2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "smbd/globals.h"
25 #include "fake_file.h"
26 #include "librpc/gen_ndr/messaging.h"
27 #include "../libcli/security/security.h"
28 #include "../librpc/gen_ndr/ndr_security.h"
30 extern const struct generic_mapping file_generic_mapping;
32 struct deferred_open_record {
33 bool delayed_for_oplocks;
37 /****************************************************************************
38 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
39 ****************************************************************************/
41 NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
42 const struct security_descriptor *sd,
43 const struct security_token *token,
44 uint32_t access_desired,
45 uint32_t *access_granted)
49 if (get_current_uid(conn) == (uid_t)0) {
50 /* I'm sorry sir, I didn't know you were root... */
51 *access_granted = access_desired;
52 if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
53 *access_granted |= FILE_GENERIC_ALL;
58 return se_access_check(sd,
60 (access_desired & ~FILE_READ_ATTRIBUTES),
64 /****************************************************************************
65 Check if we have open rights.
66 ****************************************************************************/
68 NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
69 const struct smb_filename *smb_fname,
71 uint32_t *access_granted)
73 /* Check if we have rights to open. */
75 struct security_descriptor *sd = NULL;
77 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
82 if (!NT_STATUS_IS_OK(status)) {
83 DEBUG(10, ("smbd_check_open_rights: Could not get acl "
85 smb_fname_str_dbg(smb_fname),
90 status = smb1_file_se_access_check(conn,
92 get_current_nttok(conn),
96 DEBUG(10,("smbd_check_open_rights: file %s requesting "
97 "0x%x returning 0x%x (%s)\n",
98 smb_fname_str_dbg(smb_fname),
99 (unsigned int)access_mask,
100 (unsigned int)*access_granted,
101 nt_errstr(status) ));
103 if (!NT_STATUS_IS_OK(status)) {
104 if (DEBUGLEVEL >= 10) {
105 DEBUG(10,("smbd_check_open_rights: acl for %s is:\n",
106 smb_fname_str_dbg(smb_fname) ));
107 NDR_PRINT_DEBUG(security_descriptor, sd);
116 /****************************************************************************
117 fd support routines - attempt to do a dos_open.
118 ****************************************************************************/
120 static NTSTATUS fd_open(struct connection_struct *conn,
125 struct smb_filename *smb_fname = fsp->fsp_name;
126 NTSTATUS status = NT_STATUS_OK;
130 * Never follow symlinks on a POSIX client. The
131 * client should be doing this.
134 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
139 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
140 if (fsp->fh->fd == -1) {
141 status = map_nt_error_from_unix(errno);
142 if (errno == EMFILE) {
143 static time_t last_warned = 0L;
145 if (time((time_t *) NULL) > last_warned) {
146 DEBUG(0,("Too many open files, unable "
147 "to open more! smbd's max "
149 lp_max_open_files()));
150 last_warned = time((time_t *) NULL);
156 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
157 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
158 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
163 /****************************************************************************
164 Close the file associated with a fsp.
165 ****************************************************************************/
167 NTSTATUS fd_close(files_struct *fsp)
174 if (fsp->fh->fd == -1) {
175 return NT_STATUS_OK; /* What we used to call a stat open. */
177 if (fsp->fh->ref_count > 1) {
178 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
181 ret = SMB_VFS_CLOSE(fsp);
184 return map_nt_error_from_unix(errno);
189 /****************************************************************************
190 Change the ownership of a file to that of the parent directory.
191 Do this by fd if possible.
192 ****************************************************************************/
194 void change_file_owner_to_parent(connection_struct *conn,
195 const char *inherit_from_dir,
198 struct smb_filename *smb_fname_parent = NULL;
202 status = create_synthetic_smb_fname(talloc_tos(), inherit_from_dir,
203 NULL, NULL, &smb_fname_parent);
204 if (!NT_STATUS_IS_OK(status)) {
208 ret = SMB_VFS_STAT(conn, smb_fname_parent);
210 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
211 "directory %s. Error was %s\n",
212 smb_fname_str_dbg(smb_fname_parent),
218 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
221 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
222 "file %s to parent directory uid %u. Error "
223 "was %s\n", fsp_str_dbg(fsp),
224 (unsigned int)smb_fname_parent->st.st_ex_uid,
228 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
229 "parent directory uid %u.\n", fsp_str_dbg(fsp),
230 (unsigned int)smb_fname_parent->st.st_ex_uid));
232 TALLOC_FREE(smb_fname_parent);
235 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
236 const char *inherit_from_dir,
238 SMB_STRUCT_STAT *psbuf)
240 struct smb_filename *smb_fname_parent = NULL;
241 struct smb_filename *smb_fname_cwd = NULL;
242 char *saved_dir = NULL;
243 TALLOC_CTX *ctx = talloc_tos();
244 NTSTATUS status = NT_STATUS_OK;
247 status = create_synthetic_smb_fname(ctx, inherit_from_dir, NULL, NULL,
249 if (!NT_STATUS_IS_OK(status)) {
253 ret = SMB_VFS_STAT(conn, smb_fname_parent);
255 status = map_nt_error_from_unix(errno);
256 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
257 "directory %s. Error was %s\n",
258 smb_fname_str_dbg(smb_fname_parent),
263 /* We've already done an lstat into psbuf, and we know it's a
264 directory. If we can cd into the directory and the dev/ino
265 are the same then we can safely chown without races as
266 we're locking the directory in place by being in it. This
267 should work on any UNIX (thanks tridge :-). JRA.
270 saved_dir = vfs_GetWd(ctx,conn);
272 status = map_nt_error_from_unix(errno);
273 DEBUG(0,("change_dir_owner_to_parent: failed to get "
274 "current working directory. Error was %s\n",
279 /* Chdir into the new path. */
280 if (vfs_ChDir(conn, fname) == -1) {
281 status = map_nt_error_from_unix(errno);
282 DEBUG(0,("change_dir_owner_to_parent: failed to change "
283 "current working directory to %s. Error "
284 "was %s\n", fname, strerror(errno) ));
288 status = create_synthetic_smb_fname(ctx, ".", NULL, NULL,
290 if (!NT_STATUS_IS_OK(status)) {
294 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
296 status = map_nt_error_from_unix(errno);
297 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
298 "directory '.' (%s) Error was %s\n",
299 fname, strerror(errno)));
303 /* Ensure we're pointing at the same place. */
304 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
305 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino ||
306 smb_fname_cwd->st.st_ex_mode != psbuf->st_ex_mode ) {
307 DEBUG(0,("change_dir_owner_to_parent: "
308 "device/inode/mode on directory %s changed. "
309 "Refusing to chown !\n", fname ));
310 status = NT_STATUS_ACCESS_DENIED;
315 ret = SMB_VFS_CHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
319 status = map_nt_error_from_unix(errno);
320 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
321 "directory %s to parent directory uid %u. "
322 "Error was %s\n", fname,
323 (unsigned int)smb_fname_parent->st.st_ex_uid,
328 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
329 "directory %s to parent directory uid %u.\n",
330 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
333 vfs_ChDir(conn,saved_dir);
335 TALLOC_FREE(smb_fname_parent);
336 TALLOC_FREE(smb_fname_cwd);
340 /****************************************************************************
342 ****************************************************************************/
344 static NTSTATUS open_file(files_struct *fsp,
345 connection_struct *conn,
346 struct smb_request *req,
347 const char *parent_dir,
350 uint32 access_mask, /* client requested access mask. */
351 uint32 open_access_mask) /* what we're actually using in the open. */
353 struct smb_filename *smb_fname = fsp->fsp_name;
354 NTSTATUS status = NT_STATUS_OK;
355 int accmode = (flags & O_ACCMODE);
356 int local_flags = flags;
357 bool file_existed = VALID_STAT(fsp->fsp_name->st);
362 /* Check permissions */
365 * This code was changed after seeing a client open request
366 * containing the open mode of (DENY_WRITE/read-only) with
367 * the 'create if not exist' bit set. The previous code
368 * would fail to open the file read only on a read-only share
369 * as it was checking the flags parameter directly against O_RDONLY,
370 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
374 if (!CAN_WRITE(conn)) {
375 /* It's a read-only share - fail if we wanted to write. */
376 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
377 DEBUG(3,("Permission denied opening %s\n",
378 smb_fname_str_dbg(smb_fname)));
379 return NT_STATUS_ACCESS_DENIED;
380 } else if(flags & O_CREAT) {
381 /* We don't want to write - but we must make sure that
382 O_CREAT doesn't create the file if we have write
383 access into the directory.
385 flags &= ~(O_CREAT|O_EXCL);
386 local_flags &= ~(O_CREAT|O_EXCL);
391 * This little piece of insanity is inspired by the
392 * fact that an NT client can open a file for O_RDONLY,
393 * but set the create disposition to FILE_EXISTS_TRUNCATE.
394 * If the client *can* write to the file, then it expects to
395 * truncate the file, even though it is opening for readonly.
396 * Quicken uses this stupid trick in backup file creation...
397 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
398 * for helping track this one down. It didn't bite us in 2.0.x
399 * as we always opened files read-write in that release. JRA.
402 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
403 DEBUG(10,("open_file: truncate requested on read-only open "
404 "for file %s\n", smb_fname_str_dbg(smb_fname)));
405 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
408 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
409 (!file_existed && (local_flags & O_CREAT)) ||
410 ((local_flags & O_TRUNC) == O_TRUNC) ) {
414 * We can't actually truncate here as the file may be locked.
415 * open_file_ntcreate will take care of the truncate later. JRA.
418 local_flags &= ~O_TRUNC;
420 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
422 * We would block on opening a FIFO with no one else on the
423 * other end. Do what we used to do and add O_NONBLOCK to the
427 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
428 local_flags |= O_NONBLOCK;
432 /* Don't create files with Microsoft wildcard characters. */
435 * wildcard characters are allowed in stream names
436 * only test the basefilename
438 wild = fsp->base_fsp->fsp_name->base_name;
440 wild = smb_fname->base_name;
442 if ((local_flags & O_CREAT) && !file_existed &&
444 return NT_STATUS_OBJECT_NAME_INVALID;
447 /* Actually do the open */
448 status = fd_open(conn, fsp, local_flags, unx_mode);
449 if (!NT_STATUS_IS_OK(status)) {
450 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
451 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
452 nt_errstr(status),local_flags,flags));
456 if ((local_flags & O_CREAT) && !file_existed) {
458 /* Inherit the ACL if required */
459 if (lp_inherit_perms(SNUM(conn))) {
460 inherit_access_posix_acl(conn, parent_dir,
461 smb_fname->base_name,
465 /* Change the owner if required. */
466 if (lp_inherit_owner(SNUM(conn))) {
467 change_file_owner_to_parent(conn, parent_dir,
471 notify_fname(conn, NOTIFY_ACTION_ADDED,
472 FILE_NOTIFY_CHANGE_FILE_NAME,
473 smb_fname->base_name);
477 fsp->fh->fd = -1; /* What we used to call a stat open. */
479 uint32_t access_granted = 0;
481 status = smbd_check_open_rights(conn,
485 if (!NT_STATUS_IS_OK(status)) {
486 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
488 * On NT_STATUS_ACCESS_DENIED, access_granted
489 * contains the denied bits.
492 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
493 (access_granted & FILE_WRITE_ATTRIBUTES) &&
494 (lp_map_readonly(SNUM(conn)) ||
495 lp_map_archive(SNUM(conn)) ||
496 lp_map_hidden(SNUM(conn)) ||
497 lp_map_system(SNUM(conn)))) {
498 access_granted &= ~FILE_WRITE_ATTRIBUTES;
500 DEBUG(10,("open_file: "
509 if ((access_mask & DELETE_ACCESS) &&
510 (access_granted & DELETE_ACCESS) &&
511 can_delete_file_in_directory(conn,
513 /* Were we trying to do a stat open
514 * for delete and didn't get DELETE
515 * access (only) ? Check if the
516 * directory allows DELETE_CHILD.
518 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
521 access_granted &= ~DELETE_ACCESS;
523 DEBUG(10,("open_file: "
531 if (access_granted != 0) {
532 DEBUG(10,("open_file: Access "
539 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
541 S_ISLNK(smb_fname->st.st_ex_mode)) {
542 /* This is a POSIX stat open for delete
543 * or rename on a symlink that points
545 DEBUG(10,("open_file: allowing POSIX "
546 "open on bad symlink %s\n",
550 DEBUG(10,("open_file: "
551 "smbd_check_open_rights on file "
553 smb_fname_str_dbg(smb_fname),
554 nt_errstr(status) ));
564 if (fsp->fh->fd == -1) {
565 ret = SMB_VFS_STAT(conn, smb_fname);
567 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
568 /* If we have an fd, this stat should succeed. */
570 DEBUG(0,("Error doing fstat on open file %s "
572 smb_fname_str_dbg(smb_fname),
577 /* For a non-io open, this stat failing means file not found. JRA */
579 status = map_nt_error_from_unix(errno);
586 * POSIX allows read-only opens of directories. We don't
587 * want to do this (we use a different code path for this)
588 * so catch a directory open and return an EISDIR. JRA.
591 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
594 return NT_STATUS_FILE_IS_A_DIRECTORY;
597 fsp->mode = smb_fname->st.st_ex_mode;
598 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
599 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
600 fsp->file_pid = req ? req->smbpid : 0;
601 fsp->can_lock = True;
602 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
603 if (!CAN_WRITE(conn)) {
604 fsp->can_write = False;
606 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
609 fsp->print_file = NULL;
610 fsp->modified = False;
611 fsp->sent_oplock_break = NO_BREAK_SENT;
612 fsp->is_directory = False;
613 if (conn->aio_write_behind_list &&
614 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
615 conn->case_sensitive)) {
616 fsp->aio_write_behind = True;
619 fsp->wcp = NULL; /* Write cache pointer. */
621 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
622 conn->server_info->unix_name,
623 smb_fname_str_dbg(smb_fname),
624 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
625 conn->num_files_open));
631 /*******************************************************************
632 Return True if the filename is one of the special executable types.
633 ********************************************************************/
635 bool is_executable(const char *fname)
637 if ((fname = strrchr_m(fname,'.'))) {
638 if (strequal(fname,".com") ||
639 strequal(fname,".dll") ||
640 strequal(fname,".exe") ||
641 strequal(fname,".sym")) {
648 /****************************************************************************
649 Check if we can open a file with a share mode.
650 Returns True if conflict, False if not.
651 ****************************************************************************/
653 static bool share_conflict(struct share_mode_entry *entry,
657 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
658 "entry->share_access = 0x%x, "
659 "entry->private_options = 0x%x\n",
660 (unsigned int)entry->access_mask,
661 (unsigned int)entry->share_access,
662 (unsigned int)entry->private_options));
664 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
665 (unsigned int)access_mask, (unsigned int)share_access));
667 if ((entry->access_mask & (FILE_WRITE_DATA|
671 DELETE_ACCESS)) == 0) {
672 DEBUG(10,("share_conflict: No conflict due to "
673 "entry->access_mask = 0x%x\n",
674 (unsigned int)entry->access_mask ));
678 if ((access_mask & (FILE_WRITE_DATA|
682 DELETE_ACCESS)) == 0) {
683 DEBUG(10,("share_conflict: No conflict due to "
684 "access_mask = 0x%x\n",
685 (unsigned int)access_mask ));
689 #if 1 /* JRA TEST - Superdebug. */
690 #define CHECK_MASK(num, am, right, sa, share) \
691 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
692 (unsigned int)(num), (unsigned int)(am), \
693 (unsigned int)(right), (unsigned int)(am)&(right) )); \
694 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
695 (unsigned int)(num), (unsigned int)(sa), \
696 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
697 if (((am) & (right)) && !((sa) & (share))) { \
698 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
699 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
700 (unsigned int)(share) )); \
704 #define CHECK_MASK(num, am, right, sa, share) \
705 if (((am) & (right)) && !((sa) & (share))) { \
706 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
707 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
708 (unsigned int)(share) )); \
713 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
714 share_access, FILE_SHARE_WRITE);
715 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
716 entry->share_access, FILE_SHARE_WRITE);
718 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
719 share_access, FILE_SHARE_READ);
720 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
721 entry->share_access, FILE_SHARE_READ);
723 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
724 share_access, FILE_SHARE_DELETE);
725 CHECK_MASK(6, access_mask, DELETE_ACCESS,
726 entry->share_access, FILE_SHARE_DELETE);
728 DEBUG(10,("share_conflict: No conflict.\n"));
732 #if defined(DEVELOPER)
733 static void validate_my_share_entries(struct smbd_server_connection *sconn,
735 struct share_mode_entry *share_entry)
739 if (!procid_is_me(&share_entry->pid)) {
743 if (is_deferred_open_entry(share_entry) &&
744 !open_was_deferred(share_entry->op_mid)) {
745 char *str = talloc_asprintf(talloc_tos(),
746 "Got a deferred entry without a request: "
748 share_mode_str(talloc_tos(), num, share_entry));
752 if (!is_valid_share_mode_entry(share_entry)) {
756 fsp = file_find_dif(sconn, share_entry->id,
757 share_entry->share_file_id);
759 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
760 share_mode_str(talloc_tos(), num, share_entry) ));
761 smb_panic("validate_my_share_entries: Cannot match a "
762 "share entry with an open file\n");
765 if (is_deferred_open_entry(share_entry) ||
766 is_unused_share_mode_entry(share_entry)) {
770 if ((share_entry->op_type == NO_OPLOCK) &&
771 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
772 /* Someone has already written to it, but I haven't yet
777 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
786 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
787 share_mode_str(talloc_tos(), num, share_entry) ));
788 str = talloc_asprintf(talloc_tos(),
789 "validate_my_share_entries: "
790 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
791 fsp->fsp_name->base_name,
792 (unsigned int)fsp->oplock_type,
793 (unsigned int)share_entry->op_type );
799 bool is_stat_open(uint32 access_mask)
801 return (access_mask &&
802 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
803 FILE_WRITE_ATTRIBUTES))==0) &&
804 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
805 FILE_WRITE_ATTRIBUTES)) != 0));
808 /****************************************************************************
809 Deal with share modes
810 Invarient: Share mode must be locked on entry and exit.
811 Returns -1 on error, or number of share modes on success (may be zero).
812 ****************************************************************************/
814 static NTSTATUS open_mode_check(connection_struct *conn,
815 struct share_mode_lock *lck,
819 uint32 create_options,
824 if(lck->num_share_modes == 0) {
828 *file_existed = True;
830 /* A delete on close prohibits everything */
832 if (is_delete_on_close_set(lck, name_hash)) {
833 return NT_STATUS_DELETE_PENDING;
836 if (is_stat_open(access_mask)) {
837 /* Stat open that doesn't trigger oplock breaks or share mode
838 * checks... ! JRA. */
843 * Check if the share modes will give us access.
846 #if defined(DEVELOPER)
847 for(i = 0; i < lck->num_share_modes; i++) {
848 validate_my_share_entries(conn->sconn, i,
849 &lck->share_modes[i]);
853 if (!lp_share_modes(SNUM(conn))) {
857 /* Now we check the share modes, after any oplock breaks. */
858 for(i = 0; i < lck->num_share_modes; i++) {
860 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
864 /* someone else has a share lock on it, check to see if we can
866 if (share_conflict(&lck->share_modes[i],
867 access_mask, share_access)) {
868 return NT_STATUS_SHARING_VIOLATION;
875 static bool is_delete_request(files_struct *fsp) {
876 return ((fsp->access_mask == DELETE_ACCESS) &&
877 (fsp->oplock_type == NO_OPLOCK));
881 * Send a break message to the oplock holder and delay the open for
885 static NTSTATUS send_break_message(files_struct *fsp,
886 struct share_mode_entry *exclusive,
891 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
893 DEBUG(10, ("Sending break request to PID %s\n",
894 procid_str_static(&exclusive->pid)));
895 exclusive->op_mid = mid;
897 /* Create the message. */
898 share_mode_entry_to_message(msg, exclusive);
900 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
901 don't want this set in the share mode struct pointed to by lck. */
903 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
904 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET,
905 exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
908 status = messaging_send_buf(fsp->conn->sconn->msg_ctx, exclusive->pid,
909 MSG_SMB_BREAK_REQUEST,
911 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
912 if (!NT_STATUS_IS_OK(status)) {
913 DEBUG(3, ("Could not send oplock break message: %s\n",
921 * Return share_mode_entry pointers for :
922 * 1). Batch oplock entry.
923 * 2). Batch or exclusive oplock entry (may be identical to #1).
924 * bool have_level2_oplock
925 * bool have_no_oplock.
926 * Do internal consistency checks on the share mode for a file.
929 static void find_oplock_types(struct share_mode_lock *lck,
930 struct share_mode_entry **pp_batch,
931 struct share_mode_entry **pp_ex_or_batch,
938 *pp_ex_or_batch = NULL;
940 *got_no_oplock = false;
942 for (i=0; i<lck->num_share_modes; i++) {
943 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
947 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
948 /* batch - can only be one. */
949 if (*pp_batch || *got_level2 || *got_no_oplock) {
950 smb_panic("Bad batch oplock entry.");
952 *pp_batch = &lck->share_modes[i];
955 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
956 /* Exclusive or batch - can only be one. */
957 if (*pp_ex_or_batch || *got_level2 || *got_no_oplock) {
958 smb_panic("Bad exclusive or batch oplock entry.");
960 *pp_ex_or_batch = &lck->share_modes[i];
963 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
964 if (*pp_batch || *pp_ex_or_batch) {
965 smb_panic("Bad levelII oplock entry.");
970 if (lck->share_modes[i].op_type == NO_OPLOCK) {
971 if (*pp_batch || *pp_ex_or_batch) {
972 smb_panic("Bad no oplock entry.");
974 *got_no_oplock = true;
979 static bool delay_for_batch_oplocks(files_struct *fsp,
982 struct share_mode_entry *batch_entry)
984 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
988 if (batch_entry != NULL) {
989 /* Found a batch oplock */
990 send_break_message(fsp, batch_entry, mid, oplock_request);
996 static bool delay_for_exclusive_oplocks(files_struct *fsp,
999 struct share_mode_entry *ex_entry)
1001 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1005 if (ex_entry != NULL) {
1006 /* Found an exclusive or batch oplock */
1007 bool delay_it = is_delete_request(fsp) ?
1008 BATCH_OPLOCK_TYPE(ex_entry->op_type) : true;
1010 send_break_message(fsp, ex_entry, mid, oplock_request);
1017 static bool file_has_brlocks(files_struct *fsp)
1019 struct byte_range_lock *br_lck;
1021 br_lck = brl_get_locks_readonly(fsp);
1025 return br_lck->num_locks > 0 ? true : false;
1028 static void grant_fsp_oplock_type(files_struct *fsp,
1030 bool got_level2_oplock,
1031 bool got_a_none_oplock)
1033 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
1034 lp_level2_oplocks(SNUM(fsp->conn));
1036 /* Start by granting what the client asked for,
1037 but ensure no SAMBA_PRIVATE bits can be set. */
1038 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1040 if (oplock_request & INTERNAL_OPEN_ONLY) {
1041 /* No oplocks on internal open. */
1042 fsp->oplock_type = NO_OPLOCK;
1043 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1044 fsp->oplock_type, fsp_str_dbg(fsp)));
1046 } else if (lp_locking(fsp->conn->params) && file_has_brlocks(fsp)) {
1047 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
1049 fsp->oplock_type = NO_OPLOCK;
1052 if (is_stat_open(fsp->access_mask)) {
1053 /* Leave the value already set. */
1054 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1055 fsp->oplock_type, fsp_str_dbg(fsp)));
1060 * Match what was requested (fsp->oplock_type) with
1061 * what was found in the existing share modes.
1064 if (got_a_none_oplock) {
1065 fsp->oplock_type = NO_OPLOCK;
1066 } else if (got_level2_oplock) {
1067 if (fsp->oplock_type == NO_OPLOCK ||
1068 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
1069 /* Store a level2 oplock, but don't tell the client */
1070 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1072 fsp->oplock_type = LEVEL_II_OPLOCK;
1075 /* All share_mode_entries are placeholders or deferred.
1076 * Silently upgrade to fake levelII if the client didn't
1077 * ask for an oplock. */
1078 if (fsp->oplock_type == NO_OPLOCK) {
1079 /* Store a level2 oplock, but don't tell the client */
1080 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1085 * Don't grant level2 to clients that don't want them
1086 * or if we've turned them off.
1088 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1089 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1092 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1093 fsp->oplock_type, fsp_str_dbg(fsp)));
1096 bool request_timed_out(struct timeval request_time,
1097 struct timeval timeout)
1099 struct timeval now, end_time;
1101 end_time = timeval_sum(&request_time, &timeout);
1102 return (timeval_compare(&end_time, &now) < 0);
1105 /****************************************************************************
1106 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1107 ****************************************************************************/
1109 static void defer_open(struct share_mode_lock *lck,
1110 struct timeval request_time,
1111 struct timeval timeout,
1112 struct smb_request *req,
1113 struct deferred_open_record *state)
1117 /* Paranoia check */
1119 for (i=0; i<lck->num_share_modes; i++) {
1120 struct share_mode_entry *e = &lck->share_modes[i];
1122 if (!is_deferred_open_entry(e)) {
1126 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
1127 DEBUG(0, ("Trying to defer an already deferred "
1128 "request: mid=%llu, exiting\n",
1129 (unsigned long long)req->mid));
1130 exit_server("attempt to defer a deferred request");
1134 /* End paranoia check */
1136 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1137 "open entry for mid %llu\n",
1138 (unsigned int)request_time.tv_sec,
1139 (unsigned int)request_time.tv_usec,
1140 (unsigned long long)req->mid));
1142 if (!push_deferred_open_message_smb(req, request_time, timeout,
1143 state->id, (char *)state, sizeof(*state))) {
1144 exit_server("push_deferred_open_message_smb failed");
1146 add_deferred_open(lck, req->mid, request_time,
1147 sconn_server_id(req->sconn), state->id);
1151 /****************************************************************************
1152 On overwrite open ensure that the attributes match.
1153 ****************************************************************************/
1155 bool open_match_attributes(connection_struct *conn,
1156 uint32 old_dos_attr,
1157 uint32 new_dos_attr,
1158 mode_t existing_unx_mode,
1159 mode_t new_unx_mode,
1160 mode_t *returned_unx_mode)
1162 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1164 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1165 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1167 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1168 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1169 *returned_unx_mode = new_unx_mode;
1171 *returned_unx_mode = (mode_t)0;
1174 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1175 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1176 "returned_unx_mode = 0%o\n",
1177 (unsigned int)old_dos_attr,
1178 (unsigned int)existing_unx_mode,
1179 (unsigned int)new_dos_attr,
1180 (unsigned int)*returned_unx_mode ));
1182 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1183 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1184 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1185 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1189 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1190 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1191 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1198 /****************************************************************************
1199 Special FCB or DOS processing in the case of a sharing violation.
1200 Try and find a duplicated file handle.
1201 ****************************************************************************/
1203 NTSTATUS fcb_or_dos_open(struct smb_request *req,
1204 connection_struct *conn,
1205 files_struct *fsp_to_dup_into,
1206 const struct smb_filename *smb_fname,
1211 uint32 share_access,
1212 uint32 create_options)
1216 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1217 "file %s.\n", smb_fname_str_dbg(smb_fname)));
1219 for(fsp = file_find_di_first(conn->sconn, id); fsp;
1220 fsp = file_find_di_next(fsp)) {
1222 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1223 "vuid = %u, file_pid = %u, private_options = 0x%x "
1224 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1225 fsp->fh->fd, (unsigned int)fsp->vuid,
1226 (unsigned int)fsp->file_pid,
1227 (unsigned int)fsp->fh->private_options,
1228 (unsigned int)fsp->access_mask ));
1230 if (fsp->fh->fd != -1 &&
1231 fsp->vuid == vuid &&
1232 fsp->file_pid == file_pid &&
1233 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1234 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1235 (fsp->access_mask & FILE_WRITE_DATA) &&
1236 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1237 strequal(fsp->fsp_name->stream_name,
1238 smb_fname->stream_name)) {
1239 DEBUG(10,("fcb_or_dos_open: file match\n"));
1245 return NT_STATUS_NOT_FOUND;
1248 /* quite an insane set of semantics ... */
1249 if (is_executable(smb_fname->base_name) &&
1250 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1251 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1252 return NT_STATUS_INVALID_PARAMETER;
1255 /* We need to duplicate this fsp. */
1256 return dup_file_fsp(req, fsp, access_mask, share_access,
1257 create_options, fsp_to_dup_into);
1260 /****************************************************************************
1261 Open a file with a share mode - old openX method - map into NTCreate.
1262 ****************************************************************************/
1264 bool map_open_params_to_ntcreate(const struct smb_filename *smb_fname,
1265 int deny_mode, int open_func,
1266 uint32 *paccess_mask,
1267 uint32 *pshare_mode,
1268 uint32 *pcreate_disposition,
1269 uint32 *pcreate_options,
1270 uint32_t *pprivate_flags)
1274 uint32 create_disposition;
1275 uint32 create_options = FILE_NON_DIRECTORY_FILE;
1276 uint32_t private_flags = 0;
1278 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1279 "open_func = 0x%x\n",
1280 smb_fname_str_dbg(smb_fname), (unsigned int)deny_mode,
1281 (unsigned int)open_func ));
1283 /* Create the NT compatible access_mask. */
1284 switch (GET_OPENX_MODE(deny_mode)) {
1285 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1286 case DOS_OPEN_RDONLY:
1287 access_mask = FILE_GENERIC_READ;
1289 case DOS_OPEN_WRONLY:
1290 access_mask = FILE_GENERIC_WRITE;
1294 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1297 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1298 (unsigned int)GET_OPENX_MODE(deny_mode)));
1302 /* Create the NT compatible create_disposition. */
1303 switch (open_func) {
1304 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1305 create_disposition = FILE_CREATE;
1308 case OPENX_FILE_EXISTS_OPEN:
1309 create_disposition = FILE_OPEN;
1312 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1313 create_disposition = FILE_OPEN_IF;
1316 case OPENX_FILE_EXISTS_TRUNCATE:
1317 create_disposition = FILE_OVERWRITE;
1320 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1321 create_disposition = FILE_OVERWRITE_IF;
1325 /* From samba4 - to be confirmed. */
1326 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1327 create_disposition = FILE_CREATE;
1330 DEBUG(10,("map_open_params_to_ntcreate: bad "
1331 "open_func 0x%x\n", (unsigned int)open_func));
1335 /* Create the NT compatible share modes. */
1336 switch (GET_DENY_MODE(deny_mode)) {
1338 share_mode = FILE_SHARE_NONE;
1342 share_mode = FILE_SHARE_READ;
1346 share_mode = FILE_SHARE_WRITE;
1350 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1354 private_flags |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1355 if (is_executable(smb_fname->base_name)) {
1356 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1358 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1359 share_mode = FILE_SHARE_READ;
1361 share_mode = FILE_SHARE_NONE;
1367 private_flags |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1368 share_mode = FILE_SHARE_NONE;
1372 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1373 (unsigned int)GET_DENY_MODE(deny_mode) ));
1377 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1378 "share_mode = 0x%x, create_disposition = 0x%x, "
1379 "create_options = 0x%x private_flags = 0x%x\n",
1380 smb_fname_str_dbg(smb_fname),
1381 (unsigned int)access_mask,
1382 (unsigned int)share_mode,
1383 (unsigned int)create_disposition,
1384 (unsigned int)create_options,
1385 (unsigned int)private_flags));
1388 *paccess_mask = access_mask;
1391 *pshare_mode = share_mode;
1393 if (pcreate_disposition) {
1394 *pcreate_disposition = create_disposition;
1396 if (pcreate_options) {
1397 *pcreate_options = create_options;
1399 if (pprivate_flags) {
1400 *pprivate_flags = private_flags;
1407 static void schedule_defer_open(struct share_mode_lock *lck,
1408 struct timeval request_time,
1409 struct smb_request *req)
1411 struct deferred_open_record state;
1413 /* This is a relative time, added to the absolute
1414 request_time value to get the absolute timeout time.
1415 Note that if this is the second or greater time we enter
1416 this codepath for this particular request mid then
1417 request_time is left as the absolute time of the *first*
1418 time this request mid was processed. This is what allows
1419 the request to eventually time out. */
1421 struct timeval timeout;
1423 /* Normally the smbd we asked should respond within
1424 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1425 * the client did, give twice the timeout as a safety
1426 * measure here in case the other smbd is stuck
1427 * somewhere else. */
1429 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1431 /* Nothing actually uses state.delayed_for_oplocks
1432 but it's handy to differentiate in debug messages
1433 between a 30 second delay due to oplock break, and
1434 a 1 second delay for share mode conflicts. */
1436 state.delayed_for_oplocks = True;
1439 if (!request_timed_out(request_time, timeout)) {
1440 defer_open(lck, request_time, timeout, req, &state);
1444 /****************************************************************************
1445 Work out what access_mask to use from what the client sent us.
1446 ****************************************************************************/
1448 static NTSTATUS calculate_access_mask(connection_struct *conn,
1449 const struct smb_filename *smb_fname,
1451 uint32_t access_mask,
1452 uint32_t *access_mask_out)
1457 * Convert GENERIC bits to specific bits.
1460 se_map_generic(&access_mask, &file_generic_mapping);
1462 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1463 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1466 struct security_descriptor *sd;
1467 uint32_t access_granted = 0;
1469 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1474 if (!NT_STATUS_IS_OK(status)) {
1475 DEBUG(10, ("calculate_access_mask: Could not get acl "
1477 smb_fname_str_dbg(smb_fname),
1478 nt_errstr(status)));
1479 return NT_STATUS_ACCESS_DENIED;
1482 status = smb1_file_se_access_check(conn,
1484 get_current_nttok(conn),
1490 if (!NT_STATUS_IS_OK(status)) {
1491 DEBUG(10, ("calculate_access_mask: Access denied on "
1492 "file %s: when calculating maximum access\n",
1493 smb_fname_str_dbg(smb_fname)));
1494 return NT_STATUS_ACCESS_DENIED;
1497 access_mask = access_granted;
1499 access_mask = FILE_GENERIC_ALL;
1503 *access_mask_out = access_mask;
1504 return NT_STATUS_OK;
1507 /****************************************************************************
1508 Remove the deferred open entry under lock.
1509 ****************************************************************************/
1511 void remove_deferred_open_entry(struct file_id id, uint64_t mid,
1512 struct server_id pid)
1514 struct share_mode_lock *lck = get_share_mode_lock(talloc_tos(), id,
1517 DEBUG(0, ("could not get share mode lock\n"));
1519 del_deferred_open_entry(lck, mid, pid);
1524 /****************************************************************************
1525 Open a file with a share mode. Passed in an already created files_struct *.
1526 ****************************************************************************/
1528 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1529 struct smb_request *req,
1530 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1531 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1532 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1533 uint32 create_options, /* options such as delete on close. */
1534 uint32 new_dos_attributes, /* attributes used for new file. */
1535 int oplock_request, /* internal Samba oplock codes. */
1536 /* Information (FILE_EXISTS etc.) */
1537 uint32_t private_flags, /* Samba specific flags. */
1541 struct smb_filename *smb_fname = fsp->fsp_name;
1544 bool file_existed = VALID_STAT(smb_fname->st);
1545 bool def_acl = False;
1546 bool posix_open = False;
1547 bool new_file_created = False;
1548 bool clear_ads = false;
1550 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1551 mode_t new_unx_mode = (mode_t)0;
1552 mode_t unx_mode = (mode_t)0;
1554 uint32 existing_dos_attributes = 0;
1555 struct timeval request_time = timeval_zero();
1556 struct share_mode_lock *lck = NULL;
1557 uint32 open_access_mask = access_mask;
1563 /* Windows allows a new file to be created and
1564 silently removes a FILE_ATTRIBUTE_DIRECTORY
1565 sent by the client. Do the same. */
1567 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
1569 if (conn->printer) {
1571 * Printers are handled completely differently.
1572 * Most of the passed parameters are ignored.
1576 *pinfo = FILE_WAS_CREATED;
1579 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1580 smb_fname_str_dbg(smb_fname)));
1583 DEBUG(0,("open_file_ntcreate: printer open without "
1584 "an SMB request!\n"));
1585 return NT_STATUS_INTERNAL_ERROR;
1588 return print_spool_open(fsp, smb_fname->base_name,
1592 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
1594 return NT_STATUS_NO_MEMORY;
1597 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1599 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1600 new_dos_attributes = 0;
1602 /* We add aARCH to this as this mode is only used if the file is
1604 unx_mode = unix_mode(conn, new_dos_attributes | aARCH,
1605 smb_fname, parent_dir);
1608 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1609 "access_mask=0x%x share_access=0x%x "
1610 "create_disposition = 0x%x create_options=0x%x "
1611 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
1612 smb_fname_str_dbg(smb_fname), new_dos_attributes,
1613 access_mask, share_access, create_disposition,
1614 create_options, (unsigned int)unx_mode, oplock_request,
1615 (unsigned int)private_flags));
1617 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1618 DEBUG(0, ("No smb request but not an internal only open!\n"));
1619 return NT_STATUS_INTERNAL_ERROR;
1623 * Only non-internal opens can be deferred at all
1628 if (get_deferred_open_message_state(req,
1632 struct deferred_open_record *state = (struct deferred_open_record *)ptr;
1633 /* Remember the absolute time of the original
1634 request with this mid. We'll use it later to
1635 see if this has timed out. */
1637 /* Remove the deferred open entry under lock. */
1638 remove_deferred_open_entry(
1639 state->id, req->mid,
1640 sconn_server_id(req->sconn));
1642 /* Ensure we don't reprocess this message. */
1643 remove_deferred_open_message_smb(req->mid);
1647 status = check_name(conn, smb_fname->base_name);
1648 if (!NT_STATUS_IS_OK(status)) {
1653 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1655 existing_dos_attributes = dos_mode(conn, smb_fname);
1659 /* ignore any oplock requests if oplocks are disabled */
1660 if (!lp_oplocks(SNUM(conn)) ||
1661 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
1662 /* Mask off everything except the private Samba bits. */
1663 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1666 /* this is for OS/2 long file names - say we don't support them */
1667 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
1668 /* OS/2 Workplace shell fix may be main code stream in a later
1670 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1672 if (use_nt_status()) {
1673 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1675 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1678 switch( create_disposition ) {
1680 * Currently we're using FILE_SUPERSEDE as the same as
1681 * FILE_OVERWRITE_IF but they really are
1682 * different. FILE_SUPERSEDE deletes an existing file
1683 * (requiring delete access) then recreates it.
1685 case FILE_SUPERSEDE:
1686 /* If file exists replace/overwrite. If file doesn't
1688 flags2 |= (O_CREAT | O_TRUNC);
1692 case FILE_OVERWRITE_IF:
1693 /* If file exists replace/overwrite. If file doesn't
1695 flags2 |= (O_CREAT | O_TRUNC);
1700 /* If file exists open. If file doesn't exist error. */
1701 if (!file_existed) {
1702 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1703 "requested for file %s and file "
1705 smb_fname_str_dbg(smb_fname)));
1707 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1711 case FILE_OVERWRITE:
1712 /* If file exists overwrite. If file doesn't exist
1714 if (!file_existed) {
1715 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1716 "requested for file %s and file "
1718 smb_fname_str_dbg(smb_fname) ));
1720 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1727 /* If file exists error. If file doesn't exist
1730 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1731 "requested for file %s and file "
1732 "already exists.\n",
1733 smb_fname_str_dbg(smb_fname)));
1734 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
1739 return map_nt_error_from_unix(errno);
1741 flags2 |= (O_CREAT|O_EXCL);
1745 /* If file exists open. If file doesn't exist
1751 return NT_STATUS_INVALID_PARAMETER;
1754 /* We only care about matching attributes on file exists and
1757 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1758 (create_disposition == FILE_OVERWRITE_IF))) {
1759 if (!open_match_attributes(conn, existing_dos_attributes,
1761 smb_fname->st.st_ex_mode,
1762 unx_mode, &new_unx_mode)) {
1763 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1764 "for file %s (%x %x) (0%o, 0%o)\n",
1765 smb_fname_str_dbg(smb_fname),
1766 existing_dos_attributes,
1768 (unsigned int)smb_fname->st.st_ex_mode,
1769 (unsigned int)unx_mode ));
1771 return NT_STATUS_ACCESS_DENIED;
1775 status = calculate_access_mask(conn, smb_fname, file_existed,
1778 if (!NT_STATUS_IS_OK(status)) {
1779 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1780 "on file %s returned %s\n",
1781 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
1785 open_access_mask = access_mask;
1787 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1788 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1791 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1792 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
1796 * Note that we ignore the append flag as append does not
1797 * mean the same thing under DOS and Unix.
1800 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1801 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1802 /* DENY_DOS opens are always underlying read-write on the
1803 file handle, no matter what the requested access mask
1805 if ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1806 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1816 * Currently we only look at FILE_WRITE_THROUGH for create options.
1820 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1825 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1829 if (!posix_open && !CAN_WRITE(conn)) {
1831 * We should really return a permission denied error if either
1832 * O_CREAT or O_TRUNC are set, but for compatibility with
1833 * older versions of Samba we just AND them out.
1835 flags2 &= ~(O_CREAT|O_TRUNC);
1839 * Ensure we can't write on a read-only share or file.
1842 if (flags != O_RDONLY && file_existed &&
1843 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1844 DEBUG(5,("open_file_ntcreate: write access requested for "
1845 "file %s on read only %s\n",
1846 smb_fname_str_dbg(smb_fname),
1847 !CAN_WRITE(conn) ? "share" : "file" ));
1849 return NT_STATUS_ACCESS_DENIED;
1852 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1853 fsp->share_access = share_access;
1854 fsp->fh->private_options = private_flags;
1855 fsp->access_mask = open_access_mask; /* We change this to the
1856 * requested access_mask after
1857 * the open is done. */
1858 fsp->posix_open = posix_open;
1860 /* Ensure no SAMBA_PRIVATE bits can be set. */
1861 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1863 if (timeval_is_zero(&request_time)) {
1864 request_time = fsp->open_time;
1868 struct share_mode_entry *batch_entry = NULL;
1869 struct share_mode_entry *exclusive_entry = NULL;
1870 bool got_level2_oplock = false;
1871 bool got_a_none_oplock = false;
1873 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
1874 id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1876 lck = get_share_mode_lock(talloc_tos(), id,
1878 smb_fname, &old_write_time);
1881 DEBUG(0, ("Could not get share mode lock\n"));
1882 return NT_STATUS_SHARING_VIOLATION;
1885 /* Get the types we need to examine. */
1886 find_oplock_types(lck,
1890 &got_a_none_oplock);
1892 /* First pass - send break only on batch oplocks. */
1893 if ((req != NULL) &&
1894 delay_for_batch_oplocks(fsp,
1898 schedule_defer_open(lck, request_time, req);
1900 return NT_STATUS_SHARING_VIOLATION;
1903 /* Use the client requested access mask here, not the one we
1905 status = open_mode_check(conn, lck, fsp->name_hash,
1906 access_mask, share_access,
1907 create_options, &file_existed);
1909 if (NT_STATUS_IS_OK(status)) {
1910 /* We might be going to allow this open. Check oplock
1912 /* Second pass - send break for both batch or
1913 * exclusive oplocks. */
1914 if ((req != NULL) &&
1915 delay_for_exclusive_oplocks(
1920 schedule_defer_open(lck, request_time, req);
1922 return NT_STATUS_SHARING_VIOLATION;
1926 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1927 /* DELETE_PENDING is not deferred for a second */
1932 grant_fsp_oplock_type(fsp,
1937 if (!NT_STATUS_IS_OK(status)) {
1938 uint32 can_access_mask;
1939 bool can_access = True;
1941 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1943 /* Check if this can be done with the deny_dos and fcb
1946 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1947 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1949 DEBUG(0, ("DOS open without an SMB "
1952 return NT_STATUS_INTERNAL_ERROR;
1955 /* Use the client requested access mask here,
1956 * not the one we open with. */
1957 status = fcb_or_dos_open(req,
1968 if (NT_STATUS_IS_OK(status)) {
1971 *pinfo = FILE_WAS_OPENED;
1973 return NT_STATUS_OK;
1978 * This next line is a subtlety we need for
1979 * MS-Access. If a file open will fail due to share
1980 * permissions and also for security (access) reasons,
1981 * we need to return the access failed error, not the
1982 * share error. We can't open the file due to kernel
1983 * oplock deadlock (it's possible we failed above on
1984 * the open_mode_check()) so use a userspace check.
1987 if (flags & O_RDWR) {
1988 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1989 } else if (flags & O_WRONLY) {
1990 can_access_mask = FILE_WRITE_DATA;
1992 can_access_mask = FILE_READ_DATA;
1995 if (((can_access_mask & FILE_WRITE_DATA) &&
1996 !CAN_WRITE(conn)) ||
1997 !can_access_file_data(conn, smb_fname,
2003 * If we're returning a share violation, ensure we
2004 * cope with the braindead 1 second delay.
2007 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
2008 lp_defer_sharing_violations()) {
2009 struct timeval timeout;
2010 struct deferred_open_record state;
2013 /* this is a hack to speed up torture tests
2015 timeout_usecs = lp_parm_int(SNUM(conn),
2016 "smbd","sharedelay",
2017 SHARING_VIOLATION_USEC_WAIT);
2019 /* This is a relative time, added to the absolute
2020 request_time value to get the absolute timeout time.
2021 Note that if this is the second or greater time we enter
2022 this codepath for this particular request mid then
2023 request_time is left as the absolute time of the *first*
2024 time this request mid was processed. This is what allows
2025 the request to eventually time out. */
2027 timeout = timeval_set(0, timeout_usecs);
2029 /* Nothing actually uses state.delayed_for_oplocks
2030 but it's handy to differentiate in debug messages
2031 between a 30 second delay due to oplock break, and
2032 a 1 second delay for share mode conflicts. */
2034 state.delayed_for_oplocks = False;
2038 && !request_timed_out(request_time,
2040 defer_open(lck, request_time, timeout,
2048 * We have detected a sharing violation here
2049 * so return the correct error code
2051 status = NT_STATUS_SHARING_VIOLATION;
2053 status = NT_STATUS_ACCESS_DENIED;
2059 * We exit this block with the share entry *locked*.....
2063 SMB_ASSERT(!file_existed || (lck != NULL));
2066 * Ensure we pay attention to default ACLs on directories if required.
2069 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
2070 (def_acl = directory_has_default_acl(conn, parent_dir))) {
2071 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
2074 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2075 "access_mask = 0x%x, open_access_mask = 0x%x\n",
2076 (unsigned int)flags, (unsigned int)flags2,
2077 (unsigned int)unx_mode, (unsigned int)access_mask,
2078 (unsigned int)open_access_mask));
2081 * open_file strips any O_TRUNC flags itself.
2084 fsp_open = open_file(fsp, conn, req, parent_dir,
2085 flags|flags2, unx_mode, access_mask,
2088 if (!NT_STATUS_IS_OK(fsp_open)) {
2095 if (!file_existed) {
2096 struct share_mode_entry *batch_entry = NULL;
2097 struct share_mode_entry *exclusive_entry = NULL;
2098 bool got_level2_oplock = false;
2099 bool got_a_none_oplock = false;
2100 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
2102 * Deal with the race condition where two smbd's detect the
2103 * file doesn't exist and do the create at the same time. One
2104 * of them will win and set a share mode, the other (ie. this
2105 * one) should check if the requested share mode for this
2106 * create is allowed.
2110 * Now the file exists and fsp is successfully opened,
2111 * fsp->dev and fsp->inode are valid and should replace the
2112 * dev=0,inode=0 from a non existent file. Spotted by
2113 * Nadav Danieli <nadavd@exanet.com>. JRA.
2118 lck = get_share_mode_lock(talloc_tos(), id,
2120 smb_fname, &old_write_time);
2123 DEBUG(0, ("open_file_ntcreate: Could not get share "
2124 "mode lock for %s\n",
2125 smb_fname_str_dbg(smb_fname)));
2127 return NT_STATUS_SHARING_VIOLATION;
2130 /* Get the types we need to examine. */
2131 find_oplock_types(lck,
2135 &got_a_none_oplock);
2137 /* First pass - send break only on batch oplocks. */
2138 if ((req != NULL) &&
2139 delay_for_batch_oplocks(fsp,
2143 schedule_defer_open(lck, request_time, req);
2146 return NT_STATUS_SHARING_VIOLATION;
2149 status = open_mode_check(conn, lck, fsp->name_hash,
2150 access_mask, share_access,
2151 create_options, &file_existed);
2153 if (NT_STATUS_IS_OK(status)) {
2154 /* We might be going to allow this open. Check oplock
2156 /* Second pass - send break for both batch or
2157 * exclusive oplocks. */
2158 if ((req != NULL) &&
2159 delay_for_exclusive_oplocks(
2164 schedule_defer_open(lck, request_time, req);
2167 return NT_STATUS_SHARING_VIOLATION;
2171 if (!NT_STATUS_IS_OK(status)) {
2172 struct deferred_open_record state;
2176 state.delayed_for_oplocks = False;
2179 /* Do it all over again immediately. In the second
2180 * round we will find that the file existed and handle
2181 * the DELETE_PENDING and FCB cases correctly. No need
2182 * to duplicate the code here. Essentially this is a
2183 * "goto top of this function", but don't tell
2187 defer_open(lck, request_time, timeval_zero(),
2194 grant_fsp_oplock_type(fsp,
2200 * We exit this block with the share entry *locked*.....
2205 SMB_ASSERT(lck != NULL);
2207 /* Delete streams if create_disposition requires it */
2208 if (file_existed && clear_ads &&
2209 !is_ntfs_stream_smb_fname(smb_fname)) {
2210 status = delete_all_streams(conn, smb_fname->base_name);
2211 if (!NT_STATUS_IS_OK(status)) {
2218 /* note that we ignore failure for the following. It is
2219 basically a hack for NFS, and NFS will never set one of
2220 these only read them. Nobody but Samba can ever set a deny
2221 mode and we have already checked our more authoritative
2222 locking database for permission to set this deny mode. If
2223 the kernel refuses the operations then the kernel is wrong.
2224 note that GPFS supports it as well - jmcd */
2226 if (fsp->fh->fd != -1) {
2228 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
2229 if(ret_flock == -1 ){
2234 return NT_STATUS_SHARING_VIOLATION;
2239 * At this point onwards, we can guarentee that the share entry
2240 * is locked, whether we created the file or not, and that the
2241 * deny mode is compatible with all current opens.
2245 * If requested, truncate the file.
2248 if (file_existed && (flags2&O_TRUNC)) {
2250 * We are modifing the file after open - update the stat
2253 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2254 (SMB_VFS_FSTAT(fsp, &smb_fname->st)==-1)) {
2255 status = map_nt_error_from_unix(errno);
2263 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2265 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2268 /* stat opens on existing files don't get oplocks. */
2269 if (is_stat_open(open_access_mask)) {
2270 fsp->oplock_type = NO_OPLOCK;
2273 if (!(flags2 & O_TRUNC)) {
2274 info = FILE_WAS_OPENED;
2276 info = FILE_WAS_OVERWRITTEN;
2279 info = FILE_WAS_CREATED;
2287 * Setup the oplock info in both the shared memory and
2291 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2293 * Could not get the kernel oplock or there are byte-range
2294 * locks on the file.
2296 fsp->oplock_type = NO_OPLOCK;
2299 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2300 new_file_created = True;
2303 set_share_mode(lck, fsp, get_current_uid(conn), 0,
2306 /* Handle strange delete on close create semantics. */
2307 if (create_options & FILE_DELETE_ON_CLOSE) {
2309 status = can_set_delete_on_close(fsp, new_dos_attributes);
2311 if (!NT_STATUS_IS_OK(status)) {
2312 /* Remember to delete the mode we just added. */
2313 del_share_mode(lck, fsp);
2318 /* Note that here we set the *inital* delete on close flag,
2319 not the regular one. The magic gets handled in close. */
2320 fsp->initial_delete_on_close = True;
2323 if (new_file_created) {
2324 /* Files should be initially set as archive */
2325 if (lp_map_archive(SNUM(conn)) ||
2326 lp_store_dos_attributes(SNUM(conn))) {
2328 if (file_set_dosmode(conn, smb_fname,
2329 new_dos_attributes | aARCH,
2330 parent_dir, true) == 0) {
2331 unx_mode = smb_fname->st.st_ex_mode;
2337 /* Determine sparse flag. */
2339 /* POSIX opens are sparse by default. */
2340 fsp->is_sparse = true;
2342 fsp->is_sparse = (file_existed &&
2343 (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE));
2347 * Take care of inherited ACLs on created files - if default ACL not
2351 if (!posix_open && !file_existed && !def_acl) {
2353 int saved_errno = errno; /* We might get ENOSYS in the next
2356 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2358 errno = saved_errno; /* Ignore ENOSYS */
2361 } else if (new_unx_mode) {
2365 /* Attributes need changing. File already existed. */
2368 int saved_errno = errno; /* We might get ENOSYS in the
2370 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2372 if (ret == -1 && errno == ENOSYS) {
2373 errno = saved_errno; /* Ignore ENOSYS */
2375 DEBUG(5, ("open_file_ntcreate: reset "
2376 "attributes of file %s to 0%o\n",
2377 smb_fname_str_dbg(smb_fname),
2378 (unsigned int)new_unx_mode));
2379 ret = 0; /* Don't do the fchmod below. */
2384 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2385 DEBUG(5, ("open_file_ntcreate: failed to reset "
2386 "attributes of file %s to 0%o\n",
2387 smb_fname_str_dbg(smb_fname),
2388 (unsigned int)new_unx_mode));
2391 /* If this is a successful open, we must remove any deferred open
2394 del_deferred_open_entry(lck, req->mid,
2395 sconn_server_id(req->sconn));
2399 return NT_STATUS_OK;
2403 /****************************************************************************
2404 Open a file for for write to ensure that we can fchmod it.
2405 ****************************************************************************/
2407 NTSTATUS open_file_fchmod(connection_struct *conn,
2408 struct smb_filename *smb_fname,
2409 files_struct **result)
2411 if (!VALID_STAT(smb_fname->st)) {
2412 return NT_STATUS_INVALID_PARAMETER;
2415 return SMB_VFS_CREATE_FILE(
2418 0, /* root_dir_fid */
2419 smb_fname, /* fname */
2420 FILE_WRITE_DATA, /* access_mask */
2421 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2423 FILE_OPEN, /* create_disposition*/
2424 0, /* create_options */
2425 0, /* file_attributes */
2426 INTERNAL_OPEN_ONLY, /* oplock_request */
2427 0, /* allocation_size */
2428 0, /* private_flags */
2431 result, /* result */
2435 static NTSTATUS mkdir_internal(connection_struct *conn,
2436 struct smb_filename *smb_dname,
2437 uint32 file_attributes)
2442 bool posix_open = false;
2444 if(!CAN_WRITE(conn)) {
2445 DEBUG(5,("mkdir_internal: failing create on read-only share "
2446 "%s\n", lp_servicename(SNUM(conn))));
2447 return NT_STATUS_ACCESS_DENIED;
2450 status = check_name(conn, smb_dname->base_name);
2451 if (!NT_STATUS_IS_OK(status)) {
2455 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2457 return NT_STATUS_NO_MEMORY;
2460 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2462 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2464 mode = unix_mode(conn, aDIR, smb_dname, parent_dir);
2467 if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2468 return map_nt_error_from_unix(errno);
2471 /* Ensure we're checking for a symlink here.... */
2472 /* We don't want to get caught by a symlink racer. */
2474 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2475 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2476 smb_fname_str_dbg(smb_dname), strerror(errno)));
2477 return map_nt_error_from_unix(errno);
2480 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2481 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2482 smb_fname_str_dbg(smb_dname)));
2483 return NT_STATUS_ACCESS_DENIED;
2486 if (lp_store_dos_attributes(SNUM(conn))) {
2488 file_set_dosmode(conn, smb_dname,
2489 file_attributes | aDIR,
2494 if (lp_inherit_perms(SNUM(conn))) {
2495 inherit_access_posix_acl(conn, parent_dir,
2496 smb_dname->base_name, mode);
2501 * Check if high bits should have been set,
2502 * then (if bits are missing): add them.
2503 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2506 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2507 (mode & ~smb_dname->st.st_ex_mode)) {
2508 SMB_VFS_CHMOD(conn, smb_dname->base_name,
2509 (smb_dname->st.st_ex_mode |
2510 (mode & ~smb_dname->st.st_ex_mode)));
2514 /* Change the owner if required. */
2515 if (lp_inherit_owner(SNUM(conn))) {
2516 change_dir_owner_to_parent(conn, parent_dir,
2517 smb_dname->base_name,
2521 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2522 smb_dname->base_name);
2524 return NT_STATUS_OK;
2527 /****************************************************************************
2528 Ensure we didn't get symlink raced on opening a directory.
2529 ****************************************************************************/
2531 static bool check_same_stat(const SMB_STRUCT_STAT *sbuf1,
2532 const SMB_STRUCT_STAT *sbuf2)
2534 if (sbuf1->st_ex_uid != sbuf2->st_ex_uid ||
2535 sbuf1->st_ex_gid != sbuf2->st_ex_gid ||
2536 sbuf1->st_ex_dev != sbuf2->st_ex_dev ||
2537 sbuf1->st_ex_ino != sbuf2->st_ex_ino) {
2543 /****************************************************************************
2544 Open a directory from an NT SMB call.
2545 ****************************************************************************/
2547 static NTSTATUS open_directory(connection_struct *conn,
2548 struct smb_request *req,
2549 struct smb_filename *smb_dname,
2551 uint32 share_access,
2552 uint32 create_disposition,
2553 uint32 create_options,
2554 uint32 file_attributes,
2556 files_struct **result)
2558 files_struct *fsp = NULL;
2559 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
2560 struct share_mode_lock *lck = NULL;
2562 struct timespec mtimespec;
2565 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
2567 /* Ensure we have a directory attribute. */
2568 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
2570 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2571 "share_access = 0x%x create_options = 0x%x, "
2572 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2573 smb_fname_str_dbg(smb_dname),
2574 (unsigned int)access_mask,
2575 (unsigned int)share_access,
2576 (unsigned int)create_options,
2577 (unsigned int)create_disposition,
2578 (unsigned int)file_attributes));
2580 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2581 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2582 is_ntfs_stream_smb_fname(smb_dname)) {
2583 DEBUG(2, ("open_directory: %s is a stream name!\n",
2584 smb_fname_str_dbg(smb_dname)));
2585 return NT_STATUS_NOT_A_DIRECTORY;
2588 status = calculate_access_mask(conn, smb_dname, dir_existed,
2589 access_mask, &access_mask);
2590 if (!NT_STATUS_IS_OK(status)) {
2591 DEBUG(10, ("open_directory: calculate_access_mask "
2592 "on file %s returned %s\n",
2593 smb_fname_str_dbg(smb_dname),
2594 nt_errstr(status)));
2598 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2599 !security_token_has_privilege(get_current_nttok(conn),
2600 SEC_PRIV_SECURITY)) {
2601 DEBUG(10, ("open_directory: open on %s "
2602 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2603 smb_fname_str_dbg(smb_dname)));
2604 return NT_STATUS_PRIVILEGE_NOT_HELD;
2607 switch( create_disposition ) {
2611 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2614 info = FILE_WAS_OPENED;
2619 /* If directory exists error. If directory doesn't
2622 status = mkdir_internal(conn, smb_dname,
2625 if (!NT_STATUS_IS_OK(status)) {
2626 DEBUG(2, ("open_directory: unable to create "
2627 "%s. Error was %s\n",
2628 smb_fname_str_dbg(smb_dname),
2629 nt_errstr(status)));
2633 info = FILE_WAS_CREATED;
2638 * If directory exists open. If directory doesn't
2642 status = mkdir_internal(conn, smb_dname,
2645 if (NT_STATUS_IS_OK(status)) {
2646 info = FILE_WAS_CREATED;
2649 if (NT_STATUS_EQUAL(status,
2650 NT_STATUS_OBJECT_NAME_COLLISION)) {
2651 info = FILE_WAS_OPENED;
2652 status = NT_STATUS_OK;
2657 case FILE_SUPERSEDE:
2658 case FILE_OVERWRITE:
2659 case FILE_OVERWRITE_IF:
2661 DEBUG(5,("open_directory: invalid create_disposition "
2662 "0x%x for directory %s\n",
2663 (unsigned int)create_disposition,
2664 smb_fname_str_dbg(smb_dname)));
2665 return NT_STATUS_INVALID_PARAMETER;
2668 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
2669 DEBUG(5,("open_directory: %s is not a directory !\n",
2670 smb_fname_str_dbg(smb_dname)));
2671 return NT_STATUS_NOT_A_DIRECTORY;
2674 if (info == FILE_WAS_OPENED) {
2675 uint32_t access_granted = 0;
2676 status = smbd_check_open_rights(conn, smb_dname, access_mask,
2679 /* Were we trying to do a directory open
2680 * for delete and didn't get DELETE
2681 * access (only) ? Check if the
2682 * directory allows DELETE_CHILD.
2684 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
2687 if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
2688 (access_mask & DELETE_ACCESS) &&
2689 (access_granted == DELETE_ACCESS) &&
2690 can_delete_file_in_directory(conn, smb_dname))) {
2691 DEBUG(10,("open_directory: overrode ACCESS_DENIED "
2692 "on directory %s\n",
2693 smb_fname_str_dbg(smb_dname)));
2694 status = NT_STATUS_OK;
2697 if (!NT_STATUS_IS_OK(status)) {
2698 DEBUG(10, ("open_directory: smbd_check_open_rights on "
2699 "file %s failed with %s\n",
2700 smb_fname_str_dbg(smb_dname),
2701 nt_errstr(status)));
2706 status = file_new(req, conn, &fsp);
2707 if(!NT_STATUS_IS_OK(status)) {
2712 * Setup the files_struct for it.
2715 fsp->mode = smb_dname->st.st_ex_mode;
2716 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
2717 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2718 fsp->file_pid = req ? req->smbpid : 0;
2719 fsp->can_lock = False;
2720 fsp->can_read = False;
2721 fsp->can_write = False;
2723 fsp->share_access = share_access;
2724 fsp->fh->private_options = 0;
2726 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2728 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2729 fsp->print_file = NULL;
2730 fsp->modified = False;
2731 fsp->oplock_type = NO_OPLOCK;
2732 fsp->sent_oplock_break = NO_BREAK_SENT;
2733 fsp->is_directory = True;
2734 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2735 status = fsp_set_smb_fname(fsp, smb_dname);
2736 if (!NT_STATUS_IS_OK(status)) {
2737 file_free(req, fsp);
2741 mtimespec = smb_dname->st.st_ex_mtime;
2744 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
2746 /* POSIX allows us to open a directory with O_RDONLY. */
2747 status = fd_open(conn, fsp, O_RDONLY, 0);
2749 if (!NT_STATUS_IS_OK(status)) {
2750 DEBUG(5, ("open_directory: Could not open fd for "
2752 smb_fname_str_dbg(smb_dname),
2753 nt_errstr(status)));
2754 file_free(req, fsp);
2758 status = vfs_stat_fsp(fsp);
2759 if (NT_STATUS_IS_OK(status)) {
2761 file_free(req, fsp);
2765 /* Ensure there was no race condition. */
2766 if (!check_same_stat(&smb_dname->st, &fsp->fsp_name->st)) {
2767 DEBUG(5,("open_directory: stat struct differs for "
2769 smb_fname_str_dbg(smb_dname)));
2771 file_free(req, fsp);
2772 return NT_STATUS_ACCESS_DENIED;
2775 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2776 conn->connectpath, smb_dname, &mtimespec);
2779 DEBUG(0, ("open_directory: Could not get share mode lock for "
2780 "%s\n", smb_fname_str_dbg(smb_dname)));
2782 file_free(req, fsp);
2783 return NT_STATUS_SHARING_VIOLATION;
2786 status = open_mode_check(conn, lck, fsp->name_hash,
2787 access_mask, share_access,
2788 create_options, &dir_existed);
2790 if (!NT_STATUS_IS_OK(status)) {
2793 file_free(req, fsp);
2797 set_share_mode(lck, fsp, get_current_uid(conn), 0, NO_OPLOCK);
2799 /* For directories the delete on close bit at open time seems
2800 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2801 if (create_options & FILE_DELETE_ON_CLOSE) {
2802 status = can_set_delete_on_close(fsp, 0);
2803 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2806 file_free(req, fsp);
2810 if (NT_STATUS_IS_OK(status)) {
2811 /* Note that here we set the *inital* delete on close flag,
2812 not the regular one. The magic gets handled in close. */
2813 fsp->initial_delete_on_close = True;
2824 return NT_STATUS_OK;
2827 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
2828 struct smb_filename *smb_dname)
2833 status = SMB_VFS_CREATE_FILE(
2836 0, /* root_dir_fid */
2837 smb_dname, /* fname */
2838 FILE_READ_ATTRIBUTES, /* access_mask */
2839 FILE_SHARE_NONE, /* share_access */
2840 FILE_CREATE, /* create_disposition*/
2841 FILE_DIRECTORY_FILE, /* create_options */
2842 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
2843 0, /* oplock_request */
2844 0, /* allocation_size */
2845 0, /* private_flags */
2851 if (NT_STATUS_IS_OK(status)) {
2852 close_file(req, fsp, NORMAL_CLOSE);
2858 /****************************************************************************
2859 Receive notification that one of our open files has been renamed by another
2861 ****************************************************************************/
2863 void msg_file_was_renamed(struct messaging_context *msg,
2866 struct server_id server_id,
2869 struct smbd_server_connection *sconn;
2871 char *frm = (char *)data->data;
2873 const char *sharepath;
2874 const char *base_name;
2875 const char *stream_name;
2876 struct smb_filename *smb_fname = NULL;
2877 size_t sp_len, bn_len;
2880 sconn = msg_ctx_to_sconn(msg);
2881 if (sconn == NULL) {
2882 DEBUG(1, ("could not find sconn\n"));
2886 if (data->data == NULL
2887 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2888 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2889 (int)data->length));
2893 /* Unpack the message. */
2894 pull_file_id_24(frm, &id);
2895 sharepath = &frm[24];
2896 sp_len = strlen(sharepath);
2897 base_name = sharepath + sp_len + 1;
2898 bn_len = strlen(base_name);
2899 stream_name = sharepath + sp_len + 1 + bn_len + 1;
2901 /* stream_name must always be NULL if there is no stream. */
2902 if (stream_name[0] == '\0') {
2906 status = create_synthetic_smb_fname(talloc_tos(), base_name,
2907 stream_name, NULL, &smb_fname);
2908 if (!NT_STATUS_IS_OK(status)) {
2912 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2914 sharepath, smb_fname_str_dbg(smb_fname),
2915 file_id_string_tos(&id)));
2917 for(fsp = file_find_di_first(sconn, id); fsp;
2918 fsp = file_find_di_next(fsp)) {
2919 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2921 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2922 fsp->fnum, fsp_str_dbg(fsp),
2923 smb_fname_str_dbg(smb_fname)));
2924 status = fsp_set_smb_fname(fsp, smb_fname);
2925 if (!NT_STATUS_IS_OK(status)) {
2930 /* Now we have the complete path we can work out if this is
2931 actually within this share and adjust newname accordingly. */
2932 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2933 "not sharepath %s) "
2934 "fnum %d from %s -> %s\n",
2935 fsp->conn->connectpath,
2939 smb_fname_str_dbg(smb_fname)));
2943 TALLOC_FREE(smb_fname);
2948 * If a main file is opened for delete, all streams need to be checked for
2949 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2950 * If that works, delete them all by setting the delete on close and close.
2953 NTSTATUS open_streams_for_delete(connection_struct *conn,
2956 struct stream_struct *stream_info;
2957 files_struct **streams;
2959 unsigned int num_streams;
2960 TALLOC_CTX *frame = talloc_stackframe();
2963 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2964 &num_streams, &stream_info);
2966 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2967 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2968 DEBUG(10, ("no streams around\n"));
2970 return NT_STATUS_OK;
2973 if (!NT_STATUS_IS_OK(status)) {
2974 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2975 nt_errstr(status)));
2979 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2982 if (num_streams == 0) {
2984 return NT_STATUS_OK;
2987 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2988 if (streams == NULL) {
2989 DEBUG(0, ("talloc failed\n"));
2990 status = NT_STATUS_NO_MEMORY;
2994 for (i=0; i<num_streams; i++) {
2995 struct smb_filename *smb_fname = NULL;
2997 if (strequal(stream_info[i].name, "::$DATA")) {
3002 status = create_synthetic_smb_fname(talloc_tos(), fname,
3003 stream_info[i].name,
3005 if (!NT_STATUS_IS_OK(status)) {
3009 if (SMB_VFS_STAT(conn, smb_fname) == -1) {
3010 DEBUG(10, ("Unable to stat stream: %s\n",
3011 smb_fname_str_dbg(smb_fname)));
3014 status = SMB_VFS_CREATE_FILE(
3017 0, /* root_dir_fid */
3018 smb_fname, /* fname */
3019 DELETE_ACCESS, /* access_mask */
3020 (FILE_SHARE_READ | /* share_access */
3021 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
3022 FILE_OPEN, /* create_disposition*/
3023 0, /* create_options */
3024 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
3025 0, /* oplock_request */
3026 0, /* allocation_size */
3027 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
3030 &streams[i], /* result */
3033 if (!NT_STATUS_IS_OK(status)) {
3034 DEBUG(10, ("Could not open stream %s: %s\n",
3035 smb_fname_str_dbg(smb_fname),
3036 nt_errstr(status)));
3038 TALLOC_FREE(smb_fname);
3041 TALLOC_FREE(smb_fname);
3045 * don't touch the variable "status" beyond this point :-)
3048 for (i -= 1 ; i >= 0; i--) {
3049 if (streams[i] == NULL) {
3053 DEBUG(10, ("Closing stream # %d, %s\n", i,
3054 fsp_str_dbg(streams[i])));
3055 close_file(NULL, streams[i], NORMAL_CLOSE);
3064 * Wrapper around open_file_ntcreate and open_directory
3067 static NTSTATUS create_file_unixpath(connection_struct *conn,
3068 struct smb_request *req,
3069 struct smb_filename *smb_fname,
3070 uint32_t access_mask,
3071 uint32_t share_access,
3072 uint32_t create_disposition,
3073 uint32_t create_options,
3074 uint32_t file_attributes,
3075 uint32_t oplock_request,
3076 uint64_t allocation_size,
3077 uint32_t private_flags,
3078 struct security_descriptor *sd,
3079 struct ea_list *ea_list,
3081 files_struct **result,
3084 int info = FILE_WAS_OPENED;
3085 files_struct *base_fsp = NULL;
3086 files_struct *fsp = NULL;
3089 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
3090 "file_attributes = 0x%x, share_access = 0x%x, "
3091 "create_disposition = 0x%x create_options = 0x%x "
3092 "oplock_request = 0x%x private_flags = 0x%x "
3093 "ea_list = 0x%p, sd = 0x%p, "
3095 (unsigned int)access_mask,
3096 (unsigned int)file_attributes,
3097 (unsigned int)share_access,
3098 (unsigned int)create_disposition,
3099 (unsigned int)create_options,
3100 (unsigned int)oplock_request,
3101 (unsigned int)private_flags,
3102 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3104 if (create_options & FILE_OPEN_BY_FILE_ID) {
3105 status = NT_STATUS_NOT_SUPPORTED;
3109 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
3110 status = NT_STATUS_INVALID_PARAMETER;
3115 oplock_request |= INTERNAL_OPEN_ONLY;
3118 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3119 && (access_mask & DELETE_ACCESS)
3120 && !is_ntfs_stream_smb_fname(smb_fname)) {
3122 * We can't open a file with DELETE access if any of the
3123 * streams is open without FILE_SHARE_DELETE
3125 status = open_streams_for_delete(conn, smb_fname->base_name);
3127 if (!NT_STATUS_IS_OK(status)) {
3132 /* This is the correct thing to do (check every time) but can_delete
3133 * is expensive (it may have to read the parent directory
3134 * permissions). So for now we're not doing it unless we have a strong
3135 * hint the client is really going to delete this file. If the client
3136 * is forcing FILE_CREATE let the filesystem take care of the
3139 /* Setting FILE_SHARE_DELETE is the hint. */
3141 if (lp_acl_check_permissions(SNUM(conn))
3142 && (create_disposition != FILE_CREATE)
3143 && (share_access & FILE_SHARE_DELETE)
3144 && (access_mask & DELETE_ACCESS)
3145 && (!(can_delete_file_in_directory(conn, smb_fname) ||
3146 can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {
3147 status = NT_STATUS_ACCESS_DENIED;
3148 DEBUG(10,("create_file_unixpath: open file %s "
3149 "for delete ACCESS_DENIED\n",
3150 smb_fname_str_dbg(smb_fname)));
3154 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
3155 !security_token_has_privilege(get_current_nttok(conn),
3156 SEC_PRIV_SECURITY)) {
3157 DEBUG(10, ("create_file_unixpath: open on %s "
3158 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3159 smb_fname_str_dbg(smb_fname)));
3160 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3164 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3165 && is_ntfs_stream_smb_fname(smb_fname)
3166 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
3167 uint32 base_create_disposition;
3168 struct smb_filename *smb_fname_base = NULL;
3170 if (create_options & FILE_DIRECTORY_FILE) {
3171 status = NT_STATUS_NOT_A_DIRECTORY;
3175 switch (create_disposition) {
3177 base_create_disposition = FILE_OPEN;
3180 base_create_disposition = FILE_OPEN_IF;
3184 /* Create an smb_filename with stream_name == NULL. */
3185 status = create_synthetic_smb_fname(talloc_tos(),
3186 smb_fname->base_name,
3189 if (!NT_STATUS_IS_OK(status)) {
3193 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
3194 DEBUG(10, ("Unable to stat stream: %s\n",
3195 smb_fname_str_dbg(smb_fname_base)));
3198 /* Open the base file. */
3199 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
3202 | FILE_SHARE_DELETE,
3203 base_create_disposition,
3204 0, 0, 0, 0, 0, NULL, NULL,
3206 TALLOC_FREE(smb_fname_base);
3208 if (!NT_STATUS_IS_OK(status)) {
3209 DEBUG(10, ("create_file_unixpath for base %s failed: "
3210 "%s\n", smb_fname->base_name,
3211 nt_errstr(status)));
3214 /* we don't need to low level fd */
3219 * If it's a request for a directory open, deal with it separately.
3222 if (create_options & FILE_DIRECTORY_FILE) {
3224 if (create_options & FILE_NON_DIRECTORY_FILE) {
3225 status = NT_STATUS_INVALID_PARAMETER;
3229 /* Can't open a temp directory. IFS kit test. */
3230 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
3231 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
3232 status = NT_STATUS_INVALID_PARAMETER;
3237 * We will get a create directory here if the Win32
3238 * app specified a security descriptor in the
3239 * CreateDirectory() call.
3243 status = open_directory(
3244 conn, req, smb_fname, access_mask, share_access,
3245 create_disposition, create_options, file_attributes,
3250 * Ordinary file case.
3253 status = file_new(req, conn, &fsp);
3254 if(!NT_STATUS_IS_OK(status)) {
3258 status = fsp_set_smb_fname(fsp, smb_fname);
3259 if (!NT_STATUS_IS_OK(status)) {
3264 * We're opening the stream element of a base_fsp
3265 * we already opened. Set up the base_fsp pointer.
3268 fsp->base_fsp = base_fsp;
3271 status = open_file_ntcreate(conn,
3283 if(!NT_STATUS_IS_OK(status)) {
3284 file_free(req, fsp);
3288 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3290 /* A stream open never opens a directory */
3293 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3298 * Fail the open if it was explicitly a non-directory
3302 if (create_options & FILE_NON_DIRECTORY_FILE) {
3303 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3308 status = open_directory(
3309 conn, req, smb_fname, access_mask,
3310 share_access, create_disposition,
3311 create_options, file_attributes,
3316 if (!NT_STATUS_IS_OK(status)) {
3320 fsp->base_fsp = base_fsp;
3323 * According to the MS documentation, the only time the security
3324 * descriptor is applied to the opened file is iff we *created* the
3325 * file; an existing file stays the same.
3327 * Also, it seems (from observation) that you can open the file with
3328 * any access mask but you can still write the sd. We need to override
3329 * the granted access before we call set_sd
3330 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3333 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3334 && lp_nt_acl_support(SNUM(conn))) {
3336 uint32_t sec_info_sent;
3337 uint32_t saved_access_mask = fsp->access_mask;
3339 sec_info_sent = get_sec_info(sd);
3341 fsp->access_mask = FILE_GENERIC_ALL;
3343 /* Convert all the generic bits. */
3344 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3345 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3347 if (sec_info_sent & (SECINFO_OWNER|
3351 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3354 fsp->access_mask = saved_access_mask;
3356 if (!NT_STATUS_IS_OK(status)) {
3361 if ((ea_list != NULL) &&
3362 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
3363 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
3364 if (!NT_STATUS_IS_OK(status)) {
3369 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
3370 status = NT_STATUS_ACCESS_DENIED;
3374 /* Save the requested allocation size. */
3375 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3377 && (allocation_size > fsp->fsp_name->st.st_ex_size)) {
3378 fsp->initial_allocation_size = smb_roundup(
3379 fsp->conn, allocation_size);
3380 if (fsp->is_directory) {
3381 /* Can't set allocation size on a directory. */
3382 status = NT_STATUS_ACCESS_DENIED;
3385 if (vfs_allocate_file_space(
3386 fsp, fsp->initial_allocation_size) == -1) {
3387 status = NT_STATUS_DISK_FULL;
3391 fsp->initial_allocation_size = smb_roundup(
3392 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
3396 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3399 if (pinfo != NULL) {
3403 smb_fname->st = fsp->fsp_name->st;
3405 return NT_STATUS_OK;
3408 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3411 if (base_fsp && fsp->base_fsp == base_fsp) {
3413 * The close_file below will close
3418 close_file(req, fsp, ERROR_CLOSE);
3421 if (base_fsp != NULL) {
3422 close_file(req, base_fsp, ERROR_CLOSE);
3429 * Calculate the full path name given a relative fid.
3431 NTSTATUS get_relative_fid_filename(connection_struct *conn,
3432 struct smb_request *req,
3433 uint16_t root_dir_fid,
3434 struct smb_filename *smb_fname)
3436 files_struct *dir_fsp;
3437 char *parent_fname = NULL;
3438 char *new_base_name = NULL;
3441 if (root_dir_fid == 0 || !smb_fname) {
3442 status = NT_STATUS_INTERNAL_ERROR;
3446 dir_fsp = file_fsp(req, root_dir_fid);
3448 if (dir_fsp == NULL) {
3449 status = NT_STATUS_INVALID_HANDLE;
3453 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
3454 status = NT_STATUS_INVALID_HANDLE;
3458 if (!dir_fsp->is_directory) {
3461 * Check to see if this is a mac fork of some kind.
3464 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3465 is_ntfs_stream_smb_fname(smb_fname)) {
3466 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3471 we need to handle the case when we get a
3472 relative open relative to a file and the
3473 pathname is blank - this is a reopen!
3474 (hint from demyn plantenberg)
3477 status = NT_STATUS_INVALID_HANDLE;
3481 if (ISDOT(dir_fsp->fsp_name->base_name)) {
3483 * We're at the toplevel dir, the final file name
3484 * must not contain ./, as this is filtered out
3485 * normally by srvstr_get_path and unix_convert
3486 * explicitly rejects paths containing ./.
3488 parent_fname = talloc_strdup(talloc_tos(), "");
3489 if (parent_fname == NULL) {
3490 status = NT_STATUS_NO_MEMORY;
3494 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
3497 * Copy in the base directory name.
3500 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3502 if (parent_fname == NULL) {
3503 status = NT_STATUS_NO_MEMORY;
3506 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
3510 * Ensure it ends in a '/'.
3511 * We used TALLOC_SIZE +2 to add space for the '/'.
3515 && (parent_fname[dir_name_len-1] != '\\')
3516 && (parent_fname[dir_name_len-1] != '/')) {
3517 parent_fname[dir_name_len] = '/';
3518 parent_fname[dir_name_len+1] = '\0';
3522 new_base_name = talloc_asprintf(smb_fname, "%s%s", parent_fname,
3523 smb_fname->base_name);
3524 if (new_base_name == NULL) {
3525 status = NT_STATUS_NO_MEMORY;
3529 TALLOC_FREE(smb_fname->base_name);
3530 smb_fname->base_name = new_base_name;
3531 status = NT_STATUS_OK;
3534 TALLOC_FREE(parent_fname);
3538 NTSTATUS create_file_default(connection_struct *conn,
3539 struct smb_request *req,
3540 uint16_t root_dir_fid,
3541 struct smb_filename *smb_fname,
3542 uint32_t access_mask,
3543 uint32_t share_access,
3544 uint32_t create_disposition,
3545 uint32_t create_options,
3546 uint32_t file_attributes,
3547 uint32_t oplock_request,
3548 uint64_t allocation_size,
3549 uint32_t private_flags,
3550 struct security_descriptor *sd,
3551 struct ea_list *ea_list,
3552 files_struct **result,
3555 int info = FILE_WAS_OPENED;
3556 files_struct *fsp = NULL;
3558 bool stream_name = false;
3560 DEBUG(10,("create_file: access_mask = 0x%x "
3561 "file_attributes = 0x%x, share_access = 0x%x, "
3562 "create_disposition = 0x%x create_options = 0x%x "
3563 "oplock_request = 0x%x "
3564 "private_flags = 0x%x "
3565 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3567 (unsigned int)access_mask,
3568 (unsigned int)file_attributes,
3569 (unsigned int)share_access,
3570 (unsigned int)create_disposition,
3571 (unsigned int)create_options,
3572 (unsigned int)oplock_request,
3573 (unsigned int)private_flags,
3574 (unsigned int)root_dir_fid,
3575 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3578 * Calculate the filename from the root_dir_if if necessary.
3581 if (root_dir_fid != 0) {
3582 status = get_relative_fid_filename(conn, req, root_dir_fid,
3584 if (!NT_STATUS_IS_OK(status)) {
3590 * Check to see if this is a mac fork of some kind.
3593 stream_name = is_ntfs_stream_smb_fname(smb_fname);
3595 enum FAKE_FILE_TYPE fake_file_type;
3597 fake_file_type = is_fake_file(smb_fname);
3599 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3602 * Here we go! support for changing the disk quotas
3605 * We need to fake up to open this MAGIC QUOTA file
3606 * and return a valid FID.
3608 * w2k close this file directly after openening xp
3609 * also tries a QUERY_FILE_INFO on the file and then
3612 status = open_fake_file(req, conn, req->vuid,
3613 fake_file_type, smb_fname,
3615 if (!NT_STATUS_IS_OK(status)) {
3619 ZERO_STRUCT(smb_fname->st);
3623 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3624 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3629 /* All file access must go through check_name() */
3631 status = check_name(conn, smb_fname->base_name);
3632 if (!NT_STATUS_IS_OK(status)) {
3636 if (stream_name && is_ntfs_default_stream_smb_fname(smb_fname)) {
3638 smb_fname->stream_name = NULL;
3639 /* We have to handle this error here. */
3640 if (create_options & FILE_DIRECTORY_FILE) {
3641 status = NT_STATUS_NOT_A_DIRECTORY;
3644 if (lp_posix_pathnames()) {
3645 ret = SMB_VFS_LSTAT(conn, smb_fname);
3647 ret = SMB_VFS_STAT(conn, smb_fname);
3650 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) {
3651 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3656 status = create_file_unixpath(
3657 conn, req, smb_fname, access_mask, share_access,
3658 create_disposition, create_options, file_attributes,
3659 oplock_request, allocation_size, private_flags,
3663 if (!NT_STATUS_IS_OK(status)) {
3668 DEBUG(10, ("create_file: info=%d\n", info));
3671 if (pinfo != NULL) {
3674 return NT_STATUS_OK;
3677 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3680 close_file(req, fsp, ERROR_CLOSE);
git.samba.org / kai / samba.git / blob