2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/filesys.h"
25 #include "smbd/smbd.h"
26 #include "smbd/globals.h"
27 #include "fake_file.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_security.h"
30 #include "../librpc/gen_ndr/open_files.h"
34 extern const struct generic_mapping file_generic_mapping;
36 struct deferred_open_record {
37 bool delayed_for_oplocks;
41 /****************************************************************************
42 If the requester wanted DELETE_ACCESS and was rejected because
43 the file ACL didn't include DELETE_ACCESS, see if the parent ACL
45 ****************************************************************************/
47 static bool parent_override_delete(connection_struct *conn,
48 const struct smb_filename *smb_fname,
50 uint32_t rejected_mask)
52 if ((access_mask & DELETE_ACCESS) &&
53 (rejected_mask & DELETE_ACCESS) &&
54 can_delete_file_in_directory(conn, smb_fname)) {
60 /****************************************************************************
61 Check if we have open rights.
62 ****************************************************************************/
64 NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
65 const struct smb_filename *smb_fname,
68 /* Check if we have rights to open. */
70 struct security_descriptor *sd = NULL;
71 uint32_t rejected_share_access;
72 uint32_t rejected_mask = access_mask;
74 rejected_share_access = access_mask & ~(conn->share_access);
76 if (rejected_share_access) {
77 DEBUG(10, ("smbd_check_access_rights: rejected share access 0x%x "
79 (unsigned int)access_mask,
80 smb_fname_str_dbg(smb_fname),
81 (unsigned int)rejected_share_access ));
82 return NT_STATUS_ACCESS_DENIED;
85 if (get_current_uid(conn) == (uid_t)0) {
86 /* I'm sorry sir, I didn't know you were root... */
87 DEBUG(10,("smbd_check_access_rights: root override "
88 "on %s. Granting 0x%x\n",
89 smb_fname_str_dbg(smb_fname),
90 (unsigned int)access_mask ));
94 if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
95 DEBUG(10,("smbd_check_access_rights: not checking ACL "
96 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
97 smb_fname_str_dbg(smb_fname),
98 (unsigned int)access_mask ));
102 if (access_mask == DELETE_ACCESS &&
103 VALID_STAT(smb_fname->st) &&
104 S_ISLNK(smb_fname->st.st_ex_mode)) {
105 /* We can always delete a symlink. */
106 DEBUG(10,("smbd_check_access_rights: not checking ACL "
107 "on DELETE_ACCESS on symlink %s.\n",
108 smb_fname_str_dbg(smb_fname) ));
112 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
117 if (!NT_STATUS_IS_OK(status)) {
118 DEBUG(10, ("smbd_check_access_rights: Could not get acl "
120 smb_fname_str_dbg(smb_fname),
123 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
131 * Never test FILE_READ_ATTRIBUTES. se_access_check() also takes care of
132 * owner WRITE_DAC and READ_CONTROL.
134 status = se_access_check(sd,
135 get_current_nttok(conn),
136 (access_mask & ~FILE_READ_ATTRIBUTES),
139 DEBUG(10,("smbd_check_access_rights: file %s requesting "
140 "0x%x returning 0x%x (%s)\n",
141 smb_fname_str_dbg(smb_fname),
142 (unsigned int)access_mask,
143 (unsigned int)rejected_mask,
144 nt_errstr(status) ));
146 if (!NT_STATUS_IS_OK(status)) {
147 if (DEBUGLEVEL >= 10) {
148 DEBUG(10,("smbd_check_access_rights: acl for %s is:\n",
149 smb_fname_str_dbg(smb_fname) ));
150 NDR_PRINT_DEBUG(security_descriptor, sd);
156 if (NT_STATUS_IS_OK(status) ||
157 !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
161 /* Here we know status == NT_STATUS_ACCESS_DENIED. */
165 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
166 (rejected_mask & FILE_WRITE_ATTRIBUTES) &&
167 !lp_store_dos_attributes(SNUM(conn)) &&
168 (lp_map_readonly(SNUM(conn)) ||
169 lp_map_archive(SNUM(conn)) ||
170 lp_map_hidden(SNUM(conn)) ||
171 lp_map_system(SNUM(conn)))) {
172 rejected_mask &= ~FILE_WRITE_ATTRIBUTES;
174 DEBUG(10,("smbd_check_access_rights: "
176 "FILE_WRITE_ATTRIBUTES "
178 smb_fname_str_dbg(smb_fname)));
181 if (parent_override_delete(conn,
185 /* Were we trying to do an open
186 * for delete and didn't get DELETE
187 * access (only) ? Check if the
188 * directory allows DELETE_CHILD.
190 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
193 rejected_mask &= ~DELETE_ACCESS;
195 DEBUG(10,("smbd_check_access_rights: "
199 smb_fname_str_dbg(smb_fname)));
202 if (rejected_mask != 0) {
203 return NT_STATUS_ACCESS_DENIED;
208 static NTSTATUS check_parent_access(struct connection_struct *conn,
209 struct smb_filename *smb_fname,
210 uint32_t access_mask)
213 char *parent_dir = NULL;
214 struct security_descriptor *parent_sd = NULL;
215 uint32_t access_granted = 0;
217 if (!parent_dirname(talloc_tos(),
218 smb_fname->base_name,
221 return NT_STATUS_NO_MEMORY;
224 if (get_current_uid(conn) == (uid_t)0) {
225 /* I'm sorry sir, I didn't know you were root... */
226 DEBUG(10,("check_parent_access: root override "
227 "on %s. Granting 0x%x\n",
228 smb_fname_str_dbg(smb_fname),
229 (unsigned int)access_mask ));
233 status = SMB_VFS_GET_NT_ACL(conn,
238 if (!NT_STATUS_IS_OK(status)) {
239 DEBUG(5,("check_parent_access: SMB_VFS_GET_NT_ACL failed for "
240 "%s with error %s\n",
247 * Never test FILE_READ_ATTRIBUTES. se_access_check() also takes care of
248 * owner WRITE_DAC and READ_CONTROL.
250 status = se_access_check(parent_sd,
251 get_current_nttok(conn),
252 (access_mask & ~FILE_READ_ATTRIBUTES),
254 if(!NT_STATUS_IS_OK(status)) {
255 DEBUG(5,("check_parent_access: access check "
256 "on directory %s for "
257 "path %s for mask 0x%x returned (0x%x) %s\n",
259 smb_fname->base_name,
262 nt_errstr(status) ));
269 /****************************************************************************
270 fd support routines - attempt to do a dos_open.
271 ****************************************************************************/
273 static NTSTATUS fd_open(struct connection_struct *conn,
278 struct smb_filename *smb_fname = fsp->fsp_name;
279 NTSTATUS status = NT_STATUS_OK;
283 * Never follow symlinks on a POSIX client. The
284 * client should be doing this.
287 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
292 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
293 if (fsp->fh->fd == -1) {
294 status = map_nt_error_from_unix(errno);
295 if (errno == EMFILE) {
296 static time_t last_warned = 0L;
298 if (time((time_t *) NULL) > last_warned) {
299 DEBUG(0,("Too many open files, unable "
300 "to open more! smbd's max "
302 lp_max_open_files()));
303 last_warned = time((time_t *) NULL);
309 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
310 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
311 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
316 /****************************************************************************
317 Close the file associated with a fsp.
318 ****************************************************************************/
320 NTSTATUS fd_close(files_struct *fsp)
327 if (fsp->fh->fd == -1) {
328 return NT_STATUS_OK; /* What we used to call a stat open. */
330 if (fsp->fh->ref_count > 1) {
331 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
334 ret = SMB_VFS_CLOSE(fsp);
337 return map_nt_error_from_unix(errno);
342 /****************************************************************************
343 Change the ownership of a file to that of the parent directory.
344 Do this by fd if possible.
345 ****************************************************************************/
347 void change_file_owner_to_parent(connection_struct *conn,
348 const char *inherit_from_dir,
351 struct smb_filename *smb_fname_parent = NULL;
355 status = create_synthetic_smb_fname(talloc_tos(), inherit_from_dir,
356 NULL, NULL, &smb_fname_parent);
357 if (!NT_STATUS_IS_OK(status)) {
361 ret = SMB_VFS_STAT(conn, smb_fname_parent);
363 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
364 "directory %s. Error was %s\n",
365 smb_fname_str_dbg(smb_fname_parent),
367 TALLOC_FREE(smb_fname_parent);
371 if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
372 /* Already this uid - no need to change. */
373 DEBUG(10,("change_file_owner_to_parent: file %s "
374 "is already owned by uid %d\n",
376 (int)fsp->fsp_name->st.st_ex_uid ));
377 TALLOC_FREE(smb_fname_parent);
382 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
385 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
386 "file %s to parent directory uid %u. Error "
387 "was %s\n", fsp_str_dbg(fsp),
388 (unsigned int)smb_fname_parent->st.st_ex_uid,
391 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
392 "parent directory uid %u.\n", fsp_str_dbg(fsp),
393 (unsigned int)smb_fname_parent->st.st_ex_uid));
394 /* Ensure the uid entry is updated. */
395 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
398 TALLOC_FREE(smb_fname_parent);
401 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
402 const char *inherit_from_dir,
404 SMB_STRUCT_STAT *psbuf)
406 struct smb_filename *smb_fname_parent = NULL;
407 struct smb_filename *smb_fname_cwd = NULL;
408 char *saved_dir = NULL;
409 TALLOC_CTX *ctx = talloc_tos();
410 NTSTATUS status = NT_STATUS_OK;
413 status = create_synthetic_smb_fname(ctx, inherit_from_dir, NULL, NULL,
415 if (!NT_STATUS_IS_OK(status)) {
419 ret = SMB_VFS_STAT(conn, smb_fname_parent);
421 status = map_nt_error_from_unix(errno);
422 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
423 "directory %s. Error was %s\n",
424 smb_fname_str_dbg(smb_fname_parent),
429 /* We've already done an lstat into psbuf, and we know it's a
430 directory. If we can cd into the directory and the dev/ino
431 are the same then we can safely chown without races as
432 we're locking the directory in place by being in it. This
433 should work on any UNIX (thanks tridge :-). JRA.
436 saved_dir = vfs_GetWd(ctx,conn);
438 status = map_nt_error_from_unix(errno);
439 DEBUG(0,("change_dir_owner_to_parent: failed to get "
440 "current working directory. Error was %s\n",
445 /* Chdir into the new path. */
446 if (vfs_ChDir(conn, fname) == -1) {
447 status = map_nt_error_from_unix(errno);
448 DEBUG(0,("change_dir_owner_to_parent: failed to change "
449 "current working directory to %s. Error "
450 "was %s\n", fname, strerror(errno) ));
454 status = create_synthetic_smb_fname(ctx, ".", NULL, NULL,
456 if (!NT_STATUS_IS_OK(status)) {
460 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
462 status = map_nt_error_from_unix(errno);
463 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
464 "directory '.' (%s) Error was %s\n",
465 fname, strerror(errno)));
469 /* Ensure we're pointing at the same place. */
470 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
471 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
472 DEBUG(0,("change_dir_owner_to_parent: "
473 "device/inode on directory %s changed. "
474 "Refusing to chown !\n", fname ));
475 status = NT_STATUS_ACCESS_DENIED;
479 if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
480 /* Already this uid - no need to change. */
481 DEBUG(10,("change_dir_owner_to_parent: directory %s "
482 "is already owned by uid %d\n",
484 (int)smb_fname_cwd->st.st_ex_uid ));
485 status = NT_STATUS_OK;
490 ret = SMB_VFS_LCHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
494 status = map_nt_error_from_unix(errno);
495 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
496 "directory %s to parent directory uid %u. "
497 "Error was %s\n", fname,
498 (unsigned int)smb_fname_parent->st.st_ex_uid,
501 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
502 "directory %s to parent directory uid %u.\n",
503 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
504 /* Ensure the uid entry is updated. */
505 psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid;
509 vfs_ChDir(conn,saved_dir);
511 TALLOC_FREE(smb_fname_parent);
512 TALLOC_FREE(smb_fname_cwd);
516 /****************************************************************************
518 ****************************************************************************/
520 static NTSTATUS open_file(files_struct *fsp,
521 connection_struct *conn,
522 struct smb_request *req,
523 const char *parent_dir,
526 uint32 access_mask, /* client requested access mask. */
527 uint32 open_access_mask) /* what we're actually using in the open. */
529 struct smb_filename *smb_fname = fsp->fsp_name;
530 NTSTATUS status = NT_STATUS_OK;
531 int accmode = (flags & O_ACCMODE);
532 int local_flags = flags;
533 bool file_existed = VALID_STAT(fsp->fsp_name->st);
534 bool file_created = false;
539 /* Check permissions */
542 * This code was changed after seeing a client open request
543 * containing the open mode of (DENY_WRITE/read-only) with
544 * the 'create if not exist' bit set. The previous code
545 * would fail to open the file read only on a read-only share
546 * as it was checking the flags parameter directly against O_RDONLY,
547 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
551 if (!CAN_WRITE(conn)) {
552 /* It's a read-only share - fail if we wanted to write. */
553 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
554 DEBUG(3,("Permission denied opening %s\n",
555 smb_fname_str_dbg(smb_fname)));
556 return NT_STATUS_ACCESS_DENIED;
557 } else if(flags & O_CREAT) {
558 /* We don't want to write - but we must make sure that
559 O_CREAT doesn't create the file if we have write
560 access into the directory.
562 flags &= ~(O_CREAT|O_EXCL);
563 local_flags &= ~(O_CREAT|O_EXCL);
568 * This little piece of insanity is inspired by the
569 * fact that an NT client can open a file for O_RDONLY,
570 * but set the create disposition to FILE_EXISTS_TRUNCATE.
571 * If the client *can* write to the file, then it expects to
572 * truncate the file, even though it is opening for readonly.
573 * Quicken uses this stupid trick in backup file creation...
574 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
575 * for helping track this one down. It didn't bite us in 2.0.x
576 * as we always opened files read-write in that release. JRA.
579 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
580 DEBUG(10,("open_file: truncate requested on read-only open "
581 "for file %s\n", smb_fname_str_dbg(smb_fname)));
582 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
585 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
586 (!file_existed && (local_flags & O_CREAT)) ||
587 ((local_flags & O_TRUNC) == O_TRUNC) ) {
591 * We can't actually truncate here as the file may be locked.
592 * open_file_ntcreate will take care of the truncate later. JRA.
595 local_flags &= ~O_TRUNC;
597 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
599 * We would block on opening a FIFO with no one else on the
600 * other end. Do what we used to do and add O_NONBLOCK to the
604 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
605 local_flags |= O_NONBLOCK;
609 /* Don't create files with Microsoft wildcard characters. */
612 * wildcard characters are allowed in stream names
613 * only test the basefilename
615 wild = fsp->base_fsp->fsp_name->base_name;
617 wild = smb_fname->base_name;
619 if ((local_flags & O_CREAT) && !file_existed &&
621 return NT_STATUS_OBJECT_NAME_INVALID;
624 /* Can we access this file ? */
625 if (!fsp->base_fsp) {
626 /* Only do this check on non-stream open. */
628 status = smbd_check_access_rights(conn,
631 } else if (local_flags & O_CREAT){
632 status = check_parent_access(conn,
636 /* File didn't exist and no O_CREAT. */
637 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
639 if (!NT_STATUS_IS_OK(status)) {
640 DEBUG(10,("open_file: "
644 "smbd_check_access_rights" :
645 "check_parent_access",
646 smb_fname_str_dbg(smb_fname),
647 nt_errstr(status) ));
652 /* Actually do the open */
653 status = fd_open(conn, fsp, local_flags, unx_mode);
654 if (!NT_STATUS_IS_OK(status)) {
655 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
656 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
657 nt_errstr(status),local_flags,flags));
661 if ((local_flags & O_CREAT) && !file_existed) {
666 fsp->fh->fd = -1; /* What we used to call a stat open. */
668 /* File must exist for a stat open. */
669 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
672 status = smbd_check_access_rights(conn,
676 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
678 S_ISLNK(smb_fname->st.st_ex_mode)) {
679 /* This is a POSIX stat open for delete
680 * or rename on a symlink that points
682 DEBUG(10,("open_file: allowing POSIX "
683 "open on bad symlink %s\n",
684 smb_fname_str_dbg(smb_fname)));
685 status = NT_STATUS_OK;
688 if (!NT_STATUS_IS_OK(status)) {
689 DEBUG(10,("open_file: "
690 "smbd_check_access_rights on file "
692 smb_fname_str_dbg(smb_fname),
693 nt_errstr(status) ));
701 if (fsp->fh->fd == -1) {
702 ret = SMB_VFS_STAT(conn, smb_fname);
704 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
705 /* If we have an fd, this stat should succeed. */
707 DEBUG(0,("Error doing fstat on open file %s "
709 smb_fname_str_dbg(smb_fname),
714 /* For a non-io open, this stat failing means file not found. JRA */
716 status = map_nt_error_from_unix(errno);
722 bool need_re_stat = false;
723 /* Do all inheritance work after we've
724 done a successful stat call and filled
725 in the stat struct in fsp->fsp_name. */
727 /* Inherit the ACL if required */
728 if (lp_inherit_perms(SNUM(conn))) {
729 inherit_access_posix_acl(conn, parent_dir,
730 smb_fname->base_name,
735 /* Change the owner if required. */
736 if (lp_inherit_owner(SNUM(conn))) {
737 change_file_owner_to_parent(conn, parent_dir,
743 if (fsp->fh->fd == -1) {
744 ret = SMB_VFS_STAT(conn, smb_fname);
746 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
747 /* If we have an fd, this stat should succeed. */
749 DEBUG(0,("Error doing fstat on open file %s "
751 smb_fname_str_dbg(smb_fname),
757 notify_fname(conn, NOTIFY_ACTION_ADDED,
758 FILE_NOTIFY_CHANGE_FILE_NAME,
759 smb_fname->base_name);
764 * POSIX allows read-only opens of directories. We don't
765 * want to do this (we use a different code path for this)
766 * so catch a directory open and return an EISDIR. JRA.
769 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
772 return NT_STATUS_FILE_IS_A_DIRECTORY;
775 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
776 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
777 fsp->file_pid = req ? req->smbpid : 0;
778 fsp->can_lock = True;
779 fsp->can_read = ((access_mask & FILE_READ_DATA) != 0);
780 if (!CAN_WRITE(conn)) {
781 fsp->can_write = False;
783 fsp->can_write = ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) != 0);
785 fsp->print_file = NULL;
786 fsp->modified = False;
787 fsp->sent_oplock_break = NO_BREAK_SENT;
788 fsp->is_directory = False;
789 if (conn->aio_write_behind_list &&
790 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
791 conn->case_sensitive)) {
792 fsp->aio_write_behind = True;
795 fsp->wcp = NULL; /* Write cache pointer. */
797 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
798 conn->session_info->unix_info->unix_name,
799 smb_fname_str_dbg(smb_fname),
800 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
801 conn->num_files_open));
807 /****************************************************************************
808 Check if we can open a file with a share mode.
809 Returns True if conflict, False if not.
810 ****************************************************************************/
812 static bool share_conflict(struct share_mode_entry *entry,
816 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
817 "entry->share_access = 0x%x, "
818 "entry->private_options = 0x%x\n",
819 (unsigned int)entry->access_mask,
820 (unsigned int)entry->share_access,
821 (unsigned int)entry->private_options));
823 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
824 (unsigned int)access_mask, (unsigned int)share_access));
826 if ((entry->access_mask & (FILE_WRITE_DATA|
830 DELETE_ACCESS)) == 0) {
831 DEBUG(10,("share_conflict: No conflict due to "
832 "entry->access_mask = 0x%x\n",
833 (unsigned int)entry->access_mask ));
837 if ((access_mask & (FILE_WRITE_DATA|
841 DELETE_ACCESS)) == 0) {
842 DEBUG(10,("share_conflict: No conflict due to "
843 "access_mask = 0x%x\n",
844 (unsigned int)access_mask ));
848 #if 1 /* JRA TEST - Superdebug. */
849 #define CHECK_MASK(num, am, right, sa, share) \
850 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
851 (unsigned int)(num), (unsigned int)(am), \
852 (unsigned int)(right), (unsigned int)(am)&(right) )); \
853 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
854 (unsigned int)(num), (unsigned int)(sa), \
855 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
856 if (((am) & (right)) && !((sa) & (share))) { \
857 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
858 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
859 (unsigned int)(share) )); \
863 #define CHECK_MASK(num, am, right, sa, share) \
864 if (((am) & (right)) && !((sa) & (share))) { \
865 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
866 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
867 (unsigned int)(share) )); \
872 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
873 share_access, FILE_SHARE_WRITE);
874 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
875 entry->share_access, FILE_SHARE_WRITE);
877 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
878 share_access, FILE_SHARE_READ);
879 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
880 entry->share_access, FILE_SHARE_READ);
882 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
883 share_access, FILE_SHARE_DELETE);
884 CHECK_MASK(6, access_mask, DELETE_ACCESS,
885 entry->share_access, FILE_SHARE_DELETE);
887 DEBUG(10,("share_conflict: No conflict.\n"));
891 #if defined(DEVELOPER)
892 static void validate_my_share_entries(struct smbd_server_connection *sconn,
894 struct share_mode_entry *share_entry)
896 struct server_id self = messaging_server_id(sconn->msg_ctx);
899 if (!procid_equal(&self, &share_entry->pid)) {
903 if (is_deferred_open_entry(share_entry) &&
904 !open_was_deferred(sconn, share_entry->op_mid)) {
905 char *str = talloc_asprintf(talloc_tos(),
906 "Got a deferred entry without a request: "
908 share_mode_str(talloc_tos(), num, share_entry));
912 if (!is_valid_share_mode_entry(share_entry)) {
916 fsp = file_find_dif(sconn, share_entry->id,
917 share_entry->share_file_id);
919 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
920 share_mode_str(talloc_tos(), num, share_entry) ));
921 smb_panic("validate_my_share_entries: Cannot match a "
922 "share entry with an open file\n");
925 if (is_deferred_open_entry(share_entry)) {
929 if ((share_entry->op_type == NO_OPLOCK) &&
930 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
931 /* Someone has already written to it, but I haven't yet
936 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
945 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
946 share_mode_str(talloc_tos(), num, share_entry) ));
947 str = talloc_asprintf(talloc_tos(),
948 "validate_my_share_entries: "
949 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
950 fsp->fsp_name->base_name,
951 (unsigned int)fsp->oplock_type,
952 (unsigned int)share_entry->op_type );
958 bool is_stat_open(uint32 access_mask)
960 return (access_mask &&
961 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
962 FILE_WRITE_ATTRIBUTES))==0) &&
963 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
964 FILE_WRITE_ATTRIBUTES)) != 0));
967 /****************************************************************************
968 Deal with share modes
969 Invarient: Share mode must be locked on entry and exit.
970 Returns -1 on error, or number of share modes on success (may be zero).
971 ****************************************************************************/
973 static NTSTATUS open_mode_check(connection_struct *conn,
974 struct share_mode_lock *lck,
978 uint32 create_options,
983 if(lck->data->num_share_modes == 0) {
987 /* A delete on close prohibits everything */
989 if (is_delete_on_close_set(lck, name_hash)) {
991 * Check the delete on close token
992 * is valid. It could have been left
993 * after a server crash.
995 for(i = 0; i < lck->data->num_share_modes; i++) {
996 if (!share_mode_stale_pid(lck->data, i)) {
998 *file_existed = true;
1000 return NT_STATUS_DELETE_PENDING;
1003 return NT_STATUS_OK;
1006 if (is_stat_open(access_mask)) {
1007 /* Stat open that doesn't trigger oplock breaks or share mode
1008 * checks... ! JRA. */
1009 return NT_STATUS_OK;
1013 * Check if the share modes will give us access.
1016 #if defined(DEVELOPER)
1017 for(i = 0; i < lck->data->num_share_modes; i++) {
1018 validate_my_share_entries(conn->sconn, i,
1019 &lck->data->share_modes[i]);
1023 if (!lp_share_modes(SNUM(conn))) {
1024 return NT_STATUS_OK;
1027 /* Now we check the share modes, after any oplock breaks. */
1028 for(i = 0; i < lck->data->num_share_modes; i++) {
1030 if (!is_valid_share_mode_entry(&lck->data->share_modes[i])) {
1034 /* someone else has a share lock on it, check to see if we can
1036 if (share_conflict(&lck->data->share_modes[i],
1037 access_mask, share_access)) {
1039 if (share_mode_stale_pid(lck->data, i)) {
1043 *file_existed = true;
1045 return NT_STATUS_SHARING_VIOLATION;
1049 if (lck->data->num_share_modes != 0) {
1050 *file_existed = true;
1053 return NT_STATUS_OK;
1056 static bool is_delete_request(files_struct *fsp) {
1057 return ((fsp->access_mask == DELETE_ACCESS) &&
1058 (fsp->oplock_type == NO_OPLOCK));
1062 * Send a break message to the oplock holder and delay the open for
1066 static NTSTATUS send_break_message(files_struct *fsp,
1067 struct share_mode_entry *exclusive,
1072 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
1074 DEBUG(10, ("Sending break request to PID %s\n",
1075 procid_str_static(&exclusive->pid)));
1076 exclusive->op_mid = mid;
1078 /* Create the message. */
1079 share_mode_entry_to_message(msg, exclusive);
1081 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
1082 don't want this set in the share mode struct pointed to by lck. */
1084 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
1085 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET,
1086 exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
1089 status = messaging_send_buf(fsp->conn->sconn->msg_ctx, exclusive->pid,
1090 MSG_SMB_BREAK_REQUEST,
1092 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
1093 if (!NT_STATUS_IS_OK(status)) {
1094 DEBUG(3, ("Could not send oplock break message: %s\n",
1095 nt_errstr(status)));
1102 * Return share_mode_entry pointers for :
1103 * 1). Batch oplock entry.
1104 * 2). Batch or exclusive oplock entry (may be identical to #1).
1105 * bool have_level2_oplock
1106 * bool have_no_oplock.
1107 * Do internal consistency checks on the share mode for a file.
1110 static void find_oplock_types(files_struct *fsp,
1112 const struct share_mode_lock *lck,
1113 struct share_mode_entry **pp_batch,
1114 struct share_mode_entry **pp_ex_or_batch,
1116 bool *got_no_oplock)
1121 *pp_ex_or_batch = NULL;
1122 *got_level2 = false;
1123 *got_no_oplock = false;
1125 /* Ignore stat or internal opens, as is done in
1126 delay_for_batch_oplocks() and
1127 delay_for_exclusive_oplocks().
1129 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1133 for (i=0; i<lck->data->num_share_modes; i++) {
1134 if (!is_valid_share_mode_entry(&lck->data->share_modes[i])) {
1138 if (lck->data->share_modes[i].op_type == NO_OPLOCK &&
1139 is_stat_open(lck->data->share_modes[i].access_mask)) {
1140 /* We ignore stat opens in the table - they
1141 always have NO_OPLOCK and never get or
1142 cause breaks. JRA. */
1146 if (BATCH_OPLOCK_TYPE(lck->data->share_modes[i].op_type)) {
1147 /* batch - can only be one. */
1148 if (share_mode_stale_pid(lck->data, i)) {
1149 DEBUG(10, ("Found stale batch oplock\n"));
1152 if (*pp_ex_or_batch || *pp_batch || *got_level2 || *got_no_oplock) {
1153 smb_panic("Bad batch oplock entry.");
1155 *pp_batch = &lck->data->share_modes[i];
1158 if (EXCLUSIVE_OPLOCK_TYPE(lck->data->share_modes[i].op_type)) {
1159 if (share_mode_stale_pid(lck->data, i)) {
1160 DEBUG(10, ("Found stale duplicate oplock\n"));
1163 /* Exclusive or batch - can only be one. */
1164 if (*pp_ex_or_batch || *got_level2 || *got_no_oplock) {
1165 smb_panic("Bad exclusive or batch oplock entry.");
1167 *pp_ex_or_batch = &lck->data->share_modes[i];
1170 if (LEVEL_II_OPLOCK_TYPE(lck->data->share_modes[i].op_type)) {
1171 if (*pp_batch || *pp_ex_or_batch) {
1172 if (share_mode_stale_pid(lck->data, i)) {
1173 DEBUG(10, ("Found stale LevelII "
1177 smb_panic("Bad levelII oplock entry.");
1182 if (lck->data->share_modes[i].op_type == NO_OPLOCK) {
1183 if (*pp_batch || *pp_ex_or_batch) {
1184 if (share_mode_stale_pid(lck->data, i)) {
1185 DEBUG(10, ("Found stale NO_OPLOCK "
1189 smb_panic("Bad no oplock entry.");
1191 *got_no_oplock = true;
1196 static bool delay_for_batch_oplocks(files_struct *fsp,
1199 struct share_mode_entry *batch_entry)
1201 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1204 if (batch_entry == NULL) {
1208 /* Found a batch oplock */
1209 send_break_message(fsp, batch_entry, mid, oplock_request);
1213 static bool delay_for_exclusive_oplocks(files_struct *fsp,
1216 struct share_mode_entry *ex_entry)
1220 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1223 if (ex_entry == NULL) {
1227 /* Found an exclusive or batch oplock */
1229 delay_it = is_delete_request(fsp) ?
1230 BATCH_OPLOCK_TYPE(ex_entry->op_type) : true;
1236 send_break_message(fsp, ex_entry, mid, oplock_request);
1240 static bool file_has_brlocks(files_struct *fsp)
1242 struct byte_range_lock *br_lck;
1244 br_lck = brl_get_locks_readonly(fsp);
1248 return br_lck->num_locks > 0 ? true : false;
1251 static void grant_fsp_oplock_type(files_struct *fsp,
1253 bool got_level2_oplock,
1254 bool got_a_none_oplock)
1256 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
1257 lp_level2_oplocks(SNUM(fsp->conn));
1259 /* Start by granting what the client asked for,
1260 but ensure no SAMBA_PRIVATE bits can be set. */
1261 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1263 if (oplock_request & INTERNAL_OPEN_ONLY) {
1264 /* No oplocks on internal open. */
1265 fsp->oplock_type = NO_OPLOCK;
1266 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1267 fsp->oplock_type, fsp_str_dbg(fsp)));
1269 } else if (lp_locking(fsp->conn->params) && file_has_brlocks(fsp)) {
1270 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
1272 fsp->oplock_type = NO_OPLOCK;
1275 if (is_stat_open(fsp->access_mask)) {
1276 /* Leave the value already set. */
1277 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1278 fsp->oplock_type, fsp_str_dbg(fsp)));
1283 * Match what was requested (fsp->oplock_type) with
1284 * what was found in the existing share modes.
1287 if (got_a_none_oplock) {
1288 fsp->oplock_type = NO_OPLOCK;
1289 } else if (got_level2_oplock) {
1290 if (fsp->oplock_type == NO_OPLOCK ||
1291 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
1292 /* Store a level2 oplock, but don't tell the client */
1293 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1295 fsp->oplock_type = LEVEL_II_OPLOCK;
1298 /* All share_mode_entries are placeholders or deferred.
1299 * Silently upgrade to fake levelII if the client didn't
1300 * ask for an oplock. */
1301 if (fsp->oplock_type == NO_OPLOCK) {
1302 /* Store a level2 oplock, but don't tell the client */
1303 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1308 * Don't grant level2 to clients that don't want them
1309 * or if we've turned them off.
1311 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1312 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1315 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1316 fsp->oplock_type, fsp_str_dbg(fsp)));
1319 bool request_timed_out(struct timeval request_time,
1320 struct timeval timeout)
1322 struct timeval now, end_time;
1324 end_time = timeval_sum(&request_time, &timeout);
1325 return (timeval_compare(&end_time, &now) < 0);
1328 /****************************************************************************
1329 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1330 ****************************************************************************/
1332 static void defer_open(struct share_mode_lock *lck,
1333 struct timeval request_time,
1334 struct timeval timeout,
1335 struct smb_request *req,
1336 struct deferred_open_record *state)
1338 struct server_id self = messaging_server_id(req->sconn->msg_ctx);
1341 /* Paranoia check */
1343 for (i=0; i<lck->data->num_share_modes; i++) {
1344 struct share_mode_entry *e = &lck->data->share_modes[i];
1346 if (is_deferred_open_entry(e) &&
1347 procid_equal(&self, &e->pid) &&
1348 (e->op_mid == req->mid)) {
1349 DEBUG(0, ("Trying to defer an already deferred "
1350 "request: mid=%llu, exiting\n",
1351 (unsigned long long)req->mid));
1352 exit_server("attempt to defer a deferred request");
1356 /* End paranoia check */
1358 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1359 "open entry for mid %llu\n",
1360 (unsigned int)request_time.tv_sec,
1361 (unsigned int)request_time.tv_usec,
1362 (unsigned long long)req->mid));
1364 if (!push_deferred_open_message_smb(req, request_time, timeout,
1365 state->id, (char *)state, sizeof(*state))) {
1366 exit_server("push_deferred_open_message_smb failed");
1368 add_deferred_open(lck, req->mid, request_time, self, state->id);
1372 /****************************************************************************
1373 On overwrite open ensure that the attributes match.
1374 ****************************************************************************/
1376 bool open_match_attributes(connection_struct *conn,
1377 uint32 old_dos_attr,
1378 uint32 new_dos_attr,
1379 mode_t existing_unx_mode,
1380 mode_t new_unx_mode,
1381 mode_t *returned_unx_mode)
1383 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1385 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1386 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1388 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1389 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1390 *returned_unx_mode = new_unx_mode;
1392 *returned_unx_mode = (mode_t)0;
1395 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1396 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1397 "returned_unx_mode = 0%o\n",
1398 (unsigned int)old_dos_attr,
1399 (unsigned int)existing_unx_mode,
1400 (unsigned int)new_dos_attr,
1401 (unsigned int)*returned_unx_mode ));
1403 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1404 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1405 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1406 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1410 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1411 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1412 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1419 /****************************************************************************
1420 Special FCB or DOS processing in the case of a sharing violation.
1421 Try and find a duplicated file handle.
1422 ****************************************************************************/
1424 static NTSTATUS fcb_or_dos_open(struct smb_request *req,
1425 connection_struct *conn,
1426 files_struct *fsp_to_dup_into,
1427 const struct smb_filename *smb_fname,
1432 uint32 share_access,
1433 uint32 create_options)
1437 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1438 "file %s.\n", smb_fname_str_dbg(smb_fname)));
1440 for(fsp = file_find_di_first(conn->sconn, id); fsp;
1441 fsp = file_find_di_next(fsp)) {
1443 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1444 "vuid = %llu, file_pid = %u, private_options = 0x%x "
1445 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1446 fsp->fh->fd, (unsigned long long)fsp->vuid,
1447 (unsigned int)fsp->file_pid,
1448 (unsigned int)fsp->fh->private_options,
1449 (unsigned int)fsp->access_mask ));
1451 if (fsp->fh->fd != -1 &&
1452 fsp->vuid == vuid &&
1453 fsp->file_pid == file_pid &&
1454 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1455 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1456 (fsp->access_mask & FILE_WRITE_DATA) &&
1457 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1458 strequal(fsp->fsp_name->stream_name,
1459 smb_fname->stream_name)) {
1460 DEBUG(10,("fcb_or_dos_open: file match\n"));
1466 return NT_STATUS_NOT_FOUND;
1469 /* quite an insane set of semantics ... */
1470 if (is_executable(smb_fname->base_name) &&
1471 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1472 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1473 return NT_STATUS_INVALID_PARAMETER;
1476 /* We need to duplicate this fsp. */
1477 return dup_file_fsp(req, fsp, access_mask, share_access,
1478 create_options, fsp_to_dup_into);
1481 static void schedule_defer_open(struct share_mode_lock *lck,
1482 struct timeval request_time,
1483 struct smb_request *req)
1485 struct deferred_open_record state;
1487 /* This is a relative time, added to the absolute
1488 request_time value to get the absolute timeout time.
1489 Note that if this is the second or greater time we enter
1490 this codepath for this particular request mid then
1491 request_time is left as the absolute time of the *first*
1492 time this request mid was processed. This is what allows
1493 the request to eventually time out. */
1495 struct timeval timeout;
1497 /* Normally the smbd we asked should respond within
1498 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1499 * the client did, give twice the timeout as a safety
1500 * measure here in case the other smbd is stuck
1501 * somewhere else. */
1503 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1505 /* Nothing actually uses state.delayed_for_oplocks
1506 but it's handy to differentiate in debug messages
1507 between a 30 second delay due to oplock break, and
1508 a 1 second delay for share mode conflicts. */
1510 state.delayed_for_oplocks = True;
1511 state.id = lck->data->id;
1513 if (!request_timed_out(request_time, timeout)) {
1514 defer_open(lck, request_time, timeout, req, &state);
1518 /****************************************************************************
1519 Work out what access_mask to use from what the client sent us.
1520 ****************************************************************************/
1522 static NTSTATUS smbd_calculate_maximum_allowed_access(
1523 connection_struct *conn,
1524 const struct smb_filename *smb_fname,
1525 uint32_t *p_access_mask)
1527 struct security_descriptor *sd;
1528 uint32_t access_granted;
1531 if (get_current_uid(conn) == (uid_t)0) {
1532 *p_access_mask |= FILE_GENERIC_ALL;
1533 return NT_STATUS_OK;
1536 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1541 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1543 * File did not exist
1545 *p_access_mask = FILE_GENERIC_ALL;
1546 return NT_STATUS_OK;
1548 if (!NT_STATUS_IS_OK(status)) {
1549 DEBUG(10,("smbd_calculate_access_mask: "
1550 "Could not get acl on file %s: %s\n",
1551 smb_fname_str_dbg(smb_fname),
1552 nt_errstr(status)));
1553 return NT_STATUS_ACCESS_DENIED;
1557 * Never test FILE_READ_ATTRIBUTES. se_access_check()
1558 * also takes care of owner WRITE_DAC and READ_CONTROL.
1560 status = se_access_check(sd,
1561 get_current_nttok(conn),
1562 (*p_access_mask & ~FILE_READ_ATTRIBUTES),
1567 if (!NT_STATUS_IS_OK(status)) {
1568 DEBUG(10, ("smbd_calculate_access_mask: "
1569 "Access denied on file %s: "
1570 "when calculating maximum access\n",
1571 smb_fname_str_dbg(smb_fname)));
1572 return NT_STATUS_ACCESS_DENIED;
1574 *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
1575 return NT_STATUS_OK;
1578 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
1579 const struct smb_filename *smb_fname,
1580 uint32_t access_mask,
1581 uint32_t *access_mask_out)
1584 uint32_t orig_access_mask = access_mask;
1585 uint32_t rejected_share_access;
1588 * Convert GENERIC bits to specific bits.
1591 se_map_generic(&access_mask, &file_generic_mapping);
1593 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1594 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1596 status = smbd_calculate_maximum_allowed_access(
1597 conn, smb_fname, &access_mask);
1599 if (!NT_STATUS_IS_OK(status)) {
1603 access_mask &= conn->share_access;
1606 rejected_share_access = access_mask & ~(conn->share_access);
1608 if (rejected_share_access) {
1609 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
1610 "file %s: rejected by share access mask[0x%08X] "
1611 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
1612 smb_fname_str_dbg(smb_fname),
1614 orig_access_mask, access_mask,
1615 rejected_share_access));
1616 return NT_STATUS_ACCESS_DENIED;
1619 *access_mask_out = access_mask;
1620 return NT_STATUS_OK;
1623 /****************************************************************************
1624 Remove the deferred open entry under lock.
1625 ****************************************************************************/
1627 void remove_deferred_open_entry(struct file_id id, uint64_t mid,
1628 struct server_id pid)
1630 struct share_mode_lock *lck = get_existing_share_mode_lock(
1633 DEBUG(0, ("could not get share mode lock\n"));
1636 del_deferred_open_entry(lck, mid, pid);
1640 /****************************************************************************
1641 Open a file with a share mode. Passed in an already created files_struct *.
1642 ****************************************************************************/
1644 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1645 struct smb_request *req,
1646 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1647 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1648 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1649 uint32 create_options, /* options such as delete on close. */
1650 uint32 new_dos_attributes, /* attributes used for new file. */
1651 int oplock_request, /* internal Samba oplock codes. */
1652 /* Information (FILE_EXISTS etc.) */
1653 uint32_t private_flags, /* Samba specific flags. */
1657 struct smb_filename *smb_fname = fsp->fsp_name;
1660 bool file_existed = VALID_STAT(smb_fname->st);
1661 bool def_acl = False;
1662 bool posix_open = False;
1663 bool new_file_created = False;
1664 bool clear_ads = false;
1665 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1666 mode_t new_unx_mode = (mode_t)0;
1667 mode_t unx_mode = (mode_t)0;
1669 uint32 existing_dos_attributes = 0;
1670 struct timeval request_time = timeval_zero();
1671 struct share_mode_lock *lck = NULL;
1672 uint32 open_access_mask = access_mask;
1676 if (conn->printer) {
1678 * Printers are handled completely differently.
1679 * Most of the passed parameters are ignored.
1683 *pinfo = FILE_WAS_CREATED;
1686 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1687 smb_fname_str_dbg(smb_fname)));
1690 DEBUG(0,("open_file_ntcreate: printer open without "
1691 "an SMB request!\n"));
1692 return NT_STATUS_INTERNAL_ERROR;
1695 return print_spool_open(fsp, smb_fname->base_name,
1699 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
1701 return NT_STATUS_NO_MEMORY;
1704 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1706 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1707 new_dos_attributes = 0;
1709 /* Windows allows a new file to be created and
1710 silently removes a FILE_ATTRIBUTE_DIRECTORY
1711 sent by the client. Do the same. */
1713 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
1715 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
1717 unx_mode = unix_mode(conn, new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
1718 smb_fname, parent_dir);
1721 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1722 "access_mask=0x%x share_access=0x%x "
1723 "create_disposition = 0x%x create_options=0x%x "
1724 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
1725 smb_fname_str_dbg(smb_fname), new_dos_attributes,
1726 access_mask, share_access, create_disposition,
1727 create_options, (unsigned int)unx_mode, oplock_request,
1728 (unsigned int)private_flags));
1730 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1731 DEBUG(0, ("No smb request but not an internal only open!\n"));
1732 return NT_STATUS_INTERNAL_ERROR;
1736 * Only non-internal opens can be deferred at all
1741 if (get_deferred_open_message_state(req,
1745 struct deferred_open_record *state = (struct deferred_open_record *)ptr;
1746 /* Remember the absolute time of the original
1747 request with this mid. We'll use it later to
1748 see if this has timed out. */
1750 /* Remove the deferred open entry under lock. */
1751 remove_deferred_open_entry(
1752 state->id, req->mid,
1753 messaging_server_id(req->sconn->msg_ctx));
1755 /* Ensure we don't reprocess this message. */
1756 remove_deferred_open_message_smb(req->sconn, req->mid);
1761 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1763 existing_dos_attributes = dos_mode(conn, smb_fname);
1767 /* ignore any oplock requests if oplocks are disabled */
1768 if (!lp_oplocks(SNUM(conn)) ||
1769 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
1770 /* Mask off everything except the private Samba bits. */
1771 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1774 /* this is for OS/2 long file names - say we don't support them */
1775 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
1776 /* OS/2 Workplace shell fix may be main code stream in a later
1778 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1780 if (use_nt_status()) {
1781 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1783 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1786 switch( create_disposition ) {
1788 * Currently we're using FILE_SUPERSEDE as the same as
1789 * FILE_OVERWRITE_IF but they really are
1790 * different. FILE_SUPERSEDE deletes an existing file
1791 * (requiring delete access) then recreates it.
1793 case FILE_SUPERSEDE:
1794 /* If file exists replace/overwrite. If file doesn't
1796 flags2 |= (O_CREAT | O_TRUNC);
1800 case FILE_OVERWRITE_IF:
1801 /* If file exists replace/overwrite. If file doesn't
1803 flags2 |= (O_CREAT | O_TRUNC);
1808 /* If file exists open. If file doesn't exist error. */
1809 if (!file_existed) {
1810 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1811 "requested for file %s and file "
1813 smb_fname_str_dbg(smb_fname)));
1815 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1819 case FILE_OVERWRITE:
1820 /* If file exists overwrite. If file doesn't exist
1822 if (!file_existed) {
1823 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1824 "requested for file %s and file "
1826 smb_fname_str_dbg(smb_fname) ));
1828 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1835 /* If file exists error. If file doesn't exist
1838 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1839 "requested for file %s and file "
1840 "already exists.\n",
1841 smb_fname_str_dbg(smb_fname)));
1842 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
1847 return map_nt_error_from_unix(errno);
1849 flags2 |= (O_CREAT|O_EXCL);
1853 /* If file exists open. If file doesn't exist
1859 return NT_STATUS_INVALID_PARAMETER;
1862 /* We only care about matching attributes on file exists and
1865 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1866 (create_disposition == FILE_OVERWRITE_IF))) {
1867 if (!open_match_attributes(conn, existing_dos_attributes,
1869 smb_fname->st.st_ex_mode,
1870 unx_mode, &new_unx_mode)) {
1871 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1872 "for file %s (%x %x) (0%o, 0%o)\n",
1873 smb_fname_str_dbg(smb_fname),
1874 existing_dos_attributes,
1876 (unsigned int)smb_fname->st.st_ex_mode,
1877 (unsigned int)unx_mode ));
1879 return NT_STATUS_ACCESS_DENIED;
1883 status = smbd_calculate_access_mask(conn, smb_fname,
1886 if (!NT_STATUS_IS_OK(status)) {
1887 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
1888 "on file %s returned %s\n",
1889 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
1893 open_access_mask = access_mask;
1895 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1896 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1899 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1900 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
1904 * Note that we ignore the append flag as append does not
1905 * mean the same thing under DOS and Unix.
1908 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1909 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1910 /* DENY_DOS opens are always underlying read-write on the
1911 file handle, no matter what the requested access mask
1913 if ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1914 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1924 * Currently we only look at FILE_WRITE_THROUGH for create options.
1928 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1933 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1937 if (!posix_open && !CAN_WRITE(conn)) {
1939 * We should really return a permission denied error if either
1940 * O_CREAT or O_TRUNC are set, but for compatibility with
1941 * older versions of Samba we just AND them out.
1943 flags2 &= ~(O_CREAT|O_TRUNC);
1947 * Ensure we can't write on a read-only share or file.
1950 if (flags != O_RDONLY && file_existed &&
1951 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1952 DEBUG(5,("open_file_ntcreate: write access requested for "
1953 "file %s on read only %s\n",
1954 smb_fname_str_dbg(smb_fname),
1955 !CAN_WRITE(conn) ? "share" : "file" ));
1957 return NT_STATUS_ACCESS_DENIED;
1960 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1961 fsp->share_access = share_access;
1962 fsp->fh->private_options = private_flags;
1963 fsp->access_mask = open_access_mask; /* We change this to the
1964 * requested access_mask after
1965 * the open is done. */
1966 fsp->posix_open = posix_open;
1968 /* Ensure no SAMBA_PRIVATE bits can be set. */
1969 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1971 if (timeval_is_zero(&request_time)) {
1972 request_time = fsp->open_time;
1976 struct share_mode_entry *batch_entry = NULL;
1977 struct share_mode_entry *exclusive_entry = NULL;
1978 bool got_level2_oplock = false;
1979 bool got_a_none_oplock = false;
1982 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
1983 id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1985 lck = get_share_mode_lock(talloc_tos(), id,
1987 smb_fname, &old_write_time);
1989 DEBUG(0, ("Could not get share mode lock\n"));
1990 return NT_STATUS_SHARING_VIOLATION;
1993 /* Get the types we need to examine. */
1994 find_oplock_types(fsp,
2000 &got_a_none_oplock);
2002 /* First pass - send break only on batch oplocks. */
2003 if ((req != NULL) &&
2004 delay_for_batch_oplocks(fsp,
2008 schedule_defer_open(lck, request_time, req);
2010 return NT_STATUS_SHARING_VIOLATION;
2013 /* Use the client requested access mask here, not the one we
2015 status = open_mode_check(conn, lck, fsp->name_hash,
2016 access_mask, share_access,
2017 create_options, &file_existed);
2019 if (NT_STATUS_IS_OK(status)) {
2020 /* We might be going to allow this open. Check oplock
2022 /* Second pass - send break for both batch or
2023 * exclusive oplocks. */
2024 if ((req != NULL) &&
2025 delay_for_exclusive_oplocks(
2030 schedule_defer_open(lck, request_time, req);
2032 return NT_STATUS_SHARING_VIOLATION;
2036 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
2037 /* DELETE_PENDING is not deferred for a second */
2042 grant_fsp_oplock_type(fsp,
2047 if (!NT_STATUS_IS_OK(status)) {
2048 uint32 can_access_mask;
2049 bool can_access = True;
2051 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
2053 /* Check if this can be done with the deny_dos and fcb
2056 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
2057 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
2059 DEBUG(0, ("DOS open without an SMB "
2062 return NT_STATUS_INTERNAL_ERROR;
2065 /* Use the client requested access mask here,
2066 * not the one we open with. */
2067 status = fcb_or_dos_open(req,
2078 if (NT_STATUS_IS_OK(status)) {
2081 *pinfo = FILE_WAS_OPENED;
2083 return NT_STATUS_OK;
2088 * This next line is a subtlety we need for
2089 * MS-Access. If a file open will fail due to share
2090 * permissions and also for security (access) reasons,
2091 * we need to return the access failed error, not the
2092 * share error. We can't open the file due to kernel
2093 * oplock deadlock (it's possible we failed above on
2094 * the open_mode_check()) so use a userspace check.
2097 if (flags & O_RDWR) {
2098 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
2099 } else if (flags & O_WRONLY) {
2100 can_access_mask = FILE_WRITE_DATA;
2102 can_access_mask = FILE_READ_DATA;
2105 if (((can_access_mask & FILE_WRITE_DATA) &&
2106 !CAN_WRITE(conn)) ||
2107 !NT_STATUS_IS_OK(smbd_check_access_rights(conn,
2108 smb_fname, can_access_mask))) {
2113 * If we're returning a share violation, ensure we
2114 * cope with the braindead 1 second delay.
2117 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
2118 lp_defer_sharing_violations()) {
2119 struct timeval timeout;
2120 struct deferred_open_record state;
2123 /* this is a hack to speed up torture tests
2125 timeout_usecs = lp_parm_int(SNUM(conn),
2126 "smbd","sharedelay",
2127 SHARING_VIOLATION_USEC_WAIT);
2129 /* This is a relative time, added to the absolute
2130 request_time value to get the absolute timeout time.
2131 Note that if this is the second or greater time we enter
2132 this codepath for this particular request mid then
2133 request_time is left as the absolute time of the *first*
2134 time this request mid was processed. This is what allows
2135 the request to eventually time out. */
2137 timeout = timeval_set(0, timeout_usecs);
2139 /* Nothing actually uses state.delayed_for_oplocks
2140 but it's handy to differentiate in debug messages
2141 between a 30 second delay due to oplock break, and
2142 a 1 second delay for share mode conflicts. */
2144 state.delayed_for_oplocks = False;
2148 && !request_timed_out(request_time,
2150 defer_open(lck, request_time, timeout,
2158 * We have detected a sharing violation here
2159 * so return the correct error code
2161 status = NT_STATUS_SHARING_VIOLATION;
2163 status = NT_STATUS_ACCESS_DENIED;
2169 * We exit this block with the share entry *locked*.....
2173 SMB_ASSERT(!file_existed || (lck != NULL));
2176 * Ensure we pay attention to default ACLs on directories if required.
2179 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
2180 (def_acl = directory_has_default_acl(conn, parent_dir))) {
2181 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
2184 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2185 "access_mask = 0x%x, open_access_mask = 0x%x\n",
2186 (unsigned int)flags, (unsigned int)flags2,
2187 (unsigned int)unx_mode, (unsigned int)access_mask,
2188 (unsigned int)open_access_mask));
2191 * open_file strips any O_TRUNC flags itself.
2194 fsp_open = open_file(fsp, conn, req, parent_dir,
2195 flags|flags2, unx_mode, access_mask,
2198 if (!NT_STATUS_IS_OK(fsp_open)) {
2203 if (!file_existed) {
2204 struct share_mode_entry *batch_entry = NULL;
2205 struct share_mode_entry *exclusive_entry = NULL;
2206 bool got_level2_oplock = false;
2207 bool got_a_none_oplock = false;
2208 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
2211 * Deal with the race condition where two smbd's detect the
2212 * file doesn't exist and do the create at the same time. One
2213 * of them will win and set a share mode, the other (ie. this
2214 * one) should check if the requested share mode for this
2215 * create is allowed.
2219 * Now the file exists and fsp is successfully opened,
2220 * fsp->dev and fsp->inode are valid and should replace the
2221 * dev=0,inode=0 from a non existent file. Spotted by
2222 * Nadav Danieli <nadavd@exanet.com>. JRA.
2227 lck = get_share_mode_lock(talloc_tos(), id,
2229 smb_fname, &old_write_time);
2232 DEBUG(0, ("open_file_ntcreate: Could not get share "
2233 "mode lock for %s\n",
2234 smb_fname_str_dbg(smb_fname)));
2236 return NT_STATUS_SHARING_VIOLATION;
2239 /* Get the types we need to examine. */
2240 find_oplock_types(fsp,
2246 &got_a_none_oplock);
2248 /* First pass - send break only on batch oplocks. */
2249 if ((req != NULL) &&
2250 delay_for_batch_oplocks(fsp,
2254 schedule_defer_open(lck, request_time, req);
2257 return NT_STATUS_SHARING_VIOLATION;
2260 status = open_mode_check(conn, lck, fsp->name_hash,
2261 access_mask, share_access,
2262 create_options, &file_existed);
2264 if (NT_STATUS_IS_OK(status)) {
2265 /* We might be going to allow this open. Check oplock
2267 /* Second pass - send break for both batch or
2268 * exclusive oplocks. */
2269 if ((req != NULL) &&
2270 delay_for_exclusive_oplocks(
2275 schedule_defer_open(lck, request_time, req);
2278 return NT_STATUS_SHARING_VIOLATION;
2282 if (!NT_STATUS_IS_OK(status)) {
2283 struct deferred_open_record state;
2285 state.delayed_for_oplocks = False;
2288 /* Do it all over again immediately. In the second
2289 * round we will find that the file existed and handle
2290 * the DELETE_PENDING and FCB cases correctly. No need
2291 * to duplicate the code here. Essentially this is a
2292 * "goto top of this function", but don't tell
2296 defer_open(lck, request_time, timeval_zero(),
2304 grant_fsp_oplock_type(fsp,
2310 * We exit this block with the share entry *locked*.....
2315 SMB_ASSERT(lck != NULL);
2317 /* Delete streams if create_disposition requires it */
2318 if (file_existed && clear_ads &&
2319 !is_ntfs_stream_smb_fname(smb_fname)) {
2320 status = delete_all_streams(conn, smb_fname->base_name);
2321 if (!NT_STATUS_IS_OK(status)) {
2328 /* note that we ignore failure for the following. It is
2329 basically a hack for NFS, and NFS will never set one of
2330 these only read them. Nobody but Samba can ever set a deny
2331 mode and we have already checked our more authoritative
2332 locking database for permission to set this deny mode. If
2333 the kernel refuses the operations then the kernel is wrong.
2334 note that GPFS supports it as well - jmcd */
2336 if (fsp->fh->fd != -1) {
2338 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
2339 if(ret_flock == -1 ){
2344 return NT_STATUS_SHARING_VIOLATION;
2349 * At this point onwards, we can guarentee that the share entry
2350 * is locked, whether we created the file or not, and that the
2351 * deny mode is compatible with all current opens.
2355 * If requested, truncate the file.
2358 if (file_existed && (flags2&O_TRUNC)) {
2360 * We are modifing the file after open - update the stat
2363 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2364 (SMB_VFS_FSTAT(fsp, &smb_fname->st)==-1)) {
2365 status = map_nt_error_from_unix(errno);
2373 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2374 * but we don't have to store this - just ignore it on access check.
2376 if (conn->sconn->using_smb2) {
2378 * SMB2 doesn't return it (according to Microsoft tests).
2379 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
2380 * File created with access = 0x7 (Read, Write, Delete)
2381 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
2383 fsp->access_mask = access_mask;
2385 /* But SMB1 does. */
2386 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2390 /* stat opens on existing files don't get oplocks. */
2391 if (is_stat_open(open_access_mask)) {
2392 fsp->oplock_type = NO_OPLOCK;
2395 if (flags2 & O_TRUNC) {
2396 info = FILE_WAS_OVERWRITTEN;
2398 info = FILE_WAS_OPENED;
2401 info = FILE_WAS_CREATED;
2409 * Setup the oplock info in both the shared memory and
2413 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2415 * Could not get the kernel oplock or there are byte-range
2416 * locks on the file.
2418 fsp->oplock_type = NO_OPLOCK;
2421 set_share_mode(lck, fsp, get_current_uid(conn),
2425 /* Handle strange delete on close create semantics. */
2426 if (create_options & FILE_DELETE_ON_CLOSE) {
2428 status = can_set_delete_on_close(fsp, new_dos_attributes);
2430 if (!NT_STATUS_IS_OK(status)) {
2431 /* Remember to delete the mode we just added. */
2432 del_share_mode(lck, fsp);
2437 /* Note that here we set the *inital* delete on close flag,
2438 not the regular one. The magic gets handled in close. */
2439 fsp->initial_delete_on_close = True;
2442 if (info == FILE_WAS_OVERWRITTEN
2443 || info == FILE_WAS_CREATED
2444 || info == FILE_WAS_SUPERSEDED) {
2445 new_file_created = True;
2448 if (new_file_created) {
2449 /* Files should be initially set as archive */
2450 if (lp_map_archive(SNUM(conn)) ||
2451 lp_store_dos_attributes(SNUM(conn))) {
2453 if (file_set_dosmode(conn, smb_fname,
2454 new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
2455 parent_dir, true) == 0) {
2456 unx_mode = smb_fname->st.st_ex_mode;
2462 /* Determine sparse flag. */
2464 /* POSIX opens are sparse by default. */
2465 fsp->is_sparse = true;
2467 fsp->is_sparse = (file_existed &&
2468 (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE));
2472 * Take care of inherited ACLs on created files - if default ACL not
2476 if (!posix_open && !file_existed && !def_acl) {
2478 int saved_errno = errno; /* We might get ENOSYS in the next
2481 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2483 errno = saved_errno; /* Ignore ENOSYS */
2486 } else if (new_unx_mode) {
2490 /* Attributes need changing. File already existed. */
2493 int saved_errno = errno; /* We might get ENOSYS in the
2495 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2497 if (ret == -1 && errno == ENOSYS) {
2498 errno = saved_errno; /* Ignore ENOSYS */
2500 DEBUG(5, ("open_file_ntcreate: reset "
2501 "attributes of file %s to 0%o\n",
2502 smb_fname_str_dbg(smb_fname),
2503 (unsigned int)new_unx_mode));
2504 ret = 0; /* Don't do the fchmod below. */
2509 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2510 DEBUG(5, ("open_file_ntcreate: failed to reset "
2511 "attributes of file %s to 0%o\n",
2512 smb_fname_str_dbg(smb_fname),
2513 (unsigned int)new_unx_mode));
2516 /* If this is a successful open, we must remove any deferred open
2519 del_deferred_open_entry(lck, req->mid,
2520 messaging_server_id(req->sconn->msg_ctx));
2524 return NT_STATUS_OK;
2528 /****************************************************************************
2529 Open a file for for write to ensure that we can fchmod it.
2530 ****************************************************************************/
2532 NTSTATUS open_file_fchmod(connection_struct *conn,
2533 struct smb_filename *smb_fname,
2534 files_struct **result)
2536 if (!VALID_STAT(smb_fname->st)) {
2537 return NT_STATUS_INVALID_PARAMETER;
2540 return SMB_VFS_CREATE_FILE(
2543 0, /* root_dir_fid */
2544 smb_fname, /* fname */
2545 FILE_WRITE_DATA, /* access_mask */
2546 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2548 FILE_OPEN, /* create_disposition*/
2549 0, /* create_options */
2550 0, /* file_attributes */
2551 INTERNAL_OPEN_ONLY, /* oplock_request */
2552 0, /* allocation_size */
2553 0, /* private_flags */
2556 result, /* result */
2560 static NTSTATUS mkdir_internal(connection_struct *conn,
2561 struct smb_filename *smb_dname,
2562 uint32 file_attributes)
2565 char *parent_dir = NULL;
2567 bool posix_open = false;
2568 bool need_re_stat = false;
2569 uint32_t access_mask = SEC_DIR_ADD_SUBDIR;
2571 if(access_mask & ~(conn->share_access)) {
2572 DEBUG(5,("mkdir_internal: failing share access "
2573 "%s\n", lp_servicename(SNUM(conn))));
2574 return NT_STATUS_ACCESS_DENIED;
2577 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2579 return NT_STATUS_NO_MEMORY;
2582 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2584 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2586 mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, smb_dname, parent_dir);
2589 status = check_parent_access(conn,
2592 if(!NT_STATUS_IS_OK(status)) {
2593 DEBUG(5,("mkdir_internal: check_parent_access "
2594 "on directory %s for path %s returned %s\n",
2596 smb_dname->base_name,
2597 nt_errstr(status) ));
2601 if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2602 return map_nt_error_from_unix(errno);
2605 /* Ensure we're checking for a symlink here.... */
2606 /* We don't want to get caught by a symlink racer. */
2608 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2609 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2610 smb_fname_str_dbg(smb_dname), strerror(errno)));
2611 return map_nt_error_from_unix(errno);
2614 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2615 DEBUG(0, ("Directory '%s' just created is not a directory !\n",
2616 smb_fname_str_dbg(smb_dname)));
2617 return NT_STATUS_NOT_A_DIRECTORY;
2620 if (lp_store_dos_attributes(SNUM(conn))) {
2622 file_set_dosmode(conn, smb_dname,
2623 file_attributes | FILE_ATTRIBUTE_DIRECTORY,
2628 if (lp_inherit_perms(SNUM(conn))) {
2629 inherit_access_posix_acl(conn, parent_dir,
2630 smb_dname->base_name, mode);
2631 need_re_stat = true;
2636 * Check if high bits should have been set,
2637 * then (if bits are missing): add them.
2638 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2641 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2642 (mode & ~smb_dname->st.st_ex_mode)) {
2643 SMB_VFS_CHMOD(conn, smb_dname->base_name,
2644 (smb_dname->st.st_ex_mode |
2645 (mode & ~smb_dname->st.st_ex_mode)));
2646 need_re_stat = true;
2650 /* Change the owner if required. */
2651 if (lp_inherit_owner(SNUM(conn))) {
2652 change_dir_owner_to_parent(conn, parent_dir,
2653 smb_dname->base_name,
2655 need_re_stat = true;
2659 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2660 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2661 smb_fname_str_dbg(smb_dname), strerror(errno)));
2662 return map_nt_error_from_unix(errno);
2666 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2667 smb_dname->base_name);
2669 return NT_STATUS_OK;
2672 /****************************************************************************
2673 Ensure we didn't get symlink raced on opening a directory.
2674 ****************************************************************************/
2676 bool check_same_stat(const SMB_STRUCT_STAT *sbuf1,
2677 const SMB_STRUCT_STAT *sbuf2)
2679 if (sbuf1->st_ex_uid != sbuf2->st_ex_uid ||
2680 sbuf1->st_ex_gid != sbuf2->st_ex_gid ||
2681 sbuf1->st_ex_dev != sbuf2->st_ex_dev ||
2682 sbuf1->st_ex_ino != sbuf2->st_ex_ino) {
2688 /****************************************************************************
2689 Open a directory from an NT SMB call.
2690 ****************************************************************************/
2692 static NTSTATUS open_directory(connection_struct *conn,
2693 struct smb_request *req,
2694 struct smb_filename *smb_dname,
2696 uint32 share_access,
2697 uint32 create_disposition,
2698 uint32 create_options,
2699 uint32 file_attributes,
2701 files_struct **result)
2703 files_struct *fsp = NULL;
2704 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
2705 struct share_mode_lock *lck = NULL;
2707 struct timespec mtimespec;
2710 if (is_ntfs_stream_smb_fname(smb_dname)) {
2711 DEBUG(2, ("open_directory: %s is a stream name!\n",
2712 smb_fname_str_dbg(smb_dname)));
2713 return NT_STATUS_NOT_A_DIRECTORY;
2716 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2717 /* Ensure we have a directory attribute. */
2718 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
2721 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2722 "share_access = 0x%x create_options = 0x%x, "
2723 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2724 smb_fname_str_dbg(smb_dname),
2725 (unsigned int)access_mask,
2726 (unsigned int)share_access,
2727 (unsigned int)create_options,
2728 (unsigned int)create_disposition,
2729 (unsigned int)file_attributes));
2731 status = smbd_calculate_access_mask(conn, smb_dname,
2732 access_mask, &access_mask);
2733 if (!NT_STATUS_IS_OK(status)) {
2734 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
2735 "on file %s returned %s\n",
2736 smb_fname_str_dbg(smb_dname),
2737 nt_errstr(status)));
2741 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2742 !security_token_has_privilege(get_current_nttok(conn),
2743 SEC_PRIV_SECURITY)) {
2744 DEBUG(10, ("open_directory: open on %s "
2745 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2746 smb_fname_str_dbg(smb_dname)));
2747 return NT_STATUS_PRIVILEGE_NOT_HELD;
2750 switch( create_disposition ) {
2754 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2757 info = FILE_WAS_OPENED;
2762 /* If directory exists error. If directory doesn't
2766 status = NT_STATUS_OBJECT_NAME_COLLISION;
2767 DEBUG(2, ("open_directory: unable to create "
2768 "%s. Error was %s\n",
2769 smb_fname_str_dbg(smb_dname),
2770 nt_errstr(status)));
2774 status = mkdir_internal(conn, smb_dname,
2777 if (!NT_STATUS_IS_OK(status)) {
2778 DEBUG(2, ("open_directory: unable to create "
2779 "%s. Error was %s\n",
2780 smb_fname_str_dbg(smb_dname),
2781 nt_errstr(status)));
2785 info = FILE_WAS_CREATED;
2790 * If directory exists open. If directory doesn't
2795 status = NT_STATUS_OK;
2796 info = FILE_WAS_OPENED;
2798 status = mkdir_internal(conn, smb_dname,
2801 if (NT_STATUS_IS_OK(status)) {
2802 info = FILE_WAS_CREATED;
2804 /* Cope with create race. */
2805 if (!NT_STATUS_EQUAL(status,
2806 NT_STATUS_OBJECT_NAME_COLLISION)) {
2807 DEBUG(2, ("open_directory: unable to create "
2808 "%s. Error was %s\n",
2809 smb_fname_str_dbg(smb_dname),
2810 nt_errstr(status)));
2813 info = FILE_WAS_OPENED;
2819 case FILE_SUPERSEDE:
2820 case FILE_OVERWRITE:
2821 case FILE_OVERWRITE_IF:
2823 DEBUG(5,("open_directory: invalid create_disposition "
2824 "0x%x for directory %s\n",
2825 (unsigned int)create_disposition,
2826 smb_fname_str_dbg(smb_dname)));
2827 return NT_STATUS_INVALID_PARAMETER;
2830 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
2831 DEBUG(5,("open_directory: %s is not a directory !\n",
2832 smb_fname_str_dbg(smb_dname)));
2833 return NT_STATUS_NOT_A_DIRECTORY;
2836 if (info == FILE_WAS_OPENED) {
2837 status = smbd_check_access_rights(conn, smb_dname, access_mask);
2838 if (!NT_STATUS_IS_OK(status)) {
2839 DEBUG(10, ("open_directory: smbd_check_access_rights on "
2840 "file %s failed with %s\n",
2841 smb_fname_str_dbg(smb_dname),
2842 nt_errstr(status)));
2847 status = file_new(req, conn, &fsp);
2848 if(!NT_STATUS_IS_OK(status)) {
2853 * Setup the files_struct for it.
2856 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
2857 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2858 fsp->file_pid = req ? req->smbpid : 0;
2859 fsp->can_lock = False;
2860 fsp->can_read = False;
2861 fsp->can_write = False;
2863 fsp->share_access = share_access;
2864 fsp->fh->private_options = 0;
2866 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2868 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2869 fsp->print_file = NULL;
2870 fsp->modified = False;
2871 fsp->oplock_type = NO_OPLOCK;
2872 fsp->sent_oplock_break = NO_BREAK_SENT;
2873 fsp->is_directory = True;
2874 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2875 status = fsp_set_smb_fname(fsp, smb_dname);
2876 if (!NT_STATUS_IS_OK(status)) {
2877 file_free(req, fsp);
2881 mtimespec = smb_dname->st.st_ex_mtime;
2884 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
2886 /* POSIX allows us to open a directory with O_RDONLY. */
2887 status = fd_open(conn, fsp, O_RDONLY, 0);
2889 if (!NT_STATUS_IS_OK(status)) {
2890 DEBUG(5, ("open_directory: Could not open fd for "
2892 smb_fname_str_dbg(smb_dname),
2893 nt_errstr(status)));
2894 file_free(req, fsp);
2898 status = vfs_stat_fsp(fsp);
2899 if (!NT_STATUS_IS_OK(status)) {
2901 file_free(req, fsp);
2905 /* Ensure there was no race condition. */
2906 if (!check_same_stat(&smb_dname->st, &fsp->fsp_name->st)) {
2907 DEBUG(5,("open_directory: stat struct differs for "
2909 smb_fname_str_dbg(smb_dname)));
2911 file_free(req, fsp);
2912 return NT_STATUS_ACCESS_DENIED;
2915 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2916 conn->connectpath, smb_dname,
2920 DEBUG(0, ("open_directory: Could not get share mode lock for "
2921 "%s\n", smb_fname_str_dbg(smb_dname)));
2923 file_free(req, fsp);
2924 return NT_STATUS_SHARING_VIOLATION;
2927 status = open_mode_check(conn, lck, fsp->name_hash,
2928 access_mask, share_access,
2929 create_options, &dir_existed);
2931 if (!NT_STATUS_IS_OK(status)) {
2934 file_free(req, fsp);
2938 set_share_mode(lck, fsp, get_current_uid(conn),
2939 req ? req->mid : 0, NO_OPLOCK);
2941 /* For directories the delete on close bit at open time seems
2942 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2943 if (create_options & FILE_DELETE_ON_CLOSE) {
2944 status = can_set_delete_on_close(fsp, 0);
2945 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2948 file_free(req, fsp);
2952 if (NT_STATUS_IS_OK(status)) {
2953 /* Note that here we set the *inital* delete on close flag,
2954 not the regular one. The magic gets handled in close. */
2955 fsp->initial_delete_on_close = True;
2966 return NT_STATUS_OK;
2969 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
2970 struct smb_filename *smb_dname)
2975 status = SMB_VFS_CREATE_FILE(
2978 0, /* root_dir_fid */
2979 smb_dname, /* fname */
2980 FILE_READ_ATTRIBUTES, /* access_mask */
2981 FILE_SHARE_NONE, /* share_access */
2982 FILE_CREATE, /* create_disposition*/
2983 FILE_DIRECTORY_FILE, /* create_options */
2984 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
2985 0, /* oplock_request */
2986 0, /* allocation_size */
2987 0, /* private_flags */
2993 if (NT_STATUS_IS_OK(status)) {
2994 close_file(req, fsp, NORMAL_CLOSE);
3000 /****************************************************************************
3001 Receive notification that one of our open files has been renamed by another
3003 ****************************************************************************/
3005 void msg_file_was_renamed(struct messaging_context *msg,
3008 struct server_id server_id,
3012 char *frm = (char *)data->data;
3014 const char *sharepath;
3015 const char *base_name;
3016 const char *stream_name;
3017 struct smb_filename *smb_fname = NULL;
3018 size_t sp_len, bn_len;
3020 struct smbd_server_connection *sconn =
3021 talloc_get_type_abort(private_data,
3022 struct smbd_server_connection);
3024 if (data->data == NULL
3025 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
3026 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
3027 (int)data->length));
3031 /* Unpack the message. */
3032 pull_file_id_24(frm, &id);
3033 sharepath = &frm[24];
3034 sp_len = strlen(sharepath);
3035 base_name = sharepath + sp_len + 1;
3036 bn_len = strlen(base_name);
3037 stream_name = sharepath + sp_len + 1 + bn_len + 1;
3039 /* stream_name must always be NULL if there is no stream. */
3040 if (stream_name[0] == '\0') {
3044 status = create_synthetic_smb_fname(talloc_tos(), base_name,
3045 stream_name, NULL, &smb_fname);
3046 if (!NT_STATUS_IS_OK(status)) {
3050 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
3052 sharepath, smb_fname_str_dbg(smb_fname),
3053 file_id_string_tos(&id)));
3055 for(fsp = file_find_di_first(sconn, id); fsp;
3056 fsp = file_find_di_next(fsp)) {
3057 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
3059 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
3060 fsp->fnum, fsp_str_dbg(fsp),
3061 smb_fname_str_dbg(smb_fname)));
3062 status = fsp_set_smb_fname(fsp, smb_fname);
3063 if (!NT_STATUS_IS_OK(status)) {
3068 /* Now we have the complete path we can work out if this is
3069 actually within this share and adjust newname accordingly. */
3070 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
3071 "not sharepath %s) "
3072 "fnum %d from %s -> %s\n",
3073 fsp->conn->connectpath,
3077 smb_fname_str_dbg(smb_fname)));
3081 TALLOC_FREE(smb_fname);
3086 * If a main file is opened for delete, all streams need to be checked for
3087 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
3088 * If that works, delete them all by setting the delete on close and close.
3091 NTSTATUS open_streams_for_delete(connection_struct *conn,
3094 struct stream_struct *stream_info = NULL;
3095 files_struct **streams = NULL;
3097 unsigned int num_streams = 0;
3098 TALLOC_CTX *frame = talloc_stackframe();
3101 status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
3102 &num_streams, &stream_info);
3104 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
3105 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
3106 DEBUG(10, ("no streams around\n"));
3108 return NT_STATUS_OK;
3111 if (!NT_STATUS_IS_OK(status)) {
3112 DEBUG(10, ("vfs_streaminfo failed: %s\n",
3113 nt_errstr(status)));
3117 DEBUG(10, ("open_streams_for_delete found %d streams\n",
3120 if (num_streams == 0) {
3122 return NT_STATUS_OK;
3125 streams = talloc_array(talloc_tos(), files_struct *, num_streams);
3126 if (streams == NULL) {
3127 DEBUG(0, ("talloc failed\n"));
3128 status = NT_STATUS_NO_MEMORY;
3132 for (i=0; i<num_streams; i++) {
3133 struct smb_filename *smb_fname = NULL;
3135 if (strequal(stream_info[i].name, "::$DATA")) {
3140 status = create_synthetic_smb_fname(talloc_tos(), fname,
3141 stream_info[i].name,
3143 if (!NT_STATUS_IS_OK(status)) {
3147 if (SMB_VFS_STAT(conn, smb_fname) == -1) {
3148 DEBUG(10, ("Unable to stat stream: %s\n",
3149 smb_fname_str_dbg(smb_fname)));
3152 status = SMB_VFS_CREATE_FILE(
3155 0, /* root_dir_fid */
3156 smb_fname, /* fname */
3157 DELETE_ACCESS, /* access_mask */
3158 (FILE_SHARE_READ | /* share_access */
3159 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
3160 FILE_OPEN, /* create_disposition*/
3161 0, /* create_options */
3162 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
3163 0, /* oplock_request */
3164 0, /* allocation_size */
3165 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
3168 &streams[i], /* result */
3171 if (!NT_STATUS_IS_OK(status)) {
3172 DEBUG(10, ("Could not open stream %s: %s\n",
3173 smb_fname_str_dbg(smb_fname),
3174 nt_errstr(status)));
3176 TALLOC_FREE(smb_fname);
3179 TALLOC_FREE(smb_fname);
3183 * don't touch the variable "status" beyond this point :-)
3186 for (i -= 1 ; i >= 0; i--) {
3187 if (streams[i] == NULL) {
3191 DEBUG(10, ("Closing stream # %d, %s\n", i,
3192 fsp_str_dbg(streams[i])));
3193 close_file(NULL, streams[i], NORMAL_CLOSE);
3201 /*********************************************************************
3202 Create a default ACL by inheriting from the parent. If no inheritance
3203 from the parent available, don't set anything. This will leave the actual
3204 permissions the new file or directory already got from the filesystem
3205 as the NT ACL when read.
3206 *********************************************************************/
3208 static NTSTATUS inherit_new_acl(files_struct *fsp)
3210 TALLOC_CTX *ctx = talloc_tos();
3211 char *parent_name = NULL;
3212 struct security_descriptor *parent_desc = NULL;
3213 NTSTATUS status = NT_STATUS_OK;
3214 struct security_descriptor *psd = NULL;
3215 struct dom_sid *owner_sid = NULL;
3216 struct dom_sid *group_sid = NULL;
3217 uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
3218 bool inherit_owner = lp_inherit_owner(SNUM(fsp->conn));
3219 bool inheritable_components = false;
3222 if (!parent_dirname(ctx, fsp->fsp_name->base_name, &parent_name, NULL)) {
3223 return NT_STATUS_NO_MEMORY;
3226 status = SMB_VFS_GET_NT_ACL(fsp->conn,
3228 (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
3230 if (!NT_STATUS_IS_OK(status)) {
3234 inheritable_components = sd_has_inheritable_components(parent_desc,
3237 if (!inheritable_components && !inherit_owner) {
3238 /* Nothing to inherit and not setting owner. */
3239 return NT_STATUS_OK;
3242 /* Create an inherited descriptor from the parent. */
3244 if (DEBUGLEVEL >= 10) {
3245 DEBUG(10,("inherit_new_acl: parent acl for %s is:\n",
3246 fsp_str_dbg(fsp) ));
3247 NDR_PRINT_DEBUG(security_descriptor, parent_desc);
3250 /* Inherit from parent descriptor if "inherit owner" set. */
3251 if (inherit_owner) {
3252 owner_sid = parent_desc->owner_sid;
3253 group_sid = parent_desc->group_sid;
3256 if (owner_sid == NULL) {
3257 owner_sid = &fsp->conn->session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
3259 if (group_sid == NULL) {
3260 group_sid = &fsp->conn->session_info->security_token->sids[PRIMARY_GROUP_SID_INDEX];
3263 status = se_create_child_secdesc(ctx,
3270 if (!NT_STATUS_IS_OK(status)) {
3274 /* If inheritable_components == false,
3275 se_create_child_secdesc()
3276 creates a security desriptor with a NULL dacl
3277 entry, but with SEC_DESC_DACL_PRESENT. We need
3278 to remove that flag. */
3280 if (!inheritable_components) {
3281 security_info_sent &= ~SECINFO_DACL;
3282 psd->type &= ~SEC_DESC_DACL_PRESENT;
3285 if (DEBUGLEVEL >= 10) {
3286 DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
3287 fsp_str_dbg(fsp) ));
3288 NDR_PRINT_DEBUG(security_descriptor, psd);
3291 if (inherit_owner) {
3292 /* We need to be root to force this. */
3295 status = SMB_VFS_FSET_NT_ACL(fsp,
3298 if (inherit_owner) {
3305 * Wrapper around open_file_ntcreate and open_directory
3308 static NTSTATUS create_file_unixpath(connection_struct *conn,
3309 struct smb_request *req,
3310 struct smb_filename *smb_fname,
3311 uint32_t access_mask,
3312 uint32_t share_access,
3313 uint32_t create_disposition,
3314 uint32_t create_options,
3315 uint32_t file_attributes,
3316 uint32_t oplock_request,
3317 uint64_t allocation_size,
3318 uint32_t private_flags,
3319 struct security_descriptor *sd,
3320 struct ea_list *ea_list,
3322 files_struct **result,
3325 int info = FILE_WAS_OPENED;
3326 files_struct *base_fsp = NULL;
3327 files_struct *fsp = NULL;
3330 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
3331 "file_attributes = 0x%x, share_access = 0x%x, "
3332 "create_disposition = 0x%x create_options = 0x%x "
3333 "oplock_request = 0x%x private_flags = 0x%x "
3334 "ea_list = 0x%p, sd = 0x%p, "
3336 (unsigned int)access_mask,
3337 (unsigned int)file_attributes,
3338 (unsigned int)share_access,
3339 (unsigned int)create_disposition,
3340 (unsigned int)create_options,
3341 (unsigned int)oplock_request,
3342 (unsigned int)private_flags,
3343 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3345 if (create_options & FILE_OPEN_BY_FILE_ID) {
3346 status = NT_STATUS_NOT_SUPPORTED;
3350 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
3351 status = NT_STATUS_INVALID_PARAMETER;
3356 oplock_request |= INTERNAL_OPEN_ONLY;
3359 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3360 && (access_mask & DELETE_ACCESS)
3361 && !is_ntfs_stream_smb_fname(smb_fname)) {
3363 * We can't open a file with DELETE access if any of the
3364 * streams is open without FILE_SHARE_DELETE
3366 status = open_streams_for_delete(conn, smb_fname->base_name);
3368 if (!NT_STATUS_IS_OK(status)) {
3373 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
3374 !security_token_has_privilege(get_current_nttok(conn),
3375 SEC_PRIV_SECURITY)) {
3376 DEBUG(10, ("create_file_unixpath: open on %s "
3377 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3378 smb_fname_str_dbg(smb_fname)));
3379 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3383 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3384 && is_ntfs_stream_smb_fname(smb_fname)
3385 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
3386 uint32 base_create_disposition;
3387 struct smb_filename *smb_fname_base = NULL;
3389 if (create_options & FILE_DIRECTORY_FILE) {
3390 status = NT_STATUS_NOT_A_DIRECTORY;
3394 switch (create_disposition) {
3396 base_create_disposition = FILE_OPEN;
3399 base_create_disposition = FILE_OPEN_IF;
3403 /* Create an smb_filename with stream_name == NULL. */
3404 status = create_synthetic_smb_fname(talloc_tos(),
3405 smb_fname->base_name,
3408 if (!NT_STATUS_IS_OK(status)) {
3412 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
3413 DEBUG(10, ("Unable to stat stream: %s\n",
3414 smb_fname_str_dbg(smb_fname_base)));
3417 /* Open the base file. */
3418 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
3421 | FILE_SHARE_DELETE,
3422 base_create_disposition,
3423 0, 0, 0, 0, 0, NULL, NULL,
3425 TALLOC_FREE(smb_fname_base);
3427 if (!NT_STATUS_IS_OK(status)) {
3428 DEBUG(10, ("create_file_unixpath for base %s failed: "
3429 "%s\n", smb_fname->base_name,
3430 nt_errstr(status)));
3433 /* we don't need to low level fd */
3438 * If it's a request for a directory open, deal with it separately.
3441 if (create_options & FILE_DIRECTORY_FILE) {
3443 if (create_options & FILE_NON_DIRECTORY_FILE) {
3444 status = NT_STATUS_INVALID_PARAMETER;
3448 /* Can't open a temp directory. IFS kit test. */
3449 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
3450 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
3451 status = NT_STATUS_INVALID_PARAMETER;
3456 * We will get a create directory here if the Win32
3457 * app specified a security descriptor in the
3458 * CreateDirectory() call.
3462 status = open_directory(
3463 conn, req, smb_fname, access_mask, share_access,
3464 create_disposition, create_options, file_attributes,
3469 * Ordinary file case.
3472 status = file_new(req, conn, &fsp);
3473 if(!NT_STATUS_IS_OK(status)) {
3477 status = fsp_set_smb_fname(fsp, smb_fname);
3478 if (!NT_STATUS_IS_OK(status)) {
3483 * We're opening the stream element of a base_fsp
3484 * we already opened. Set up the base_fsp pointer.
3487 fsp->base_fsp = base_fsp;
3490 status = open_file_ntcreate(conn,
3502 if(!NT_STATUS_IS_OK(status)) {
3503 file_free(req, fsp);
3507 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3509 /* A stream open never opens a directory */
3512 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3517 * Fail the open if it was explicitly a non-directory
3521 if (create_options & FILE_NON_DIRECTORY_FILE) {
3522 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3527 status = open_directory(
3528 conn, req, smb_fname, access_mask,
3529 share_access, create_disposition,
3530 create_options, file_attributes,
3535 if (!NT_STATUS_IS_OK(status)) {
3539 fsp->base_fsp = base_fsp;
3541 if ((ea_list != NULL) &&
3542 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
3543 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
3544 if (!NT_STATUS_IS_OK(status)) {
3549 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
3550 status = NT_STATUS_ACCESS_DENIED;
3554 /* Save the requested allocation size. */
3555 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3557 && (allocation_size > fsp->fsp_name->st.st_ex_size)) {
3558 fsp->initial_allocation_size = smb_roundup(
3559 fsp->conn, allocation_size);
3560 if (fsp->is_directory) {
3561 /* Can't set allocation size on a directory. */
3562 status = NT_STATUS_ACCESS_DENIED;
3565 if (vfs_allocate_file_space(
3566 fsp, fsp->initial_allocation_size) == -1) {
3567 status = NT_STATUS_DISK_FULL;
3571 fsp->initial_allocation_size = smb_roundup(
3572 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
3576 if ((info == FILE_WAS_CREATED) && lp_nt_acl_support(SNUM(conn)) &&
3577 fsp->base_fsp == NULL) {
3580 * According to the MS documentation, the only time the security
3581 * descriptor is applied to the opened file is iff we *created* the
3582 * file; an existing file stays the same.
3584 * Also, it seems (from observation) that you can open the file with
3585 * any access mask but you can still write the sd. We need to override
3586 * the granted access before we call set_sd
3587 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3590 uint32_t sec_info_sent;
3591 uint32_t saved_access_mask = fsp->access_mask;
3593 sec_info_sent = get_sec_info(sd);
3595 fsp->access_mask = FILE_GENERIC_ALL;
3597 /* Convert all the generic bits. */
3598 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3599 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3601 if (sec_info_sent & (SECINFO_OWNER|
3605 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3608 fsp->access_mask = saved_access_mask;
3610 if (!NT_STATUS_IS_OK(status)) {
3613 } else if (lp_inherit_acls(SNUM(conn))) {
3614 /* Inherit from parent. Errors here are not fatal. */
3615 status = inherit_new_acl(fsp);
3616 if (!NT_STATUS_IS_OK(status)) {
3617 DEBUG(10,("inherit_new_acl: failed for %s with %s\n",
3619 nt_errstr(status) ));
3624 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3627 if (pinfo != NULL) {
3631 smb_fname->st = fsp->fsp_name->st;
3633 return NT_STATUS_OK;
3636 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3639 if (base_fsp && fsp->base_fsp == base_fsp) {
3641 * The close_file below will close
3646 close_file(req, fsp, ERROR_CLOSE);
3649 if (base_fsp != NULL) {
3650 close_file(req, base_fsp, ERROR_CLOSE);
3657 * Calculate the full path name given a relative fid.
3659 NTSTATUS get_relative_fid_filename(connection_struct *conn,
3660 struct smb_request *req,
3661 uint16_t root_dir_fid,
3662 const struct smb_filename *smb_fname,
3663 struct smb_filename **smb_fname_out)
3665 files_struct *dir_fsp;
3666 char *parent_fname = NULL;
3667 char *new_base_name = NULL;
3670 if (root_dir_fid == 0 || !smb_fname) {
3671 status = NT_STATUS_INTERNAL_ERROR;
3675 dir_fsp = file_fsp(req, root_dir_fid);
3677 if (dir_fsp == NULL) {
3678 status = NT_STATUS_INVALID_HANDLE;
3682 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
3683 status = NT_STATUS_INVALID_HANDLE;
3687 if (!dir_fsp->is_directory) {
3690 * Check to see if this is a mac fork of some kind.
3693 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3694 is_ntfs_stream_smb_fname(smb_fname)) {
3695 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3700 we need to handle the case when we get a
3701 relative open relative to a file and the
3702 pathname is blank - this is a reopen!
3703 (hint from demyn plantenberg)
3706 status = NT_STATUS_INVALID_HANDLE;
3710 if (ISDOT(dir_fsp->fsp_name->base_name)) {
3712 * We're at the toplevel dir, the final file name
3713 * must not contain ./, as this is filtered out
3714 * normally by srvstr_get_path and unix_convert
3715 * explicitly rejects paths containing ./.
3717 parent_fname = talloc_strdup(talloc_tos(), "");
3718 if (parent_fname == NULL) {
3719 status = NT_STATUS_NO_MEMORY;
3723 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
3726 * Copy in the base directory name.
3729 parent_fname = talloc_array(talloc_tos(), char,
3731 if (parent_fname == NULL) {
3732 status = NT_STATUS_NO_MEMORY;
3735 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
3739 * Ensure it ends in a '/'.
3740 * We used TALLOC_SIZE +2 to add space for the '/'.
3744 && (parent_fname[dir_name_len-1] != '\\')
3745 && (parent_fname[dir_name_len-1] != '/')) {
3746 parent_fname[dir_name_len] = '/';
3747 parent_fname[dir_name_len+1] = '\0';
3751 new_base_name = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3752 smb_fname->base_name);
3753 if (new_base_name == NULL) {
3754 status = NT_STATUS_NO_MEMORY;
3758 status = filename_convert(req,
3760 req->flags2 & FLAGS2_DFS_PATHNAMES,
3765 if (!NT_STATUS_IS_OK(status)) {
3770 TALLOC_FREE(parent_fname);
3771 TALLOC_FREE(new_base_name);
3775 NTSTATUS create_file_default(connection_struct *conn,
3776 struct smb_request *req,
3777 uint16_t root_dir_fid,
3778 struct smb_filename *smb_fname,
3779 uint32_t access_mask,
3780 uint32_t share_access,
3781 uint32_t create_disposition,
3782 uint32_t create_options,
3783 uint32_t file_attributes,
3784 uint32_t oplock_request,
3785 uint64_t allocation_size,
3786 uint32_t private_flags,
3787 struct security_descriptor *sd,
3788 struct ea_list *ea_list,
3789 files_struct **result,
3792 int info = FILE_WAS_OPENED;
3793 files_struct *fsp = NULL;
3795 bool stream_name = false;
3797 DEBUG(10,("create_file: access_mask = 0x%x "
3798 "file_attributes = 0x%x, share_access = 0x%x, "
3799 "create_disposition = 0x%x create_options = 0x%x "
3800 "oplock_request = 0x%x "
3801 "private_flags = 0x%x "
3802 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3804 (unsigned int)access_mask,
3805 (unsigned int)file_attributes,
3806 (unsigned int)share_access,
3807 (unsigned int)create_disposition,
3808 (unsigned int)create_options,
3809 (unsigned int)oplock_request,
3810 (unsigned int)private_flags,
3811 (unsigned int)root_dir_fid,
3812 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3815 * Calculate the filename from the root_dir_if if necessary.
3818 if (root_dir_fid != 0) {
3819 struct smb_filename *smb_fname_out = NULL;
3820 status = get_relative_fid_filename(conn, req, root_dir_fid,
3821 smb_fname, &smb_fname_out);
3822 if (!NT_STATUS_IS_OK(status)) {
3825 smb_fname = smb_fname_out;
3829 * Check to see if this is a mac fork of some kind.
3832 stream_name = is_ntfs_stream_smb_fname(smb_fname);
3834 enum FAKE_FILE_TYPE fake_file_type;
3836 fake_file_type = is_fake_file(smb_fname);
3838 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3841 * Here we go! support for changing the disk quotas
3844 * We need to fake up to open this MAGIC QUOTA file
3845 * and return a valid FID.
3847 * w2k close this file directly after openening xp
3848 * also tries a QUERY_FILE_INFO on the file and then
3851 status = open_fake_file(req, conn, req->vuid,
3852 fake_file_type, smb_fname,
3854 if (!NT_STATUS_IS_OK(status)) {
3858 ZERO_STRUCT(smb_fname->st);
3862 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3863 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3868 if (is_ntfs_default_stream_smb_fname(smb_fname)) {
3870 smb_fname->stream_name = NULL;
3871 /* We have to handle this error here. */
3872 if (create_options & FILE_DIRECTORY_FILE) {
3873 status = NT_STATUS_NOT_A_DIRECTORY;
3876 if (lp_posix_pathnames()) {
3877 ret = SMB_VFS_LSTAT(conn, smb_fname);
3879 ret = SMB_VFS_STAT(conn, smb_fname);
3882 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) {
3883 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3888 status = create_file_unixpath(
3889 conn, req, smb_fname, access_mask, share_access,
3890 create_disposition, create_options, file_attributes,
3891 oplock_request, allocation_size, private_flags,
3895 if (!NT_STATUS_IS_OK(status)) {
3900 DEBUG(10, ("create_file: info=%d\n", info));
3903 if (pinfo != NULL) {
3906 return NT_STATUS_OK;
3909 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3912 close_file(req, fsp, ERROR_CLOSE);
git.samba.org / mat / samba.git / blob