2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/filesys.h"
25 #include "smbd/smbd.h"
26 #include "smbd/globals.h"
27 #include "fake_file.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_security.h"
33 extern const struct generic_mapping file_generic_mapping;
35 struct deferred_open_record {
36 bool delayed_for_oplocks;
40 /****************************************************************************
41 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
42 ****************************************************************************/
44 NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
45 const struct security_descriptor *sd,
46 const struct security_token *token,
47 uint32_t access_desired,
48 uint32_t *access_granted)
52 if (get_current_uid(conn) == (uid_t)0) {
53 /* I'm sorry sir, I didn't know you were root... */
54 *access_granted = access_desired;
55 if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
56 *access_granted |= FILE_GENERIC_ALL;
61 return se_access_check(sd,
63 (access_desired & ~FILE_READ_ATTRIBUTES),
67 /****************************************************************************
68 Check if we have open rights.
69 ****************************************************************************/
71 NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
72 const struct smb_filename *smb_fname,
74 uint32_t *access_granted)
76 /* Check if we have rights to open. */
78 struct security_descriptor *sd = NULL;
79 uint32_t rejected_share_access;
81 rejected_share_access = access_mask & ~(conn->share_access);
83 if (rejected_share_access) {
84 *access_granted = rejected_share_access;
85 return NT_STATUS_ACCESS_DENIED;
88 if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
89 *access_granted = access_mask;
91 DEBUG(10,("smbd_check_open_rights: not checking ACL "
92 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
93 smb_fname_str_dbg(smb_fname),
94 (unsigned int)*access_granted ));
98 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
103 if (!NT_STATUS_IS_OK(status)) {
104 DEBUG(10, ("smbd_check_open_rights: Could not get acl "
106 smb_fname_str_dbg(smb_fname),
111 status = smb1_file_se_access_check(conn,
113 get_current_nttok(conn),
117 DEBUG(10,("smbd_check_open_rights: file %s requesting "
118 "0x%x returning 0x%x (%s)\n",
119 smb_fname_str_dbg(smb_fname),
120 (unsigned int)access_mask,
121 (unsigned int)*access_granted,
122 nt_errstr(status) ));
124 if (!NT_STATUS_IS_OK(status)) {
125 if (DEBUGLEVEL >= 10) {
126 DEBUG(10,("smbd_check_open_rights: acl for %s is:\n",
127 smb_fname_str_dbg(smb_fname) ));
128 NDR_PRINT_DEBUG(security_descriptor, sd);
137 static NTSTATUS check_parent_access(struct connection_struct *conn,
138 struct smb_filename *smb_fname,
139 uint32_t access_mask,
140 char **pp_parent_dir,
141 struct security_descriptor **pp_parent_sd)
144 char *parent_dir = NULL;
145 struct security_descriptor *parent_sd = NULL;
146 uint32_t access_granted = 0;
148 if (!parent_dirname(talloc_tos(),
149 smb_fname->base_name,
152 return NT_STATUS_NO_MEMORY;
155 status = SMB_VFS_GET_NT_ACL(conn,
160 if (!NT_STATUS_IS_OK(status)) {
161 DEBUG(5,("check_parent_access: SMB_VFS_GET_NT_ACL failed for "
162 "%s with error %s\n",
168 status = smb1_file_se_access_check(conn,
170 get_current_nttok(conn),
173 if(!NT_STATUS_IS_OK(status)) {
174 DEBUG(5,("check_parent_access: access check "
175 "on directory %s for "
176 "path %s for mask 0x%x returned (0x%x) %s\n",
178 smb_fname->base_name,
181 nt_errstr(status) ));
186 *pp_parent_dir = parent_dir;
189 *pp_parent_sd = parent_sd;
194 /****************************************************************************
195 If the requester wanted DELETE_ACCESS and was only rejected because
196 the file ACL didn't include DELETE_ACCESS, see if the parent ACL
198 ****************************************************************************/
200 static bool parent_override_delete(connection_struct *conn,
201 struct smb_filename *smb_fname,
202 uint32_t access_mask,
203 uint32_t rejected_mask)
205 if ((access_mask & DELETE_ACCESS) &&
206 (rejected_mask == DELETE_ACCESS) &&
207 can_delete_file_in_directory(conn, smb_fname)) {
213 /****************************************************************************
214 fd support routines - attempt to do a dos_open.
215 ****************************************************************************/
217 static NTSTATUS fd_open(struct connection_struct *conn,
222 struct smb_filename *smb_fname = fsp->fsp_name;
223 NTSTATUS status = NT_STATUS_OK;
227 * Never follow symlinks on a POSIX client. The
228 * client should be doing this.
231 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
236 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
237 if (fsp->fh->fd == -1) {
238 status = map_nt_error_from_unix(errno);
239 if (errno == EMFILE) {
240 static time_t last_warned = 0L;
242 if (time((time_t *) NULL) > last_warned) {
243 DEBUG(0,("Too many open files, unable "
244 "to open more! smbd's max "
246 lp_max_open_files()));
247 last_warned = time((time_t *) NULL);
253 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
254 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
255 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
260 /****************************************************************************
261 Close the file associated with a fsp.
262 ****************************************************************************/
264 NTSTATUS fd_close(files_struct *fsp)
271 if (fsp->fh->fd == -1) {
272 return NT_STATUS_OK; /* What we used to call a stat open. */
274 if (fsp->fh->ref_count > 1) {
275 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
278 ret = SMB_VFS_CLOSE(fsp);
281 return map_nt_error_from_unix(errno);
286 /****************************************************************************
287 Change the ownership of a file to that of the parent directory.
288 Do this by fd if possible.
289 ****************************************************************************/
291 void change_file_owner_to_parent(connection_struct *conn,
292 const char *inherit_from_dir,
295 struct smb_filename *smb_fname_parent = NULL;
299 status = create_synthetic_smb_fname(talloc_tos(), inherit_from_dir,
300 NULL, NULL, &smb_fname_parent);
301 if (!NT_STATUS_IS_OK(status)) {
305 ret = SMB_VFS_STAT(conn, smb_fname_parent);
307 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
308 "directory %s. Error was %s\n",
309 smb_fname_str_dbg(smb_fname_parent),
311 TALLOC_FREE(smb_fname_parent);
315 if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
316 /* Already this uid - no need to change. */
317 DEBUG(10,("change_file_owner_to_parent: file %s "
318 "is already owned by uid %d\n",
320 (int)fsp->fsp_name->st.st_ex_uid ));
321 TALLOC_FREE(smb_fname_parent);
326 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
329 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
330 "file %s to parent directory uid %u. Error "
331 "was %s\n", fsp_str_dbg(fsp),
332 (unsigned int)smb_fname_parent->st.st_ex_uid,
335 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
336 "parent directory uid %u.\n", fsp_str_dbg(fsp),
337 (unsigned int)smb_fname_parent->st.st_ex_uid));
338 /* Ensure the uid entry is updated. */
339 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
342 TALLOC_FREE(smb_fname_parent);
345 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
346 const char *inherit_from_dir,
348 SMB_STRUCT_STAT *psbuf)
350 struct smb_filename *smb_fname_parent = NULL;
351 struct smb_filename *smb_fname_cwd = NULL;
352 char *saved_dir = NULL;
353 TALLOC_CTX *ctx = talloc_tos();
354 NTSTATUS status = NT_STATUS_OK;
357 status = create_synthetic_smb_fname(ctx, inherit_from_dir, NULL, NULL,
359 if (!NT_STATUS_IS_OK(status)) {
363 ret = SMB_VFS_STAT(conn, smb_fname_parent);
365 status = map_nt_error_from_unix(errno);
366 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
367 "directory %s. Error was %s\n",
368 smb_fname_str_dbg(smb_fname_parent),
373 /* We've already done an lstat into psbuf, and we know it's a
374 directory. If we can cd into the directory and the dev/ino
375 are the same then we can safely chown without races as
376 we're locking the directory in place by being in it. This
377 should work on any UNIX (thanks tridge :-). JRA.
380 saved_dir = vfs_GetWd(ctx,conn);
382 status = map_nt_error_from_unix(errno);
383 DEBUG(0,("change_dir_owner_to_parent: failed to get "
384 "current working directory. Error was %s\n",
389 /* Chdir into the new path. */
390 if (vfs_ChDir(conn, fname) == -1) {
391 status = map_nt_error_from_unix(errno);
392 DEBUG(0,("change_dir_owner_to_parent: failed to change "
393 "current working directory to %s. Error "
394 "was %s\n", fname, strerror(errno) ));
398 status = create_synthetic_smb_fname(ctx, ".", NULL, NULL,
400 if (!NT_STATUS_IS_OK(status)) {
404 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
406 status = map_nt_error_from_unix(errno);
407 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
408 "directory '.' (%s) Error was %s\n",
409 fname, strerror(errno)));
413 /* Ensure we're pointing at the same place. */
414 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
415 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
416 DEBUG(0,("change_dir_owner_to_parent: "
417 "device/inode on directory %s changed. "
418 "Refusing to chown !\n", fname ));
419 status = NT_STATUS_ACCESS_DENIED;
423 if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
424 /* Already this uid - no need to change. */
425 DEBUG(10,("change_dir_owner_to_parent: directory %s "
426 "is already owned by uid %d\n",
428 (int)smb_fname_cwd->st.st_ex_uid ));
429 status = NT_STATUS_OK;
434 ret = SMB_VFS_LCHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
438 status = map_nt_error_from_unix(errno);
439 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
440 "directory %s to parent directory uid %u. "
441 "Error was %s\n", fname,
442 (unsigned int)smb_fname_parent->st.st_ex_uid,
445 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
446 "directory %s to parent directory uid %u.\n",
447 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
448 /* Ensure the uid entry is updated. */
449 psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid;
453 vfs_ChDir(conn,saved_dir);
455 TALLOC_FREE(smb_fname_parent);
456 TALLOC_FREE(smb_fname_cwd);
460 /****************************************************************************
462 ****************************************************************************/
464 static NTSTATUS open_file(files_struct *fsp,
465 connection_struct *conn,
466 struct smb_request *req,
467 const char *parent_dir,
470 uint32 access_mask, /* client requested access mask. */
471 uint32 open_access_mask) /* what we're actually using in the open. */
473 struct smb_filename *smb_fname = fsp->fsp_name;
474 NTSTATUS status = NT_STATUS_OK;
475 int accmode = (flags & O_ACCMODE);
476 int local_flags = flags;
477 bool file_existed = VALID_STAT(fsp->fsp_name->st);
478 bool file_created = false;
483 /* Check permissions */
486 * This code was changed after seeing a client open request
487 * containing the open mode of (DENY_WRITE/read-only) with
488 * the 'create if not exist' bit set. The previous code
489 * would fail to open the file read only on a read-only share
490 * as it was checking the flags parameter directly against O_RDONLY,
491 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
495 if (!CAN_WRITE(conn)) {
496 /* It's a read-only share - fail if we wanted to write. */
497 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
498 DEBUG(3,("Permission denied opening %s\n",
499 smb_fname_str_dbg(smb_fname)));
500 return NT_STATUS_ACCESS_DENIED;
501 } else if(flags & O_CREAT) {
502 /* We don't want to write - but we must make sure that
503 O_CREAT doesn't create the file if we have write
504 access into the directory.
506 flags &= ~(O_CREAT|O_EXCL);
507 local_flags &= ~(O_CREAT|O_EXCL);
512 * This little piece of insanity is inspired by the
513 * fact that an NT client can open a file for O_RDONLY,
514 * but set the create disposition to FILE_EXISTS_TRUNCATE.
515 * If the client *can* write to the file, then it expects to
516 * truncate the file, even though it is opening for readonly.
517 * Quicken uses this stupid trick in backup file creation...
518 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
519 * for helping track this one down. It didn't bite us in 2.0.x
520 * as we always opened files read-write in that release. JRA.
523 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
524 DEBUG(10,("open_file: truncate requested on read-only open "
525 "for file %s\n", smb_fname_str_dbg(smb_fname)));
526 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
529 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
530 (!file_existed && (local_flags & O_CREAT)) ||
531 ((local_flags & O_TRUNC) == O_TRUNC) ) {
535 * We can't actually truncate here as the file may be locked.
536 * open_file_ntcreate will take care of the truncate later. JRA.
539 local_flags &= ~O_TRUNC;
541 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
543 * We would block on opening a FIFO with no one else on the
544 * other end. Do what we used to do and add O_NONBLOCK to the
548 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
549 local_flags |= O_NONBLOCK;
553 /* Don't create files with Microsoft wildcard characters. */
556 * wildcard characters are allowed in stream names
557 * only test the basefilename
559 wild = fsp->base_fsp->fsp_name->base_name;
561 wild = smb_fname->base_name;
563 if ((local_flags & O_CREAT) && !file_existed &&
565 return NT_STATUS_OBJECT_NAME_INVALID;
568 /* Actually do the open */
569 status = fd_open(conn, fsp, local_flags, unx_mode);
570 if (!NT_STATUS_IS_OK(status)) {
571 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
572 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
573 nt_errstr(status),local_flags,flags));
577 if ((local_flags & O_CREAT) && !file_existed) {
582 uint32_t access_granted = 0;
584 fsp->fh->fd = -1; /* What we used to call a stat open. */
586 /* File must exist for a stat open. */
587 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
590 status = smbd_check_open_rights(conn,
594 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
596 * On NT_STATUS_ACCESS_DENIED, access_granted
597 * contains the denied bits.
600 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
601 (access_granted & FILE_WRITE_ATTRIBUTES) &&
602 (lp_map_readonly(SNUM(conn)) ||
603 lp_map_archive(SNUM(conn)) ||
604 lp_map_hidden(SNUM(conn)) ||
605 lp_map_system(SNUM(conn)))) {
606 access_granted &= ~FILE_WRITE_ATTRIBUTES;
608 DEBUG(10,("open_file: "
617 if (parent_override_delete(conn,
621 /* Were we trying to do a stat open
622 * for delete and didn't get DELETE
623 * access (only) ? Check if the
624 * directory allows DELETE_CHILD.
626 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
629 access_granted &= ~DELETE_ACCESS;
631 DEBUG(10,("open_file: "
639 if (access_granted != 0) {
640 DEBUG(10,("open_file: Access "
641 "denied (0x%x) on file "
649 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
651 S_ISLNK(smb_fname->st.st_ex_mode)) {
652 /* This is a POSIX stat open for delete
653 * or rename on a symlink that points
655 DEBUG(10,("open_file: allowing POSIX "
656 "open on bad symlink %s\n",
659 } else if (!NT_STATUS_IS_OK(status)) {
660 DEBUG(10,("open_file: "
661 "smbd_check_open_rights on file "
663 smb_fname_str_dbg(smb_fname),
664 nt_errstr(status) ));
672 if (fsp->fh->fd == -1) {
673 ret = SMB_VFS_STAT(conn, smb_fname);
675 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
676 /* If we have an fd, this stat should succeed. */
678 DEBUG(0,("Error doing fstat on open file %s "
680 smb_fname_str_dbg(smb_fname),
685 /* For a non-io open, this stat failing means file not found. JRA */
687 status = map_nt_error_from_unix(errno);
693 bool need_re_stat = false;
694 /* Do all inheritance work after we've
695 done a successful stat call and filled
696 in the stat struct in fsp->fsp_name. */
698 /* Inherit the ACL if required */
699 if (lp_inherit_perms(SNUM(conn))) {
700 inherit_access_posix_acl(conn, parent_dir,
701 smb_fname->base_name,
706 /* Change the owner if required. */
707 if (lp_inherit_owner(SNUM(conn))) {
708 change_file_owner_to_parent(conn, parent_dir,
714 if (fsp->fh->fd == -1) {
715 ret = SMB_VFS_STAT(conn, smb_fname);
717 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
718 /* If we have an fd, this stat should succeed. */
720 DEBUG(0,("Error doing fstat on open file %s "
722 smb_fname_str_dbg(smb_fname),
728 notify_fname(conn, NOTIFY_ACTION_ADDED,
729 FILE_NOTIFY_CHANGE_FILE_NAME,
730 smb_fname->base_name);
735 * POSIX allows read-only opens of directories. We don't
736 * want to do this (we use a different code path for this)
737 * so catch a directory open and return an EISDIR. JRA.
740 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
743 return NT_STATUS_FILE_IS_A_DIRECTORY;
746 fsp->mode = smb_fname->st.st_ex_mode;
747 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
748 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
749 fsp->file_pid = req ? req->smbpid : 0;
750 fsp->can_lock = True;
751 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
752 if (!CAN_WRITE(conn)) {
753 fsp->can_write = False;
755 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
758 fsp->print_file = NULL;
759 fsp->modified = False;
760 fsp->sent_oplock_break = NO_BREAK_SENT;
761 fsp->is_directory = False;
762 if (conn->aio_write_behind_list &&
763 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
764 conn->case_sensitive)) {
765 fsp->aio_write_behind = True;
768 fsp->wcp = NULL; /* Write cache pointer. */
770 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
771 conn->session_info->unix_info->unix_name,
772 smb_fname_str_dbg(smb_fname),
773 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
774 conn->num_files_open));
780 /****************************************************************************
781 Check if we can open a file with a share mode.
782 Returns True if conflict, False if not.
783 ****************************************************************************/
785 static bool share_conflict(struct share_mode_entry *entry,
789 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
790 "entry->share_access = 0x%x, "
791 "entry->private_options = 0x%x\n",
792 (unsigned int)entry->access_mask,
793 (unsigned int)entry->share_access,
794 (unsigned int)entry->private_options));
796 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
797 (unsigned int)access_mask, (unsigned int)share_access));
799 if ((entry->access_mask & (FILE_WRITE_DATA|
803 DELETE_ACCESS)) == 0) {
804 DEBUG(10,("share_conflict: No conflict due to "
805 "entry->access_mask = 0x%x\n",
806 (unsigned int)entry->access_mask ));
810 if ((access_mask & (FILE_WRITE_DATA|
814 DELETE_ACCESS)) == 0) {
815 DEBUG(10,("share_conflict: No conflict due to "
816 "access_mask = 0x%x\n",
817 (unsigned int)access_mask ));
821 #if 1 /* JRA TEST - Superdebug. */
822 #define CHECK_MASK(num, am, right, sa, share) \
823 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
824 (unsigned int)(num), (unsigned int)(am), \
825 (unsigned int)(right), (unsigned int)(am)&(right) )); \
826 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
827 (unsigned int)(num), (unsigned int)(sa), \
828 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
829 if (((am) & (right)) && !((sa) & (share))) { \
830 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
831 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
832 (unsigned int)(share) )); \
836 #define CHECK_MASK(num, am, right, sa, share) \
837 if (((am) & (right)) && !((sa) & (share))) { \
838 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
839 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
840 (unsigned int)(share) )); \
845 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
846 share_access, FILE_SHARE_WRITE);
847 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
848 entry->share_access, FILE_SHARE_WRITE);
850 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
851 share_access, FILE_SHARE_READ);
852 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
853 entry->share_access, FILE_SHARE_READ);
855 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
856 share_access, FILE_SHARE_DELETE);
857 CHECK_MASK(6, access_mask, DELETE_ACCESS,
858 entry->share_access, FILE_SHARE_DELETE);
860 DEBUG(10,("share_conflict: No conflict.\n"));
864 #if defined(DEVELOPER)
865 static void validate_my_share_entries(struct smbd_server_connection *sconn,
867 struct share_mode_entry *share_entry)
871 if (!procid_is_me(&share_entry->pid)) {
875 if (is_deferred_open_entry(share_entry) &&
876 !open_was_deferred(sconn, share_entry->op_mid)) {
877 char *str = talloc_asprintf(talloc_tos(),
878 "Got a deferred entry without a request: "
880 share_mode_str(talloc_tos(), num, share_entry));
884 if (!is_valid_share_mode_entry(share_entry)) {
888 fsp = file_find_dif(sconn, share_entry->id,
889 share_entry->share_file_id);
891 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
892 share_mode_str(talloc_tos(), num, share_entry) ));
893 smb_panic("validate_my_share_entries: Cannot match a "
894 "share entry with an open file\n");
897 if (is_deferred_open_entry(share_entry) ||
898 is_unused_share_mode_entry(share_entry)) {
902 if ((share_entry->op_type == NO_OPLOCK) &&
903 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
904 /* Someone has already written to it, but I haven't yet
909 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
918 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
919 share_mode_str(talloc_tos(), num, share_entry) ));
920 str = talloc_asprintf(talloc_tos(),
921 "validate_my_share_entries: "
922 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
923 fsp->fsp_name->base_name,
924 (unsigned int)fsp->oplock_type,
925 (unsigned int)share_entry->op_type );
931 bool is_stat_open(uint32 access_mask)
933 return (access_mask &&
934 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
935 FILE_WRITE_ATTRIBUTES))==0) &&
936 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
937 FILE_WRITE_ATTRIBUTES)) != 0));
940 /****************************************************************************
941 Deal with share modes
942 Invarient: Share mode must be locked on entry and exit.
943 Returns -1 on error, or number of share modes on success (may be zero).
944 ****************************************************************************/
946 static NTSTATUS open_mode_check(connection_struct *conn,
947 struct share_mode_lock *lck,
951 uint32 create_options,
956 if(lck->num_share_modes == 0) {
960 *file_existed = True;
962 /* A delete on close prohibits everything */
964 if (is_delete_on_close_set(lck, name_hash)) {
965 return NT_STATUS_DELETE_PENDING;
968 if (is_stat_open(access_mask)) {
969 /* Stat open that doesn't trigger oplock breaks or share mode
970 * checks... ! JRA. */
975 * Check if the share modes will give us access.
978 #if defined(DEVELOPER)
979 for(i = 0; i < lck->num_share_modes; i++) {
980 validate_my_share_entries(conn->sconn, i,
981 &lck->share_modes[i]);
985 if (!lp_share_modes(SNUM(conn))) {
989 /* Now we check the share modes, after any oplock breaks. */
990 for(i = 0; i < lck->num_share_modes; i++) {
992 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
996 /* someone else has a share lock on it, check to see if we can
998 if (share_conflict(&lck->share_modes[i],
999 access_mask, share_access)) {
1000 return NT_STATUS_SHARING_VIOLATION;
1004 return NT_STATUS_OK;
1007 static bool is_delete_request(files_struct *fsp) {
1008 return ((fsp->access_mask == DELETE_ACCESS) &&
1009 (fsp->oplock_type == NO_OPLOCK));
1013 * Send a break message to the oplock holder and delay the open for
1017 static NTSTATUS send_break_message(files_struct *fsp,
1018 struct share_mode_entry *exclusive,
1023 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
1025 DEBUG(10, ("Sending break request to PID %s\n",
1026 procid_str_static(&exclusive->pid)));
1027 exclusive->op_mid = mid;
1029 /* Create the message. */
1030 share_mode_entry_to_message(msg, exclusive);
1032 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
1033 don't want this set in the share mode struct pointed to by lck. */
1035 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
1036 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET,
1037 exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
1040 status = messaging_send_buf(fsp->conn->sconn->msg_ctx, exclusive->pid,
1041 MSG_SMB_BREAK_REQUEST,
1043 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
1044 if (!NT_STATUS_IS_OK(status)) {
1045 DEBUG(3, ("Could not send oplock break message: %s\n",
1046 nt_errstr(status)));
1053 * Return share_mode_entry pointers for :
1054 * 1). Batch oplock entry.
1055 * 2). Batch or exclusive oplock entry (may be identical to #1).
1056 * bool have_level2_oplock
1057 * bool have_no_oplock.
1058 * Do internal consistency checks on the share mode for a file.
1061 static void find_oplock_types(files_struct *fsp,
1063 struct share_mode_lock *lck,
1064 struct share_mode_entry **pp_batch,
1065 struct share_mode_entry **pp_ex_or_batch,
1067 bool *got_no_oplock)
1072 *pp_ex_or_batch = NULL;
1073 *got_level2 = false;
1074 *got_no_oplock = false;
1076 /* Ignore stat or internal opens, as is done in
1077 delay_for_batch_oplocks() and
1078 delay_for_exclusive_oplocks().
1080 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1084 for (i=0; i<lck->num_share_modes; i++) {
1085 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
1089 if (lck->share_modes[i].op_type == NO_OPLOCK &&
1090 is_stat_open(lck->share_modes[i].access_mask)) {
1091 /* We ignore stat opens in the table - they
1092 always have NO_OPLOCK and never get or
1093 cause breaks. JRA. */
1097 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
1098 /* batch - can only be one. */
1099 if (*pp_ex_or_batch || *pp_batch || *got_level2 || *got_no_oplock) {
1100 smb_panic("Bad batch oplock entry.");
1102 *pp_batch = &lck->share_modes[i];
1105 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
1106 /* Exclusive or batch - can only be one. */
1107 if (*pp_ex_or_batch || *got_level2 || *got_no_oplock) {
1108 smb_panic("Bad exclusive or batch oplock entry.");
1110 *pp_ex_or_batch = &lck->share_modes[i];
1113 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
1114 if (*pp_batch || *pp_ex_or_batch) {
1115 smb_panic("Bad levelII oplock entry.");
1120 if (lck->share_modes[i].op_type == NO_OPLOCK) {
1121 if (*pp_batch || *pp_ex_or_batch) {
1122 smb_panic("Bad no oplock entry.");
1124 *got_no_oplock = true;
1129 static bool delay_for_batch_oplocks(files_struct *fsp,
1132 struct share_mode_entry *batch_entry)
1134 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1138 if (batch_entry != NULL) {
1139 /* Found a batch oplock */
1140 send_break_message(fsp, batch_entry, mid, oplock_request);
1146 static bool delay_for_exclusive_oplocks(files_struct *fsp,
1149 struct share_mode_entry *ex_entry)
1151 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1155 if (ex_entry != NULL) {
1156 /* Found an exclusive or batch oplock */
1157 bool delay_it = is_delete_request(fsp) ?
1158 BATCH_OPLOCK_TYPE(ex_entry->op_type) : true;
1160 send_break_message(fsp, ex_entry, mid, oplock_request);
1167 static void grant_fsp_oplock_type(files_struct *fsp,
1168 const struct byte_range_lock *br_lck,
1170 bool got_level2_oplock,
1171 bool got_a_none_oplock)
1173 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
1174 lp_level2_oplocks(SNUM(fsp->conn));
1176 /* Start by granting what the client asked for,
1177 but ensure no SAMBA_PRIVATE bits can be set. */
1178 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1180 if (oplock_request & INTERNAL_OPEN_ONLY) {
1181 /* No oplocks on internal open. */
1182 fsp->oplock_type = NO_OPLOCK;
1183 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1184 fsp->oplock_type, fsp_str_dbg(fsp)));
1186 } else if (br_lck && br_lck->num_locks > 0) {
1187 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
1189 fsp->oplock_type = NO_OPLOCK;
1192 if (is_stat_open(fsp->access_mask)) {
1193 /* Leave the value already set. */
1194 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1195 fsp->oplock_type, fsp_str_dbg(fsp)));
1200 * Match what was requested (fsp->oplock_type) with
1201 * what was found in the existing share modes.
1204 if (got_a_none_oplock) {
1205 fsp->oplock_type = NO_OPLOCK;
1206 } else if (got_level2_oplock) {
1207 if (fsp->oplock_type == NO_OPLOCK ||
1208 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
1209 /* Store a level2 oplock, but don't tell the client */
1210 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1212 fsp->oplock_type = LEVEL_II_OPLOCK;
1215 /* All share_mode_entries are placeholders or deferred.
1216 * Silently upgrade to fake levelII if the client didn't
1217 * ask for an oplock. */
1218 if (fsp->oplock_type == NO_OPLOCK) {
1219 /* Store a level2 oplock, but don't tell the client */
1220 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1225 * Don't grant level2 to clients that don't want them
1226 * or if we've turned them off.
1228 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1229 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1232 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1233 fsp->oplock_type, fsp_str_dbg(fsp)));
1236 bool request_timed_out(struct timeval request_time,
1237 struct timeval timeout)
1239 struct timeval now, end_time;
1241 end_time = timeval_sum(&request_time, &timeout);
1242 return (timeval_compare(&end_time, &now) < 0);
1245 /****************************************************************************
1246 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1247 ****************************************************************************/
1249 static void defer_open(struct share_mode_lock *lck,
1250 struct timeval request_time,
1251 struct timeval timeout,
1252 struct smb_request *req,
1253 struct deferred_open_record *state)
1257 /* Paranoia check */
1259 for (i=0; i<lck->num_share_modes; i++) {
1260 struct share_mode_entry *e = &lck->share_modes[i];
1262 if (!is_deferred_open_entry(e)) {
1266 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
1267 DEBUG(0, ("Trying to defer an already deferred "
1268 "request: mid=%llu, exiting\n",
1269 (unsigned long long)req->mid));
1270 exit_server("attempt to defer a deferred request");
1274 /* End paranoia check */
1276 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1277 "open entry for mid %llu\n",
1278 (unsigned int)request_time.tv_sec,
1279 (unsigned int)request_time.tv_usec,
1280 (unsigned long long)req->mid));
1282 if (!push_deferred_open_message_smb(req, request_time, timeout,
1283 state->id, (char *)state, sizeof(*state))) {
1284 exit_server("push_deferred_open_message_smb failed");
1286 add_deferred_open(lck, req->mid, request_time,
1287 sconn_server_id(req->sconn), state->id);
1291 /****************************************************************************
1292 On overwrite open ensure that the attributes match.
1293 ****************************************************************************/
1295 bool open_match_attributes(connection_struct *conn,
1296 uint32 old_dos_attr,
1297 uint32 new_dos_attr,
1298 mode_t existing_unx_mode,
1299 mode_t new_unx_mode,
1300 mode_t *returned_unx_mode)
1302 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1304 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1305 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1307 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1308 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1309 *returned_unx_mode = new_unx_mode;
1311 *returned_unx_mode = (mode_t)0;
1314 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1315 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1316 "returned_unx_mode = 0%o\n",
1317 (unsigned int)old_dos_attr,
1318 (unsigned int)existing_unx_mode,
1319 (unsigned int)new_dos_attr,
1320 (unsigned int)*returned_unx_mode ));
1322 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1323 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1324 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1325 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1329 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1330 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1331 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1338 /****************************************************************************
1339 Special FCB or DOS processing in the case of a sharing violation.
1340 Try and find a duplicated file handle.
1341 ****************************************************************************/
1343 NTSTATUS fcb_or_dos_open(struct smb_request *req,
1344 connection_struct *conn,
1345 files_struct *fsp_to_dup_into,
1346 const struct smb_filename *smb_fname,
1351 uint32 share_access,
1352 uint32 create_options)
1356 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1357 "file %s.\n", smb_fname_str_dbg(smb_fname)));
1359 for(fsp = file_find_di_first(conn->sconn, id); fsp;
1360 fsp = file_find_di_next(fsp)) {
1362 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1363 "vuid = %u, file_pid = %u, private_options = 0x%x "
1364 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1365 fsp->fh->fd, (unsigned int)fsp->vuid,
1366 (unsigned int)fsp->file_pid,
1367 (unsigned int)fsp->fh->private_options,
1368 (unsigned int)fsp->access_mask ));
1370 if (fsp->fh->fd != -1 &&
1371 fsp->vuid == vuid &&
1372 fsp->file_pid == file_pid &&
1373 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1374 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1375 (fsp->access_mask & FILE_WRITE_DATA) &&
1376 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1377 strequal(fsp->fsp_name->stream_name,
1378 smb_fname->stream_name)) {
1379 DEBUG(10,("fcb_or_dos_open: file match\n"));
1385 return NT_STATUS_NOT_FOUND;
1388 /* quite an insane set of semantics ... */
1389 if (is_executable(smb_fname->base_name) &&
1390 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1391 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1392 return NT_STATUS_INVALID_PARAMETER;
1395 /* We need to duplicate this fsp. */
1396 return dup_file_fsp(req, fsp, access_mask, share_access,
1397 create_options, fsp_to_dup_into);
1400 static void schedule_defer_open(struct share_mode_lock *lck,
1401 struct timeval request_time,
1402 struct smb_request *req)
1404 struct deferred_open_record state;
1406 /* This is a relative time, added to the absolute
1407 request_time value to get the absolute timeout time.
1408 Note that if this is the second or greater time we enter
1409 this codepath for this particular request mid then
1410 request_time is left as the absolute time of the *first*
1411 time this request mid was processed. This is what allows
1412 the request to eventually time out. */
1414 struct timeval timeout;
1416 /* Normally the smbd we asked should respond within
1417 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1418 * the client did, give twice the timeout as a safety
1419 * measure here in case the other smbd is stuck
1420 * somewhere else. */
1422 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1424 /* Nothing actually uses state.delayed_for_oplocks
1425 but it's handy to differentiate in debug messages
1426 between a 30 second delay due to oplock break, and
1427 a 1 second delay for share mode conflicts. */
1429 state.delayed_for_oplocks = True;
1432 if (!request_timed_out(request_time, timeout)) {
1433 defer_open(lck, request_time, timeout, req, &state);
1437 /****************************************************************************
1438 Work out what access_mask to use from what the client sent us.
1439 ****************************************************************************/
1441 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
1442 const struct smb_filename *smb_fname,
1444 uint32_t access_mask,
1445 uint32_t *access_mask_out)
1448 uint32_t orig_access_mask = access_mask;
1449 uint32_t rejected_share_access;
1452 * Convert GENERIC bits to specific bits.
1455 se_map_generic(&access_mask, &file_generic_mapping);
1457 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1458 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1461 struct security_descriptor *sd;
1462 uint32_t access_granted = 0;
1464 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1469 if (!NT_STATUS_IS_OK(status)) {
1470 DEBUG(10,("smbd_calculate_access_mask: "
1471 "Could not get acl on file %s: %s\n",
1472 smb_fname_str_dbg(smb_fname),
1473 nt_errstr(status)));
1474 return NT_STATUS_ACCESS_DENIED;
1477 status = smb1_file_se_access_check(conn,
1479 get_current_nttok(conn),
1485 if (!NT_STATUS_IS_OK(status)) {
1486 DEBUG(10, ("smbd_calculate_access_mask: "
1487 "Access denied on file %s: "
1488 "when calculating maximum access\n",
1489 smb_fname_str_dbg(smb_fname)));
1490 return NT_STATUS_ACCESS_DENIED;
1493 access_mask = access_granted;
1495 access_mask = FILE_GENERIC_ALL;
1498 access_mask &= conn->share_access;
1501 rejected_share_access = access_mask & ~(conn->share_access);
1503 if (rejected_share_access) {
1504 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
1505 "file %s: rejected by share access mask[0x%08X] "
1506 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
1507 smb_fname_str_dbg(smb_fname),
1509 orig_access_mask, access_mask,
1510 rejected_share_access));
1511 return NT_STATUS_ACCESS_DENIED;
1514 *access_mask_out = access_mask;
1515 return NT_STATUS_OK;
1518 /****************************************************************************
1519 Remove the deferred open entry under lock.
1520 ****************************************************************************/
1522 void remove_deferred_open_entry(struct file_id id, uint64_t mid,
1523 struct server_id pid)
1525 struct share_mode_lock *lck = get_share_mode_lock(talloc_tos(), id,
1528 DEBUG(0, ("could not get share mode lock\n"));
1530 del_deferred_open_entry(lck, mid, pid);
1535 /****************************************************************
1536 Ensure we get the brlock lock followed by the share mode lock
1537 in the correct order to prevent deadlocks if other smbd's are
1538 using the brlock database on this file simultaneously with this open
1539 (that code also gets the locks in brlock -> share mode lock order).
1540 ****************************************************************/
1542 static bool acquire_ordered_locks(TALLOC_CTX *mem_ctx,
1544 const struct file_id id,
1545 const char *connectpath,
1546 const struct smb_filename *smb_fname,
1547 const struct timespec *p_old_write_time,
1548 struct share_mode_lock **p_lck,
1549 struct byte_range_lock **p_br_lck)
1551 /* Ordering - we must get the br_lck for this
1552 file before the share mode. */
1553 if (lp_locking(fsp->conn->params)) {
1554 *p_br_lck = brl_get_locks_readonly(fsp);
1555 if (*p_br_lck == NULL) {
1556 DEBUG(0, ("Could not get br_lock\n"));
1559 /* Note - we don't need to free the returned
1560 br_lck explicitly as it was allocated on talloc_tos()
1561 and so will be autofreed (and release the lock)
1562 once the frame context disappears.
1564 If it was set to fsp->brlock_rec then it was
1565 talloc_move'd to hang off the fsp pointer and
1566 in this case is guarenteed to not be holding the
1567 lock on the brlock database. */
1570 *p_lck = get_share_mode_lock(mem_ctx,
1576 if (*p_lck == NULL) {
1577 DEBUG(0, ("Could not get share mode lock\n"));
1578 TALLOC_FREE(*p_br_lck);
1584 /****************************************************************************
1585 Open a file with a share mode. Passed in an already created files_struct *.
1586 ****************************************************************************/
1588 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1589 struct smb_request *req,
1590 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1591 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1592 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1593 uint32 create_options, /* options such as delete on close. */
1594 uint32 new_dos_attributes, /* attributes used for new file. */
1595 int oplock_request, /* internal Samba oplock codes. */
1596 /* Information (FILE_EXISTS etc.) */
1597 uint32_t private_flags, /* Samba specific flags. */
1601 struct smb_filename *smb_fname = fsp->fsp_name;
1604 bool file_existed = VALID_STAT(smb_fname->st);
1605 bool def_acl = False;
1606 bool posix_open = False;
1607 bool new_file_created = False;
1608 bool clear_ads = false;
1610 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1611 mode_t new_unx_mode = (mode_t)0;
1612 mode_t unx_mode = (mode_t)0;
1614 uint32 existing_dos_attributes = 0;
1615 struct timeval request_time = timeval_zero();
1616 struct share_mode_lock *lck = NULL;
1617 uint32 open_access_mask = access_mask;
1623 if (conn->printer) {
1625 * Printers are handled completely differently.
1626 * Most of the passed parameters are ignored.
1630 *pinfo = FILE_WAS_CREATED;
1633 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1634 smb_fname_str_dbg(smb_fname)));
1637 DEBUG(0,("open_file_ntcreate: printer open without "
1638 "an SMB request!\n"));
1639 return NT_STATUS_INTERNAL_ERROR;
1642 return print_spool_open(fsp, smb_fname->base_name,
1646 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
1648 return NT_STATUS_NO_MEMORY;
1651 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1653 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1654 new_dos_attributes = 0;
1656 /* Windows allows a new file to be created and
1657 silently removes a FILE_ATTRIBUTE_DIRECTORY
1658 sent by the client. Do the same. */
1660 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
1662 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
1664 unx_mode = unix_mode(conn, new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
1665 smb_fname, parent_dir);
1668 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1669 "access_mask=0x%x share_access=0x%x "
1670 "create_disposition = 0x%x create_options=0x%x "
1671 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
1672 smb_fname_str_dbg(smb_fname), new_dos_attributes,
1673 access_mask, share_access, create_disposition,
1674 create_options, (unsigned int)unx_mode, oplock_request,
1675 (unsigned int)private_flags));
1677 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1678 DEBUG(0, ("No smb request but not an internal only open!\n"));
1679 return NT_STATUS_INTERNAL_ERROR;
1683 * Only non-internal opens can be deferred at all
1688 if (get_deferred_open_message_state(req,
1692 struct deferred_open_record *state = (struct deferred_open_record *)ptr;
1693 /* Remember the absolute time of the original
1694 request with this mid. We'll use it later to
1695 see if this has timed out. */
1697 /* Remove the deferred open entry under lock. */
1698 remove_deferred_open_entry(
1699 state->id, req->mid,
1700 sconn_server_id(req->sconn));
1702 /* Ensure we don't reprocess this message. */
1703 remove_deferred_open_message_smb(req->sconn, req->mid);
1707 status = check_name(conn, smb_fname->base_name);
1708 if (!NT_STATUS_IS_OK(status)) {
1713 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1715 existing_dos_attributes = dos_mode(conn, smb_fname);
1719 /* ignore any oplock requests if oplocks are disabled */
1720 if (!lp_oplocks(SNUM(conn)) ||
1721 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
1722 /* Mask off everything except the private Samba bits. */
1723 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1726 /* this is for OS/2 long file names - say we don't support them */
1727 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
1728 /* OS/2 Workplace shell fix may be main code stream in a later
1730 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1732 if (use_nt_status()) {
1733 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1735 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1738 switch( create_disposition ) {
1740 * Currently we're using FILE_SUPERSEDE as the same as
1741 * FILE_OVERWRITE_IF but they really are
1742 * different. FILE_SUPERSEDE deletes an existing file
1743 * (requiring delete access) then recreates it.
1745 case FILE_SUPERSEDE:
1746 /* If file exists replace/overwrite. If file doesn't
1748 flags2 |= (O_CREAT | O_TRUNC);
1752 case FILE_OVERWRITE_IF:
1753 /* If file exists replace/overwrite. If file doesn't
1755 flags2 |= (O_CREAT | O_TRUNC);
1760 /* If file exists open. If file doesn't exist error. */
1761 if (!file_existed) {
1762 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1763 "requested for file %s and file "
1765 smb_fname_str_dbg(smb_fname)));
1767 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1771 case FILE_OVERWRITE:
1772 /* If file exists overwrite. If file doesn't exist
1774 if (!file_existed) {
1775 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1776 "requested for file %s and file "
1778 smb_fname_str_dbg(smb_fname) ));
1780 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1787 /* If file exists error. If file doesn't exist
1790 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1791 "requested for file %s and file "
1792 "already exists.\n",
1793 smb_fname_str_dbg(smb_fname)));
1794 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
1799 return map_nt_error_from_unix(errno);
1801 flags2 |= (O_CREAT|O_EXCL);
1805 /* If file exists open. If file doesn't exist
1811 return NT_STATUS_INVALID_PARAMETER;
1814 /* We only care about matching attributes on file exists and
1817 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1818 (create_disposition == FILE_OVERWRITE_IF))) {
1819 if (!open_match_attributes(conn, existing_dos_attributes,
1821 smb_fname->st.st_ex_mode,
1822 unx_mode, &new_unx_mode)) {
1823 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1824 "for file %s (%x %x) (0%o, 0%o)\n",
1825 smb_fname_str_dbg(smb_fname),
1826 existing_dos_attributes,
1828 (unsigned int)smb_fname->st.st_ex_mode,
1829 (unsigned int)unx_mode ));
1831 return NT_STATUS_ACCESS_DENIED;
1835 status = smbd_calculate_access_mask(conn, smb_fname, file_existed,
1838 if (!NT_STATUS_IS_OK(status)) {
1839 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
1840 "on file %s returned %s\n",
1841 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
1845 open_access_mask = access_mask;
1847 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1848 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1851 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1852 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
1856 * Note that we ignore the append flag as append does not
1857 * mean the same thing under DOS and Unix.
1860 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1861 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1862 /* DENY_DOS opens are always underlying read-write on the
1863 file handle, no matter what the requested access mask
1865 if ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1866 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1876 * Currently we only look at FILE_WRITE_THROUGH for create options.
1880 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1885 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1889 if (!posix_open && !CAN_WRITE(conn)) {
1891 * We should really return a permission denied error if either
1892 * O_CREAT or O_TRUNC are set, but for compatibility with
1893 * older versions of Samba we just AND them out.
1895 flags2 &= ~(O_CREAT|O_TRUNC);
1899 * Ensure we can't write on a read-only share or file.
1902 if (flags != O_RDONLY && file_existed &&
1903 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1904 DEBUG(5,("open_file_ntcreate: write access requested for "
1905 "file %s on read only %s\n",
1906 smb_fname_str_dbg(smb_fname),
1907 !CAN_WRITE(conn) ? "share" : "file" ));
1909 return NT_STATUS_ACCESS_DENIED;
1912 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1913 fsp->share_access = share_access;
1914 fsp->fh->private_options = private_flags;
1915 fsp->access_mask = open_access_mask; /* We change this to the
1916 * requested access_mask after
1917 * the open is done. */
1918 fsp->posix_open = posix_open;
1920 /* Ensure no SAMBA_PRIVATE bits can be set. */
1921 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1923 if (timeval_is_zero(&request_time)) {
1924 request_time = fsp->open_time;
1928 struct byte_range_lock *br_lck = NULL;
1929 struct share_mode_entry *batch_entry = NULL;
1930 struct share_mode_entry *exclusive_entry = NULL;
1931 bool got_level2_oplock = false;
1932 bool got_a_none_oplock = false;
1934 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
1935 id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1937 if (!acquire_ordered_locks(talloc_tos(),
1945 return NT_STATUS_SHARING_VIOLATION;
1948 /* Get the types we need to examine. */
1949 find_oplock_types(fsp,
1955 &got_a_none_oplock);
1957 /* First pass - send break only on batch oplocks. */
1958 if ((req != NULL) &&
1959 delay_for_batch_oplocks(fsp,
1963 schedule_defer_open(lck, request_time, req);
1965 return NT_STATUS_SHARING_VIOLATION;
1968 /* Use the client requested access mask here, not the one we
1970 status = open_mode_check(conn, lck, fsp->name_hash,
1971 access_mask, share_access,
1972 create_options, &file_existed);
1974 if (NT_STATUS_IS_OK(status)) {
1975 /* We might be going to allow this open. Check oplock
1977 /* Second pass - send break for both batch or
1978 * exclusive oplocks. */
1979 if ((req != NULL) &&
1980 delay_for_exclusive_oplocks(
1985 schedule_defer_open(lck, request_time, req);
1987 return NT_STATUS_SHARING_VIOLATION;
1991 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1992 /* DELETE_PENDING is not deferred for a second */
1997 grant_fsp_oplock_type(fsp,
2003 if (!NT_STATUS_IS_OK(status)) {
2004 uint32 can_access_mask;
2005 bool can_access = True;
2007 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
2009 /* Check if this can be done with the deny_dos and fcb
2012 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
2013 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
2015 DEBUG(0, ("DOS open without an SMB "
2018 return NT_STATUS_INTERNAL_ERROR;
2021 /* Use the client requested access mask here,
2022 * not the one we open with. */
2023 status = fcb_or_dos_open(req,
2034 if (NT_STATUS_IS_OK(status)) {
2037 *pinfo = FILE_WAS_OPENED;
2039 return NT_STATUS_OK;
2044 * This next line is a subtlety we need for
2045 * MS-Access. If a file open will fail due to share
2046 * permissions and also for security (access) reasons,
2047 * we need to return the access failed error, not the
2048 * share error. We can't open the file due to kernel
2049 * oplock deadlock (it's possible we failed above on
2050 * the open_mode_check()) so use a userspace check.
2053 if (flags & O_RDWR) {
2054 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
2055 } else if (flags & O_WRONLY) {
2056 can_access_mask = FILE_WRITE_DATA;
2058 can_access_mask = FILE_READ_DATA;
2061 if (((can_access_mask & FILE_WRITE_DATA) &&
2062 !CAN_WRITE(conn)) ||
2063 !can_access_file_data(conn, smb_fname,
2069 * If we're returning a share violation, ensure we
2070 * cope with the braindead 1 second delay.
2073 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
2074 lp_defer_sharing_violations()) {
2075 struct timeval timeout;
2076 struct deferred_open_record state;
2079 /* this is a hack to speed up torture tests
2081 timeout_usecs = lp_parm_int(SNUM(conn),
2082 "smbd","sharedelay",
2083 SHARING_VIOLATION_USEC_WAIT);
2085 /* This is a relative time, added to the absolute
2086 request_time value to get the absolute timeout time.
2087 Note that if this is the second or greater time we enter
2088 this codepath for this particular request mid then
2089 request_time is left as the absolute time of the *first*
2090 time this request mid was processed. This is what allows
2091 the request to eventually time out. */
2093 timeout = timeval_set(0, timeout_usecs);
2095 /* Nothing actually uses state.delayed_for_oplocks
2096 but it's handy to differentiate in debug messages
2097 between a 30 second delay due to oplock break, and
2098 a 1 second delay for share mode conflicts. */
2100 state.delayed_for_oplocks = False;
2104 && !request_timed_out(request_time,
2106 defer_open(lck, request_time, timeout,
2114 * We have detected a sharing violation here
2115 * so return the correct error code
2117 status = NT_STATUS_SHARING_VIOLATION;
2119 status = NT_STATUS_ACCESS_DENIED;
2125 * We exit this block with the share entry *locked*.....
2129 SMB_ASSERT(!file_existed || (lck != NULL));
2132 * Ensure we pay attention to default ACLs on directories if required.
2135 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
2136 (def_acl = directory_has_default_acl(conn, parent_dir))) {
2137 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
2140 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2141 "access_mask = 0x%x, open_access_mask = 0x%x\n",
2142 (unsigned int)flags, (unsigned int)flags2,
2143 (unsigned int)unx_mode, (unsigned int)access_mask,
2144 (unsigned int)open_access_mask));
2147 * open_file strips any O_TRUNC flags itself.
2150 fsp_open = open_file(fsp, conn, req, parent_dir,
2151 flags|flags2, unx_mode, access_mask,
2154 if (!NT_STATUS_IS_OK(fsp_open)) {
2159 if (!file_existed) {
2160 struct byte_range_lock *br_lck = NULL;
2161 struct share_mode_entry *batch_entry = NULL;
2162 struct share_mode_entry *exclusive_entry = NULL;
2163 bool got_level2_oplock = false;
2164 bool got_a_none_oplock = false;
2165 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
2167 * Deal with the race condition where two smbd's detect the
2168 * file doesn't exist and do the create at the same time. One
2169 * of them will win and set a share mode, the other (ie. this
2170 * one) should check if the requested share mode for this
2171 * create is allowed.
2175 * Now the file exists and fsp is successfully opened,
2176 * fsp->dev and fsp->inode are valid and should replace the
2177 * dev=0,inode=0 from a non existent file. Spotted by
2178 * Nadav Danieli <nadavd@exanet.com>. JRA.
2183 if (!acquire_ordered_locks(talloc_tos(),
2191 return NT_STATUS_SHARING_VIOLATION;
2194 /* Get the types we need to examine. */
2195 find_oplock_types(fsp,
2201 &got_a_none_oplock);
2203 /* First pass - send break only on batch oplocks. */
2204 if ((req != NULL) &&
2205 delay_for_batch_oplocks(fsp,
2209 schedule_defer_open(lck, request_time, req);
2212 return NT_STATUS_SHARING_VIOLATION;
2215 status = open_mode_check(conn, lck, fsp->name_hash,
2216 access_mask, share_access,
2217 create_options, &file_existed);
2219 if (NT_STATUS_IS_OK(status)) {
2220 /* We might be going to allow this open. Check oplock
2222 /* Second pass - send break for both batch or
2223 * exclusive oplocks. */
2224 if ((req != NULL) &&
2225 delay_for_exclusive_oplocks(
2230 schedule_defer_open(lck, request_time, req);
2233 return NT_STATUS_SHARING_VIOLATION;
2237 if (!NT_STATUS_IS_OK(status)) {
2238 struct deferred_open_record state;
2240 state.delayed_for_oplocks = False;
2243 /* Do it all over again immediately. In the second
2244 * round we will find that the file existed and handle
2245 * the DELETE_PENDING and FCB cases correctly. No need
2246 * to duplicate the code here. Essentially this is a
2247 * "goto top of this function", but don't tell
2251 defer_open(lck, request_time, timeval_zero(),
2259 grant_fsp_oplock_type(fsp,
2266 * We exit this block with the share entry *locked*.....
2271 SMB_ASSERT(lck != NULL);
2273 /* Delete streams if create_disposition requires it */
2274 if (file_existed && clear_ads &&
2275 !is_ntfs_stream_smb_fname(smb_fname)) {
2276 status = delete_all_streams(conn, smb_fname->base_name);
2277 if (!NT_STATUS_IS_OK(status)) {
2284 /* note that we ignore failure for the following. It is
2285 basically a hack for NFS, and NFS will never set one of
2286 these only read them. Nobody but Samba can ever set a deny
2287 mode and we have already checked our more authoritative
2288 locking database for permission to set this deny mode. If
2289 the kernel refuses the operations then the kernel is wrong.
2290 note that GPFS supports it as well - jmcd */
2292 if (fsp->fh->fd != -1) {
2294 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
2295 if(ret_flock == -1 ){
2300 return NT_STATUS_SHARING_VIOLATION;
2305 * At this point onwards, we can guarentee that the share entry
2306 * is locked, whether we created the file or not, and that the
2307 * deny mode is compatible with all current opens.
2311 * If requested, truncate the file.
2314 if (file_existed && (flags2&O_TRUNC)) {
2316 * We are modifing the file after open - update the stat
2319 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2320 (SMB_VFS_FSTAT(fsp, &smb_fname->st)==-1)) {
2321 status = map_nt_error_from_unix(errno);
2329 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2330 * but we don't have to store this - just ignore it on access check.
2332 if (conn->sconn->using_smb2) {
2334 * SMB2 doesn't return it (according to Microsoft tests).
2335 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
2336 * File created with access = 0x7 (Read, Write, Delete)
2337 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
2339 fsp->access_mask = access_mask;
2341 /* But SMB1 does. */
2342 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2346 /* stat opens on existing files don't get oplocks. */
2347 if (is_stat_open(open_access_mask)) {
2348 fsp->oplock_type = NO_OPLOCK;
2351 if (!(flags2 & O_TRUNC)) {
2352 info = FILE_WAS_OPENED;
2354 info = FILE_WAS_OVERWRITTEN;
2357 info = FILE_WAS_CREATED;
2365 * Setup the oplock info in both the shared memory and
2369 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2371 * Could not get the kernel oplock or there are byte-range
2372 * locks on the file.
2374 fsp->oplock_type = NO_OPLOCK;
2377 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2378 new_file_created = True;
2381 set_share_mode(lck, fsp, get_current_uid(conn),
2385 /* Handle strange delete on close create semantics. */
2386 if (create_options & FILE_DELETE_ON_CLOSE) {
2388 status = can_set_delete_on_close(fsp, new_dos_attributes);
2390 if (!NT_STATUS_IS_OK(status)) {
2391 /* Remember to delete the mode we just added. */
2392 del_share_mode(lck, fsp);
2397 /* Note that here we set the *inital* delete on close flag,
2398 not the regular one. The magic gets handled in close. */
2399 fsp->initial_delete_on_close = True;
2402 if (new_file_created) {
2403 /* Files should be initially set as archive */
2404 if (lp_map_archive(SNUM(conn)) ||
2405 lp_store_dos_attributes(SNUM(conn))) {
2407 if (file_set_dosmode(conn, smb_fname,
2408 new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
2409 parent_dir, true) == 0) {
2410 unx_mode = smb_fname->st.st_ex_mode;
2416 /* Determine sparse flag. */
2418 /* POSIX opens are sparse by default. */
2419 fsp->is_sparse = true;
2421 fsp->is_sparse = (file_existed &&
2422 (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE));
2426 * Take care of inherited ACLs on created files - if default ACL not
2430 if (!posix_open && !file_existed && !def_acl) {
2432 int saved_errno = errno; /* We might get ENOSYS in the next
2435 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2437 errno = saved_errno; /* Ignore ENOSYS */
2440 } else if (new_unx_mode) {
2444 /* Attributes need changing. File already existed. */
2447 int saved_errno = errno; /* We might get ENOSYS in the
2449 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2451 if (ret == -1 && errno == ENOSYS) {
2452 errno = saved_errno; /* Ignore ENOSYS */
2454 DEBUG(5, ("open_file_ntcreate: reset "
2455 "attributes of file %s to 0%o\n",
2456 smb_fname_str_dbg(smb_fname),
2457 (unsigned int)new_unx_mode));
2458 ret = 0; /* Don't do the fchmod below. */
2463 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2464 DEBUG(5, ("open_file_ntcreate: failed to reset "
2465 "attributes of file %s to 0%o\n",
2466 smb_fname_str_dbg(smb_fname),
2467 (unsigned int)new_unx_mode));
2470 /* If this is a successful open, we must remove any deferred open
2473 del_deferred_open_entry(lck, req->mid,
2474 sconn_server_id(req->sconn));
2478 return NT_STATUS_OK;
2482 /****************************************************************************
2483 Open a file for for write to ensure that we can fchmod it.
2484 ****************************************************************************/
2486 NTSTATUS open_file_fchmod(connection_struct *conn,
2487 struct smb_filename *smb_fname,
2488 files_struct **result)
2490 if (!VALID_STAT(smb_fname->st)) {
2491 return NT_STATUS_INVALID_PARAMETER;
2494 return SMB_VFS_CREATE_FILE(
2497 0, /* root_dir_fid */
2498 smb_fname, /* fname */
2499 FILE_WRITE_DATA, /* access_mask */
2500 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2502 FILE_OPEN, /* create_disposition*/
2503 0, /* create_options */
2504 0, /* file_attributes */
2505 INTERNAL_OPEN_ONLY, /* oplock_request */
2506 0, /* allocation_size */
2507 0, /* private_flags */
2510 result, /* result */
2514 static NTSTATUS mkdir_internal(connection_struct *conn,
2515 struct smb_filename *smb_dname,
2516 uint32 file_attributes)
2519 char *parent_dir = NULL;
2521 bool posix_open = false;
2522 bool need_re_stat = false;
2523 uint32_t access_mask = SEC_DIR_ADD_SUBDIR;
2525 if(access_mask & ~(conn->share_access)) {
2526 DEBUG(5,("mkdir_internal: failing share access "
2527 "%s\n", lp_servicename(SNUM(conn))));
2528 return NT_STATUS_ACCESS_DENIED;
2531 status = check_name(conn, smb_dname->base_name);
2532 if (!NT_STATUS_IS_OK(status)) {
2536 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2538 return NT_STATUS_NO_MEMORY;
2541 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2543 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2545 mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, smb_dname, parent_dir);
2548 status = check_parent_access(conn,
2553 if(!NT_STATUS_IS_OK(status)) {
2554 DEBUG(5,("mkdir_internal: check_parent_access "
2555 "on directory %s for path %s returned %s\n",
2557 smb_dname->base_name,
2558 nt_errstr(status) ));
2562 if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2563 return map_nt_error_from_unix(errno);
2566 /* Ensure we're checking for a symlink here.... */
2567 /* We don't want to get caught by a symlink racer. */
2569 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2570 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2571 smb_fname_str_dbg(smb_dname), strerror(errno)));
2572 return map_nt_error_from_unix(errno);
2575 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2576 DEBUG(0, ("Directory '%s' just created is not a directory !\n",
2577 smb_fname_str_dbg(smb_dname)));
2578 return NT_STATUS_NOT_A_DIRECTORY;
2581 if (lp_store_dos_attributes(SNUM(conn))) {
2583 file_set_dosmode(conn, smb_dname,
2584 file_attributes | FILE_ATTRIBUTE_DIRECTORY,
2589 if (lp_inherit_perms(SNUM(conn))) {
2590 inherit_access_posix_acl(conn, parent_dir,
2591 smb_dname->base_name, mode);
2592 need_re_stat = true;
2597 * Check if high bits should have been set,
2598 * then (if bits are missing): add them.
2599 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2602 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2603 (mode & ~smb_dname->st.st_ex_mode)) {
2604 SMB_VFS_CHMOD(conn, smb_dname->base_name,
2605 (smb_dname->st.st_ex_mode |
2606 (mode & ~smb_dname->st.st_ex_mode)));
2607 need_re_stat = true;
2611 /* Change the owner if required. */
2612 if (lp_inherit_owner(SNUM(conn))) {
2613 change_dir_owner_to_parent(conn, parent_dir,
2614 smb_dname->base_name,
2616 need_re_stat = true;
2620 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2621 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2622 smb_fname_str_dbg(smb_dname), strerror(errno)));
2623 return map_nt_error_from_unix(errno);
2627 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2628 smb_dname->base_name);
2630 return NT_STATUS_OK;
2633 /****************************************************************************
2634 Ensure we didn't get symlink raced on opening a directory.
2635 ****************************************************************************/
2637 bool check_same_stat(const SMB_STRUCT_STAT *sbuf1,
2638 const SMB_STRUCT_STAT *sbuf2)
2640 if (sbuf1->st_ex_uid != sbuf2->st_ex_uid ||
2641 sbuf1->st_ex_gid != sbuf2->st_ex_gid ||
2642 sbuf1->st_ex_dev != sbuf2->st_ex_dev ||
2643 sbuf1->st_ex_ino != sbuf2->st_ex_ino) {
2649 /****************************************************************************
2650 Open a directory from an NT SMB call.
2651 ****************************************************************************/
2653 static NTSTATUS open_directory(connection_struct *conn,
2654 struct smb_request *req,
2655 struct smb_filename *smb_dname,
2657 uint32 share_access,
2658 uint32 create_disposition,
2659 uint32 create_options,
2660 uint32 file_attributes,
2662 files_struct **result)
2664 files_struct *fsp = NULL;
2665 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
2666 struct share_mode_lock *lck = NULL;
2668 struct timespec mtimespec;
2671 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
2673 /* Ensure we have a directory attribute. */
2674 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
2676 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2677 "share_access = 0x%x create_options = 0x%x, "
2678 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2679 smb_fname_str_dbg(smb_dname),
2680 (unsigned int)access_mask,
2681 (unsigned int)share_access,
2682 (unsigned int)create_options,
2683 (unsigned int)create_disposition,
2684 (unsigned int)file_attributes));
2686 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2687 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2688 is_ntfs_stream_smb_fname(smb_dname)) {
2689 DEBUG(2, ("open_directory: %s is a stream name!\n",
2690 smb_fname_str_dbg(smb_dname)));
2691 return NT_STATUS_NOT_A_DIRECTORY;
2694 status = smbd_calculate_access_mask(conn, smb_dname, dir_existed,
2695 access_mask, &access_mask);
2696 if (!NT_STATUS_IS_OK(status)) {
2697 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
2698 "on file %s returned %s\n",
2699 smb_fname_str_dbg(smb_dname),
2700 nt_errstr(status)));
2704 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2705 !security_token_has_privilege(get_current_nttok(conn),
2706 SEC_PRIV_SECURITY)) {
2707 DEBUG(10, ("open_directory: open on %s "
2708 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2709 smb_fname_str_dbg(smb_dname)));
2710 return NT_STATUS_PRIVILEGE_NOT_HELD;
2713 switch( create_disposition ) {
2717 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2720 info = FILE_WAS_OPENED;
2725 /* If directory exists error. If directory doesn't
2729 status = NT_STATUS_OBJECT_NAME_COLLISION;
2730 DEBUG(2, ("open_directory: unable to create "
2731 "%s. Error was %s\n",
2732 smb_fname_str_dbg(smb_dname),
2733 nt_errstr(status)));
2737 status = mkdir_internal(conn, smb_dname,
2740 if (!NT_STATUS_IS_OK(status)) {
2741 DEBUG(2, ("open_directory: unable to create "
2742 "%s. Error was %s\n",
2743 smb_fname_str_dbg(smb_dname),
2744 nt_errstr(status)));
2748 info = FILE_WAS_CREATED;
2753 * If directory exists open. If directory doesn't
2758 status = NT_STATUS_OK;
2759 info = FILE_WAS_OPENED;
2761 status = mkdir_internal(conn, smb_dname,
2764 if (NT_STATUS_IS_OK(status)) {
2765 info = FILE_WAS_CREATED;
2767 /* Cope with create race. */
2768 if (!NT_STATUS_EQUAL(status,
2769 NT_STATUS_OBJECT_NAME_COLLISION)) {
2770 DEBUG(2, ("open_directory: unable to create "
2771 "%s. Error was %s\n",
2772 smb_fname_str_dbg(smb_dname),
2773 nt_errstr(status)));
2776 info = FILE_WAS_OPENED;
2782 case FILE_SUPERSEDE:
2783 case FILE_OVERWRITE:
2784 case FILE_OVERWRITE_IF:
2786 DEBUG(5,("open_directory: invalid create_disposition "
2787 "0x%x for directory %s\n",
2788 (unsigned int)create_disposition,
2789 smb_fname_str_dbg(smb_dname)));
2790 return NT_STATUS_INVALID_PARAMETER;
2793 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
2794 DEBUG(5,("open_directory: %s is not a directory !\n",
2795 smb_fname_str_dbg(smb_dname)));
2796 return NT_STATUS_NOT_A_DIRECTORY;
2799 if (info == FILE_WAS_OPENED) {
2800 uint32_t access_granted = 0;
2801 status = smbd_check_open_rights(conn, smb_dname, access_mask,
2804 /* Were we trying to do a directory open
2805 * for delete and didn't get DELETE
2806 * access (only) ? Check if the
2807 * directory allows DELETE_CHILD.
2809 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
2812 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
2813 parent_override_delete(conn,
2817 DEBUG(10,("open_directory: overrode ACCESS_DENIED "
2818 "on directory %s\n",
2819 smb_fname_str_dbg(smb_dname)));
2820 status = NT_STATUS_OK;
2823 if (!NT_STATUS_IS_OK(status)) {
2824 DEBUG(10, ("open_directory: smbd_check_open_rights on "
2825 "file %s failed with %s\n",
2826 smb_fname_str_dbg(smb_dname),
2827 nt_errstr(status)));
2832 status = file_new(req, conn, &fsp);
2833 if(!NT_STATUS_IS_OK(status)) {
2838 * Setup the files_struct for it.
2841 fsp->mode = smb_dname->st.st_ex_mode;
2842 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
2843 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2844 fsp->file_pid = req ? req->smbpid : 0;
2845 fsp->can_lock = False;
2846 fsp->can_read = False;
2847 fsp->can_write = False;
2849 fsp->share_access = share_access;
2850 fsp->fh->private_options = 0;
2852 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2854 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2855 fsp->print_file = NULL;
2856 fsp->modified = False;
2857 fsp->oplock_type = NO_OPLOCK;
2858 fsp->sent_oplock_break = NO_BREAK_SENT;
2859 fsp->is_directory = True;
2860 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2861 status = fsp_set_smb_fname(fsp, smb_dname);
2862 if (!NT_STATUS_IS_OK(status)) {
2863 file_free(req, fsp);
2867 mtimespec = smb_dname->st.st_ex_mtime;
2870 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
2872 /* POSIX allows us to open a directory with O_RDONLY. */
2873 status = fd_open(conn, fsp, O_RDONLY, 0);
2875 if (!NT_STATUS_IS_OK(status)) {
2876 DEBUG(5, ("open_directory: Could not open fd for "
2878 smb_fname_str_dbg(smb_dname),
2879 nt_errstr(status)));
2880 file_free(req, fsp);
2884 status = vfs_stat_fsp(fsp);
2885 if (!NT_STATUS_IS_OK(status)) {
2887 file_free(req, fsp);
2891 /* Ensure there was no race condition. */
2892 if (!check_same_stat(&smb_dname->st, &fsp->fsp_name->st)) {
2893 DEBUG(5,("open_directory: stat struct differs for "
2895 smb_fname_str_dbg(smb_dname)));
2897 file_free(req, fsp);
2898 return NT_STATUS_ACCESS_DENIED;
2901 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2902 conn->connectpath, smb_dname, &mtimespec);
2905 DEBUG(0, ("open_directory: Could not get share mode lock for "
2906 "%s\n", smb_fname_str_dbg(smb_dname)));
2908 file_free(req, fsp);
2909 return NT_STATUS_SHARING_VIOLATION;
2912 status = open_mode_check(conn, lck, fsp->name_hash,
2913 access_mask, share_access,
2914 create_options, &dir_existed);
2916 if (!NT_STATUS_IS_OK(status)) {
2919 file_free(req, fsp);
2923 set_share_mode(lck, fsp, get_current_uid(conn),
2924 req ? req->mid : 0, NO_OPLOCK);
2926 /* For directories the delete on close bit at open time seems
2927 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2928 if (create_options & FILE_DELETE_ON_CLOSE) {
2929 status = can_set_delete_on_close(fsp, 0);
2930 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2933 file_free(req, fsp);
2937 if (NT_STATUS_IS_OK(status)) {
2938 /* Note that here we set the *inital* delete on close flag,
2939 not the regular one. The magic gets handled in close. */
2940 fsp->initial_delete_on_close = True;
2951 return NT_STATUS_OK;
2954 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
2955 struct smb_filename *smb_dname)
2960 status = SMB_VFS_CREATE_FILE(
2963 0, /* root_dir_fid */
2964 smb_dname, /* fname */
2965 FILE_READ_ATTRIBUTES, /* access_mask */
2966 FILE_SHARE_NONE, /* share_access */
2967 FILE_CREATE, /* create_disposition*/
2968 FILE_DIRECTORY_FILE, /* create_options */
2969 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
2970 0, /* oplock_request */
2971 0, /* allocation_size */
2972 0, /* private_flags */
2978 if (NT_STATUS_IS_OK(status)) {
2979 close_file(req, fsp, NORMAL_CLOSE);
2985 /****************************************************************************
2986 Receive notification that one of our open files has been renamed by another
2988 ****************************************************************************/
2990 void msg_file_was_renamed(struct messaging_context *msg,
2993 struct server_id server_id,
2996 struct smbd_server_connection *sconn;
2998 char *frm = (char *)data->data;
3000 const char *sharepath;
3001 const char *base_name;
3002 const char *stream_name;
3003 struct smb_filename *smb_fname = NULL;
3004 size_t sp_len, bn_len;
3007 sconn = msg_ctx_to_sconn(msg);
3008 if (sconn == NULL) {
3009 DEBUG(1, ("could not find sconn\n"));
3013 if (data->data == NULL
3014 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
3015 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
3016 (int)data->length));
3020 /* Unpack the message. */
3021 pull_file_id_24(frm, &id);
3022 sharepath = &frm[24];
3023 sp_len = strlen(sharepath);
3024 base_name = sharepath + sp_len + 1;
3025 bn_len = strlen(base_name);
3026 stream_name = sharepath + sp_len + 1 + bn_len + 1;
3028 /* stream_name must always be NULL if there is no stream. */
3029 if (stream_name[0] == '\0') {
3033 status = create_synthetic_smb_fname(talloc_tos(), base_name,
3034 stream_name, NULL, &smb_fname);
3035 if (!NT_STATUS_IS_OK(status)) {
3039 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
3041 sharepath, smb_fname_str_dbg(smb_fname),
3042 file_id_string_tos(&id)));
3044 for(fsp = file_find_di_first(sconn, id); fsp;
3045 fsp = file_find_di_next(fsp)) {
3046 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
3048 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
3049 fsp->fnum, fsp_str_dbg(fsp),
3050 smb_fname_str_dbg(smb_fname)));
3051 status = fsp_set_smb_fname(fsp, smb_fname);
3052 if (!NT_STATUS_IS_OK(status)) {
3057 /* Now we have the complete path we can work out if this is
3058 actually within this share and adjust newname accordingly. */
3059 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
3060 "not sharepath %s) "
3061 "fnum %d from %s -> %s\n",
3062 fsp->conn->connectpath,
3066 smb_fname_str_dbg(smb_fname)));
3070 TALLOC_FREE(smb_fname);
3075 * If a main file is opened for delete, all streams need to be checked for
3076 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
3077 * If that works, delete them all by setting the delete on close and close.
3080 NTSTATUS open_streams_for_delete(connection_struct *conn,
3083 struct stream_struct *stream_info = NULL;
3084 files_struct **streams = NULL;
3086 unsigned int num_streams = 0;
3087 TALLOC_CTX *frame = talloc_stackframe();
3090 status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
3091 &num_streams, &stream_info);
3093 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
3094 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
3095 DEBUG(10, ("no streams around\n"));
3097 return NT_STATUS_OK;
3100 if (!NT_STATUS_IS_OK(status)) {
3101 DEBUG(10, ("vfs_streaminfo failed: %s\n",
3102 nt_errstr(status)));
3106 DEBUG(10, ("open_streams_for_delete found %d streams\n",
3109 if (num_streams == 0) {
3111 return NT_STATUS_OK;
3114 streams = talloc_array(talloc_tos(), files_struct *, num_streams);
3115 if (streams == NULL) {
3116 DEBUG(0, ("talloc failed\n"));
3117 status = NT_STATUS_NO_MEMORY;
3121 for (i=0; i<num_streams; i++) {
3122 struct smb_filename *smb_fname = NULL;
3124 if (strequal(stream_info[i].name, "::$DATA")) {
3129 status = create_synthetic_smb_fname(talloc_tos(), fname,
3130 stream_info[i].name,
3132 if (!NT_STATUS_IS_OK(status)) {
3136 if (SMB_VFS_STAT(conn, smb_fname) == -1) {
3137 DEBUG(10, ("Unable to stat stream: %s\n",
3138 smb_fname_str_dbg(smb_fname)));
3141 status = SMB_VFS_CREATE_FILE(
3144 0, /* root_dir_fid */
3145 smb_fname, /* fname */
3146 DELETE_ACCESS, /* access_mask */
3147 (FILE_SHARE_READ | /* share_access */
3148 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
3149 FILE_OPEN, /* create_disposition*/
3150 0, /* create_options */
3151 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
3152 0, /* oplock_request */
3153 0, /* allocation_size */
3154 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
3157 &streams[i], /* result */
3160 if (!NT_STATUS_IS_OK(status)) {
3161 DEBUG(10, ("Could not open stream %s: %s\n",
3162 smb_fname_str_dbg(smb_fname),
3163 nt_errstr(status)));
3165 TALLOC_FREE(smb_fname);
3168 TALLOC_FREE(smb_fname);
3172 * don't touch the variable "status" beyond this point :-)
3175 for (i -= 1 ; i >= 0; i--) {
3176 if (streams[i] == NULL) {
3180 DEBUG(10, ("Closing stream # %d, %s\n", i,
3181 fsp_str_dbg(streams[i])));
3182 close_file(NULL, streams[i], NORMAL_CLOSE);
3191 * Wrapper around open_file_ntcreate and open_directory
3194 static NTSTATUS create_file_unixpath(connection_struct *conn,
3195 struct smb_request *req,
3196 struct smb_filename *smb_fname,
3197 uint32_t access_mask,
3198 uint32_t share_access,
3199 uint32_t create_disposition,
3200 uint32_t create_options,
3201 uint32_t file_attributes,
3202 uint32_t oplock_request,
3203 uint64_t allocation_size,
3204 uint32_t private_flags,
3205 struct security_descriptor *sd,
3206 struct ea_list *ea_list,
3208 files_struct **result,
3211 int info = FILE_WAS_OPENED;
3212 files_struct *base_fsp = NULL;
3213 files_struct *fsp = NULL;
3216 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
3217 "file_attributes = 0x%x, share_access = 0x%x, "
3218 "create_disposition = 0x%x create_options = 0x%x "
3219 "oplock_request = 0x%x private_flags = 0x%x "
3220 "ea_list = 0x%p, sd = 0x%p, "
3222 (unsigned int)access_mask,
3223 (unsigned int)file_attributes,
3224 (unsigned int)share_access,
3225 (unsigned int)create_disposition,
3226 (unsigned int)create_options,
3227 (unsigned int)oplock_request,
3228 (unsigned int)private_flags,
3229 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3231 if (create_options & FILE_OPEN_BY_FILE_ID) {
3232 status = NT_STATUS_NOT_SUPPORTED;
3236 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
3237 status = NT_STATUS_INVALID_PARAMETER;
3242 oplock_request |= INTERNAL_OPEN_ONLY;
3245 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3246 && (access_mask & DELETE_ACCESS)
3247 && !is_ntfs_stream_smb_fname(smb_fname)) {
3249 * We can't open a file with DELETE access if any of the
3250 * streams is open without FILE_SHARE_DELETE
3252 status = open_streams_for_delete(conn, smb_fname->base_name);
3254 if (!NT_STATUS_IS_OK(status)) {
3259 /* This is the correct thing to do (check every time) but can_delete
3260 * is expensive (it may have to read the parent directory
3261 * permissions). So for now we're not doing it unless we have a strong
3262 * hint the client is really going to delete this file. If the client
3263 * is forcing FILE_CREATE let the filesystem take care of the
3266 /* Setting FILE_SHARE_DELETE is the hint. */
3268 if ((create_disposition != FILE_CREATE)
3269 && (access_mask & DELETE_ACCESS)
3270 && (!(can_delete_file_in_directory(conn, smb_fname) ||
3271 can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {
3272 status = NT_STATUS_ACCESS_DENIED;
3273 DEBUG(10,("create_file_unixpath: open file %s "
3274 "for delete ACCESS_DENIED\n",
3275 smb_fname_str_dbg(smb_fname)));
3279 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
3280 !security_token_has_privilege(get_current_nttok(conn),
3281 SEC_PRIV_SECURITY)) {
3282 DEBUG(10, ("create_file_unixpath: open on %s "
3283 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3284 smb_fname_str_dbg(smb_fname)));
3285 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3289 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3290 && is_ntfs_stream_smb_fname(smb_fname)
3291 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
3292 uint32 base_create_disposition;
3293 struct smb_filename *smb_fname_base = NULL;
3295 if (create_options & FILE_DIRECTORY_FILE) {
3296 status = NT_STATUS_NOT_A_DIRECTORY;
3300 switch (create_disposition) {
3302 base_create_disposition = FILE_OPEN;
3305 base_create_disposition = FILE_OPEN_IF;
3309 /* Create an smb_filename with stream_name == NULL. */
3310 status = create_synthetic_smb_fname(talloc_tos(),
3311 smb_fname->base_name,
3314 if (!NT_STATUS_IS_OK(status)) {
3318 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
3319 DEBUG(10, ("Unable to stat stream: %s\n",
3320 smb_fname_str_dbg(smb_fname_base)));
3323 /* Open the base file. */
3324 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
3327 | FILE_SHARE_DELETE,
3328 base_create_disposition,
3329 0, 0, 0, 0, 0, NULL, NULL,
3331 TALLOC_FREE(smb_fname_base);
3333 if (!NT_STATUS_IS_OK(status)) {
3334 DEBUG(10, ("create_file_unixpath for base %s failed: "
3335 "%s\n", smb_fname->base_name,
3336 nt_errstr(status)));
3339 /* we don't need to low level fd */
3344 * If it's a request for a directory open, deal with it separately.
3347 if (create_options & FILE_DIRECTORY_FILE) {
3349 if (create_options & FILE_NON_DIRECTORY_FILE) {
3350 status = NT_STATUS_INVALID_PARAMETER;
3354 /* Can't open a temp directory. IFS kit test. */
3355 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
3356 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
3357 status = NT_STATUS_INVALID_PARAMETER;
3362 * We will get a create directory here if the Win32
3363 * app specified a security descriptor in the
3364 * CreateDirectory() call.
3368 status = open_directory(
3369 conn, req, smb_fname, access_mask, share_access,
3370 create_disposition, create_options, file_attributes,
3375 * Ordinary file case.
3378 status = file_new(req, conn, &fsp);
3379 if(!NT_STATUS_IS_OK(status)) {
3383 status = fsp_set_smb_fname(fsp, smb_fname);
3384 if (!NT_STATUS_IS_OK(status)) {
3389 * We're opening the stream element of a base_fsp
3390 * we already opened. Set up the base_fsp pointer.
3393 fsp->base_fsp = base_fsp;
3396 status = open_file_ntcreate(conn,
3408 if(!NT_STATUS_IS_OK(status)) {
3409 file_free(req, fsp);
3413 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3415 /* A stream open never opens a directory */
3418 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3423 * Fail the open if it was explicitly a non-directory
3427 if (create_options & FILE_NON_DIRECTORY_FILE) {
3428 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3433 status = open_directory(
3434 conn, req, smb_fname, access_mask,
3435 share_access, create_disposition,
3436 create_options, file_attributes,
3441 if (!NT_STATUS_IS_OK(status)) {
3445 fsp->base_fsp = base_fsp;
3448 * According to the MS documentation, the only time the security
3449 * descriptor is applied to the opened file is iff we *created* the
3450 * file; an existing file stays the same.
3452 * Also, it seems (from observation) that you can open the file with
3453 * any access mask but you can still write the sd. We need to override
3454 * the granted access before we call set_sd
3455 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3458 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3459 && lp_nt_acl_support(SNUM(conn))) {
3461 uint32_t sec_info_sent;
3462 uint32_t saved_access_mask = fsp->access_mask;
3464 sec_info_sent = get_sec_info(sd);
3466 fsp->access_mask = FILE_GENERIC_ALL;
3468 /* Convert all the generic bits. */
3469 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3470 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3472 if (sec_info_sent & (SECINFO_OWNER|
3476 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3479 fsp->access_mask = saved_access_mask;
3481 if (!NT_STATUS_IS_OK(status)) {
3486 if ((ea_list != NULL) &&
3487 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
3488 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
3489 if (!NT_STATUS_IS_OK(status)) {
3494 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
3495 status = NT_STATUS_ACCESS_DENIED;
3499 /* Save the requested allocation size. */
3500 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3502 && (allocation_size > fsp->fsp_name->st.st_ex_size)) {
3503 fsp->initial_allocation_size = smb_roundup(
3504 fsp->conn, allocation_size);
3505 if (fsp->is_directory) {
3506 /* Can't set allocation size on a directory. */
3507 status = NT_STATUS_ACCESS_DENIED;
3510 if (vfs_allocate_file_space(
3511 fsp, fsp->initial_allocation_size) == -1) {
3512 status = NT_STATUS_DISK_FULL;
3516 fsp->initial_allocation_size = smb_roundup(
3517 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
3521 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3524 if (pinfo != NULL) {
3528 smb_fname->st = fsp->fsp_name->st;
3530 return NT_STATUS_OK;
3533 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3536 if (base_fsp && fsp->base_fsp == base_fsp) {
3538 * The close_file below will close
3543 close_file(req, fsp, ERROR_CLOSE);
3546 if (base_fsp != NULL) {
3547 close_file(req, base_fsp, ERROR_CLOSE);
3554 * Calculate the full path name given a relative fid.
3556 NTSTATUS get_relative_fid_filename(connection_struct *conn,
3557 struct smb_request *req,
3558 uint16_t root_dir_fid,
3559 const struct smb_filename *smb_fname,
3560 struct smb_filename **smb_fname_out)
3562 files_struct *dir_fsp;
3563 char *parent_fname = NULL;
3564 char *new_base_name = NULL;
3567 if (root_dir_fid == 0 || !smb_fname) {
3568 status = NT_STATUS_INTERNAL_ERROR;
3572 dir_fsp = file_fsp(req, root_dir_fid);
3574 if (dir_fsp == NULL) {
3575 status = NT_STATUS_INVALID_HANDLE;
3579 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
3580 status = NT_STATUS_INVALID_HANDLE;
3584 if (!dir_fsp->is_directory) {
3587 * Check to see if this is a mac fork of some kind.
3590 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3591 is_ntfs_stream_smb_fname(smb_fname)) {
3592 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3597 we need to handle the case when we get a
3598 relative open relative to a file and the
3599 pathname is blank - this is a reopen!
3600 (hint from demyn plantenberg)
3603 status = NT_STATUS_INVALID_HANDLE;
3607 if (ISDOT(dir_fsp->fsp_name->base_name)) {
3609 * We're at the toplevel dir, the final file name
3610 * must not contain ./, as this is filtered out
3611 * normally by srvstr_get_path and unix_convert
3612 * explicitly rejects paths containing ./.
3614 parent_fname = talloc_strdup(talloc_tos(), "");
3615 if (parent_fname == NULL) {
3616 status = NT_STATUS_NO_MEMORY;
3620 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
3623 * Copy in the base directory name.
3626 parent_fname = talloc_array(talloc_tos(), char,
3628 if (parent_fname == NULL) {
3629 status = NT_STATUS_NO_MEMORY;
3632 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
3636 * Ensure it ends in a '/'.
3637 * We used TALLOC_SIZE +2 to add space for the '/'.
3641 && (parent_fname[dir_name_len-1] != '\\')
3642 && (parent_fname[dir_name_len-1] != '/')) {
3643 parent_fname[dir_name_len] = '/';
3644 parent_fname[dir_name_len+1] = '\0';
3648 new_base_name = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3649 smb_fname->base_name);
3650 if (new_base_name == NULL) {
3651 status = NT_STATUS_NO_MEMORY;
3655 status = filename_convert(req,
3657 req->flags2 & FLAGS2_DFS_PATHNAMES,
3662 if (!NT_STATUS_IS_OK(status)) {
3667 TALLOC_FREE(parent_fname);
3668 TALLOC_FREE(new_base_name);
3672 NTSTATUS create_file_default(connection_struct *conn,
3673 struct smb_request *req,
3674 uint16_t root_dir_fid,
3675 struct smb_filename *smb_fname,
3676 uint32_t access_mask,
3677 uint32_t share_access,
3678 uint32_t create_disposition,
3679 uint32_t create_options,
3680 uint32_t file_attributes,
3681 uint32_t oplock_request,
3682 uint64_t allocation_size,
3683 uint32_t private_flags,
3684 struct security_descriptor *sd,
3685 struct ea_list *ea_list,
3686 files_struct **result,
3689 int info = FILE_WAS_OPENED;
3690 files_struct *fsp = NULL;
3692 bool stream_name = false;
3694 DEBUG(10,("create_file: access_mask = 0x%x "
3695 "file_attributes = 0x%x, share_access = 0x%x, "
3696 "create_disposition = 0x%x create_options = 0x%x "
3697 "oplock_request = 0x%x "
3698 "private_flags = 0x%x "
3699 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3701 (unsigned int)access_mask,
3702 (unsigned int)file_attributes,
3703 (unsigned int)share_access,
3704 (unsigned int)create_disposition,
3705 (unsigned int)create_options,
3706 (unsigned int)oplock_request,
3707 (unsigned int)private_flags,
3708 (unsigned int)root_dir_fid,
3709 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3712 * Calculate the filename from the root_dir_if if necessary.
3715 if (root_dir_fid != 0) {
3716 struct smb_filename *smb_fname_out = NULL;
3717 status = get_relative_fid_filename(conn, req, root_dir_fid,
3718 smb_fname, &smb_fname_out);
3719 if (!NT_STATUS_IS_OK(status)) {
3722 smb_fname = smb_fname_out;
3726 * Check to see if this is a mac fork of some kind.
3729 stream_name = is_ntfs_stream_smb_fname(smb_fname);
3731 enum FAKE_FILE_TYPE fake_file_type;
3733 fake_file_type = is_fake_file(smb_fname);
3735 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3738 * Here we go! support for changing the disk quotas
3741 * We need to fake up to open this MAGIC QUOTA file
3742 * and return a valid FID.
3744 * w2k close this file directly after openening xp
3745 * also tries a QUERY_FILE_INFO on the file and then
3748 status = open_fake_file(req, conn, req->vuid,
3749 fake_file_type, smb_fname,
3751 if (!NT_STATUS_IS_OK(status)) {
3755 ZERO_STRUCT(smb_fname->st);
3759 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3760 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3765 /* All file access must go through check_name() */
3767 status = check_name(conn, smb_fname->base_name);
3768 if (!NT_STATUS_IS_OK(status)) {
3772 if (stream_name && is_ntfs_default_stream_smb_fname(smb_fname)) {
3774 smb_fname->stream_name = NULL;
3775 /* We have to handle this error here. */
3776 if (create_options & FILE_DIRECTORY_FILE) {
3777 status = NT_STATUS_NOT_A_DIRECTORY;
3780 if (lp_posix_pathnames()) {
3781 ret = SMB_VFS_LSTAT(conn, smb_fname);
3783 ret = SMB_VFS_STAT(conn, smb_fname);
3786 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) {
3787 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3792 status = create_file_unixpath(
3793 conn, req, smb_fname, access_mask, share_access,
3794 create_disposition, create_options, file_attributes,
3795 oplock_request, allocation_size, private_flags,
3799 if (!NT_STATUS_IS_OK(status)) {
3804 DEBUG(10, ("create_file: info=%d\n", info));
3807 if (pinfo != NULL) {
3810 return NT_STATUS_OK;
3813 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3816 close_file(req, fsp, ERROR_CLOSE);
git.samba.org / kai / samba.git / blob