2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 extern struct generic_mapping file_generic_mapping;
26 extern struct current_user current_user;
27 extern userdom_struct current_user_info;
28 extern uint16 global_smbpid;
29 extern BOOL global_client_failed_oplock_break;
31 struct deferred_open_record {
32 BOOL delayed_for_oplocks;
37 /****************************************************************************
38 fd support routines - attempt to do a dos_open.
39 ****************************************************************************/
41 static NTSTATUS fd_open(struct connection_struct *conn,
47 NTSTATUS status = NT_STATUS_OK;
51 * Never follow symlinks on a POSIX client. The
52 * client should be doing this.
55 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
60 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
61 if (fsp->fh->fd == -1) {
62 status = map_nt_error_from_unix(errno);
65 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
66 fname, flags, (int)mode, fsp->fh->fd,
67 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
72 /****************************************************************************
73 Close the file associated with a fsp.
74 ****************************************************************************/
76 NTSTATUS fd_close(struct connection_struct *conn, files_struct *fsp)
78 if (fsp->fh->fd == -1) {
79 return NT_STATUS_OK; /* What we used to call a stat open. */
81 if (fsp->fh->ref_count > 1) {
82 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
84 return fd_close_posix(conn, fsp);
87 /****************************************************************************
88 Change the ownership of a file to that of the parent directory.
89 Do this by fd if possible.
90 ****************************************************************************/
92 static void change_file_owner_to_parent(connection_struct *conn,
93 const char *inherit_from_dir,
96 SMB_STRUCT_STAT parent_st;
99 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
101 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
102 "directory %s. Error was %s\n",
103 inherit_from_dir, strerror(errno) ));
108 ret = SMB_VFS_FCHOWN(fsp, fsp->fh->fd, parent_st.st_uid, (gid_t)-1);
111 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
112 "file %s to parent directory uid %u. Error "
113 "was %s\n", fsp->fsp_name,
114 (unsigned int)parent_st.st_uid,
118 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
119 "parent directory uid %u.\n", fsp->fsp_name,
120 (unsigned int)parent_st.st_uid ));
123 static void change_dir_owner_to_parent(connection_struct *conn,
124 const char *inherit_from_dir,
126 SMB_STRUCT_STAT *psbuf)
129 SMB_STRUCT_STAT sbuf;
130 SMB_STRUCT_STAT parent_st;
133 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
135 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
136 "directory %s. Error was %s\n",
137 inherit_from_dir, strerror(errno) ));
141 /* We've already done an lstat into psbuf, and we know it's a
142 directory. If we can cd into the directory and the dev/ino
143 are the same then we can safely chown without races as
144 we're locking the directory in place by being in it. This
145 should work on any UNIX (thanks tridge :-). JRA.
148 if (!vfs_GetWd(conn,saved_dir)) {
149 DEBUG(0,("change_dir_owner_to_parent: failed to get "
150 "current working directory\n"));
154 /* Chdir into the new path. */
155 if (vfs_ChDir(conn, fname) == -1) {
156 DEBUG(0,("change_dir_owner_to_parent: failed to change "
157 "current working directory to %s. Error "
158 "was %s\n", fname, strerror(errno) ));
162 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
163 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
164 "directory '.' (%s) Error was %s\n",
165 fname, strerror(errno)));
169 /* Ensure we're pointing at the same place. */
170 if (sbuf.st_dev != psbuf->st_dev ||
171 sbuf.st_ino != psbuf->st_ino ||
172 sbuf.st_mode != psbuf->st_mode ) {
173 DEBUG(0,("change_dir_owner_to_parent: "
174 "device/inode/mode on directory %s changed. "
175 "Refusing to chown !\n", fname ));
180 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
183 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
184 "directory %s to parent directory uid %u. "
185 "Error was %s\n", fname,
186 (unsigned int)parent_st.st_uid, strerror(errno) ));
190 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
191 "directory %s to parent directory uid %u.\n",
192 fname, (unsigned int)parent_st.st_uid ));
196 vfs_ChDir(conn,saved_dir);
199 /****************************************************************************
201 ****************************************************************************/
203 static NTSTATUS open_file(files_struct *fsp,
204 connection_struct *conn,
205 const char *parent_dir,
208 SMB_STRUCT_STAT *psbuf,
211 uint32 access_mask, /* client requested access mask. */
212 uint32 open_access_mask) /* what we're actually using in the open. */
214 NTSTATUS status = NT_STATUS_OK;
215 int accmode = (flags & O_ACCMODE);
216 int local_flags = flags;
217 BOOL file_existed = VALID_STAT(*psbuf);
222 /* Check permissions */
225 * This code was changed after seeing a client open request
226 * containing the open mode of (DENY_WRITE/read-only) with
227 * the 'create if not exist' bit set. The previous code
228 * would fail to open the file read only on a read-only share
229 * as it was checking the flags parameter directly against O_RDONLY,
230 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
234 if (!CAN_WRITE(conn)) {
235 /* It's a read-only share - fail if we wanted to write. */
236 if(accmode != O_RDONLY) {
237 DEBUG(3,("Permission denied opening %s\n", path));
238 return NT_STATUS_ACCESS_DENIED;
239 } else if(flags & O_CREAT) {
240 /* We don't want to write - but we must make sure that
241 O_CREAT doesn't create the file if we have write
242 access into the directory.
245 local_flags &= ~O_CREAT;
250 * This little piece of insanity is inspired by the
251 * fact that an NT client can open a file for O_RDONLY,
252 * but set the create disposition to FILE_EXISTS_TRUNCATE.
253 * If the client *can* write to the file, then it expects to
254 * truncate the file, even though it is opening for readonly.
255 * Quicken uses this stupid trick in backup file creation...
256 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
257 * for helping track this one down. It didn't bite us in 2.0.x
258 * as we always opened files read-write in that release. JRA.
261 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
262 DEBUG(10,("open_file: truncate requested on read-only open "
263 "for file %s\n", path));
264 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
267 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
268 (!file_existed && (local_flags & O_CREAT)) ||
269 ((local_flags & O_TRUNC) == O_TRUNC) ) {
272 * We can't actually truncate here as the file may be locked.
273 * open_file_ntcreate will take care of the truncate later. JRA.
276 local_flags &= ~O_TRUNC;
278 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
280 * We would block on opening a FIFO with no one else on the
281 * other end. Do what we used to do and add O_NONBLOCK to the
285 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
286 local_flags |= O_NONBLOCK;
290 /* Don't create files with Microsoft wildcard characters. */
291 if ((local_flags & O_CREAT) && !file_existed &&
293 return NT_STATUS_OBJECT_NAME_INVALID;
296 /* Actually do the open */
297 status = fd_open(conn, path, fsp, local_flags, unx_mode);
298 if (!NT_STATUS_IS_OK(status)) {
299 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
301 path,nt_errstr(status),local_flags,flags));
305 if ((local_flags & O_CREAT) && !file_existed) {
307 /* Inherit the ACL if required */
308 if (lp_inherit_perms(SNUM(conn))) {
309 inherit_access_acl(conn, parent_dir, path,
313 /* Change the owner if required. */
314 if (lp_inherit_owner(SNUM(conn))) {
315 change_file_owner_to_parent(conn, parent_dir,
319 notify_fname(conn, NOTIFY_ACTION_ADDED,
320 FILE_NOTIFY_CHANGE_FILE_NAME, path);
324 fsp->fh->fd = -1; /* What we used to call a stat open. */
330 if (fsp->fh->fd == -1) {
331 ret = SMB_VFS_STAT(conn, path, psbuf);
333 ret = SMB_VFS_FSTAT(fsp,fsp->fh->fd,psbuf);
334 /* If we have an fd, this stat should succeed. */
336 DEBUG(0,("Error doing fstat on open file %s "
337 "(%s)\n", path,strerror(errno) ));
341 /* For a non-io open, this stat failing means file not found. JRA */
343 status = map_nt_error_from_unix(errno);
350 * POSIX allows read-only opens of directories. We don't
351 * want to do this (we use a different code path for this)
352 * so catch a directory open and return an EISDIR. JRA.
355 if(S_ISDIR(psbuf->st_mode)) {
358 return NT_STATUS_FILE_IS_A_DIRECTORY;
361 fsp->mode = psbuf->st_mode;
362 fsp->inode = psbuf->st_ino;
363 fsp->dev = psbuf->st_dev;
364 fsp->vuid = current_user.vuid;
365 fsp->file_pid = global_smbpid;
366 fsp->can_lock = True;
367 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
368 if (!CAN_WRITE(conn)) {
369 fsp->can_write = False;
371 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
374 fsp->print_file = False;
375 fsp->modified = False;
376 fsp->sent_oplock_break = NO_BREAK_SENT;
377 fsp->is_directory = False;
378 fsp->is_stat = False;
379 if (conn->aio_write_behind_list &&
380 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
381 fsp->aio_write_behind = True;
384 string_set(&fsp->fsp_name, path);
385 fsp->wcp = NULL; /* Write cache pointer. */
387 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
388 *current_user_info.smb_name ?
389 current_user_info.smb_name : conn->user,fsp->fsp_name,
390 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
391 conn->num_files_open + 1));
397 /*******************************************************************
398 Return True if the filename is one of the special executable types.
399 ********************************************************************/
401 static BOOL is_executable(const char *fname)
403 if ((fname = strrchr_m(fname,'.'))) {
404 if (strequal(fname,".com") ||
405 strequal(fname,".dll") ||
406 strequal(fname,".exe") ||
407 strequal(fname,".sym")) {
414 /****************************************************************************
415 Check if we can open a file with a share mode.
416 Returns True if conflict, False if not.
417 ****************************************************************************/
419 static BOOL share_conflict(struct share_mode_entry *entry,
423 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
424 "entry->share_access = 0x%x, "
425 "entry->private_options = 0x%x\n",
426 (unsigned int)entry->access_mask,
427 (unsigned int)entry->share_access,
428 (unsigned int)entry->private_options));
430 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
431 (unsigned int)access_mask, (unsigned int)share_access));
433 if ((entry->access_mask & (FILE_WRITE_DATA|
437 DELETE_ACCESS)) == 0) {
438 DEBUG(10,("share_conflict: No conflict due to "
439 "entry->access_mask = 0x%x\n",
440 (unsigned int)entry->access_mask ));
444 if ((access_mask & (FILE_WRITE_DATA|
448 DELETE_ACCESS)) == 0) {
449 DEBUG(10,("share_conflict: No conflict due to "
450 "access_mask = 0x%x\n",
451 (unsigned int)access_mask ));
455 #if 1 /* JRA TEST - Superdebug. */
456 #define CHECK_MASK(num, am, right, sa, share) \
457 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
458 (unsigned int)(num), (unsigned int)(am), \
459 (unsigned int)(right), (unsigned int)(am)&(right) )); \
460 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
461 (unsigned int)(num), (unsigned int)(sa), \
462 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
463 if (((am) & (right)) && !((sa) & (share))) { \
464 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
465 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
466 (unsigned int)(share) )); \
470 #define CHECK_MASK(num, am, right, sa, share) \
471 if (((am) & (right)) && !((sa) & (share))) { \
472 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
473 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
474 (unsigned int)(share) )); \
479 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
480 share_access, FILE_SHARE_WRITE);
481 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
482 entry->share_access, FILE_SHARE_WRITE);
484 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
485 share_access, FILE_SHARE_READ);
486 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
487 entry->share_access, FILE_SHARE_READ);
489 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
490 share_access, FILE_SHARE_DELETE);
491 CHECK_MASK(6, access_mask, DELETE_ACCESS,
492 entry->share_access, FILE_SHARE_DELETE);
494 DEBUG(10,("share_conflict: No conflict.\n"));
498 #if defined(DEVELOPER)
499 static void validate_my_share_entries(int num,
500 struct share_mode_entry *share_entry)
504 if (!procid_is_me(&share_entry->pid)) {
508 if (is_deferred_open_entry(share_entry) &&
509 !open_was_deferred(share_entry->op_mid)) {
511 pstr_sprintf(str, "Got a deferred entry without a request: "
512 "PANIC: %s\n", share_mode_str(num, share_entry));
516 if (!is_valid_share_mode_entry(share_entry)) {
520 fsp = file_find_dif(share_entry->dev, share_entry->inode,
521 share_entry->share_file_id);
523 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
524 share_mode_str(num, share_entry) ));
525 smb_panic("validate_my_share_entries: Cannot match a "
526 "share entry with an open file\n");
529 if (is_deferred_open_entry(share_entry) ||
530 is_unused_share_mode_entry(share_entry)) {
534 if ((share_entry->op_type == NO_OPLOCK) &&
535 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
536 /* Someone has already written to it, but I haven't yet
541 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
550 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
551 share_mode_str(num, share_entry) ));
552 slprintf(str, sizeof(str)-1, "validate_my_share_entries: "
553 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
554 fsp->fsp_name, (unsigned int)fsp->oplock_type,
555 (unsigned int)share_entry->op_type );
561 static BOOL is_stat_open(uint32 access_mask)
563 return (access_mask &&
564 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
565 FILE_WRITE_ATTRIBUTES))==0) &&
566 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
567 FILE_WRITE_ATTRIBUTES)) != 0));
570 /****************************************************************************
571 Deal with share modes
572 Invarient: Share mode must be locked on entry and exit.
573 Returns -1 on error, or number of share modes on success (may be zero).
574 ****************************************************************************/
576 static NTSTATUS open_mode_check(connection_struct *conn,
578 struct share_mode_lock *lck,
581 uint32 create_options,
586 if(lck->num_share_modes == 0) {
590 *file_existed = True;
592 if (is_stat_open(access_mask)) {
593 /* Stat open that doesn't trigger oplock breaks or share mode
594 * checks... ! JRA. */
598 /* A delete on close prohibits everything */
600 if (lck->delete_on_close) {
601 return NT_STATUS_DELETE_PENDING;
605 * Check if the share modes will give us access.
608 #if defined(DEVELOPER)
609 for(i = 0; i < lck->num_share_modes; i++) {
610 validate_my_share_entries(i, &lck->share_modes[i]);
614 if (!lp_share_modes(SNUM(conn))) {
618 /* Now we check the share modes, after any oplock breaks. */
619 for(i = 0; i < lck->num_share_modes; i++) {
621 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
625 /* someone else has a share lock on it, check to see if we can
627 if (share_conflict(&lck->share_modes[i],
628 access_mask, share_access)) {
629 return NT_STATUS_SHARING_VIOLATION;
636 static BOOL is_delete_request(files_struct *fsp) {
637 return ((fsp->access_mask == DELETE_ACCESS) &&
638 (fsp->oplock_type == NO_OPLOCK));
642 * 1) No files open at all or internal open: Grant whatever the client wants.
644 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
645 * request, break if the oplock around is a batch oplock. If it's another
646 * requested access type, break.
648 * 3) Only level2 around: Grant level2 and do nothing else.
651 static BOOL delay_for_oplocks(struct share_mode_lock *lck,
657 struct share_mode_entry *exclusive = NULL;
658 BOOL valid_entry = False;
659 BOOL delay_it = False;
660 BOOL have_level2 = False;
662 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
664 if (oplock_request & INTERNAL_OPEN_ONLY) {
665 fsp->oplock_type = NO_OPLOCK;
668 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
672 for (i=0; i<lck->num_share_modes; i++) {
674 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
678 /* At least one entry is not an invalid or deferred entry. */
681 if (pass_number == 1) {
682 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
683 SMB_ASSERT(exclusive == NULL);
684 exclusive = &lck->share_modes[i];
687 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
688 SMB_ASSERT(exclusive == NULL);
689 exclusive = &lck->share_modes[i];
693 if (lck->share_modes[i].op_type == LEVEL_II_OPLOCK) {
694 SMB_ASSERT(exclusive == NULL);
700 /* All entries are placeholders or deferred.
701 * Directly grant whatever the client wants. */
702 if (fsp->oplock_type == NO_OPLOCK) {
703 /* Store a level2 oplock, but don't tell the client */
704 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
709 if (exclusive != NULL) { /* Found an exclusive oplock */
710 SMB_ASSERT(!have_level2);
711 delay_it = is_delete_request(fsp) ?
712 BATCH_OPLOCK_TYPE(exclusive->op_type) : True;
715 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
716 /* We can at most grant level2 as there are other
717 * level2 or NO_OPLOCK entries. */
718 fsp->oplock_type = LEVEL_II_OPLOCK;
721 if ((fsp->oplock_type == NO_OPLOCK) && have_level2) {
722 /* Store a level2 oplock, but don't tell the client */
723 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
731 * Send a break message to the oplock holder and delay the open for
735 DEBUG(10, ("Sending break request to PID %s\n",
736 procid_str_static(&exclusive->pid)));
737 exclusive->op_mid = get_current_mid();
739 /* Create the message. */
740 share_mode_entry_to_message(msg, exclusive);
742 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
743 don't want this set in the share mode struct pointed to by lck. */
745 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
746 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
749 status = message_send_pid(exclusive->pid, MSG_SMB_BREAK_REQUEST,
750 msg, MSG_SMB_SHARE_MODE_ENTRY_SIZE, True);
751 if (!NT_STATUS_IS_OK(status)) {
752 DEBUG(3, ("Could not send oplock break message: %s\n",
759 static BOOL request_timed_out(struct timeval request_time,
760 struct timeval timeout)
762 struct timeval now, end_time;
764 end_time = timeval_sum(&request_time, &timeout);
765 return (timeval_compare(&end_time, &now) < 0);
768 /****************************************************************************
769 Handle the 1 second delay in returning a SHARING_VIOLATION error.
770 ****************************************************************************/
772 static void defer_open(struct share_mode_lock *lck,
773 struct timeval request_time,
774 struct timeval timeout,
775 struct deferred_open_record *state)
777 uint16 mid = get_current_mid();
782 for (i=0; i<lck->num_share_modes; i++) {
783 struct share_mode_entry *e = &lck->share_modes[i];
785 if (!is_deferred_open_entry(e)) {
789 if (procid_is_me(&e->pid) && (e->op_mid == mid)) {
790 DEBUG(0, ("Trying to defer an already deferred "
791 "request: mid=%d, exiting\n", mid));
792 exit_server("attempt to defer a deferred request");
796 /* End paranoia check */
798 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
799 "open entry for mid %u\n",
800 (unsigned int)request_time.tv_sec,
801 (unsigned int)request_time.tv_usec,
804 if (!push_deferred_smb_message(mid, request_time, timeout,
805 (char *)state, sizeof(*state))) {
806 exit_server("push_deferred_smb_message failed");
808 add_deferred_open(lck, mid, request_time, state->dev, state->inode);
811 * Push the MID of this packet on the signing queue.
812 * We only do this once, the first time we push the packet
813 * onto the deferred open queue, as this has a side effect
814 * of incrementing the response sequence number.
817 srv_defer_sign_response(mid);
821 /****************************************************************************
822 On overwrite open ensure that the attributes match.
823 ****************************************************************************/
825 static BOOL open_match_attributes(connection_struct *conn,
829 mode_t existing_unx_mode,
831 mode_t *returned_unx_mode)
833 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
835 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
836 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
838 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
839 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
840 *returned_unx_mode = new_unx_mode;
842 *returned_unx_mode = (mode_t)0;
845 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
846 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
847 "returned_unx_mode = 0%o\n",
849 (unsigned int)old_dos_attr,
850 (unsigned int)existing_unx_mode,
851 (unsigned int)new_dos_attr,
852 (unsigned int)*returned_unx_mode ));
854 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
855 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
856 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
857 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
861 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
862 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
863 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
870 /****************************************************************************
871 Special FCB or DOS processing in the case of a sharing violation.
872 Try and find a duplicated file handle.
873 ****************************************************************************/
875 static files_struct *fcb_or_dos_open(connection_struct *conn,
876 const char *fname, SMB_DEV_T dev,
880 uint32 create_options)
883 files_struct *dup_fsp;
885 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
886 "file %s.\n", fname ));
888 for(fsp = file_find_di_first(dev, inode); fsp;
889 fsp = file_find_di_next(fsp)) {
891 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
892 "vuid = %u, file_pid = %u, private_options = 0x%x "
893 "access_mask = 0x%x\n", fsp->fsp_name,
894 fsp->fh->fd, (unsigned int)fsp->vuid,
895 (unsigned int)fsp->file_pid,
896 (unsigned int)fsp->fh->private_options,
897 (unsigned int)fsp->access_mask ));
899 if (fsp->fh->fd != -1 &&
900 fsp->vuid == current_user.vuid &&
901 fsp->file_pid == global_smbpid &&
902 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
903 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
904 (fsp->access_mask & FILE_WRITE_DATA) &&
905 strequal(fsp->fsp_name, fname)) {
906 DEBUG(10,("fcb_or_dos_open: file match\n"));
915 /* quite an insane set of semantics ... */
916 if (is_executable(fname) &&
917 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
918 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
922 /* We need to duplicate this fsp. */
923 if (!NT_STATUS_IS_OK(dup_file_fsp(fsp, access_mask, share_access,
924 create_options, &dup_fsp))) {
931 /****************************************************************************
932 Open a file with a share mode - old openX method - map into NTCreate.
933 ****************************************************************************/
935 BOOL map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
936 uint32 *paccess_mask,
938 uint32 *pcreate_disposition,
939 uint32 *pcreate_options)
943 uint32 create_disposition;
944 uint32 create_options = 0;
946 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
947 "open_func = 0x%x\n",
948 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
950 /* Create the NT compatible access_mask. */
951 switch (GET_OPENX_MODE(deny_mode)) {
952 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
953 case DOS_OPEN_RDONLY:
954 access_mask = FILE_GENERIC_READ;
956 case DOS_OPEN_WRONLY:
957 access_mask = FILE_GENERIC_WRITE;
961 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
964 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
965 (unsigned int)GET_OPENX_MODE(deny_mode)));
969 /* Create the NT compatible create_disposition. */
971 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
972 create_disposition = FILE_CREATE;
975 case OPENX_FILE_EXISTS_OPEN:
976 create_disposition = FILE_OPEN;
979 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
980 create_disposition = FILE_OPEN_IF;
983 case OPENX_FILE_EXISTS_TRUNCATE:
984 create_disposition = FILE_OVERWRITE;
987 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
988 create_disposition = FILE_OVERWRITE_IF;
992 /* From samba4 - to be confirmed. */
993 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
994 create_disposition = FILE_CREATE;
997 DEBUG(10,("map_open_params_to_ntcreate: bad "
998 "open_func 0x%x\n", (unsigned int)open_func));
1002 /* Create the NT compatible share modes. */
1003 switch (GET_DENY_MODE(deny_mode)) {
1005 share_mode = FILE_SHARE_NONE;
1009 share_mode = FILE_SHARE_READ;
1013 share_mode = FILE_SHARE_WRITE;
1017 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1021 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1022 if (is_executable(fname)) {
1023 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1025 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1026 share_mode = FILE_SHARE_READ;
1028 share_mode = FILE_SHARE_NONE;
1034 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1035 share_mode = FILE_SHARE_NONE;
1039 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1040 (unsigned int)GET_DENY_MODE(deny_mode) ));
1044 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1045 "share_mode = 0x%x, create_disposition = 0x%x, "
1046 "create_options = 0x%x\n",
1048 (unsigned int)access_mask,
1049 (unsigned int)share_mode,
1050 (unsigned int)create_disposition,
1051 (unsigned int)create_options ));
1054 *paccess_mask = access_mask;
1057 *pshare_mode = share_mode;
1059 if (pcreate_disposition) {
1060 *pcreate_disposition = create_disposition;
1062 if (pcreate_options) {
1063 *pcreate_options = create_options;
1070 static void schedule_defer_open(struct share_mode_lock *lck, struct timeval request_time)
1072 struct deferred_open_record state;
1074 /* This is a relative time, added to the absolute
1075 request_time value to get the absolute timeout time.
1076 Note that if this is the second or greater time we enter
1077 this codepath for this particular request mid then
1078 request_time is left as the absolute time of the *first*
1079 time this request mid was processed. This is what allows
1080 the request to eventually time out. */
1082 struct timeval timeout;
1084 /* Normally the smbd we asked should respond within
1085 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1086 * the client did, give twice the timeout as a safety
1087 * measure here in case the other smbd is stuck
1088 * somewhere else. */
1090 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1092 /* Nothing actually uses state.delayed_for_oplocks
1093 but it's handy to differentiate in debug messages
1094 between a 30 second delay due to oplock break, and
1095 a 1 second delay for share mode conflicts. */
1097 state.delayed_for_oplocks = True;
1098 state.dev = lck->dev;
1099 state.inode = lck->ino;
1101 if (!request_timed_out(request_time, timeout)) {
1102 defer_open(lck, request_time, timeout, &state);
1106 /****************************************************************************
1107 Open a file with a share mode.
1108 ****************************************************************************/
1110 NTSTATUS open_file_ntcreate(connection_struct *conn,
1112 SMB_STRUCT_STAT *psbuf,
1113 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1114 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1115 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1116 uint32 create_options, /* options such as delete on close. */
1117 uint32 new_dos_attributes, /* attributes used for new file. */
1118 int oplock_request, /* internal Samba oplock codes. */
1119 /* Information (FILE_EXISTS etc.) */
1121 files_struct **result)
1125 BOOL file_existed = VALID_STAT(*psbuf);
1126 BOOL def_acl = False;
1127 BOOL posix_open = False;
1128 BOOL new_file_created = False;
1130 SMB_INO_T inode = 0;
1131 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1132 files_struct *fsp = NULL;
1133 mode_t new_unx_mode = (mode_t)0;
1134 mode_t unx_mode = (mode_t)0;
1136 uint32 existing_dos_attributes = 0;
1137 struct pending_message_list *pml = NULL;
1138 uint16 mid = get_current_mid();
1139 struct timeval request_time = timeval_zero();
1140 struct share_mode_lock *lck = NULL;
1141 uint32 open_access_mask = access_mask;
1145 const char *newname;
1147 if (conn->printer) {
1149 * Printers are handled completely differently.
1150 * Most of the passed parameters are ignored.
1154 *pinfo = FILE_WAS_CREATED;
1157 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1159 return print_fsp_open(conn, fname, result);
1162 if (!parent_dirname_talloc(tmp_talloc_ctx(), fname, &parent_dir,
1164 return NT_STATUS_NO_MEMORY;
1167 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1169 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1170 new_dos_attributes = 0;
1172 /* We add aARCH to this as this mode is only used if the file is
1174 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1178 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1179 "access_mask=0x%x share_access=0x%x "
1180 "create_disposition = 0x%x create_options=0x%x "
1181 "unix mode=0%o oplock_request=%d\n",
1182 fname, new_dos_attributes, access_mask, share_access,
1183 create_disposition, create_options, unx_mode,
1186 if ((pml = get_open_deferred_message(mid)) != NULL) {
1187 struct deferred_open_record *state =
1188 (struct deferred_open_record *)pml->private_data.data;
1190 /* Remember the absolute time of the original
1191 request with this mid. We'll use it later to
1192 see if this has timed out. */
1194 request_time = pml->request_time;
1196 /* Remove the deferred open entry under lock. */
1197 lck = get_share_mode_lock(NULL, state->dev, state->inode, NULL, NULL);
1199 DEBUG(0, ("could not get share mode lock\n"));
1201 del_deferred_open_entry(lck, mid);
1205 /* Ensure we don't reprocess this message. */
1206 remove_deferred_open_smb_message(mid);
1209 status = check_name(conn, fname);
1210 if (!NT_STATUS_IS_OK(status)) {
1215 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1217 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1221 /* ignore any oplock requests if oplocks are disabled */
1222 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1223 IS_VETO_OPLOCK_PATH(conn, fname)) {
1224 /* Mask off everything except the private Samba bits. */
1225 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1228 /* this is for OS/2 long file names - say we don't support them */
1229 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1230 /* OS/2 Workplace shell fix may be main code stream in a later
1232 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1234 if (use_nt_status()) {
1235 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1237 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1240 switch( create_disposition ) {
1242 * Currently we're using FILE_SUPERSEDE as the same as
1243 * FILE_OVERWRITE_IF but they really are
1244 * different. FILE_SUPERSEDE deletes an existing file
1245 * (requiring delete access) then recreates it.
1247 case FILE_SUPERSEDE:
1248 /* If file exists replace/overwrite. If file doesn't
1250 flags2 |= (O_CREAT | O_TRUNC);
1253 case FILE_OVERWRITE_IF:
1254 /* If file exists replace/overwrite. If file doesn't
1256 flags2 |= (O_CREAT | O_TRUNC);
1260 /* If file exists open. If file doesn't exist error. */
1261 if (!file_existed) {
1262 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1263 "requested for file %s and file "
1264 "doesn't exist.\n", fname ));
1266 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1270 case FILE_OVERWRITE:
1271 /* If file exists overwrite. If file doesn't exist
1273 if (!file_existed) {
1274 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1275 "requested for file %s and file "
1276 "doesn't exist.\n", fname ));
1278 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1284 /* If file exists error. If file doesn't exist
1287 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1288 "requested for file %s and file "
1289 "already exists.\n", fname ));
1290 if (S_ISDIR(psbuf->st_mode)) {
1295 return map_nt_error_from_unix(errno);
1297 flags2 |= (O_CREAT|O_EXCL);
1301 /* If file exists open. If file doesn't exist
1307 return NT_STATUS_INVALID_PARAMETER;
1310 /* We only care about matching attributes on file exists and
1313 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1314 (create_disposition == FILE_OVERWRITE_IF))) {
1315 if (!open_match_attributes(conn, fname,
1316 existing_dos_attributes,
1317 new_dos_attributes, psbuf->st_mode,
1318 unx_mode, &new_unx_mode)) {
1319 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1320 "for file %s (%x %x) (0%o, 0%o)\n",
1321 fname, existing_dos_attributes,
1323 (unsigned int)psbuf->st_mode,
1324 (unsigned int)unx_mode ));
1326 return NT_STATUS_ACCESS_DENIED;
1330 /* This is a nasty hack - must fix... JRA. */
1331 if (access_mask == MAXIMUM_ALLOWED_ACCESS) {
1332 open_access_mask = access_mask = FILE_GENERIC_ALL;
1336 * Convert GENERIC bits to specific bits.
1339 se_map_generic(&access_mask, &file_generic_mapping);
1340 open_access_mask = access_mask;
1342 if (flags2 & O_TRUNC) {
1343 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1346 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1347 "access_mask=0x%x\n", fname, access_mask ));
1350 * Note that we ignore the append flag as append does not
1351 * mean the same thing under DOS and Unix.
1354 if (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) {
1355 /* DENY_DOS opens are always underlying read-write on the
1356 file handle, no matter what the requested access mask
1358 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1359 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1369 * Currently we only look at FILE_WRITE_THROUGH for create options.
1373 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1378 if (posix_open & (access_mask & FILE_APPEND_DATA)) {
1382 if (!posix_open && !CAN_WRITE(conn)) {
1384 * We should really return a permission denied error if either
1385 * O_CREAT or O_TRUNC are set, but for compatibility with
1386 * older versions of Samba we just AND them out.
1388 flags2 &= ~(O_CREAT|O_TRUNC);
1392 * Ensure we can't write on a read-only share or file.
1395 if (flags != O_RDONLY && file_existed &&
1396 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1397 DEBUG(5,("open_file_ntcreate: write access requested for "
1398 "file %s on read only %s\n",
1399 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1401 return NT_STATUS_ACCESS_DENIED;
1404 status = file_new(conn, &fsp);
1405 if(!NT_STATUS_IS_OK(status)) {
1409 fsp->dev = psbuf->st_dev;
1410 fsp->inode = psbuf->st_ino;
1411 fsp->share_access = share_access;
1412 fsp->fh->private_options = create_options;
1413 fsp->access_mask = open_access_mask; /* We change this to the
1414 * requested access_mask after
1415 * the open is done. */
1416 fsp->posix_open = posix_open;
1418 /* Ensure no SAMBA_PRIVATE bits can be set. */
1419 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1421 if (timeval_is_zero(&request_time)) {
1422 request_time = fsp->open_time;
1426 dev = psbuf->st_dev;
1427 inode = psbuf->st_ino;
1429 lck = get_share_mode_lock(NULL, dev, inode,
1435 DEBUG(0, ("Could not get share mode lock\n"));
1436 return NT_STATUS_SHARING_VIOLATION;
1439 /* First pass - send break only on batch oplocks. */
1440 if (delay_for_oplocks(lck, fsp, 1, oplock_request)) {
1441 schedule_defer_open(lck, request_time);
1444 return NT_STATUS_SHARING_VIOLATION;
1447 /* Use the client requested access mask here, not the one we
1449 status = open_mode_check(conn, fname, lck,
1450 access_mask, share_access,
1451 create_options, &file_existed);
1453 if (NT_STATUS_IS_OK(status)) {
1454 /* We might be going to allow this open. Check oplock
1456 /* Second pass - send break for both batch or
1457 * exclusive oplocks. */
1458 if (delay_for_oplocks(lck, fsp, 2, oplock_request)) {
1459 schedule_defer_open(lck, request_time);
1462 return NT_STATUS_SHARING_VIOLATION;
1466 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1467 /* DELETE_PENDING is not deferred for a second */
1473 if (!NT_STATUS_IS_OK(status)) {
1474 uint32 can_access_mask;
1475 BOOL can_access = True;
1477 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1479 /* Check if this can be done with the deny_dos and fcb
1481 if (create_options &
1482 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1483 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1484 files_struct *fsp_dup;
1486 /* Use the client requested access mask here,
1487 * not the one we open with. */
1488 fsp_dup = fcb_or_dos_open(conn, fname, dev,
1497 *pinfo = FILE_WAS_OPENED;
1499 conn->num_files_open++;
1501 return NT_STATUS_OK;
1506 * This next line is a subtlety we need for
1507 * MS-Access. If a file open will fail due to share
1508 * permissions and also for security (access) reasons,
1509 * we need to return the access failed error, not the
1510 * share error. We can't open the file due to kernel
1511 * oplock deadlock (it's possible we failed above on
1512 * the open_mode_check()) so use a userspace check.
1515 if (flags & O_RDWR) {
1516 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1517 } else if (flags & O_WRONLY) {
1518 can_access_mask = FILE_WRITE_DATA;
1520 can_access_mask = FILE_READ_DATA;
1523 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1524 !can_access_file(conn,fname,psbuf,can_access_mask)) {
1529 * If we're returning a share violation, ensure we
1530 * cope with the braindead 1 second delay.
1533 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1534 lp_defer_sharing_violations()) {
1535 struct timeval timeout;
1536 struct deferred_open_record state;
1539 /* this is a hack to speed up torture tests
1541 timeout_usecs = lp_parm_int(SNUM(conn),
1542 "smbd","sharedelay",
1543 SHARING_VIOLATION_USEC_WAIT);
1545 /* This is a relative time, added to the absolute
1546 request_time value to get the absolute timeout time.
1547 Note that if this is the second or greater time we enter
1548 this codepath for this particular request mid then
1549 request_time is left as the absolute time of the *first*
1550 time this request mid was processed. This is what allows
1551 the request to eventually time out. */
1553 timeout = timeval_set(0, timeout_usecs);
1555 /* Nothing actually uses state.delayed_for_oplocks
1556 but it's handy to differentiate in debug messages
1557 between a 30 second delay due to oplock break, and
1558 a 1 second delay for share mode conflicts. */
1560 state.delayed_for_oplocks = False;
1562 state.inode = inode;
1564 if (!request_timed_out(request_time,
1566 defer_open(lck, request_time, timeout,
1574 * We have detected a sharing violation here
1575 * so return the correct error code
1577 status = NT_STATUS_SHARING_VIOLATION;
1579 status = NT_STATUS_ACCESS_DENIED;
1586 * We exit this block with the share entry *locked*.....
1590 SMB_ASSERT(!file_existed || (lck != NULL));
1593 * Ensure we pay attention to default ACLs on directories if required.
1596 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1597 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1601 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1602 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1603 (unsigned int)flags, (unsigned int)flags2,
1604 (unsigned int)unx_mode, (unsigned int)access_mask,
1605 (unsigned int)open_access_mask));
1608 * open_file strips any O_TRUNC flags itself.
1611 fsp_open = open_file(fsp, conn, parent_dir, newname, fname, psbuf,
1612 flags|flags2, unx_mode, access_mask,
1615 if (!NT_STATUS_IS_OK(fsp_open)) {
1623 if (!file_existed) {
1626 * Deal with the race condition where two smbd's detect the
1627 * file doesn't exist and do the create at the same time. One
1628 * of them will win and set a share mode, the other (ie. this
1629 * one) should check if the requested share mode for this
1630 * create is allowed.
1634 * Now the file exists and fsp is successfully opened,
1635 * fsp->dev and fsp->inode are valid and should replace the
1636 * dev=0,inode=0 from a non existent file. Spotted by
1637 * Nadav Danieli <nadavd@exanet.com>. JRA.
1643 lck = get_share_mode_lock(NULL, dev, inode,
1648 DEBUG(0, ("open_file_ntcreate: Could not get share "
1649 "mode lock for %s\n", fname));
1650 fd_close(conn, fsp);
1652 return NT_STATUS_SHARING_VIOLATION;
1655 /* First pass - send break only on batch oplocks. */
1656 if (delay_for_oplocks(lck, fsp, 1, oplock_request)) {
1657 schedule_defer_open(lck, request_time);
1659 fd_close(conn, fsp);
1661 return NT_STATUS_SHARING_VIOLATION;
1664 status = open_mode_check(conn, fname, lck,
1665 access_mask, share_access,
1666 create_options, &file_existed);
1668 if (NT_STATUS_IS_OK(status)) {
1669 /* We might be going to allow this open. Check oplock
1671 /* Second pass - send break for both batch or
1672 * exclusive oplocks. */
1673 if (delay_for_oplocks(lck, fsp, 2, oplock_request)) {
1674 schedule_defer_open(lck, request_time);
1676 fd_close(conn, fsp);
1678 return NT_STATUS_SHARING_VIOLATION;
1682 if (!NT_STATUS_IS_OK(status)) {
1683 struct deferred_open_record state;
1685 fd_close(conn, fsp);
1688 state.delayed_for_oplocks = False;
1690 state.inode = inode;
1692 /* Do it all over again immediately. In the second
1693 * round we will find that the file existed and handle
1694 * the DELETE_PENDING and FCB cases correctly. No need
1695 * to duplicate the code here. Essentially this is a
1696 * "goto top of this function", but don't tell
1699 defer_open(lck, request_time, timeval_zero(),
1706 * We exit this block with the share entry *locked*.....
1711 SMB_ASSERT(lck != NULL);
1713 /* note that we ignore failure for the following. It is
1714 basically a hack for NFS, and NFS will never set one of
1715 these only read them. Nobody but Samba can ever set a deny
1716 mode and we have already checked our more authoritative
1717 locking database for permission to set this deny mode. If
1718 the kernel refuses the operations then the kernel is wrong.
1719 note that GPFS supports it as well - jmcd */
1721 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, fsp->fh->fd, share_access);
1722 if(ret_flock == -1 ){
1725 fd_close(conn, fsp);
1728 return NT_STATUS_SHARING_VIOLATION;
1732 * At this point onwards, we can guarentee that the share entry
1733 * is locked, whether we created the file or not, and that the
1734 * deny mode is compatible with all current opens.
1738 * If requested, truncate the file.
1741 if (flags2&O_TRUNC) {
1743 * We are modifing the file after open - update the stat
1746 if ((SMB_VFS_FTRUNCATE(fsp,fsp->fh->fd,0) == -1) ||
1747 (SMB_VFS_FSTAT(fsp,fsp->fh->fd,psbuf)==-1)) {
1748 status = map_nt_error_from_unix(errno);
1756 /* Record the options we were opened with. */
1757 fsp->share_access = share_access;
1758 fsp->fh->private_options = create_options;
1759 fsp->access_mask = access_mask;
1762 /* stat opens on existing files don't get oplocks. */
1763 if (is_stat_open(open_access_mask)) {
1764 fsp->oplock_type = NO_OPLOCK;
1767 if (!(flags2 & O_TRUNC)) {
1768 info = FILE_WAS_OPENED;
1770 info = FILE_WAS_OVERWRITTEN;
1773 info = FILE_WAS_CREATED;
1781 * Setup the oplock info in both the shared memory and
1785 if ((fsp->oplock_type != NO_OPLOCK) &&
1786 (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) {
1787 if (!set_file_oplock(fsp, fsp->oplock_type)) {
1788 /* Could not get the kernel oplock */
1789 fsp->oplock_type = NO_OPLOCK;
1793 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
1794 new_file_created = True;
1797 set_share_mode(lck, fsp, current_user.ut.uid, 0, fsp->oplock_type, new_file_created);
1799 /* Handle strange delete on close create semantics. */
1800 if ((create_options & FILE_DELETE_ON_CLOSE) && can_set_initial_delete_on_close(lck)) {
1801 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
1803 if (!NT_STATUS_IS_OK(status)) {
1804 /* Remember to delete the mode we just added. */
1805 del_share_mode(lck, fsp);
1811 /* Note that here we set the *inital* delete on close flag,
1812 not the regular one. The magic gets handled in close. */
1813 fsp->initial_delete_on_close = True;
1816 if (new_file_created) {
1817 /* Files should be initially set as archive */
1818 if (lp_map_archive(SNUM(conn)) ||
1819 lp_store_dos_attributes(SNUM(conn))) {
1821 SMB_STRUCT_STAT tmp_sbuf;
1822 SET_STAT_INVALID(tmp_sbuf);
1823 if (file_set_dosmode(
1825 new_dos_attributes | aARCH,
1828 unx_mode = tmp_sbuf.st_mode;
1835 * Take care of inherited ACLs on created files - if default ACL not
1839 if (!posix_open && !file_existed && !def_acl) {
1841 int saved_errno = errno; /* We might get ENOSYS in the next
1844 if (SMB_VFS_FCHMOD_ACL(fsp, fsp->fh->fd, unx_mode) == -1 &&
1846 errno = saved_errno; /* Ignore ENOSYS */
1849 } else if (new_unx_mode) {
1853 /* Attributes need changing. File already existed. */
1856 int saved_errno = errno; /* We might get ENOSYS in the
1858 ret = SMB_VFS_FCHMOD_ACL(fsp, fsp->fh->fd,
1861 if (ret == -1 && errno == ENOSYS) {
1862 errno = saved_errno; /* Ignore ENOSYS */
1864 DEBUG(5, ("open_file_ntcreate: reset "
1865 "attributes of file %s to 0%o\n",
1866 fname, (unsigned int)new_unx_mode));
1867 ret = 0; /* Don't do the fchmod below. */
1872 (SMB_VFS_FCHMOD(fsp, fsp->fh->fd, new_unx_mode) == -1))
1873 DEBUG(5, ("open_file_ntcreate: failed to reset "
1874 "attributes of file %s to 0%o\n",
1875 fname, (unsigned int)new_unx_mode));
1878 /* If this is a successful open, we must remove any deferred open
1880 del_deferred_open_entry(lck, mid);
1883 conn->num_files_open++;
1886 return NT_STATUS_OK;
1889 /****************************************************************************
1890 Open a file for for write to ensure that we can fchmod it.
1891 ****************************************************************************/
1893 NTSTATUS open_file_fchmod(connection_struct *conn, const char *fname,
1894 SMB_STRUCT_STAT *psbuf, files_struct **result)
1896 files_struct *fsp = NULL;
1899 if (!VALID_STAT(*psbuf)) {
1900 return NT_STATUS_INVALID_PARAMETER;
1903 status = file_new(conn, &fsp);
1904 if(!NT_STATUS_IS_OK(status)) {
1908 /* note! we must use a non-zero desired access or we don't get
1909 a real file descriptor. Oh what a twisted web we weave. */
1910 status = open_file(fsp, conn, NULL, NULL, fname, psbuf, O_WRONLY, 0,
1911 FILE_WRITE_DATA, FILE_WRITE_DATA);
1914 * This is not a user visible file open.
1915 * Don't set a share mode and don't increment
1916 * the conn->num_files_open.
1919 if (!NT_STATUS_IS_OK(status)) {
1925 return NT_STATUS_OK;
1928 /****************************************************************************
1929 Close the fchmod file fd - ensure no locks are lost.
1930 ****************************************************************************/
1932 NTSTATUS close_file_fchmod(files_struct *fsp)
1934 NTSTATUS status = fd_close(fsp->conn, fsp);
1939 static NTSTATUS mkdir_internal(connection_struct *conn,
1941 uint32 file_attributes,
1942 SMB_STRUCT_STAT *psbuf)
1946 const char *dirname;
1948 BOOL posix_open = False;
1950 if(!CAN_WRITE(conn)) {
1951 DEBUG(5,("mkdir_internal: failing create on read-only share "
1952 "%s\n", lp_servicename(SNUM(conn))));
1953 return NT_STATUS_ACCESS_DENIED;
1956 status = check_name(conn, name);
1957 if (!NT_STATUS_IS_OK(status)) {
1961 if (!parent_dirname_talloc(tmp_talloc_ctx(), name, &parent_dir,
1963 return NT_STATUS_NO_MEMORY;
1966 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1968 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1970 mode = unix_mode(conn, aDIR, name, parent_dir);
1973 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
1974 return map_nt_error_from_unix(errno);
1977 /* Ensure we're checking for a symlink here.... */
1978 /* We don't want to get caught by a symlink racer. */
1980 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
1981 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
1982 name, strerror(errno)));
1983 return map_nt_error_from_unix(errno);
1986 if (!S_ISDIR(psbuf->st_mode)) {
1987 DEBUG(0, ("Directory just '%s' created is not a directory\n",
1989 return NT_STATUS_ACCESS_DENIED;
1992 if (lp_store_dos_attributes(SNUM(conn))) {
1994 file_set_dosmode(conn, name,
1995 file_attributes | aDIR, NULL,
2000 if (lp_inherit_perms(SNUM(conn))) {
2001 inherit_access_acl(conn, parent_dir, name, mode);
2004 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2006 * Check if high bits should have been set,
2007 * then (if bits are missing): add them.
2008 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2011 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2012 SMB_VFS_CHMOD(conn, name,
2013 psbuf->st_mode | (mode & ~psbuf->st_mode));
2017 /* Change the owner if required. */
2018 if (lp_inherit_owner(SNUM(conn))) {
2019 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2022 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2025 return NT_STATUS_OK;
2028 /****************************************************************************
2029 Open a directory from an NT SMB call.
2030 ****************************************************************************/
2032 NTSTATUS open_directory(connection_struct *conn,
2034 SMB_STRUCT_STAT *psbuf,
2036 uint32 share_access,
2037 uint32 create_disposition,
2038 uint32 create_options,
2039 uint32 file_attributes,
2041 files_struct **result)
2043 files_struct *fsp = NULL;
2044 BOOL dir_existed = VALID_STAT(*psbuf) ? True : False;
2045 struct share_mode_lock *lck = NULL;
2049 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2050 "share_access = 0x%x create_options = 0x%x, "
2051 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2053 (unsigned int)access_mask,
2054 (unsigned int)share_access,
2055 (unsigned int)create_options,
2056 (unsigned int)create_disposition,
2057 (unsigned int)file_attributes));
2059 if (is_ntfs_stream_name(fname)) {
2060 DEBUG(0,("open_directory: %s is a stream name!\n", fname ));
2061 return NT_STATUS_NOT_A_DIRECTORY;
2064 switch( create_disposition ) {
2067 info = FILE_WAS_OPENED;
2070 * We want to follow symlinks here.
2073 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2074 return map_nt_error_from_unix(errno);
2081 /* If directory exists error. If directory doesn't
2084 status = mkdir_internal(conn,
2089 if (!NT_STATUS_IS_OK(status)) {
2090 DEBUG(2, ("open_directory: unable to create "
2091 "%s. Error was %s\n", fname,
2092 nt_errstr(status)));
2096 info = FILE_WAS_CREATED;
2101 * If directory exists open. If directory doesn't
2105 status = mkdir_internal(conn,
2110 if (NT_STATUS_IS_OK(status)) {
2111 info = FILE_WAS_CREATED;
2114 if (NT_STATUS_EQUAL(status,
2115 NT_STATUS_OBJECT_NAME_COLLISION)) {
2116 info = FILE_WAS_OPENED;
2117 status = NT_STATUS_OK;
2122 case FILE_SUPERSEDE:
2123 case FILE_OVERWRITE:
2124 case FILE_OVERWRITE_IF:
2126 DEBUG(5,("open_directory: invalid create_disposition "
2127 "0x%x for directory %s\n",
2128 (unsigned int)create_disposition, fname));
2129 return NT_STATUS_INVALID_PARAMETER;
2132 if(!S_ISDIR(psbuf->st_mode)) {
2133 DEBUG(5,("open_directory: %s is not a directory !\n",
2135 return NT_STATUS_NOT_A_DIRECTORY;
2138 status = file_new(conn, &fsp);
2139 if(!NT_STATUS_IS_OK(status)) {
2144 * Setup the files_struct for it.
2147 fsp->mode = psbuf->st_mode;
2148 fsp->inode = psbuf->st_ino;
2149 fsp->dev = psbuf->st_dev;
2150 fsp->vuid = current_user.vuid;
2151 fsp->file_pid = global_smbpid;
2152 fsp->can_lock = False;
2153 fsp->can_read = False;
2154 fsp->can_write = False;
2156 fsp->share_access = share_access;
2157 fsp->fh->private_options = create_options;
2158 fsp->access_mask = access_mask;
2160 fsp->print_file = False;
2161 fsp->modified = False;
2162 fsp->oplock_type = NO_OPLOCK;
2163 fsp->sent_oplock_break = NO_BREAK_SENT;
2164 fsp->is_directory = True;
2165 fsp->is_stat = False;
2166 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2168 string_set(&fsp->fsp_name,fname);
2170 lck = get_share_mode_lock(NULL, fsp->dev, fsp->inode,
2175 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2177 return NT_STATUS_SHARING_VIOLATION;
2180 status = open_mode_check(conn, fname, lck,
2181 access_mask, share_access,
2182 create_options, &dir_existed);
2184 if (!NT_STATUS_IS_OK(status)) {
2190 set_share_mode(lck, fsp, current_user.ut.uid, 0, NO_OPLOCK, True);
2192 /* For directories the delete on close bit at open time seems
2193 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2194 if (create_options & FILE_DELETE_ON_CLOSE) {
2195 status = can_set_delete_on_close(fsp, True, 0);
2196 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2202 if (NT_STATUS_IS_OK(status)) {
2203 /* Note that here we set the *inital* delete on close flag,
2204 not the regular one. The magic gets handled in close. */
2205 fsp->initial_delete_on_close = True;
2215 conn->num_files_open++;
2218 return NT_STATUS_OK;
2221 NTSTATUS create_directory(connection_struct *conn, const char *directory)
2224 SMB_STRUCT_STAT sbuf;
2227 SET_STAT_INVALID(sbuf);
2229 status = open_directory(conn, directory, &sbuf,
2230 FILE_READ_ATTRIBUTES, /* Just a stat open */
2231 FILE_SHARE_NONE, /* Ignored for stat opens */
2234 FILE_ATTRIBUTE_DIRECTORY,
2238 if (NT_STATUS_IS_OK(status)) {
2239 close_file(fsp, NORMAL_CLOSE);
2245 /****************************************************************************
2246 Open a pseudo-file (no locking checks - a 'stat' open).
2247 ****************************************************************************/
2249 NTSTATUS open_file_stat(connection_struct *conn, const char *fname,
2250 SMB_STRUCT_STAT *psbuf, files_struct **result)
2252 files_struct *fsp = NULL;
2255 if (!VALID_STAT(*psbuf)) {
2256 return NT_STATUS_INVALID_PARAMETER;
2259 /* Can't 'stat' open directories. */
2260 if(S_ISDIR(psbuf->st_mode)) {
2261 return NT_STATUS_FILE_IS_A_DIRECTORY;
2264 status = file_new(conn, &fsp);
2265 if(!NT_STATUS_IS_OK(status)) {
2269 DEBUG(5,("open_file_stat: 'opening' file %s\n", fname));
2272 * Setup the files_struct for it.
2275 fsp->mode = psbuf->st_mode;
2276 fsp->inode = psbuf->st_ino;
2277 fsp->dev = psbuf->st_dev;
2278 fsp->vuid = current_user.vuid;
2279 fsp->file_pid = global_smbpid;
2280 fsp->can_lock = False;
2281 fsp->can_read = False;
2282 fsp->can_write = False;
2283 fsp->print_file = False;
2284 fsp->modified = False;
2285 fsp->oplock_type = NO_OPLOCK;
2286 fsp->sent_oplock_break = NO_BREAK_SENT;
2287 fsp->is_directory = False;
2288 fsp->is_stat = True;
2289 string_set(&fsp->fsp_name,fname);
2291 conn->num_files_open++;
2294 return NT_STATUS_OK;
2297 /****************************************************************************
2298 Receive notification that one of our open files has been renamed by another
2300 ****************************************************************************/
2302 void msg_file_was_renamed(int msg_type, struct process_id src,
2303 void *buf, size_t len, void *private_data)
2306 char *frm = (char *)buf;
2309 const char *sharepath;
2310 const char *newname;
2313 if (buf == NULL || len < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2314 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n", (int)len));
2318 /* Unpack the message. */
2319 dev = DEV_T_VAL(frm,0);
2320 inode = INO_T_VAL(frm,8);
2321 sharepath = &frm[16];
2322 newname = sharepath + strlen(sharepath) + 1;
2323 sp_len = strlen(sharepath);
2325 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2326 "dev %x, inode %.0f\n",
2327 sharepath, newname, (unsigned int)dev, (double)inode ));
2329 for(fsp = file_find_di_first(dev, inode); fsp; fsp = file_find_di_next(fsp)) {
2330 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2331 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2332 fsp->fnum, fsp->fsp_name, newname ));
2333 string_set(&fsp->fsp_name, newname);
2336 /* Now we have the complete path we can work out if this is
2337 actually within this share and adjust newname accordingly. */
2338 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2339 "not sharepath %s) "
2340 "fnum %d from %s -> %s\n",
2341 fsp->conn->connectpath,