git.samba.org / obnox / samba / samba-obnox.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
s3: smbd: Remove one more use of lp_posix_pathnames().
[obnox/samba/samba-obnox.git] / source3 / smbd / dir.c
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 3fe32187623cfa6668ac9a4562c31b8ea0865029..380591521068b088ee0477083cef2ba81f9d3aea 100644 (file)
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -19,7 +19,13 @@
 */
 
 #include "includes.h"
+#include "system/filesys.h"
+#include "smbd/smbd.h"
 #include "smbd/globals.h"
+#include "libcli/security/security.h"
+#include "lib/util/bitmap.h"
+#include "../lib/util/memcache.h"
+#include "../librpc/gen_ndr/open_files.h"
 
 /*
    This module implements directory related functions for Samba.
@@ -30,6 +36,11 @@
 #define START_OF_DIRECTORY_OFFSET ((long)0)
 #define DOT_DOT_DIRECTORY_OFFSET ((long)0x80000000)
 
+/* "Special" directory offsets in 32-bit wire format. */
+#define WIRE_END_OF_DIRECTORY_OFFSET ((uint32_t)0xFFFFFFFF)
+#define WIRE_START_OF_DIRECTORY_OFFSET ((uint32_t)0)
+#define WIRE_DOT_DOT_DIRECTORY_OFFSET ((uint32_t)0x80000000)
+
 /* Make directory handle internals available. */
 
 struct name_cache_entry {
@@ -39,77 +50,42 @@ struct name_cache_entry {
 
 struct smb_Dir {
        connection_struct *conn;
-       SMB_STRUCT_DIR *dir;
+       DIR *dir;
        long offset;
        char *dir_path;
        size_t name_cache_size;
        struct name_cache_entry *name_cache;
        unsigned int name_cache_index;
        unsigned int file_number;
+       files_struct *fsp; /* Back pointer to containing fsp, only
+                             set from OpenDir_fsp(). */
 };
 
 struct dptr_struct {
        struct dptr_struct *next, *prev;
        int dnum;
-       uint16 spid;
+       uint16_t spid;
        struct connection_struct *conn;
        struct smb_Dir *dir_hnd;
        bool expect_close;
        char *wcard;
-       uint32 attr;
+       uint32_t attr;
        char *path;
        bool has_wild; /* Set to true if the wcard entry has MS wildcard characters in it. */
        bool did_stat; /* Optimisation for non-wcard searches. */
+       bool priv;     /* Directory handle opened with privilege. */
+       uint32_t counter;
+       struct memcache *dptr_cache;
 };
 
-
-#define INVALID_DPTR_KEY (-3)
-
-/****************************************************************************
- Make a dir struct.
-****************************************************************************/
-
-bool make_dir_struct(TALLOC_CTX *ctx,
-                       char *buf,
+static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
+                       files_struct *fsp,
                        const char *mask,
-                       const char *fname,
-                       SMB_OFF_T size,
-                       uint32 mode,
-                       time_t date,
-                       bool uc)
-{
-       char *p;
-       char *mask2 = talloc_strdup(ctx, mask);
-
-       if (!mask2) {
-               return False;
-       }
+                       uint32_t attr);
 
-       if ((mode & aDIR) != 0) {
-               size = 0;
-       }
+static void DirCacheAdd(struct smb_Dir *dirp, const char *name, long offset);
 
-       memset(buf+1,' ',11);
-       if ((p = strchr_m(mask2,'.')) != NULL) {
-               *p = 0;
-               push_ascii(buf+1,mask2,8, 0);
-               push_ascii(buf+9,p+1,3, 0);
-               *p = '.';
-       } else {
-               push_ascii(buf+1,mask2,11, 0);
-       }
-
-       memset(buf+21,'\0',DIR_STRUCT_SIZE-21);
-       SCVAL(buf,21,mode);
-       srv_put_dos_date(buf,22,date);
-       SSVAL(buf,26,size & 0xFFFF);
-       SSVAL(buf,28,(size >> 16)&0xFFFF);
-       /* We only uppercase if FLAGS2_LONG_PATH_COMPONENTS is zero in the input buf.
-          Strange, but verified on W2K3. Needed for OS/2. JRA. */
-       push_ascii(buf+30,fname,12, uc ? STR_UPPER : 0);
-       DEBUG(8,("put name [%s] from [%s] into dir struct\n",buf+30, fname));
-       return True;
-}
+#define INVALID_DPTR_KEY (-3)
 
 /****************************************************************************
  Initialise the dir bitmap.
@@ -117,13 +93,14 @@ bool make_dir_struct(TALLOC_CTX *ctx,
 
 bool init_dptrs(struct smbd_server_connection *sconn)
 {
-       if (sconn->smb1.searches.dptr_bmap) {
+       if (sconn->searches.dptr_bmap) {
                return true;
        }
 
-       sconn->smb1.searches.dptr_bmap = bitmap_allocate(MAX_DIRECTORY_HANDLES);
+       sconn->searches.dptr_bmap = bitmap_talloc(
+               sconn, MAX_DIRECTORY_HANDLES);
 
-       if (sconn->smb1.searches.dptr_bmap == NULL) {
+       if (sconn->searches.dptr_bmap == NULL) {
                return false;
        }
 
@@ -139,6 +116,8 @@ static void dptr_idle(struct dptr_struct *dptr)
        if (dptr->dir_hnd) {
                DEBUG(4,("Idling dptr dnum %d\n",dptr->dnum));
                TALLOC_FREE(dptr->dir_hnd);
+               TALLOC_FREE(dptr->dptr_cache);
+               dptr->counter = 0;
        }
 }
 
@@ -153,8 +132,7 @@ static void dptr_idleoldest(struct smbd_server_connection *sconn)
        /*
         * Go to the end of the list.
         */
-       for(dptr = sconn->smb1.searches.dirptrs; dptr && dptr->next; dptr = dptr->next)
-               ;
+       dptr = DLIST_TAIL(sconn->searches.dirptrs);
 
        if(!dptr) {
                DEBUG(0,("No dptrs available to idle ?\n"));
@@ -165,7 +143,7 @@ static void dptr_idleoldest(struct smbd_server_connection *sconn)
         * Idle the oldest pointer.
         */
 
-       for(; dptr; dptr = dptr->prev) {
+       for(; dptr; dptr = DLIST_PREV(dptr)) {
                if (dptr->dir_hnd) {
                        dptr_idle(dptr);
                        return;
@@ -182,10 +160,10 @@ static struct dptr_struct *dptr_get(struct smbd_server_connection *sconn,
 {
        struct dptr_struct *dptr;
 
-       for(dptr = sconn->smb1.searches.dirptrs; dptr; dptr = dptr->next) {
+       for(dptr = sconn->searches.dirptrs; dptr; dptr = dptr->next) {
                if(dptr->dnum == key) {
                        if (!forclose && !dptr->dir_hnd) {
-                               if (sconn->smb1.searches.dirhandles_open >= MAX_OPEN_DIRECTORIES)
+                               if (sconn->searches.dirhandles_open >= MAX_OPEN_DIRECTORIES)
                                        dptr_idleoldest(sconn);
                                DEBUG(4,("dptr_get: Reopening dptr key %d\n",key));
                                if (!(dptr->dir_hnd = OpenDir(
@@ -193,10 +171,10 @@ static struct dptr_struct *dptr_get(struct smbd_server_connection *sconn,
                                              dptr->wcard, dptr->attr))) {
                                        DEBUG(4,("dptr_get: Failed to open %s (%s)\n",dptr->path,
                                                strerror(errno)));
-                                       return False;
+                                       return NULL;
                                }
                        }
-                       DLIST_PROMOTE(sconn->smb1.searches.dirptrs,dptr);
+                       DLIST_PROMOTE(sconn->searches.dirptrs,dptr);
                        return dptr;
                }
        }
@@ -207,7 +185,7 @@ static struct dptr_struct *dptr_get(struct smbd_server_connection *sconn,
  Get the dir path for a dir index.
 ****************************************************************************/
 
-char *dptr_path(struct smbd_server_connection *sconn, int key)
+const char *dptr_path(struct smbd_server_connection *sconn, int key)
 {
        struct dptr_struct *dptr = dptr_get(sconn, key, false);
        if (dptr)
@@ -219,7 +197,7 @@ char *dptr_path(struct smbd_server_connection *sconn, int key)
  Get the dir wcard for a dir index.
 ****************************************************************************/
 
-char *dptr_wcard(struct smbd_server_connection *sconn, int key)
+const char *dptr_wcard(struct smbd_server_connection *sconn, int key)
 {
        struct dptr_struct *dptr = dptr_get(sconn, key, false);
        if (dptr)
@@ -231,7 +209,7 @@ char *dptr_wcard(struct smbd_server_connection *sconn, int key)
  Get the dir attrib for a dir index.
 ****************************************************************************/
 
-uint16 dptr_attr(struct smbd_server_connection *sconn, int key)
+uint16_t dptr_attr(struct smbd_server_connection *sconn, int key)
 {
        struct dptr_struct *dptr = dptr_get(sconn, key, false);
        if (dptr)
@@ -253,27 +231,27 @@ static void dptr_close_internal(struct dptr_struct *dptr)
                goto done;
        }
 
-       DLIST_REMOVE(sconn->smb1.searches.dirptrs, dptr);
+       if (sconn->using_smb2) {
+               goto done;
+       }
+
+       DLIST_REMOVE(sconn->searches.dirptrs, dptr);
 
        /*
         * Free the dnum in the bitmap. Remember the dnum value is always 
         * biased by one with respect to the bitmap.
         */
 
-       if(bitmap_query(sconn->smb1.searches.dptr_bmap, dptr->dnum - 1) != true) {
+       if (!bitmap_query(sconn->searches.dptr_bmap, dptr->dnum - 1)) {
                DEBUG(0,("dptr_close_internal : Error - closing dnum = %d and bitmap not set !\n",
                        dptr->dnum ));
        }
 
-       bitmap_clear(sconn->smb1.searches.dptr_bmap, dptr->dnum - 1);
+       bitmap_clear(sconn->searches.dptr_bmap, dptr->dnum - 1);
 
 done:
        TALLOC_FREE(dptr->dir_hnd);
-
-       /* Lanman 2 specific code */
-       SAFE_FREE(dptr->wcard);
-       string_set(&dptr->path,"");
-       SAFE_FREE(dptr);
+       TALLOC_FREE(dptr);
 }
 
 /****************************************************************************
@@ -290,7 +268,7 @@ void dptr_close(struct smbd_server_connection *sconn, int *key)
        /* OS/2 seems to use -1 to indicate "close all directories" */
        if (*key == -1) {
                struct dptr_struct *next;
-               for(dptr = sconn->smb1.searches.dirptrs; dptr; dptr = next) {
+               for(dptr = sconn->searches.dirptrs; dptr; dptr = next) {
                        next = dptr->next;
                        dptr_close_internal(dptr);
                }
@@ -323,7 +301,7 @@ void dptr_closecnum(connection_struct *conn)
                return;
        }
 
-       for(dptr = sconn->smb1.searches.dirptrs; dptr; dptr = next) {
+       for(dptr = sconn->searches.dirptrs; dptr; dptr = next) {
                next = dptr->next;
                if (dptr->conn == conn) {
                        dptr_close_internal(dptr);
@@ -344,7 +322,7 @@ void dptr_idlecnum(connection_struct *conn)
                return;
        }
 
-       for(dptr = sconn->smb1.searches.dirptrs; dptr; dptr = dptr->next) {
+       for(dptr = sconn->searches.dirptrs; dptr; dptr = dptr->next) {
                if (dptr->conn == conn && dptr->dir_hnd) {
                        dptr_idle(dptr);
                }
@@ -356,10 +334,10 @@ void dptr_idlecnum(connection_struct *conn)
 ****************************************************************************/
 
 void dptr_closepath(struct smbd_server_connection *sconn,
-                   char *path,uint16 spid)
+                   char *path,uint16_t spid)
 {
        struct dptr_struct *dptr, *next;
-       for(dptr = sconn->smb1.searches.dirptrs; dptr; dptr = next) {
+       for(dptr = sconn->searches.dirptrs; dptr; dptr = next) {
                next = dptr->next;
                if (spid == dptr->spid && strequal(dptr->path,path))
                        dptr_close_internal(dptr);
@@ -380,7 +358,7 @@ static void dptr_close_oldest(struct smbd_server_connection *sconn,
        /*
         * Go to the end of the list.
         */
-       for(dptr = sconn->smb1.searches.dirptrs; dptr && dptr->next; dptr = dptr->next)
+       for(dptr = sconn->searches.dirptrs; dptr && dptr->next; dptr = dptr->next)
                ;
 
        if(!dptr) {
@@ -394,7 +372,7 @@ static void dptr_close_oldest(struct smbd_server_connection *sconn,
         * one of the new dnum handles.
         */
 
-       for(; dptr; dptr = dptr->prev) {
+       for(; dptr; dptr = DLIST_PREV(dptr)) {
                if ((old && (dptr->dnum < 256) && !dptr->expect_close) ||
                        (!old && (dptr->dnum > 255))) {
                                dptr_close_internal(dptr);
@@ -403,6 +381,57 @@ static void dptr_close_oldest(struct smbd_server_connection *sconn,
        }
 }
 
+/****************************************************************************
+ Safely do an OpenDir as root, ensuring we're in the right place.
+****************************************************************************/
+
+static struct smb_Dir *open_dir_with_privilege(connection_struct *conn,
+                                       struct smb_request *req,
+                                       const char *path,
+                                       const char *wcard,
+                                       uint32_t attr)
+{
+       struct smb_Dir *dir_hnd = NULL;
+       struct smb_filename *smb_fname_cwd;
+       char *saved_dir = vfs_GetWd(talloc_tos(), conn);
+       struct privilege_paths *priv_paths = req->priv_paths;
+       int ret;
+
+       if (saved_dir == NULL) {
+               return NULL;
+       }
+
+       if (vfs_ChDir(conn, path) == -1) {
+               return NULL;
+       }
+
+       /* Now check the stat value is the same. */
+       smb_fname_cwd = synthetic_smb_fname(talloc_tos(), ".", NULL, NULL);
+
+       if (smb_fname_cwd == NULL) {
+               goto out;
+       }
+       ret = SMB_VFS_STAT(conn, smb_fname_cwd);
+       if (ret != 0) {
+               goto out;
+       }
+
+       if (!check_same_stat(&smb_fname_cwd->st, &priv_paths->parent_name.st)) {
+               DEBUG(0,("open_dir_with_privilege: stat mismatch between %s "
+                       "and %s\n",
+                       path,
+                       smb_fname_str_dbg(&priv_paths->parent_name)));
+               goto out;
+       }
+
+       dir_hnd = OpenDir(NULL, conn, ".", wcard, attr);
+
+  out:
+
+       vfs_ChDir(conn, saved_dir);
+       return dir_hnd;
+}
+
 /****************************************************************************
  Create a new dir ptr. If the flag old_handle is true then we must allocate
  from the bitmap range 0 - 255 as old SMBsearch directory handles are only
@@ -412,13 +441,19 @@ static void dptr_close_oldest(struct smbd_server_connection *sconn,
  wcard must not be zero.
 ****************************************************************************/
 
-NTSTATUS dptr_create(connection_struct *conn, const char *path, bool old_handle, bool expect_close,uint16 spid,
-               const char *wcard, bool wcard_has_wild, uint32 attr, struct dptr_struct **dptr_ret)
+NTSTATUS dptr_create(connection_struct *conn,
+               struct smb_request *req,
+               files_struct *fsp,
+               const char *path, bool old_handle, bool expect_close,uint16_t spid,
+               const char *wcard, bool wcard_has_wild, uint32_t attr, struct dptr_struct **dptr_ret)
 {
        struct smbd_server_connection *sconn = conn->sconn;
        struct dptr_struct *dptr = NULL;
        struct smb_Dir *dir_hnd;
-       NTSTATUS status;
+
+       if (fsp && fsp->is_directory && fsp->fh->fd != -1) {
+               path = fsp->fsp_name->base_name;
+       }
 
        DEBUG(5,("dptr_create dir=%s\n", path));
 
@@ -431,28 +466,97 @@ NTSTATUS dptr_create(connection_struct *conn, const char *path, bool old_handle,
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       status = check_name(conn,path);
-       if (!NT_STATUS_IS_OK(status)) {
-               return status;
+       if (fsp) {
+               if (!(fsp->access_mask & SEC_DIR_LIST)) {
+                       DEBUG(5,("dptr_create: directory %s "
+                               "not open for LIST access\n",
+                               path));
+                       return NT_STATUS_ACCESS_DENIED;
+               }
+               dir_hnd = OpenDir_fsp(NULL, conn, fsp, wcard, attr);
+       } else {
+               int ret;
+               bool backup_intent = (req && req->priv_paths);
+               struct smb_filename *smb_dname;
+               NTSTATUS status;
+
+               smb_dname = synthetic_smb_fname(talloc_tos(), path,
+                                               NULL, NULL);
+               if (smb_dname == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               if (req != NULL && req->posix_pathnames) {
+                       ret = SMB_VFS_LSTAT(conn, smb_dname);
+               } else {
+                       ret = SMB_VFS_STAT(conn, smb_dname);
+               }
+               if (ret == -1) {
+                       return map_nt_error_from_unix(errno);
+               }
+               if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
+                       return NT_STATUS_NOT_A_DIRECTORY;
+               }
+               status = smbd_check_access_rights(conn,
+                                               smb_dname,
+                                               backup_intent,
+                                               SEC_DIR_LIST);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
+               if (backup_intent) {
+                       dir_hnd = open_dir_with_privilege(conn,
+                                               req,
+                                               path,
+                                               wcard,
+                                               attr);
+               } else {
+                       dir_hnd = OpenDir(NULL, conn, path, wcard, attr);
+               }
        }
 
-       dir_hnd = OpenDir(NULL, conn, path, wcard, attr);
        if (!dir_hnd) {
                return map_nt_error_from_unix(errno);
        }
 
-       if (sconn->smb1.searches.dirhandles_open >= MAX_OPEN_DIRECTORIES) {
+       if (sconn->searches.dirhandles_open >= MAX_OPEN_DIRECTORIES) {
                dptr_idleoldest(sconn);
        }
 
-       dptr = SMB_MALLOC_P(struct dptr_struct);
+       dptr = talloc_zero(NULL, struct dptr_struct);
        if(!dptr) {
-               DEBUG(0,("malloc fail in dptr_create.\n"));
+               DEBUG(0,("talloc fail in dptr_create.\n"));
+               TALLOC_FREE(dir_hnd);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       dptr->path = talloc_strdup(dptr, path);
+       if (!dptr->path) {
+               TALLOC_FREE(dptr);
+               TALLOC_FREE(dir_hnd);
+               return NT_STATUS_NO_MEMORY;
+       }
+       dptr->conn = conn;
+       dptr->dir_hnd = dir_hnd;
+       dptr->spid = spid;
+       dptr->expect_close = expect_close;
+       dptr->wcard = talloc_strdup(dptr, wcard);
+       if (!dptr->wcard) {
+               TALLOC_FREE(dptr);
                TALLOC_FREE(dir_hnd);
                return NT_STATUS_NO_MEMORY;
        }
+       if ((req != NULL && req->posix_pathnames) ||
+                       (wcard[0] == '.' && wcard[1] == 0)) {
+               dptr->has_wild = True;
+       } else {
+               dptr->has_wild = wcard_has_wild;
+       }
+
+       dptr->attr = attr;
 
-       ZERO_STRUCTP(dptr);
+       if (sconn->using_smb2) {
+               goto done;
+       }
 
        if(old_handle) {
 
@@ -461,7 +565,7 @@ NTSTATUS dptr_create(connection_struct *conn, const char *path, bool old_handle,
                 * value we return will fit in the range 1-255.
                 */
 
-               dptr->dnum = bitmap_find(sconn->smb1.searches.dptr_bmap, 0);
+               dptr->dnum = bitmap_find(sconn->searches.dptr_bmap, 0);
 
                if(dptr->dnum == -1 || dptr->dnum > 254) {
 
@@ -474,10 +578,10 @@ NTSTATUS dptr_create(connection_struct *conn, const char *path, bool old_handle,
                        dptr_close_oldest(sconn, true);
 
                        /* Now try again... */
-                       dptr->dnum = bitmap_find(sconn->smb1.searches.dptr_bmap, 0);
+                       dptr->dnum = bitmap_find(sconn->searches.dptr_bmap, 0);
                        if(dptr->dnum == -1 || dptr->dnum > 254) {
                                DEBUG(0,("dptr_create: returned %d: Error - all old dirptrs in use ?\n", dptr->dnum));
-                               SAFE_FREE(dptr);
+                               TALLOC_FREE(dptr);
                                TALLOC_FREE(dir_hnd);
                                return NT_STATUS_TOO_MANY_OPENED_FILES;
                        }
@@ -489,7 +593,7 @@ NTSTATUS dptr_create(connection_struct *conn, const char *path, bool old_handle,
                 * a range that will return 256 - MAX_DIRECTORY_HANDLES.
                 */
 
-               dptr->dnum = bitmap_find(sconn->smb1.searches.dptr_bmap, 255);
+               dptr->dnum = bitmap_find(sconn->searches.dptr_bmap, 255);
 
                if(dptr->dnum == -1 || dptr->dnum < 255) {
 
@@ -503,43 +607,24 @@ NTSTATUS dptr_create(connection_struct *conn, const char *path, bool old_handle,
                        dptr_close_oldest(sconn, false);
 
                        /* Now try again... */
-                       dptr->dnum = bitmap_find(sconn->smb1.searches.dptr_bmap, 255);
+                       dptr->dnum = bitmap_find(sconn->searches.dptr_bmap, 255);
 
                        if(dptr->dnum == -1 || dptr->dnum < 255) {
                                DEBUG(0,("dptr_create: returned %d: Error - all new dirptrs in use ?\n", dptr->dnum));
-                               SAFE_FREE(dptr);
+                               TALLOC_FREE(dptr);
                                TALLOC_FREE(dir_hnd);
                                return NT_STATUS_TOO_MANY_OPENED_FILES;
                        }
                }
        }
 
-       bitmap_set(sconn->smb1.searches.dptr_bmap, dptr->dnum);
+       bitmap_set(sconn->searches.dptr_bmap, dptr->dnum);
 
        dptr->dnum += 1; /* Always bias the dnum by one - no zero dnums allowed. */
 
-       string_set(&dptr->path,path);
-       dptr->conn = conn;
-       dptr->dir_hnd = dir_hnd;
-       dptr->spid = spid;
-       dptr->expect_close = expect_close;
-       dptr->wcard = SMB_STRDUP(wcard);
-       if (!dptr->wcard) {
-               bitmap_clear(sconn->smb1.searches.dptr_bmap, dptr->dnum - 1);
-               SAFE_FREE(dptr);
-               TALLOC_FREE(dir_hnd);
-               return NT_STATUS_NO_MEMORY;
-       }
-       if (lp_posix_pathnames() || (wcard[0] == '.' && wcard[1] == 0)) {
-               dptr->has_wild = True;
-       } else {
-               dptr->has_wild = wcard_has_wild;
-       }
-
-       dptr->attr = attr;
-
-       DLIST_ADD(sconn->smb1.searches.dirptrs, dptr);
+       DLIST_ADD(sconn->searches.dirptrs, dptr);
 
+done:
        DEBUG(3,("creating new dirptr %d for path %s, expect_close = %d\n",
                dptr->dnum,path,expect_close));  
 
@@ -553,12 +638,17 @@ NTSTATUS dptr_create(connection_struct *conn, const char *path, bool old_handle,
  Wrapper functions to access the lower level directory handles.
 ****************************************************************************/
 
-int dptr_CloseDir(struct dptr_struct *dptr)
+void dptr_CloseDir(files_struct *fsp)
 {
-       struct smbd_server_connection *sconn = dptr->conn->sconn;
-       DLIST_REMOVE(sconn->smb1.searches.dirptrs, dptr);
-       TALLOC_FREE(dptr->dir_hnd);
-       return 0;
+       if (fsp->dptr) {
+               /*
+                * The destructor for the struct smb_Dir
+                * (fsp->dptr->dir_hnd) now handles
+                * all resource deallocation.
+                */
+               dptr_close_internal(fsp->dptr);
+               fsp->dptr = NULL;
+       }
 }
 
 void dptr_SeekDir(struct dptr_struct *dptr, long offset)
@@ -581,6 +671,16 @@ int dptr_dnum(struct dptr_struct *dptr)
        return dptr->dnum;
 }
 
+bool dptr_get_priv(struct dptr_struct *dptr)
+{
+       return dptr->priv;
+}
+
+void dptr_set_priv(struct dptr_struct *dptr)
+{
+       dptr->priv = true;
+}
+
 /****************************************************************************
  Return the next visible file name, skipping veto'd and invisible files.
 ****************************************************************************/
@@ -608,10 +708,10 @@ static const char *dptr_normal_ReadDirName(struct dptr_struct *dptr,
  Return the next visible file name, skipping veto'd and invisible files.
 ****************************************************************************/
 
-char *dptr_ReadDirName(TALLOC_CTX *ctx,
-                       struct dptr_struct *dptr,
-                       long *poffset,
-                       SMB_STRUCT_STAT *pst)
+static char *dptr_ReadDirName(TALLOC_CTX *ctx,
+                             struct dptr_struct *dptr,
+                             long *poffset,
+                             SMB_STRUCT_STAT *pst)
 {
        struct smb_filename smb_fname_base;
        char *name = NULL;
@@ -672,8 +772,7 @@ char *dptr_ReadDirName(TALLOC_CTX *ctx,
                return NULL;
 
        /* Create an smb_filename with stream_name == NULL. */
-       ZERO_STRUCT(smb_fname_base);
-       smb_fname_base.base_name = pathreal;
+       smb_fname_base = (struct smb_filename) { .base_name = pathreal };
 
        if (SMB_VFS_STAT(dptr->conn, &smb_fname_base) == 0) {
                *pst = smb_fname_base.st;
@@ -751,20 +850,81 @@ bool dptr_SearchDir(struct dptr_struct *dptr, const char *name, long *poffset, S
 }
 
 /****************************************************************************
Add the name we're returning into the underlying cache.
Initialize variables & state data at the beginning of all search SMB requests.
 ****************************************************************************/
-
-void dptr_DirCacheAdd(struct dptr_struct *dptr, const char *name, long offset)
+void dptr_init_search_op(struct dptr_struct *dptr)
 {
-       DirCacheAdd(dptr->dir_hnd, name, offset);
+       SMB_VFS_INIT_SEARCH_OP(dptr->conn, dptr->dir_hnd->dir);
 }
 
 /****************************************************************************
Initialize variables & state data at the beginning of all search SMB requests.
Map a native directory offset to a 32-bit cookie.
 ****************************************************************************/
-void dptr_init_search_op(struct dptr_struct *dptr)
+
+static uint32_t map_dir_offset_to_wire(struct dptr_struct *dptr, long offset)
 {
-       SMB_VFS_INIT_SEARCH_OP(dptr->conn, dptr->dir_hnd->dir);
+       DATA_BLOB key;
+       DATA_BLOB val;
+
+       if (offset == END_OF_DIRECTORY_OFFSET) {
+               return WIRE_END_OF_DIRECTORY_OFFSET;
+       } else if(offset == START_OF_DIRECTORY_OFFSET) {
+               return WIRE_START_OF_DIRECTORY_OFFSET;
+       } else if (offset == DOT_DOT_DIRECTORY_OFFSET) {
+               return WIRE_DOT_DOT_DIRECTORY_OFFSET;
+       }
+       if (sizeof(long) == 4) {
+               /* 32-bit machine. We can cheat... */
+               return (uint32_t)offset;
+       }
+       if (dptr->dptr_cache == NULL) {
+               /* Lazy initialize cache. */
+               dptr->dptr_cache = memcache_init(dptr, 0);
+               if (dptr->dptr_cache == NULL) {
+                       return WIRE_END_OF_DIRECTORY_OFFSET;
+               }
+       } else {
+               /* Have we seen this offset before ? */
+               key.data = (void *)&offset;
+               key.length = sizeof(offset);
+               if (memcache_lookup(dptr->dptr_cache,
+                                       SMB1_SEARCH_OFFSET_MAP,
+                                       key,
+                                       &val)) {
+                       uint32_t wire_offset;
+                       SMB_ASSERT(val.length == sizeof(wire_offset));
+                       memcpy(&wire_offset, val.data, sizeof(wire_offset));
+                       DEBUG(10,("found wire %u <-> offset %ld\n",
+                               (unsigned int)wire_offset,
+                               (long)offset));
+                       return wire_offset;
+               }
+       }
+       /* Allocate a new wire cookie. */
+       do {
+               dptr->counter++;
+       } while (dptr->counter == WIRE_START_OF_DIRECTORY_OFFSET ||
+                dptr->counter == WIRE_END_OF_DIRECTORY_OFFSET ||
+                dptr->counter == WIRE_DOT_DOT_DIRECTORY_OFFSET);
+       /* Store it in the cache. */
+       key.data = (void *)&offset;
+       key.length = sizeof(offset);
+       val.data = (void *)&dptr->counter;
+       val.length = sizeof(dptr->counter); /* MUST BE uint32_t ! */
+       memcache_add(dptr->dptr_cache,
+                       SMB1_SEARCH_OFFSET_MAP,
+                       key,
+                       val);
+       /* And the reverse mapping for lookup from
+          map_wire_to_dir_offset(). */
+       memcache_add(dptr->dptr_cache,
+                       SMB1_SEARCH_OFFSET_MAP,
+                       val,
+                       key);
+       DEBUG(10,("stored wire %u <-> offset %ld\n",
+               (unsigned int)dptr->counter,
+               (long)offset));
+       return dptr->counter;
 }
 
 /****************************************************************************
@@ -776,19 +936,61 @@ bool dptr_fill(struct smbd_server_connection *sconn,
 {
        unsigned char *buf = (unsigned char *)buf1;
        struct dptr_struct *dptr = dptr_get(sconn, key, false);
-       uint32 offset;
+       uint32_t wire_offset;
        if (!dptr) {
                DEBUG(1,("filling null dirptr %d\n",key));
                return(False);
        }
-       offset = (uint32)TellDir(dptr->dir_hnd);
+       wire_offset = map_dir_offset_to_wire(dptr,TellDir(dptr->dir_hnd));
        DEBUG(6,("fill on key %u dirptr 0x%lx now at %d\n",key,
-               (long)dptr->dir_hnd,(int)offset));
+               (long)dptr->dir_hnd,(int)wire_offset));
        buf[0] = key;
-       SIVAL(buf,1,offset);
+       SIVAL(buf,1,wire_offset);
        return(True);
 }
 
+/****************************************************************************
+ Map a 32-bit wire cookie to a native directory offset.
+****************************************************************************/
+
+static long map_wire_to_dir_offset(struct dptr_struct *dptr, uint32_t wire_offset)
+{
+       DATA_BLOB key;
+       DATA_BLOB val;
+
+       if (wire_offset == WIRE_END_OF_DIRECTORY_OFFSET) {
+               return END_OF_DIRECTORY_OFFSET;
+       } else if(wire_offset == WIRE_START_OF_DIRECTORY_OFFSET) {
+               return START_OF_DIRECTORY_OFFSET;
+       } else if (wire_offset == WIRE_DOT_DOT_DIRECTORY_OFFSET) {
+               return DOT_DOT_DIRECTORY_OFFSET;
+       }
+       if (sizeof(long) == 4) {
+               /* 32-bit machine. We can cheat... */
+               return (long)wire_offset;
+       }
+       if (dptr->dptr_cache == NULL) {
+               /* Logic error, cache should be initialized. */
+               return END_OF_DIRECTORY_OFFSET;
+       }
+       key.data = (void *)&wire_offset;
+       key.length = sizeof(wire_offset);
+       if (memcache_lookup(dptr->dptr_cache,
+                               SMB1_SEARCH_OFFSET_MAP,
+                               key,
+                               &val)) {
+               /* Found mapping. */
+               long offset;
+               SMB_ASSERT(val.length == sizeof(offset));
+               memcpy(&offset, val.data, sizeof(offset));
+               DEBUG(10,("lookup wire %u <-> offset %ld\n",
+                       (unsigned int)wire_offset,
+                       (long)offset));
+               return offset;
+       }
+       return END_OF_DIRECTORY_OFFSET;
+}
+
 /****************************************************************************
  Fetch the dir ptr and seek it given the 5 byte server field.
 ****************************************************************************/
@@ -798,7 +1000,7 @@ struct dptr_struct *dptr_fetch(struct smbd_server_connection *sconn,
 {
        unsigned int key = *(unsigned char *)buf;
        struct dptr_struct *dptr = dptr_get(sconn, key, false);
-       uint32 offset;
+       uint32_t wire_offset;
        long seekoff;
 
        if (!dptr) {
@@ -806,12 +1008,8 @@ struct dptr_struct *dptr_fetch(struct smbd_server_connection *sconn,
                return(NULL);
        }
        *num = key;
-       offset = IVAL(buf,1);
-       if (offset == (uint32)-1) {
-               seekoff = END_OF_DIRECTORY_OFFSET;
-       } else {
-               seekoff = (long)offset;
-       }
+       wire_offset = IVAL(buf,1);
+       seekoff = map_wire_to_dir_offset(dptr, wire_offset);
        SeekDir(dptr->dir_hnd,seekoff);
        DEBUG(3,("fetching dirptr %d for path %s at offset %d\n",
                key, dptr->path, (int)seekoff));
@@ -835,32 +1033,6 @@ struct dptr_struct *dptr_fetch_lanman2(struct smbd_server_connection *sconn,
        return(dptr);
 }
 
-/****************************************************************************
- Check that a file matches a particular file type.
-****************************************************************************/
-
-bool dir_check_ftype(connection_struct *conn, uint32 mode, uint32 dirtype)
-{
-       uint32 mask;
-
-       /* Check the "may have" search bits. */
-       if (((mode & ~dirtype) & (aHIDDEN | aSYSTEM | aDIR)) != 0)
-               return False;
-
-       /* Check the "must have" bits, which are the may have bits shifted eight */
-       /* If must have bit is set, the file/dir can not be returned in search unless the matching
-               file attribute is set */
-       mask = ((dirtype >> 8) & (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM)); /* & 0x37 */
-       if(mask) {
-               if((mask & (mode & (aDIR|aARCH|aRONLY|aHIDDEN|aSYSTEM))) == mask)   /* check if matching attribute present */
-                       return True;
-               else
-                       return False;
-       }
-
-       return True;
-}
-
 static bool mangle_mask_match(connection_struct *conn,
                const char *filename,
                const char *mask)
@@ -895,17 +1067,20 @@ bool smbd_dirptr_get_entry(TALLOC_CTX *ctx,
                           long *_prev_offset)
 {
        connection_struct *conn = dirptr->conn;
-       bool needslash;
+       size_t slashlen;
+       size_t pathlen;
+       bool dirptr_path_is_dot = ISDOT(dirptr->path);
 
        *_smb_fname = NULL;
        *_mode = 0;
 
-       needslash = ( dirptr->path[strlen(dirptr->path) -1] != '/');
+       pathlen = strlen(dirptr->path);
+       slashlen = ( dirptr->path[pathlen-1] != '/') ? 1 : 0;
 
        while (true) {
                long cur_offset;
                long prev_offset;
-               SMB_STRUCT_STAT sbuf;
+               SMB_STRUCT_STAT sbuf = { 0 };
                char *dname = NULL;
                bool isdots;
                char *fname = NULL;
@@ -913,7 +1088,6 @@ bool smbd_dirptr_get_entry(TALLOC_CTX *ctx,
                struct smb_filename smb_fname;
                uint32_t mode = 0;
                bool ok;
-               NTSTATUS status;
 
                cur_offset = dptr_TellDir(dirptr);
                prev_offset = cur_offset;
@@ -944,20 +1118,39 @@ bool smbd_dirptr_get_entry(TALLOC_CTX *ctx,
                        continue;
                }
 
-               pathreal = talloc_asprintf(ctx, "%s%s%s",
-                                          dirptr->path,
-                                          needslash?"/":"",
-                                          dname);
+               /*
+                * This used to be
+                * pathreal = talloc_asprintf(ctx, "%s%s%s", dirptr->path,
+                *                            needslash?"/":"", dname);
+                * but this was measurably slower than doing the memcpy.
+                */
+
+               pathreal = talloc_array(
+                       ctx, char,
+                       pathlen + slashlen + talloc_get_size(dname));
                if (!pathreal) {
                        TALLOC_FREE(dname);
                        TALLOC_FREE(fname);
                        return false;
                }
 
+               /*
+                * We don't want to pass ./xxx to modules below us so don't
+                * add the path if it is just . by itself.
+                */
+               if (dirptr_path_is_dot) {
+                       memcpy(pathreal, dname, talloc_get_size(dname));
+               } else {
+                       memcpy(pathreal, dirptr->path, pathlen);
+                       pathreal[pathlen] = '/';
+                       memcpy(pathreal + slashlen + pathlen, dname,
+                              talloc_get_size(dname));
+               }
+
                /* Create smb_fname with NULL stream_name. */
-               ZERO_STRUCT(smb_fname);
-               smb_fname.base_name = pathreal;
-               smb_fname.st = sbuf;
+               smb_fname = (struct smb_filename) {
+                       .base_name = pathreal, .st = sbuf
+               };
 
                ok = mode_fn(ctx, private_data, &smb_fname, &mode);
                if (!ok) {
@@ -967,7 +1160,7 @@ bool smbd_dirptr_get_entry(TALLOC_CTX *ctx,
                        continue;
                }
 
-               if (!dir_check_ftype(conn, mode, dirtype)) {
+               if (!dir_check_ftype(mode, dirtype)) {
                        DEBUG(5,("[%s] attribs 0x%x didn't match 0x%x\n",
                                fname, (unsigned int)mode, (unsigned int)dirtype));
                        TALLOC_FREE(dname);
@@ -982,7 +1175,7 @@ bool smbd_dirptr_get_entry(TALLOC_CTX *ctx,
 
                        fileid = vfs_file_id_from_sbuf(conn,
                                                       &smb_fname.st);
-                       get_file_infos(fileid, NULL, &write_time_ts);
+                       get_file_infos(fileid, 0, NULL, &write_time_ts);
                        if (!null_timespec(write_time_ts)) {
                                update_stat_ex_mtime(&smb_fname.st,
                                                     write_time_ts);
@@ -998,9 +1191,9 @@ bool smbd_dirptr_get_entry(TALLOC_CTX *ctx,
 
                TALLOC_FREE(dname);
 
-               status = copy_smb_filename(ctx, &smb_fname, _smb_fname);
+               *_smb_fname = cp_smb_filename(ctx, &smb_fname);
                TALLOC_FREE(pathreal);
-               if (!NT_STATUS_IS_OK(status)) {
+               if (*_smb_fname == NULL) {
                        return false;
                }
                *_fname = fname;
@@ -1030,6 +1223,30 @@ static bool smbd_dirptr_8_3_match_fn(TALLOC_CTX *ctx,
            mangle_mask_match(conn, dname, mask)) {
                char mname[13];
                const char *fname;
+               /*
+                * Ensure we can push the original name as UCS2. If
+                * not, then just don't return this name.
+                */
+               NTSTATUS status;
+               size_t ret_len = 0;
+               size_t len = (strlen(dname) + 2) * 4; /* Allow enough space. */
+               uint8_t *tmp = talloc_array(talloc_tos(),
+                                       uint8_t,
+                                       len);
+
+               status = srvstr_push(NULL,
+                       FLAGS2_UNICODE_STRINGS,
+                       tmp,
+                       dname,
+                       len,
+                       STR_TERMINATE,
+                       &ret_len);
+
+               TALLOC_FREE(tmp);
+
+               if (!NT_STATUS_IS_OK(status)) {
+                       return false;
+               }
 
                if (!mangle_is_8_3(dname, false, conn->params)) {
                        bool ok = name_to_8_3(dname, mname, false,
@@ -1080,7 +1297,7 @@ bool get_dir_entry(TALLOC_CTX *ctx,
                const char *mask,
                uint32_t dirtype,
                char **_fname,
-               SMB_OFF_T *_size,
+               off_t *_size,
                uint32_t *_mode,
                struct timespec *_date,
                bool check_descend,
@@ -1127,16 +1344,78 @@ bool get_dir_entry(TALLOC_CTX *ctx,
 static bool user_can_read_file(connection_struct *conn,
                               struct smb_filename *smb_fname)
 {
+       NTSTATUS status;
+       uint32_t rejected_share_access = 0;
+       uint32_t rejected_mask = 0;
+       struct security_descriptor *sd = NULL;
+       uint32_t access_mask = FILE_READ_DATA|
+                               FILE_READ_EA|
+                               FILE_READ_ATTRIBUTES|
+                               SEC_STD_READ_CONTROL;
+
        /*
-        * If user is a member of the Admin group
-        * we never hide files from them.
+        * Never hide files from the root user.
+        * We use (uid_t)0 here not sec_initial_uid()
+        * as make test uses a single user context.
         */
 
-       if (conn->admin_user) {
+       if (get_current_uid(conn) == (uid_t)0) {
                return True;
        }
 
-       return can_access_file_acl(conn, smb_fname, FILE_READ_DATA);
+       /*
+        * We can't directly use smbd_check_access_rights()
+        * here, as this implicitly grants FILE_READ_ATTRIBUTES
+        * which the Windows access-based-enumeration code
+        * explicitly checks for on the file security descriptor.
+        * See bug:
+        *
+        * https://bugzilla.samba.org/show_bug.cgi?id=10252
+        *
+        * and the smb2.acl2.ACCESSBASED test for details.
+        */
+
+       rejected_share_access = access_mask & ~(conn->share_access);
+       if (rejected_share_access) {
+               DEBUG(10, ("rejected share access 0x%x "
+                       "on %s (0x%x)\n",
+                       (unsigned int)access_mask,
+                       smb_fname_str_dbg(smb_fname),
+                       (unsigned int)rejected_share_access ));
+               return false;
+        }
+
+       status = SMB_VFS_GET_NT_ACL(conn,
+                       smb_fname->base_name,
+                       (SECINFO_OWNER |
+                        SECINFO_GROUP |
+                        SECINFO_DACL),
+                       talloc_tos(),
+                       &sd);
+
+       if (!NT_STATUS_IS_OK(status)) {
+                DEBUG(10, ("Could not get acl "
+                       "on %s: %s\n",
+                       smb_fname_str_dbg(smb_fname),
+                       nt_errstr(status)));
+               return false;
+        }
+
+       status = se_file_access_check(sd,
+                               get_current_nttok(conn),
+                               false,
+                               access_mask,
+                               &rejected_mask);
+
+        TALLOC_FREE(sd);
+
+       if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+               DEBUG(10,("rejected bits 0x%x read access for %s\n",
+                       (unsigned int)rejected_mask,
+                       smb_fname_str_dbg(smb_fname) ));
+               return false;
+        }
+       return true;
 }
 
 /*******************************************************************
@@ -1150,11 +1429,12 @@ static bool user_can_write_file(connection_struct *conn,
                                const struct smb_filename *smb_fname)
 {
        /*
-        * If user is a member of the Admin group
-        * we never hide files from them.
+        * Never hide files from the root user.
+        * We use (uid_t)0 here not sec_initial_uid()
+        * as make test uses a single user context.
         */
 
-       if (conn->admin_user) {
+       if (get_current_uid(conn) == (uid_t)0) {
                return True;
        }
 
@@ -1177,12 +1457,14 @@ static bool file_is_special(connection_struct *conn,
                            const struct smb_filename *smb_fname)
 {
        /*
-        * If user is a member of the Admin group
-        * we never hide files from them.
+        * Never hide files from the root user.
+        * We use (uid_t)0 here not sec_initial_uid()
+        * as make test uses a single user context.
         */
 
-       if (conn->admin_user)
+       if (get_current_uid(conn) == (uid_t)0) {
                return False;
+       }
 
        SMB_ASSERT(VALID_STAT(smb_fname->st));
 
@@ -1202,12 +1484,11 @@ static bool file_is_special(connection_struct *conn,
 bool is_visible_file(connection_struct *conn, const char *dir_path,
                     const char *name, SMB_STRUCT_STAT *pst, bool use_veto)
 {
-       bool hide_unreadable = lp_hideunreadable(SNUM(conn));
-       bool hide_unwriteable = lp_hideunwriteable_files(SNUM(conn));
+       bool hide_unreadable = lp_hide_unreadable(SNUM(conn));
+       bool hide_unwriteable = lp_hide_unwriteable_files(SNUM(conn));
        bool hide_special = lp_hide_special_files(SNUM(conn));
        char *entry = NULL;
        struct smb_filename *smb_fname_base = NULL;
-       NTSTATUS status;
        bool ret = false;
 
        if ((strcmp(".",name) == 0) || (strcmp("..",name) == 0)) {
@@ -1228,9 +1509,9 @@ bool is_visible_file(connection_struct *conn, const char *dir_path,
                }
 
                /* Create an smb_filename with stream_name == NULL. */
-               status = create_synthetic_smb_fname(talloc_tos(), entry, NULL,
-                                                   pst, &smb_fname_base);
-               if (!NT_STATUS_IS_OK(status)) {
+               smb_fname_base = synthetic_smb_fname(talloc_tos(), entry, NULL,
+                                                    pst);
+               if (smb_fname_base == NULL) {
                        ret = false;
                        goto out;
                }
@@ -1243,9 +1524,8 @@ bool is_visible_file(connection_struct *conn, const char *dir_path,
                        if (SMB_VFS_STAT(conn, smb_fname_base) != 0) {
                                ret = true;
                                goto out;
-                       } else {
-                               *pst = smb_fname_base->st;
                        }
+                       *pst = smb_fname_base->st;
                }
 
                /* Honour _hide unreadable_ option */
@@ -1282,11 +1562,24 @@ bool is_visible_file(connection_struct *conn, const char *dir_path,
 
 static int smb_Dir_destructor(struct smb_Dir *dirp)
 {
-       if (dirp->dir) {
+       if (dirp->dir != NULL) {
                SMB_VFS_CLOSEDIR(dirp->conn,dirp->dir);
+               if (dirp->fsp != NULL) {
+                       /*
+                        * The SMB_VFS_CLOSEDIR above
+                        * closes the underlying fd inside
+                        * dirp->fsp.
+                        */
+                       dirp->fsp->fh->fd = -1;
+                       if (dirp->fsp->dptr != NULL) {
+                               SMB_ASSERT(dirp->fsp->dptr->dir_hnd == dirp);
+                               dirp->fsp->dptr->dir_hnd = NULL;
+                       }
+                       dirp->fsp = NULL;
+               }
        }
-       if (dirp->conn->sconn) {
-               dirp->conn->sconn->smb1.searches.dirhandles_open--;
+       if (dirp->conn->sconn && !dirp->conn->sconn->using_smb2) {
+               dirp->conn->sconn->searches.dirhandles_open--;
        }
        return 0;
 }
@@ -1296,9 +1589,11 @@ static int smb_Dir_destructor(struct smb_Dir *dirp)
 ********************************************************************/
 
 struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn,
-                       const char *name, const char *mask, uint32 attr)
+                       const char *name,
+                       const char *mask,
+                       uint32_t attr)
 {
-       struct smb_Dir *dirp = TALLOC_ZERO_P(mem_ctx, struct smb_Dir);
+       struct smb_Dir *dirp = talloc_zero(mem_ctx, struct smb_Dir);
        struct smbd_server_connection *sconn = conn->sconn;
 
        if (!dirp) {
@@ -1314,8 +1609,8 @@ struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn,
                goto fail;
        }
 
-       if (sconn) {
-               sconn->smb1.searches.dirhandles_open++;
+       if (sconn && !sconn->using_smb2) {
+               sconn->searches.dirhandles_open++;
        }
        talloc_set_destructor(dirp, smb_Dir_destructor);
 
@@ -1333,6 +1628,70 @@ struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn,
        return NULL;
 }
 
+/*******************************************************************
+ Open a directory from an fsp.
+********************************************************************/
+
+static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
+                       files_struct *fsp,
+                       const char *mask,
+                       uint32_t attr)
+{
+       struct smb_Dir *dirp = talloc_zero(mem_ctx, struct smb_Dir);
+       struct smbd_server_connection *sconn = conn->sconn;
+
+       if (!dirp) {
+               return NULL;
+       }
+
+       dirp->conn = conn;
+       dirp->name_cache_size = lp_directory_name_cache_size(SNUM(conn));
+
+       dirp->dir_path = talloc_strdup(dirp, fsp->fsp_name->base_name);
+       if (!dirp->dir_path) {
+               errno = ENOMEM;
+               goto fail;
+       }
+
+       if (sconn && !sconn->using_smb2) {
+               sconn->searches.dirhandles_open++;
+       }
+       talloc_set_destructor(dirp, smb_Dir_destructor);
+
+       if (fsp->is_directory && fsp->fh->fd != -1) {
+               dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr);
+               if (dirp->dir != NULL) {
+                       dirp->fsp = fsp;
+               } else {
+                       DEBUG(10,("OpenDir_fsp: SMB_VFS_FDOPENDIR on %s returned "
+                               "NULL (%s)\n",
+                               dirp->dir_path,
+                               strerror(errno)));
+                       if (errno != ENOSYS) {
+                               return NULL;
+                       }
+               }
+       }
+
+       if (dirp->dir == NULL) {
+               /* FDOPENDIR didn't work. Use OPENDIR instead. */
+               dirp->dir = SMB_VFS_OPENDIR(conn, dirp->dir_path, mask, attr);
+       }
+
+       if (!dirp->dir) {
+               DEBUG(5,("OpenDir_fsp: Can't open %s. %s\n", dirp->dir_path,
+                        strerror(errno) ));
+               goto fail;
+       }
+
+       return dirp;
+
+  fail:
+       TALLOC_FREE(dirp);
+       return NULL;
+}
+
+
 /*******************************************************************
  Read from a directory.
  Return directory entry, current offset, and optional stat information.
@@ -1360,14 +1719,16 @@ const char *ReadDirName(struct smb_Dir *dirp, long *poffset,
                dirp->file_number++;
                *ptalloced = NULL;
                return n;
-       } else if (*poffset == END_OF_DIRECTORY_OFFSET) {
+       }
+
+       if (*poffset == END_OF_DIRECTORY_OFFSET) {
                *poffset = dirp->offset = END_OF_DIRECTORY_OFFSET;
                return NULL;
-       } else {
-               /* A real offset, seek to it. */
-               SeekDir(dirp, *poffset);
        }
 
+       /* A real offset, seek to it. */
+       SeekDir(dirp, *poffset);
+
        while ((n = vfs_readdirname(conn, dirp->dir, sbuf, &talloced))) {
                /* Ignore . and .. - we've already returned them. */
                if (*n == '.') {
@@ -1444,7 +1805,7 @@ long TellDir(struct smb_Dir *dirp)
  Add an entry into the dcache.
 ********************************************************************/
 
-void DirCacheAdd(struct smb_Dir *dirp, const char *name, long offset)
+static void DirCacheAdd(struct smb_Dir *dirp, const char *name, long offset)
 {
        struct name_cache_entry *e;
 
@@ -1453,7 +1814,7 @@ void DirCacheAdd(struct smb_Dir *dirp, const char *name, long offset)
        }
 
        if (dirp->name_cache == NULL) {
-               dirp->name_cache = TALLOC_ZERO_ARRAY(
+               dirp->name_cache = talloc_zero_array(
                        dirp, struct name_cache_entry, dirp->name_cache_size);
 
                if (dirp->name_cache == NULL) {
@@ -1515,20 +1876,135 @@ bool SearchDir(struct smb_Dir *dirp, const char *name, long *poffset)
        return False;
 }
 
+struct files_below_forall_state {
+       char *dirpath;
+       size_t dirpath_len;
+       int (*fn)(struct file_id fid, const struct share_mode_data *data,
+                 void *private_data);
+       void *private_data;
+};
+
+static int files_below_forall_fn(struct file_id fid,
+                                const struct share_mode_data *data,
+                                void *private_data)
+{
+       struct files_below_forall_state *state = private_data;
+       char tmpbuf[PATH_MAX];
+       char *fullpath, *to_free;
+       size_t len;
+
+       len = full_path_tos(data->servicepath, data->base_name,
+                           tmpbuf, sizeof(tmpbuf),
+                           &fullpath, &to_free);
+       if (len == -1) {
+               return 0;
+       }
+       if (state->dirpath_len >= len) {
+               /*
+                * Filter files above dirpath
+                */
+               return 0;
+       }
+       if (fullpath[state->dirpath_len] != '/') {
+               /*
+                * Filter file that don't have a path separator at the end of
+                * dirpath's length
+                */
+               return 0;
+       }
+
+       if (memcmp(state->dirpath, fullpath, state->dirpath_len) != 0) {
+               /*
+                * Not a parent
+                */
+               return 0;
+       }
+
+       return state->fn(fid, data, state->private_data);
+}
+
+static int files_below_forall(connection_struct *conn,
+                             const struct smb_filename *dir_name,
+                             int (*fn)(struct file_id fid,
+                                       const struct share_mode_data *data,
+                                       void *private_data),
+                             void *private_data)
+{
+       struct files_below_forall_state state = {
+                       .fn = fn,
+                       .private_data = private_data,
+       };
+       int ret;
+       char tmpbuf[PATH_MAX];
+       char *to_free;
+
+       state.dirpath_len = full_path_tos(conn->connectpath,
+                                         dir_name->base_name,
+                                         tmpbuf, sizeof(tmpbuf),
+                                         &state.dirpath, &to_free);
+       if (state.dirpath_len == -1) {
+               return -1;
+       }
+
+       ret = share_mode_forall(files_below_forall_fn, &state);
+       TALLOC_FREE(to_free);
+       return ret;
+}
+
+struct have_file_open_below_state {
+       bool found_one;
+};
+
+static int have_file_open_below_fn(struct file_id fid,
+                                  const struct share_mode_data *data,
+                                  void *private_data)
+{
+       struct have_file_open_below_state *state = private_data;
+       state->found_one = true;
+       return 1;
+}
+
+bool have_file_open_below(connection_struct *conn,
+                                const struct smb_filename *name)
+{
+       struct have_file_open_below_state state = {
+               .found_one = false,
+       };
+       int ret;
+
+       if (!VALID_STAT(name->st)) {
+               return false;
+       }
+       if (!S_ISDIR(name->st.st_ex_mode)) {
+               return false;
+       }
+
+       ret = files_below_forall(conn, name, have_file_open_below_fn, &state);
+       if (ret == -1) {
+               return false;
+       }
+
+       return state.found_one;
+}
+
 /*****************************************************************
  Is this directory empty ?
 *****************************************************************/
 
-NTSTATUS can_delete_directory(struct connection_struct *conn,
-                               const char *dirname)
+NTSTATUS can_delete_directory_fsp(files_struct *fsp)
 {
        NTSTATUS status = NT_STATUS_OK;
        long dirpos = 0;
        const char *dname = NULL;
+       const char *dirname = fsp->fsp_name->base_name;
        char *talloced = NULL;
        SMB_STRUCT_STAT st;
-       struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, dirname,
-                                         NULL, 0);
+       struct connection_struct *conn = fsp->conn;
+       struct smb_Dir *dir_hnd = OpenDir_fsp(talloc_tos(),
+                                       conn,
+                                       fsp,
+                                       NULL,
+                                       0);
 
        if (!dir_hnd) {
                return map_nt_error_from_unix(errno);
@@ -1548,7 +2024,7 @@ NTSTATUS can_delete_directory(struct connection_struct *conn,
                        continue;
                }
 
-               DEBUG(10,("can_delete_directory: got name %s - can't delete\n",
+               DEBUG(10,("got name %s - can't delete\n",
                         dname ));
                status = NT_STATUS_DIRECTORY_NOT_EMPTY;
                break;
@@ -1556,5 +2032,16 @@ NTSTATUS can_delete_directory(struct connection_struct *conn,
        TALLOC_FREE(talloced);
        TALLOC_FREE(dir_hnd);
 
-       return status;
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
+       if (!(fsp->posix_flags & FSP_POSIX_FLAGS_RENAME) &&
+           lp_strict_rename(SNUM(conn)) &&
+           have_file_open_below(fsp->conn, fsp->fsp_name))
+       {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
+       return NT_STATUS_OK;
 }
Michael's Samba GIT