2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 extern const struct generic_mapping file_generic_mapping;
25 extern struct current_user current_user;
26 extern userdom_struct current_user_info;
27 extern bool global_client_failed_oplock_break;
29 struct deferred_open_record {
30 bool delayed_for_oplocks;
34 /****************************************************************************
35 fd support routines - attempt to do a dos_open.
36 ****************************************************************************/
38 static NTSTATUS fd_open(struct connection_struct *conn,
44 NTSTATUS status = NT_STATUS_OK;
48 * Never follow symlinks on a POSIX client. The
49 * client should be doing this.
52 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
57 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
58 if (fsp->fh->fd == -1) {
59 status = map_nt_error_from_unix(errno);
62 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
63 fname, flags, (int)mode, fsp->fh->fd,
64 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
69 /****************************************************************************
70 Close the file associated with a fsp.
71 ****************************************************************************/
73 NTSTATUS fd_close(files_struct *fsp)
75 if (fsp->fh->fd == -1) {
76 return NT_STATUS_OK; /* What we used to call a stat open. */
78 if (fsp->fh->ref_count > 1) {
79 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
81 return fd_close_posix(fsp);
84 /****************************************************************************
85 Change the ownership of a file to that of the parent directory.
86 Do this by fd if possible.
87 ****************************************************************************/
89 static void change_file_owner_to_parent(connection_struct *conn,
90 const char *inherit_from_dir,
93 SMB_STRUCT_STAT parent_st;
96 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
98 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
99 "directory %s. Error was %s\n",
100 inherit_from_dir, strerror(errno) ));
105 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
108 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
109 "file %s to parent directory uid %u. Error "
110 "was %s\n", fsp->fsp_name,
111 (unsigned int)parent_st.st_uid,
115 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
116 "parent directory uid %u.\n", fsp->fsp_name,
117 (unsigned int)parent_st.st_uid ));
120 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
121 const char *inherit_from_dir,
123 SMB_STRUCT_STAT *psbuf)
125 char *saved_dir = NULL;
126 SMB_STRUCT_STAT sbuf;
127 SMB_STRUCT_STAT parent_st;
128 TALLOC_CTX *ctx = talloc_tos();
129 NTSTATUS status = NT_STATUS_OK;
132 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
134 status = map_nt_error_from_unix(errno);
135 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
136 "directory %s. Error was %s\n",
137 inherit_from_dir, strerror(errno) ));
141 /* We've already done an lstat into psbuf, and we know it's a
142 directory. If we can cd into the directory and the dev/ino
143 are the same then we can safely chown without races as
144 we're locking the directory in place by being in it. This
145 should work on any UNIX (thanks tridge :-). JRA.
148 saved_dir = vfs_GetWd(ctx,conn);
150 status = map_nt_error_from_unix(errno);
151 DEBUG(0,("change_dir_owner_to_parent: failed to get "
152 "current working directory. Error was %s\n",
157 /* Chdir into the new path. */
158 if (vfs_ChDir(conn, fname) == -1) {
159 status = map_nt_error_from_unix(errno);
160 DEBUG(0,("change_dir_owner_to_parent: failed to change "
161 "current working directory to %s. Error "
162 "was %s\n", fname, strerror(errno) ));
166 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
167 status = map_nt_error_from_unix(errno);
168 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
169 "directory '.' (%s) Error was %s\n",
170 fname, strerror(errno)));
174 /* Ensure we're pointing at the same place. */
175 if (sbuf.st_dev != psbuf->st_dev ||
176 sbuf.st_ino != psbuf->st_ino ||
177 sbuf.st_mode != psbuf->st_mode ) {
178 DEBUG(0,("change_dir_owner_to_parent: "
179 "device/inode/mode on directory %s changed. "
180 "Refusing to chown !\n", fname ));
181 status = NT_STATUS_ACCESS_DENIED;
186 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
189 status = map_nt_error_from_unix(errno);
190 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
191 "directory %s to parent directory uid %u. "
192 "Error was %s\n", fname,
193 (unsigned int)parent_st.st_uid, strerror(errno) ));
197 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
198 "directory %s to parent directory uid %u.\n",
199 fname, (unsigned int)parent_st.st_uid ));
203 vfs_ChDir(conn,saved_dir);
207 /****************************************************************************
209 ****************************************************************************/
211 static NTSTATUS open_file(files_struct *fsp,
212 connection_struct *conn,
213 struct smb_request *req,
214 const char *parent_dir,
217 SMB_STRUCT_STAT *psbuf,
220 uint32 access_mask, /* client requested access mask. */
221 uint32 open_access_mask) /* what we're actually using in the open. */
223 NTSTATUS status = NT_STATUS_OK;
224 int accmode = (flags & O_ACCMODE);
225 int local_flags = flags;
226 bool file_existed = VALID_STAT(*psbuf);
231 /* Check permissions */
234 * This code was changed after seeing a client open request
235 * containing the open mode of (DENY_WRITE/read-only) with
236 * the 'create if not exist' bit set. The previous code
237 * would fail to open the file read only on a read-only share
238 * as it was checking the flags parameter directly against O_RDONLY,
239 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
243 if (!CAN_WRITE(conn)) {
244 /* It's a read-only share - fail if we wanted to write. */
245 if(accmode != O_RDONLY) {
246 DEBUG(3,("Permission denied opening %s\n", path));
247 return NT_STATUS_ACCESS_DENIED;
248 } else if(flags & O_CREAT) {
249 /* We don't want to write - but we must make sure that
250 O_CREAT doesn't create the file if we have write
251 access into the directory.
254 local_flags &= ~O_CREAT;
259 * This little piece of insanity is inspired by the
260 * fact that an NT client can open a file for O_RDONLY,
261 * but set the create disposition to FILE_EXISTS_TRUNCATE.
262 * If the client *can* write to the file, then it expects to
263 * truncate the file, even though it is opening for readonly.
264 * Quicken uses this stupid trick in backup file creation...
265 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
266 * for helping track this one down. It didn't bite us in 2.0.x
267 * as we always opened files read-write in that release. JRA.
270 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
271 DEBUG(10,("open_file: truncate requested on read-only open "
272 "for file %s\n", path));
273 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
276 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
277 (!file_existed && (local_flags & O_CREAT)) ||
278 ((local_flags & O_TRUNC) == O_TRUNC) ) {
281 * We can't actually truncate here as the file may be locked.
282 * open_file_ntcreate will take care of the truncate later. JRA.
285 local_flags &= ~O_TRUNC;
287 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
289 * We would block on opening a FIFO with no one else on the
290 * other end. Do what we used to do and add O_NONBLOCK to the
294 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
295 local_flags |= O_NONBLOCK;
299 /* Don't create files with Microsoft wildcard characters. */
300 if ((local_flags & O_CREAT) && !file_existed &&
302 return NT_STATUS_OBJECT_NAME_INVALID;
305 /* Actually do the open */
306 status = fd_open(conn, path, fsp, local_flags, unx_mode);
307 if (!NT_STATUS_IS_OK(status)) {
308 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
310 path,nt_errstr(status),local_flags,flags));
314 if ((local_flags & O_CREAT) && !file_existed) {
316 /* Inherit the ACL if required */
317 if (lp_inherit_perms(SNUM(conn))) {
318 inherit_access_acl(conn, parent_dir, path,
322 /* Change the owner if required. */
323 if (lp_inherit_owner(SNUM(conn))) {
324 change_file_owner_to_parent(conn, parent_dir,
328 notify_fname(conn, NOTIFY_ACTION_ADDED,
329 FILE_NOTIFY_CHANGE_FILE_NAME, path);
333 fsp->fh->fd = -1; /* What we used to call a stat open. */
339 if (fsp->fh->fd == -1) {
340 ret = SMB_VFS_STAT(conn, path, psbuf);
342 ret = SMB_VFS_FSTAT(fsp, psbuf);
343 /* If we have an fd, this stat should succeed. */
345 DEBUG(0,("Error doing fstat on open file %s "
346 "(%s)\n", path,strerror(errno) ));
350 /* For a non-io open, this stat failing means file not found. JRA */
352 status = map_nt_error_from_unix(errno);
359 * POSIX allows read-only opens of directories. We don't
360 * want to do this (we use a different code path for this)
361 * so catch a directory open and return an EISDIR. JRA.
364 if(S_ISDIR(psbuf->st_mode)) {
367 return NT_STATUS_FILE_IS_A_DIRECTORY;
370 fsp->mode = psbuf->st_mode;
371 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
372 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
373 fsp->file_pid = req ? req->smbpid : 0;
374 fsp->can_lock = True;
375 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
376 if (!CAN_WRITE(conn)) {
377 fsp->can_write = False;
379 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
382 fsp->print_file = False;
383 fsp->modified = False;
384 fsp->sent_oplock_break = NO_BREAK_SENT;
385 fsp->is_directory = False;
386 fsp->is_stat = False;
387 if (conn->aio_write_behind_list &&
388 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
389 fsp->aio_write_behind = True;
392 string_set(&fsp->fsp_name, path);
393 fsp->wcp = NULL; /* Write cache pointer. */
395 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
396 *current_user_info.smb_name ?
397 current_user_info.smb_name : conn->user,fsp->fsp_name,
398 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
399 conn->num_files_open + 1));
405 /*******************************************************************
406 Return True if the filename is one of the special executable types.
407 ********************************************************************/
409 static bool is_executable(const char *fname)
411 if ((fname = strrchr_m(fname,'.'))) {
412 if (strequal(fname,".com") ||
413 strequal(fname,".dll") ||
414 strequal(fname,".exe") ||
415 strequal(fname,".sym")) {
422 /****************************************************************************
423 Check if we can open a file with a share mode.
424 Returns True if conflict, False if not.
425 ****************************************************************************/
427 static bool share_conflict(struct share_mode_entry *entry,
431 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
432 "entry->share_access = 0x%x, "
433 "entry->private_options = 0x%x\n",
434 (unsigned int)entry->access_mask,
435 (unsigned int)entry->share_access,
436 (unsigned int)entry->private_options));
438 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
439 (unsigned int)access_mask, (unsigned int)share_access));
441 if ((entry->access_mask & (FILE_WRITE_DATA|
445 DELETE_ACCESS)) == 0) {
446 DEBUG(10,("share_conflict: No conflict due to "
447 "entry->access_mask = 0x%x\n",
448 (unsigned int)entry->access_mask ));
452 if ((access_mask & (FILE_WRITE_DATA|
456 DELETE_ACCESS)) == 0) {
457 DEBUG(10,("share_conflict: No conflict due to "
458 "access_mask = 0x%x\n",
459 (unsigned int)access_mask ));
463 #if 1 /* JRA TEST - Superdebug. */
464 #define CHECK_MASK(num, am, right, sa, share) \
465 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
466 (unsigned int)(num), (unsigned int)(am), \
467 (unsigned int)(right), (unsigned int)(am)&(right) )); \
468 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
469 (unsigned int)(num), (unsigned int)(sa), \
470 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
471 if (((am) & (right)) && !((sa) & (share))) { \
472 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
473 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
474 (unsigned int)(share) )); \
478 #define CHECK_MASK(num, am, right, sa, share) \
479 if (((am) & (right)) && !((sa) & (share))) { \
480 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
481 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
482 (unsigned int)(share) )); \
487 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
488 share_access, FILE_SHARE_WRITE);
489 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
490 entry->share_access, FILE_SHARE_WRITE);
492 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
493 share_access, FILE_SHARE_READ);
494 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
495 entry->share_access, FILE_SHARE_READ);
497 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
498 share_access, FILE_SHARE_DELETE);
499 CHECK_MASK(6, access_mask, DELETE_ACCESS,
500 entry->share_access, FILE_SHARE_DELETE);
502 DEBUG(10,("share_conflict: No conflict.\n"));
506 #if defined(DEVELOPER)
507 static void validate_my_share_entries(int num,
508 struct share_mode_entry *share_entry)
512 if (!procid_is_me(&share_entry->pid)) {
516 if (is_deferred_open_entry(share_entry) &&
517 !open_was_deferred(share_entry->op_mid)) {
518 char *str = talloc_asprintf(talloc_tos(),
519 "Got a deferred entry without a request: "
521 share_mode_str(talloc_tos(), num, share_entry));
525 if (!is_valid_share_mode_entry(share_entry)) {
529 fsp = file_find_dif(share_entry->id,
530 share_entry->share_file_id);
532 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
533 share_mode_str(talloc_tos(), num, share_entry) ));
534 smb_panic("validate_my_share_entries: Cannot match a "
535 "share entry with an open file\n");
538 if (is_deferred_open_entry(share_entry) ||
539 is_unused_share_mode_entry(share_entry)) {
543 if ((share_entry->op_type == NO_OPLOCK) &&
544 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
545 /* Someone has already written to it, but I haven't yet
550 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
559 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
560 share_mode_str(talloc_tos(), num, share_entry) ));
561 str = talloc_asprintf(talloc_tos(),
562 "validate_my_share_entries: "
563 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
564 fsp->fsp_name, (unsigned int)fsp->oplock_type,
565 (unsigned int)share_entry->op_type );
571 static bool is_stat_open(uint32 access_mask)
573 return (access_mask &&
574 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
575 FILE_WRITE_ATTRIBUTES))==0) &&
576 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
577 FILE_WRITE_ATTRIBUTES)) != 0));
580 /****************************************************************************
581 Deal with share modes
582 Invarient: Share mode must be locked on entry and exit.
583 Returns -1 on error, or number of share modes on success (may be zero).
584 ****************************************************************************/
586 static NTSTATUS open_mode_check(connection_struct *conn,
588 struct share_mode_lock *lck,
591 uint32 create_options,
596 if(lck->num_share_modes == 0) {
600 *file_existed = True;
602 /* A delete on close prohibits everything */
604 if (lck->delete_on_close) {
605 return NT_STATUS_DELETE_PENDING;
608 if (is_stat_open(access_mask)) {
609 /* Stat open that doesn't trigger oplock breaks or share mode
610 * checks... ! JRA. */
615 * Check if the share modes will give us access.
618 #if defined(DEVELOPER)
619 for(i = 0; i < lck->num_share_modes; i++) {
620 validate_my_share_entries(i, &lck->share_modes[i]);
624 if (!lp_share_modes(SNUM(conn))) {
628 /* Now we check the share modes, after any oplock breaks. */
629 for(i = 0; i < lck->num_share_modes; i++) {
631 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
635 /* someone else has a share lock on it, check to see if we can
637 if (share_conflict(&lck->share_modes[i],
638 access_mask, share_access)) {
639 return NT_STATUS_SHARING_VIOLATION;
646 static bool is_delete_request(files_struct *fsp) {
647 return ((fsp->access_mask == DELETE_ACCESS) &&
648 (fsp->oplock_type == NO_OPLOCK));
652 * 1) No files open at all or internal open: Grant whatever the client wants.
654 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
655 * request, break if the oplock around is a batch oplock. If it's another
656 * requested access type, break.
658 * 3) Only level2 around: Grant level2 and do nothing else.
661 static bool delay_for_oplocks(struct share_mode_lock *lck,
668 struct share_mode_entry *exclusive = NULL;
669 bool valid_entry = False;
670 bool delay_it = False;
671 bool have_level2 = False;
673 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
675 if (oplock_request & INTERNAL_OPEN_ONLY) {
676 fsp->oplock_type = NO_OPLOCK;
679 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
683 for (i=0; i<lck->num_share_modes; i++) {
685 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
689 /* At least one entry is not an invalid or deferred entry. */
692 if (pass_number == 1) {
693 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
694 SMB_ASSERT(exclusive == NULL);
695 exclusive = &lck->share_modes[i];
698 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
699 SMB_ASSERT(exclusive == NULL);
700 exclusive = &lck->share_modes[i];
704 if (lck->share_modes[i].op_type == LEVEL_II_OPLOCK) {
705 SMB_ASSERT(exclusive == NULL);
711 /* All entries are placeholders or deferred.
712 * Directly grant whatever the client wants. */
713 if (fsp->oplock_type == NO_OPLOCK) {
714 /* Store a level2 oplock, but don't tell the client */
715 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
720 if (exclusive != NULL) { /* Found an exclusive oplock */
721 SMB_ASSERT(!have_level2);
722 delay_it = is_delete_request(fsp) ?
723 BATCH_OPLOCK_TYPE(exclusive->op_type) : True;
726 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
727 /* We can at most grant level2 as there are other
728 * level2 or NO_OPLOCK entries. */
729 fsp->oplock_type = LEVEL_II_OPLOCK;
732 if ((fsp->oplock_type == NO_OPLOCK) && have_level2) {
733 /* Store a level2 oplock, but don't tell the client */
734 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
742 * Send a break message to the oplock holder and delay the open for
746 DEBUG(10, ("Sending break request to PID %s\n",
747 procid_str_static(&exclusive->pid)));
748 exclusive->op_mid = mid;
750 /* Create the message. */
751 share_mode_entry_to_message(msg, exclusive);
753 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
754 don't want this set in the share mode struct pointed to by lck. */
756 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
757 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
760 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
761 MSG_SMB_BREAK_REQUEST,
763 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
764 if (!NT_STATUS_IS_OK(status)) {
765 DEBUG(3, ("Could not send oplock break message: %s\n",
772 static bool request_timed_out(struct timeval request_time,
773 struct timeval timeout)
775 struct timeval now, end_time;
777 end_time = timeval_sum(&request_time, &timeout);
778 return (timeval_compare(&end_time, &now) < 0);
781 /****************************************************************************
782 Handle the 1 second delay in returning a SHARING_VIOLATION error.
783 ****************************************************************************/
785 static void defer_open(struct share_mode_lock *lck,
786 struct timeval request_time,
787 struct timeval timeout,
788 struct smb_request *req,
789 struct deferred_open_record *state)
795 for (i=0; i<lck->num_share_modes; i++) {
796 struct share_mode_entry *e = &lck->share_modes[i];
798 if (!is_deferred_open_entry(e)) {
802 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
803 DEBUG(0, ("Trying to defer an already deferred "
804 "request: mid=%d, exiting\n", req->mid));
805 exit_server("attempt to defer a deferred request");
809 /* End paranoia check */
811 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
812 "open entry for mid %u\n",
813 (unsigned int)request_time.tv_sec,
814 (unsigned int)request_time.tv_usec,
815 (unsigned int)req->mid));
817 if (!push_deferred_smb_message(req, request_time, timeout,
818 (char *)state, sizeof(*state))) {
819 exit_server("push_deferred_smb_message failed");
821 add_deferred_open(lck, req->mid, request_time, state->id);
824 * Push the MID of this packet on the signing queue.
825 * We only do this once, the first time we push the packet
826 * onto the deferred open queue, as this has a side effect
827 * of incrementing the response sequence number.
830 srv_defer_sign_response(req->mid);
834 /****************************************************************************
835 On overwrite open ensure that the attributes match.
836 ****************************************************************************/
838 static bool open_match_attributes(connection_struct *conn,
842 mode_t existing_unx_mode,
844 mode_t *returned_unx_mode)
846 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
848 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
849 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
851 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
852 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
853 *returned_unx_mode = new_unx_mode;
855 *returned_unx_mode = (mode_t)0;
858 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
859 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
860 "returned_unx_mode = 0%o\n",
862 (unsigned int)old_dos_attr,
863 (unsigned int)existing_unx_mode,
864 (unsigned int)new_dos_attr,
865 (unsigned int)*returned_unx_mode ));
867 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
868 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
869 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
870 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
874 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
875 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
876 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
883 /****************************************************************************
884 Special FCB or DOS processing in the case of a sharing violation.
885 Try and find a duplicated file handle.
886 ****************************************************************************/
888 static files_struct *fcb_or_dos_open(connection_struct *conn,
895 uint32 create_options)
898 files_struct *dup_fsp;
900 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
901 "file %s.\n", fname ));
903 for(fsp = file_find_di_first(id); fsp;
904 fsp = file_find_di_next(fsp)) {
906 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
907 "vuid = %u, file_pid = %u, private_options = 0x%x "
908 "access_mask = 0x%x\n", fsp->fsp_name,
909 fsp->fh->fd, (unsigned int)fsp->vuid,
910 (unsigned int)fsp->file_pid,
911 (unsigned int)fsp->fh->private_options,
912 (unsigned int)fsp->access_mask ));
914 if (fsp->fh->fd != -1 &&
916 fsp->file_pid == file_pid &&
917 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
918 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
919 (fsp->access_mask & FILE_WRITE_DATA) &&
920 strequal(fsp->fsp_name, fname)) {
921 DEBUG(10,("fcb_or_dos_open: file match\n"));
930 /* quite an insane set of semantics ... */
931 if (is_executable(fname) &&
932 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
933 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
937 /* We need to duplicate this fsp. */
938 if (!NT_STATUS_IS_OK(dup_file_fsp(fsp, access_mask, share_access,
939 create_options, &dup_fsp))) {
946 /****************************************************************************
947 Open a file with a share mode - old openX method - map into NTCreate.
948 ****************************************************************************/
950 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
951 uint32 *paccess_mask,
953 uint32 *pcreate_disposition,
954 uint32 *pcreate_options)
958 uint32 create_disposition;
959 uint32 create_options = 0;
961 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
962 "open_func = 0x%x\n",
963 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
965 /* Create the NT compatible access_mask. */
966 switch (GET_OPENX_MODE(deny_mode)) {
967 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
968 case DOS_OPEN_RDONLY:
969 access_mask = FILE_GENERIC_READ;
971 case DOS_OPEN_WRONLY:
972 access_mask = FILE_GENERIC_WRITE;
976 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
979 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
980 (unsigned int)GET_OPENX_MODE(deny_mode)));
984 /* Create the NT compatible create_disposition. */
986 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
987 create_disposition = FILE_CREATE;
990 case OPENX_FILE_EXISTS_OPEN:
991 create_disposition = FILE_OPEN;
994 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
995 create_disposition = FILE_OPEN_IF;
998 case OPENX_FILE_EXISTS_TRUNCATE:
999 create_disposition = FILE_OVERWRITE;
1002 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1003 create_disposition = FILE_OVERWRITE_IF;
1007 /* From samba4 - to be confirmed. */
1008 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1009 create_disposition = FILE_CREATE;
1012 DEBUG(10,("map_open_params_to_ntcreate: bad "
1013 "open_func 0x%x\n", (unsigned int)open_func));
1017 /* Create the NT compatible share modes. */
1018 switch (GET_DENY_MODE(deny_mode)) {
1020 share_mode = FILE_SHARE_NONE;
1024 share_mode = FILE_SHARE_READ;
1028 share_mode = FILE_SHARE_WRITE;
1032 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1036 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1037 if (is_executable(fname)) {
1038 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1040 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1041 share_mode = FILE_SHARE_READ;
1043 share_mode = FILE_SHARE_NONE;
1049 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1050 share_mode = FILE_SHARE_NONE;
1054 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1055 (unsigned int)GET_DENY_MODE(deny_mode) ));
1059 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1060 "share_mode = 0x%x, create_disposition = 0x%x, "
1061 "create_options = 0x%x\n",
1063 (unsigned int)access_mask,
1064 (unsigned int)share_mode,
1065 (unsigned int)create_disposition,
1066 (unsigned int)create_options ));
1069 *paccess_mask = access_mask;
1072 *pshare_mode = share_mode;
1074 if (pcreate_disposition) {
1075 *pcreate_disposition = create_disposition;
1077 if (pcreate_options) {
1078 *pcreate_options = create_options;
1085 static void schedule_defer_open(struct share_mode_lock *lck,
1086 struct timeval request_time,
1087 struct smb_request *req)
1089 struct deferred_open_record state;
1091 /* This is a relative time, added to the absolute
1092 request_time value to get the absolute timeout time.
1093 Note that if this is the second or greater time we enter
1094 this codepath for this particular request mid then
1095 request_time is left as the absolute time of the *first*
1096 time this request mid was processed. This is what allows
1097 the request to eventually time out. */
1099 struct timeval timeout;
1101 /* Normally the smbd we asked should respond within
1102 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1103 * the client did, give twice the timeout as a safety
1104 * measure here in case the other smbd is stuck
1105 * somewhere else. */
1107 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1109 /* Nothing actually uses state.delayed_for_oplocks
1110 but it's handy to differentiate in debug messages
1111 between a 30 second delay due to oplock break, and
1112 a 1 second delay for share mode conflicts. */
1114 state.delayed_for_oplocks = True;
1117 if (!request_timed_out(request_time, timeout)) {
1118 defer_open(lck, request_time, timeout, req, &state);
1122 /****************************************************************************
1123 Open a file with a share mode.
1124 ****************************************************************************/
1126 NTSTATUS open_file_ntcreate(connection_struct *conn,
1127 struct smb_request *req,
1129 SMB_STRUCT_STAT *psbuf,
1130 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1131 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1132 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1133 uint32 create_options, /* options such as delete on close. */
1134 uint32 new_dos_attributes, /* attributes used for new file. */
1135 int oplock_request, /* internal Samba oplock codes. */
1136 /* Information (FILE_EXISTS etc.) */
1138 files_struct **result)
1142 bool file_existed = VALID_STAT(*psbuf);
1143 bool def_acl = False;
1144 bool posix_open = False;
1145 bool new_file_created = False;
1147 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1148 files_struct *fsp = NULL;
1149 mode_t new_unx_mode = (mode_t)0;
1150 mode_t unx_mode = (mode_t)0;
1152 uint32 existing_dos_attributes = 0;
1153 struct pending_message_list *pml = NULL;
1154 struct timeval request_time = timeval_zero();
1155 struct share_mode_lock *lck = NULL;
1156 uint32 open_access_mask = access_mask;
1160 const char *newname;
1164 if (conn->printer) {
1166 * Printers are handled completely differently.
1167 * Most of the passed parameters are ignored.
1171 *pinfo = FILE_WAS_CREATED;
1174 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1176 return print_fsp_open(conn, fname, result);
1179 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1181 return NT_STATUS_NO_MEMORY;
1184 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1186 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1187 new_dos_attributes = 0;
1189 /* We add aARCH to this as this mode is only used if the file is
1191 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1195 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1196 "access_mask=0x%x share_access=0x%x "
1197 "create_disposition = 0x%x create_options=0x%x "
1198 "unix mode=0%o oplock_request=%d\n",
1199 fname, new_dos_attributes, access_mask, share_access,
1200 create_disposition, create_options, unx_mode,
1203 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1204 DEBUG(0, ("No smb request but not an internal only open!\n"));
1205 return NT_STATUS_INTERNAL_ERROR;
1209 * Only non-internal opens can be deferred at all
1213 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1214 struct deferred_open_record *state =
1215 (struct deferred_open_record *)pml->private_data.data;
1217 /* Remember the absolute time of the original
1218 request with this mid. We'll use it later to
1219 see if this has timed out. */
1221 request_time = pml->request_time;
1223 /* Remove the deferred open entry under lock. */
1224 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL);
1226 DEBUG(0, ("could not get share mode lock\n"));
1228 del_deferred_open_entry(lck, req->mid);
1232 /* Ensure we don't reprocess this message. */
1233 remove_deferred_open_smb_message(req->mid);
1236 status = check_name(conn, fname);
1237 if (!NT_STATUS_IS_OK(status)) {
1242 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1244 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1248 /* ignore any oplock requests if oplocks are disabled */
1249 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1250 IS_VETO_OPLOCK_PATH(conn, fname)) {
1251 /* Mask off everything except the private Samba bits. */
1252 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1255 /* this is for OS/2 long file names - say we don't support them */
1256 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1257 /* OS/2 Workplace shell fix may be main code stream in a later
1259 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1261 if (use_nt_status()) {
1262 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1264 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1267 switch( create_disposition ) {
1269 * Currently we're using FILE_SUPERSEDE as the same as
1270 * FILE_OVERWRITE_IF but they really are
1271 * different. FILE_SUPERSEDE deletes an existing file
1272 * (requiring delete access) then recreates it.
1274 case FILE_SUPERSEDE:
1275 /* If file exists replace/overwrite. If file doesn't
1277 flags2 |= (O_CREAT | O_TRUNC);
1280 case FILE_OVERWRITE_IF:
1281 /* If file exists replace/overwrite. If file doesn't
1283 flags2 |= (O_CREAT | O_TRUNC);
1287 /* If file exists open. If file doesn't exist error. */
1288 if (!file_existed) {
1289 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1290 "requested for file %s and file "
1291 "doesn't exist.\n", fname ));
1293 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1297 case FILE_OVERWRITE:
1298 /* If file exists overwrite. If file doesn't exist
1300 if (!file_existed) {
1301 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1302 "requested for file %s and file "
1303 "doesn't exist.\n", fname ));
1305 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1311 /* If file exists error. If file doesn't exist
1314 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1315 "requested for file %s and file "
1316 "already exists.\n", fname ));
1317 if (S_ISDIR(psbuf->st_mode)) {
1322 return map_nt_error_from_unix(errno);
1324 flags2 |= (O_CREAT|O_EXCL);
1328 /* If file exists open. If file doesn't exist
1334 return NT_STATUS_INVALID_PARAMETER;
1337 /* We only care about matching attributes on file exists and
1340 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1341 (create_disposition == FILE_OVERWRITE_IF))) {
1342 if (!open_match_attributes(conn, fname,
1343 existing_dos_attributes,
1344 new_dos_attributes, psbuf->st_mode,
1345 unx_mode, &new_unx_mode)) {
1346 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1347 "for file %s (%x %x) (0%o, 0%o)\n",
1348 fname, existing_dos_attributes,
1350 (unsigned int)psbuf->st_mode,
1351 (unsigned int)unx_mode ));
1353 return NT_STATUS_ACCESS_DENIED;
1357 /* This is a nasty hack - must fix... JRA. */
1358 if (access_mask == MAXIMUM_ALLOWED_ACCESS) {
1359 open_access_mask = access_mask = FILE_GENERIC_ALL;
1363 * Convert GENERIC bits to specific bits.
1366 se_map_generic(&access_mask, &file_generic_mapping);
1367 open_access_mask = access_mask;
1369 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1370 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1373 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1374 "access_mask=0x%x\n", fname, access_mask ));
1377 * Note that we ignore the append flag as append does not
1378 * mean the same thing under DOS and Unix.
1381 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1382 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1383 /* DENY_DOS opens are always underlying read-write on the
1384 file handle, no matter what the requested access mask
1386 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1387 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1397 * Currently we only look at FILE_WRITE_THROUGH for create options.
1401 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1406 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1410 if (!posix_open && !CAN_WRITE(conn)) {
1412 * We should really return a permission denied error if either
1413 * O_CREAT or O_TRUNC are set, but for compatibility with
1414 * older versions of Samba we just AND them out.
1416 flags2 &= ~(O_CREAT|O_TRUNC);
1420 * Ensure we can't write on a read-only share or file.
1423 if (flags != O_RDONLY && file_existed &&
1424 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1425 DEBUG(5,("open_file_ntcreate: write access requested for "
1426 "file %s on read only %s\n",
1427 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1429 return NT_STATUS_ACCESS_DENIED;
1432 status = file_new(conn, &fsp);
1433 if(!NT_STATUS_IS_OK(status)) {
1437 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1438 fsp->share_access = share_access;
1439 fsp->fh->private_options = create_options;
1440 fsp->access_mask = open_access_mask; /* We change this to the
1441 * requested access_mask after
1442 * the open is done. */
1443 fsp->posix_open = posix_open;
1445 /* Ensure no SAMBA_PRIVATE bits can be set. */
1446 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1448 if (timeval_is_zero(&request_time)) {
1449 request_time = fsp->open_time;
1453 id = vfs_file_id_from_sbuf(conn, psbuf);
1455 lck = get_share_mode_lock(talloc_tos(), id,
1461 DEBUG(0, ("Could not get share mode lock\n"));
1462 return NT_STATUS_SHARING_VIOLATION;
1465 /* First pass - send break only on batch oplocks. */
1467 && delay_for_oplocks(lck, fsp, req->mid, 1,
1469 schedule_defer_open(lck, request_time, req);
1472 return NT_STATUS_SHARING_VIOLATION;
1475 /* Use the client requested access mask here, not the one we
1477 status = open_mode_check(conn, fname, lck,
1478 access_mask, share_access,
1479 create_options, &file_existed);
1481 if (NT_STATUS_IS_OK(status)) {
1482 /* We might be going to allow this open. Check oplock
1484 /* Second pass - send break for both batch or
1485 * exclusive oplocks. */
1487 && delay_for_oplocks(lck, fsp, req->mid, 2,
1489 schedule_defer_open(lck, request_time, req);
1492 return NT_STATUS_SHARING_VIOLATION;
1496 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1497 /* DELETE_PENDING is not deferred for a second */
1503 if (!NT_STATUS_IS_OK(status)) {
1504 uint32 can_access_mask;
1505 bool can_access = True;
1507 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1509 /* Check if this can be done with the deny_dos and fcb
1511 if (create_options &
1512 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1513 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1514 files_struct *fsp_dup;
1517 DEBUG(0, ("DOS open without an SMB "
1521 return NT_STATUS_INTERNAL_ERROR;
1524 /* Use the client requested access mask here,
1525 * not the one we open with. */
1526 fsp_dup = fcb_or_dos_open(conn, fname, id,
1537 *pinfo = FILE_WAS_OPENED;
1539 conn->num_files_open++;
1541 return NT_STATUS_OK;
1546 * This next line is a subtlety we need for
1547 * MS-Access. If a file open will fail due to share
1548 * permissions and also for security (access) reasons,
1549 * we need to return the access failed error, not the
1550 * share error. We can't open the file due to kernel
1551 * oplock deadlock (it's possible we failed above on
1552 * the open_mode_check()) so use a userspace check.
1555 if (flags & O_RDWR) {
1556 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1557 } else if (flags & O_WRONLY) {
1558 can_access_mask = FILE_WRITE_DATA;
1560 can_access_mask = FILE_READ_DATA;
1563 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1564 !can_access_file(conn,fname,psbuf,can_access_mask)) {
1569 * If we're returning a share violation, ensure we
1570 * cope with the braindead 1 second delay.
1573 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1574 lp_defer_sharing_violations()) {
1575 struct timeval timeout;
1576 struct deferred_open_record state;
1579 /* this is a hack to speed up torture tests
1581 timeout_usecs = lp_parm_int(SNUM(conn),
1582 "smbd","sharedelay",
1583 SHARING_VIOLATION_USEC_WAIT);
1585 /* This is a relative time, added to the absolute
1586 request_time value to get the absolute timeout time.
1587 Note that if this is the second or greater time we enter
1588 this codepath for this particular request mid then
1589 request_time is left as the absolute time of the *first*
1590 time this request mid was processed. This is what allows
1591 the request to eventually time out. */
1593 timeout = timeval_set(0, timeout_usecs);
1595 /* Nothing actually uses state.delayed_for_oplocks
1596 but it's handy to differentiate in debug messages
1597 between a 30 second delay due to oplock break, and
1598 a 1 second delay for share mode conflicts. */
1600 state.delayed_for_oplocks = False;
1604 && !request_timed_out(request_time,
1606 defer_open(lck, request_time, timeout,
1614 * We have detected a sharing violation here
1615 * so return the correct error code
1617 status = NT_STATUS_SHARING_VIOLATION;
1619 status = NT_STATUS_ACCESS_DENIED;
1626 * We exit this block with the share entry *locked*.....
1630 SMB_ASSERT(!file_existed || (lck != NULL));
1633 * Ensure we pay attention to default ACLs on directories if required.
1636 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1637 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1641 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1642 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1643 (unsigned int)flags, (unsigned int)flags2,
1644 (unsigned int)unx_mode, (unsigned int)access_mask,
1645 (unsigned int)open_access_mask));
1648 * open_file strips any O_TRUNC flags itself.
1651 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1652 flags|flags2, unx_mode, access_mask,
1655 if (!NT_STATUS_IS_OK(fsp_open)) {
1663 if (!file_existed) {
1666 * Deal with the race condition where two smbd's detect the
1667 * file doesn't exist and do the create at the same time. One
1668 * of them will win and set a share mode, the other (ie. this
1669 * one) should check if the requested share mode for this
1670 * create is allowed.
1674 * Now the file exists and fsp is successfully opened,
1675 * fsp->dev and fsp->inode are valid and should replace the
1676 * dev=0,inode=0 from a non existent file. Spotted by
1677 * Nadav Danieli <nadavd@exanet.com>. JRA.
1682 lck = get_share_mode_lock(talloc_tos(), id,
1687 DEBUG(0, ("open_file_ntcreate: Could not get share "
1688 "mode lock for %s\n", fname));
1691 return NT_STATUS_SHARING_VIOLATION;
1694 /* First pass - send break only on batch oplocks. */
1696 && delay_for_oplocks(lck, fsp, req->mid, 1,
1698 schedule_defer_open(lck, request_time, req);
1702 return NT_STATUS_SHARING_VIOLATION;
1705 status = open_mode_check(conn, fname, lck,
1706 access_mask, share_access,
1707 create_options, &file_existed);
1709 if (NT_STATUS_IS_OK(status)) {
1710 /* We might be going to allow this open. Check oplock
1712 /* Second pass - send break for both batch or
1713 * exclusive oplocks. */
1715 && delay_for_oplocks(lck, fsp, req->mid, 2,
1717 schedule_defer_open(lck, request_time, req);
1721 return NT_STATUS_SHARING_VIOLATION;
1725 if (!NT_STATUS_IS_OK(status)) {
1726 struct deferred_open_record state;
1731 state.delayed_for_oplocks = False;
1734 /* Do it all over again immediately. In the second
1735 * round we will find that the file existed and handle
1736 * the DELETE_PENDING and FCB cases correctly. No need
1737 * to duplicate the code here. Essentially this is a
1738 * "goto top of this function", but don't tell
1742 defer_open(lck, request_time, timeval_zero(),
1750 * We exit this block with the share entry *locked*.....
1755 SMB_ASSERT(lck != NULL);
1757 /* note that we ignore failure for the following. It is
1758 basically a hack for NFS, and NFS will never set one of
1759 these only read them. Nobody but Samba can ever set a deny
1760 mode and we have already checked our more authoritative
1761 locking database for permission to set this deny mode. If
1762 the kernel refuses the operations then the kernel is wrong.
1763 note that GPFS supports it as well - jmcd */
1765 if (fsp->fh->fd != -1) {
1766 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
1767 if(ret_flock == -1 ){
1773 return NT_STATUS_SHARING_VIOLATION;
1778 * At this point onwards, we can guarentee that the share entry
1779 * is locked, whether we created the file or not, and that the
1780 * deny mode is compatible with all current opens.
1784 * If requested, truncate the file.
1787 if (flags2&O_TRUNC) {
1789 * We are modifing the file after open - update the stat
1792 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
1793 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
1794 status = map_nt_error_from_unix(errno);
1802 /* Record the options we were opened with. */
1803 fsp->share_access = share_access;
1804 fsp->fh->private_options = create_options;
1805 fsp->access_mask = access_mask;
1808 /* stat opens on existing files don't get oplocks. */
1809 if (is_stat_open(open_access_mask)) {
1810 fsp->oplock_type = NO_OPLOCK;
1813 if (!(flags2 & O_TRUNC)) {
1814 info = FILE_WAS_OPENED;
1816 info = FILE_WAS_OVERWRITTEN;
1819 info = FILE_WAS_CREATED;
1827 * Setup the oplock info in both the shared memory and
1831 if ((fsp->oplock_type != NO_OPLOCK) &&
1832 (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) {
1833 if (!set_file_oplock(fsp, fsp->oplock_type)) {
1834 /* Could not get the kernel oplock */
1835 fsp->oplock_type = NO_OPLOCK;
1839 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
1840 new_file_created = True;
1843 set_share_mode(lck, fsp, current_user.ut.uid, 0, fsp->oplock_type, new_file_created);
1845 /* Handle strange delete on close create semantics. */
1846 if ((create_options & FILE_DELETE_ON_CLOSE)
1847 && (is_ntfs_stream_name(fname)
1848 || can_set_initial_delete_on_close(lck))) {
1849 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
1851 if (!NT_STATUS_IS_OK(status)) {
1852 /* Remember to delete the mode we just added. */
1853 del_share_mode(lck, fsp);
1859 /* Note that here we set the *inital* delete on close flag,
1860 not the regular one. The magic gets handled in close. */
1861 fsp->initial_delete_on_close = True;
1864 if (new_file_created) {
1865 /* Files should be initially set as archive */
1866 if (lp_map_archive(SNUM(conn)) ||
1867 lp_store_dos_attributes(SNUM(conn))) {
1869 SMB_STRUCT_STAT tmp_sbuf;
1870 SET_STAT_INVALID(tmp_sbuf);
1871 if (file_set_dosmode(
1873 new_dos_attributes | aARCH,
1874 &tmp_sbuf, parent_dir,
1876 unx_mode = tmp_sbuf.st_mode;
1883 * Take care of inherited ACLs on created files - if default ACL not
1887 if (!posix_open && !file_existed && !def_acl) {
1889 int saved_errno = errno; /* We might get ENOSYS in the next
1892 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
1894 errno = saved_errno; /* Ignore ENOSYS */
1897 } else if (new_unx_mode) {
1901 /* Attributes need changing. File already existed. */
1904 int saved_errno = errno; /* We might get ENOSYS in the
1906 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
1908 if (ret == -1 && errno == ENOSYS) {
1909 errno = saved_errno; /* Ignore ENOSYS */
1911 DEBUG(5, ("open_file_ntcreate: reset "
1912 "attributes of file %s to 0%o\n",
1913 fname, (unsigned int)new_unx_mode));
1914 ret = 0; /* Don't do the fchmod below. */
1919 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
1920 DEBUG(5, ("open_file_ntcreate: failed to reset "
1921 "attributes of file %s to 0%o\n",
1922 fname, (unsigned int)new_unx_mode));
1925 /* If this is a successful open, we must remove any deferred open
1928 del_deferred_open_entry(lck, req->mid);
1932 conn->num_files_open++;
1935 return NT_STATUS_OK;
1938 /****************************************************************************
1939 Open a file for for write to ensure that we can fchmod it.
1940 ****************************************************************************/
1942 NTSTATUS open_file_fchmod(connection_struct *conn, const char *fname,
1943 SMB_STRUCT_STAT *psbuf, files_struct **result)
1945 files_struct *fsp = NULL;
1948 if (!VALID_STAT(*psbuf)) {
1949 return NT_STATUS_INVALID_PARAMETER;
1952 status = file_new(conn, &fsp);
1953 if(!NT_STATUS_IS_OK(status)) {
1957 /* note! we must use a non-zero desired access or we don't get
1958 a real file descriptor. Oh what a twisted web we weave. */
1959 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
1960 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
1963 * This is not a user visible file open.
1964 * Don't set a share mode and don't increment
1965 * the conn->num_files_open.
1968 if (!NT_STATUS_IS_OK(status)) {
1974 return NT_STATUS_OK;
1977 /****************************************************************************
1978 Close the fchmod file fd - ensure no locks are lost.
1979 ****************************************************************************/
1981 NTSTATUS close_file_fchmod(files_struct *fsp)
1983 NTSTATUS status = fd_close(fsp);
1988 static NTSTATUS mkdir_internal(connection_struct *conn,
1990 uint32 file_attributes,
1991 SMB_STRUCT_STAT *psbuf)
1995 const char *dirname;
1997 bool posix_open = false;
1999 if(!CAN_WRITE(conn)) {
2000 DEBUG(5,("mkdir_internal: failing create on read-only share "
2001 "%s\n", lp_servicename(SNUM(conn))));
2002 return NT_STATUS_ACCESS_DENIED;
2005 status = check_name(conn, name);
2006 if (!NT_STATUS_IS_OK(status)) {
2010 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2012 return NT_STATUS_NO_MEMORY;
2015 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2017 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2019 mode = unix_mode(conn, aDIR, name, parent_dir);
2022 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2023 return map_nt_error_from_unix(errno);
2026 /* Ensure we're checking for a symlink here.... */
2027 /* We don't want to get caught by a symlink racer. */
2029 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2030 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2031 name, strerror(errno)));
2032 return map_nt_error_from_unix(errno);
2035 if (!S_ISDIR(psbuf->st_mode)) {
2036 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2038 return NT_STATUS_ACCESS_DENIED;
2041 if (lp_store_dos_attributes(SNUM(conn))) {
2043 file_set_dosmode(conn, name,
2044 file_attributes | aDIR, NULL,
2050 if (lp_inherit_perms(SNUM(conn))) {
2051 inherit_access_acl(conn, parent_dir, name, mode);
2054 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2056 * Check if high bits should have been set,
2057 * then (if bits are missing): add them.
2058 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2061 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2062 SMB_VFS_CHMOD(conn, name,
2063 psbuf->st_mode | (mode & ~psbuf->st_mode));
2067 /* Change the owner if required. */
2068 if (lp_inherit_owner(SNUM(conn))) {
2069 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2072 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2075 return NT_STATUS_OK;
2078 /****************************************************************************
2079 Open a directory from an NT SMB call.
2080 ****************************************************************************/
2082 NTSTATUS open_directory(connection_struct *conn,
2083 struct smb_request *req,
2085 SMB_STRUCT_STAT *psbuf,
2087 uint32 share_access,
2088 uint32 create_disposition,
2089 uint32 create_options,
2090 uint32 file_attributes,
2092 files_struct **result)
2094 files_struct *fsp = NULL;
2095 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2096 struct share_mode_lock *lck = NULL;
2100 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2101 "share_access = 0x%x create_options = 0x%x, "
2102 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2104 (unsigned int)access_mask,
2105 (unsigned int)share_access,
2106 (unsigned int)create_options,
2107 (unsigned int)create_disposition,
2108 (unsigned int)file_attributes));
2110 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) && is_ntfs_stream_name(fname)) {
2111 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2112 return NT_STATUS_NOT_A_DIRECTORY;
2115 switch( create_disposition ) {
2118 info = FILE_WAS_OPENED;
2121 * We want to follow symlinks here.
2124 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2125 return map_nt_error_from_unix(errno);
2132 /* If directory exists error. If directory doesn't
2135 status = mkdir_internal(conn,
2140 if (!NT_STATUS_IS_OK(status)) {
2141 DEBUG(2, ("open_directory: unable to create "
2142 "%s. Error was %s\n", fname,
2143 nt_errstr(status)));
2147 info = FILE_WAS_CREATED;
2152 * If directory exists open. If directory doesn't
2156 status = mkdir_internal(conn,
2161 if (NT_STATUS_IS_OK(status)) {
2162 info = FILE_WAS_CREATED;
2165 if (NT_STATUS_EQUAL(status,
2166 NT_STATUS_OBJECT_NAME_COLLISION)) {
2167 info = FILE_WAS_OPENED;
2168 status = NT_STATUS_OK;
2173 case FILE_SUPERSEDE:
2174 case FILE_OVERWRITE:
2175 case FILE_OVERWRITE_IF:
2177 DEBUG(5,("open_directory: invalid create_disposition "
2178 "0x%x for directory %s\n",
2179 (unsigned int)create_disposition, fname));
2180 return NT_STATUS_INVALID_PARAMETER;
2183 if(!S_ISDIR(psbuf->st_mode)) {
2184 DEBUG(5,("open_directory: %s is not a directory !\n",
2186 return NT_STATUS_NOT_A_DIRECTORY;
2189 status = file_new(conn, &fsp);
2190 if(!NT_STATUS_IS_OK(status)) {
2195 * Setup the files_struct for it.
2198 fsp->mode = psbuf->st_mode;
2199 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2200 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2201 fsp->file_pid = req ? req->smbpid : 0;
2202 fsp->can_lock = False;
2203 fsp->can_read = False;
2204 fsp->can_write = False;
2206 fsp->share_access = share_access;
2207 fsp->fh->private_options = create_options;
2208 fsp->access_mask = access_mask;
2210 fsp->print_file = False;
2211 fsp->modified = False;
2212 fsp->oplock_type = NO_OPLOCK;
2213 fsp->sent_oplock_break = NO_BREAK_SENT;
2214 fsp->is_directory = True;
2215 fsp->is_stat = False;
2216 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2218 string_set(&fsp->fsp_name,fname);
2220 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2225 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2227 return NT_STATUS_SHARING_VIOLATION;
2230 status = open_mode_check(conn, fname, lck,
2231 access_mask, share_access,
2232 create_options, &dir_existed);
2234 if (!NT_STATUS_IS_OK(status)) {
2240 set_share_mode(lck, fsp, current_user.ut.uid, 0, NO_OPLOCK, True);
2242 /* For directories the delete on close bit at open time seems
2243 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2244 if (create_options & FILE_DELETE_ON_CLOSE) {
2245 status = can_set_delete_on_close(fsp, True, 0);
2246 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2252 if (NT_STATUS_IS_OK(status)) {
2253 /* Note that here we set the *inital* delete on close flag,
2254 not the regular one. The magic gets handled in close. */
2255 fsp->initial_delete_on_close = True;
2265 conn->num_files_open++;
2268 return NT_STATUS_OK;
2271 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2274 SMB_STRUCT_STAT sbuf;
2277 SET_STAT_INVALID(sbuf);
2279 status = open_directory(conn, req, directory, &sbuf,
2280 FILE_READ_ATTRIBUTES, /* Just a stat open */
2281 FILE_SHARE_NONE, /* Ignored for stat opens */
2284 FILE_ATTRIBUTE_DIRECTORY,
2288 if (NT_STATUS_IS_OK(status)) {
2289 close_file(fsp, NORMAL_CLOSE);
2295 /****************************************************************************
2296 Open a pseudo-file (no locking checks - a 'stat' open).
2297 ****************************************************************************/
2299 NTSTATUS open_file_stat(connection_struct *conn, struct smb_request *req,
2300 const char *fname, SMB_STRUCT_STAT *psbuf,
2301 files_struct **result)
2303 files_struct *fsp = NULL;
2306 if (!VALID_STAT(*psbuf)) {
2307 return NT_STATUS_INVALID_PARAMETER;
2310 /* Can't 'stat' open directories. */
2311 if(S_ISDIR(psbuf->st_mode)) {
2312 return NT_STATUS_FILE_IS_A_DIRECTORY;
2315 status = file_new(conn, &fsp);
2316 if(!NT_STATUS_IS_OK(status)) {
2320 DEBUG(5,("open_file_stat: 'opening' file %s\n", fname));
2323 * Setup the files_struct for it.
2326 fsp->mode = psbuf->st_mode;
2327 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2328 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2329 fsp->file_pid = req ? req->smbpid : 0;
2330 fsp->can_lock = False;
2331 fsp->can_read = False;
2332 fsp->can_write = False;
2333 fsp->print_file = False;
2334 fsp->modified = False;
2335 fsp->oplock_type = NO_OPLOCK;
2336 fsp->sent_oplock_break = NO_BREAK_SENT;
2337 fsp->is_directory = False;
2338 fsp->is_stat = True;
2339 string_set(&fsp->fsp_name,fname);
2341 conn->num_files_open++;
2344 return NT_STATUS_OK;
2347 /****************************************************************************
2348 Receive notification that one of our open files has been renamed by another
2350 ****************************************************************************/
2352 void msg_file_was_renamed(struct messaging_context *msg,
2355 struct server_id server_id,
2359 char *frm = (char *)data->data;
2361 const char *sharepath;
2362 const char *newname;
2365 if (data->data == NULL
2366 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2367 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2368 (int)data->length));
2372 /* Unpack the message. */
2373 pull_file_id_16(frm, &id);
2374 sharepath = &frm[16];
2375 newname = sharepath + strlen(sharepath) + 1;
2376 sp_len = strlen(sharepath);
2378 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2380 sharepath, newname, file_id_string_tos(&id)));
2382 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2383 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2384 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2385 fsp->fnum, fsp->fsp_name, newname ));
2386 string_set(&fsp->fsp_name, newname);
2389 /* Now we have the complete path we can work out if this is
2390 actually within this share and adjust newname accordingly. */
2391 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2392 "not sharepath %s) "
2393 "fnum %d from %s -> %s\n",
2394 fsp->conn->connectpath,
2403 struct case_semantics_state {
2404 connection_struct *conn;
2405 bool case_sensitive;
2407 bool short_case_preserve;
2410 /****************************************************************************
2411 Restore case semantics.
2412 ****************************************************************************/
2413 static int restore_case_semantics(struct case_semantics_state *state)
2415 state->conn->case_sensitive = state->case_sensitive;
2416 state->conn->case_preserve = state->case_preserve;
2417 state->conn->short_case_preserve = state->short_case_preserve;
2421 /****************************************************************************
2422 Save case semantics.
2423 ****************************************************************************/
2424 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2425 connection_struct *conn)
2427 struct case_semantics_state *result;
2429 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2430 DEBUG(0, ("talloc failed\n"));
2434 result->conn = conn;
2435 result->case_sensitive = conn->case_sensitive;
2436 result->case_preserve = conn->case_preserve;
2437 result->short_case_preserve = conn->short_case_preserve;
2440 conn->case_sensitive = True;
2441 conn->case_preserve = True;
2442 conn->short_case_preserve = True;
2444 talloc_set_destructor(result, restore_case_semantics);
2450 * If a main file is opened for delete, all streams need to be checked for
2451 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2452 * If that works, delete them all by setting the delete on close and close.
2455 static NTSTATUS open_streams_for_delete(connection_struct *conn,
2458 struct stream_struct *stream_info;
2459 files_struct **streams;
2461 unsigned int num_streams;
2462 TALLOC_CTX *frame = talloc_stackframe();
2465 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2466 &num_streams, &stream_info);
2468 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2469 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2470 DEBUG(10, ("no streams around\n"));
2472 return NT_STATUS_OK;
2475 if (!NT_STATUS_IS_OK(status)) {
2476 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2477 nt_errstr(status)));
2481 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2484 if (num_streams == 0) {
2486 return NT_STATUS_OK;
2489 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2490 if (streams == NULL) {
2491 DEBUG(0, ("talloc failed\n"));
2492 status = NT_STATUS_NO_MEMORY;
2496 for (i=0; i<num_streams; i++) {
2499 if (strequal(stream_info[i].name, "::$DATA")) {
2504 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2505 stream_info[i].name);
2507 if (streamname == NULL) {
2508 DEBUG(0, ("talloc_aprintf failed\n"));
2509 status = NT_STATUS_NO_MEMORY;
2513 status = create_file_unixpath
2516 streamname, /* fname */
2517 DELETE_ACCESS, /* access_mask */
2518 FILE_SHARE_READ | FILE_SHARE_WRITE
2519 | FILE_SHARE_DELETE, /* share_access */
2520 FILE_OPEN, /* create_disposition*/
2521 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2522 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2523 0, /* oplock_request */
2524 0, /* allocation_size */
2527 &streams[i], /* result */
2531 TALLOC_FREE(streamname);
2533 if (!NT_STATUS_IS_OK(status)) {
2534 DEBUG(10, ("Could not open stream %s: %s\n",
2535 streamname, nt_errstr(status)));
2541 * don't touch the variable "status" beyond this point :-)
2544 for (i -= 1 ; i >= 0; i--) {
2545 if (streams[i] == NULL) {
2549 DEBUG(10, ("Closing stream # %d, %s\n", i,
2550 streams[i]->fsp_name));
2551 close_file(streams[i], NORMAL_CLOSE);
2560 * Wrapper around open_file_ntcreate and open_directory
2563 NTSTATUS create_file_unixpath(connection_struct *conn,
2564 struct smb_request *req,
2566 uint32_t access_mask,
2567 uint32_t share_access,
2568 uint32_t create_disposition,
2569 uint32_t create_options,
2570 uint32_t file_attributes,
2571 uint32_t oplock_request,
2572 SMB_BIG_UINT allocation_size,
2573 struct security_descriptor *sd,
2574 struct ea_list *ea_list,
2576 files_struct **result,
2578 SMB_STRUCT_STAT *psbuf)
2580 SMB_STRUCT_STAT sbuf;
2581 int info = FILE_WAS_OPENED;
2582 files_struct *base_fsp = NULL;
2583 files_struct *fsp = NULL;
2586 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2587 "file_attributes = 0x%x, share_access = 0x%x, "
2588 "create_disposition = 0x%x create_options = 0x%x "
2589 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2591 (unsigned int)access_mask,
2592 (unsigned int)file_attributes,
2593 (unsigned int)share_access,
2594 (unsigned int)create_disposition,
2595 (unsigned int)create_options,
2596 (unsigned int)oplock_request,
2597 ea_list, sd, fname));
2599 if (create_options & FILE_OPEN_BY_FILE_ID) {
2600 status = NT_STATUS_NOT_SUPPORTED;
2605 oplock_request |= INTERNAL_OPEN_ONLY;
2608 if (psbuf != NULL) {
2612 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2613 SET_STAT_INVALID(sbuf);
2617 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2618 && (access_mask & DELETE_ACCESS)
2619 && !is_ntfs_stream_name(fname)) {
2621 * We can't open a file with DELETE access if any of the
2622 * streams is open without FILE_SHARE_DELETE
2624 status = open_streams_for_delete(conn, fname);
2626 if (!NT_STATUS_IS_OK(status)) {
2631 /* This is the correct thing to do (check every time) but can_delete
2632 * is expensive (it may have to read the parent directory
2633 * permissions). So for now we're not doing it unless we have a strong
2634 * hint the client is really going to delete this file. If the client
2635 * is forcing FILE_CREATE let the filesystem take care of the
2638 /* Setting FILE_SHARE_DELETE is the hint. */
2640 if (lp_acl_check_permissions(SNUM(conn))
2641 && (create_disposition != FILE_CREATE)
2642 && (share_access & FILE_SHARE_DELETE)
2643 && (access_mask & DELETE_ACCESS)
2644 && (((dos_mode(conn, fname, &sbuf) & FILE_ATTRIBUTE_READONLY)
2645 && !lp_delete_readonly(SNUM(conn)))
2646 || !can_delete_file_in_directory(conn, fname))) {
2647 status = NT_STATUS_ACCESS_DENIED;
2652 /* We need to support SeSecurityPrivilege for this. */
2653 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2654 !user_has_privileges(current_user.nt_user_token,
2656 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2661 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2662 && is_ntfs_stream_name(fname)
2663 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2665 uint32 base_create_disposition;
2667 if (create_options & FILE_DIRECTORY_FILE) {
2668 status = NT_STATUS_NOT_A_DIRECTORY;
2672 status = split_ntfs_stream_name(talloc_tos(), fname,
2674 if (!NT_STATUS_IS_OK(status)) {
2675 DEBUG(10, ("create_file_unixpath: "
2676 "split_ntfs_stream_name failed: %s\n",
2677 nt_errstr(status)));
2681 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2683 switch (create_disposition) {
2685 base_create_disposition = FILE_OPEN;
2688 base_create_disposition = FILE_OPEN_IF;
2692 status = create_file_unixpath(conn, NULL, base, 0,
2695 | FILE_SHARE_DELETE,
2696 base_create_disposition,
2697 0, 0, 0, 0, NULL, NULL,
2698 &base_fsp, NULL, NULL);
2699 if (!NT_STATUS_IS_OK(status)) {
2700 DEBUG(10, ("create_file_unixpath for base %s failed: "
2701 "%s\n", base, nt_errstr(status)));
2707 * If it's a request for a directory open, deal with it separately.
2710 if (create_options & FILE_DIRECTORY_FILE) {
2712 if (create_options & FILE_NON_DIRECTORY_FILE) {
2713 status = NT_STATUS_INVALID_PARAMETER;
2717 /* Can't open a temp directory. IFS kit test. */
2718 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2719 status = NT_STATUS_INVALID_PARAMETER;
2724 * We will get a create directory here if the Win32
2725 * app specified a security descriptor in the
2726 * CreateDirectory() call.
2730 status = open_directory(
2731 conn, req, fname, &sbuf, access_mask, share_access,
2732 create_disposition, create_options, file_attributes,
2737 * Ordinary file case.
2740 status = open_file_ntcreate(
2741 conn, req, fname, &sbuf, access_mask, share_access,
2742 create_disposition, create_options, file_attributes,
2743 oplock_request, &info, &fsp);
2745 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2748 * Fail the open if it was explicitly a non-directory
2752 if (create_options & FILE_NON_DIRECTORY_FILE) {
2753 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2758 status = open_directory(
2759 conn, req, fname, &sbuf, access_mask,
2760 share_access, create_disposition,
2761 create_options, file_attributes,
2766 if (!NT_STATUS_IS_OK(status)) {
2771 * According to the MS documentation, the only time the security
2772 * descriptor is applied to the opened file is iff we *created* the
2773 * file; an existing file stays the same.
2775 * Also, it seems (from observation) that you can open the file with
2776 * any access mask but you can still write the sd. We need to override
2777 * the granted access before we call set_sd
2778 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
2781 if ((sd != NULL) && (info == FILE_WAS_CREATED)
2782 && lp_nt_acl_support(SNUM(conn))) {
2784 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
2785 uint32_t saved_access_mask = fsp->access_mask;
2787 if (sd->owner_sid == NULL) {
2788 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
2790 if (sd->group_sid == NULL) {
2791 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
2793 if (sd->sacl == NULL) {
2794 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
2796 if (sd->dacl == NULL) {
2797 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
2800 fsp->access_mask = FILE_GENERIC_ALL;
2802 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
2804 fsp->access_mask = saved_access_mask;
2806 if (!NT_STATUS_IS_OK(status)) {
2811 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
2812 status = set_ea(conn, fsp, fname, ea_list);
2813 if (!NT_STATUS_IS_OK(status)) {
2818 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
2819 status = NT_STATUS_ACCESS_DENIED;
2823 /* Save the requested allocation size. */
2824 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
2826 && (allocation_size > sbuf.st_size)) {
2827 fsp->initial_allocation_size = smb_roundup(
2828 fsp->conn, allocation_size);
2829 if (fsp->is_directory) {
2830 /* Can't set allocation size on a directory. */
2831 status = NT_STATUS_ACCESS_DENIED;
2834 if (vfs_allocate_file_space(
2835 fsp, fsp->initial_allocation_size) == -1) {
2836 status = NT_STATUS_DISK_FULL;
2840 fsp->initial_allocation_size = smb_roundup(
2841 fsp->conn, (SMB_BIG_UINT)sbuf.st_size);
2845 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
2848 * Set fsp->base_fsp late enough that we can't "goto fail" anymore. In
2849 * the fail: branch we call close_file(fsp, ERROR_CLOSE) which would
2850 * also close fsp->base_fsp which we have to also do explicitly in
2851 * this routine here, as not in all "goto fail:" we have the fsp set
2852 * up already to be initialized with the base_fsp.
2855 fsp->base_fsp = base_fsp;
2858 if (pinfo != NULL) {
2861 if (psbuf != NULL) {
2862 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
2866 SMB_VFS_FSTAT(fsp, psbuf);
2869 return NT_STATUS_OK;
2872 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
2875 close_file(fsp, ERROR_CLOSE);
2878 if (base_fsp != NULL) {
2879 close_file(base_fsp, ERROR_CLOSE);
2885 NTSTATUS create_file(connection_struct *conn,
2886 struct smb_request *req,
2887 uint16_t root_dir_fid,
2889 uint32_t access_mask,
2890 uint32_t share_access,
2891 uint32_t create_disposition,
2892 uint32_t create_options,
2893 uint32_t file_attributes,
2894 uint32_t oplock_request,
2895 SMB_BIG_UINT allocation_size,
2896 struct security_descriptor *sd,
2897 struct ea_list *ea_list,
2899 files_struct **result,
2901 SMB_STRUCT_STAT *psbuf)
2903 struct case_semantics_state *case_state = NULL;
2904 SMB_STRUCT_STAT sbuf;
2905 int info = FILE_WAS_OPENED;
2906 files_struct *fsp = NULL;
2909 DEBUG(10,("create_file: access_mask = 0x%x "
2910 "file_attributes = 0x%x, share_access = 0x%x, "
2911 "create_disposition = 0x%x create_options = 0x%x "
2912 "oplock_request = 0x%x "
2913 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
2915 (unsigned int)access_mask,
2916 (unsigned int)file_attributes,
2917 (unsigned int)share_access,
2918 (unsigned int)create_disposition,
2919 (unsigned int)create_options,
2920 (unsigned int)oplock_request,
2921 (unsigned int)root_dir_fid,
2922 ea_list, sd, fname));
2925 * Get the file name.
2928 if (root_dir_fid != 0) {
2930 * This filename is relative to a directory fid.
2932 char *parent_fname = NULL;
2933 files_struct *dir_fsp = file_fsp(root_dir_fid);
2935 if (dir_fsp == NULL) {
2936 status = NT_STATUS_INVALID_HANDLE;
2940 if (!dir_fsp->is_directory) {
2943 * Check to see if this is a mac fork of some kind.
2946 if (is_ntfs_stream_name(fname)) {
2947 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
2952 we need to handle the case when we get a
2953 relative open relative to a file and the
2954 pathname is blank - this is a reopen!
2955 (hint from demyn plantenberg)
2958 status = NT_STATUS_INVALID_HANDLE;
2962 if (ISDOT(dir_fsp->fsp_name)) {
2964 * We're at the toplevel dir, the final file name
2965 * must not contain ./, as this is filtered out
2966 * normally by srvstr_get_path and unix_convert
2967 * explicitly rejects paths containing ./.
2969 parent_fname = talloc_strdup(talloc_tos(), "");
2970 if (parent_fname == NULL) {
2971 status = NT_STATUS_NO_MEMORY;
2975 size_t dir_name_len = strlen(dir_fsp->fsp_name);
2978 * Copy in the base directory name.
2981 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
2983 if (parent_fname == NULL) {
2984 status = NT_STATUS_NO_MEMORY;
2987 memcpy(parent_fname, dir_fsp->fsp_name,
2991 * Ensure it ends in a '/'.
2992 * We used TALLOC_SIZE +2 to add space for the '/'.
2996 && (parent_fname[dir_name_len-1] != '\\')
2997 && (parent_fname[dir_name_len-1] != '/')) {
2998 parent_fname[dir_name_len] = '/';
2999 parent_fname[dir_name_len+1] = '\0';
3003 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3005 if (fname == NULL) {
3006 status = NT_STATUS_NO_MEMORY;
3012 * Check to see if this is a mac fork of some kind.
3015 if (is_ntfs_stream_name(fname)) {
3016 enum FAKE_FILE_TYPE fake_file_type;
3018 fake_file_type = is_fake_file(fname);
3020 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3023 * Here we go! support for changing the disk quotas
3026 * We need to fake up to open this MAGIC QUOTA file
3027 * and return a valid FID.
3029 * w2k close this file directly after openening xp
3030 * also tries a QUERY_FILE_INFO on the file and then
3033 status = open_fake_file(conn, fake_file_type, fname,
3035 if (!NT_STATUS_IS_OK(status)) {
3044 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3045 char *resolved_fname;
3047 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3050 if (!NT_STATUS_IS_OK(status)) {
3052 * For PATH_NOT_COVERED we had
3053 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3054 * ERRSRV, ERRbadpath);
3055 * Need to fix in callers
3059 fname = resolved_fname;
3063 * Check if POSIX semantics are wanted.
3066 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3067 case_state = set_posix_case_semantics(talloc_tos(), conn);
3068 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
3072 char *converted_fname;
3074 SET_STAT_INVALID(sbuf);
3076 status = unix_convert(talloc_tos(), conn, fname, False,
3077 &converted_fname, NULL, &sbuf);
3078 if (!NT_STATUS_IS_OK(status)) {
3081 fname = converted_fname;
3084 TALLOC_FREE(case_state);
3086 /* All file access must go through check_name() */
3088 status = check_name(conn, fname);
3089 if (!NT_STATUS_IS_OK(status)) {
3093 status = create_file_unixpath(
3094 conn, req, fname, access_mask, share_access,
3095 create_disposition, create_options, file_attributes,
3096 oplock_request, allocation_size, sd, ea_list,
3097 &fsp, &info, &sbuf);
3099 if (!NT_STATUS_IS_OK(status)) {
3104 DEBUG(10, ("create_file: info=%d\n", info));
3107 if (pinfo != NULL) {
3110 if (psbuf != NULL) {
3113 return NT_STATUS_OK;
3116 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3119 close_file(fsp, ERROR_CLOSE);
git.samba.org / metze / samba / wip.git / blob