2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "smbd/globals.h"
25 extern const struct generic_mapping file_generic_mapping;
27 struct deferred_open_record {
28 bool delayed_for_oplocks;
32 static NTSTATUS create_file_unixpath(connection_struct *conn,
33 struct smb_request *req,
36 uint32_t share_access,
37 uint32_t create_disposition,
38 uint32_t create_options,
39 uint32_t file_attributes,
40 uint32_t oplock_request,
41 uint64_t allocation_size,
42 struct security_descriptor *sd,
43 struct ea_list *ea_list,
45 files_struct **result,
47 SMB_STRUCT_STAT *psbuf);
49 /****************************************************************************
50 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
51 ****************************************************************************/
53 NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
54 const NT_USER_TOKEN *token,
55 uint32_t access_desired,
56 uint32_t *access_granted)
58 return se_access_check(sd,
60 (access_desired & ~FILE_READ_ATTRIBUTES),
64 /****************************************************************************
65 Check if we have open rights.
66 ****************************************************************************/
68 static NTSTATUS check_open_rights(struct connection_struct *conn,
71 uint32_t *access_granted)
73 /* Check if we have rights to open. */
75 struct security_descriptor *sd;
79 status = SMB_VFS_GET_NT_ACL(conn, fname,
80 (OWNER_SECURITY_INFORMATION |
81 GROUP_SECURITY_INFORMATION |
82 DACL_SECURITY_INFORMATION),&sd);
84 if (!NT_STATUS_IS_OK(status)) {
85 DEBUG(10, ("check_open_rights: Could not get acl "
92 status = smb1_file_se_access_check(sd,
93 conn->server_info->ptok,
99 DEBUG(10,("check_open_rights: file %s requesting "
100 "0x%x returning 0x%x (%s)\n",
102 (unsigned int)access_mask,
103 (unsigned int)*access_granted,
104 nt_errstr(status) ));
109 /****************************************************************************
110 fd support routines - attempt to do a dos_open.
111 ****************************************************************************/
113 static NTSTATUS fd_open(struct connection_struct *conn,
119 NTSTATUS status = NT_STATUS_OK;
123 * Never follow symlinks on a POSIX client. The
124 * client should be doing this.
127 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
132 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
133 if (fsp->fh->fd == -1) {
134 status = map_nt_error_from_unix(errno);
135 if (errno == EMFILE) {
136 static time_t last_warned = 0L;
138 if (time((time_t *) NULL) > last_warned) {
139 DEBUG(0,("Too many open files, unable "
140 "to open more! smbd's max "
142 lp_max_open_files()));
143 last_warned = time((time_t *) NULL);
149 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
150 fname, flags, (int)mode, fsp->fh->fd,
151 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
156 /****************************************************************************
157 Close the file associated with a fsp.
158 ****************************************************************************/
160 NTSTATUS fd_close(files_struct *fsp)
164 if (fsp->fh->fd == -1) {
165 return NT_STATUS_OK; /* What we used to call a stat open. */
167 if (fsp->fh->ref_count > 1) {
168 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
171 ret = SMB_VFS_CLOSE(fsp);
174 return map_nt_error_from_unix(errno);
179 /****************************************************************************
180 Change the ownership of a file to that of the parent directory.
181 Do this by fd if possible.
182 ****************************************************************************/
184 void change_file_owner_to_parent(connection_struct *conn,
185 const char *inherit_from_dir,
188 SMB_STRUCT_STAT parent_st;
191 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
193 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
194 "directory %s. Error was %s\n",
195 inherit_from_dir, strerror(errno) ));
200 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
203 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
204 "file %s to parent directory uid %u. Error "
205 "was %s\n", fsp->fsp_name,
206 (unsigned int)parent_st.st_uid,
210 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
211 "parent directory uid %u.\n", fsp->fsp_name,
212 (unsigned int)parent_st.st_uid ));
215 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
216 const char *inherit_from_dir,
218 SMB_STRUCT_STAT *psbuf)
220 char *saved_dir = NULL;
221 SMB_STRUCT_STAT sbuf;
222 SMB_STRUCT_STAT parent_st;
223 TALLOC_CTX *ctx = talloc_tos();
224 NTSTATUS status = NT_STATUS_OK;
227 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
229 status = map_nt_error_from_unix(errno);
230 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
231 "directory %s. Error was %s\n",
232 inherit_from_dir, strerror(errno) ));
236 /* We've already done an lstat into psbuf, and we know it's a
237 directory. If we can cd into the directory and the dev/ino
238 are the same then we can safely chown without races as
239 we're locking the directory in place by being in it. This
240 should work on any UNIX (thanks tridge :-). JRA.
243 saved_dir = vfs_GetWd(ctx,conn);
245 status = map_nt_error_from_unix(errno);
246 DEBUG(0,("change_dir_owner_to_parent: failed to get "
247 "current working directory. Error was %s\n",
252 /* Chdir into the new path. */
253 if (vfs_ChDir(conn, fname) == -1) {
254 status = map_nt_error_from_unix(errno);
255 DEBUG(0,("change_dir_owner_to_parent: failed to change "
256 "current working directory to %s. Error "
257 "was %s\n", fname, strerror(errno) ));
261 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
262 status = map_nt_error_from_unix(errno);
263 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
264 "directory '.' (%s) Error was %s\n",
265 fname, strerror(errno)));
269 /* Ensure we're pointing at the same place. */
270 if (sbuf.st_dev != psbuf->st_dev ||
271 sbuf.st_ino != psbuf->st_ino ||
272 sbuf.st_mode != psbuf->st_mode ) {
273 DEBUG(0,("change_dir_owner_to_parent: "
274 "device/inode/mode on directory %s changed. "
275 "Refusing to chown !\n", fname ));
276 status = NT_STATUS_ACCESS_DENIED;
281 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
284 status = map_nt_error_from_unix(errno);
285 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
286 "directory %s to parent directory uid %u. "
287 "Error was %s\n", fname,
288 (unsigned int)parent_st.st_uid, strerror(errno) ));
292 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
293 "directory %s to parent directory uid %u.\n",
294 fname, (unsigned int)parent_st.st_uid ));
298 vfs_ChDir(conn,saved_dir);
302 /****************************************************************************
304 ****************************************************************************/
306 static NTSTATUS open_file(files_struct *fsp,
307 connection_struct *conn,
308 struct smb_request *req,
309 const char *parent_dir,
312 SMB_STRUCT_STAT *psbuf,
315 uint32 access_mask, /* client requested access mask. */
316 uint32 open_access_mask) /* what we're actually using in the open. */
318 NTSTATUS status = NT_STATUS_OK;
319 int accmode = (flags & O_ACCMODE);
320 int local_flags = flags;
321 bool file_existed = VALID_STAT(*psbuf);
326 /* Check permissions */
329 * This code was changed after seeing a client open request
330 * containing the open mode of (DENY_WRITE/read-only) with
331 * the 'create if not exist' bit set. The previous code
332 * would fail to open the file read only on a read-only share
333 * as it was checking the flags parameter directly against O_RDONLY,
334 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
338 if (!CAN_WRITE(conn)) {
339 /* It's a read-only share - fail if we wanted to write. */
340 if(accmode != O_RDONLY) {
341 DEBUG(3,("Permission denied opening %s\n", path));
342 return NT_STATUS_ACCESS_DENIED;
343 } else if(flags & O_CREAT) {
344 /* We don't want to write - but we must make sure that
345 O_CREAT doesn't create the file if we have write
346 access into the directory.
349 local_flags &= ~O_CREAT;
354 * This little piece of insanity is inspired by the
355 * fact that an NT client can open a file for O_RDONLY,
356 * but set the create disposition to FILE_EXISTS_TRUNCATE.
357 * If the client *can* write to the file, then it expects to
358 * truncate the file, even though it is opening for readonly.
359 * Quicken uses this stupid trick in backup file creation...
360 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
361 * for helping track this one down. It didn't bite us in 2.0.x
362 * as we always opened files read-write in that release. JRA.
365 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
366 DEBUG(10,("open_file: truncate requested on read-only open "
367 "for file %s\n", path));
368 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
371 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
372 (!file_existed && (local_flags & O_CREAT)) ||
373 ((local_flags & O_TRUNC) == O_TRUNC) ) {
377 * We can't actually truncate here as the file may be locked.
378 * open_file_ntcreate will take care of the truncate later. JRA.
381 local_flags &= ~O_TRUNC;
383 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
385 * We would block on opening a FIFO with no one else on the
386 * other end. Do what we used to do and add O_NONBLOCK to the
390 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
391 local_flags |= O_NONBLOCK;
395 /* Don't create files with Microsoft wildcard characters. */
398 * wildcard characters are allowed in stream names
399 * only test the basefilename
401 wild = fsp->base_fsp->fsp_name;
405 if ((local_flags & O_CREAT) && !file_existed &&
407 return NT_STATUS_OBJECT_NAME_INVALID;
410 /* Actually do the open */
411 status = fd_open(conn, path, fsp, local_flags, unx_mode);
412 if (!NT_STATUS_IS_OK(status)) {
413 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
415 path,nt_errstr(status),local_flags,flags));
419 if ((local_flags & O_CREAT) && !file_existed) {
421 /* Inherit the ACL if required */
422 if (lp_inherit_perms(SNUM(conn))) {
423 inherit_access_posix_acl(conn, parent_dir, path,
427 /* Change the owner if required. */
428 if (lp_inherit_owner(SNUM(conn))) {
429 change_file_owner_to_parent(conn, parent_dir,
433 notify_fname(conn, NOTIFY_ACTION_ADDED,
434 FILE_NOTIFY_CHANGE_FILE_NAME, path);
438 fsp->fh->fd = -1; /* What we used to call a stat open. */
440 uint32_t access_granted = 0;
442 status = check_open_rights(conn,
446 if (!NT_STATUS_IS_OK(status)) {
447 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
448 if ((access_mask & DELETE_ACCESS) &&
449 (access_granted == DELETE_ACCESS) &&
450 can_delete_file_in_directory(conn, path)) {
451 /* Were we trying to do a stat open
452 * for delete and didn't get DELETE
453 * access (only) ? Check if the
454 * directory allows DELETE_CHILD.
456 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
459 DEBUG(10,("open_file: overrode ACCESS_DENIED "
463 DEBUG(10, ("open_file: Access denied on "
468 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
470 S_ISLNK(psbuf->st_mode)) {
471 /* This is a POSIX stat open for delete
472 * or rename on a symlink that points
474 DEBUG(10, ("open_file: allowing POSIX open "
475 "on bad symlink %s\n",
478 DEBUG(10, ("open_file: check_open_rights "
479 "on file %s returned %s\n",
480 path, nt_errstr(status) ));
490 if (fsp->fh->fd == -1) {
491 ret = SMB_VFS_STAT(conn, path, psbuf);
493 ret = SMB_VFS_FSTAT(fsp, psbuf);
494 /* If we have an fd, this stat should succeed. */
496 DEBUG(0,("Error doing fstat on open file %s "
497 "(%s)\n", path,strerror(errno) ));
501 /* For a non-io open, this stat failing means file not found. JRA */
503 status = map_nt_error_from_unix(errno);
510 * POSIX allows read-only opens of directories. We don't
511 * want to do this (we use a different code path for this)
512 * so catch a directory open and return an EISDIR. JRA.
515 if(S_ISDIR(psbuf->st_mode)) {
518 return NT_STATUS_FILE_IS_A_DIRECTORY;
521 fsp->mode = psbuf->st_mode;
522 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
523 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
524 fsp->file_pid = req ? req->smbpid : 0;
525 fsp->can_lock = True;
526 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
527 if (!CAN_WRITE(conn)) {
528 fsp->can_write = False;
530 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
533 fsp->print_file = False;
534 fsp->modified = False;
535 fsp->sent_oplock_break = NO_BREAK_SENT;
536 fsp->is_directory = False;
537 if (conn->aio_write_behind_list &&
538 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
539 fsp->aio_write_behind = True;
542 string_set(&fsp->fsp_name, path);
543 fsp->wcp = NULL; /* Write cache pointer. */
545 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
546 conn->server_info->unix_name,
548 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
549 conn->num_files_open));
555 /*******************************************************************
556 Return True if the filename is one of the special executable types.
557 ********************************************************************/
559 bool is_executable(const char *fname)
561 if ((fname = strrchr_m(fname,'.'))) {
562 if (strequal(fname,".com") ||
563 strequal(fname,".dll") ||
564 strequal(fname,".exe") ||
565 strequal(fname,".sym")) {
572 /****************************************************************************
573 Check if we can open a file with a share mode.
574 Returns True if conflict, False if not.
575 ****************************************************************************/
577 static bool share_conflict(struct share_mode_entry *entry,
581 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
582 "entry->share_access = 0x%x, "
583 "entry->private_options = 0x%x\n",
584 (unsigned int)entry->access_mask,
585 (unsigned int)entry->share_access,
586 (unsigned int)entry->private_options));
588 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
589 (unsigned int)access_mask, (unsigned int)share_access));
591 if ((entry->access_mask & (FILE_WRITE_DATA|
595 DELETE_ACCESS)) == 0) {
596 DEBUG(10,("share_conflict: No conflict due to "
597 "entry->access_mask = 0x%x\n",
598 (unsigned int)entry->access_mask ));
602 if ((access_mask & (FILE_WRITE_DATA|
606 DELETE_ACCESS)) == 0) {
607 DEBUG(10,("share_conflict: No conflict due to "
608 "access_mask = 0x%x\n",
609 (unsigned int)access_mask ));
613 #if 1 /* JRA TEST - Superdebug. */
614 #define CHECK_MASK(num, am, right, sa, share) \
615 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
616 (unsigned int)(num), (unsigned int)(am), \
617 (unsigned int)(right), (unsigned int)(am)&(right) )); \
618 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
619 (unsigned int)(num), (unsigned int)(sa), \
620 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
621 if (((am) & (right)) && !((sa) & (share))) { \
622 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
623 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
624 (unsigned int)(share) )); \
628 #define CHECK_MASK(num, am, right, sa, share) \
629 if (((am) & (right)) && !((sa) & (share))) { \
630 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
631 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
632 (unsigned int)(share) )); \
637 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
638 share_access, FILE_SHARE_WRITE);
639 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
640 entry->share_access, FILE_SHARE_WRITE);
642 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
643 share_access, FILE_SHARE_READ);
644 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
645 entry->share_access, FILE_SHARE_READ);
647 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
648 share_access, FILE_SHARE_DELETE);
649 CHECK_MASK(6, access_mask, DELETE_ACCESS,
650 entry->share_access, FILE_SHARE_DELETE);
652 DEBUG(10,("share_conflict: No conflict.\n"));
656 #if defined(DEVELOPER)
657 static void validate_my_share_entries(int num,
658 struct share_mode_entry *share_entry)
662 if (!procid_is_me(&share_entry->pid)) {
666 if (is_deferred_open_entry(share_entry) &&
667 !open_was_deferred(share_entry->op_mid)) {
668 char *str = talloc_asprintf(talloc_tos(),
669 "Got a deferred entry without a request: "
671 share_mode_str(talloc_tos(), num, share_entry));
675 if (!is_valid_share_mode_entry(share_entry)) {
679 fsp = file_find_dif(share_entry->id,
680 share_entry->share_file_id);
682 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
683 share_mode_str(talloc_tos(), num, share_entry) ));
684 smb_panic("validate_my_share_entries: Cannot match a "
685 "share entry with an open file\n");
688 if (is_deferred_open_entry(share_entry) ||
689 is_unused_share_mode_entry(share_entry)) {
693 if ((share_entry->op_type == NO_OPLOCK) &&
694 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
695 /* Someone has already written to it, but I haven't yet
700 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
709 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
710 share_mode_str(talloc_tos(), num, share_entry) ));
711 str = talloc_asprintf(talloc_tos(),
712 "validate_my_share_entries: "
713 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
714 fsp->fsp_name, (unsigned int)fsp->oplock_type,
715 (unsigned int)share_entry->op_type );
721 bool is_stat_open(uint32 access_mask)
723 return (access_mask &&
724 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
725 FILE_WRITE_ATTRIBUTES))==0) &&
726 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
727 FILE_WRITE_ATTRIBUTES)) != 0));
730 /****************************************************************************
731 Deal with share modes
732 Invarient: Share mode must be locked on entry and exit.
733 Returns -1 on error, or number of share modes on success (may be zero).
734 ****************************************************************************/
736 static NTSTATUS open_mode_check(connection_struct *conn,
738 struct share_mode_lock *lck,
741 uint32 create_options,
746 if(lck->num_share_modes == 0) {
750 *file_existed = True;
752 /* A delete on close prohibits everything */
754 if (lck->delete_on_close) {
755 return NT_STATUS_DELETE_PENDING;
758 if (is_stat_open(access_mask)) {
759 /* Stat open that doesn't trigger oplock breaks or share mode
760 * checks... ! JRA. */
765 * Check if the share modes will give us access.
768 #if defined(DEVELOPER)
769 for(i = 0; i < lck->num_share_modes; i++) {
770 validate_my_share_entries(i, &lck->share_modes[i]);
774 if (!lp_share_modes(SNUM(conn))) {
778 /* Now we check the share modes, after any oplock breaks. */
779 for(i = 0; i < lck->num_share_modes; i++) {
781 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
785 /* someone else has a share lock on it, check to see if we can
787 if (share_conflict(&lck->share_modes[i],
788 access_mask, share_access)) {
789 return NT_STATUS_SHARING_VIOLATION;
796 static bool is_delete_request(files_struct *fsp) {
797 return ((fsp->access_mask == DELETE_ACCESS) &&
798 (fsp->oplock_type == NO_OPLOCK));
802 * Send a break message to the oplock holder and delay the open for
806 static NTSTATUS send_break_message(files_struct *fsp,
807 struct share_mode_entry *exclusive,
812 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
814 DEBUG(10, ("Sending break request to PID %s\n",
815 procid_str_static(&exclusive->pid)));
816 exclusive->op_mid = mid;
818 /* Create the message. */
819 share_mode_entry_to_message(msg, exclusive);
821 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
822 don't want this set in the share mode struct pointed to by lck. */
824 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
825 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
828 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
829 MSG_SMB_BREAK_REQUEST,
831 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
832 if (!NT_STATUS_IS_OK(status)) {
833 DEBUG(3, ("Could not send oplock break message: %s\n",
841 * 1) No files open at all or internal open: Grant whatever the client wants.
843 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
844 * request, break if the oplock around is a batch oplock. If it's another
845 * requested access type, break.
847 * 3) Only level2 around: Grant level2 and do nothing else.
850 static bool delay_for_oplocks(struct share_mode_lock *lck,
857 struct share_mode_entry *exclusive = NULL;
858 bool valid_entry = false;
859 bool have_level2 = false;
860 bool have_a_none_oplock = false;
861 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
862 lp_level2_oplocks(SNUM(fsp->conn));
864 if (oplock_request & INTERNAL_OPEN_ONLY) {
865 fsp->oplock_type = NO_OPLOCK;
868 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
872 for (i=0; i<lck->num_share_modes; i++) {
874 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
878 /* At least one entry is not an invalid or deferred entry. */
881 if (pass_number == 1) {
882 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
883 SMB_ASSERT(exclusive == NULL);
884 exclusive = &lck->share_modes[i];
887 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
888 SMB_ASSERT(exclusive == NULL);
889 exclusive = &lck->share_modes[i];
893 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
894 SMB_ASSERT(exclusive == NULL);
898 if (lck->share_modes[i].op_type == NO_OPLOCK) {
899 have_a_none_oplock = true;
903 if (exclusive != NULL) { /* Found an exclusive oplock */
904 bool delay_it = is_delete_request(fsp) ?
905 BATCH_OPLOCK_TYPE(exclusive->op_type) : true;
906 SMB_ASSERT(!have_level2);
908 send_break_message(fsp, exclusive, mid, oplock_request);
914 * Match what was requested (fsp->oplock_type) with
915 * what was found in the existing share modes.
919 /* All entries are placeholders or deferred.
920 * Directly grant whatever the client wants. */
921 if (fsp->oplock_type == NO_OPLOCK) {
922 /* Store a level2 oplock, but don't tell the client */
923 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
925 } else if (have_a_none_oplock) {
926 fsp->oplock_type = NO_OPLOCK;
927 } else if (have_level2) {
928 if (fsp->oplock_type == NO_OPLOCK ||
929 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
930 /* Store a level2 oplock, but don't tell the client */
931 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
933 fsp->oplock_type = LEVEL_II_OPLOCK;
936 /* This case can never happen. */
941 * Don't grant level2 to clients that don't want them
942 * or if we've turned them off.
944 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
945 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
948 DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n",
949 fsp->oplock_type, fsp->fsp_name));
955 bool request_timed_out(struct timeval request_time,
956 struct timeval timeout)
958 struct timeval now, end_time;
960 end_time = timeval_sum(&request_time, &timeout);
961 return (timeval_compare(&end_time, &now) < 0);
964 /****************************************************************************
965 Handle the 1 second delay in returning a SHARING_VIOLATION error.
966 ****************************************************************************/
968 static void defer_open(struct share_mode_lock *lck,
969 struct timeval request_time,
970 struct timeval timeout,
971 struct smb_request *req,
972 struct deferred_open_record *state)
978 for (i=0; i<lck->num_share_modes; i++) {
979 struct share_mode_entry *e = &lck->share_modes[i];
981 if (!is_deferred_open_entry(e)) {
985 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
986 DEBUG(0, ("Trying to defer an already deferred "
987 "request: mid=%d, exiting\n", req->mid));
988 exit_server("attempt to defer a deferred request");
992 /* End paranoia check */
994 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
995 "open entry for mid %u\n",
996 (unsigned int)request_time.tv_sec,
997 (unsigned int)request_time.tv_usec,
998 (unsigned int)req->mid));
1000 if (!push_deferred_smb_message(req, request_time, timeout,
1001 (char *)state, sizeof(*state))) {
1002 exit_server("push_deferred_smb_message failed");
1004 add_deferred_open(lck, req->mid, request_time, state->id);
1007 * Push the MID of this packet on the signing queue.
1008 * We only do this once, the first time we push the packet
1009 * onto the deferred open queue, as this has a side effect
1010 * of incrementing the response sequence number.
1013 srv_defer_sign_response(req->mid);
1017 /****************************************************************************
1018 On overwrite open ensure that the attributes match.
1019 ****************************************************************************/
1021 bool open_match_attributes(connection_struct *conn,
1023 uint32 old_dos_attr,
1024 uint32 new_dos_attr,
1025 mode_t existing_unx_mode,
1026 mode_t new_unx_mode,
1027 mode_t *returned_unx_mode)
1029 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1031 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1032 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1034 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1035 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1036 *returned_unx_mode = new_unx_mode;
1038 *returned_unx_mode = (mode_t)0;
1041 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
1042 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1043 "returned_unx_mode = 0%o\n",
1045 (unsigned int)old_dos_attr,
1046 (unsigned int)existing_unx_mode,
1047 (unsigned int)new_dos_attr,
1048 (unsigned int)*returned_unx_mode ));
1050 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1051 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1052 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1053 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1057 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1058 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1059 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1066 /****************************************************************************
1067 Special FCB or DOS processing in the case of a sharing violation.
1068 Try and find a duplicated file handle.
1069 ****************************************************************************/
1071 NTSTATUS fcb_or_dos_open(struct smb_request *req,
1072 connection_struct *conn,
1073 files_struct *fsp_to_dup_into,
1079 uint32 share_access,
1080 uint32 create_options)
1084 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1085 "file %s.\n", fname ));
1087 for(fsp = file_find_di_first(id); fsp;
1088 fsp = file_find_di_next(fsp)) {
1090 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1091 "vuid = %u, file_pid = %u, private_options = 0x%x "
1092 "access_mask = 0x%x\n", fsp->fsp_name,
1093 fsp->fh->fd, (unsigned int)fsp->vuid,
1094 (unsigned int)fsp->file_pid,
1095 (unsigned int)fsp->fh->private_options,
1096 (unsigned int)fsp->access_mask ));
1098 if (fsp->fh->fd != -1 &&
1099 fsp->vuid == vuid &&
1100 fsp->file_pid == file_pid &&
1101 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1102 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1103 (fsp->access_mask & FILE_WRITE_DATA) &&
1104 strequal(fsp->fsp_name, fname)) {
1105 DEBUG(10,("fcb_or_dos_open: file match\n"));
1111 return NT_STATUS_NOT_FOUND;
1114 /* quite an insane set of semantics ... */
1115 if (is_executable(fname) &&
1116 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1117 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1118 return NT_STATUS_INVALID_PARAMETER;
1121 /* We need to duplicate this fsp. */
1122 dup_file_fsp(req, fsp, access_mask, share_access,
1123 create_options, fsp_to_dup_into);
1125 return NT_STATUS_OK;
1128 /****************************************************************************
1129 Open a file with a share mode - old openX method - map into NTCreate.
1130 ****************************************************************************/
1132 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
1133 uint32 *paccess_mask,
1134 uint32 *pshare_mode,
1135 uint32 *pcreate_disposition,
1136 uint32 *pcreate_options)
1140 uint32 create_disposition;
1141 uint32 create_options = FILE_NON_DIRECTORY_FILE;
1143 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1144 "open_func = 0x%x\n",
1145 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
1147 /* Create the NT compatible access_mask. */
1148 switch (GET_OPENX_MODE(deny_mode)) {
1149 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1150 case DOS_OPEN_RDONLY:
1151 access_mask = FILE_GENERIC_READ;
1153 case DOS_OPEN_WRONLY:
1154 access_mask = FILE_GENERIC_WRITE;
1158 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1161 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1162 (unsigned int)GET_OPENX_MODE(deny_mode)));
1166 /* Create the NT compatible create_disposition. */
1167 switch (open_func) {
1168 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1169 create_disposition = FILE_CREATE;
1172 case OPENX_FILE_EXISTS_OPEN:
1173 create_disposition = FILE_OPEN;
1176 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1177 create_disposition = FILE_OPEN_IF;
1180 case OPENX_FILE_EXISTS_TRUNCATE:
1181 create_disposition = FILE_OVERWRITE;
1184 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1185 create_disposition = FILE_OVERWRITE_IF;
1189 /* From samba4 - to be confirmed. */
1190 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1191 create_disposition = FILE_CREATE;
1194 DEBUG(10,("map_open_params_to_ntcreate: bad "
1195 "open_func 0x%x\n", (unsigned int)open_func));
1199 /* Create the NT compatible share modes. */
1200 switch (GET_DENY_MODE(deny_mode)) {
1202 share_mode = FILE_SHARE_NONE;
1206 share_mode = FILE_SHARE_READ;
1210 share_mode = FILE_SHARE_WRITE;
1214 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1218 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1219 if (is_executable(fname)) {
1220 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1222 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1223 share_mode = FILE_SHARE_READ;
1225 share_mode = FILE_SHARE_NONE;
1231 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1232 share_mode = FILE_SHARE_NONE;
1236 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1237 (unsigned int)GET_DENY_MODE(deny_mode) ));
1241 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1242 "share_mode = 0x%x, create_disposition = 0x%x, "
1243 "create_options = 0x%x\n",
1245 (unsigned int)access_mask,
1246 (unsigned int)share_mode,
1247 (unsigned int)create_disposition,
1248 (unsigned int)create_options ));
1251 *paccess_mask = access_mask;
1254 *pshare_mode = share_mode;
1256 if (pcreate_disposition) {
1257 *pcreate_disposition = create_disposition;
1259 if (pcreate_options) {
1260 *pcreate_options = create_options;
1267 static void schedule_defer_open(struct share_mode_lock *lck,
1268 struct timeval request_time,
1269 struct smb_request *req)
1271 struct deferred_open_record state;
1273 /* This is a relative time, added to the absolute
1274 request_time value to get the absolute timeout time.
1275 Note that if this is the second or greater time we enter
1276 this codepath for this particular request mid then
1277 request_time is left as the absolute time of the *first*
1278 time this request mid was processed. This is what allows
1279 the request to eventually time out. */
1281 struct timeval timeout;
1283 /* Normally the smbd we asked should respond within
1284 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1285 * the client did, give twice the timeout as a safety
1286 * measure here in case the other smbd is stuck
1287 * somewhere else. */
1289 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1291 /* Nothing actually uses state.delayed_for_oplocks
1292 but it's handy to differentiate in debug messages
1293 between a 30 second delay due to oplock break, and
1294 a 1 second delay for share mode conflicts. */
1296 state.delayed_for_oplocks = True;
1299 if (!request_timed_out(request_time, timeout)) {
1300 defer_open(lck, request_time, timeout, req, &state);
1304 /****************************************************************************
1305 Work out what access_mask to use from what the client sent us.
1306 ****************************************************************************/
1308 static NTSTATUS calculate_access_mask(connection_struct *conn,
1311 uint32_t access_mask,
1312 uint32_t *access_mask_out)
1317 * Convert GENERIC bits to specific bits.
1320 se_map_generic(&access_mask, &file_generic_mapping);
1322 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1323 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1326 struct security_descriptor *sd;
1327 uint32_t access_granted = 0;
1329 status = SMB_VFS_GET_NT_ACL(conn, fname,
1330 (OWNER_SECURITY_INFORMATION |
1331 GROUP_SECURITY_INFORMATION |
1332 DACL_SECURITY_INFORMATION),&sd);
1334 if (!NT_STATUS_IS_OK(status)) {
1335 DEBUG(10, ("calculate_access_mask: Could not get acl "
1338 nt_errstr(status)));
1339 return NT_STATUS_ACCESS_DENIED;
1342 status = smb1_file_se_access_check(sd,
1343 conn->server_info->ptok,
1349 if (!NT_STATUS_IS_OK(status)) {
1350 DEBUG(10, ("calculate_access_mask: Access denied on "
1351 "file %s: when calculating maximum access\n",
1353 return NT_STATUS_ACCESS_DENIED;
1356 access_mask = access_granted;
1358 access_mask = FILE_GENERIC_ALL;
1362 *access_mask_out = access_mask;
1363 return NT_STATUS_OK;
1366 /****************************************************************************
1367 Open a file with a share mode. Passed in an already created files_struct *.
1368 ****************************************************************************/
1370 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1371 struct smb_request *req,
1373 SMB_STRUCT_STAT *psbuf,
1374 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1375 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1376 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1377 uint32 create_options, /* options such as delete on close. */
1378 uint32 new_dos_attributes, /* attributes used for new file. */
1379 int oplock_request, /* internal Samba oplock codes. */
1380 /* Information (FILE_EXISTS etc.) */
1386 bool file_existed = VALID_STAT(*psbuf);
1387 bool def_acl = False;
1388 bool posix_open = False;
1389 bool new_file_created = False;
1390 bool clear_ads = false;
1392 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1393 mode_t new_unx_mode = (mode_t)0;
1394 mode_t unx_mode = (mode_t)0;
1396 uint32 existing_dos_attributes = 0;
1397 struct pending_message_list *pml = NULL;
1398 struct timeval request_time = timeval_zero();
1399 struct share_mode_lock *lck = NULL;
1400 uint32 open_access_mask = access_mask;
1404 const char *newname;
1408 if (conn->printer) {
1410 * Printers are handled completely differently.
1411 * Most of the passed parameters are ignored.
1415 *pinfo = FILE_WAS_CREATED;
1418 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1420 return print_fsp_open(req, conn, fname, req->vuid, fsp, psbuf);
1423 if (!parent_dirname(talloc_tos(), fname, &parent_dir, &newname)) {
1424 return NT_STATUS_NO_MEMORY;
1427 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1429 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1430 new_dos_attributes = 0;
1432 /* We add aARCH to this as this mode is only used if the file is
1434 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1438 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1439 "access_mask=0x%x share_access=0x%x "
1440 "create_disposition = 0x%x create_options=0x%x "
1441 "unix mode=0%o oplock_request=%d\n",
1442 fname, new_dos_attributes, access_mask, share_access,
1443 create_disposition, create_options, unx_mode,
1446 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1447 DEBUG(0, ("No smb request but not an internal only open!\n"));
1448 return NT_STATUS_INTERNAL_ERROR;
1452 * Only non-internal opens can be deferred at all
1456 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1457 struct deferred_open_record *state =
1458 (struct deferred_open_record *)pml->private_data.data;
1460 /* Remember the absolute time of the original
1461 request with this mid. We'll use it later to
1462 see if this has timed out. */
1464 request_time = pml->request_time;
1466 /* Remove the deferred open entry under lock. */
1467 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1470 DEBUG(0, ("could not get share mode lock\n"));
1472 del_deferred_open_entry(lck, req->mid);
1476 /* Ensure we don't reprocess this message. */
1477 remove_deferred_open_smb_message(req->mid);
1480 status = check_name(conn, fname);
1481 if (!NT_STATUS_IS_OK(status)) {
1486 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1488 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1492 /* ignore any oplock requests if oplocks are disabled */
1493 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1494 IS_VETO_OPLOCK_PATH(conn, fname)) {
1495 /* Mask off everything except the private Samba bits. */
1496 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1499 /* this is for OS/2 long file names - say we don't support them */
1500 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1501 /* OS/2 Workplace shell fix may be main code stream in a later
1503 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1505 if (use_nt_status()) {
1506 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1508 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1511 switch( create_disposition ) {
1513 * Currently we're using FILE_SUPERSEDE as the same as
1514 * FILE_OVERWRITE_IF but they really are
1515 * different. FILE_SUPERSEDE deletes an existing file
1516 * (requiring delete access) then recreates it.
1518 case FILE_SUPERSEDE:
1519 /* If file exists replace/overwrite. If file doesn't
1521 flags2 |= (O_CREAT | O_TRUNC);
1525 case FILE_OVERWRITE_IF:
1526 /* If file exists replace/overwrite. If file doesn't
1528 flags2 |= (O_CREAT | O_TRUNC);
1533 /* If file exists open. If file doesn't exist error. */
1534 if (!file_existed) {
1535 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1536 "requested for file %s and file "
1537 "doesn't exist.\n", fname ));
1539 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1543 case FILE_OVERWRITE:
1544 /* If file exists overwrite. If file doesn't exist
1546 if (!file_existed) {
1547 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1548 "requested for file %s and file "
1549 "doesn't exist.\n", fname ));
1551 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1558 /* If file exists error. If file doesn't exist
1561 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1562 "requested for file %s and file "
1563 "already exists.\n", fname ));
1564 if (S_ISDIR(psbuf->st_mode)) {
1569 return map_nt_error_from_unix(errno);
1571 flags2 |= (O_CREAT|O_EXCL);
1575 /* If file exists open. If file doesn't exist
1581 return NT_STATUS_INVALID_PARAMETER;
1584 /* We only care about matching attributes on file exists and
1587 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1588 (create_disposition == FILE_OVERWRITE_IF))) {
1589 if (!open_match_attributes(conn, fname,
1590 existing_dos_attributes,
1591 new_dos_attributes, psbuf->st_mode,
1592 unx_mode, &new_unx_mode)) {
1593 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1594 "for file %s (%x %x) (0%o, 0%o)\n",
1595 fname, existing_dos_attributes,
1597 (unsigned int)psbuf->st_mode,
1598 (unsigned int)unx_mode ));
1600 return NT_STATUS_ACCESS_DENIED;
1604 status = calculate_access_mask(conn, fname, file_existed,
1607 if (!NT_STATUS_IS_OK(status)) {
1608 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1609 "on file %s returned %s\n",
1611 nt_errstr(status)));
1615 open_access_mask = access_mask;
1617 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1618 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1621 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1622 "access_mask=0x%x\n", fname, access_mask ));
1625 * Note that we ignore the append flag as append does not
1626 * mean the same thing under DOS and Unix.
1629 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1630 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1631 /* DENY_DOS opens are always underlying read-write on the
1632 file handle, no matter what the requested access mask
1634 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1635 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1645 * Currently we only look at FILE_WRITE_THROUGH for create options.
1649 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1654 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1658 if (!posix_open && !CAN_WRITE(conn)) {
1660 * We should really return a permission denied error if either
1661 * O_CREAT or O_TRUNC are set, but for compatibility with
1662 * older versions of Samba we just AND them out.
1664 flags2 &= ~(O_CREAT|O_TRUNC);
1668 * Ensure we can't write on a read-only share or file.
1671 if (flags != O_RDONLY && file_existed &&
1672 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1673 DEBUG(5,("open_file_ntcreate: write access requested for "
1674 "file %s on read only %s\n",
1675 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1677 return NT_STATUS_ACCESS_DENIED;
1680 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1681 fsp->share_access = share_access;
1682 fsp->fh->private_options = create_options;
1683 fsp->access_mask = open_access_mask; /* We change this to the
1684 * requested access_mask after
1685 * the open is done. */
1686 fsp->posix_open = posix_open;
1688 /* Ensure no SAMBA_PRIVATE bits can be set. */
1689 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1691 if (timeval_is_zero(&request_time)) {
1692 request_time = fsp->open_time;
1696 struct timespec old_write_time = get_mtimespec(psbuf);
1697 id = vfs_file_id_from_sbuf(conn, psbuf);
1699 lck = get_share_mode_lock(talloc_tos(), id,
1701 fname, &old_write_time);
1704 DEBUG(0, ("Could not get share mode lock\n"));
1705 return NT_STATUS_SHARING_VIOLATION;
1708 /* First pass - send break only on batch oplocks. */
1710 && delay_for_oplocks(lck, fsp, req->mid, 1,
1712 schedule_defer_open(lck, request_time, req);
1714 return NT_STATUS_SHARING_VIOLATION;
1717 /* Use the client requested access mask here, not the one we
1719 status = open_mode_check(conn, fname, lck,
1720 access_mask, share_access,
1721 create_options, &file_existed);
1723 if (NT_STATUS_IS_OK(status)) {
1724 /* We might be going to allow this open. Check oplock
1726 /* Second pass - send break for both batch or
1727 * exclusive oplocks. */
1729 && delay_for_oplocks(lck, fsp, req->mid, 2,
1731 schedule_defer_open(lck, request_time, req);
1733 return NT_STATUS_SHARING_VIOLATION;
1737 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1738 /* DELETE_PENDING is not deferred for a second */
1743 if (!NT_STATUS_IS_OK(status)) {
1744 uint32 can_access_mask;
1745 bool can_access = True;
1747 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1749 /* Check if this can be done with the deny_dos and fcb
1751 if (create_options &
1752 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1753 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1755 DEBUG(0, ("DOS open without an SMB "
1758 return NT_STATUS_INTERNAL_ERROR;
1761 /* Use the client requested access mask here,
1762 * not the one we open with. */
1763 status = fcb_or_dos_open(req,
1774 if (NT_STATUS_IS_OK(status)) {
1777 *pinfo = FILE_WAS_OPENED;
1779 return NT_STATUS_OK;
1784 * This next line is a subtlety we need for
1785 * MS-Access. If a file open will fail due to share
1786 * permissions and also for security (access) reasons,
1787 * we need to return the access failed error, not the
1788 * share error. We can't open the file due to kernel
1789 * oplock deadlock (it's possible we failed above on
1790 * the open_mode_check()) so use a userspace check.
1793 if (flags & O_RDWR) {
1794 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1795 } else if (flags & O_WRONLY) {
1796 can_access_mask = FILE_WRITE_DATA;
1798 can_access_mask = FILE_READ_DATA;
1801 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1802 !can_access_file_data(conn,fname,psbuf,can_access_mask)) {
1807 * If we're returning a share violation, ensure we
1808 * cope with the braindead 1 second delay.
1811 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1812 lp_defer_sharing_violations()) {
1813 struct timeval timeout;
1814 struct deferred_open_record state;
1817 /* this is a hack to speed up torture tests
1819 timeout_usecs = lp_parm_int(SNUM(conn),
1820 "smbd","sharedelay",
1821 SHARING_VIOLATION_USEC_WAIT);
1823 /* This is a relative time, added to the absolute
1824 request_time value to get the absolute timeout time.
1825 Note that if this is the second or greater time we enter
1826 this codepath for this particular request mid then
1827 request_time is left as the absolute time of the *first*
1828 time this request mid was processed. This is what allows
1829 the request to eventually time out. */
1831 timeout = timeval_set(0, timeout_usecs);
1833 /* Nothing actually uses state.delayed_for_oplocks
1834 but it's handy to differentiate in debug messages
1835 between a 30 second delay due to oplock break, and
1836 a 1 second delay for share mode conflicts. */
1838 state.delayed_for_oplocks = False;
1842 && !request_timed_out(request_time,
1844 defer_open(lck, request_time, timeout,
1852 * We have detected a sharing violation here
1853 * so return the correct error code
1855 status = NT_STATUS_SHARING_VIOLATION;
1857 status = NT_STATUS_ACCESS_DENIED;
1863 * We exit this block with the share entry *locked*.....
1867 SMB_ASSERT(!file_existed || (lck != NULL));
1870 * Ensure we pay attention to default ACLs on directories if required.
1873 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1874 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1878 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1879 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1880 (unsigned int)flags, (unsigned int)flags2,
1881 (unsigned int)unx_mode, (unsigned int)access_mask,
1882 (unsigned int)open_access_mask));
1885 * open_file strips any O_TRUNC flags itself.
1888 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1889 flags|flags2, unx_mode, access_mask,
1892 if (!NT_STATUS_IS_OK(fsp_open)) {
1899 if (!file_existed) {
1900 struct timespec old_write_time = get_mtimespec(psbuf);
1902 * Deal with the race condition where two smbd's detect the
1903 * file doesn't exist and do the create at the same time. One
1904 * of them will win and set a share mode, the other (ie. this
1905 * one) should check if the requested share mode for this
1906 * create is allowed.
1910 * Now the file exists and fsp is successfully opened,
1911 * fsp->dev and fsp->inode are valid and should replace the
1912 * dev=0,inode=0 from a non existent file. Spotted by
1913 * Nadav Danieli <nadavd@exanet.com>. JRA.
1918 lck = get_share_mode_lock(talloc_tos(), id,
1920 fname, &old_write_time);
1923 DEBUG(0, ("open_file_ntcreate: Could not get share "
1924 "mode lock for %s\n", fname));
1926 return NT_STATUS_SHARING_VIOLATION;
1929 /* First pass - send break only on batch oplocks. */
1931 && delay_for_oplocks(lck, fsp, req->mid, 1,
1933 schedule_defer_open(lck, request_time, req);
1936 return NT_STATUS_SHARING_VIOLATION;
1939 status = open_mode_check(conn, fname, lck,
1940 access_mask, share_access,
1941 create_options, &file_existed);
1943 if (NT_STATUS_IS_OK(status)) {
1944 /* We might be going to allow this open. Check oplock
1946 /* Second pass - send break for both batch or
1947 * exclusive oplocks. */
1949 && delay_for_oplocks(lck, fsp, req->mid, 2,
1951 schedule_defer_open(lck, request_time, req);
1954 return NT_STATUS_SHARING_VIOLATION;
1958 if (!NT_STATUS_IS_OK(status)) {
1959 struct deferred_open_record state;
1963 state.delayed_for_oplocks = False;
1966 /* Do it all over again immediately. In the second
1967 * round we will find that the file existed and handle
1968 * the DELETE_PENDING and FCB cases correctly. No need
1969 * to duplicate the code here. Essentially this is a
1970 * "goto top of this function", but don't tell
1974 defer_open(lck, request_time, timeval_zero(),
1982 * We exit this block with the share entry *locked*.....
1987 SMB_ASSERT(lck != NULL);
1989 /* Delete streams if create_disposition requires it */
1990 if (file_existed && clear_ads && !is_ntfs_stream_name(fname)) {
1991 status = delete_all_streams(conn, fname);
1992 if (!NT_STATUS_IS_OK(status)) {
1999 /* note that we ignore failure for the following. It is
2000 basically a hack for NFS, and NFS will never set one of
2001 these only read them. Nobody but Samba can ever set a deny
2002 mode and we have already checked our more authoritative
2003 locking database for permission to set this deny mode. If
2004 the kernel refuses the operations then the kernel is wrong.
2005 note that GPFS supports it as well - jmcd */
2007 if (fsp->fh->fd != -1) {
2008 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
2009 if(ret_flock == -1 ){
2014 return NT_STATUS_SHARING_VIOLATION;
2019 * At this point onwards, we can guarentee that the share entry
2020 * is locked, whether we created the file or not, and that the
2021 * deny mode is compatible with all current opens.
2025 * If requested, truncate the file.
2028 if (flags2&O_TRUNC) {
2030 * We are modifing the file after open - update the stat
2033 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2034 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
2035 status = map_nt_error_from_unix(errno);
2042 /* Record the options we were opened with. */
2043 fsp->share_access = share_access;
2044 fsp->fh->private_options = create_options;
2046 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2048 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2051 /* stat opens on existing files don't get oplocks. */
2052 if (is_stat_open(open_access_mask)) {
2053 fsp->oplock_type = NO_OPLOCK;
2056 if (!(flags2 & O_TRUNC)) {
2057 info = FILE_WAS_OPENED;
2059 info = FILE_WAS_OVERWRITTEN;
2062 info = FILE_WAS_CREATED;
2070 * Setup the oplock info in both the shared memory and
2074 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2075 /* Could not get the kernel oplock */
2076 fsp->oplock_type = NO_OPLOCK;
2079 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2080 new_file_created = True;
2083 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
2086 /* Handle strange delete on close create semantics. */
2087 if (create_options & FILE_DELETE_ON_CLOSE) {
2089 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
2091 if (!NT_STATUS_IS_OK(status)) {
2092 /* Remember to delete the mode we just added. */
2093 del_share_mode(lck, fsp);
2098 /* Note that here we set the *inital* delete on close flag,
2099 not the regular one. The magic gets handled in close. */
2100 fsp->initial_delete_on_close = True;
2103 if (new_file_created) {
2104 /* Files should be initially set as archive */
2105 if (lp_map_archive(SNUM(conn)) ||
2106 lp_store_dos_attributes(SNUM(conn))) {
2108 SMB_STRUCT_STAT tmp_sbuf;
2109 SET_STAT_INVALID(tmp_sbuf);
2110 if (file_set_dosmode(
2112 new_dos_attributes | aARCH,
2113 &tmp_sbuf, parent_dir,
2115 unx_mode = tmp_sbuf.st_mode;
2122 * Take care of inherited ACLs on created files - if default ACL not
2126 if (!posix_open && !file_existed && !def_acl) {
2128 int saved_errno = errno; /* We might get ENOSYS in the next
2131 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2133 errno = saved_errno; /* Ignore ENOSYS */
2136 } else if (new_unx_mode) {
2140 /* Attributes need changing. File already existed. */
2143 int saved_errno = errno; /* We might get ENOSYS in the
2145 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2147 if (ret == -1 && errno == ENOSYS) {
2148 errno = saved_errno; /* Ignore ENOSYS */
2150 DEBUG(5, ("open_file_ntcreate: reset "
2151 "attributes of file %s to 0%o\n",
2152 fname, (unsigned int)new_unx_mode));
2153 ret = 0; /* Don't do the fchmod below. */
2158 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2159 DEBUG(5, ("open_file_ntcreate: failed to reset "
2160 "attributes of file %s to 0%o\n",
2161 fname, (unsigned int)new_unx_mode));
2164 /* If this is a successful open, we must remove any deferred open
2167 del_deferred_open_entry(lck, req->mid);
2171 return NT_STATUS_OK;
2175 /****************************************************************************
2176 Open a file for for write to ensure that we can fchmod it.
2177 ****************************************************************************/
2179 NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn,
2181 SMB_STRUCT_STAT *psbuf, files_struct **result)
2183 files_struct *fsp = NULL;
2186 if (!VALID_STAT(*psbuf)) {
2187 return NT_STATUS_INVALID_PARAMETER;
2190 status = file_new(req, conn, &fsp);
2191 if(!NT_STATUS_IS_OK(status)) {
2195 status = SMB_VFS_CREATE_FILE(
2198 0, /* root_dir_fid */
2200 0, /* create_file_flags */
2201 FILE_WRITE_DATA, /* access_mask */
2202 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2204 FILE_OPEN, /* create_disposition*/
2205 0, /* create_options */
2206 0, /* file_attributes */
2207 0, /* oplock_request */
2208 0, /* allocation_size */
2216 * This is not a user visible file open.
2217 * Don't set a share mode.
2220 if (!NT_STATUS_IS_OK(status)) {
2221 file_free(req, fsp);
2226 return NT_STATUS_OK;
2229 /****************************************************************************
2230 Close the fchmod file fd - ensure no locks are lost.
2231 ****************************************************************************/
2233 NTSTATUS close_file_fchmod(struct smb_request *req, files_struct *fsp)
2235 NTSTATUS status = fd_close(fsp);
2236 file_free(req, fsp);
2240 static NTSTATUS mkdir_internal(connection_struct *conn,
2242 uint32 file_attributes,
2243 SMB_STRUCT_STAT *psbuf)
2247 const char *dirname;
2249 bool posix_open = false;
2251 if(!CAN_WRITE(conn)) {
2252 DEBUG(5,("mkdir_internal: failing create on read-only share "
2253 "%s\n", lp_servicename(SNUM(conn))));
2254 return NT_STATUS_ACCESS_DENIED;
2257 status = check_name(conn, name);
2258 if (!NT_STATUS_IS_OK(status)) {
2262 if (!parent_dirname(talloc_tos(), name, &parent_dir, &dirname)) {
2263 return NT_STATUS_NO_MEMORY;
2266 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2268 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2270 mode = unix_mode(conn, aDIR, name, parent_dir);
2273 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2274 return map_nt_error_from_unix(errno);
2277 /* Ensure we're checking for a symlink here.... */
2278 /* We don't want to get caught by a symlink racer. */
2280 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2281 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2282 name, strerror(errno)));
2283 return map_nt_error_from_unix(errno);
2286 if (!S_ISDIR(psbuf->st_mode)) {
2287 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2289 return NT_STATUS_ACCESS_DENIED;
2292 if (lp_store_dos_attributes(SNUM(conn))) {
2294 file_set_dosmode(conn, name,
2295 file_attributes | aDIR, NULL,
2301 if (lp_inherit_perms(SNUM(conn))) {
2302 inherit_access_posix_acl(conn, parent_dir, name, mode);
2305 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2307 * Check if high bits should have been set,
2308 * then (if bits are missing): add them.
2309 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2312 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2313 SMB_VFS_CHMOD(conn, name,
2314 psbuf->st_mode | (mode & ~psbuf->st_mode));
2318 /* Change the owner if required. */
2319 if (lp_inherit_owner(SNUM(conn))) {
2320 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2323 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2326 return NT_STATUS_OK;
2329 /****************************************************************************
2330 Open a directory from an NT SMB call.
2331 ****************************************************************************/
2333 static NTSTATUS open_directory(connection_struct *conn,
2334 struct smb_request *req,
2336 SMB_STRUCT_STAT *psbuf,
2338 uint32 share_access,
2339 uint32 create_disposition,
2340 uint32 create_options,
2341 uint32 file_attributes,
2343 files_struct **result)
2345 files_struct *fsp = NULL;
2346 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2347 struct share_mode_lock *lck = NULL;
2349 struct timespec mtimespec;
2352 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2353 "share_access = 0x%x create_options = 0x%x, "
2354 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2356 (unsigned int)access_mask,
2357 (unsigned int)share_access,
2358 (unsigned int)create_options,
2359 (unsigned int)create_disposition,
2360 (unsigned int)file_attributes));
2362 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2363 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2364 is_ntfs_stream_name(fname)) {
2365 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2366 return NT_STATUS_NOT_A_DIRECTORY;
2369 status = calculate_access_mask(conn, fname, dir_existed,
2372 if (!NT_STATUS_IS_OK(status)) {
2373 DEBUG(10, ("open_directory: calculate_access_mask "
2374 "on file %s returned %s\n",
2376 nt_errstr(status)));
2380 switch( create_disposition ) {
2383 info = FILE_WAS_OPENED;
2386 * We want to follow symlinks here.
2389 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2390 return map_nt_error_from_unix(errno);
2397 /* If directory exists error. If directory doesn't
2400 status = mkdir_internal(conn,
2405 if (!NT_STATUS_IS_OK(status)) {
2406 DEBUG(2, ("open_directory: unable to create "
2407 "%s. Error was %s\n", fname,
2408 nt_errstr(status)));
2412 info = FILE_WAS_CREATED;
2417 * If directory exists open. If directory doesn't
2421 status = mkdir_internal(conn,
2426 if (NT_STATUS_IS_OK(status)) {
2427 info = FILE_WAS_CREATED;
2430 if (NT_STATUS_EQUAL(status,
2431 NT_STATUS_OBJECT_NAME_COLLISION)) {
2432 info = FILE_WAS_OPENED;
2433 status = NT_STATUS_OK;
2438 case FILE_SUPERSEDE:
2439 case FILE_OVERWRITE:
2440 case FILE_OVERWRITE_IF:
2442 DEBUG(5,("open_directory: invalid create_disposition "
2443 "0x%x for directory %s\n",
2444 (unsigned int)create_disposition, fname));
2445 return NT_STATUS_INVALID_PARAMETER;
2448 if(!S_ISDIR(psbuf->st_mode)) {
2449 DEBUG(5,("open_directory: %s is not a directory !\n",
2451 return NT_STATUS_NOT_A_DIRECTORY;
2454 if (info == FILE_WAS_OPENED) {
2455 uint32_t access_granted = 0;
2456 status = check_open_rights(conn,
2460 if (!NT_STATUS_IS_OK(status)) {
2461 DEBUG(10, ("open_directory: check_open_rights on "
2462 "file %s failed with %s\n",
2464 nt_errstr(status)));
2469 status = file_new(req, conn, &fsp);
2470 if(!NT_STATUS_IS_OK(status)) {
2475 * Setup the files_struct for it.
2478 fsp->mode = psbuf->st_mode;
2479 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2480 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2481 fsp->file_pid = req ? req->smbpid : 0;
2482 fsp->can_lock = False;
2483 fsp->can_read = False;
2484 fsp->can_write = False;
2486 fsp->share_access = share_access;
2487 fsp->fh->private_options = create_options;
2489 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2491 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2492 fsp->print_file = False;
2493 fsp->modified = False;
2494 fsp->oplock_type = NO_OPLOCK;
2495 fsp->sent_oplock_break = NO_BREAK_SENT;
2496 fsp->is_directory = True;
2497 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2499 string_set(&fsp->fsp_name,fname);
2501 mtimespec = get_mtimespec(psbuf);
2503 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2508 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2509 file_free(req, fsp);
2510 return NT_STATUS_SHARING_VIOLATION;
2513 status = open_mode_check(conn, fname, lck,
2514 access_mask, share_access,
2515 create_options, &dir_existed);
2517 if (!NT_STATUS_IS_OK(status)) {
2519 file_free(req, fsp);
2523 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
2525 /* For directories the delete on close bit at open time seems
2526 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2527 if (create_options & FILE_DELETE_ON_CLOSE) {
2528 status = can_set_delete_on_close(fsp, True, 0);
2529 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2531 file_free(req, fsp);
2535 if (NT_STATUS_IS_OK(status)) {
2536 /* Note that here we set the *inital* delete on close flag,
2537 not the regular one. The magic gets handled in close. */
2538 fsp->initial_delete_on_close = True;
2549 return NT_STATUS_OK;
2552 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2555 SMB_STRUCT_STAT sbuf;
2558 SET_STAT_INVALID(sbuf);
2560 status = SMB_VFS_CREATE_FILE(
2563 0, /* root_dir_fid */
2564 directory, /* fname */
2565 0, /* create_file_flags */
2566 FILE_READ_ATTRIBUTES, /* access_mask */
2567 FILE_SHARE_NONE, /* share_access */
2568 FILE_CREATE, /* create_disposition*/
2569 FILE_DIRECTORY_FILE, /* create_options */
2570 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
2571 0, /* oplock_request */
2572 0, /* allocation_size */
2579 if (NT_STATUS_IS_OK(status)) {
2580 close_file(req, fsp, NORMAL_CLOSE);
2586 /****************************************************************************
2587 Receive notification that one of our open files has been renamed by another
2589 ****************************************************************************/
2591 void msg_file_was_renamed(struct messaging_context *msg,
2594 struct server_id server_id,
2598 char *frm = (char *)data->data;
2600 const char *sharepath;
2601 const char *newname;
2604 if (data->data == NULL
2605 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2606 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2607 (int)data->length));
2611 /* Unpack the message. */
2612 pull_file_id_24(frm, &id);
2613 sharepath = &frm[24];
2614 newname = sharepath + strlen(sharepath) + 1;
2615 sp_len = strlen(sharepath);
2617 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2619 sharepath, newname, file_id_string_tos(&id)));
2621 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2622 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2623 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2624 fsp->fnum, fsp->fsp_name, newname ));
2625 string_set(&fsp->fsp_name, newname);
2628 /* Now we have the complete path we can work out if this is
2629 actually within this share and adjust newname accordingly. */
2630 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2631 "not sharepath %s) "
2632 "fnum %d from %s -> %s\n",
2633 fsp->conn->connectpath,
2642 struct case_semantics_state {
2643 connection_struct *conn;
2644 bool case_sensitive;
2646 bool short_case_preserve;
2649 /****************************************************************************
2650 Restore case semantics.
2651 ****************************************************************************/
2652 static int restore_case_semantics(struct case_semantics_state *state)
2654 state->conn->case_sensitive = state->case_sensitive;
2655 state->conn->case_preserve = state->case_preserve;
2656 state->conn->short_case_preserve = state->short_case_preserve;
2660 /****************************************************************************
2661 Save case semantics.
2662 ****************************************************************************/
2663 struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2664 connection_struct *conn)
2666 struct case_semantics_state *result;
2668 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2669 DEBUG(0, ("talloc failed\n"));
2673 result->conn = conn;
2674 result->case_sensitive = conn->case_sensitive;
2675 result->case_preserve = conn->case_preserve;
2676 result->short_case_preserve = conn->short_case_preserve;
2679 conn->case_sensitive = True;
2680 conn->case_preserve = True;
2681 conn->short_case_preserve = True;
2683 talloc_set_destructor(result, restore_case_semantics);
2689 * If a main file is opened for delete, all streams need to be checked for
2690 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2691 * If that works, delete them all by setting the delete on close and close.
2694 static NTSTATUS open_streams_for_delete(connection_struct *conn,
2697 struct stream_struct *stream_info;
2698 files_struct **streams;
2700 unsigned int num_streams;
2701 TALLOC_CTX *frame = talloc_stackframe();
2704 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2705 &num_streams, &stream_info);
2707 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2708 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2709 DEBUG(10, ("no streams around\n"));
2711 return NT_STATUS_OK;
2714 if (!NT_STATUS_IS_OK(status)) {
2715 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2716 nt_errstr(status)));
2720 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2723 if (num_streams == 0) {
2725 return NT_STATUS_OK;
2728 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2729 if (streams == NULL) {
2730 DEBUG(0, ("talloc failed\n"));
2731 status = NT_STATUS_NO_MEMORY;
2735 for (i=0; i<num_streams; i++) {
2738 if (strequal(stream_info[i].name, "::$DATA")) {
2743 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2744 stream_info[i].name);
2746 if (streamname == NULL) {
2747 DEBUG(0, ("talloc_aprintf failed\n"));
2748 status = NT_STATUS_NO_MEMORY;
2752 status = create_file_unixpath
2755 streamname, /* fname */
2756 DELETE_ACCESS, /* access_mask */
2757 FILE_SHARE_READ | FILE_SHARE_WRITE
2758 | FILE_SHARE_DELETE, /* share_access */
2759 FILE_OPEN, /* create_disposition*/
2760 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2761 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2762 0, /* oplock_request */
2763 0, /* allocation_size */
2766 &streams[i], /* result */
2770 TALLOC_FREE(streamname);
2772 if (!NT_STATUS_IS_OK(status)) {
2773 DEBUG(10, ("Could not open stream %s: %s\n",
2774 streamname, nt_errstr(status)));
2780 * don't touch the variable "status" beyond this point :-)
2783 for (i -= 1 ; i >= 0; i--) {
2784 if (streams[i] == NULL) {
2788 DEBUG(10, ("Closing stream # %d, %s\n", i,
2789 streams[i]->fsp_name));
2790 close_file(NULL, streams[i], NORMAL_CLOSE);
2799 * Wrapper around open_file_ntcreate and open_directory
2802 static NTSTATUS create_file_unixpath(connection_struct *conn,
2803 struct smb_request *req,
2805 uint32_t access_mask,
2806 uint32_t share_access,
2807 uint32_t create_disposition,
2808 uint32_t create_options,
2809 uint32_t file_attributes,
2810 uint32_t oplock_request,
2811 uint64_t allocation_size,
2812 struct security_descriptor *sd,
2813 struct ea_list *ea_list,
2815 files_struct **result,
2817 SMB_STRUCT_STAT *psbuf)
2819 SMB_STRUCT_STAT sbuf;
2820 int info = FILE_WAS_OPENED;
2821 files_struct *base_fsp = NULL;
2822 files_struct *fsp = NULL;
2825 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2826 "file_attributes = 0x%x, share_access = 0x%x, "
2827 "create_disposition = 0x%x create_options = 0x%x "
2828 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2830 (unsigned int)access_mask,
2831 (unsigned int)file_attributes,
2832 (unsigned int)share_access,
2833 (unsigned int)create_disposition,
2834 (unsigned int)create_options,
2835 (unsigned int)oplock_request,
2836 ea_list, sd, fname));
2838 if (create_options & FILE_OPEN_BY_FILE_ID) {
2839 status = NT_STATUS_NOT_SUPPORTED;
2843 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2844 status = NT_STATUS_INVALID_PARAMETER;
2849 oplock_request |= INTERNAL_OPEN_ONLY;
2852 if (psbuf != NULL) {
2856 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2857 SET_STAT_INVALID(sbuf);
2861 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2862 && (access_mask & DELETE_ACCESS)
2863 && !is_ntfs_stream_name(fname)) {
2865 * We can't open a file with DELETE access if any of the
2866 * streams is open without FILE_SHARE_DELETE
2868 status = open_streams_for_delete(conn, fname);
2870 if (!NT_STATUS_IS_OK(status)) {
2875 /* This is the correct thing to do (check every time) but can_delete
2876 * is expensive (it may have to read the parent directory
2877 * permissions). So for now we're not doing it unless we have a strong
2878 * hint the client is really going to delete this file. If the client
2879 * is forcing FILE_CREATE let the filesystem take care of the
2882 /* Setting FILE_SHARE_DELETE is the hint. */
2884 if (lp_acl_check_permissions(SNUM(conn))
2885 && (create_disposition != FILE_CREATE)
2886 && (share_access & FILE_SHARE_DELETE)
2887 && (access_mask & DELETE_ACCESS)
2888 && (!(can_delete_file_in_directory(conn, fname) ||
2889 can_access_file_acl(conn, fname, DELETE_ACCESS)))) {
2890 status = NT_STATUS_ACCESS_DENIED;
2891 DEBUG(10,("create_file_unixpath: open file %s "
2892 "for delete ACCESS_DENIED\n", fname ));
2897 /* We need to support SeSecurityPrivilege for this. */
2898 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2899 !user_has_privileges(current_user.nt_user_token,
2901 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2906 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2907 && is_ntfs_stream_name(fname)
2908 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2910 uint32 base_create_disposition;
2912 if (create_options & FILE_DIRECTORY_FILE) {
2913 status = NT_STATUS_NOT_A_DIRECTORY;
2917 status = split_ntfs_stream_name(talloc_tos(), fname,
2919 if (!NT_STATUS_IS_OK(status)) {
2920 DEBUG(10, ("create_file_unixpath: "
2921 "split_ntfs_stream_name failed: %s\n",
2922 nt_errstr(status)));
2926 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2928 switch (create_disposition) {
2930 base_create_disposition = FILE_OPEN;
2933 base_create_disposition = FILE_OPEN_IF;
2937 status = create_file_unixpath(conn, NULL, base, 0,
2940 | FILE_SHARE_DELETE,
2941 base_create_disposition,
2942 0, 0, 0, 0, NULL, NULL,
2943 &base_fsp, NULL, NULL);
2944 if (!NT_STATUS_IS_OK(status)) {
2945 DEBUG(10, ("create_file_unixpath for base %s failed: "
2946 "%s\n", base, nt_errstr(status)));
2949 /* we don't need to low level fd */
2954 * If it's a request for a directory open, deal with it separately.
2957 if (create_options & FILE_DIRECTORY_FILE) {
2959 if (create_options & FILE_NON_DIRECTORY_FILE) {
2960 status = NT_STATUS_INVALID_PARAMETER;
2964 /* Can't open a temp directory. IFS kit test. */
2965 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2966 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
2967 status = NT_STATUS_INVALID_PARAMETER;
2972 * We will get a create directory here if the Win32
2973 * app specified a security descriptor in the
2974 * CreateDirectory() call.
2978 status = open_directory(
2979 conn, req, fname, &sbuf, access_mask, share_access,
2980 create_disposition, create_options, file_attributes,
2985 * Ordinary file case.
2988 status = file_new(req, conn, &fsp);
2989 if(!NT_STATUS_IS_OK(status)) {
2994 * We're opening the stream element of a base_fsp
2995 * we already opened. Set up the base_fsp pointer.
2998 fsp->base_fsp = base_fsp;
3001 status = open_file_ntcreate(conn,
3014 if(!NT_STATUS_IS_OK(status)) {
3015 file_free(req, fsp);
3019 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3021 /* A stream open never opens a directory */
3024 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3029 * Fail the open if it was explicitly a non-directory
3033 if (create_options & FILE_NON_DIRECTORY_FILE) {
3034 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3039 status = open_directory(
3040 conn, req, fname, &sbuf, access_mask,
3041 share_access, create_disposition,
3042 create_options, file_attributes,
3047 if (!NT_STATUS_IS_OK(status)) {
3051 fsp->base_fsp = base_fsp;
3054 * According to the MS documentation, the only time the security
3055 * descriptor is applied to the opened file is iff we *created* the
3056 * file; an existing file stays the same.
3058 * Also, it seems (from observation) that you can open the file with
3059 * any access mask but you can still write the sd. We need to override
3060 * the granted access before we call set_sd
3061 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3064 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3065 && lp_nt_acl_support(SNUM(conn))) {
3067 uint32_t sec_info_sent;
3068 uint32_t saved_access_mask = fsp->access_mask;
3070 sec_info_sent = get_sec_info(sd);
3072 fsp->access_mask = FILE_GENERIC_ALL;
3074 /* Convert all the generic bits. */
3075 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3076 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3078 if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
3079 GROUP_SECURITY_INFORMATION|
3080 DACL_SECURITY_INFORMATION|
3081 SACL_SECURITY_INFORMATION)) {
3082 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3085 fsp->access_mask = saved_access_mask;
3087 if (!NT_STATUS_IS_OK(status)) {
3092 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
3093 status = set_ea(conn, fsp, fname, ea_list);
3094 if (!NT_STATUS_IS_OK(status)) {
3099 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
3100 status = NT_STATUS_ACCESS_DENIED;
3104 /* Save the requested allocation size. */
3105 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3107 && (allocation_size > sbuf.st_size)) {
3108 fsp->initial_allocation_size = smb_roundup(
3109 fsp->conn, allocation_size);
3110 if (fsp->is_directory) {
3111 /* Can't set allocation size on a directory. */
3112 status = NT_STATUS_ACCESS_DENIED;
3115 if (vfs_allocate_file_space(
3116 fsp, fsp->initial_allocation_size) == -1) {
3117 status = NT_STATUS_DISK_FULL;
3121 fsp->initial_allocation_size = smb_roundup(
3122 fsp->conn, (uint64_t)sbuf.st_size);
3126 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3129 if (pinfo != NULL) {
3132 if (psbuf != NULL) {
3133 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
3137 SMB_VFS_FSTAT(fsp, psbuf);
3140 return NT_STATUS_OK;
3143 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3146 if (base_fsp && fsp->base_fsp == base_fsp) {
3148 * The close_file below will close
3153 close_file(req, fsp, ERROR_CLOSE);
3156 if (base_fsp != NULL) {
3157 close_file(req, base_fsp, ERROR_CLOSE);
3164 * Calculate the full path name given a relative fid.
3166 NTSTATUS get_relative_fid_filename(connection_struct *conn,
3167 struct smb_request *req,
3168 uint16_t root_dir_fid,
3169 const char *fname, char **new_fname)
3171 files_struct *dir_fsp;
3172 char *parent_fname = NULL;
3174 if (root_dir_fid == 0 || !fname || !new_fname) {
3175 return NT_STATUS_INTERNAL_ERROR;
3178 dir_fsp = file_fsp(req, root_dir_fid);
3180 if (dir_fsp == NULL) {
3181 return NT_STATUS_INVALID_HANDLE;
3184 if (!dir_fsp->is_directory) {
3187 * Check to see if this is a mac fork of some kind.
3190 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3191 is_ntfs_stream_name(fname)) {
3192 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
3196 we need to handle the case when we get a
3197 relative open relative to a file and the
3198 pathname is blank - this is a reopen!
3199 (hint from demyn plantenberg)
3202 return NT_STATUS_INVALID_HANDLE;
3205 if (ISDOT(dir_fsp->fsp_name)) {
3207 * We're at the toplevel dir, the final file name
3208 * must not contain ./, as this is filtered out
3209 * normally by srvstr_get_path and unix_convert
3210 * explicitly rejects paths containing ./.
3212 parent_fname = talloc_strdup(talloc_tos(), "");
3213 if (parent_fname == NULL) {
3214 return NT_STATUS_NO_MEMORY;
3217 size_t dir_name_len = strlen(dir_fsp->fsp_name);
3220 * Copy in the base directory name.
3223 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3225 if (parent_fname == NULL) {
3226 return NT_STATUS_NO_MEMORY;
3228 memcpy(parent_fname, dir_fsp->fsp_name,
3232 * Ensure it ends in a '/'.
3233 * We used TALLOC_SIZE +2 to add space for the '/'.
3237 && (parent_fname[dir_name_len-1] != '\\')
3238 && (parent_fname[dir_name_len-1] != '/')) {
3239 parent_fname[dir_name_len] = '/';
3240 parent_fname[dir_name_len+1] = '\0';
3244 *new_fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3246 if (*new_fname == NULL) {
3247 return NT_STATUS_NO_MEMORY;
3250 return NT_STATUS_OK;
3253 NTSTATUS create_file_default(connection_struct *conn,
3254 struct smb_request *req,
3255 uint16_t root_dir_fid,
3257 uint32_t create_file_flags,
3258 uint32_t access_mask,
3259 uint32_t share_access,
3260 uint32_t create_disposition,
3261 uint32_t create_options,
3262 uint32_t file_attributes,
3263 uint32_t oplock_request,
3264 uint64_t allocation_size,
3265 struct security_descriptor *sd,
3266 struct ea_list *ea_list,
3268 files_struct **result,
3270 SMB_STRUCT_STAT *psbuf)
3272 struct case_semantics_state *case_state = NULL;
3273 SMB_STRUCT_STAT sbuf;
3274 int info = FILE_WAS_OPENED;
3275 files_struct *fsp = NULL;
3278 DEBUG(10,("create_file: access_mask = 0x%x "
3279 "file_attributes = 0x%x, share_access = 0x%x, "
3280 "create_disposition = 0x%x create_options = 0x%x "
3281 "oplock_request = 0x%x "
3282 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3283 "create_file_flags = 0x%x, fname = %s\n",
3284 (unsigned int)access_mask,
3285 (unsigned int)file_attributes,
3286 (unsigned int)share_access,
3287 (unsigned int)create_disposition,
3288 (unsigned int)create_options,
3289 (unsigned int)oplock_request,
3290 (unsigned int)root_dir_fid,
3291 ea_list, sd, create_file_flags, fname));
3294 * Calculate the filename from the root_dir_if if necessary.
3297 if (root_dir_fid != 0) {
3300 status = get_relative_fid_filename(conn, req, root_dir_fid,
3302 if (!NT_STATUS_IS_OK(status)) {
3310 * Check to see if this is a mac fork of some kind.
3313 if (is_ntfs_stream_name(fname)) {
3314 enum FAKE_FILE_TYPE fake_file_type;
3316 fake_file_type = is_fake_file(fname);
3318 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3321 * Here we go! support for changing the disk quotas
3324 * We need to fake up to open this MAGIC QUOTA file
3325 * and return a valid FID.
3327 * w2k close this file directly after openening xp
3328 * also tries a QUERY_FILE_INFO on the file and then
3331 status = open_fake_file(req, conn, req->vuid,
3332 fake_file_type, fname,
3334 if (!NT_STATUS_IS_OK(status)) {
3342 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3343 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3348 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3349 char *resolved_fname;
3351 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3354 if (!NT_STATUS_IS_OK(status)) {
3356 * For PATH_NOT_COVERED we had
3357 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3358 * ERRSRV, ERRbadpath);
3359 * Need to fix in callers
3363 fname = resolved_fname;
3367 * Check if POSIX semantics are wanted.
3370 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3371 case_state = set_posix_case_semantics(talloc_tos(), conn);
3374 if (create_file_flags & CFF_DOS_PATH) {
3375 char *converted_fname;
3377 SET_STAT_INVALID(sbuf);
3379 status = unix_convert(talloc_tos(), conn, fname, False,
3380 &converted_fname, NULL, &sbuf);
3381 if (!NT_STATUS_IS_OK(status)) {
3384 fname = converted_fname;
3386 if (psbuf != NULL) {
3389 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
3390 SET_STAT_INVALID(sbuf);
3396 TALLOC_FREE(case_state);
3398 /* All file access must go through check_name() */
3400 status = check_name(conn, fname);
3401 if (!NT_STATUS_IS_OK(status)) {
3405 status = create_file_unixpath(
3406 conn, req, fname, access_mask, share_access,
3407 create_disposition, create_options, file_attributes,
3408 oplock_request, allocation_size, sd, ea_list,
3409 &fsp, &info, &sbuf);
3411 if (!NT_STATUS_IS_OK(status)) {
3416 DEBUG(10, ("create_file: info=%d\n", info));
3419 if (pinfo != NULL) {
3422 if (psbuf != NULL) {
3425 return NT_STATUS_OK;
3428 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3431 close_file(req, fsp, ERROR_CLOSE);