3.3.5.37 Receiving an SMB_COM_WRITE_ANDX Request
When the server receives an SMB_COM_WRITE_ANDX Request (section 2.2.4.43.1), message handling proceeds as follows.
The server MUST verify that the FID field represents a valid Open (has an entry in the SMB connection's Server.Connection.FileOpenTable).
The server MUST verify the UID as described in section 3.3.5.2, and ensure that the user has permission to write to the file. If the user does not have permission to write to the file, the server MUST send an error response with a Status of STATUS_ACCESS_DENIED (ERRDOS/ERRnoaccess) and MUST increase Server.Statistics.sts0_permerrors by 1.
If the UID that is presented is different from the UID that opened the file, the server MUST send the error response with a Status of STATUS_INVALID_HANDLE (ERRDOS/ERRbaduid).
The server MUST attempt to write the data received in the request to the specified file at the offset indicated in the request. If WordCount is 12 (0x0C), the server MUST use the offset in the 32-bit Offset field. If WordCount is 14 (0x0E), the server MUST use the 64-bit offset formed by combining OffsetHigh and Offset.
If the DataOffset field value is less than the offset of the SMB_Data.Bytes.Data field, or if the DataOffset field value is greater than the offset of SMB_Data.Bytes.Data + SMB_Parameters.Words.DataLength, the server SHOULD<301> fail the request with STATUS_INVALID_SMB.
A write request starting at or beyond the end of the file appends to the end of the file. Any "gaps" caused by writing past the end of file MUST be filled with null (0x00) padding bytes. A request to write zero bytes causes no change to the target file and MUST return a success. If the size of the SMB_Data.Bytes.Data field is greater than the value of the SMB_Parameters.Words.DataLength field, the server SHOULD<302> fail the request and return ERRSRV/ERRerror.
If the client has set WritethroughMode in WriteMode, all written data MUST be flushed to disk before the response is sent.
If the write request is made to a named pipe or I/O device, the following additional rules apply:
If Timeout is greater than zero, the server SHOULD<303> wait to send the response until either the number of bytes specified by DataLength are written to the device or the Timeout in milliseconds elapses. If Timeout is greater than zero and it elapses before is the number of DataLength bytes are written, the server SHOULD send a response with an error status indicating that the time-out occurred and MUST also include the count of bytes written. This is not a normal error response; it uses the full SMB_COM_WRITE_ANDX response format. If Timeout is zero, the write SHOULD NOT block.
If the Timeout value is -1 (0xFFFF, "wait forever"), the server SHOULD wait until the number of DataLength bytes have been written to the device before returning a response to the client.
If the Timeout value is -2 (0xFFFE, "default"), the server SHOULD wait for the default time-out associated with the name pipes or I/O device.
If the Remaining field is nonzero, and the pipe is a message mode pipe, it indicates that the pipe write spans over multiple requests. The Remaining field SHOULD contain the number of bytes remaining to be written.<304>
If the operation is successful, the server MUST construct an SMB_COM_WRITE_ANDX Response message as specified in section 2.2.4.43.2, with the following additional requirements:
If the request is to a named pipe or an I/O device and ReadBytesAvailable is set in the WriteMode field, Available MUST be set to the number of bytes available to be read from the named pipe or device, which MAY be zero.
The Count field MUST be set to the count, in bytes, of data written.<305>
The response MUST be sent to the client as specified in section 3.3.4.1.