex field of the work context block to // NULL so that the restart routine will know that only a single // file is to be flushed. // WorkContext->Parameters.CurrentTableIndex = -1; IF_SMB_DEBUG(FILE_CONTROL2) { KdPrint(( "Flushing buffers for FID %lx, RFCB %p\n", rfcb->Fid, rfcb )); } // // Start the flush operation on the file corresponding to the RFCB. // status = StartFlush( WorkContext, rfcb ); if ( !NT_SUCCESS(status) ) { // // Unable to start the I/O. Clean up the I/O request. Return // an error to the client. // SrvSetSmbError( WorkContext, status ); SmbStatus = SmbStatusSendResponse; goto Cleanup; } // // The flush request was successfully started. Return the InProgress // status to the caller, indicating that the caller should do // nothing further with the SMB/WorkContext at the present time. // SmbStatus = SmbStatusInProgress; IF_DEBUG(TRACE2) KdPrint(( "SrvSmbFlush complete\n" )); Cleanup: SrvWmiEndContext(WorkContext); return SmbStatus; } // SrvSmbFlush NTSTATUS FindAndFlushFile ( IN PWORK_CONTEXT WorkContext ) { NTSTATUS status; LONG currentTableIndex; PRFCB rfcb; USHORT pid = SmbGetAlignedUshort( &WorkContext->RequestHeader->Pid ); PCONNECTION connection = WorkContext->Connection; PTABLE_HEADER tableHeader; KIRQL oldIrql; //UNLOCKABLE_CODE( CONN ); IF_SMB_DEBUG(FILE_CONTROL1) { KdPrint(( "Flush FID == -1; flush all files for PID %lx\n", pid )); } // // Walk the connection's file table, looking an RFCB with a PID // equal to the PID passed in the SMB header. // // Acquire the lock that protects the connection's file table. // This prevents an RFCB from going away between when we find a // pointer to it and when we reference it. // tableHeader = &connection->FileTable; ACQUIRE_SPIN_LOCK( &connection->SpinLock, &oldIrql ); for ( currentTableIndex = WorkContext->Parameters.CurrentTableIndex; currentTableIndex < (LONG)tableHeader->TableSize; currentTableIndex++ ) { rfcb = tableHeader->Table[currentTableIndex].Owner; IF_SMB_DEBUG(FILE_CONTROL1) { KdPrint(( "Looking at RFCB %p, PID %lx, FID %lx\n", rfcb, rfcb != NULL ? rfcb->Pid : 0, rfcb != NULL ? rfcb->Fid : 0 )); } if ( rfcb == NULL || rfcb->Pid != pid ) { continue; } // // Reference the rfcb if it is active. // if ( GET_BLOCK_STATE(rfcb) != BlockStateActive ) { continue; } rfcb->BlockHeader.ReferenceCount++; // // Now that the RFCB has been referenced, we can safely // release the lock that protects the connection's file // table. // RELEASE_SPIN_LOCK( &connection->SpinLock, oldIrql ); WorkContext->Rfcb = rfcb; // // Mark the rfcb as active // rfcb->IsActive = TRUE; // // Set the CurrentTableIndex field of the work context // block so that the restart routine knows where to // continue looking for RFCBs to flush. // WorkContext->Parameters.CurrentTableIndex = currentTableIndex; IF_SMB_DEBUG(FILE_CONTROL2) { KdPrint(( "Flushing buffers for FID %lx, RFCB %p\n", rfcb->Fid, rfcb )); } // // Start the I/O to flush the file. // status = StartFlush( WorkContext, rfcb ); // // If there was an access violation or some other error, // simply continue walking through the file table. // We ignore these errors for flush with FID=-1. // // Note that StartFlush only returns an error if the IO // operation *was*not* started. If the operation was // started, then errors will be processed in this routine // when it is called later by IoCompleteRequest. // if ( status != STATUS_PENDING ) { SrvDereferenceRfcb( rfcb ); WorkContext->Rfcb = NULL; ACQUIRE_SPIN_LOCK( &connection->SpinLock, &oldIrql ); continue; } // // The flush request has been started. // IF_DEBUG(TRACE2) KdPrint(( "RestartFlush complete\n" )); return STATUS_SUCCESS; } // for ( ; ; ) (walk file table) RELEASE_SPIN_LOCK( &connection->SpinLock, oldIrql ); return STATUS_NO_MORE_FILES; } // FindAndFlushFile VOID SRVFASTCALL RestartFlush ( IN OUT PWORK_CONTEXT WorkContext ) /*++ Routine Description: Processes flush completion. Arguments: WorkContext - Supplies a pointer to the work context block describing server-specific context for the request. Return Value: None. --*/ { NTSTATUS status = STATUS_SUCCESS; PRESP_FLUSH response; PAGED_CODE( ); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_FLUSH; SrvWmiStartContext(WorkContext); IF_DEBUG(WORKER1) KdPrint(( " - RestartFlush\n" )); response = (PRESP_FLUSH)WorkContext->ResponseParameters; // // If the flush request failed, set an error status in the response // header. // status = WorkContext->Irp->IoStatus.Status; // // If an error occurred during processing of the flush, return the // error to the client. No more further files will be flushed. // // *** This should be very rare. STATUS_DISK_FULL is probably the // main culprit. if ( !NT_SUCCESS(status) ) { IF_DEBUG(ERRORS) KdPrint(( "Flush failed: %X\n", status )); SrvSetSmbError( WorkContext, status ); SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse ); IF_DEBUG(TRACE2) KdPrint(( "RestartFlush complete\n" )); return; } IF_SMB_DEBUG(FILE_CONTROL1) { KdPrint(( "Flush operation for RFCB %p was successful.\n", WorkContext->Rfcb )); } // // If the FID in the original request was -1, look for more files // to flush. // if ( WorkContext->Parameters.CurrentTableIndex != -1 ) { // // Dereference the RFCB that was stored in the work context block, // and set the pointer to NULL so that it isn't accidentally // dereferenced again later. // SrvDereferenceRfcb( WorkContext->Rfcb ); WorkContext->Rfcb = NULL; // // Find a file to flush and flush it. // WorkContext->Parameters.CurrentTableIndex++; status = FindAndFlushFile( WorkContext ); // // If a file was found and IO operation started, then return. If // all the appropriate files have been flushed, send a response SMB. // if ( status != STATUS_NO_MORE_FILES ) { return; } } // if ( WorkContext->Parameters.CurrentTableIndex != -1 ) // // All files have been flushed. Build the response SMB. // response->WordCount = 0; SmbPutUshort( &response->ByteCount, 0 ); WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_FLUSH, 0 ); // // Processing of the SMB is complete. Call SrvEndSmbProcessing to // send the response. // SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse ); IF_DEBUG(TRACE2) KdPrint(( "SrvSmbFlush complete.\n" )); SrvWmiEndContext(WorkContext); return; } // RestartFlush NTSTATUS StartFlush ( IN PWORK_CONTEXT WorkContext, IN PRFCB Rfcb ) /*++ Routine Description: Processes the actual file flush. Arguments: WorkContext - Supplies a pointer to the work context block describing server-specific context for the request. Rfcb - a pointer to the RFCB corresponding to the file to flush. Return Value: STATUS_PENDING if the IO operation was started, or an error from CHECK_FUNCTION_ACCESS (STATUS_ACCESS_DENIED, for example). --*/ { NTSTATUS status; PAGED_CODE( ); // // Verify that the client has write access to the file via the // specified handle. // CHECK_FUNCTION_ACCESS( Rfcb->GrantedAccess, IRP_MJ_FLUSH_BUFFERS, 0, 0, &status ); if ( !NT_SUCCESS(status) ) { IF_DEBUG(ERRORS) { KdPrint(( "StartFlush: IoCheckFunctionAccess failed: " "0x%X, GrantedAccess: %lx. Access granted anyway.\n", status, Rfcb->GrantedAccess )); } // // Some dumb apps flush files opened for r/o. If this happens, // assume the flush worked. OS/2 let's the // flush through and we should do the same. // WorkContext->Irp->IoStatus.Status = STATUS_SUCCESS; RestartFlush( WorkContext ); return(STATUS_PENDING); } // // Flush the file's buffers. // SrvBuildFlushRequest( WorkContext->Irp, // input IRP address Rfcb->Lfcb->FileObject, // target file object address WorkContext // context ); // // Pass the request to the file system. // WorkContext->FsdRestartRoutine = SrvQueueWorkToFspAtDpcLevel; WorkContext->FspRestartRoutine = RestartFlush; (VOID)IoCallDriver( Rfcb->Lfcb->DeviceObject, WorkContext->Irp ); return STATUS_PENDING; } // StartFlush SMB_PROCESSOR_RETURN_TYPE SrvSmbDelete ( SMB_PROCESSOR_PARAMETERS ) /*++ Routine Description: Processes the Delete SMB. Arguments: SMB_PROCESSOR_PARAMETERS - See smbprocs.h for a description of the parameters to SMB processor routines. Return Value: SMB_PROCESSOR_RETURN_TYPE - See smbprocs.h --*/ { PAGED_CODE(); // // This SMB must be processed in a blocking thread. // if( !WorkContext->UsingBlockingThread ) { WorkContext->FspRestartRoutine = BlockingDelete; SrvQueueWorkToBlockingThread( WorkContext ); } else { BlockingDelete( WorkContext ); } return SmbStatusInProgress; } // SrvSmbDelete VOID SRVFASTCALL BlockingDelete ( IN OUT PWORK_CONTEXT WorkContext ) /*++ Routine Description: This routine processes the Delete SMB. Arguments: SMB_PROCESSOR_PARAMETERS - See smbtypes.h for a description of the parameters to SMB processor routines. Return Value: SMB_PROCESSOR_RETURN_TYPE - See smbtypes.h --*/ { PREQ_DELETE request; PRESP_DELETE response; NTSTATUS status = STATUS_SUCCESS; UNICODE_STRING filePathName; UNICODE_STRING fullPathName; PTREE_CONNECT treeConnect; PSESSION session; PSHARE share; BOOLEAN isUnicode; ULONG deleteRetries; PSRV_DIRECTORY_INFORMATION directoryInformation; PAGED_CODE( ); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_DELETE; SrvWmiStartContext(WorkContext); IF_SMB_DEBUG(FILE_CONTROL1) { KdPrint(( "Delete file request header at 0x%p, response header at 0x%p\n", WorkContext->RequestHeader, WorkContext->ResponseHeader )); KdPrint(( "Delete file request parameters at 0x%p, response parameters at 0x%p\n", WorkContext->RequestParameters, WorkContext->ResponseParameters )); } request = (PREQ_DELETE)WorkContext->RequestParameters; response = (PRESP_DELETE)WorkContext->ResponseParameters; // // If a session block has not already been assigned to the current // work context , verify the UID. If verified, the address of the // session block corresponding to this user is stored in the // WorkContext block and the session block is referenced. // // Find tree connect corresponding to given TID if a tree connect // pointer has not already been put in the WorkContext block by an // AndX command. // status = SrvVerifyUidAndTid( WorkContext, &session, &treeConnect, ShareTypeDisk ); if ( !NT_SUCCESS(status) ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "SrvSmbDelete: Invalid UID or TID\n" )); } goto error_exit; } // // If the session has expired, return that info // if( session->IsSessionExpired ) { status = SESSION_EXPIRED_STATUS_CODE; goto error_exit; } // // Get the share block from the tree connect block. This doesn't need // to be a referenced pointer becsue the tree connect has it referenced, // and we just referenced the tree connect. // share = treeConnect->Share; // // Initialize the string containing the path name. The +1 is to account // for the ASCII token in the Buffer field of the request SMB. // isUnicode = SMB_IS_UNICODE( WorkContext ); status = SrvCanonicalizePathName( WorkContext, share, NULL, (PVOID)(request->Buffer + 1), END_OF_REQUEST_SMB( WorkContext ), TRUE, isUnicode, &filePathName ); if( !NT_SUCCESS( status ) ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "SrvSmbDelete: illegal path name: %s\n", (PSZ)request->Buffer + 1 )); } goto error_exit; } // // Find out whether there are wildcards in the file name. If so, // then call SrvQueryDirectoryFile to expand the wildcards; if not, // just delete the file directly. // if ( !FsRtlDoesNameContainWildCards( &filePathName ) ) { // // Build a full pathname to the file. // SrvAllocateAndBuildPathName( &treeConnect->Share->DosPathName, &filePathName, NULL, &fullPathName ); if ( fullPathName.Buffer == NULL ) { IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbDelete: SrvAllocateAndBuildPathName failed\n" )); } if ( !isUnicode ) { RtlFreeUnicodeString( &filePathName ); } status = STATUS_INSUFF_SERVER_RESOURCES; goto error_exit; } IF_SMB_DEBUG(FILE_CONTROL2) { KdPrint(( "Full path name to file is %wZ\n", &fullPathName )); } // // Perform the actual delete operation on this filename. // deleteRetries = SrvSharingViolationRetryCount; start_retry1: status = DoDelete( &fullPathName, &filePathName, WorkContext, SmbGetUshort( &request->SearchAttributes ), treeConnect->Share ); if ( (status == STATUS_SHARING_VIOLATION) && (deleteRetries-- > 0) ) { (VOID) KeDelayExecutionThread( KernelMode, FALSE, &SrvSharingViolationDelay ); goto start_retry1; } FREE_HEAP( fullPathName.Buffer ); if ( !isUnicode ) { RtlFreeUnicodeString( &filePathName ); } if ( !NT_SUCCESS(status) ) { goto error_exit; } } else { BOOLEAN firstCall = TRUE; CLONG bufferLength; UNICODE_STRING subdirInfo; BOOLEAN filterLongNames; // // A buffer of non-paged pool is required for // SrvQueryDirectoryFile. Since this routine does not use any // of the SMB buffer after the pathname of the file to delete, // we can use this. The buffer should be quadword-aligned. // directoryInformation = (PSRV_DIRECTORY_INFORMATION)( (ULONG_PTR)((PCHAR)request->Buffer + SmbGetUshort( &request->ByteCount ) + 7) & ~7 ); bufferLength = WorkContext->RequestBuffer->BufferLength - PTR_DIFF(directoryInformation, WorkContext->RequestBuffer->Buffer); // // We need the full path name of each file that is returned by // SrvQueryDirectoryFile, so we need to find the part of the // passed filename that contains subdirectory information (e.g. // for a\b\c\*.*, we want a string that indicates a\b\c). // subdirInfo.Buffer = filePathName.Buffer; subdirInfo.Length = SrvGetSubdirectoryLength( &filePathName ); subdirInfo.MaximumLength = subdirInfo.Length; IF_SMB_DEBUG(FILE_CONTROL2) { KdPrint(( "Subdirectory info is %wZ\n", &subdirInfo )); } // // Determine whether long filenames (non-8.3) should be filtered out // or processed. // if ( (SmbGetAlignedUshort( &WorkContext->RequestHeader->Flags2 ) & SMB_FLAGS2_KNOWS_LONG_NAMES) != 0 ) { filterLongNames = FALSE; } else { filterLongNames = TRUE; } // // When we call SrvQueryDirectoryFile, it will open the file for // us, so all we have to do is delete it with // NtSetInformationFile. // // *** We ask for FileBothDirectoryInformation so that we will // pick up long names on NTFS that have short name // equivalents. Without this, DOS clients will not be able // to delete long names on NTFS volumes. // while ( ( status = SrvQueryDirectoryFile( WorkContext, firstCall, filterLongNames, FALSE, FileBothDirectoryInformation, 0, &filePathName, NULL, SmbGetUshort( &request->SearchAttributes ), directoryInformation, bufferLength ) ) != STATUS_NO_MORE_FILES ) { PFILE_BOTH_DIR_INFORMATION bothDirInfo; UNICODE_STRING name; UNICODE_STRING relativeName; if ( !NT_SUCCESS(status) ) { IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbDelete: SrvQueryDirectoryFile failed: " "%X\n", status )); } if ( !isUnicode ) { RtlFreeUnicodeString( &filePathName ); } goto error_exit1; } bothDirInfo = (PFILE_BOTH_DIR_INFORMATION)directoryInformation->CurrentEntry; // // Note that we use the standard name to do the delete, even // though we may have matched on the NTFS short name. The // client doesn't care which name we use to do the delete. // name.Length = (SHORT)bothDirInfo->FileNameLength; name.MaximumLength = name.Length; name.Buffer = bothDirInfo->FileName; IF_SMB_DEBUG(FILE_CONTROL2) { KdPrint(( "SrvQueryDirectoryFile--name %wZ, length = %ld, " "status = %X\n", &name, directoryInformation->CurrentEntry->FileNameLength, status )); } firstCall = FALSE; // // Build a full pathname to the file. // SrvAllocateAndBuildPathName( &treeConnect->Share->DosPathName, &subdirInfo, &name, &fullPathName ); if ( fullPathName.Buffer == NULL ) { IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbDelete: SrvAllocateAndBuildPathName " "failed\n" )); } if ( !isUnicode ) { RtlFreeUnicodeString( &filePathName ); } status = STATUS_INSUFFICIENT_RESOURCES; goto error_exit1; } IF_SMB_DEBUG(FILE_CONTROL2) { KdPrint(( "Full path name to file is %wZ\n", &fullPathName )); } // // Build the relative path name to the file. // SrvAllocateAndBuildPathName( &subdirInfo, &name, NULL, &relativeName ); if ( relativeName.Buffer == NULL ) { IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbDelete: SrvAllocateAndBuildPathName failed\n" )); } FREE_HEAP( fullPathName.Buffer ); if ( !isUnicode ) { RtlFreeUnicodeString( &filePathName ); } status = STATUS_INSUFF_SERVER_RESOURCES; goto error_exit1; } IF_SMB_DEBUG(FILE_CONTROL2) { KdPrint(( "Full path name to file is %wZ\n", &fullPathName )); } // // Perform the actual delete operation on this filename. // // *** SrvQueryDirectoryFile has already filtered based on // the search attributes, so tell DoDelete that files // with the system and hidden bits are OK. This will // prevent the call to NtQueryDirectoryFile performed // in SrvCheckSearchAttributesForHandle. deleteRetries = SrvSharingViolationRetryCount; start_retry2: status = DoDelete( &fullPathName, &relativeName, WorkContext, (USHORT)(FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN), treeConnect->Share ); if ( (status == STATUS_SHARING_VIOLATION) && (deleteRetries-- > 0) ) { (VOID) KeDelayExecutionThread( KernelMode, FALSE, &SrvSharingViolationDelay ); goto start_retry2; } FREE_HEAP( relativeName.Buffer ); FREE_HEAP( fullPathName.Buffer ); if ( !NT_SUCCESS(status) ) { if ( !isUnicode ) { RtlFreeUnicodeString( &filePathName ); } goto error_exit1; } } // // Close the directory search. // if ( !isUnicode ) { RtlFreeUnicodeString( &filePathName ); } SrvCloseQueryDirectory( directoryInformation ); // // If no files were found, return an error to the client. // if ( firstCall ) { status = STATUS_NO_SUCH_FILE; goto error_exit; } } // // Build the response SMB. // response->WordCount = 0; SmbPutUshort( &response->ByteCount, 0 ); WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_DELETE, 0 ); IF_DEBUG(TRACE2) KdPrint(( "SrvSmbDelete complete.\n" )); goto normal_exit; error_exit1: SrvCloseQueryDirectory( directoryInformation ); error_exit: SrvSetSmbError( WorkContext, status ); normal_exit: SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse ); SrvWmiEndContext(WorkContext); return; } // BlockingDelete NTSTATUS DoDelete ( IN PUNICODE_STRING FullFileName, IN PUNICODE_STRING RelativeFileName, IN PWORK_CONTEXT WorkContext, IN USHORT SmbSearchAttributes, IN PSHARE Share ) /*++ Routine Description: This routine performs the core of a file delete. Arguments: FileName - a full path name, from the system name space root, to the file to delete. RelativeFileName - the name of the file relative to the share root. WorkContext - context block for the operation. The RequestHeader and Session fields are used. SmbSearchAttributes - the search attributes passed in the request SMB. The actual file attributes are verified against these to make sure that the operation is legitimate. Return Value: NTSTATUS - indicates result of operation. --*/ { NTSTATUS status; PMFCB mfcb; PNONPAGED_MFCB nonpagedMfcb; FILE_DISPOSITION_INFORMATION fileDispositionInformation; HANDLE fileHandle = NULL; ULONG caseInsensitive; IO_STATUS_BLOCK ioStatusBlock; PSRV_LOCK mfcbLock; ULONG hashValue; PAGED_CODE( ); // // See if that file is already open. If it is open in // compatibility mode or is an FCB open, we have to close all of // that client's opens. // // *** SrvFindMfcb references the MFCB--remember to dereference it. // if ( (WorkContext->RequestHeader->Flags & SMB_FLAGS_CASE_INSENSITIVE) || WorkContext->Session->UsingUppercasePaths ) { caseInsensitive = OBJ_CASE_INSENSITIVE; mfcb = SrvFindMfcb( FullFileName, TRUE, &mfcbLock, &hashValue, WorkContext ); } else { caseInsensitive = 0; mfcb = SrvFindMfcb( FullFileName, FALSE, &mfcbLock, &hashValue, WorkContext ); } if ( mfcb != NULL ) { nonpagedMfcb = mfcb->NonpagedMfcb; ACQUIRE_LOCK( &nonpagedMfcb->Lock ); } if( mfcbLock ) { RELEASE_LOCK( mfcbLock ); } if ( mfcb == NULL || !mfcb->CompatibilityOpen ) { ACCESS_MASK deleteAccess = DELETE; OBJECT_ATTRIBUTES objectAttributes; // // Either the file wasn't opened by the server or it was not // a compatibility/FCB open, so open it here for the delete. // del_no_file_handle: // // If there was an MFCB for this file, we now hold its lock and a // referenced pointer. Undo both. // if ( mfcb != NULL ) { RELEASE_LOCK( &nonpagedMfcb->Lock ); SrvDereferenceMfcb( mfcb ); } SrvInitializeObjectAttributes_U( &objectAttributes, RelativeFileName, caseInsensitive, NULL, NULL ); INCREMENT_DEBUG_STAT( SrvDbgStatistics.TotalOpenAttempts ); INCREMENT_DEBUG_STAT( SrvDbgStatistics.TotalOpensForPathOperations ); // // !!! Currently we can't specify complete if oplocked, because // this won't break a batch oplock. Unfortunately this also // means that we can't timeout the open (if the oplock break // takes too long) and fail this SMB gracefully. // status = SrvIoCreateFile( WorkContext, &fileHandle, DELETE, // DesiredAccess &objectAttributes, &ioStatusBlock, NULL, // AllocationSize 0L, // FileAttributes 0L, // ShareAccess FILE_OPEN, // Disposition FILE_NON_DIRECTORY_FILE | FILE_OPEN_REPARSE_POINT, // CreateOptions NULL, // EaBuffer 0L, // EaLength CreateFileTypeNone, NULL, // ExtraCreateParameters IO_FORCE_ACCESS_CHECK, // Options WorkContext->TreeConnect->Share ); if( status == STATUS_INVALID_PARAMETER ) { status = SrvIoCreateFile( WorkContext, &fileHandle, DELETE, // DesiredAccess &objectAttributes, &ioStatusBlock, NULL, // AllocationSize 0L, // FileAttributes 0L, // ShareAccess FILE_OPEN, // Disposition FILE_NON_DIRECTORY_FILE, // CreateOptions NULL, // EaBuffer 0L, // EaLength CreateFileTypeNone, NULL, // ExtraCreateParameters IO_FORCE_ACCESS_CHECK, // Options WorkContext->TreeConnect->Share ); } if ( NT_SUCCESS(status) ) { SRVDBG_CLAIM_HANDLE( fileHandle, "FIL", 27, 0 ); } ASSERT( status != STATUS_OPLOCK_BREAK_IN_PROGRESS ); if ( !NT_SUCCESS(status) ) { IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbDelete: SrvIoCreateFile failed: %X\n", status )); } // // If the user didn't have this permission, update the // statistics database. // if ( status == STATUS_ACCESS_DENIED ) { SrvStatistics.AccessPermissionErrors++; } if ( fileHandle != NULL ) { SRVDBG_RELEASE_HANDLE( fileHandle, "FIL", 41, 0 ); SrvNtClose( fileHandle, TRUE ); } return status; } // // Make sure that the search attributes jive with the attributes // on the file. // status = SrvCheckSearchAttributesForHandle( fileHandle, SmbSearchAttributes ); if ( !NT_SUCCESS(status) ) { SRVDBG_RELEASE_HANDLE( fileHandle, "FIL", 42, 0 ); SrvNtClose( fileHandle, TRUE ); return status; } // // Now that the file has been opened, delete it with // NtSetInformationFile. // SrvStatistics.TotalFilesOpened++; fileDispositionInformation.DeleteFile = TRUE; status = NtSetInformationFile( fileHandle, &ioStatusBlock, &fileDispositionInformation, sizeof(FILE_DISPOSITION_INFORMATION), FileDispositionInformation ); if ( !NT_SUCCESS(status) ) { INTERNAL_ERROR( ERROR_LEVEL_UNEXPECTED, "SrvSmbDelete: NtSetInformationFile (file disposition) " "returned %X", status, NULL ); SrvLogServiceFailure( SRV_SVC_NT_SET_INFO_FILE, status ); SRVDBG_RELEASE_HANDLE( fileHandle, "FIL", 43, 0 ); SrvNtClose( fileHandle, TRUE ); return status; } IF_SMB_DEBUG(FILE_CONTROL2) { if( NT_SUCCESS( status ) ) { KdPrint(( "SrvSmbDelete: %wZ successfully deleted.\n", FullFileName )); } } // // Close the opened file so that it can be deleted. This will // happen automatically, since the FCB_STATE_FLAG_DELETE_ON_CLOSE // flag of the FCB has been set by NtSetInformationFile. // SRVDBG_RELEASE_HANDLE( fileHandle, "FIL", 44, 0 ); SrvNtClose( fileHandle, TRUE ); } else { // // The file was opened by the server in compatibility mode // or as an FCB open. Check the granted access to make sure // that the file can be deleted. // ACCESS_MASK deleteAccess = DELETE; PLFCB lfcb = CONTAINING_RECORD( mfcb->LfcbList.Blink, LFCB, MfcbListEntry ); // // If this file has been closed. Go back to no mfcb case. // // *** The specific motivation for this change was to fix a problem // where a compatibility mode open was closed, the response was // sent, and a Delete SMB was received before the mfcb was // completely cleaned up. This resulted in the MFCB and LFCB // still being present, which caused the delete processing to // try to use the file handle in the LFCB. // if ( lfcb->FileHandle == 0 ) { goto del_no_file_handle; } // // Make sure that the session which sent this request is the // same as the one which has the file open. // if ( lfcb->Session != WorkContext->Session ) { // // A different session has the file open in compatibility // mode, so reject the request. // RELEASE_LOCK( &nonpagedMfcb->Lock ); SrvDereferenceMfcb( mfcb ); return STATUS_SHARING_VIOLATION; } if ( !NT_SUCCESS(IoCheckDesiredAccess( &deleteAccess, lfcb->GrantedAccess )) ) { // // The client cannot delete this file, so close all the // RFCBs and return an error. // SrvCloseRfcbsOnLfcb( lfcb ); RELEASE_LOCK( &nonpagedMfcb->Lock ); SrvDereferenceMfcb( mfcb ); return STATUS_ACCESS_DENIED; } // // Delete the file with NtSetInformationFile. // fileHandle = lfcb->FileHandle; fileDispositionInformation.DeleteFile = TRUE; status = NtSetInformationFile( fileHandle, &ioStatusBlock, &fileDispositionInformation, sizeof(FILE_DISPOSITION_INFORMATION), FileDispositionInformation ); if ( !NT_SUCCESS(status) ) { INTERNAL_ERROR( ERROR_LEVEL_EXPECTED, "SrvSmbDelete: NtSetInformationFile (disposition) " "returned %X", status, NULL ); SrvLogServiceFailure( SRV_SVC_NT_SET_INFO_FILE, status ); SrvCloseRfcbsOnLfcb( lfcb ); RELEASE_LOCK( &nonpagedMfcb->Lock ); SrvDereferenceMfcb( mfcb ); return status; } IF_SMB_DEBUG(FILE_CONTROL2) { KdPrint(( "SrvSmbDelete: %wZ successfully deleted.\n", FullFileName )); } // // Close the RFCBs on the MFCB. Since this is a compatability // or FCB open, there is only a single LFCB for the MFCB. This // will result in the LFCB's file handle being closed, so there // is no need to call NtClose here. // SrvCloseRfcbsOnLfcb( lfcb ); RELEASE_LOCK( &nonpagedMfcb->Lock ); SrvDereferenceMfcb( mfcb ); } return STATUS_SUCCESS; } // DoDelete SMB_PROCESSOR_RETURN_TYPE SrvSmbRename ( SMB_PROCESSOR_PARAMETERS ) /*++ Routine Description: Processes the Rename SMB. Arguments: SMB_PROCESSOR_PARAMETERS - See smbprocs.h for a description of the parameters to SMB processor routines. Return Value: SMB_PROCESSOR_RETURN_TYPE - See smbprocs.h --*/ { PAGED_CODE(); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_RENAME; SrvWmiStartContext(WorkContext); // // This SMB must be processed in a blocking thread. // WorkContext->FspRestartRoutine = BlockingRename; SrvQueueWorkToBlockingThread( WorkContext ); SrvWmiEndContext(WorkContext); return SmbStatusInProgress; } // SrvSmbRename VOID SRVFASTCALL BlockingRename ( IN OUT PWORK_CONTEXT WorkContext ) /*++ Routine Description: This routine processes the Rename SMB. Arguments: WorkContext - work context block Return Value: None. --*/ { PREQ_RENAME request; PREQ_NTRENAME ntrequest; PUCHAR RenameBuffer; PRESP_RENAME response; NTSTATUS status = STATUS_SUCCESS; UNICODE_STRING sourceName; UNICODE_STRING targetName; USHORT smbFlags; USHORT ByteCount; PCHAR target; PCHAR lastPositionInBuffer; PTREE_CONNECT treeConnect; PSESSION session; PSHARE share; BOOLEAN isUnicode; BOOLEAN isNtRename; BOOLEAN isDfs; PSRV_DIRECTORY_INFORMATION directoryInformation; ULONG renameRetries; PAGED_CODE( ); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_RENAME; SrvWmiStartContext(WorkContext); IF_SMB_DEBUG(FILE_CONTROL1) { KdPrint(( "Rename file request header at 0x%p, response header at 0x%p\n", WorkContext->RequestHeader, WorkContext->ResponseHeader )); KdPrint(( "Rename file request parameters at 0x%p, response parameters at 0x%p\n", WorkContext->RequestParameters, WorkContext->ResponseParameters )); } response = (PRESP_RENAME)WorkContext->ResponseParameters; request = (PREQ_RENAME)WorkContext->RequestParameters; ntrequest = (PREQ_NTRENAME)WorkContext->RequestParameters; isNtRename = (BOOLEAN)(WorkContext->RequestHeader->Command == SMB_COM_NT_RENAME); if (isNtRename) { RenameBuffer = ntrequest->Buffer; ByteCount = MIN(SmbGetUshort(&ntrequest->ByteCount), (USHORT)(END_OF_REQUEST_SMB(WorkContext) + 1 - (PCHAR)RenameBuffer)); } else { RenameBuffer = request->Buffer; ByteCount = MIN(SmbGetUshort(&request->ByteCount), (USHORT)(END_OF_REQUEST_SMB(WorkContext) + 1 - (PCHAR)RenameBuffer)); } // // If a session block has not already been assigned to the current // work context , verify the UID. If verified, the address of the // session block corresponding to this user is stored in the // WorkContext block and the session block is referenced. // // Find tree connect corresponding to given TID if a tree connect // pointer has not already been put in the WorkContext block by an // AndX command. // status = SrvVerifyUidAndTid( WorkContext, &session, &treeConnect, ShareTypeDisk ); if ( !NT_SUCCESS(status) ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "BlockingRename: Invalid UID or TID\n" )); } goto error_exit; } // // If the session has expired, return that info // if( session->IsSessionExpired ) { status = SESSION_EXPIRED_STATUS_CODE; goto error_exit; } // // Get the share block from the tree connect block. This does not need // to be a referenced pointer because we have referenced the tree // connect, and it has the share referenced. // share = treeConnect->Share; // // Set up the path name for the file we will search for. The +1 // accounts for the ASCII token of the SMB protocol. // isUnicode = SMB_IS_UNICODE( WorkContext ); isDfs = SMB_CONTAINS_DFS_NAME( WorkContext ); // // Get a pointer to the new pathname of the file. This is in the // buffer field of the request SMB after the source name. The // target is delimited by the SMB_FORMAT_ASCII. // // While doing this, make sure that we do not walk off the end of the // SMB buffer if the client did not include the SMB_FORMAT_ASCII // token. // lastPositionInBuffer = (PCHAR)RenameBuffer + ByteCount; if( !isUnicode ) { for ( target = (PCHAR)RenameBuffer + 1; (target < lastPositionInBuffer) && (*target != SMB_FORMAT_ASCII); target++ ) { ; } } else { PWCHAR p = (PWCHAR)(RenameBuffer + 1); // // Skip the Original filename part. The name is null-terminated // (see rdr\utils.c RdrCopyNetworkPath()) // // // Ensure p is suitably aligned // p = ALIGN_SMB_WSTR(p); // // Skip over the source filename // for( p = ALIGN_SMB_WSTR(p); p < (PWCHAR)lastPositionInBuffer && *p != UNICODE_NULL; p++ ) { ; } // // Search for SMB_FORMAT_ASCII which preceeds the target name // // for ( target = (PUCHAR)(p + 1); target < lastPositionInBuffer && *target != SMB_FORMAT_ASCII; target++ ) { ; } } // // If there was no SMB_FORMAT_ASCII in the passed buffer, fail. // if ( (target >= lastPositionInBuffer) || (*target != SMB_FORMAT_ASCII) ) { if ( !isUnicode ) { RtlFreeUnicodeString( &sourceName ); } status = STATUS_INVALID_SMB; goto error_exit; } // Canonicalize out the Source name status = SrvCanonicalizePathName( WorkContext, share, NULL, (PVOID)(RenameBuffer + 1), target, TRUE, isUnicode, &sourceName ); if( !NT_SUCCESS( status ) ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "BlockingRename: illegal path name: %s\n", (PSZ)RenameBuffer + 1 )); } goto error_exit; } if( !sourceName.Length ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "BlockingRename: No source name\n" )); } status = STATUS_OBJECT_PATH_SYNTAX_BAD; goto error_exit; } // // If the SMB was originally marked as containing Dfs names, then the // call to SrvCanonicalizePathName for the source path has cleared that // flag. So, re-mark the SMB as containing Dfs names before calling // SrvCanonicalizePathName on the target path. // if (isDfs) { SMB_MARK_AS_DFS_NAME( WorkContext ); } status = SrvCanonicalizePathName( WorkContext, share, NULL, target + 1, END_OF_REQUEST_SMB( WorkContext ), TRUE, isUnicode, &targetName ); if( !NT_SUCCESS( status ) ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "BlockingRename: illegal path name: %s\n", target + 1 )); } if ( !isUnicode ) { RtlFreeUnicodeString( &sourceName ); } goto error_exit; } if( !targetName.Length ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "BlockingRename: No target name\n" )); } if( !isUnicode ) { RtlFreeUnicodeString( &sourceName ); } status = STATUS_OBJECT_PATH_SYNTAX_BAD; goto error_exit; } // // Ensure this client's RFCB cache is empty. This covers the case // where a client has open files in a directory we are trying // to rename. // SrvCloseCachedRfcbsOnConnection( WorkContext->Connection ); if ( !FsRtlDoesNameContainWildCards( &sourceName ) ) { USHORT InformationLevel = SMB_NT_RENAME_RENAME_FILE; ULONG ClusterCount = 0; if (isNtRename) { InformationLevel = SmbGetUshort(&ntrequest->InformationLevel); ClusterCount = SmbGetUlong(&ntrequest->ClusterCount); } smbFlags = 0; // // Use SrvMoveFile to rename the file. The SmbOpenFunction is // set to indicate that existing files may not be overwritten, // and we may create new files. Also, the target may not be // a directory; if it already exists as a directory, fail. // renameRetries = SrvSharingViolationRetryCount; start_retry1: status = SrvMoveFile( WorkContext, WorkContext->TreeConnect->Share, SMB_OFUN_CREATE_CREATE | SMB_OFUN_OPEN_FAIL, &smbFlags, SmbGetUshort( &request->SearchAttributes ), TRUE, InformationLevel, ClusterCount, &sourceName, &targetName ); if ( (status == STATUS_SHARING_VIOLATION) && (renameRetries-- > 0) ) { (VOID) KeDelayExecutionThread( KernelMode, FALSE, &SrvSharingViolationDelay ); goto start_retry1; } if ( !isUnicode ) { RtlFreeUnicodeString( &targetName ); RtlFreeUnicodeString( &sourceName ); } if ( !NT_SUCCESS(status) ) { goto error_exit; } } else if (isNtRename) { // Wild cards not allowed! status = STATUS_OBJECT_PATH_SYNTAX_BAD; goto error_exit; } else { BOOLEAN firstCall = TRUE; UNICODE_STRING subdirInfo; CLONG bufferLength; BOOLEAN filterLongNames; // // We need the full path name of each file that is returned by // SrvQueryDirectoryFile, so we need to find the part of the // passed filename that contains subdirectory information (e.g. // for a\b\c\*.*, we want a string that indicates a\b\c). // subdirInfo.Buffer = sourceName.Buffer; subdirInfo.Length = SrvGetSubdirectoryLength( &sourceName ); subdirInfo.MaximumLength = subdirInfo.Length; // // SrvQueryDirectoryFile requires a buffer from nonpaged pool. // Since this routine does not use the buffer field of the // request SMB after the pathname, use this. The buffer must be // quadword-aligned. // directoryInformation = (PSRV_DIRECTORY_INFORMATION)((ULONG_PTR)((PCHAR)RenameBuffer + ByteCount + 7) & ~7); bufferLength = WorkContext->RequestBuffer->BufferLength - PTR_DIFF(directoryInformation, WorkContext->RequestBuffer->Buffer); smbFlags = 0; // // Determine whether long filenames (non-8.3) should be filtered out // or processed. // if ( (SmbGetAlignedUshort( &WorkContext->RequestHeader->Flags2 ) & SMB_FLAGS2_KNOWS_LONG_NAMES) != 0 ) { filterLongNames = FALSE; } else { filterLongNames = TRUE; } // // Call SrvQueryDirectoryFile to get file(s) to rename, renaming as // we get each file. // // *** We ask for FileBothDirectoryInformation so that we will // pick up long names on NTFS that have short name // equivalents. Without this, DOS clients will not be able // to rename long names on NTFS volumes. // while ( ( status = SrvQueryDirectoryFile( WorkContext, firstCall, filterLongNames, FALSE, FileBothDirectoryInformation, 0, &sourceName, NULL, SmbGetUshort( &request->SearchAttributes ), directoryInformation, bufferLength ) ) != STATUS_NO_MORE_FILES ) { PFILE_BOTH_DIR_INFORMATION bothDirInfo; UNICODE_STRING sourceFileName; UNICODE_STRING sourcePathName; if ( !NT_SUCCESS(status) ) { IF_DEBUG(ERRORS) { KdPrint(( "BlockingRename: SrvQueryDirectoryFile failed: %X\n", status )); } if ( !isUnicode ) { RtlFreeUnicodeString( &targetName ); RtlFreeUnicodeString( &sourceName ); } goto error_exit1; } bothDirInfo = (PFILE_BOTH_DIR_INFORMATION)directoryInformation->CurrentEntry; // // Note that we use the standard name to do the delete, even // though we may have matched on the NTFS short name. The // client doesn't care which name we use to do the delete. // sourceFileName.Length = (SHORT)bothDirInfo->FileNameLength; sourceFileName.MaximumLength = sourceFileName.Length; sourceFileName.Buffer = bothDirInfo->FileName; IF_SMB_DEBUG(FILE_CONTROL2) { KdPrint(( "SrvQueryDirectoryFile--name %wZ, length = %ld, " "status = %X\n", &sourceFileName, sourceFileName.Length, status )); } firstCall = FALSE; // // Set up the full source name string. // SrvAllocateAndBuildPathName( &subdirInfo, &sourceFileName, NULL, &sourcePathName ); if ( sourcePathName.Buffer == NULL ) { IF_DEBUG(ERRORS) { KdPrint(( "BlockingRename: SrvAllocateAndBuildPathName failed: " "%X\n", status )); } if ( !isUnicode ) { RtlFreeUnicodeString( &targetName ); RtlFreeUnicodeString( &sourceName ); } status = STATUS_INSUFF_SERVER_RESOURCES; goto error_exit1; } // // Use SrvMoveFile to copy or rename the file. The // SmbOpenFunction is set to indicate that existing files // may not be overwritten, and we may create new files. // // *** SrvQueryDirectoryFile has already filtered based on // the search attributes, so tell SrvMoveFile that files // with the system and hidden bits are OK. This will // prevent the call to NtQueryDirectoryFile performed in // SrvCheckSearchAttributesForHandle. // renameRetries = SrvSharingViolationRetryCount; start_retry2: status = SrvMoveFile( WorkContext, WorkContext->TreeConnect->Share, SMB_OFUN_CREATE_CREATE | SMB_OFUN_OPEN_FAIL, &smbFlags, (USHORT)(FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN), TRUE, SMB_NT_RENAME_RENAME_FILE, 0, &sourcePathName, &targetName ); if ( (status == STATUS_SHARING_VIOLATION) && (renameRetries-- > 0) ) { (VOID) KeDelayExecutionThread( KernelMode, FALSE, &SrvSharingViolationDelay ); goto start_retry2; } FREE_HEAP( sourcePathName.Buffer ); if ( !NT_SUCCESS(status) ) { if ( !isUnicode ) { RtlFreeUnicodeString( &targetName ); RtlFreeUnicodeString( &sourceName ); } goto error_exit1; } } // // Clean up now that the search is done. // if ( !isUnicode ) { RtlFreeUnicodeString( &targetName ); RtlFreeUnicodeString( &sourceName ); } SrvCloseQueryDirectory( directoryInformation ); // // If no files were found, return an error to the client. // if ( firstCall ) { status = STATUS_NO_SUCH_FILE; goto error_exit; } } // // Build the response SMB. // response->WordCount = 0; SmbPutUshort( &response->ByteCount, 0 ); WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_RENAME, 0 ); IF_DEBUG(TRACE2) KdPrint(( "BlockingRename complete.\n" )); goto normal_exit; error_exit1: SrvCloseQueryDirectory( directoryInformation ); error_exit: SrvSetSmbError( WorkContext, status ); normal_exit: SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse ); SrvWmiEndContext(WorkContext); return; } // BlockingRename SMB_PROCESSOR_RETURN_TYPE SrvSmbMove ( SMB_PROCESSOR_PARAMETERS ) /*++ Routine Description: Processes the Move SMB. Arguments: SMB_PROCESSOR_PARAMETERS - See smbprocs.h for a description of the parameters to SMB processor routines. Return Value: SMB_PROCESSOR_RETURN_TYPE - See smbprocs.h --*/ { PAGED_CODE(); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_MOVE; SrvWmiStartContext(WorkContext); // // This SMB must be processed in a blocking thread. // WorkContext->FspRestartRoutine = BlockingMove; SrvQueueWorkToBlockingThread( WorkContext ); SrvWmiEndContext(WorkContext); return SmbStatusInProgress; } // SrvSmbMove VOID SRVFASTCALL BlockingMove ( IN OUT PWORK_CONTEXT WorkContext ) /*++ Routine Description: This routine processes the Move SMB. Arguments: WorkContext - work context block Return Value: None. --*/ { PREQ_MOVE request; PRESP_MOVE response; NTSTATUS status = STATUS_SUCCESS; UNICODE_STRING sourceName; UNICODE_STRING sourceFileName; UNICODE_STRING sourcePathName; UNICODE_STRING targetName; PSRV_DIRECTORY_INFORMATION directoryInformation; USHORT tid2; USHORT smbFlags; PCHAR lastPositionInBuffer; PCHAR target; BOOLEAN isRenameOperation; BOOLEAN isUnicode = TRUE; BOOLEAN isDfs; USHORT smbOpenFunction; USHORT errorPathNameLength = 0; USHORT count = 0; PTREE_CONNECT sourceTreeConnect, targetTreeConnect; PSESSION session; PSHARE share; PAGED_CODE( ); if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT) WorkContext->PreviousSMB = EVENT_TYPE_SMB_MOVE; SrvWmiStartContext(WorkContext); IF_SMB_DEBUG(FILE_CONTROL1) { KdPrint(( "Move/Copy request header at 0x%p, response header at 0x%p\n", WorkContext->RequestHeader, WorkContext->ResponseHeader )); KdPrint(( "Move/Copy request parameters at 0x%p, response parameters at 0x%p\n", WorkContext->RequestParameters, WorkContext->ResponseParameters )); } request = (PREQ_MOVE)WorkContext->RequestParameters; response = (PRESP_MOVE)WorkContext->ResponseParameters; // // Set pointers to NULL so that we know how to clean up on exit. // directoryInformation = NULL; targetTreeConnect = NULL; sourceName.Buffer = NULL; targetName.Buffer = NULL; sourcePathName.Buffer = NULL; // // If a session block has not already been assigned to the current // work context , verify the UID. If verified, the address of the // session block corresponding to this user is stored in the WorkContext // block and the session block is referenced. // // Find tree connect corresponding to given TID if a tree connect // pointer has not already been put in the WorkContext block by an // AndX command. // status = SrvVerifyUidAndTid( WorkContext, &session, &sourceTreeConnect, ShareTypeDisk ); if ( !NT_SUCCESS(status) ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "BlockingMove: Invalid UID or TID\n" )); } goto exit; } if( session->IsSessionExpired ) { status = SESSION_EXPIRED_STATUS_CODE; goto exit; } // // Get the share block from the tree connect block. This does not need // to be a referenced pointer because we have referenced the tree // connect, and it has the share referenced. // share = sourceTreeConnect->Share; // // Get the target tree connect. The TID for this is in the Tid2 // field of the request SMB. Because SrvVerifyTid sets the // TreeConnect field of the WorkContext block, set it back after // calling the routine. Remember to dereference this pointer before // exiting this routine, as it will not be automatically // dereferenced because it is not in the WorkContext block. // // If Tid2 is -1 (0xFFFF), then the TID specified in the SMB header // is used. // tid2 = SmbGetUshort( &request->Tid2 ); if ( tid2 == (USHORT)0xFFFF ) { tid2 = SmbGetAlignedUshort( &WorkContext->RequestHeader->Tid ); } WorkContext->TreeConnect = NULL; // Must be NULL for SrvVerifyTid targetTreeConnect = SrvVerifyTid( WorkContext, tid2 ); WorkContext->TreeConnect = sourceTreeConnect; if ( targetTreeConnect == NULL || targetTreeConnect->Share->ShareType != ShareTypeDisk ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "BlockingMove: Invalid TID2: 0x%lx\n", tid2 )); } status = STATUS_SMB_BAD_TID; goto exit; } // // Determine whether this is a rename or a copy. // if ( WorkContext->RequestHeader->Command == SMB_COM_MOVE ) { isRenameOperation = TRUE; } else { isRenameOperation = FALSE; } // // Store the open function. // smbOpenFunction = SmbGetUshort( &request->OpenFunction ); // // Set up the target pathnames. We must do the target first, as the // SMB rename extended protocol does not use the ASCII tokens, so we // will lose the information about the start of the target name when // we canonicalize the source name. // // Instead of using strlen() to find the end of the source string, // do it here so that we can make a check to ensure that we don't // walk off the end of the SMB buffer and cause an access violation. // lastPositionInBuffer = (PCHAR)request->Buffer + SmbGetUshort( &request->ByteCount ); if( lastPositionInBuffer > END_OF_REQUEST_SMB( WorkContext )+1 ) { SrvLogInvalidSmb( WorkContext ); status = STATUS_INVALID_SMB; goto exit; } for ( target = (PCHAR)request->Buffer; (target < lastPositionInBuffer) && (*target != 0); target++ ) { ; } // // If there was no zero terminator in the buffer, fail. // if ( (target == lastPositionInBuffer) || (*target != 0) ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "No terminator on first name.\n" )); } SrvLogInvalidSmb( WorkContext ); status = STATUS_INVALID_SMB; goto exit; } target++; isUnicode = SMB_IS_UNICODE( WorkContext ); isDfs = SMB_CONTAINS_DFS_NAME( WorkContext ); status = SrvCanonicalizePathName( WorkContext, share, NULL, target, END_OF_REQUEST_SMB( WorkContext ), TRUE, isUnicode, &targetName ); if( !NT_SUCCESS( status ) ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "BlockingMove: illegal path name (target): %wZ\n", &targetName )); } goto exit; } // // If the SMB was originally marked as containing Dfs names, then the // call to SrvCanonicalizePathName for the target path has cleared that // flag. So, re-mark the SMB as containing Dfs names before calling // SrvCanonicalizePathName on the source path. // if (isDfs) { SMB_MARK_AS_DFS_NAME( WorkContext ); } // // Set up the source name. // status = SrvCanonicalizePathName( WorkContext, share, NULL, request->Buffer, END_OF_REQUEST_SMB( WorkContext ), TRUE, isUnicode, &sourceName ); if( !NT_SUCCESS( status ) ) { IF_DEBUG(SMB_ERRORS) { KdPrint(( "BlockingMove: illegal path name (source): %s\n", request->Buffer )); } goto exit; } smbFlags = SmbGetUshort( &request->Flags ); // // Copy interprets ; as *. If the last character was ; and this was // not at the end of a file name with other characters (as in // "file;" then convert the ; to *. // if ( sourceName.Buffer[(sourceName.Length/sizeof(WCHAR))-1] == ';' && ( sourceName.Length == 2 || sourceName.Buffer[(sourceName.Length/sizeof(WCHAR))-2] == '\\' ) ) { sourceName.Buffer[(sourceName.Length/sizeof(WCHAR))-1] = '*'; } // // Tree copy not implemented. If this is a single file copy, // let it go through. For now, we make sure that it does not // have any wild card characters, we do additional checking // inside SrvMoveFile. // if ( ( (smbFlags & SMB_COPY_TREE) != 0 ) && FsRtlDoesNameContainWildCards(&sourceName) ) { INTERNAL_ERROR( ERROR_LEVEL_EXPECTED, "Tree copy not implemented.", NULL, NULL ); status = STATUS_NOT_IMPLEMENTED; goto exit; } if ( !FsRtlDoesNameContainWildCards( &sourceName ) ) { // // Use SrvMoveFile to copy or move the file. // // *** These SMBs do not include search attributes, so set // this field equal to zero. If will not be possible // to move a file that has the system or hidden bits on. status = SrvMoveFile( WorkContext, targetTreeConnect->Share, smbOpenFunction, &smbFlags, (USHORT)0, // SmbSearchAttributes FALSE, (USHORT)(isRenameOperation? SMB_NT_RENAME_RENAME_FILE : SMB_NT_RENAME_MOVE_FILE), 0, &sourceName, &targetName ); if ( !NT_SUCCESS(status) ) { goto exit; } count = 1; } else { UNICODE_STRING subdirInfo; BOOLEAN firstCall = TRUE; CLONG bufferLength; BOOLEAN filterLongNames; // // If wildcards were in the original source name, we set the // SmbFlags to SMB_TARGET_IS_DIRECTORY to indicate that the // target must be a directory--this is always the case when // wildcards are used for a rename. (For a copy, it is legal to // specify that the destination is a file and append to that // file--then all the source files are concatenated to that one // target file.) // if ( isRenameOperation ) { smbFlags |= SMB_TARGET_IS_DIRECTORY; } // // SrvQueryDirectoryFile requires a buffer from nonpaged pool. // Since this routine does not use the buffer field of the // request SMB after the pathname, use this. The buffer must be // quadword-aligned. // directoryInformation = (PSRV_DIRECTORY_INFORMATION)( (ULONG_PTR)((PCHAR)request->Buffer + SmbGetUshort( &request->ByteCount ) + 7) & ~7 ); bufferLength = WorkContext->RequestBuffer->BufferLength - PTR_DIFF(directoryInformation, WorkContext->RequestBuffer->Buffer); // // We need the full path name of each file that is returned by // SrvQueryDirectoryFile, so we need to find the part of the // passed filename that contains subdirectory information (e.g. // for a\b\c\*.*, we want a string that indicates a\b\c). // subdirInfo.Buffer = sourceName.Buffer; subdirInfo.Length = SrvGetSubdirectoryLength( &sourceName ); subdirInfo.MaximumLength = subdirInfo.Length; // // Determine whether long filenames (non-8.3) should be filtered out // or processed. // if ( (SmbGetAlignedUshort( &WorkContext->RequestHeader->Flags2 ) & SMB_FLAGS2_KNOWS_LONG_NAMES) != 0 ) { filterLongNames = FALSE; } else { filterLongNames = TRUE; } // // As long as SrvQueryDirectoryFile is able to return file names, // keep renaming. // // *** Set search attributes to find archive files, but not // system or hidden files. This duplicates the LM 2.0 // server behavior. // // *** We ask for FileBothDirectoryInformation so that we will // pick up long names on NTFS that have short name // equivalents. Without this, DOS clients will not be able // to move long names on NTFS volumes. // while ( ( status = SrvQueryDirectoryFile( WorkContext, firstCall, filterLongNames, FALSE, FileBothDirectoryInformation, 0, &sourceName, NULL, FILE_ATTRIBUTE_ARCHIVE, // SmbSearchAttributes directoryInformation, bufferLength ) ) != STATUS_NO_MORE_FILES ) { PFILE_BOTH_DIR_INFORMATION bothDirInfo; if ( !NT_SUCCESS(status) ) { IF_DEBUG(ERRORS) { KdPrint(( "BlockingMove: SrvQueryDirectoryFile failed: %X\n", status )); } goto exit; } bothDirInfo = (PFILE_BOTH_DIR_INFORMATION)directoryInformation->CurrentEntry; // // If we're filtering long names, and the file has a short // name equivalent, then use that name to do the delete. We // do this because we need to return a name to the client if // the operation fails, and we don't want to return a long // name. Note that if the file has no short name, and we're // filtering, then the standard name must be a valid 8.3 // name, so it's OK to return to the client. // if ( filterLongNames && (bothDirInfo->ShortNameLength != 0) ) { sourceFileName.Length = (SHORT)bothDirInfo->ShortNameLength; sourceFileName.Buffer = bothDirInfo->ShortName; } else { sourceFileName.Length = (SHORT)bothDirInfo->FileNameLength; sourceFileName.Buffer = bothDirInfo->FileName; } sourceFileName.MaximumLength = sourceFileName.Length; IF_SMB_DEBUG(FILE_CONTROL2) { KdPrint(( "SrvQueryDirectoryFile--name %wZ, length = %ld, " "status = %X\n", &sourceFileName, sourceFileName.Length, status )); } firstCall = FALSE; // // Set up the full source name string. // SrvAllocateAndBuildPathName( &subdirInfo, &sourceFileName, NULL, &sourcePathName ); if ( sourcePathName.Buffer == NULL ) { status = STATUS_INSUFF_SERVER_RESOURCES; goto exit; } // // Use SrvMoveFile to copy or rename the file. // status = SrvMoveFile( WorkContext, targetTreeConnect->Share, smbOpenFunction, &smbFlags, (USHORT)0, // SmbSearchAttributes FALSE, (USHORT)(isRenameOperation? SMB_NT_RENAME_RENAME_FILE : SMB_NT_RENAME_MOVE_FILE), 0, &sourcePathName, &targetName ); if ( !NT_SUCCESS(status) ) { goto exit; } count++; // // Free the buffer that holds that source name. // FREE_HEAP( sourcePathName.Buffer ); sourcePathName.Buffer = NULL; // // If this is a copy operation with wildcards and the target is // a file, then all files should be appended to the target. The // target is truncated on the first call to SrvMoveFile if that // was specified by the caller. // // This is done by turning off the truncate bit in the // SmbOpenFunction and turning on the append bit. // if ( !isRenameOperation && directoryInformation->Wildcards && (smbFlags & SMB_TARGET_IS_FILE) ) { smbOpenFunction &= ~SMB_OFUN_OPEN_TRUNCATE; smbOpenFunction |= SMB_OFUN_OPEN_APPEND; } } // // If no files were found, return an error to the client. // if ( firstCall ) { status = STATUS_NO_SUCH_FILE; goto exit; } } // // Build the response SMB. // SmbPutUshort( &response->ByteCount, 0 ); WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_MOVE, 0 ); status = STATUS_SUCCESS; exit: response->WordCount = 1; SmbPutUshort( &response->Count, count ); if ( directoryInformation != NULL ) { SrvCloseQueryDirectory( directoryInformation ); } if ( targetTreeConnect != NULL) { SrvDereferenceTreeConnect( targetTreeConnect ); } if ( !NT_SUCCESS(status) ) { SrvSetSmbError( WorkContext, status ); if ( sourcePathName.Buffer != NULL ) { // // Put the name of the file where the error occurred in the // buffer field of the response SMB. // RtlCopyMemory( response->Buffer, sourcePathName.Buffer, sourcePathName.Length ); response->Buffer[sourcePathName.Length] = '\0'; SmbPutUshort( &response->ByteCount, (SHORT)(sourcePathName.Length+1) ); WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_MOVE, sourcePathName.Length+1 ); FREE_HEAP( sourcePathName.Buffer ); } else if ( sourceName.Buffer != NULL ) { // // Put the name of the file where the error occurred in the // buffer field of the response SMB. // RtlCopyMemory( response->Buffer, sourceName.Buffer, sourceName.Length ); response->Buffer[sourceName.Length] = '\0'; SmbPutUshort( &response->ByteCount, (SHORT)(sourceName.Length+1) ); WorkContext->ResponseParameters = NEXT_LOCATION( response, RESP_MOVE, sourceName.Length+1 ); } } if ( !isUnicode ) { if ( targetName.Buffer != NULL ) { RtlFreeUnicodeString( &targetName ); } if ( sourceName.Buffer != NULL ) { RtlFreeUnicodeString( &sourceName ); } } IF_DEBUG(TRACE2) KdPrint(( "BlockingMove complete.\n" )); SrvEndSmbProcessing( WorkContext, SmbStatusSendResponse ); SrvWmiEndContext(WorkContext); return; } // BlockingMove SMB_TRANS_STATUS SrvSmbNtRename ( IN OUT PWORK_CONTEXT WorkContext ) /*++ Routine Description: Processes the NT rename request. This request arrives in an NT transact SMB. Arguments: WorkContext - Supplies the address of a Work Context Block describing the current request. See smbtypes.h for a more complete description of the valid fields. Return Value: SMB_TRANS_STATUS - Indicates whether an error occurred, and, if so, whether data should be returned to the client. See smbtypes.h for a more complete description. --*/ { PREQ_NT_RENAME request; NTSTATUS status; PTRANSACTION transaction; PRFCB rfcb; PAGED_CODE( ); transaction = WorkContext->Parameters.Transaction; IF_SMB_DEBUG( FILE_CONTROL1 ) { KdPrint(( "SrvSmbNtRename entered; transaction 0x%p\n", transaction )); } request = (PREQ_NT_RENAME)transaction->InParameters; // // Verify that enough parameter bytes were sent and that we're allowed // to return enough parameter bytes. // if ( transaction->ParameterCount < sizeof(REQ_NT_RENAME) ) { // // Not enough parameter bytes were sent. // IF_SMB_DEBUG( FILE_CONTROL1 ) { KdPrint(( "SrvSmbNtRename: bad parameter byte count: " "%ld\n", transaction->ParameterCount )); } SrvSetSmbError( WorkContext, STATUS_INVALID_SMB ); return SmbTransStatusErrorWithoutData; } // // Verify the FID. If verified, the RFCB block is referenced // and its addresses is stored in the WorkContext block, and the // RFCB address is returned. // rfcb = SrvVerifyFid( WorkContext, SmbGetUshort( &request->Fid ), TRUE, NULL, // don't serialize with raw write &status ); if ( rfcb == SRV_INVALID_RFCB_POINTER ) { // // Invalid file ID or write behind error. Reject the request. // IF_DEBUG(ERRORS) { KdPrint(( "SrvSmbNtRename: Status %X on FID: 0x%lx\n", status, SmbGetUshort( &request->Fid ) )); } SrvSetSmbError( WorkContext, status ); return SmbTransStatusErrorWithoutData; } // // Verify the information level and the number of input and output // data bytes available. // IF_DEBUG(TRACE2) KdPrint(( "SrvSmbNtRename complete.\n" )); return SmbTransStatusSuccess; } // SrvSmbNtRename