2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
7 Copyright (C) Ralph Boehme 2017
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "system/filesys.h"
25 #include "lib/util/server_id.h"
27 #include "smbd/smbd.h"
28 #include "smbd/globals.h"
29 #include "fake_file.h"
30 #include "../libcli/security/security.h"
31 #include "../librpc/gen_ndr/ndr_security.h"
32 #include "../librpc/gen_ndr/ndr_open_files.h"
33 #include "../librpc/gen_ndr/idmap.h"
34 #include "../librpc/gen_ndr/ioctl.h"
35 #include "passdb/lookup_sid.h"
39 #include "source3/lib/dbwrap/dbwrap_watch.h"
40 #include "locking/leases_db.h"
41 #include "librpc/gen_ndr/ndr_leases_db.h"
43 extern const struct generic_mapping file_generic_mapping;
45 struct deferred_open_record {
46 bool delayed_for_oplocks;
51 * Timer for async opens, needed because they don't use a watch on
52 * a locking.tdb record. This is currently only used for real async
53 * opens and just terminates smbd if the async open times out.
55 struct tevent_timer *te;
58 /****************************************************************************
59 If the requester wanted DELETE_ACCESS and was rejected because
60 the file ACL didn't include DELETE_ACCESS, see if the parent ACL
62 ****************************************************************************/
64 static bool parent_override_delete(connection_struct *conn,
65 const struct smb_filename *smb_fname,
67 uint32_t rejected_mask)
69 if ((access_mask & DELETE_ACCESS) &&
70 (rejected_mask & DELETE_ACCESS) &&
71 can_delete_file_in_directory(conn, smb_fname)) {
77 /****************************************************************************
78 Check if we have open rights.
79 ****************************************************************************/
81 NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
82 const struct smb_filename *smb_fname,
86 /* Check if we have rights to open. */
88 struct security_descriptor *sd = NULL;
89 uint32_t rejected_share_access;
90 uint32_t rejected_mask = access_mask;
91 uint32_t do_not_check_mask = 0;
93 rejected_share_access = access_mask & ~(conn->share_access);
95 if (rejected_share_access) {
96 DEBUG(10, ("smbd_check_access_rights: rejected share access 0x%x "
98 (unsigned int)access_mask,
99 smb_fname_str_dbg(smb_fname),
100 (unsigned int)rejected_share_access ));
101 return NT_STATUS_ACCESS_DENIED;
104 if (!use_privs && get_current_uid(conn) == (uid_t)0) {
105 /* I'm sorry sir, I didn't know you were root... */
106 DEBUG(10,("smbd_check_access_rights: root override "
107 "on %s. Granting 0x%x\n",
108 smb_fname_str_dbg(smb_fname),
109 (unsigned int)access_mask ));
113 if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
114 DEBUG(10,("smbd_check_access_rights: not checking ACL "
115 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
116 smb_fname_str_dbg(smb_fname),
117 (unsigned int)access_mask ));
121 if (access_mask == DELETE_ACCESS &&
122 VALID_STAT(smb_fname->st) &&
123 S_ISLNK(smb_fname->st.st_ex_mode)) {
124 /* We can always delete a symlink. */
125 DEBUG(10,("smbd_check_access_rights: not checking ACL "
126 "on DELETE_ACCESS on symlink %s.\n",
127 smb_fname_str_dbg(smb_fname) ));
131 status = SMB_VFS_GET_NT_ACL(conn, smb_fname,
134 SECINFO_DACL), talloc_tos(), &sd);
136 if (!NT_STATUS_IS_OK(status)) {
137 DEBUG(10, ("smbd_check_access_rights: Could not get acl "
139 smb_fname_str_dbg(smb_fname),
142 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
150 * If we can access the path to this file, by
151 * default we have FILE_READ_ATTRIBUTES from the
152 * containing directory. See the section:
153 * "Algorithm to Check Access to an Existing File"
156 * se_file_access_check() also takes care of
157 * owner WRITE_DAC and READ_CONTROL.
159 do_not_check_mask = FILE_READ_ATTRIBUTES;
162 * Samba 3.6 and earlier granted execute access even
163 * if the ACL did not contain execute rights.
164 * Samba 4.0 is more correct and checks it.
165 * The compatibilty mode allows one to skip this check
166 * to smoothen upgrades.
168 if (lp_acl_allow_execute_always(SNUM(conn))) {
169 do_not_check_mask |= FILE_EXECUTE;
172 status = se_file_access_check(sd,
173 get_current_nttok(conn),
175 (access_mask & ~do_not_check_mask),
178 DEBUG(10,("smbd_check_access_rights: file %s requesting "
179 "0x%x returning 0x%x (%s)\n",
180 smb_fname_str_dbg(smb_fname),
181 (unsigned int)access_mask,
182 (unsigned int)rejected_mask,
183 nt_errstr(status) ));
185 if (!NT_STATUS_IS_OK(status)) {
186 if (DEBUGLEVEL >= 10) {
187 DEBUG(10,("smbd_check_access_rights: acl for %s is:\n",
188 smb_fname_str_dbg(smb_fname) ));
189 NDR_PRINT_DEBUG(security_descriptor, sd);
195 if (NT_STATUS_IS_OK(status) ||
196 !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
200 /* Here we know status == NT_STATUS_ACCESS_DENIED. */
204 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
205 (rejected_mask & FILE_WRITE_ATTRIBUTES) &&
206 !lp_store_dos_attributes(SNUM(conn)) &&
207 (lp_map_readonly(SNUM(conn)) ||
208 lp_map_archive(SNUM(conn)) ||
209 lp_map_hidden(SNUM(conn)) ||
210 lp_map_system(SNUM(conn)))) {
211 rejected_mask &= ~FILE_WRITE_ATTRIBUTES;
213 DEBUG(10,("smbd_check_access_rights: "
215 "FILE_WRITE_ATTRIBUTES "
217 smb_fname_str_dbg(smb_fname)));
220 if (parent_override_delete(conn,
224 /* Were we trying to do an open
225 * for delete and didn't get DELETE
226 * access (only) ? Check if the
227 * directory allows DELETE_CHILD.
229 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
232 rejected_mask &= ~DELETE_ACCESS;
234 DEBUG(10,("smbd_check_access_rights: "
238 smb_fname_str_dbg(smb_fname)));
241 if (rejected_mask != 0) {
242 return NT_STATUS_ACCESS_DENIED;
247 NTSTATUS check_parent_access(struct connection_struct *conn,
248 struct smb_filename *smb_fname,
249 uint32_t access_mask)
252 char *parent_dir = NULL;
253 struct security_descriptor *parent_sd = NULL;
254 uint32_t access_granted = 0;
255 struct smb_filename *parent_smb_fname = NULL;
256 struct share_mode_lock *lck = NULL;
257 struct file_id id = {0};
259 bool delete_on_close_set;
261 TALLOC_CTX *frame = talloc_stackframe();
263 if (!parent_dirname(frame,
264 smb_fname->base_name,
267 status = NT_STATUS_NO_MEMORY;
271 parent_smb_fname = synthetic_smb_fname(frame,
276 if (parent_smb_fname == NULL) {
277 status = NT_STATUS_NO_MEMORY;
281 if (get_current_uid(conn) == (uid_t)0) {
282 /* I'm sorry sir, I didn't know you were root... */
283 DEBUG(10,("check_parent_access: root override "
284 "on %s. Granting 0x%x\n",
285 smb_fname_str_dbg(smb_fname),
286 (unsigned int)access_mask ));
287 status = NT_STATUS_OK;
291 status = SMB_VFS_GET_NT_ACL(conn,
297 if (!NT_STATUS_IS_OK(status)) {
298 DEBUG(5,("check_parent_access: SMB_VFS_GET_NT_ACL failed for "
299 "%s with error %s\n",
306 * If we can access the path to this file, by
307 * default we have FILE_READ_ATTRIBUTES from the
308 * containing directory. See the section:
309 * "Algorithm to Check Access to an Existing File"
312 * se_file_access_check() also takes care of
313 * owner WRITE_DAC and READ_CONTROL.
315 status = se_file_access_check(parent_sd,
316 get_current_nttok(conn),
318 (access_mask & ~FILE_READ_ATTRIBUTES),
320 if(!NT_STATUS_IS_OK(status)) {
321 DEBUG(5,("check_parent_access: access check "
322 "on directory %s for "
323 "path %s for mask 0x%x returned (0x%x) %s\n",
325 smb_fname->base_name,
328 nt_errstr(status) ));
332 if (!(access_mask & (SEC_DIR_ADD_FILE | SEC_DIR_ADD_SUBDIR))) {
333 status = NT_STATUS_OK;
336 if (!lp_check_parent_directory_delete_on_close(SNUM(conn))) {
337 status = NT_STATUS_OK;
341 /* Check if the directory has delete-on-close set */
342 ret = SMB_VFS_STAT(conn, parent_smb_fname);
344 status = map_nt_error_from_unix(errno);
348 id = SMB_VFS_FILE_ID_CREATE(conn, &parent_smb_fname->st);
350 status = file_name_hash(conn, parent_smb_fname->base_name, &name_hash);
351 if (!NT_STATUS_IS_OK(status)) {
355 lck = get_existing_share_mode_lock(frame, id);
357 status = NT_STATUS_OK;
361 delete_on_close_set = is_delete_on_close_set(lck, name_hash);
362 if (delete_on_close_set) {
363 status = NT_STATUS_DELETE_PENDING;
367 status = NT_STATUS_OK;
374 /****************************************************************************
375 Ensure when opening a base file for a stream open that we have permissions
376 to do so given the access mask on the base file.
377 ****************************************************************************/
379 static NTSTATUS check_base_file_access(struct connection_struct *conn,
380 struct smb_filename *smb_fname,
381 uint32_t access_mask)
385 status = smbd_calculate_access_mask(conn, smb_fname,
389 if (!NT_STATUS_IS_OK(status)) {
390 DEBUG(10, ("smbd_calculate_access_mask "
391 "on file %s returned %s\n",
392 smb_fname_str_dbg(smb_fname),
397 if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) {
399 if (!CAN_WRITE(conn)) {
400 return NT_STATUS_ACCESS_DENIED;
402 dosattrs = dos_mode(conn, smb_fname);
403 if (IS_DOS_READONLY(dosattrs)) {
404 return NT_STATUS_ACCESS_DENIED;
408 return smbd_check_access_rights(conn,
414 /****************************************************************************
415 Handle differing symlink errno's
416 ****************************************************************************/
418 static int link_errno_convert(int err)
420 #if defined(ENOTSUP) && defined(OSF1)
421 /* handle special Tru64 errno */
422 if (err == ENOTSUP) {
427 /* fix broken NetBSD errno */
432 /* fix broken FreeBSD errno */
439 static int non_widelink_open(struct connection_struct *conn,
440 const struct smb_filename *conn_rootdir_fname,
442 struct smb_filename *smb_fname,
445 unsigned int link_depth);
447 /****************************************************************************
448 Follow a symlink in userspace.
449 ****************************************************************************/
451 static int process_symlink_open(struct connection_struct *conn,
452 const struct smb_filename *conn_rootdir_fname,
454 struct smb_filename *smb_fname,
457 unsigned int link_depth)
460 char *link_target = NULL;
461 struct smb_filename target_fname = {0};
463 struct smb_filename *oldwd_fname = NULL;
464 size_t rootdir_len = 0;
465 struct smb_filename *resolved_fname = NULL;
466 char *resolved_name = NULL;
467 bool matched = false;
471 * Ensure we don't get stuck in a symlink loop.
474 if (link_depth >= 20) {
479 /* Allocate space for the link target. */
480 link_target = talloc_array(talloc_tos(), char, PATH_MAX);
481 if (link_target == NULL) {
486 /* Read the link target. */
487 link_len = SMB_VFS_READLINK(conn,
491 if (link_len == -1) {
495 /* Ensure it's at least null terminated. */
496 link_target[link_len] = '\0';
497 target_fname = (struct smb_filename){ .base_name = link_target };
499 /* Convert to an absolute path. */
500 resolved_fname = SMB_VFS_REALPATH(conn, talloc_tos(), &target_fname);
501 if (resolved_fname == NULL) {
504 resolved_name = resolved_fname->base_name;
507 * We know conn_rootdir starts with '/' and
508 * does not end in '/'. FIXME ! Should we
511 rootdir_len = strlen(conn_rootdir_fname->base_name);
513 matched = (strncmp(conn_rootdir_fname->base_name,
522 * Turn into a path relative to the share root.
524 if (resolved_name[rootdir_len] == '\0') {
525 /* Link to the root of the share. */
526 TALLOC_FREE(smb_fname->base_name);
527 smb_fname->base_name = talloc_strdup(smb_fname, ".");
528 } else if (resolved_name[rootdir_len] == '/') {
529 TALLOC_FREE(smb_fname->base_name);
530 smb_fname->base_name = talloc_strdup(smb_fname,
531 &resolved_name[rootdir_len+1]);
537 if (smb_fname->base_name == NULL) {
542 oldwd_fname = vfs_GetWd(talloc_tos(), conn);
543 if (oldwd_fname == NULL) {
547 /* Ensure we operate from the root of the share. */
548 if (vfs_ChDir(conn, conn_rootdir_fname) == -1) {
552 /* And do it all again.. */
553 fd = non_widelink_open(conn,
566 TALLOC_FREE(resolved_fname);
567 TALLOC_FREE(link_target);
568 if (oldwd_fname != NULL) {
569 int ret = vfs_ChDir(conn, oldwd_fname);
571 smb_panic("unable to get back to old directory\n");
573 TALLOC_FREE(oldwd_fname);
575 if (saved_errno != 0) {
581 /****************************************************************************
583 ****************************************************************************/
585 static int non_widelink_open(struct connection_struct *conn,
586 const struct smb_filename *conn_rootdir_fname,
588 struct smb_filename *smb_fname,
591 unsigned int link_depth)
595 struct smb_filename *smb_fname_rel = NULL;
597 struct smb_filename *oldwd_fname = NULL;
598 char *parent_dir = NULL;
599 struct smb_filename parent_dir_fname = {0};
600 const char *final_component = NULL;
601 bool is_directory = false;
605 if (flags & O_DIRECTORY) {
611 parent_dir = talloc_strdup(talloc_tos(), smb_fname->base_name);
612 if (parent_dir == NULL) {
617 final_component = ".";
619 ok = parent_dirname(talloc_tos(),
620 smb_fname->base_name,
629 parent_dir_fname = (struct smb_filename) { .base_name = parent_dir };
631 oldwd_fname = vfs_GetWd(talloc_tos(), conn);
632 if (oldwd_fname == NULL) {
636 /* Pin parent directory in place. */
637 if (vfs_ChDir(conn, &parent_dir_fname) == -1) {
641 smb_fname_rel = synthetic_smb_fname(talloc_tos(),
643 smb_fname->stream_name,
646 if (smb_fname_rel == NULL) {
647 saved_errno = ENOMEM;
651 /* Ensure the relative path is below the share. */
652 status = check_reduced_name(conn, &parent_dir_fname, smb_fname_rel);
653 if (!NT_STATUS_IS_OK(status)) {
654 saved_errno = map_errno_from_nt_status(status);
661 struct smb_filename *tmp_name = fsp->fsp_name;
662 fsp->fsp_name = smb_fname_rel;
663 fd = SMB_VFS_OPEN(conn, smb_fname_rel, fsp, flags, mode);
664 fsp->fsp_name = tmp_name;
668 saved_errno = link_errno_convert(errno);
670 * Trying to open a symlink to a directory with O_NOFOLLOW and
671 * O_DIRECTORY can return either of ELOOP and ENOTDIR. So
672 * ENOTDIR really means: might be a symlink, but we're not sure.
673 * In this case, we just assume there's a symlink. If we were
674 * wrong, process_symlink_open() will return EINVAL. We check
675 * this below, and fall back to returning the initial
678 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
680 if (saved_errno == ELOOP || saved_errno == ENOTDIR) {
681 if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
682 /* Never follow symlinks on posix open. */
685 if (!lp_follow_symlinks(SNUM(conn))) {
686 /* Explicitly no symlinks. */
690 * We may have a symlink. Follow in userspace
691 * to ensure it's under the share definition.
693 fd = process_symlink_open(conn,
701 if (saved_errno == ENOTDIR &&
704 * O_DIRECTORY on neither a directory,
705 * nor a symlink. Just return
706 * saved_errno from initial open()
711 link_errno_convert(errno);
718 TALLOC_FREE(parent_dir);
719 TALLOC_FREE(smb_fname_rel);
721 if (oldwd_fname != NULL) {
722 int ret = vfs_ChDir(conn, oldwd_fname);
724 smb_panic("unable to get back to old directory\n");
726 TALLOC_FREE(oldwd_fname);
728 if (saved_errno != 0) {
734 /****************************************************************************
735 fd support routines - attempt to do a dos_open.
736 ****************************************************************************/
738 NTSTATUS fd_open(struct connection_struct *conn,
743 struct smb_filename *smb_fname = fsp->fsp_name;
744 NTSTATUS status = NT_STATUS_OK;
747 * Never follow symlinks on a POSIX client. The
748 * client should be doing this.
751 if ((fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) || !lp_follow_symlinks(SNUM(conn))) {
755 /* Ensure path is below share definition. */
756 if (!lp_widelinks(SNUM(conn))) {
757 struct smb_filename *conn_rootdir_fname = NULL;
758 const char *conn_rootdir = SMB_VFS_CONNECTPATH(conn,
762 if (conn_rootdir == NULL) {
763 return NT_STATUS_NO_MEMORY;
765 conn_rootdir_fname = synthetic_smb_fname(talloc_tos(),
770 if (conn_rootdir_fname == NULL) {
771 return NT_STATUS_NO_MEMORY;
775 * Only follow symlinks within a share
778 fsp->fh->fd = non_widelink_open(conn,
785 if (fsp->fh->fd == -1) {
788 TALLOC_FREE(conn_rootdir_fname);
789 if (saved_errno != 0) {
793 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
796 if (fsp->fh->fd == -1) {
797 int posix_errno = link_errno_convert(errno);
798 status = map_nt_error_from_unix(posix_errno);
799 if (errno == EMFILE) {
800 static time_t last_warned = 0L;
802 if (time((time_t *) NULL) > last_warned) {
803 DEBUG(0,("Too many open files, unable "
804 "to open more! smbd's max "
806 lp_max_open_files()));
807 last_warned = time((time_t *) NULL);
813 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
814 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
815 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
820 /****************************************************************************
821 Close the file associated with a fsp.
822 ****************************************************************************/
824 NTSTATUS fd_close(files_struct *fsp)
831 if (fsp->fh->fd == -1) {
832 return NT_STATUS_OK; /* What we used to call a stat open. */
834 if (fsp->fh->ref_count > 1) {
835 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
838 ret = SMB_VFS_CLOSE(fsp);
841 return map_nt_error_from_unix(errno);
846 /****************************************************************************
847 Change the ownership of a file to that of the parent directory.
848 Do this by fd if possible.
849 ****************************************************************************/
851 void change_file_owner_to_parent(connection_struct *conn,
852 const char *inherit_from_dir,
855 struct smb_filename *smb_fname_parent;
858 smb_fname_parent = synthetic_smb_fname(talloc_tos(),
863 if (smb_fname_parent == NULL) {
867 ret = SMB_VFS_STAT(conn, smb_fname_parent);
869 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
870 "directory %s. Error was %s\n",
871 smb_fname_str_dbg(smb_fname_parent),
873 TALLOC_FREE(smb_fname_parent);
877 if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
878 /* Already this uid - no need to change. */
879 DEBUG(10,("change_file_owner_to_parent: file %s "
880 "is already owned by uid %d\n",
882 (int)fsp->fsp_name->st.st_ex_uid ));
883 TALLOC_FREE(smb_fname_parent);
888 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
891 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
892 "file %s to parent directory uid %u. Error "
893 "was %s\n", fsp_str_dbg(fsp),
894 (unsigned int)smb_fname_parent->st.st_ex_uid,
897 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
898 "parent directory uid %u.\n", fsp_str_dbg(fsp),
899 (unsigned int)smb_fname_parent->st.st_ex_uid));
900 /* Ensure the uid entry is updated. */
901 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
904 TALLOC_FREE(smb_fname_parent);
907 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
908 const char *inherit_from_dir,
909 struct smb_filename *smb_dname,
910 SMB_STRUCT_STAT *psbuf)
912 struct smb_filename *smb_fname_parent;
913 struct smb_filename *smb_fname_cwd = NULL;
914 struct smb_filename *saved_dir_fname = NULL;
915 TALLOC_CTX *ctx = talloc_tos();
916 NTSTATUS status = NT_STATUS_OK;
919 smb_fname_parent = synthetic_smb_fname(ctx,
924 if (smb_fname_parent == NULL) {
925 return NT_STATUS_NO_MEMORY;
928 ret = SMB_VFS_STAT(conn, smb_fname_parent);
930 status = map_nt_error_from_unix(errno);
931 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
932 "directory %s. Error was %s\n",
933 smb_fname_str_dbg(smb_fname_parent),
938 /* We've already done an lstat into psbuf, and we know it's a
939 directory. If we can cd into the directory and the dev/ino
940 are the same then we can safely chown without races as
941 we're locking the directory in place by being in it. This
942 should work on any UNIX (thanks tridge :-). JRA.
945 saved_dir_fname = vfs_GetWd(ctx,conn);
946 if (!saved_dir_fname) {
947 status = map_nt_error_from_unix(errno);
948 DEBUG(0,("change_dir_owner_to_parent: failed to get "
949 "current working directory. Error was %s\n",
954 /* Chdir into the new path. */
955 if (vfs_ChDir(conn, smb_dname) == -1) {
956 status = map_nt_error_from_unix(errno);
957 DEBUG(0,("change_dir_owner_to_parent: failed to change "
958 "current working directory to %s. Error "
959 "was %s\n", smb_dname->base_name, strerror(errno) ));
963 smb_fname_cwd = synthetic_smb_fname(ctx, ".", NULL, NULL, 0);
964 if (smb_fname_cwd == NULL) {
965 status = NT_STATUS_NO_MEMORY;
969 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
971 status = map_nt_error_from_unix(errno);
972 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
973 "directory '.' (%s) Error was %s\n",
974 smb_dname->base_name, strerror(errno)));
978 /* Ensure we're pointing at the same place. */
979 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
980 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
981 DEBUG(0,("change_dir_owner_to_parent: "
982 "device/inode on directory %s changed. "
983 "Refusing to chown !\n",
984 smb_dname->base_name ));
985 status = NT_STATUS_ACCESS_DENIED;
989 if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
990 /* Already this uid - no need to change. */
991 DEBUG(10,("change_dir_owner_to_parent: directory %s "
992 "is already owned by uid %d\n",
993 smb_dname->base_name,
994 (int)smb_fname_cwd->st.st_ex_uid ));
995 status = NT_STATUS_OK;
1000 ret = SMB_VFS_LCHOWN(conn,
1002 smb_fname_parent->st.st_ex_uid,
1006 status = map_nt_error_from_unix(errno);
1007 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
1008 "directory %s to parent directory uid %u. "
1010 smb_dname->base_name,
1011 (unsigned int)smb_fname_parent->st.st_ex_uid,
1014 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
1015 "directory %s to parent directory uid %u.\n",
1016 smb_dname->base_name,
1017 (unsigned int)smb_fname_parent->st.st_ex_uid ));
1018 /* Ensure the uid entry is updated. */
1019 psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid;
1023 vfs_ChDir(conn, saved_dir_fname);
1025 TALLOC_FREE(saved_dir_fname);
1026 TALLOC_FREE(smb_fname_parent);
1027 TALLOC_FREE(smb_fname_cwd);
1031 /****************************************************************************
1032 Open a file - returning a guaranteed ATOMIC indication of if the
1033 file was created or not.
1034 ****************************************************************************/
1036 static NTSTATUS fd_open_atomic(struct connection_struct *conn,
1042 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1043 NTSTATUS retry_status;
1044 bool file_existed = VALID_STAT(fsp->fsp_name->st);
1047 *file_created = false;
1049 if (!(flags & O_CREAT)) {
1051 * We're not creating the file, just pass through.
1053 return fd_open(conn, fsp, flags, mode);
1056 if (flags & O_EXCL) {
1058 * Fail if already exists, just pass through.
1060 status = fd_open(conn, fsp, flags, mode);
1063 * Here we've opened with O_CREAT|O_EXCL. If that went
1064 * NT_STATUS_OK, we *know* we created this file.
1066 *file_created = NT_STATUS_IS_OK(status);
1072 * Now it gets tricky. We have O_CREAT, but not O_EXCL.
1073 * To know absolutely if we created the file or not,
1074 * we can never call O_CREAT without O_EXCL. So if
1075 * we think the file existed, try without O_CREAT|O_EXCL.
1076 * If we think the file didn't exist, try with
1079 * The big problem here is dangling symlinks. Opening
1080 * without O_NOFOLLOW means both bad symlink
1081 * and missing path return -1, ENOENT from open(). As POSIX
1082 * is pathname based it's not possible to tell
1083 * the difference between these two cases in a
1084 * non-racy way, so change to try only two attempts before
1087 * We don't have this problem for the O_NOFOLLOW
1088 * case as it just returns NT_STATUS_OBJECT_PATH_NOT_FOUND
1089 * mapped from the ELOOP POSIX error.
1095 curr_flags &= ~(O_CREAT);
1096 retry_status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
1098 curr_flags |= O_EXCL;
1099 retry_status = NT_STATUS_OBJECT_NAME_COLLISION;
1102 status = fd_open(conn, fsp, curr_flags, mode);
1103 if (NT_STATUS_IS_OK(status)) {
1104 if (!file_existed) {
1105 *file_created = true;
1107 return NT_STATUS_OK;
1109 if (!NT_STATUS_EQUAL(status, retry_status)) {
1116 * Keep file_existed up to date for clarity.
1118 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1119 file_existed = false;
1120 curr_flags |= O_EXCL;
1121 DBG_DEBUG("file %s did not exist. Retry.\n",
1122 smb_fname_str_dbg(fsp->fsp_name));
1124 file_existed = true;
1125 curr_flags &= ~(O_CREAT);
1126 DBG_DEBUG("file %s existed. Retry.\n",
1127 smb_fname_str_dbg(fsp->fsp_name));
1130 status = fd_open(conn, fsp, curr_flags, mode);
1132 if (NT_STATUS_IS_OK(status) && (!file_existed)) {
1133 *file_created = true;
1139 /****************************************************************************
1141 ****************************************************************************/
1143 static NTSTATUS open_file(files_struct *fsp,
1144 connection_struct *conn,
1145 struct smb_request *req,
1146 const char *parent_dir,
1149 uint32_t access_mask, /* client requested access mask. */
1150 uint32_t open_access_mask, /* what we're actually using in the open. */
1151 bool *p_file_created)
1153 struct smb_filename *smb_fname = fsp->fsp_name;
1154 NTSTATUS status = NT_STATUS_OK;
1155 int accmode = (flags & O_ACCMODE);
1156 int local_flags = flags;
1157 bool file_existed = VALID_STAT(fsp->fsp_name->st);
1162 /* Check permissions */
1165 * This code was changed after seeing a client open request
1166 * containing the open mode of (DENY_WRITE/read-only) with
1167 * the 'create if not exist' bit set. The previous code
1168 * would fail to open the file read only on a read-only share
1169 * as it was checking the flags parameter directly against O_RDONLY,
1170 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
1174 if (!CAN_WRITE(conn)) {
1175 /* It's a read-only share - fail if we wanted to write. */
1176 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
1177 DEBUG(3,("Permission denied opening %s\n",
1178 smb_fname_str_dbg(smb_fname)));
1179 return NT_STATUS_ACCESS_DENIED;
1181 if (flags & O_CREAT) {
1182 /* We don't want to write - but we must make sure that
1183 O_CREAT doesn't create the file if we have write
1184 access into the directory.
1186 flags &= ~(O_CREAT|O_EXCL);
1187 local_flags &= ~(O_CREAT|O_EXCL);
1192 * This little piece of insanity is inspired by the
1193 * fact that an NT client can open a file for O_RDONLY,
1194 * but set the create disposition to FILE_EXISTS_TRUNCATE.
1195 * If the client *can* write to the file, then it expects to
1196 * truncate the file, even though it is opening for readonly.
1197 * Quicken uses this stupid trick in backup file creation...
1198 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
1199 * for helping track this one down. It didn't bite us in 2.0.x
1200 * as we always opened files read-write in that release. JRA.
1203 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
1204 DEBUG(10,("open_file: truncate requested on read-only open "
1205 "for file %s\n", smb_fname_str_dbg(smb_fname)));
1206 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
1209 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|
1210 FILE_APPEND_DATA|FILE_EXECUTE|
1211 WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|
1212 READ_CONTROL_ACCESS))||
1213 (!file_existed && (local_flags & O_CREAT)) ||
1214 ((local_flags & O_TRUNC) == O_TRUNC) ) {
1218 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
1220 * We would block on opening a FIFO with no one else on the
1221 * other end. Do what we used to do and add O_NONBLOCK to the
1225 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
1226 local_flags &= ~O_TRUNC; /* Can't truncate a FIFO. */
1227 local_flags |= O_NONBLOCK;
1231 /* Don't create files with Microsoft wildcard characters. */
1232 if (fsp->base_fsp) {
1234 * wildcard characters are allowed in stream names
1235 * only test the basefilename
1237 wild = fsp->base_fsp->fsp_name->base_name;
1239 wild = smb_fname->base_name;
1241 if ((local_flags & O_CREAT) && !file_existed &&
1242 !(fsp->posix_flags & FSP_POSIX_FLAGS_PATHNAMES) &&
1243 ms_has_wild(wild)) {
1244 return NT_STATUS_OBJECT_NAME_INVALID;
1247 /* Can we access this file ? */
1248 if (!fsp->base_fsp) {
1249 /* Only do this check on non-stream open. */
1251 status = smbd_check_access_rights(conn,
1256 if (!NT_STATUS_IS_OK(status)) {
1257 DEBUG(10, ("open_file: "
1258 "smbd_check_access_rights "
1259 "on file %s returned %s\n",
1260 smb_fname_str_dbg(smb_fname),
1261 nt_errstr(status)));
1264 if (!NT_STATUS_IS_OK(status) &&
1265 !NT_STATUS_EQUAL(status,
1266 NT_STATUS_OBJECT_NAME_NOT_FOUND))
1271 if (NT_STATUS_EQUAL(status,
1272 NT_STATUS_OBJECT_NAME_NOT_FOUND))
1274 DEBUG(10, ("open_file: "
1275 "file %s vanished since we "
1276 "checked for existence.\n",
1277 smb_fname_str_dbg(smb_fname)));
1278 file_existed = false;
1279 SET_STAT_INVALID(fsp->fsp_name->st);
1283 if (!file_existed) {
1284 if (!(local_flags & O_CREAT)) {
1285 /* File didn't exist and no O_CREAT. */
1286 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1289 status = check_parent_access(conn,
1292 if (!NT_STATUS_IS_OK(status)) {
1293 DEBUG(10, ("open_file: "
1294 "check_parent_access on "
1295 "file %s returned %s\n",
1296 smb_fname_str_dbg(smb_fname),
1297 nt_errstr(status) ));
1304 * Actually do the open - if O_TRUNC is needed handle it
1305 * below under the share mode lock.
1307 status = fd_open_atomic(conn, fsp, local_flags & ~O_TRUNC,
1308 unx_mode, p_file_created);
1309 if (!NT_STATUS_IS_OK(status)) {
1310 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
1311 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
1312 nt_errstr(status),local_flags,flags));
1316 if (local_flags & O_NONBLOCK) {
1318 * GPFS can return ETIMEDOUT for pread on
1319 * nonblocking file descriptors when files
1320 * migrated to tape need to be recalled. I
1321 * could imagine this happens elsewhere
1322 * too. With blocking file descriptors this
1325 ret = set_blocking(fsp->fh->fd, true);
1327 status = map_nt_error_from_unix(errno);
1328 DBG_WARNING("Could not set fd to blocking: "
1329 "%s\n", strerror(errno));
1335 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
1337 /* If we have an fd, this stat should succeed. */
1338 DEBUG(0,("Error doing fstat on open file %s "
1340 smb_fname_str_dbg(smb_fname),
1342 status = map_nt_error_from_unix(errno);
1347 if (*p_file_created) {
1348 /* We created this file. */
1350 bool need_re_stat = false;
1351 /* Do all inheritance work after we've
1352 done a successful fstat call and filled
1353 in the stat struct in fsp->fsp_name. */
1355 /* Inherit the ACL if required */
1356 if (lp_inherit_permissions(SNUM(conn))) {
1357 inherit_access_posix_acl(conn, parent_dir,
1360 need_re_stat = true;
1363 /* Change the owner if required. */
1364 if (lp_inherit_owner(SNUM(conn)) != INHERIT_OWNER_NO) {
1365 change_file_owner_to_parent(conn, parent_dir,
1367 need_re_stat = true;
1371 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
1372 /* If we have an fd, this stat should succeed. */
1374 DEBUG(0,("Error doing fstat on open file %s "
1376 smb_fname_str_dbg(smb_fname),
1381 notify_fname(conn, NOTIFY_ACTION_ADDED,
1382 FILE_NOTIFY_CHANGE_FILE_NAME,
1383 smb_fname->base_name);
1386 fsp->fh->fd = -1; /* What we used to call a stat open. */
1387 if (!file_existed) {
1388 /* File must exist for a stat open. */
1389 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1392 status = smbd_check_access_rights(conn,
1397 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
1398 (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) &&
1399 S_ISLNK(smb_fname->st.st_ex_mode)) {
1400 /* This is a POSIX stat open for delete
1401 * or rename on a symlink that points
1402 * nowhere. Allow. */
1403 DEBUG(10,("open_file: allowing POSIX "
1404 "open on bad symlink %s\n",
1405 smb_fname_str_dbg(smb_fname)));
1406 status = NT_STATUS_OK;
1409 if (!NT_STATUS_IS_OK(status)) {
1410 DEBUG(10,("open_file: "
1411 "smbd_check_access_rights on file "
1413 smb_fname_str_dbg(smb_fname),
1414 nt_errstr(status) ));
1420 * POSIX allows read-only opens of directories. We don't
1421 * want to do this (we use a different code path for this)
1422 * so catch a directory open and return an EISDIR. JRA.
1425 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
1428 return NT_STATUS_FILE_IS_A_DIRECTORY;
1431 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1432 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
1433 fsp->file_pid = req ? req->smbpid : 0;
1434 fsp->can_lock = True;
1435 fsp->can_read = ((access_mask & FILE_READ_DATA) != 0);
1438 ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) != 0);
1439 fsp->print_file = NULL;
1440 fsp->modified = False;
1441 fsp->sent_oplock_break = NO_BREAK_SENT;
1442 fsp->is_directory = False;
1443 if (conn->aio_write_behind_list &&
1444 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
1445 conn->case_sensitive)) {
1446 fsp->aio_write_behind = True;
1449 fsp->wcp = NULL; /* Write cache pointer. */
1451 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
1452 conn->session_info->unix_info->unix_name,
1453 smb_fname_str_dbg(smb_fname),
1454 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
1455 conn->num_files_open));
1458 return NT_STATUS_OK;
1461 /****************************************************************************
1462 Check if we can open a file with a share mode.
1463 Returns True if conflict, False if not.
1464 ****************************************************************************/
1466 static bool share_conflict(struct share_mode_entry *entry,
1467 uint32_t access_mask,
1468 uint32_t share_access)
1470 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
1471 "entry->share_access = 0x%x, "
1472 "entry->private_options = 0x%x\n",
1473 (unsigned int)entry->access_mask,
1474 (unsigned int)entry->share_access,
1475 (unsigned int)entry->private_options));
1477 if (server_id_is_disconnected(&entry->pid)) {
1481 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
1482 (unsigned int)access_mask, (unsigned int)share_access));
1484 if ((entry->access_mask & (FILE_WRITE_DATA|
1488 DELETE_ACCESS)) == 0) {
1489 DEBUG(10,("share_conflict: No conflict due to "
1490 "entry->access_mask = 0x%x\n",
1491 (unsigned int)entry->access_mask ));
1495 if ((access_mask & (FILE_WRITE_DATA|
1499 DELETE_ACCESS)) == 0) {
1500 DEBUG(10,("share_conflict: No conflict due to "
1501 "access_mask = 0x%x\n",
1502 (unsigned int)access_mask ));
1506 #if 1 /* JRA TEST - Superdebug. */
1507 #define CHECK_MASK(num, am, right, sa, share) \
1508 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
1509 (unsigned int)(num), (unsigned int)(am), \
1510 (unsigned int)(right), (unsigned int)(am)&(right) )); \
1511 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
1512 (unsigned int)(num), (unsigned int)(sa), \
1513 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
1514 if (((am) & (right)) && !((sa) & (share))) { \
1515 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
1516 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
1517 (unsigned int)(share) )); \
1521 #define CHECK_MASK(num, am, right, sa, share) \
1522 if (((am) & (right)) && !((sa) & (share))) { \
1523 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
1524 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
1525 (unsigned int)(share) )); \
1530 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
1531 share_access, FILE_SHARE_WRITE);
1532 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
1533 entry->share_access, FILE_SHARE_WRITE);
1535 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
1536 share_access, FILE_SHARE_READ);
1537 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
1538 entry->share_access, FILE_SHARE_READ);
1540 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
1541 share_access, FILE_SHARE_DELETE);
1542 CHECK_MASK(6, access_mask, DELETE_ACCESS,
1543 entry->share_access, FILE_SHARE_DELETE);
1545 DEBUG(10,("share_conflict: No conflict.\n"));
1549 #if defined(DEVELOPER)
1550 static void validate_my_share_entries(struct smbd_server_connection *sconn,
1551 const struct file_id id,
1553 struct share_mode_entry *share_entry)
1555 struct server_id self = messaging_server_id(sconn->msg_ctx);
1558 if (!serverid_equal(&self, &share_entry->pid)) {
1562 if (share_entry->op_mid == 0) {
1563 /* INTERNAL_OPEN_ONLY */
1567 if (!is_valid_share_mode_entry(share_entry)) {
1571 fsp = file_find_dif(sconn, id, share_entry->share_file_id);
1573 DBG_ERR("PANIC : %s\n",
1574 share_mode_str(talloc_tos(), num, &id,
1576 smb_panic("validate_my_share_entries: Cannot match a "
1577 "share entry with an open file\n");
1580 if (((uint16_t)fsp->oplock_type) != share_entry->op_type) {
1589 DBG_ERR("validate_my_share_entries: PANIC : %s\n",
1590 share_mode_str(talloc_tos(), num, &id,
1592 str = talloc_asprintf(talloc_tos(),
1593 "validate_my_share_entries: "
1594 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
1595 fsp->fsp_name->base_name,
1596 (unsigned int)fsp->oplock_type,
1597 (unsigned int)share_entry->op_type );
1603 bool is_stat_open(uint32_t access_mask)
1605 const uint32_t stat_open_bits =
1606 (SYNCHRONIZE_ACCESS|
1607 FILE_READ_ATTRIBUTES|
1608 FILE_WRITE_ATTRIBUTES);
1610 return (((access_mask & stat_open_bits) != 0) &&
1611 ((access_mask & ~stat_open_bits) == 0));
1614 static bool has_delete_on_close(struct share_mode_lock *lck,
1617 struct share_mode_data *d = lck->data;
1620 if (d->num_share_modes == 0) {
1623 if (!is_delete_on_close_set(lck, name_hash)) {
1626 for (i=0; i<d->num_share_modes; i++) {
1627 if (!share_mode_stale_pid(d, i)) {
1634 /****************************************************************************
1635 Deal with share modes
1636 Invariant: Share mode must be locked on entry and exit.
1637 Returns -1 on error, or number of share modes on success (may be zero).
1638 ****************************************************************************/
1640 static NTSTATUS open_mode_check(connection_struct *conn,
1641 struct share_mode_lock *lck,
1642 uint32_t access_mask,
1643 uint32_t share_access)
1647 if(lck->data->num_share_modes == 0) {
1648 return NT_STATUS_OK;
1651 if (is_stat_open(access_mask)) {
1652 /* Stat open that doesn't trigger oplock breaks or share mode
1653 * checks... ! JRA. */
1654 return NT_STATUS_OK;
1658 * Check if the share modes will give us access.
1661 #if defined(DEVELOPER)
1662 for(i = 0; i < lck->data->num_share_modes; i++) {
1663 validate_my_share_entries(conn->sconn, lck->data->id, i,
1664 &lck->data->share_modes[i]);
1668 /* Now we check the share modes, after any oplock breaks. */
1669 for(i = 0; i < lck->data->num_share_modes; i++) {
1671 if (!is_valid_share_mode_entry(&lck->data->share_modes[i])) {
1675 /* someone else has a share lock on it, check to see if we can
1677 if (share_conflict(&lck->data->share_modes[i],
1678 access_mask, share_access)) {
1680 if (share_mode_stale_pid(lck->data, i)) {
1684 return NT_STATUS_SHARING_VIOLATION;
1688 return NT_STATUS_OK;
1692 * Send a break message to the oplock holder and delay the open for
1696 NTSTATUS send_break_message(struct messaging_context *msg_ctx,
1697 const struct file_id *id,
1698 const struct share_mode_entry *exclusive,
1701 struct oplock_break_message msg = {
1703 .share_file_id = exclusive->share_file_id,
1704 .break_to = break_to,
1706 enum ndr_err_code ndr_err;
1711 struct server_id_buf buf;
1712 DBG_DEBUG("Sending break message to %s\n",
1713 server_id_str_buf(exclusive->pid, &buf));
1714 NDR_PRINT_DEBUG(oplock_break_message, &msg);
1717 ndr_err = ndr_push_struct_blob(
1721 (ndr_push_flags_fn_t)ndr_push_oplock_break_message);
1722 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1723 DBG_WARNING("ndr_push_oplock_break_message failed: %s\n",
1724 ndr_errstr(ndr_err));
1725 return ndr_map_error2ntstatus(ndr_err);
1728 status = messaging_send(
1729 msg_ctx, exclusive->pid, MSG_SMB_BREAK_REQUEST, &blob);
1730 TALLOC_FREE(blob.data);
1731 if (!NT_STATUS_IS_OK(status)) {
1732 DEBUG(3, ("Could not send oplock break message: %s\n",
1733 nt_errstr(status)));
1740 * Do internal consistency checks on the share mode for a file.
1743 static bool validate_oplock_types(struct share_mode_lock *lck)
1745 struct share_mode_data *d = lck->data;
1747 bool ex_or_batch = false;
1748 bool level2 = false;
1749 bool no_oplock = false;
1750 uint32_t num_non_stat_opens = 0;
1753 for (i=0; i<d->num_share_modes; i++) {
1754 struct share_mode_entry *e = &d->share_modes[i];
1756 if (!is_valid_share_mode_entry(e)) {
1760 if (e->op_mid == 0) {
1761 /* INTERNAL_OPEN_ONLY */
1765 if (e->op_type == NO_OPLOCK && is_stat_open(e->access_mask)) {
1766 /* We ignore stat opens in the table - they
1767 always have NO_OPLOCK and never get or
1768 cause breaks. JRA. */
1772 num_non_stat_opens += 1;
1774 if (BATCH_OPLOCK_TYPE(e->op_type)) {
1775 /* batch - can only be one. */
1776 if (share_mode_stale_pid(d, i)) {
1777 DEBUG(10, ("Found stale batch oplock\n"));
1780 if (ex_or_batch || batch || level2 || no_oplock) {
1781 DEBUG(0, ("Bad batch oplock entry %u.",
1788 if (EXCLUSIVE_OPLOCK_TYPE(e->op_type)) {
1789 if (share_mode_stale_pid(d, i)) {
1790 DEBUG(10, ("Found stale duplicate oplock\n"));
1793 /* Exclusive or batch - can only be one. */
1794 if (ex_or_batch || level2 || no_oplock) {
1795 DEBUG(0, ("Bad exclusive or batch oplock "
1796 "entry %u.", (unsigned)i));
1802 if (LEVEL_II_OPLOCK_TYPE(e->op_type)) {
1803 if (batch || ex_or_batch) {
1804 if (share_mode_stale_pid(d, i)) {
1805 DEBUG(10, ("Found stale LevelII "
1809 DEBUG(0, ("Bad levelII oplock entry %u.",
1816 if (e->op_type == NO_OPLOCK) {
1817 if (batch || ex_or_batch) {
1818 if (share_mode_stale_pid(d, i)) {
1819 DEBUG(10, ("Found stale NO_OPLOCK "
1823 DEBUG(0, ("Bad no oplock entry %u.",
1831 remove_stale_share_mode_entries(d);
1833 if ((batch || ex_or_batch) && (num_non_stat_opens != 1)) {
1834 DEBUG(1, ("got batch (%d) or ex (%d) non-exclusively (%d)\n",
1835 (int)batch, (int)ex_or_batch,
1836 (int)d->num_share_modes));
1843 static bool delay_for_oplock(files_struct *fsp,
1845 const struct smb2_lease *lease,
1846 struct share_mode_lock *lck,
1847 bool have_sharing_violation,
1848 uint32_t create_disposition,
1849 bool first_open_attempt)
1851 struct share_mode_data *d = lck->data;
1854 bool will_overwrite;
1855 const uint32_t delay_mask = have_sharing_violation ?
1856 SMB2_LEASE_HANDLE : SMB2_LEASE_WRITE;
1858 if ((oplock_request & INTERNAL_OPEN_ONLY) ||
1859 is_stat_open(fsp->access_mask)) {
1863 switch (create_disposition) {
1864 case FILE_SUPERSEDE:
1865 case FILE_OVERWRITE:
1866 case FILE_OVERWRITE_IF:
1867 will_overwrite = true;
1870 will_overwrite = false;
1874 for (i=0; i<d->num_share_modes; i++) {
1875 struct share_mode_entry *e = &d->share_modes[i];
1876 bool e_is_lease = (e->op_type == LEASE_OPLOCK);
1877 uint32_t e_lease_type = get_lease_type(d, e);
1879 bool lease_is_breaking = false;
1884 if (lease != NULL) {
1885 bool our_lease = smb2_lease_equal(
1886 fsp_client_guid(fsp),
1891 DBG_DEBUG("Ignoring our own lease\n");
1896 status = leases_db_get(
1900 NULL, /* current_state */
1902 NULL, /* breaking_to_requested */
1903 NULL, /* breaking_to_required */
1904 NULL, /* lease_version */
1906 SMB_ASSERT(NT_STATUS_IS_OK(status));
1909 break_to = e_lease_type & ~delay_mask;
1911 if (will_overwrite) {
1912 break_to &= ~(SMB2_LEASE_HANDLE|SMB2_LEASE_READ);
1915 DEBUG(10, ("entry %u: e_lease_type %u, will_overwrite: %u\n",
1916 (unsigned)i, (unsigned)e_lease_type,
1917 (unsigned)will_overwrite));
1919 if ((e_lease_type & ~break_to) == 0) {
1920 if (lease_is_breaking) {
1926 if (share_mode_stale_pid(d, i)) {
1930 if (will_overwrite) {
1932 * If we break anyway break to NONE directly.
1933 * Otherwise vfs_set_filelen() will trigger the
1936 break_to &= ~(SMB2_LEASE_READ|SMB2_LEASE_WRITE);
1941 * Oplocks only support breaking to R or NONE.
1943 break_to &= ~(SMB2_LEASE_HANDLE|SMB2_LEASE_WRITE);
1946 DEBUG(10, ("breaking from %d to %d\n",
1947 (int)e_lease_type, (int)break_to));
1948 send_break_message(fsp->conn->sconn->msg_ctx, &fsp->file_id,
1950 if (e_lease_type & delay_mask) {
1953 if (lease_is_breaking && !first_open_attempt) {
1961 static bool file_has_brlocks(files_struct *fsp)
1963 struct byte_range_lock *br_lck;
1965 br_lck = brl_get_locks_readonly(fsp);
1969 return (brl_num_locks(br_lck) > 0);
1972 struct fsp_lease *find_fsp_lease(struct files_struct *new_fsp,
1973 const struct smb2_lease_key *key,
1974 uint32_t current_state,
1975 uint16_t lease_version,
1976 uint16_t lease_epoch)
1978 struct files_struct *fsp;
1981 * TODO: Measure how expensive this loop is with thousands of open
1985 for (fsp = file_find_di_first(new_fsp->conn->sconn, new_fsp->file_id);
1987 fsp = file_find_di_next(fsp)) {
1989 if (fsp == new_fsp) {
1992 if (fsp->oplock_type != LEASE_OPLOCK) {
1995 if (smb2_lease_key_equal(&fsp->lease->lease.lease_key, key)) {
1996 fsp->lease->ref_count += 1;
2001 /* Not found - must be leased in another smbd. */
2002 new_fsp->lease = talloc_zero(new_fsp->conn->sconn, struct fsp_lease);
2003 if (new_fsp->lease == NULL) {
2006 new_fsp->lease->ref_count = 1;
2007 new_fsp->lease->sconn = new_fsp->conn->sconn;
2008 new_fsp->lease->lease.lease_key = *key;
2009 new_fsp->lease->lease.lease_state = current_state;
2011 * We internally treat all leases as V2 and update
2012 * the epoch, but when sending breaks it matters if
2013 * the requesting lease was v1 or v2.
2015 new_fsp->lease->lease.lease_version = lease_version;
2016 new_fsp->lease->lease.lease_epoch = lease_epoch;
2017 return new_fsp->lease;
2020 static NTSTATUS try_lease_upgrade(struct files_struct *fsp,
2021 struct share_mode_lock *lck,
2022 const struct GUID *client_guid,
2023 const struct smb2_lease *lease,
2027 uint32_t current_state, breaking_to_requested, breaking_to_required;
2029 uint16_t lease_version, epoch;
2030 uint32_t existing, requested;
2033 status = leases_db_get(
2039 &breaking_to_requested,
2040 &breaking_to_required,
2043 if (!NT_STATUS_IS_OK(status)) {
2047 fsp->lease = find_fsp_lease(
2053 if (fsp->lease == NULL) {
2054 DEBUG(1, ("Did not find existing lease for file %s\n",
2056 return NT_STATUS_NO_MEMORY;
2060 * Upgrade only if the requested lease is a strict upgrade.
2062 existing = current_state;
2063 requested = lease->lease_state;
2066 * Tricky: This test makes sure that "requested" is a
2067 * strict bitwise superset of "existing".
2069 do_upgrade = ((existing & requested) == existing);
2072 * Upgrade only if there's a change.
2074 do_upgrade &= (granted != existing);
2077 * Upgrade only if other leases don't prevent what was asked
2080 do_upgrade &= (granted == requested);
2083 * only upgrade if we are not in breaking state
2085 do_upgrade &= !breaking;
2087 DEBUG(10, ("existing=%"PRIu32", requested=%"PRIu32", "
2088 "granted=%"PRIu32", do_upgrade=%d\n",
2089 existing, requested, granted, (int)do_upgrade));
2092 NTSTATUS set_status;
2094 current_state = granted;
2097 set_status = leases_db_set(
2102 breaking_to_requested,
2103 breaking_to_required,
2107 if (!NT_STATUS_IS_OK(set_status)) {
2108 DBG_DEBUG("leases_db_set failed: %s\n",
2109 nt_errstr(set_status));
2114 fsp_lease_update(fsp);
2116 return NT_STATUS_OK;
2119 static NTSTATUS grant_new_fsp_lease(struct files_struct *fsp,
2120 struct share_mode_lock *lck,
2121 const struct GUID *client_guid,
2122 const struct smb2_lease *lease,
2125 struct share_mode_data *d = lck->data;
2128 fsp->lease = talloc_zero(fsp->conn->sconn, struct fsp_lease);
2129 if (fsp->lease == NULL) {
2130 return NT_STATUS_INSUFFICIENT_RESOURCES;
2132 fsp->lease->ref_count = 1;
2133 fsp->lease->sconn = fsp->conn->sconn;
2134 fsp->lease->lease.lease_version = lease->lease_version;
2135 fsp->lease->lease.lease_key = lease->lease_key;
2136 fsp->lease->lease.lease_state = granted;
2137 fsp->lease->lease.lease_epoch = lease->lease_epoch + 1;
2139 status = leases_db_add(client_guid,
2142 fsp->lease->lease.lease_state,
2143 fsp->lease->lease.lease_version,
2144 fsp->lease->lease.lease_epoch,
2145 fsp->conn->connectpath,
2146 fsp->fsp_name->base_name,
2147 fsp->fsp_name->stream_name);
2148 if (!NT_STATUS_IS_OK(status)) {
2149 DEBUG(10, ("%s: leases_db_add failed: %s\n", __func__,
2150 nt_errstr(status)));
2151 TALLOC_FREE(fsp->lease);
2152 return NT_STATUS_INSUFFICIENT_RESOURCES;
2157 return NT_STATUS_OK;
2160 static NTSTATUS grant_fsp_lease(struct files_struct *fsp,
2161 struct share_mode_lock *lck,
2162 const struct smb2_lease *lease,
2165 const struct GUID *client_guid = fsp_client_guid(fsp);
2168 status = try_lease_upgrade(fsp, lck, client_guid, lease, granted);
2170 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2171 status = grant_new_fsp_lease(
2172 fsp, lck, client_guid, lease, granted);
2178 static bool is_same_lease(const files_struct *fsp,
2179 const struct share_mode_data *d,
2180 const struct share_mode_entry *e,
2181 const struct smb2_lease *lease)
2183 if (e->op_type != LEASE_OPLOCK) {
2186 if (lease == NULL) {
2190 return smb2_lease_equal(fsp_client_guid(fsp),
2196 static int map_lease_type_to_oplock(uint32_t lease_type)
2198 int result = NO_OPLOCK;
2200 switch (lease_type) {
2201 case SMB2_LEASE_READ|SMB2_LEASE_WRITE|SMB2_LEASE_HANDLE:
2202 result = BATCH_OPLOCK|EXCLUSIVE_OPLOCK;
2204 case SMB2_LEASE_READ|SMB2_LEASE_WRITE:
2205 result = EXCLUSIVE_OPLOCK;
2207 case SMB2_LEASE_READ|SMB2_LEASE_HANDLE:
2208 case SMB2_LEASE_READ:
2209 result = LEVEL_II_OPLOCK;
2216 static NTSTATUS grant_fsp_oplock_type(struct smb_request *req,
2217 struct files_struct *fsp,
2218 struct share_mode_lock *lck,
2220 struct smb2_lease *lease)
2222 struct share_mode_data *d = lck->data;
2223 bool got_handle_lease = false;
2224 bool got_oplock = false;
2227 const struct GUID *client_guid = NULL;
2228 const struct smb2_lease_key *lease_key = NULL;
2232 if (oplock_request & INTERNAL_OPEN_ONLY) {
2233 /* No oplocks on internal open. */
2234 oplock_request = NO_OPLOCK;
2235 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
2236 fsp->oplock_type, fsp_str_dbg(fsp)));
2239 if (oplock_request == LEASE_OPLOCK) {
2240 if (lease == NULL) {
2242 * The SMB2 layer should have checked this
2244 return NT_STATUS_INTERNAL_ERROR;
2247 granted = lease->lease_state;
2249 if (lp_kernel_oplocks(SNUM(fsp->conn))) {
2250 DEBUG(10, ("No lease granted because kernel oplocks are enabled\n"));
2251 granted = SMB2_LEASE_NONE;
2253 if ((granted & (SMB2_LEASE_READ|SMB2_LEASE_WRITE)) == 0) {
2254 DEBUG(10, ("No read or write lease requested\n"));
2255 granted = SMB2_LEASE_NONE;
2257 if (granted == SMB2_LEASE_WRITE) {
2258 DEBUG(10, ("pure write lease requested\n"));
2259 granted = SMB2_LEASE_NONE;
2261 if (granted == (SMB2_LEASE_WRITE|SMB2_LEASE_HANDLE)) {
2262 DEBUG(10, ("write and handle lease requested\n"));
2263 granted = SMB2_LEASE_NONE;
2266 granted = map_oplock_to_lease_type(
2267 oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
2270 if (lp_locking(fsp->conn->params) && file_has_brlocks(fsp)) {
2271 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
2273 granted &= ~SMB2_LEASE_READ;
2276 for (i=0; i<d->num_share_modes; i++) {
2277 struct share_mode_entry *e = &d->share_modes[i];
2278 uint32_t e_lease_type;
2280 e_lease_type = get_lease_type(d, e);
2282 if ((granted & SMB2_LEASE_WRITE) &&
2283 !is_same_lease(fsp, d, e, lease) &&
2284 !share_mode_stale_pid(d, i)) {
2286 * Can grant only one writer
2288 granted &= ~SMB2_LEASE_WRITE;
2291 if ((e_lease_type & SMB2_LEASE_HANDLE) && !got_handle_lease &&
2292 !share_mode_stale_pid(d, i)) {
2293 got_handle_lease = true;
2296 if ((e->op_type != LEASE_OPLOCK) && !got_oplock &&
2297 !share_mode_stale_pid(d, i)) {
2302 if ((granted & SMB2_LEASE_READ) && !(granted & SMB2_LEASE_WRITE)) {
2304 (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
2305 lp_level2_oplocks(SNUM(fsp->conn));
2307 if (!allow_level2) {
2308 granted = SMB2_LEASE_NONE;
2312 if (oplock_request == LEASE_OPLOCK) {
2314 granted &= ~SMB2_LEASE_HANDLE;
2317 fsp->oplock_type = LEASE_OPLOCK;
2319 status = grant_fsp_lease(fsp, lck, lease, granted);
2320 if (!NT_STATUS_IS_OK(status)) {
2324 *lease = fsp->lease->lease;
2326 lease_key = &fsp->lease->lease.lease_key;
2327 client_guid = fsp_client_guid(fsp);
2329 DEBUG(10, ("lease_state=%d\n", lease->lease_state));
2331 if (got_handle_lease) {
2332 granted = SMB2_LEASE_NONE;
2335 fsp->oplock_type = map_lease_type_to_oplock(granted);
2337 status = set_file_oplock(fsp);
2338 if (!NT_STATUS_IS_OK(status)) {
2340 * Could not get the kernel oplock
2342 fsp->oplock_type = NO_OPLOCK;
2346 ok = set_share_mode(
2349 get_current_uid(fsp->conn),
2355 return NT_STATUS_NO_MEMORY;
2358 if (granted & SMB2_LEASE_READ) {
2359 lck->data->flags |= SHARE_MODE_HAS_READ_LEASE;
2362 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
2363 fsp->oplock_type, fsp_str_dbg(fsp)));
2365 return NT_STATUS_OK;
2368 static bool request_timed_out(struct timeval request_time,
2369 struct timeval timeout)
2371 struct timeval now, end_time;
2373 end_time = timeval_sum(&request_time, &timeout);
2374 return (timeval_compare(&end_time, &now) < 0);
2377 static struct deferred_open_record *deferred_open_record_create(
2378 bool delayed_for_oplocks,
2382 struct deferred_open_record *record = NULL;
2384 record = talloc(NULL, struct deferred_open_record);
2385 if (record == NULL) {
2389 *record = (struct deferred_open_record) {
2390 .delayed_for_oplocks = delayed_for_oplocks,
2391 .async_open = async_open,
2398 struct defer_open_state {
2399 struct smbXsrv_connection *xconn;
2403 static void defer_open_done(struct tevent_req *req);
2406 * Defer an open and watch a locking.tdb record
2408 * This defers an open that gets rescheduled once the locking.tdb record watch
2409 * is triggered by a change to the record.
2411 * It is used to defer opens that triggered an oplock break and for the SMB1
2412 * sharing violation delay.
2414 static void defer_open(struct share_mode_lock *lck,
2415 struct timeval request_time,
2416 struct timeval timeout,
2417 struct smb_request *req,
2418 bool delayed_for_oplocks,
2421 struct deferred_open_record *open_rec = NULL;
2422 struct timeval abs_timeout;
2423 struct defer_open_state *watch_state;
2424 struct tevent_req *watch_req;
2427 abs_timeout = timeval_sum(&request_time, &timeout);
2429 DBG_DEBUG("request time [%s] timeout [%s] mid [%" PRIu64 "] "
2430 "delayed_for_oplocks [%s] file_id [%s]\n",
2431 timeval_string(talloc_tos(), &request_time, false),
2432 timeval_string(talloc_tos(), &abs_timeout, false),
2434 delayed_for_oplocks ? "yes" : "no",
2435 file_id_string_tos(&id));
2437 open_rec = deferred_open_record_create(delayed_for_oplocks,
2440 if (open_rec == NULL) {
2442 exit_server("talloc failed");
2445 watch_state = talloc(open_rec, struct defer_open_state);
2446 if (watch_state == NULL) {
2447 exit_server("talloc failed");
2449 watch_state->xconn = req->xconn;
2450 watch_state->mid = req->mid;
2452 DBG_DEBUG("defering mid %" PRIu64 "\n", req->mid);
2454 watch_req = dbwrap_watched_watch_send(watch_state,
2457 (struct server_id){0});
2458 if (watch_req == NULL) {
2459 exit_server("Could not watch share mode record");
2461 tevent_req_set_callback(watch_req, defer_open_done, watch_state);
2463 ok = tevent_req_set_endtime(watch_req, req->sconn->ev_ctx, abs_timeout);
2465 exit_server("tevent_req_set_endtime failed");
2468 ok = push_deferred_open_message_smb(req, request_time, timeout,
2469 open_rec->id, open_rec);
2472 exit_server("push_deferred_open_message_smb failed");
2476 static void defer_open_done(struct tevent_req *req)
2478 struct defer_open_state *state = tevent_req_callback_data(
2479 req, struct defer_open_state);
2483 status = dbwrap_watched_watch_recv(req, NULL, NULL);
2485 if (!NT_STATUS_IS_OK(status)) {
2486 DEBUG(5, ("dbwrap_watched_watch_recv returned %s\n",
2487 nt_errstr(status)));
2489 * Even if it failed, retry anyway. TODO: We need a way to
2490 * tell a re-scheduled open about that error.
2494 DEBUG(10, ("scheduling mid %llu\n", (unsigned long long)state->mid));
2496 ret = schedule_deferred_open_message_smb(state->xconn, state->mid);
2502 * Actually attempt the kernel oplock polling open.
2505 static void kernel_oplock_poll_open_timer(struct tevent_context *ev,
2506 struct tevent_timer *te,
2507 struct timeval current_time,
2511 struct smb_request *req = (struct smb_request *)private_data;
2513 ok = schedule_deferred_open_message_smb(req->xconn, req->mid);
2515 exit_server("schedule_deferred_open_message_smb failed");
2517 DBG_DEBUG("kernel_oplock_poll_open_timer fired. Retying open !\n");
2521 * Reschedule an open for 1 second from now, if not timed out.
2523 static void setup_kernel_oplock_poll_open(struct timeval request_time,
2524 struct smb_request *req,
2529 struct deferred_open_record *open_rec = NULL;
2530 /* Maximum wait time. */
2531 struct timeval timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
2533 if (request_timed_out(request_time, timeout)) {
2537 open_rec = deferred_open_record_create(false, false, id);
2538 if (open_rec == NULL) {
2539 exit_server("talloc failed");
2542 ok = push_deferred_open_message_smb(req,
2548 exit_server("push_deferred_open_message_smb failed");
2552 * As this timer event is owned by req, it will
2553 * disappear if req it talloc_freed.
2555 open_rec->te = tevent_add_timer(req->sconn->ev_ctx,
2557 timeval_current_ofs(1, 0),
2558 kernel_oplock_poll_open_timer,
2560 if (open_rec->te == NULL) {
2561 exit_server("tevent_add_timer failed");
2564 DBG_DEBUG("poll request time [%s] mid [%" PRIu64 "] file_id [%s]\n",
2565 timeval_string(talloc_tos(), &request_time, false),
2567 file_id_string_tos(&id));
2570 /****************************************************************************
2571 On overwrite open ensure that the attributes match.
2572 ****************************************************************************/
2574 static bool open_match_attributes(connection_struct *conn,
2575 uint32_t old_dos_attr,
2576 uint32_t new_dos_attr,
2577 mode_t new_unx_mode,
2578 mode_t *returned_unx_mode)
2580 uint32_t noarch_old_dos_attr, noarch_new_dos_attr;
2582 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
2583 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
2585 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
2586 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
2587 *returned_unx_mode = new_unx_mode;
2589 *returned_unx_mode = (mode_t)0;
2592 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
2593 "new_dos_attr = 0x%x "
2594 "returned_unx_mode = 0%o\n",
2595 (unsigned int)old_dos_attr,
2596 (unsigned int)new_dos_attr,
2597 (unsigned int)*returned_unx_mode ));
2599 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
2600 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
2601 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
2602 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
2606 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
2607 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
2608 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
2615 /****************************************************************************
2616 Special FCB or DOS processing in the case of a sharing violation.
2617 Try and find a duplicated file handle.
2618 ****************************************************************************/
2620 static NTSTATUS fcb_or_dos_open(struct smb_request *req,
2621 connection_struct *conn,
2622 files_struct *fsp_to_dup_into,
2623 const struct smb_filename *smb_fname,
2627 uint32_t access_mask,
2628 uint32_t share_access,
2629 uint32_t create_options)
2633 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
2634 "file %s.\n", smb_fname_str_dbg(smb_fname)));
2636 for(fsp = file_find_di_first(conn->sconn, id); fsp;
2637 fsp = file_find_di_next(fsp)) {
2639 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
2640 "vuid = %llu, file_pid = %u, private_options = 0x%x "
2641 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
2642 fsp->fh->fd, (unsigned long long)fsp->vuid,
2643 (unsigned int)fsp->file_pid,
2644 (unsigned int)fsp->fh->private_options,
2645 (unsigned int)fsp->access_mask ));
2647 if (fsp != fsp_to_dup_into &&
2648 fsp->fh->fd != -1 &&
2649 fsp->vuid == vuid &&
2650 fsp->file_pid == file_pid &&
2651 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
2652 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
2653 (fsp->access_mask & FILE_WRITE_DATA) &&
2654 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
2655 strequal(fsp->fsp_name->stream_name,
2656 smb_fname->stream_name)) {
2657 DEBUG(10,("fcb_or_dos_open: file match\n"));
2663 return NT_STATUS_NOT_FOUND;
2666 /* quite an insane set of semantics ... */
2667 if (is_executable(smb_fname->base_name) &&
2668 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
2669 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
2670 return NT_STATUS_INVALID_PARAMETER;
2673 /* We need to duplicate this fsp. */
2674 return dup_file_fsp(req, fsp, access_mask, share_access,
2675 create_options, fsp_to_dup_into);
2678 static void schedule_defer_open(struct share_mode_lock *lck,
2680 struct timeval request_time,
2681 struct smb_request *req)
2683 /* This is a relative time, added to the absolute
2684 request_time value to get the absolute timeout time.
2685 Note that if this is the second or greater time we enter
2686 this codepath for this particular request mid then
2687 request_time is left as the absolute time of the *first*
2688 time this request mid was processed. This is what allows
2689 the request to eventually time out. */
2691 struct timeval timeout;
2693 /* Normally the smbd we asked should respond within
2694 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
2695 * the client did, give twice the timeout as a safety
2696 * measure here in case the other smbd is stuck
2697 * somewhere else. */
2699 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
2701 if (request_timed_out(request_time, timeout)) {
2705 defer_open(lck, request_time, timeout, req, true, id);
2708 /****************************************************************************
2709 Reschedule an open call that went asynchronous.
2710 ****************************************************************************/
2712 static void schedule_async_open_timer(struct tevent_context *ev,
2713 struct tevent_timer *te,
2714 struct timeval current_time,
2717 exit_server("async open timeout");
2720 static void schedule_async_open(struct timeval request_time,
2721 struct smb_request *req)
2723 struct deferred_open_record *open_rec = NULL;
2724 struct timeval timeout = timeval_set(20, 0);
2727 if (request_timed_out(request_time, timeout)) {
2731 open_rec = deferred_open_record_create(false, true, (struct file_id){0});
2732 if (open_rec == NULL) {
2733 exit_server("deferred_open_record_create failed");
2736 ok = push_deferred_open_message_smb(req, request_time, timeout,
2737 (struct file_id){0}, open_rec);
2739 exit_server("push_deferred_open_message_smb failed");
2742 open_rec->te = tevent_add_timer(req->sconn->ev_ctx,
2744 timeval_current_ofs(20, 0),
2745 schedule_async_open_timer,
2747 if (open_rec->te == NULL) {
2748 exit_server("tevent_add_timer failed");
2752 /****************************************************************************
2753 Work out what access_mask to use from what the client sent us.
2754 ****************************************************************************/
2756 static NTSTATUS smbd_calculate_maximum_allowed_access(
2757 connection_struct *conn,
2758 const struct smb_filename *smb_fname,
2760 uint32_t *p_access_mask)
2762 struct security_descriptor *sd;
2763 uint32_t access_granted;
2766 if (!use_privs && (get_current_uid(conn) == (uid_t)0)) {
2767 *p_access_mask |= FILE_GENERIC_ALL;
2768 return NT_STATUS_OK;
2771 status = SMB_VFS_GET_NT_ACL(conn, smb_fname,
2777 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2779 * File did not exist
2781 *p_access_mask = FILE_GENERIC_ALL;
2782 return NT_STATUS_OK;
2784 if (!NT_STATUS_IS_OK(status)) {
2785 DEBUG(10,("Could not get acl on file %s: %s\n",
2786 smb_fname_str_dbg(smb_fname),
2787 nt_errstr(status)));
2788 return NT_STATUS_ACCESS_DENIED;
2792 * If we can access the path to this file, by
2793 * default we have FILE_READ_ATTRIBUTES from the
2794 * containing directory. See the section:
2795 * "Algorithm to Check Access to an Existing File"
2798 * se_file_access_check()
2799 * also takes care of owner WRITE_DAC and READ_CONTROL.
2801 status = se_file_access_check(sd,
2802 get_current_nttok(conn),
2804 (*p_access_mask & ~FILE_READ_ATTRIBUTES),
2809 if (!NT_STATUS_IS_OK(status)) {
2810 DEBUG(10, ("Access denied on file %s: "
2811 "when calculating maximum access\n",
2812 smb_fname_str_dbg(smb_fname)));
2813 return NT_STATUS_ACCESS_DENIED;
2815 *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
2817 if (!(access_granted & DELETE_ACCESS)) {
2818 if (can_delete_file_in_directory(conn, smb_fname)) {
2819 *p_access_mask |= DELETE_ACCESS;
2823 return NT_STATUS_OK;
2826 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
2827 const struct smb_filename *smb_fname,
2829 uint32_t access_mask,
2830 uint32_t *access_mask_out)
2833 uint32_t orig_access_mask = access_mask;
2834 uint32_t rejected_share_access;
2836 if (access_mask & SEC_MASK_INVALID) {
2837 DBG_DEBUG("access_mask [%8x] contains invalid bits\n",
2839 return NT_STATUS_ACCESS_DENIED;
2843 * Convert GENERIC bits to specific bits.
2846 se_map_generic(&access_mask, &file_generic_mapping);
2848 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
2849 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
2851 status = smbd_calculate_maximum_allowed_access(
2852 conn, smb_fname, use_privs, &access_mask);
2854 if (!NT_STATUS_IS_OK(status)) {
2858 access_mask &= conn->share_access;
2861 rejected_share_access = access_mask & ~(conn->share_access);
2863 if (rejected_share_access) {
2864 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
2865 "file %s: rejected by share access mask[0x%08X] "
2866 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
2867 smb_fname_str_dbg(smb_fname),
2869 orig_access_mask, access_mask,
2870 rejected_share_access));
2871 return NT_STATUS_ACCESS_DENIED;
2874 *access_mask_out = access_mask;
2875 return NT_STATUS_OK;
2878 /****************************************************************************
2879 Remove the deferred open entry under lock.
2880 ****************************************************************************/
2882 /****************************************************************************
2883 Return true if this is a state pointer to an asynchronous create.
2884 ****************************************************************************/
2886 bool is_deferred_open_async(const struct deferred_open_record *rec)
2888 return rec->async_open;
2891 static bool clear_ads(uint32_t create_disposition)
2895 switch (create_disposition) {
2896 case FILE_SUPERSEDE:
2897 case FILE_OVERWRITE_IF:
2898 case FILE_OVERWRITE:
2907 static int disposition_to_open_flags(uint32_t create_disposition)
2912 * Currently we're using FILE_SUPERSEDE as the same as
2913 * FILE_OVERWRITE_IF but they really are
2914 * different. FILE_SUPERSEDE deletes an existing file
2915 * (requiring delete access) then recreates it.
2918 switch (create_disposition) {
2919 case FILE_SUPERSEDE:
2920 case FILE_OVERWRITE_IF:
2922 * If file exists replace/overwrite. If file doesn't
2925 ret = O_CREAT|O_TRUNC;
2930 * If file exists open. If file doesn't exist error.
2935 case FILE_OVERWRITE:
2937 * If file exists overwrite. If file doesn't exist
2945 * If file exists error. If file doesn't exist create.
2947 ret = O_CREAT|O_EXCL;
2952 * If file exists open. If file doesn't exist create.
2960 static int calculate_open_access_flags(uint32_t access_mask,
2961 uint32_t private_flags)
2963 bool need_write, need_read;
2966 * Note that we ignore the append flag as append does not
2967 * mean the same thing under DOS and Unix.
2970 need_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA));
2975 /* DENY_DOS opens are always underlying read-write on the
2976 file handle, no matter what the requested access mask
2980 ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
2981 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|
2982 FILE_READ_EA|FILE_EXECUTE));
2990 /****************************************************************************
2991 Open a file with a share mode. Passed in an already created files_struct *.
2992 ****************************************************************************/
2994 static NTSTATUS open_file_ntcreate(connection_struct *conn,
2995 struct smb_request *req,
2996 uint32_t access_mask, /* access bits (FILE_READ_DATA etc.) */
2997 uint32_t share_access, /* share constants (FILE_SHARE_READ etc) */
2998 uint32_t create_disposition, /* FILE_OPEN_IF etc. */
2999 uint32_t create_options, /* options such as delete on close. */
3000 uint32_t new_dos_attributes, /* attributes used for new file. */
3001 int oplock_request, /* internal Samba oplock codes. */
3002 struct smb2_lease *lease,
3003 /* Information (FILE_EXISTS etc.) */
3004 uint32_t private_flags, /* Samba specific flags. */
3008 struct smb_filename *smb_fname = fsp->fsp_name;
3011 bool file_existed = VALID_STAT(smb_fname->st);
3012 bool def_acl = False;
3013 bool posix_open = False;
3014 bool new_file_created = False;
3015 bool first_open_attempt = true;
3016 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
3017 mode_t new_unx_mode = (mode_t)0;
3018 mode_t unx_mode = (mode_t)0;
3020 uint32_t existing_dos_attributes = 0;
3021 struct timeval request_time = timeval_zero();
3022 struct share_mode_lock *lck = NULL;
3023 uint32_t open_access_mask = access_mask;
3026 SMB_STRUCT_STAT saved_stat = smb_fname->st;
3027 struct timespec old_write_time;
3030 if (conn->printer) {
3032 * Printers are handled completely differently.
3033 * Most of the passed parameters are ignored.
3037 *pinfo = FILE_WAS_CREATED;
3040 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
3041 smb_fname_str_dbg(smb_fname)));
3044 DEBUG(0,("open_file_ntcreate: printer open without "
3045 "an SMB request!\n"));
3046 return NT_STATUS_INTERNAL_ERROR;
3049 return print_spool_open(fsp, smb_fname->base_name,
3053 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
3055 return NT_STATUS_NO_MEMORY;
3058 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3060 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
3061 new_dos_attributes = 0;
3063 /* Windows allows a new file to be created and
3064 silently removes a FILE_ATTRIBUTE_DIRECTORY
3065 sent by the client. Do the same. */
3067 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
3069 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
3071 unx_mode = unix_mode(conn, new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
3072 smb_fname, parent_dir);
3075 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
3076 "access_mask=0x%x share_access=0x%x "
3077 "create_disposition = 0x%x create_options=0x%x "
3078 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
3079 smb_fname_str_dbg(smb_fname), new_dos_attributes,
3080 access_mask, share_access, create_disposition,
3081 create_options, (unsigned int)unx_mode, oplock_request,
3082 (unsigned int)private_flags));
3085 /* Ensure req == NULL means INTERNAL_OPEN_ONLY */
3086 SMB_ASSERT(((oplock_request & INTERNAL_OPEN_ONLY) != 0));
3088 /* And req != NULL means no INTERNAL_OPEN_ONLY */
3089 SMB_ASSERT(((oplock_request & INTERNAL_OPEN_ONLY) == 0));
3093 * Only non-internal opens can be deferred at all
3097 struct deferred_open_record *open_rec;
3098 if (get_deferred_open_message_state(req,
3101 /* Remember the absolute time of the original
3102 request with this mid. We'll use it later to
3103 see if this has timed out. */
3105 /* If it was an async create retry, the file
3108 if (is_deferred_open_async(open_rec)) {
3109 SET_STAT_INVALID(smb_fname->st);
3110 file_existed = false;
3113 /* Ensure we don't reprocess this message. */
3114 remove_deferred_open_message_smb(req->xconn, req->mid);
3116 first_open_attempt = false;
3121 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
3124 * Only use stored DOS attributes for checks
3125 * against requested attributes (below via
3126 * open_match_attributes()), cf bug #11992
3127 * for details. -slow
3131 status = SMB_VFS_GET_DOS_ATTRIBUTES(conn, smb_fname, &attr);
3132 if (NT_STATUS_IS_OK(status)) {
3133 existing_dos_attributes = attr;
3138 /* ignore any oplock requests if oplocks are disabled */
3139 if (!lp_oplocks(SNUM(conn)) ||
3140 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
3141 /* Mask off everything except the private Samba bits. */
3142 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
3145 /* this is for OS/2 long file names - say we don't support them */
3146 if (req != NULL && !req->posix_pathnames &&
3147 strstr(smb_fname->base_name,".+,;=[].")) {
3148 /* OS/2 Workplace shell fix may be main code stream in a later
3150 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
3152 if (use_nt_status()) {
3153 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3155 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
3158 switch( create_disposition ) {
3160 /* If file exists open. If file doesn't exist error. */
3161 if (!file_existed) {
3162 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
3163 "requested for file %s and file "
3165 smb_fname_str_dbg(smb_fname)));
3167 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3171 case FILE_OVERWRITE:
3172 /* If file exists overwrite. If file doesn't exist
3174 if (!file_existed) {
3175 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
3176 "requested for file %s and file "
3178 smb_fname_str_dbg(smb_fname) ));
3180 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3185 /* If file exists error. If file doesn't exist
3188 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
3189 "requested for file %s and file "
3190 "already exists.\n",
3191 smb_fname_str_dbg(smb_fname)));
3192 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
3197 return map_nt_error_from_unix(errno);
3201 case FILE_SUPERSEDE:
3202 case FILE_OVERWRITE_IF:
3206 return NT_STATUS_INVALID_PARAMETER;
3209 flags2 = disposition_to_open_flags(create_disposition);
3211 /* We only care about matching attributes on file exists and
3214 if (!posix_open && file_existed &&
3215 ((create_disposition == FILE_OVERWRITE) ||
3216 (create_disposition == FILE_OVERWRITE_IF))) {
3217 if (!open_match_attributes(conn, existing_dos_attributes,
3219 unx_mode, &new_unx_mode)) {
3220 DEBUG(5,("open_file_ntcreate: attributes mismatch "
3221 "for file %s (%x %x) (0%o, 0%o)\n",
3222 smb_fname_str_dbg(smb_fname),
3223 existing_dos_attributes,
3225 (unsigned int)smb_fname->st.st_ex_mode,
3226 (unsigned int)unx_mode ));
3228 return NT_STATUS_ACCESS_DENIED;
3232 status = smbd_calculate_access_mask(conn, smb_fname,
3236 if (!NT_STATUS_IS_OK(status)) {
3237 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
3238 "on file %s returned %s\n",
3239 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
3243 open_access_mask = access_mask;
3245 if (flags2 & O_TRUNC) {
3246 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
3249 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
3250 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
3254 * Note that we ignore the append flag as append does not
3255 * mean the same thing under DOS and Unix.
3258 flags = calculate_open_access_flags(access_mask, private_flags);
3261 * Currently we only look at FILE_WRITE_THROUGH for create options.
3265 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
3270 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
3274 if (!posix_open && !CAN_WRITE(conn)) {
3276 * We should really return a permission denied error if either
3277 * O_CREAT or O_TRUNC are set, but for compatibility with
3278 * older versions of Samba we just AND them out.
3280 flags2 &= ~(O_CREAT|O_TRUNC);
3283 if (lp_kernel_oplocks(SNUM(conn))) {
3285 * With kernel oplocks the open breaking an oplock
3286 * blocks until the oplock holder has given up the
3287 * oplock or closed the file. We prevent this by always
3288 * trying to open the file with O_NONBLOCK (see "man
3291 * If a process that doesn't use the smbd open files
3292 * database or communication methods holds a kernel
3293 * oplock we must periodically poll for available open
3296 flags2 |= O_NONBLOCK;
3300 * Ensure we can't write on a read-only share or file.
3303 if (flags != O_RDONLY && file_existed &&
3304 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
3305 DEBUG(5,("open_file_ntcreate: write access requested for "
3306 "file %s on read only %s\n",
3307 smb_fname_str_dbg(smb_fname),
3308 !CAN_WRITE(conn) ? "share" : "file" ));
3310 return NT_STATUS_ACCESS_DENIED;
3313 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
3314 fsp->share_access = share_access;
3315 fsp->fh->private_options = private_flags;
3316 fsp->access_mask = open_access_mask; /* We change this to the
3317 * requested access_mask after
3318 * the open is done. */
3320 fsp->posix_flags |= FSP_POSIX_FLAGS_ALL;
3323 if (timeval_is_zero(&request_time)) {
3324 request_time = fsp->open_time;
3327 if ((create_options & FILE_DELETE_ON_CLOSE) &&
3328 (flags2 & O_CREAT) &&
3330 /* Delete on close semantics for new files. */
3331 status = can_set_delete_on_close(fsp,
3332 new_dos_attributes);
3333 if (!NT_STATUS_IS_OK(status)) {
3340 * Ensure we pay attention to default ACLs on directories if required.
3343 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
3344 (def_acl = directory_has_default_acl(conn, parent_dir))) {
3345 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
3348 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
3349 "access_mask = 0x%x, open_access_mask = 0x%x\n",
3350 (unsigned int)flags, (unsigned int)flags2,
3351 (unsigned int)unx_mode, (unsigned int)access_mask,
3352 (unsigned int)open_access_mask));
3354 fsp_open = open_file(fsp, conn, req, parent_dir,
3355 flags|flags2, unx_mode, access_mask,
3356 open_access_mask, &new_file_created);
3358 if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_NETWORK_BUSY)) {
3362 * This handles the kernel oplock case:
3364 * the file has an active kernel oplock and the open() returned
3365 * EWOULDBLOCK/EAGAIN which maps to NETWORK_BUSY.
3367 * "Samba locking.tdb oplocks" are handled below after acquiring
3368 * the sharemode lock with get_share_mode_lock().
3370 if (file_existed && S_ISFIFO(fsp->fsp_name->st.st_ex_mode)) {
3371 DEBUG(10, ("FIFO busy\n"));
3372 return NT_STATUS_NETWORK_BUSY;
3375 DEBUG(10, ("Internal open busy\n"));
3376 return NT_STATUS_NETWORK_BUSY;
3380 * From here on we assume this is an oplock break triggered
3383 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
3386 * No oplock from Samba around. Set up a poll every 1
3387 * second to retry a non-blocking open until the time
3390 setup_kernel_oplock_poll_open(request_time,
3393 DBG_DEBUG("No Samba oplock around after EWOULDBLOCK. "
3394 "Retrying with poll\n");
3395 return NT_STATUS_SHARING_VIOLATION;
3398 if (!validate_oplock_types(lck)) {
3399 smb_panic("validate_oplock_types failed");
3402 delay = delay_for_oplock(fsp, 0, lease, lck, false,
3404 first_open_attempt);
3406 schedule_defer_open(lck, fsp->file_id, request_time,
3409 DEBUG(10, ("Sent oplock break request to kernel "
3410 "oplock holder\n"));
3411 return NT_STATUS_SHARING_VIOLATION;
3415 * No oplock from Samba around. Set up a poll every 1
3416 * second to retry a non-blocking open until the time
3419 setup_kernel_oplock_poll_open(request_time, req, fsp->file_id);
3422 DBG_DEBUG("No Samba oplock around after EWOULDBLOCK. "
3423 "Retrying with poll\n");
3424 return NT_STATUS_SHARING_VIOLATION;
3427 if (!NT_STATUS_IS_OK(fsp_open)) {
3428 if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_RETRY)) {
3429 schedule_async_open(request_time, req);
3434 if (new_file_created) {
3436 * As we atomically create using O_CREAT|O_EXCL,
3437 * then if new_file_created is true, then
3438 * file_existed *MUST* have been false (even
3439 * if the file was previously detected as being
3442 file_existed = false;
3445 if (file_existed && !check_same_dev_ino(&saved_stat, &smb_fname->st)) {
3447 * The file did exist, but some other (local or NFS)
3448 * process either renamed/unlinked and re-created the
3449 * file with different dev/ino after we walked the path,
3450 * but before we did the open. We could retry the
3451 * open but it's a rare enough case it's easier to
3452 * just fail the open to prevent creating any problems
3453 * in the open file db having the wrong dev/ino key.
3456 DBG_WARNING("file %s - dev/ino mismatch. "
3457 "Old (dev=%ju, ino=%ju). "
3458 "New (dev=%ju, ino=%ju). Failing open "
3459 "with NT_STATUS_ACCESS_DENIED.\n",
3460 smb_fname_str_dbg(smb_fname),
3461 (uintmax_t)saved_stat.st_ex_dev,
3462 (uintmax_t)saved_stat.st_ex_ino,
3463 (uintmax_t)smb_fname->st.st_ex_dev,
3464 (uintmax_t)smb_fname->st.st_ex_ino);
3465 return NT_STATUS_ACCESS_DENIED;
3468 old_write_time = smb_fname->st.st_ex_mtime;
3471 * Deal with the race condition where two smbd's detect the
3472 * file doesn't exist and do the create at the same time. One
3473 * of them will win and set a share mode, the other (ie. this
3474 * one) should check if the requested share mode for this
3475 * create is allowed.
3479 * Now the file exists and fsp is successfully opened,
3480 * fsp->dev and fsp->inode are valid and should replace the
3481 * dev=0,inode=0 from a non existent file. Spotted by
3482 * Nadav Danieli <nadavd@exanet.com>. JRA.
3487 lck = get_share_mode_lock(talloc_tos(), id,
3489 smb_fname, &old_write_time);
3492 DEBUG(0, ("open_file_ntcreate: Could not get share "
3493 "mode lock for %s\n",
3494 smb_fname_str_dbg(smb_fname)));
3496 return NT_STATUS_SHARING_VIOLATION;
3499 /* Get the types we need to examine. */
3500 if (!validate_oplock_types(lck)) {
3501 smb_panic("validate_oplock_types failed");
3504 if (has_delete_on_close(lck, fsp->name_hash)) {
3507 return NT_STATUS_DELETE_PENDING;
3510 status = open_mode_check(conn, lck,
3511 access_mask, share_access);
3513 if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
3514 (lck->data->num_share_modes > 0)) {
3516 * This comes from ancient times out of open_mode_check. I
3517 * have no clue whether this is still necessary. I can't think
3518 * of a case where this would actually matter further down in
3519 * this function. I leave it here for further investigation
3522 file_existed = true;
3527 * Handle oplocks, deferring the request if delay_for_oplock()
3528 * triggered a break message and we have to wait for the break
3532 bool sharing_violation = NT_STATUS_EQUAL(
3533 status, NT_STATUS_SHARING_VIOLATION);
3535 delay = delay_for_oplock(fsp, oplock_request, lease, lck,
3538 first_open_attempt);
3540 schedule_defer_open(lck, fsp->file_id,
3544 return NT_STATUS_SHARING_VIOLATION;
3548 if (!NT_STATUS_IS_OK(status)) {
3549 uint32_t can_access_mask;
3550 bool can_access = True;
3552 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
3554 /* Check if this can be done with the deny_dos and fcb
3557 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
3558 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
3560 DEBUG(0, ("DOS open without an SMB "
3564 return NT_STATUS_INTERNAL_ERROR;
3567 /* Use the client requested access mask here,
3568 * not the one we open with. */
3569 status = fcb_or_dos_open(req,
3580 if (NT_STATUS_IS_OK(status)) {
3583 *pinfo = FILE_WAS_OPENED;
3585 return NT_STATUS_OK;
3590 * This next line is a subtlety we need for
3591 * MS-Access. If a file open will fail due to share
3592 * permissions and also for security (access) reasons,
3593 * we need to return the access failed error, not the
3594 * share error. We can't open the file due to kernel
3595 * oplock deadlock (it's possible we failed above on
3596 * the open_mode_check()) so use a userspace check.
3599 if (flags & O_RDWR) {
3600 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
3601 } else if (flags & O_WRONLY) {
3602 can_access_mask = FILE_WRITE_DATA;
3604 can_access_mask = FILE_READ_DATA;
3607 if (((can_access_mask & FILE_WRITE_DATA) &&
3608 !CAN_WRITE(conn)) ||
3609 !NT_STATUS_IS_OK(smbd_check_access_rights(conn,
3612 can_access_mask))) {
3617 * If we're returning a share violation, ensure we
3618 * cope with the braindead 1 second delay (SMB1 only).
3621 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
3622 !conn->sconn->using_smb2 &&
3623 lp_defer_sharing_violations()) {
3624 struct timeval timeout;
3627 /* this is a hack to speed up torture tests
3629 timeout_usecs = lp_parm_int(SNUM(conn),
3630 "smbd","sharedelay",
3631 SHARING_VIOLATION_USEC_WAIT);
3633 /* This is a relative time, added to the absolute
3634 request_time value to get the absolute timeout time.
3635 Note that if this is the second or greater time we enter
3636 this codepath for this particular request mid then
3637 request_time is left as the absolute time of the *first*
3638 time this request mid was processed. This is what allows
3639 the request to eventually time out. */
3641 timeout = timeval_set(0, timeout_usecs);
3643 if (!request_timed_out(request_time, timeout)) {
3644 defer_open(lck, request_time, timeout, req,
3653 * We have detected a sharing violation here
3654 * so return the correct error code
3656 status = NT_STATUS_SHARING_VIOLATION;
3658 status = NT_STATUS_ACCESS_DENIED;
3663 /* Should we atomically (to the client at least) truncate ? */
3664 if ((!new_file_created) &&
3665 (flags2 & O_TRUNC) &&
3666 (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode))) {
3669 ret = SMB_VFS_FTRUNCATE(fsp, 0);
3671 status = map_nt_error_from_unix(errno);
3676 notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
3677 FILE_NOTIFY_CHANGE_SIZE
3678 | FILE_NOTIFY_CHANGE_ATTRIBUTES,
3679 fsp->fsp_name->base_name);
3683 * We have the share entry *locked*.....
3686 /* Delete streams if create_disposition requires it */
3687 if (!new_file_created && clear_ads(create_disposition) &&
3688 !is_ntfs_stream_smb_fname(smb_fname)) {
3689 status = delete_all_streams(conn, smb_fname);
3690 if (!NT_STATUS_IS_OK(status)) {
3697 /* note that we ignore failure for the following. It is
3698 basically a hack for NFS, and NFS will never set one of
3699 these only read them. Nobody but Samba can ever set a deny
3700 mode and we have already checked our more authoritative
3701 locking database for permission to set this deny mode. If
3702 the kernel refuses the operations then the kernel is wrong.
3703 note that GPFS supports it as well - jmcd */
3705 if (fsp->fh->fd != -1 && lp_kernel_share_modes(SNUM(conn))) {
3708 * Beware: streams implementing VFS modules may
3709 * implement streams in a way that fsp will have the
3710 * basefile open in the fsp fd, so lacking a distinct
3711 * fd for the stream kernel_flock will apply on the
3712 * basefile which is wrong. The actual check is
3713 * deffered to the VFS module implementing the
3714 * kernel_flock call.
3716 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
3717 if(ret_flock == -1 ){
3722 return NT_STATUS_SHARING_VIOLATION;
3725 fsp->kernel_share_modes_taken = true;
3729 * At this point onwards, we can guarantee that the share entry
3730 * is locked, whether we created the file or not, and that the
3731 * deny mode is compatible with all current opens.
3735 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
3736 * but we don't have to store this - just ignore it on access check.
3738 if (conn->sconn->using_smb2) {
3740 * SMB2 doesn't return it (according to Microsoft tests).
3741 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
3742 * File created with access = 0x7 (Read, Write, Delete)
3743 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
3745 fsp->access_mask = access_mask;
3747 /* But SMB1 does. */
3748 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
3753 * stat opens on existing files don't get oplocks.
3754 * They can get leases.
3756 * Note that we check for stat open on the *open_access_mask*,
3757 * i.e. the access mask we actually used to do the open,
3758 * not the one the client asked for (which is in
3759 * fsp->access_mask). This is due to the fact that
3760 * FILE_OVERWRITE and FILE_OVERWRITE_IF add in O_TRUNC,
3761 * which adds FILE_WRITE_DATA to open_access_mask.
3763 if (is_stat_open(open_access_mask) && lease == NULL) {
3764 oplock_request = NO_OPLOCK;
3768 if (new_file_created) {
3769 info = FILE_WAS_CREATED;
3771 if (flags2 & O_TRUNC) {
3772 info = FILE_WAS_OVERWRITTEN;
3774 info = FILE_WAS_OPENED;
3783 * Setup the oplock info in both the shared memory and
3786 status = grant_fsp_oplock_type(req, fsp, lck, oplock_request, lease);
3787 if (!NT_STATUS_IS_OK(status)) {
3793 /* Handle strange delete on close create semantics. */
3794 if (create_options & FILE_DELETE_ON_CLOSE) {
3795 if (!new_file_created) {
3796 status = can_set_delete_on_close(fsp,
3797 existing_dos_attributes);
3799 if (!NT_STATUS_IS_OK(status)) {
3800 /* Remember to delete the mode we just added. */
3801 del_share_mode(lck, fsp);
3807 /* Note that here we set the *initial* delete on close flag,
3808 not the regular one. The magic gets handled in close. */
3809 fsp->initial_delete_on_close = True;
3812 if (info == FILE_WAS_CREATED) {
3813 smb_fname->st.st_ex_iflags &= ~ST_EX_IFLAG_CALCULATED_ITIME;
3816 if (info != FILE_WAS_OPENED) {
3817 /* Overwritten files should be initially set as archive */
3818 if ((info == FILE_WAS_OVERWRITTEN && lp_map_archive(SNUM(conn))) ||
3819 lp_store_dos_attributes(SNUM(conn))) {
3821 if (file_set_dosmode(conn, smb_fname,
3822 new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
3823 parent_dir, true) == 0) {
3824 unx_mode = smb_fname->st.st_ex_mode;
3830 /* Determine sparse flag. */
3832 /* POSIX opens are sparse by default. */
3833 fsp->is_sparse = true;
3835 fsp->is_sparse = (file_existed &&
3836 (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE));
3840 * Take care of inherited ACLs on created files - if default ACL not
3844 if (!posix_open && new_file_created && !def_acl) {
3845 if (unx_mode != smb_fname->st.st_ex_mode) {
3846 int ret = SMB_VFS_FCHMOD(fsp, unx_mode);
3848 DBG_INFO("failed to reset "
3849 "attributes of file %s to 0%o\n",
3850 smb_fname_str_dbg(smb_fname),
3851 (unsigned int)unx_mode);
3855 } else if (new_unx_mode) {
3857 * We only get here in the case of:
3859 * a). Not a POSIX open.
3860 * b). File already existed.
3861 * c). File was overwritten.
3862 * d). Requested DOS attributes didn't match
3863 * the DOS attributes on the existing file.
3865 * In that case new_unx_mode has been set
3866 * equal to the calculated mode (including
3867 * possible inheritance of the mode from the
3868 * containing directory).
3870 * Note this mode was calculated with the
3871 * DOS attribute FILE_ATTRIBUTE_ARCHIVE added,
3872 * so the mode change here is suitable for
3873 * an overwritten file.
3876 if (new_unx_mode != smb_fname->st.st_ex_mode) {
3877 int ret = SMB_VFS_FCHMOD(fsp, new_unx_mode);
3879 DBG_INFO("failed to reset "
3880 "attributes of file %s to 0%o\n",
3881 smb_fname_str_dbg(smb_fname),
3882 (unsigned int)new_unx_mode);
3889 * Deal with other opens having a modified write time.
3891 struct timespec write_time = get_share_mode_write_time(lck);
3893 if (!null_timespec(write_time)) {
3894 update_stat_ex_mtime(&fsp->fsp_name->st, write_time);
3900 return NT_STATUS_OK;
3903 static NTSTATUS mkdir_internal(connection_struct *conn,
3904 struct smb_filename *smb_dname,
3905 uint32_t file_attributes)
3908 char *parent_dir = NULL;
3910 bool posix_open = false;
3911 bool need_re_stat = false;
3912 uint32_t access_mask = SEC_DIR_ADD_SUBDIR;
3914 if (!CAN_WRITE(conn) || (access_mask & ~(conn->share_access))) {
3915 DEBUG(5,("mkdir_internal: failing share access "
3916 "%s\n", lp_servicename(talloc_tos(), SNUM(conn))));
3917 return NT_STATUS_ACCESS_DENIED;
3920 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
3922 return NT_STATUS_NO_MEMORY;
3925 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3927 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
3929 mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, smb_dname, parent_dir);
3932 status = check_parent_access(conn,
3935 if(!NT_STATUS_IS_OK(status)) {
3936 DEBUG(5,("mkdir_internal: check_parent_access "
3937 "on directory %s for path %s returned %s\n",
3939 smb_dname->base_name,
3940 nt_errstr(status) ));
3944 if (SMB_VFS_MKDIR(conn, smb_dname, mode) != 0) {
3945 return map_nt_error_from_unix(errno);
3948 /* Ensure we're checking for a symlink here.... */
3949 /* We don't want to get caught by a symlink racer. */
3951 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
3952 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
3953 smb_fname_str_dbg(smb_dname), strerror(errno)));
3954 return map_nt_error_from_unix(errno);
3957 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
3958 DEBUG(0, ("Directory '%s' just created is not a directory !\n",
3959 smb_fname_str_dbg(smb_dname)));
3960 return NT_STATUS_NOT_A_DIRECTORY;
3963 smb_dname->st.st_ex_iflags &= ~ST_EX_IFLAG_CALCULATED_ITIME;
3965 if (lp_store_dos_attributes(SNUM(conn))) {
3967 file_set_dosmode(conn, smb_dname,
3968 file_attributes | FILE_ATTRIBUTE_DIRECTORY,
3973 if (lp_inherit_permissions(SNUM(conn))) {
3974 inherit_access_posix_acl(conn, parent_dir,
3976 need_re_stat = true;
3981 * Check if high bits should have been set,
3982 * then (if bits are missing): add them.
3983 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
3986 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
3987 (mode & ~smb_dname->st.st_ex_mode)) {
3988 SMB_VFS_CHMOD(conn, smb_dname,
3989 (smb_dname->st.st_ex_mode |
3990 (mode & ~smb_dname->st.st_ex_mode)));
3991 need_re_stat = true;
3995 /* Change the owner if required. */
3996 if (lp_inherit_owner(SNUM(conn)) != INHERIT_OWNER_NO) {
3997 change_dir_owner_to_parent(conn, parent_dir,
4000 need_re_stat = true;
4004 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
4005 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
4006 smb_fname_str_dbg(smb_dname), strerror(errno)));
4007 return map_nt_error_from_unix(errno);
4011 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
4012 smb_dname->base_name);
4014 return NT_STATUS_OK;
4017 /****************************************************************************
4018 Open a directory from an NT SMB call.
4019 ****************************************************************************/
4021 static NTSTATUS open_directory(connection_struct *conn,
4022 struct smb_request *req,
4023 struct smb_filename *smb_dname,
4024 uint32_t access_mask,
4025 uint32_t share_access,
4026 uint32_t create_disposition,
4027 uint32_t create_options,
4028 uint32_t file_attributes,
4030 files_struct **result)
4032 files_struct *fsp = NULL;
4033 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
4034 struct share_mode_lock *lck = NULL;
4036 struct timespec mtimespec;
4040 if (is_ntfs_stream_smb_fname(smb_dname)) {
4041 DEBUG(2, ("open_directory: %s is a stream name!\n",
4042 smb_fname_str_dbg(smb_dname)));
4043 return NT_STATUS_NOT_A_DIRECTORY;
4046 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
4047 /* Ensure we have a directory attribute. */
4048 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
4051 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
4052 "share_access = 0x%x create_options = 0x%x, "
4053 "create_disposition = 0x%x, file_attributes = 0x%x\n",
4054 smb_fname_str_dbg(smb_dname),
4055 (unsigned int)access_mask,
4056 (unsigned int)share_access,
4057 (unsigned int)create_options,
4058 (unsigned int)create_disposition,
4059 (unsigned int)file_attributes));
4061 status = smbd_calculate_access_mask(conn, smb_dname, false,
4062 access_mask, &access_mask);
4063 if (!NT_STATUS_IS_OK(status)) {
4064 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
4065 "on file %s returned %s\n",
4066 smb_fname_str_dbg(smb_dname),
4067 nt_errstr(status)));
4071 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
4072 !security_token_has_privilege(get_current_nttok(conn),
4073 SEC_PRIV_SECURITY)) {
4074 DEBUG(10, ("open_directory: open on %s "
4075 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
4076 smb_fname_str_dbg(smb_dname)));
4077 return NT_STATUS_PRIVILEGE_NOT_HELD;
4080 switch( create_disposition ) {
4084 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4087 info = FILE_WAS_OPENED;
4092 /* If directory exists error. If directory doesn't
4096 status = NT_STATUS_OBJECT_NAME_COLLISION;
4097 DEBUG(2, ("open_directory: unable to create "
4098 "%s. Error was %s\n",
4099 smb_fname_str_dbg(smb_dname),
4100 nt_errstr(status)));
4104 status = mkdir_internal(conn, smb_dname,
4107 if (!NT_STATUS_IS_OK(status)) {
4108 DEBUG(2, ("open_directory: unable to create "
4109 "%s. Error was %s\n",
4110 smb_fname_str_dbg(smb_dname),
4111 nt_errstr(status)));
4115 info = FILE_WAS_CREATED;
4120 * If directory exists open. If directory doesn't
4125 status = NT_STATUS_OK;
4126 info = FILE_WAS_OPENED;
4128 status = mkdir_internal(conn, smb_dname,
4131 if (NT_STATUS_IS_OK(status)) {
4132 info = FILE_WAS_CREATED;
4134 /* Cope with create race. */
4135 if (!NT_STATUS_EQUAL(status,
4136 NT_STATUS_OBJECT_NAME_COLLISION)) {
4137 DEBUG(2, ("open_directory: unable to create "
4138 "%s. Error was %s\n",
4139 smb_fname_str_dbg(smb_dname),
4140 nt_errstr(status)));
4145 * If mkdir_internal() returned
4146 * NT_STATUS_OBJECT_NAME_COLLISION
4147 * we still must lstat the path.
4150 if (SMB_VFS_LSTAT(conn, smb_dname)
4152 DEBUG(2, ("Could not stat "
4153 "directory '%s' just "
4158 return map_nt_error_from_unix(
4162 info = FILE_WAS_OPENED;
4168 case FILE_SUPERSEDE:
4169 case FILE_OVERWRITE:
4170 case FILE_OVERWRITE_IF:
4172 DEBUG(5,("open_directory: invalid create_disposition "
4173 "0x%x for directory %s\n",
4174 (unsigned int)create_disposition,
4175 smb_fname_str_dbg(smb_dname)));
4176 return NT_STATUS_INVALID_PARAMETER;
4179 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
4180 DEBUG(5,("open_directory: %s is not a directory !\n",
4181 smb_fname_str_dbg(smb_dname)));
4182 return NT_STATUS_NOT_A_DIRECTORY;
4185 if (info == FILE_WAS_OPENED) {
4186 status = smbd_check_access_rights(conn,
4190 if (!NT_STATUS_IS_OK(status)) {
4191 DEBUG(10, ("open_directory: smbd_check_access_rights on "
4192 "file %s failed with %s\n",
4193 smb_fname_str_dbg(smb_dname),
4194 nt_errstr(status)));
4199 status = file_new(req, conn, &fsp);
4200 if(!NT_STATUS_IS_OK(status)) {
4205 * Setup the files_struct for it.
4208 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
4209 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
4210 fsp->file_pid = req ? req->smbpid : 0;
4211 fsp->can_lock = False;
4212 fsp->can_read = False;
4213 fsp->can_write = False;
4215 fsp->share_access = share_access;
4216 fsp->fh->private_options = 0;
4218 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
4220 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
4221 fsp->print_file = NULL;
4222 fsp->modified = False;
4223 fsp->oplock_type = NO_OPLOCK;
4224 fsp->sent_oplock_break = NO_BREAK_SENT;
4225 fsp->is_directory = True;
4226 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
4227 fsp->posix_flags |= FSP_POSIX_FLAGS_ALL;
4229 status = fsp_set_smb_fname(fsp, smb_dname);
4230 if (!NT_STATUS_IS_OK(status)) {
4231 file_free(req, fsp);
4235 /* Don't store old timestamps for directory
4236 handles in the internal database. We don't
4237 update them in there if new objects
4238 are creaded in the directory. Currently
4239 we only update timestamps on file writes.
4242 ZERO_STRUCT(mtimespec);
4245 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
4247 /* POSIX allows us to open a directory with O_RDONLY. */
4248 status = fd_open(conn, fsp, O_RDONLY, 0);
4250 if (!NT_STATUS_IS_OK(status)) {
4251 DBG_INFO("Could not open fd for "
4253 smb_fname_str_dbg(smb_dname),
4255 file_free(req, fsp);
4259 status = vfs_stat_fsp(fsp);
4260 if (!NT_STATUS_IS_OK(status)) {
4262 file_free(req, fsp);
4266 if(!S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
4267 DEBUG(5,("open_directory: %s is not a directory !\n",
4268 smb_fname_str_dbg(smb_dname)));
4270 file_free(req, fsp);
4271 return NT_STATUS_NOT_A_DIRECTORY;
4274 /* Ensure there was no race condition. We need to check
4275 * dev/inode but not permissions, as these can change
4277 if (!check_same_dev_ino(&smb_dname->st, &fsp->fsp_name->st)) {
4278 DEBUG(5,("open_directory: stat struct differs for "
4280 smb_fname_str_dbg(smb_dname)));
4282 file_free(req, fsp);
4283 return NT_STATUS_ACCESS_DENIED;
4286 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
4287 conn->connectpath, smb_dname,
4291 DEBUG(0, ("open_directory: Could not get share mode lock for "
4292 "%s\n", smb_fname_str_dbg(smb_dname)));
4294 file_free(req, fsp);
4295 return NT_STATUS_SHARING_VIOLATION;
4298 if (has_delete_on_close(lck, fsp->name_hash)) {
4301 file_free(req, fsp);
4302 return NT_STATUS_DELETE_PENDING;
4305 status = open_mode_check(conn, lck,
4306 access_mask, share_access);
4308 if (!NT_STATUS_IS_OK(status)) {
4311 file_free(req, fsp);
4315 ok = set_share_mode(
4318 get_current_uid(conn),
4326 file_free(req, fsp);
4327 return NT_STATUS_NO_MEMORY;
4330 /* For directories the delete on close bit at open time seems
4331 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
4332 if (create_options & FILE_DELETE_ON_CLOSE) {
4333 status = can_set_delete_on_close(fsp, 0);
4334 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
4335 del_share_mode(lck, fsp);
4338 file_free(req, fsp);
4342 if (NT_STATUS_IS_OK(status)) {
4343 /* Note that here we set the *initial* delete on close flag,
4344 not the regular one. The magic gets handled in close. */
4345 fsp->initial_delete_on_close = True;
4351 * Deal with other opens having a modified write time. Is this
4352 * possible for directories?
4354 struct timespec write_time = get_share_mode_write_time(lck);
4356 if (!null_timespec(write_time)) {
4357 update_stat_ex_mtime(&fsp->fsp_name->st, write_time);
4368 return NT_STATUS_OK;
4371 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
4372 struct smb_filename *smb_dname)
4377 status = SMB_VFS_CREATE_FILE(
4380 0, /* root_dir_fid */
4381 smb_dname, /* fname */
4382 FILE_READ_ATTRIBUTES, /* access_mask */
4383 FILE_SHARE_NONE, /* share_access */
4384 FILE_CREATE, /* create_disposition*/
4385 FILE_DIRECTORY_FILE, /* create_options */
4386 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
4387 0, /* oplock_request */
4389 0, /* allocation_size */
4390 0, /* private_flags */
4395 NULL, NULL); /* create context */
4397 if (NT_STATUS_IS_OK(status)) {
4398 close_file(req, fsp, NORMAL_CLOSE);
4404 /****************************************************************************
4405 Receive notification that one of our open files has been renamed by another
4407 ****************************************************************************/
4409 void msg_file_was_renamed(struct messaging_context *msg_ctx,
4412 struct server_id src,
4415 struct file_rename_message *msg = NULL;
4416 enum ndr_err_code ndr_err;
4418 struct smb_filename *smb_fname = NULL;
4419 struct smbd_server_connection *sconn =
4420 talloc_get_type_abort(private_data,
4421 struct smbd_server_connection);
4423 msg = talloc(talloc_tos(), struct file_rename_message);
4425 DBG_WARNING("talloc failed\n");
4429 ndr_err = ndr_pull_struct_blob_all(
4433 (ndr_pull_flags_fn_t)ndr_pull_file_rename_message);
4434 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
4435 DBG_DEBUG("ndr_pull_oplock_break_message failed: %s\n",
4436 ndr_errstr(ndr_err));
4439 if (DEBUGLEVEL >= 10) {
4440 struct server_id_buf buf;
4441 DBG_DEBUG("Got rename message from %s\n",
4442 server_id_str_buf(src, &buf));
4443 NDR_PRINT_DEBUG(file_rename_message, msg);
4446 /* stream_name must always be NULL if there is no stream. */
4447 if ((msg->stream_name != NULL) && (msg->stream_name[0] == '\0')) {
4448 msg->stream_name = NULL;
4451 smb_fname = synthetic_smb_fname(
4452 msg, msg->base_name, msg->stream_name, NULL, 0);
4453 if (smb_fname == NULL) {
4454 DBG_DEBUG("synthetic_smb_fname failed\n");
4458 fsp = file_find_dif(sconn, msg->id, msg->share_file_id);
4460 DBG_DEBUG("fsp not found\n");
4464 if (strcmp(fsp->conn->connectpath, msg->servicepath) == 0) {
4466 DBG_DEBUG("renaming file %s from %s -> %s\n",
4469 smb_fname_str_dbg(smb_fname));
4470 status = fsp_set_smb_fname(fsp, smb_fname);
4471 if (!NT_STATUS_IS_OK(status)) {
4472 DBG_DEBUG("fsp_set_smb_fname failed: %s\n",
4478 * Now we have the complete path we can work out if
4479 * this is actually within this share and adjust
4480 * newname accordingly.
4482 DBG_DEBUG("share mismatch (sharepath %s not sharepath %s) "
4483 "%s from %s -> %s\n",
4484 fsp->conn->connectpath,
4488 smb_fname_str_dbg(smb_fname));
4495 * If a main file is opened for delete, all streams need to be checked for
4496 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
4497 * If that works, delete them all by setting the delete on close and close.
4500 static NTSTATUS open_streams_for_delete(connection_struct *conn,
4501 const struct smb_filename *smb_fname)
4503 struct stream_struct *stream_info = NULL;
4504 files_struct **streams = NULL;
4506 unsigned int num_streams = 0;
4507 TALLOC_CTX *frame = talloc_stackframe();
4510 status = vfs_streaminfo(conn, NULL, smb_fname, talloc_tos(),
4511 &num_streams, &stream_info);
4513 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
4514 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
4515 DEBUG(10, ("no streams around\n"));
4517 return NT_STATUS_OK;
4520 if (!NT_STATUS_IS_OK(status)) {
4521 DEBUG(10, ("vfs_streaminfo failed: %s\n",
4522 nt_errstr(status)));
4526 DEBUG(10, ("open_streams_for_delete found %d streams\n",
4529 if (num_streams == 0) {
4531 return NT_STATUS_OK;
4534 streams = talloc_array(talloc_tos(), files_struct *, num_streams);
4535 if (streams == NULL) {
4536 DEBUG(0, ("talloc failed\n"));
4537 status = NT_STATUS_NO_MEMORY;
4541 for (i=0; i<num_streams; i++) {
4542 struct smb_filename *smb_fname_cp;
4544 if (strequal(stream_info[i].name, "::$DATA")) {
4549 smb_fname_cp = synthetic_smb_fname(talloc_tos(),
4550 smb_fname->base_name,
4551 stream_info[i].name,
4554 ~SMB_FILENAME_POSIX_PATH));
4555 if (smb_fname_cp == NULL) {
4556 status = NT_STATUS_NO_MEMORY;
4560 if (SMB_VFS_STAT(conn, smb_fname_cp) == -1) {
4561 DEBUG(10, ("Unable to stat stream: %s\n",
4562 smb_fname_str_dbg(smb_fname_cp)));
4565 status = SMB_VFS_CREATE_FILE(
4568 0, /* root_dir_fid */
4569 smb_fname_cp, /* fname */
4570 DELETE_ACCESS, /* access_mask */
4571 (FILE_SHARE_READ | /* share_access */
4572 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
4573 FILE_OPEN, /* create_disposition*/
4574 0, /* create_options */
4575 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
4576 0, /* oplock_request */
4578 0, /* allocation_size */
4579 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
4582 &streams[i], /* result */
4584 NULL, NULL); /* create context */
4586 if (!NT_STATUS_IS_OK(status)) {
4587 DEBUG(10, ("Could not open stream %s: %s\n",
4588 smb_fname_str_dbg(smb_fname_cp),
4589 nt_errstr(status)));
4591 TALLOC_FREE(smb_fname_cp);
4594 TALLOC_FREE(smb_fname_cp);
4598 * don't touch the variable "status" beyond this point :-)
4601 for (i -= 1 ; i >= 0; i--) {
4602 if (streams[i] == NULL) {
4606 DEBUG(10, ("Closing stream # %d, %s\n", i,
4607 fsp_str_dbg(streams[i])));
4608 close_file(NULL, streams[i], NORMAL_CLOSE);
4616 /*********************************************************************
4617 Create a default ACL by inheriting from the parent. If no inheritance
4618 from the parent available, don't set anything. This will leave the actual
4619 permissions the new file or directory already got from the filesystem
4620 as the NT ACL when read.
4621 *********************************************************************/
4623 static NTSTATUS inherit_new_acl(files_struct *fsp)
4625 TALLOC_CTX *frame = talloc_stackframe();
4626 char *parent_name = NULL;
4627 struct security_descriptor *parent_desc = NULL;
4628 NTSTATUS status = NT_STATUS_OK;
4629 struct security_descriptor *psd = NULL;
4630 const struct dom_sid *owner_sid = NULL;
4631 const struct dom_sid *group_sid = NULL;
4632 uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
4633 struct security_token *token = fsp->conn->session_info->security_token;
4634 bool inherit_owner =
4635 (lp_inherit_owner(SNUM(fsp->conn)) == INHERIT_OWNER_WINDOWS_AND_UNIX);
4636 bool inheritable_components = false;
4637 bool try_builtin_administrators = false;
4638 const struct dom_sid *BA_U_sid = NULL;
4639 const struct dom_sid *BA_G_sid = NULL;
4640 bool try_system = false;
4641 const struct dom_sid *SY_U_sid = NULL;
4642 const struct dom_sid *SY_G_sid = NULL;
4644 struct smb_filename *parent_smb_fname = NULL;
4646 if (!parent_dirname(frame, fsp->fsp_name->base_name, &parent_name, NULL)) {
4648 return NT_STATUS_NO_MEMORY;
4650 parent_smb_fname = synthetic_smb_fname(talloc_tos(),
4654 fsp->fsp_name->flags);
4656 if (parent_smb_fname == NULL) {
4658 return NT_STATUS_NO_MEMORY;
4661 status = SMB_VFS_GET_NT_ACL(fsp->conn,
4663 (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
4666 if (!NT_STATUS_IS_OK(status)) {
4671 inheritable_components = sd_has_inheritable_components(parent_desc,
4674 if (!inheritable_components && !inherit_owner) {
4676 /* Nothing to inherit and not setting owner. */
4677 return NT_STATUS_OK;
4680 /* Create an inherited descriptor from the parent. */
4682 if (DEBUGLEVEL >= 10) {
4683 DEBUG(10,("inherit_new_acl: parent acl for %s is:\n",
4684 fsp_str_dbg(fsp) ));
4685 NDR_PRINT_DEBUG(security_descriptor, parent_desc);
4688 /* Inherit from parent descriptor if "inherit owner" set. */
4689 if (inherit_owner) {
4690 owner_sid = parent_desc->owner_sid;
4691 group_sid = parent_desc->group_sid;
4694 if (owner_sid == NULL) {
4695 if (security_token_has_builtin_administrators(token)) {
4696 try_builtin_administrators = true;
4697 } else if (security_token_is_system(token)) {
4698 try_builtin_administrators = true;
4703 if (group_sid == NULL &&
4704 token->num_sids == PRIMARY_GROUP_SID_INDEX)
4706 if (security_token_is_system(token)) {
4707 try_builtin_administrators = true;
4712 if (try_builtin_administrators) {
4717 ok = sids_to_unixids(&global_sid_Builtin_Administrators, 1, &ids);
4721 BA_U_sid = &global_sid_Builtin_Administrators;
4722 BA_G_sid = &global_sid_Builtin_Administrators;
4725 BA_U_sid = &global_sid_Builtin_Administrators;
4728 BA_G_sid = &global_sid_Builtin_Administrators;
4741 ok = sids_to_unixids(&global_sid_System, 1, &ids);
4745 SY_U_sid = &global_sid_System;
4746 SY_G_sid = &global_sid_System;
4749 SY_U_sid = &global_sid_System;
4752 SY_G_sid = &global_sid_System;
4760 if (owner_sid == NULL) {
4761 owner_sid = BA_U_sid;
4764 if (owner_sid == NULL) {
4765 owner_sid = SY_U_sid;
4768 if (group_sid == NULL) {
4769 group_sid = SY_G_sid;
4772 if (try_system && group_sid == NULL) {
4773 group_sid = BA_G_sid;
4776 if (owner_sid == NULL) {
4777 owner_sid = &token->sids[PRIMARY_USER_SID_INDEX];
4779 if (group_sid == NULL) {
4780 if (token->num_sids == PRIMARY_GROUP_SID_INDEX) {
4781 group_sid = &token->sids[PRIMARY_USER_SID_INDEX];
4783 group_sid = &token->sids[PRIMARY_GROUP_SID_INDEX];
4787 status = se_create_child_secdesc(frame,
4794 if (!NT_STATUS_IS_OK(status)) {
4799 /* If inheritable_components == false,
4800 se_create_child_secdesc()
4801 creates a security descriptor with a NULL dacl
4802 entry, but with SEC_DESC_DACL_PRESENT. We need
4803 to remove that flag. */
4805 if (!inheritable_components) {
4806 security_info_sent &= ~SECINFO_DACL;
4807 psd->type &= ~SEC_DESC_DACL_PRESENT;
4810 if (DEBUGLEVEL >= 10) {
4811 DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
4812 fsp_str_dbg(fsp) ));
4813 NDR_PRINT_DEBUG(security_descriptor, psd);
4816 if (inherit_owner) {
4817 /* We need to be root to force this. */
4820 status = SMB_VFS_FSET_NT_ACL(fsp,
4823 if (inherit_owner) {
4831 * If we already have a lease, it must match the new file id. [MS-SMB2]
4832 * 3.3.5.9.8 speaks about INVALID_PARAMETER if an already used lease key is
4833 * used for a different file name.
4836 struct lease_match_state {
4837 /* Input parameters. */
4838 TALLOC_CTX *mem_ctx;
4839 const char *servicepath;
4840 const struct smb_filename *fname;
4843 /* Return parameters. */
4844 uint32_t num_file_ids;
4845 struct file_id *ids;
4846 NTSTATUS match_status;
4849 /*************************************************************
4850 File doesn't exist but this lease key+guid is already in use.
4852 This is only allowable in the dynamic share case where the
4853 service path must be different.
4855 There is a small race condition here in the multi-connection
4856 case where a client sends two create calls on different connections,
4857 where the file doesn't exist and one smbd creates the leases_db
4858 entry first, but this will get fixed by the multichannel cleanup
4859 when all identical client_guids get handled by a single smbd.
4860 **************************************************************/
4862 static void lease_match_parser_new_file(
4864 const struct leases_db_file *files,
4865 struct lease_match_state *state)
4869 for (i = 0; i < num_files; i++) {
4870 const struct leases_db_file *f = &files[i];
4871 if (strequal(state->servicepath, f->servicepath)) {
4872 state->match_status = NT_STATUS_INVALID_PARAMETER;
4877 /* Dynamic share case. Break leases on all other files. */
4878 state->match_status = leases_db_copy_file_ids(state->mem_ctx,
4882 if (!NT_STATUS_IS_OK(state->match_status)) {
4886 state->num_file_ids = num_files;
4887 state->match_status = NT_STATUS_OPLOCK_NOT_GRANTED;
4891 static void lease_match_parser(
4893 const struct leases_db_file *files,
4896 struct lease_match_state *state =
4897 (struct lease_match_state *)private_data;
4900 if (!state->file_existed) {
4902 * Deal with name mismatch or
4903 * possible dynamic share case separately
4904 * to make code clearer.
4906 lease_match_parser_new_file(num_files,
4913 state->match_status = NT_STATUS_OK;
4915 for (i = 0; i < num_files; i++) {
4916 const struct leases_db_file *f = &files[i];
4918 /* Everything should be the same. */
4919 if (!file_id_equal(&state->id, &f->id)) {
4920 /* This should catch all dynamic share cases. */
4921 state->match_status = NT_STATUS_OPLOCK_NOT_GRANTED;
4924 if (!strequal(f->servicepath, state->servicepath)) {
4925 state->match_status = NT_STATUS_INVALID_PARAMETER;
4928 if (!strequal(f->base_name, state->fname->base_name)) {
4929 state->match_status = NT_STATUS_INVALID_PARAMETER;
4932 if (!strequal(f->stream_name, state->fname->stream_name)) {
4933 state->match_status = NT_STATUS_INVALID_PARAMETER;
4938 if (NT_STATUS_IS_OK(state->match_status)) {
4940 * Common case - just opening another handle on a
4941 * file on a non-dynamic share.
4946 if (NT_STATUS_EQUAL(state->match_status, NT_STATUS_INVALID_PARAMETER)) {
4947 /* Mismatched path. Error back to client. */
4952 * File id mismatch. Dynamic share case NT_STATUS_OPLOCK_NOT_GRANTED.
4953 * Don't allow leases.
4956 state->match_status = leases_db_copy_file_ids(state->mem_ctx,
4960 if (!NT_STATUS_IS_OK(state->match_status)) {
4964 state->num_file_ids = num_files;
4965 state->match_status = NT_STATUS_OPLOCK_NOT_GRANTED;
4969 static NTSTATUS lease_match(connection_struct *conn,
4970 struct smb_request *req,
4971 struct smb2_lease_key *lease_key,
4972 const char *servicepath,
4973 const struct smb_filename *fname,
4974 uint16_t *p_version,
4977 struct smbd_server_connection *sconn = req->sconn;
4978 TALLOC_CTX *tos = talloc_tos();
4979 struct lease_match_state state = {
4981 .servicepath = servicepath,
4983 .match_status = NT_STATUS_OK
4988 state.file_existed = VALID_STAT(fname->st);
4989 if (state.file_existed) {
4990 state.id = vfs_file_id_from_sbuf(conn, &fname->st);
4993 status = leases_db_parse(&sconn->client->connections->smb2.client.guid,
4994 lease_key, lease_match_parser, &state);
4995 if (!NT_STATUS_IS_OK(status)) {
4997 * Not found or error means okay: We can make the lease pass
4999 return NT_STATUS_OK;
5001 if (!NT_STATUS_EQUAL(state.match_status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
5003 * Anything but NT_STATUS_OPLOCK_NOT_GRANTED, let the caller
5006 return state.match_status;
5009 /* We have to break all existing leases. */
5010 for (i = 0; i < state.num_file_ids; i++) {
5011 struct share_mode_lock *lck;
5012 struct share_mode_data *d;
5013 struct share_mode_entry *lease_entry = NULL;
5016 if (file_id_equal(&state.ids[i], &state.id)) {
5017 /* Don't need to break our own file. */
5021 lck = get_existing_share_mode_lock(talloc_tos(), state.ids[i]);
5023 /* Race condition - file already closed. */
5027 for (j=0; j<d->num_share_modes; j++) {
5028 struct share_mode_entry *e = &d->share_modes[j];
5029 uint32_t e_lease_type = get_lease_type(d, e);
5031 if (share_mode_stale_pid(d, j)) {
5035 if (e->op_type == LEASE_OPLOCK) {
5036 if (!smb2_lease_key_equal(&e->lease_key,
5043 if (e_lease_type == SMB2_LEASE_NONE) {
5047 send_break_message(conn->sconn->msg_ctx, &d->id, e,
5051 * Windows 7 and 8 lease clients
5052 * are broken in that they will not
5053 * respond to lease break requests
5054 * whilst waiting for an outstanding
5055 * open request on that lease handle
5056 * on the same TCP connection, due
5057 * to holding an internal inode lock.
5059 * This means we can't reschedule
5060 * ourselves here, but must return
5065 * Send the breaks and then return
5066 * SMB2_LEASE_NONE in the lease handle
5067 * to cause them to acknowledge the
5068 * lease break. Consultation with
5069 * Microsoft engineering confirmed
5070 * this approach is safe.
5075 if (lease_entry != NULL) {
5076 status = leases_db_get(
5077 &lease_entry->client_guid,
5078 &lease_entry->lease_key,
5080 NULL, /* current_state */
5081 NULL, /* breaking */
5082 NULL, /* breaking_to_requested */
5083 NULL, /* breaking_to_required */
5084 p_version, /* lease_version */
5085 p_epoch); /* epoch */
5086 if (!NT_STATUS_IS_OK(status)) {
5087 DBG_WARNING("Could not find version/epoch: "
5096 * Ensure we don't grant anything more so we
5099 return NT_STATUS_OPLOCK_NOT_GRANTED;
5103 * Wrapper around open_file_ntcreate and open_directory
5106 static NTSTATUS create_file_unixpath(connection_struct *conn,
5107 struct smb_request *req,
5108 struct smb_filename *smb_fname,
5109 uint32_t access_mask,
5110 uint32_t share_access,
5111 uint32_t create_disposition,
5112 uint32_t create_options,
5113 uint32_t file_attributes,
5114 uint32_t oplock_request,
5115 struct smb2_lease *lease,
5116 uint64_t allocation_size,
5117 uint32_t private_flags,
5118 struct security_descriptor *sd,
5119 struct ea_list *ea_list,
5121 files_struct **result,
5124 int info = FILE_WAS_OPENED;
5125 files_struct *base_fsp = NULL;
5126 files_struct *fsp = NULL;
5129 DBG_DEBUG("create_file_unixpath: access_mask = 0x%x "
5130 "file_attributes = 0x%x, share_access = 0x%x, "
5131 "create_disposition = 0x%x create_options = 0x%x "
5132 "oplock_request = 0x%x private_flags = 0x%x "
5133 "ea_list = %p, sd = %p, "
5135 (unsigned int)access_mask,
5136 (unsigned int)file_attributes,
5137 (unsigned int)share_access,
5138 (unsigned int)create_disposition,
5139 (unsigned int)create_options,
5140 (unsigned int)oplock_request,
5141 (unsigned int)private_flags,
5142 ea_list, sd, smb_fname_str_dbg(smb_fname));
5144 if (create_options & FILE_OPEN_BY_FILE_ID) {
5145 status = NT_STATUS_NOT_SUPPORTED;
5149 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
5150 status = NT_STATUS_INVALID_PARAMETER;
5155 oplock_request |= INTERNAL_OPEN_ONLY;
5158 if (lease != NULL) {
5159 uint16_t epoch = lease->lease_epoch;
5160 uint16_t version = lease->lease_version;
5163 DBG_WARNING("Got lease on internal open\n");
5164 status = NT_STATUS_INTERNAL_ERROR;
5168 status = lease_match(conn,
5175 if (NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
5176 /* Dynamic share file. No leases and update epoch... */
5177 lease->lease_state = SMB2_LEASE_NONE;
5178 lease->lease_epoch = epoch;
5179 lease->lease_version = version;
5180 } else if (!NT_STATUS_IS_OK(status)) {
5185 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
5186 && (access_mask & DELETE_ACCESS)
5187 && !is_ntfs_stream_smb_fname(smb_fname)) {
5189 * We can't open a file with DELETE access if any of the
5190 * streams is open without FILE_SHARE_DELETE
5192 status = open_streams_for_delete(conn, smb_fname);
5194 if (!NT_STATUS_IS_OK(status)) {
5199 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
5200 !security_token_has_privilege(get_current_nttok(conn),
5201 SEC_PRIV_SECURITY)) {
5202 DEBUG(10, ("create_file_unixpath: open on %s "
5203 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
5204 smb_fname_str_dbg(smb_fname)));
5205 status = NT_STATUS_PRIVILEGE_NOT_HELD;
5210 * Files or directories can't be opened DELETE_ON_CLOSE without
5212 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358
5214 if (create_options & FILE_DELETE_ON_CLOSE) {
5215 if ((access_mask & DELETE_ACCESS) == 0) {
5216 status = NT_STATUS_INVALID_PARAMETER;
5221 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
5222 && is_ntfs_stream_smb_fname(smb_fname)
5223 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
5224 uint32_t base_create_disposition;
5225 struct smb_filename *smb_fname_base = NULL;
5226 uint32_t base_privflags;
5228 if (create_options & FILE_DIRECTORY_FILE) {
5229 status = NT_STATUS_NOT_A_DIRECTORY;
5233 switch (create_disposition) {
5235 base_create_disposition = FILE_OPEN;
5238 base_create_disposition = FILE_OPEN_IF;
5242 /* Create an smb_filename with stream_name == NULL. */
5243 smb_fname_base = synthetic_smb_fname(talloc_tos(),
5244 smb_fname->base_name,
5248 if (smb_fname_base == NULL) {
5249 status = NT_STATUS_NO_MEMORY;
5253 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
5254 DEBUG(10, ("Unable to stat stream: %s\n",
5255 smb_fname_str_dbg(smb_fname_base)));
5258 * https://bugzilla.samba.org/show_bug.cgi?id=10229
5259 * We need to check if the requested access mask
5260 * could be used to open the underlying file (if
5261 * it existed), as we're passing in zero for the
5262 * access mask to the base filename.
5264 status = check_base_file_access(conn,
5268 if (!NT_STATUS_IS_OK(status)) {
5269 DEBUG(10, ("Permission check "
5270 "for base %s failed: "
5271 "%s\n", smb_fname->base_name,
5272 nt_errstr(status)));
5277 base_privflags = NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN;
5279 /* Open the base file. */
5280 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
5283 | FILE_SHARE_DELETE,
5284 base_create_disposition,
5289 TALLOC_FREE(smb_fname_base);
5291 if (!NT_STATUS_IS_OK(status)) {
5292 DEBUG(10, ("create_file_unixpath for base %s failed: "
5293 "%s\n", smb_fname->base_name,
5294 nt_errstr(status)));
5297 /* we don't need the low level fd */
5302 * If it's a request for a directory open, deal with it separately.
5305 if (create_options & FILE_DIRECTORY_FILE) {
5307 if (create_options & FILE_NON_DIRECTORY_FILE) {
5308 status = NT_STATUS_INVALID_PARAMETER;
5312 /* Can't open a temp directory. IFS kit test. */
5313 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
5314 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
5315 status = NT_STATUS_INVALID_PARAMETER;
5320 * We will get a create directory here if the Win32
5321 * app specified a security descriptor in the
5322 * CreateDirectory() call.
5326 status = open_directory(
5327 conn, req, smb_fname, access_mask, share_access,
5328 create_disposition, create_options, file_attributes,
5333 * Ordinary file case.
5336 status = file_new(req, conn, &fsp);
5337 if(!NT_STATUS_IS_OK(status)) {
5341 status = fsp_set_smb_fname(fsp, smb_fname);
5342 if (!NT_STATUS_IS_OK(status)) {
5348 * We're opening the stream element of a
5349 * base_fsp we already opened. Set up the
5352 fsp->base_fsp = base_fsp;
5355 if (allocation_size) {
5356 fsp->initial_allocation_size = smb_roundup(fsp->conn,
5360 status = open_file_ntcreate(conn,
5373 if(!NT_STATUS_IS_OK(status)) {
5374 file_free(req, fsp);
5378 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
5380 /* A stream open never opens a directory */
5383 status = NT_STATUS_FILE_IS_A_DIRECTORY;
5388 * Fail the open if it was explicitly a non-directory
5392 if (create_options & FILE_NON_DIRECTORY_FILE) {
5393 status = NT_STATUS_FILE_IS_A_DIRECTORY;
5398 status = open_directory(
5399 conn, req, smb_fname, access_mask,
5400 share_access, create_disposition,
5401 create_options, file_attributes,
5406 if (!NT_STATUS_IS_OK(status)) {
5410 fsp->base_fsp = base_fsp;
5412 if ((ea_list != NULL) &&
5413 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
5414 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
5415 if (!NT_STATUS_IS_OK(status)) {
5420 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
5421 status = NT_STATUS_ACCESS_DENIED;
5425 /* Save the requested allocation size. */
5426 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
5427 if ((allocation_size > fsp->fsp_name->st.st_ex_size)
5428 && !(fsp->is_directory))
5430 fsp->initial_allocation_size = smb_roundup(
5431 fsp->conn, allocation_size);
5432 if (vfs_allocate_file_space(
5433 fsp, fsp->initial_allocation_size) == -1) {
5434 status = NT_STATUS_DISK_FULL;
5438 fsp->initial_allocation_size = smb_roundup(
5439 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
5442 fsp->initial_allocation_size = 0;
5445 if ((info == FILE_WAS_CREATED) && lp_nt_acl_support(SNUM(conn)) &&
5446 fsp->base_fsp == NULL) {
5449 * According to the MS documentation, the only time the security
5450 * descriptor is applied to the opened file is iff we *created* the
5451 * file; an existing file stays the same.
5453 * Also, it seems (from observation) that you can open the file with
5454 * any access mask but you can still write the sd. We need to override
5455 * the granted access before we call set_sd
5456 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
5459 uint32_t sec_info_sent;
5460 uint32_t saved_access_mask = fsp->access_mask;
5462 sec_info_sent = get_sec_info(sd);
5464 fsp->access_mask = FILE_GENERIC_ALL;
5466 if (sec_info_sent & (SECINFO_OWNER|
5470 status = set_sd(fsp, sd, sec_info_sent);
5473 fsp->access_mask = saved_access_mask;
5475 if (!NT_STATUS_IS_OK(status)) {
5478 } else if (lp_inherit_acls(SNUM(conn))) {
5479 /* Inherit from parent. Errors here are not fatal. */
5480 status = inherit_new_acl(fsp);
5481 if (!NT_STATUS_IS_OK(status)) {
5482 DEBUG(10,("inherit_new_acl: failed for %s with %s\n",
5484 nt_errstr(status) ));
5489 if ((conn->fs_capabilities & FILE_FILE_COMPRESSION)
5490 && (create_options & FILE_NO_COMPRESSION)
5491 && (info == FILE_WAS_CREATED)) {
5492 status = SMB_VFS_SET_COMPRESSION(conn, fsp, fsp,
5493 COMPRESSION_FORMAT_NONE);
5494 if (!NT_STATUS_IS_OK(status)) {
5495 DEBUG(1, ("failed to disable compression: %s\n",
5496 nt_errstr(status)));
5500 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
5503 if (pinfo != NULL) {
5507 smb_fname->st = fsp->fsp_name->st;
5509 return NT_STATUS_OK;
5512 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
5515 if (base_fsp && fsp->base_fsp == base_fsp) {
5517 * The close_file below will close
5522 close_file(req, fsp, ERROR_CLOSE);
5525 if (base_fsp != NULL) {
5526 close_file(req, base_fsp, ERROR_CLOSE);
5533 * Calculate the full path name given a relative fid.
5535 NTSTATUS get_relative_fid_filename(connection_struct *conn,
5536 struct smb_request *req,
5537 uint16_t root_dir_fid,
5538 const struct smb_filename *smb_fname,
5539 struct smb_filename **smb_fname_out)
5541 files_struct *dir_fsp;
5542 char *parent_fname = NULL;
5543 char *new_base_name = NULL;
5544 uint32_t ucf_flags = ucf_flags_from_smb_request(req);
5547 if (root_dir_fid == 0 || !smb_fname) {
5548 status = NT_STATUS_INTERNAL_ERROR;
5552 dir_fsp = file_fsp(req, root_dir_fid);
5554 if (dir_fsp == NULL) {
5555 status = NT_STATUS_INVALID_HANDLE;
5559 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
5560 status = NT_STATUS_INVALID_HANDLE;
5564 if (!dir_fsp->is_directory) {
5567 * Check to see if this is a mac fork of some kind.
5570 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
5571 is_ntfs_stream_smb_fname(smb_fname)) {
5572 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
5577 we need to handle the case when we get a
5578 relative open relative to a file and the
5579 pathname is blank - this is a reopen!
5580 (hint from demyn plantenberg)
5583 status = NT_STATUS_INVALID_HANDLE;
5587 if (ISDOT(dir_fsp->fsp_name->base_name)) {
5589 * We're at the toplevel dir, the final file name
5590 * must not contain ./, as this is filtered out
5591 * normally by srvstr_get_path and unix_convert
5592 * explicitly rejects paths containing ./.
5594 parent_fname = talloc_strdup(talloc_tos(), "");
5595 if (parent_fname == NULL) {
5596 status = NT_STATUS_NO_MEMORY;
5600 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
5603 * Copy in the base directory name.
5606 parent_fname = talloc_array(talloc_tos(), char,
5608 if (parent_fname == NULL) {
5609 status = NT_STATUS_NO_MEMORY;
5612 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
5616 * Ensure it ends in a '/'.
5617 * We used TALLOC_SIZE +2 to add space for the '/'.
5621 && (parent_fname[dir_name_len-1] != '\\')
5622 && (parent_fname[dir_name_len-1] != '/')) {
5623 parent_fname[dir_name_len] = '/';
5624 parent_fname[dir_name_len+1] = '\0';
5628 new_base_name = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
5629 smb_fname->base_name);
5630 if (new_base_name == NULL) {
5631 status = NT_STATUS_NO_MEMORY;
5635 status = filename_convert(req,
5642 if (!NT_STATUS_IS_OK(status)) {
5647 TALLOC_FREE(parent_fname);
5648 TALLOC_FREE(new_base_name);
5652 NTSTATUS create_file_default(connection_struct *conn,
5653 struct smb_request *req,
5654 uint16_t root_dir_fid,
5655 struct smb_filename *smb_fname,
5656 uint32_t access_mask,
5657 uint32_t share_access,
5658 uint32_t create_disposition,
5659 uint32_t create_options,
5660 uint32_t file_attributes,
5661 uint32_t oplock_request,
5662 struct smb2_lease *lease,
5663 uint64_t allocation_size,
5664 uint32_t private_flags,
5665 struct security_descriptor *sd,
5666 struct ea_list *ea_list,
5667 files_struct **result,
5669 const struct smb2_create_blobs *in_context_blobs,
5670 struct smb2_create_blobs *out_context_blobs)
5672 int info = FILE_WAS_OPENED;
5673 files_struct *fsp = NULL;
5675 bool stream_name = false;
5677 DBG_DEBUG("create_file: access_mask = 0x%x "
5678 "file_attributes = 0x%x, share_access = 0x%x, "
5679 "create_disposition = 0x%x create_options = 0x%x "
5680 "oplock_request = 0x%x "
5681 "private_flags = 0x%x "
5682 "root_dir_fid = 0x%x, ea_list = %p, sd = %p, "
5684 (unsigned int)access_mask,
5685 (unsigned int)file_attributes,
5686 (unsigned int)share_access,
5687 (unsigned int)create_disposition,
5688 (unsigned int)create_options,
5689 (unsigned int)oplock_request,
5690 (unsigned int)private_flags,
5691 (unsigned int)root_dir_fid,
5692 ea_list, sd, smb_fname_str_dbg(smb_fname));
5695 * Calculate the filename from the root_dir_if if necessary.
5698 if (root_dir_fid != 0) {
5699 struct smb_filename *smb_fname_out = NULL;
5700 status = get_relative_fid_filename(conn, req, root_dir_fid,
5701 smb_fname, &smb_fname_out);
5702 if (!NT_STATUS_IS_OK(status)) {
5705 smb_fname = smb_fname_out;
5709 * Check to see if this is a mac fork of some kind.
5712 stream_name = is_ntfs_stream_smb_fname(smb_fname);
5714 enum FAKE_FILE_TYPE fake_file_type;
5716 fake_file_type = is_fake_file(smb_fname);
5718 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
5721 * Here we go! support for changing the disk quotas
5724 * We need to fake up to open this MAGIC QUOTA file
5725 * and return a valid FID.
5727 * w2k close this file directly after openening xp
5728 * also tries a QUERY_FILE_INFO on the file and then
5731 status = open_fake_file(req, conn, req->vuid,
5732 fake_file_type, smb_fname,
5734 if (!NT_STATUS_IS_OK(status)) {
5738 ZERO_STRUCT(smb_fname->st);
5742 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
5743 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5748 if (is_ntfs_default_stream_smb_fname(smb_fname)) {
5750 smb_fname->stream_name = NULL;
5751 /* We have to handle this error here. */
5752 if (create_options & FILE_DIRECTORY_FILE) {
5753 status = NT_STATUS_NOT_A_DIRECTORY;
5756 if (req != NULL && req->posix_pathnames) {
5757 ret = SMB_VFS_LSTAT(conn, smb_fname);
5759 ret = SMB_VFS_STAT(conn, smb_fname);
5762 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) {
5763 status = NT_STATUS_FILE_IS_A_DIRECTORY;
5768 status = create_file_unixpath(
5769 conn, req, smb_fname, access_mask, share_access,
5770 create_disposition, create_options, file_attributes,
5771 oplock_request, lease, allocation_size, private_flags,
5775 if (!NT_STATUS_IS_OK(status)) {
5780 DEBUG(10, ("create_file: info=%d\n", info));
5783 if (pinfo != NULL) {
5786 return NT_STATUS_OK;
5789 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
5792 close_file(req, fsp, ERROR_CLOSE);