2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 extern const struct generic_mapping file_generic_mapping;
25 extern struct current_user current_user;
26 extern userdom_struct current_user_info;
27 extern bool global_client_failed_oplock_break;
29 struct deferred_open_record {
30 bool delayed_for_oplocks;
34 /****************************************************************************
35 fd support routines - attempt to do a dos_open.
36 ****************************************************************************/
38 static NTSTATUS fd_open(struct connection_struct *conn,
44 NTSTATUS status = NT_STATUS_OK;
48 * Never follow symlinks on a POSIX client. The
49 * client should be doing this.
52 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
57 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
58 if (fsp->fh->fd == -1) {
59 status = map_nt_error_from_unix(errno);
62 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
63 fname, flags, (int)mode, fsp->fh->fd,
64 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
69 /****************************************************************************
70 Close the file associated with a fsp.
71 ****************************************************************************/
73 NTSTATUS fd_close(files_struct *fsp)
77 if (fsp->fh->fd == -1) {
78 return NT_STATUS_OK; /* What we used to call a stat open. */
80 if (fsp->fh->ref_count > 1) {
81 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
84 ret = SMB_VFS_CLOSE(fsp);
87 return map_nt_error_from_unix(errno);
92 /****************************************************************************
93 Change the ownership of a file to that of the parent directory.
94 Do this by fd if possible.
95 ****************************************************************************/
97 static void change_file_owner_to_parent(connection_struct *conn,
98 const char *inherit_from_dir,
101 SMB_STRUCT_STAT parent_st;
104 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
106 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
107 "directory %s. Error was %s\n",
108 inherit_from_dir, strerror(errno) ));
113 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
116 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
117 "file %s to parent directory uid %u. Error "
118 "was %s\n", fsp->fsp_name,
119 (unsigned int)parent_st.st_uid,
123 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
124 "parent directory uid %u.\n", fsp->fsp_name,
125 (unsigned int)parent_st.st_uid ));
128 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
129 const char *inherit_from_dir,
131 SMB_STRUCT_STAT *psbuf)
133 char *saved_dir = NULL;
134 SMB_STRUCT_STAT sbuf;
135 SMB_STRUCT_STAT parent_st;
136 TALLOC_CTX *ctx = talloc_tos();
137 NTSTATUS status = NT_STATUS_OK;
140 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
142 status = map_nt_error_from_unix(errno);
143 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
144 "directory %s. Error was %s\n",
145 inherit_from_dir, strerror(errno) ));
149 /* We've already done an lstat into psbuf, and we know it's a
150 directory. If we can cd into the directory and the dev/ino
151 are the same then we can safely chown without races as
152 we're locking the directory in place by being in it. This
153 should work on any UNIX (thanks tridge :-). JRA.
156 saved_dir = vfs_GetWd(ctx,conn);
158 status = map_nt_error_from_unix(errno);
159 DEBUG(0,("change_dir_owner_to_parent: failed to get "
160 "current working directory. Error was %s\n",
165 /* Chdir into the new path. */
166 if (vfs_ChDir(conn, fname) == -1) {
167 status = map_nt_error_from_unix(errno);
168 DEBUG(0,("change_dir_owner_to_parent: failed to change "
169 "current working directory to %s. Error "
170 "was %s\n", fname, strerror(errno) ));
174 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
175 status = map_nt_error_from_unix(errno);
176 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
177 "directory '.' (%s) Error was %s\n",
178 fname, strerror(errno)));
182 /* Ensure we're pointing at the same place. */
183 if (sbuf.st_dev != psbuf->st_dev ||
184 sbuf.st_ino != psbuf->st_ino ||
185 sbuf.st_mode != psbuf->st_mode ) {
186 DEBUG(0,("change_dir_owner_to_parent: "
187 "device/inode/mode on directory %s changed. "
188 "Refusing to chown !\n", fname ));
189 status = NT_STATUS_ACCESS_DENIED;
194 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
197 status = map_nt_error_from_unix(errno);
198 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
199 "directory %s to parent directory uid %u. "
200 "Error was %s\n", fname,
201 (unsigned int)parent_st.st_uid, strerror(errno) ));
205 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
206 "directory %s to parent directory uid %u.\n",
207 fname, (unsigned int)parent_st.st_uid ));
211 vfs_ChDir(conn,saved_dir);
215 /****************************************************************************
217 ****************************************************************************/
219 static NTSTATUS open_file(files_struct *fsp,
220 connection_struct *conn,
221 struct smb_request *req,
222 const char *parent_dir,
225 SMB_STRUCT_STAT *psbuf,
228 uint32 access_mask, /* client requested access mask. */
229 uint32 open_access_mask) /* what we're actually using in the open. */
231 NTSTATUS status = NT_STATUS_OK;
232 int accmode = (flags & O_ACCMODE);
233 int local_flags = flags;
234 bool file_existed = VALID_STAT(*psbuf);
239 /* Check permissions */
242 * This code was changed after seeing a client open request
243 * containing the open mode of (DENY_WRITE/read-only) with
244 * the 'create if not exist' bit set. The previous code
245 * would fail to open the file read only on a read-only share
246 * as it was checking the flags parameter directly against O_RDONLY,
247 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
251 if (!CAN_WRITE(conn)) {
252 /* It's a read-only share - fail if we wanted to write. */
253 if(accmode != O_RDONLY) {
254 DEBUG(3,("Permission denied opening %s\n", path));
255 return NT_STATUS_ACCESS_DENIED;
256 } else if(flags & O_CREAT) {
257 /* We don't want to write - but we must make sure that
258 O_CREAT doesn't create the file if we have write
259 access into the directory.
262 local_flags &= ~O_CREAT;
267 * This little piece of insanity is inspired by the
268 * fact that an NT client can open a file for O_RDONLY,
269 * but set the create disposition to FILE_EXISTS_TRUNCATE.
270 * If the client *can* write to the file, then it expects to
271 * truncate the file, even though it is opening for readonly.
272 * Quicken uses this stupid trick in backup file creation...
273 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
274 * for helping track this one down. It didn't bite us in 2.0.x
275 * as we always opened files read-write in that release. JRA.
278 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
279 DEBUG(10,("open_file: truncate requested on read-only open "
280 "for file %s\n", path));
281 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
284 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
285 (!file_existed && (local_flags & O_CREAT)) ||
286 ((local_flags & O_TRUNC) == O_TRUNC) ) {
289 * We can't actually truncate here as the file may be locked.
290 * open_file_ntcreate will take care of the truncate later. JRA.
293 local_flags &= ~O_TRUNC;
295 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
297 * We would block on opening a FIFO with no one else on the
298 * other end. Do what we used to do and add O_NONBLOCK to the
302 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
303 local_flags |= O_NONBLOCK;
307 /* Don't create files with Microsoft wildcard characters. */
308 if ((local_flags & O_CREAT) && !file_existed &&
310 return NT_STATUS_OBJECT_NAME_INVALID;
313 /* Actually do the open */
314 status = fd_open(conn, path, fsp, local_flags, unx_mode);
315 if (!NT_STATUS_IS_OK(status)) {
316 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
318 path,nt_errstr(status),local_flags,flags));
322 if ((local_flags & O_CREAT) && !file_existed) {
324 /* Inherit the ACL if required */
325 if (lp_inherit_perms(SNUM(conn))) {
326 inherit_access_acl(conn, parent_dir, path,
330 /* Change the owner if required. */
331 if (lp_inherit_owner(SNUM(conn))) {
332 change_file_owner_to_parent(conn, parent_dir,
336 notify_fname(conn, NOTIFY_ACTION_ADDED,
337 FILE_NOTIFY_CHANGE_FILE_NAME, path);
341 fsp->fh->fd = -1; /* What we used to call a stat open. */
347 if (fsp->fh->fd == -1) {
348 ret = SMB_VFS_STAT(conn, path, psbuf);
350 ret = SMB_VFS_FSTAT(fsp, psbuf);
351 /* If we have an fd, this stat should succeed. */
353 DEBUG(0,("Error doing fstat on open file %s "
354 "(%s)\n", path,strerror(errno) ));
358 /* For a non-io open, this stat failing means file not found. JRA */
360 status = map_nt_error_from_unix(errno);
367 * POSIX allows read-only opens of directories. We don't
368 * want to do this (we use a different code path for this)
369 * so catch a directory open and return an EISDIR. JRA.
372 if(S_ISDIR(psbuf->st_mode)) {
375 return NT_STATUS_FILE_IS_A_DIRECTORY;
378 fsp->mode = psbuf->st_mode;
379 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
380 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
381 fsp->file_pid = req ? req->smbpid : 0;
382 fsp->can_lock = True;
383 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
384 if (!CAN_WRITE(conn)) {
385 fsp->can_write = False;
387 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
390 fsp->print_file = False;
391 fsp->modified = False;
392 fsp->sent_oplock_break = NO_BREAK_SENT;
393 fsp->is_directory = False;
394 fsp->is_stat = False;
395 if (conn->aio_write_behind_list &&
396 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
397 fsp->aio_write_behind = True;
400 string_set(&fsp->fsp_name, path);
401 fsp->wcp = NULL; /* Write cache pointer. */
403 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
404 *current_user_info.smb_name ?
405 current_user_info.smb_name : conn->user,fsp->fsp_name,
406 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
407 conn->num_files_open));
413 /*******************************************************************
414 Return True if the filename is one of the special executable types.
415 ********************************************************************/
417 static bool is_executable(const char *fname)
419 if ((fname = strrchr_m(fname,'.'))) {
420 if (strequal(fname,".com") ||
421 strequal(fname,".dll") ||
422 strequal(fname,".exe") ||
423 strequal(fname,".sym")) {
430 /****************************************************************************
431 Check if we can open a file with a share mode.
432 Returns True if conflict, False if not.
433 ****************************************************************************/
435 static bool share_conflict(struct share_mode_entry *entry,
439 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
440 "entry->share_access = 0x%x, "
441 "entry->private_options = 0x%x\n",
442 (unsigned int)entry->access_mask,
443 (unsigned int)entry->share_access,
444 (unsigned int)entry->private_options));
446 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
447 (unsigned int)access_mask, (unsigned int)share_access));
449 if ((entry->access_mask & (FILE_WRITE_DATA|
453 DELETE_ACCESS)) == 0) {
454 DEBUG(10,("share_conflict: No conflict due to "
455 "entry->access_mask = 0x%x\n",
456 (unsigned int)entry->access_mask ));
460 if ((access_mask & (FILE_WRITE_DATA|
464 DELETE_ACCESS)) == 0) {
465 DEBUG(10,("share_conflict: No conflict due to "
466 "access_mask = 0x%x\n",
467 (unsigned int)access_mask ));
471 #if 1 /* JRA TEST - Superdebug. */
472 #define CHECK_MASK(num, am, right, sa, share) \
473 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
474 (unsigned int)(num), (unsigned int)(am), \
475 (unsigned int)(right), (unsigned int)(am)&(right) )); \
476 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
477 (unsigned int)(num), (unsigned int)(sa), \
478 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
479 if (((am) & (right)) && !((sa) & (share))) { \
480 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
481 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
482 (unsigned int)(share) )); \
486 #define CHECK_MASK(num, am, right, sa, share) \
487 if (((am) & (right)) && !((sa) & (share))) { \
488 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
489 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
490 (unsigned int)(share) )); \
495 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
496 share_access, FILE_SHARE_WRITE);
497 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
498 entry->share_access, FILE_SHARE_WRITE);
500 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
501 share_access, FILE_SHARE_READ);
502 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
503 entry->share_access, FILE_SHARE_READ);
505 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
506 share_access, FILE_SHARE_DELETE);
507 CHECK_MASK(6, access_mask, DELETE_ACCESS,
508 entry->share_access, FILE_SHARE_DELETE);
510 DEBUG(10,("share_conflict: No conflict.\n"));
514 #if defined(DEVELOPER)
515 static void validate_my_share_entries(int num,
516 struct share_mode_entry *share_entry)
520 if (!procid_is_me(&share_entry->pid)) {
524 if (is_deferred_open_entry(share_entry) &&
525 !open_was_deferred(share_entry->op_mid)) {
526 char *str = talloc_asprintf(talloc_tos(),
527 "Got a deferred entry without a request: "
529 share_mode_str(talloc_tos(), num, share_entry));
533 if (!is_valid_share_mode_entry(share_entry)) {
537 fsp = file_find_dif(share_entry->id,
538 share_entry->share_file_id);
540 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
541 share_mode_str(talloc_tos(), num, share_entry) ));
542 smb_panic("validate_my_share_entries: Cannot match a "
543 "share entry with an open file\n");
546 if (is_deferred_open_entry(share_entry) ||
547 is_unused_share_mode_entry(share_entry)) {
551 if ((share_entry->op_type == NO_OPLOCK) &&
552 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
553 /* Someone has already written to it, but I haven't yet
558 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
567 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
568 share_mode_str(talloc_tos(), num, share_entry) ));
569 str = talloc_asprintf(talloc_tos(),
570 "validate_my_share_entries: "
571 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
572 fsp->fsp_name, (unsigned int)fsp->oplock_type,
573 (unsigned int)share_entry->op_type );
579 static bool is_stat_open(uint32 access_mask)
581 return (access_mask &&
582 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
583 FILE_WRITE_ATTRIBUTES))==0) &&
584 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
585 FILE_WRITE_ATTRIBUTES)) != 0));
588 /****************************************************************************
589 Deal with share modes
590 Invarient: Share mode must be locked on entry and exit.
591 Returns -1 on error, or number of share modes on success (may be zero).
592 ****************************************************************************/
594 static NTSTATUS open_mode_check(connection_struct *conn,
596 struct share_mode_lock *lck,
599 uint32 create_options,
604 if(lck->num_share_modes == 0) {
608 *file_existed = True;
610 /* A delete on close prohibits everything */
612 if (lck->delete_on_close) {
613 return NT_STATUS_DELETE_PENDING;
616 if (is_stat_open(access_mask)) {
617 /* Stat open that doesn't trigger oplock breaks or share mode
618 * checks... ! JRA. */
623 * Check if the share modes will give us access.
626 #if defined(DEVELOPER)
627 for(i = 0; i < lck->num_share_modes; i++) {
628 validate_my_share_entries(i, &lck->share_modes[i]);
632 if (!lp_share_modes(SNUM(conn))) {
636 /* Now we check the share modes, after any oplock breaks. */
637 for(i = 0; i < lck->num_share_modes; i++) {
639 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
643 /* someone else has a share lock on it, check to see if we can
645 if (share_conflict(&lck->share_modes[i],
646 access_mask, share_access)) {
647 return NT_STATUS_SHARING_VIOLATION;
654 static bool is_delete_request(files_struct *fsp) {
655 return ((fsp->access_mask == DELETE_ACCESS) &&
656 (fsp->oplock_type == NO_OPLOCK));
660 * 1) No files open at all or internal open: Grant whatever the client wants.
662 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
663 * request, break if the oplock around is a batch oplock. If it's another
664 * requested access type, break.
666 * 3) Only level2 around: Grant level2 and do nothing else.
669 static bool delay_for_oplocks(struct share_mode_lock *lck,
676 struct share_mode_entry *exclusive = NULL;
677 bool valid_entry = False;
678 bool delay_it = False;
679 bool have_level2 = False;
681 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
683 if (oplock_request & INTERNAL_OPEN_ONLY) {
684 fsp->oplock_type = NO_OPLOCK;
687 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
691 for (i=0; i<lck->num_share_modes; i++) {
693 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
697 /* At least one entry is not an invalid or deferred entry. */
700 if (pass_number == 1) {
701 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
702 SMB_ASSERT(exclusive == NULL);
703 exclusive = &lck->share_modes[i];
706 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
707 SMB_ASSERT(exclusive == NULL);
708 exclusive = &lck->share_modes[i];
712 if (lck->share_modes[i].op_type == LEVEL_II_OPLOCK) {
713 SMB_ASSERT(exclusive == NULL);
719 /* All entries are placeholders or deferred.
720 * Directly grant whatever the client wants. */
721 if (fsp->oplock_type == NO_OPLOCK) {
722 /* Store a level2 oplock, but don't tell the client */
723 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
728 if (exclusive != NULL) { /* Found an exclusive oplock */
729 SMB_ASSERT(!have_level2);
730 delay_it = is_delete_request(fsp) ?
731 BATCH_OPLOCK_TYPE(exclusive->op_type) : True;
734 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
735 /* We can at most grant level2 as there are other
736 * level2 or NO_OPLOCK entries. */
737 fsp->oplock_type = LEVEL_II_OPLOCK;
740 if ((fsp->oplock_type == NO_OPLOCK) && have_level2) {
741 /* Store a level2 oplock, but don't tell the client */
742 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
750 * Send a break message to the oplock holder and delay the open for
754 DEBUG(10, ("Sending break request to PID %s\n",
755 procid_str_static(&exclusive->pid)));
756 exclusive->op_mid = mid;
758 /* Create the message. */
759 share_mode_entry_to_message(msg, exclusive);
761 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
762 don't want this set in the share mode struct pointed to by lck. */
764 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
765 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
768 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
769 MSG_SMB_BREAK_REQUEST,
771 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
772 if (!NT_STATUS_IS_OK(status)) {
773 DEBUG(3, ("Could not send oplock break message: %s\n",
780 static bool request_timed_out(struct timeval request_time,
781 struct timeval timeout)
783 struct timeval now, end_time;
785 end_time = timeval_sum(&request_time, &timeout);
786 return (timeval_compare(&end_time, &now) < 0);
789 /****************************************************************************
790 Handle the 1 second delay in returning a SHARING_VIOLATION error.
791 ****************************************************************************/
793 static void defer_open(struct share_mode_lock *lck,
794 struct timeval request_time,
795 struct timeval timeout,
796 struct smb_request *req,
797 struct deferred_open_record *state)
803 for (i=0; i<lck->num_share_modes; i++) {
804 struct share_mode_entry *e = &lck->share_modes[i];
806 if (!is_deferred_open_entry(e)) {
810 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
811 DEBUG(0, ("Trying to defer an already deferred "
812 "request: mid=%d, exiting\n", req->mid));
813 exit_server("attempt to defer a deferred request");
817 /* End paranoia check */
819 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
820 "open entry for mid %u\n",
821 (unsigned int)request_time.tv_sec,
822 (unsigned int)request_time.tv_usec,
823 (unsigned int)req->mid));
825 if (!push_deferred_smb_message(req, request_time, timeout,
826 (char *)state, sizeof(*state))) {
827 exit_server("push_deferred_smb_message failed");
829 add_deferred_open(lck, req->mid, request_time, state->id);
832 * Push the MID of this packet on the signing queue.
833 * We only do this once, the first time we push the packet
834 * onto the deferred open queue, as this has a side effect
835 * of incrementing the response sequence number.
838 srv_defer_sign_response(req->mid);
842 /****************************************************************************
843 On overwrite open ensure that the attributes match.
844 ****************************************************************************/
846 static bool open_match_attributes(connection_struct *conn,
850 mode_t existing_unx_mode,
852 mode_t *returned_unx_mode)
854 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
856 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
857 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
859 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
860 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
861 *returned_unx_mode = new_unx_mode;
863 *returned_unx_mode = (mode_t)0;
866 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
867 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
868 "returned_unx_mode = 0%o\n",
870 (unsigned int)old_dos_attr,
871 (unsigned int)existing_unx_mode,
872 (unsigned int)new_dos_attr,
873 (unsigned int)*returned_unx_mode ));
875 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
876 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
877 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
878 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
882 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
883 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
884 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
891 /****************************************************************************
892 Special FCB or DOS processing in the case of a sharing violation.
893 Try and find a duplicated file handle.
894 ****************************************************************************/
896 static NTSTATUS fcb_or_dos_open(connection_struct *conn,
897 files_struct *fsp_to_dup_into,
904 uint32 create_options)
908 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
909 "file %s.\n", fname ));
911 for(fsp = file_find_di_first(id); fsp;
912 fsp = file_find_di_next(fsp)) {
914 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
915 "vuid = %u, file_pid = %u, private_options = 0x%x "
916 "access_mask = 0x%x\n", fsp->fsp_name,
917 fsp->fh->fd, (unsigned int)fsp->vuid,
918 (unsigned int)fsp->file_pid,
919 (unsigned int)fsp->fh->private_options,
920 (unsigned int)fsp->access_mask ));
922 if (fsp->fh->fd != -1 &&
924 fsp->file_pid == file_pid &&
925 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
926 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
927 (fsp->access_mask & FILE_WRITE_DATA) &&
928 strequal(fsp->fsp_name, fname)) {
929 DEBUG(10,("fcb_or_dos_open: file match\n"));
935 return NT_STATUS_NOT_FOUND;
938 /* quite an insane set of semantics ... */
939 if (is_executable(fname) &&
940 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
941 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
942 return NT_STATUS_INVALID_PARAMETER;
945 /* We need to duplicate this fsp. */
946 dup_file_fsp(fsp, access_mask, share_access,
947 create_options, fsp_to_dup_into);
952 /****************************************************************************
953 Open a file with a share mode - old openX method - map into NTCreate.
954 ****************************************************************************/
956 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
957 uint32 *paccess_mask,
959 uint32 *pcreate_disposition,
960 uint32 *pcreate_options)
964 uint32 create_disposition;
965 uint32 create_options = 0;
967 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
968 "open_func = 0x%x\n",
969 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
971 /* Create the NT compatible access_mask. */
972 switch (GET_OPENX_MODE(deny_mode)) {
973 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
974 case DOS_OPEN_RDONLY:
975 access_mask = FILE_GENERIC_READ;
977 case DOS_OPEN_WRONLY:
978 access_mask = FILE_GENERIC_WRITE;
982 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
985 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
986 (unsigned int)GET_OPENX_MODE(deny_mode)));
990 /* Create the NT compatible create_disposition. */
992 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
993 create_disposition = FILE_CREATE;
996 case OPENX_FILE_EXISTS_OPEN:
997 create_disposition = FILE_OPEN;
1000 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1001 create_disposition = FILE_OPEN_IF;
1004 case OPENX_FILE_EXISTS_TRUNCATE:
1005 create_disposition = FILE_OVERWRITE;
1008 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1009 create_disposition = FILE_OVERWRITE_IF;
1013 /* From samba4 - to be confirmed. */
1014 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1015 create_disposition = FILE_CREATE;
1018 DEBUG(10,("map_open_params_to_ntcreate: bad "
1019 "open_func 0x%x\n", (unsigned int)open_func));
1023 /* Create the NT compatible share modes. */
1024 switch (GET_DENY_MODE(deny_mode)) {
1026 share_mode = FILE_SHARE_NONE;
1030 share_mode = FILE_SHARE_READ;
1034 share_mode = FILE_SHARE_WRITE;
1038 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1042 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1043 if (is_executable(fname)) {
1044 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1046 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1047 share_mode = FILE_SHARE_READ;
1049 share_mode = FILE_SHARE_NONE;
1055 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1056 share_mode = FILE_SHARE_NONE;
1060 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1061 (unsigned int)GET_DENY_MODE(deny_mode) ));
1065 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1066 "share_mode = 0x%x, create_disposition = 0x%x, "
1067 "create_options = 0x%x\n",
1069 (unsigned int)access_mask,
1070 (unsigned int)share_mode,
1071 (unsigned int)create_disposition,
1072 (unsigned int)create_options ));
1075 *paccess_mask = access_mask;
1078 *pshare_mode = share_mode;
1080 if (pcreate_disposition) {
1081 *pcreate_disposition = create_disposition;
1083 if (pcreate_options) {
1084 *pcreate_options = create_options;
1091 static void schedule_defer_open(struct share_mode_lock *lck,
1092 struct timeval request_time,
1093 struct smb_request *req)
1095 struct deferred_open_record state;
1097 /* This is a relative time, added to the absolute
1098 request_time value to get the absolute timeout time.
1099 Note that if this is the second or greater time we enter
1100 this codepath for this particular request mid then
1101 request_time is left as the absolute time of the *first*
1102 time this request mid was processed. This is what allows
1103 the request to eventually time out. */
1105 struct timeval timeout;
1107 /* Normally the smbd we asked should respond within
1108 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1109 * the client did, give twice the timeout as a safety
1110 * measure here in case the other smbd is stuck
1111 * somewhere else. */
1113 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1115 /* Nothing actually uses state.delayed_for_oplocks
1116 but it's handy to differentiate in debug messages
1117 between a 30 second delay due to oplock break, and
1118 a 1 second delay for share mode conflicts. */
1120 state.delayed_for_oplocks = True;
1123 if (!request_timed_out(request_time, timeout)) {
1124 defer_open(lck, request_time, timeout, req, &state);
1128 /****************************************************************************
1129 Open a file with a share mode. Passed in an already created files_struct *.
1130 ****************************************************************************/
1132 static NTSTATUS open_file_ntcreate_internal(connection_struct *conn,
1133 struct smb_request *req,
1135 SMB_STRUCT_STAT *psbuf,
1136 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1137 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1138 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1139 uint32 create_options, /* options such as delete on close. */
1140 uint32 new_dos_attributes, /* attributes used for new file. */
1141 int oplock_request, /* internal Samba oplock codes. */
1142 /* Information (FILE_EXISTS etc.) */
1148 bool file_existed = VALID_STAT(*psbuf);
1149 bool def_acl = False;
1150 bool posix_open = False;
1151 bool new_file_created = False;
1153 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1154 mode_t new_unx_mode = (mode_t)0;
1155 mode_t unx_mode = (mode_t)0;
1157 uint32 existing_dos_attributes = 0;
1158 struct pending_message_list *pml = NULL;
1159 struct timeval request_time = timeval_zero();
1160 struct share_mode_lock *lck = NULL;
1161 uint32 open_access_mask = access_mask;
1165 const char *newname;
1169 if (conn->printer) {
1171 * Printers are handled completely differently.
1172 * Most of the passed parameters are ignored.
1176 *pinfo = FILE_WAS_CREATED;
1179 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1181 return print_fsp_open(conn, fname, fsp);
1184 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1186 return NT_STATUS_NO_MEMORY;
1189 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1191 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1192 new_dos_attributes = 0;
1194 /* We add aARCH to this as this mode is only used if the file is
1196 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1200 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1201 "access_mask=0x%x share_access=0x%x "
1202 "create_disposition = 0x%x create_options=0x%x "
1203 "unix mode=0%o oplock_request=%d\n",
1204 fname, new_dos_attributes, access_mask, share_access,
1205 create_disposition, create_options, unx_mode,
1208 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1209 DEBUG(0, ("No smb request but not an internal only open!\n"));
1210 return NT_STATUS_INTERNAL_ERROR;
1214 * Only non-internal opens can be deferred at all
1218 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1219 struct deferred_open_record *state =
1220 (struct deferred_open_record *)pml->private_data.data;
1222 /* Remember the absolute time of the original
1223 request with this mid. We'll use it later to
1224 see if this has timed out. */
1226 request_time = pml->request_time;
1228 /* Remove the deferred open entry under lock. */
1229 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1232 DEBUG(0, ("could not get share mode lock\n"));
1234 del_deferred_open_entry(lck, req->mid);
1238 /* Ensure we don't reprocess this message. */
1239 remove_deferred_open_smb_message(req->mid);
1242 status = check_name(conn, fname);
1243 if (!NT_STATUS_IS_OK(status)) {
1248 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1250 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1254 /* ignore any oplock requests if oplocks are disabled */
1255 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1256 IS_VETO_OPLOCK_PATH(conn, fname)) {
1257 /* Mask off everything except the private Samba bits. */
1258 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1261 /* this is for OS/2 long file names - say we don't support them */
1262 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1263 /* OS/2 Workplace shell fix may be main code stream in a later
1265 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1267 if (use_nt_status()) {
1268 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1270 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1273 switch( create_disposition ) {
1275 * Currently we're using FILE_SUPERSEDE as the same as
1276 * FILE_OVERWRITE_IF but they really are
1277 * different. FILE_SUPERSEDE deletes an existing file
1278 * (requiring delete access) then recreates it.
1280 case FILE_SUPERSEDE:
1281 /* If file exists replace/overwrite. If file doesn't
1283 flags2 |= (O_CREAT | O_TRUNC);
1286 case FILE_OVERWRITE_IF:
1287 /* If file exists replace/overwrite. If file doesn't
1289 flags2 |= (O_CREAT | O_TRUNC);
1293 /* If file exists open. If file doesn't exist error. */
1294 if (!file_existed) {
1295 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1296 "requested for file %s and file "
1297 "doesn't exist.\n", fname ));
1299 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1303 case FILE_OVERWRITE:
1304 /* If file exists overwrite. If file doesn't exist
1306 if (!file_existed) {
1307 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1308 "requested for file %s and file "
1309 "doesn't exist.\n", fname ));
1311 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1317 /* If file exists error. If file doesn't exist
1320 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1321 "requested for file %s and file "
1322 "already exists.\n", fname ));
1323 if (S_ISDIR(psbuf->st_mode)) {
1328 return map_nt_error_from_unix(errno);
1330 flags2 |= (O_CREAT|O_EXCL);
1334 /* If file exists open. If file doesn't exist
1340 return NT_STATUS_INVALID_PARAMETER;
1343 /* We only care about matching attributes on file exists and
1346 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1347 (create_disposition == FILE_OVERWRITE_IF))) {
1348 if (!open_match_attributes(conn, fname,
1349 existing_dos_attributes,
1350 new_dos_attributes, psbuf->st_mode,
1351 unx_mode, &new_unx_mode)) {
1352 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1353 "for file %s (%x %x) (0%o, 0%o)\n",
1354 fname, existing_dos_attributes,
1356 (unsigned int)psbuf->st_mode,
1357 (unsigned int)unx_mode ));
1359 return NT_STATUS_ACCESS_DENIED;
1363 /* This is a nasty hack - must fix... JRA. */
1364 if (access_mask == MAXIMUM_ALLOWED_ACCESS) {
1365 open_access_mask = access_mask = FILE_GENERIC_ALL;
1369 * Convert GENERIC bits to specific bits.
1372 se_map_generic(&access_mask, &file_generic_mapping);
1373 open_access_mask = access_mask;
1375 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1376 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1379 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1380 "access_mask=0x%x\n", fname, access_mask ));
1383 * Note that we ignore the append flag as append does not
1384 * mean the same thing under DOS and Unix.
1387 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1388 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1389 /* DENY_DOS opens are always underlying read-write on the
1390 file handle, no matter what the requested access mask
1392 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1393 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1403 * Currently we only look at FILE_WRITE_THROUGH for create options.
1407 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1412 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1416 if (!posix_open && !CAN_WRITE(conn)) {
1418 * We should really return a permission denied error if either
1419 * O_CREAT or O_TRUNC are set, but for compatibility with
1420 * older versions of Samba we just AND them out.
1422 flags2 &= ~(O_CREAT|O_TRUNC);
1426 * Ensure we can't write on a read-only share or file.
1429 if (flags != O_RDONLY && file_existed &&
1430 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1431 DEBUG(5,("open_file_ntcreate: write access requested for "
1432 "file %s on read only %s\n",
1433 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1435 return NT_STATUS_ACCESS_DENIED;
1438 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1439 fsp->share_access = share_access;
1440 fsp->fh->private_options = create_options;
1441 fsp->access_mask = open_access_mask; /* We change this to the
1442 * requested access_mask after
1443 * the open is done. */
1444 fsp->posix_open = posix_open;
1446 /* Ensure no SAMBA_PRIVATE bits can be set. */
1447 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1449 if (timeval_is_zero(&request_time)) {
1450 request_time = fsp->open_time;
1454 struct timespec old_write_time = get_mtimespec(psbuf);
1455 id = vfs_file_id_from_sbuf(conn, psbuf);
1457 lck = get_share_mode_lock(talloc_tos(), id,
1459 fname, &old_write_time);
1462 DEBUG(0, ("Could not get share mode lock\n"));
1463 return NT_STATUS_SHARING_VIOLATION;
1466 /* First pass - send break only on batch oplocks. */
1468 && delay_for_oplocks(lck, fsp, req->mid, 1,
1470 schedule_defer_open(lck, request_time, req);
1472 return NT_STATUS_SHARING_VIOLATION;
1475 /* Use the client requested access mask here, not the one we
1477 status = open_mode_check(conn, fname, lck,
1478 access_mask, share_access,
1479 create_options, &file_existed);
1481 if (NT_STATUS_IS_OK(status)) {
1482 /* We might be going to allow this open. Check oplock
1484 /* Second pass - send break for both batch or
1485 * exclusive oplocks. */
1487 && delay_for_oplocks(lck, fsp, req->mid, 2,
1489 schedule_defer_open(lck, request_time, req);
1491 return NT_STATUS_SHARING_VIOLATION;
1495 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1496 /* DELETE_PENDING is not deferred for a second */
1501 if (!NT_STATUS_IS_OK(status)) {
1502 uint32 can_access_mask;
1503 bool can_access = True;
1505 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1507 /* Check if this can be done with the deny_dos and fcb
1509 if (create_options &
1510 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1511 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1513 DEBUG(0, ("DOS open without an SMB "
1516 return NT_STATUS_INTERNAL_ERROR;
1519 /* Use the client requested access mask here,
1520 * not the one we open with. */
1521 status = fcb_or_dos_open(conn,
1531 if (NT_STATUS_IS_OK(status)) {
1534 *pinfo = FILE_WAS_OPENED;
1536 return NT_STATUS_OK;
1541 * This next line is a subtlety we need for
1542 * MS-Access. If a file open will fail due to share
1543 * permissions and also for security (access) reasons,
1544 * we need to return the access failed error, not the
1545 * share error. We can't open the file due to kernel
1546 * oplock deadlock (it's possible we failed above on
1547 * the open_mode_check()) so use a userspace check.
1550 if (flags & O_RDWR) {
1551 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1552 } else if (flags & O_WRONLY) {
1553 can_access_mask = FILE_WRITE_DATA;
1555 can_access_mask = FILE_READ_DATA;
1558 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1559 !can_access_file(conn,fname,psbuf,can_access_mask)) {
1564 * If we're returning a share violation, ensure we
1565 * cope with the braindead 1 second delay.
1568 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1569 lp_defer_sharing_violations()) {
1570 struct timeval timeout;
1571 struct deferred_open_record state;
1574 /* this is a hack to speed up torture tests
1576 timeout_usecs = lp_parm_int(SNUM(conn),
1577 "smbd","sharedelay",
1578 SHARING_VIOLATION_USEC_WAIT);
1580 /* This is a relative time, added to the absolute
1581 request_time value to get the absolute timeout time.
1582 Note that if this is the second or greater time we enter
1583 this codepath for this particular request mid then
1584 request_time is left as the absolute time of the *first*
1585 time this request mid was processed. This is what allows
1586 the request to eventually time out. */
1588 timeout = timeval_set(0, timeout_usecs);
1590 /* Nothing actually uses state.delayed_for_oplocks
1591 but it's handy to differentiate in debug messages
1592 between a 30 second delay due to oplock break, and
1593 a 1 second delay for share mode conflicts. */
1595 state.delayed_for_oplocks = False;
1599 && !request_timed_out(request_time,
1601 defer_open(lck, request_time, timeout,
1609 * We have detected a sharing violation here
1610 * so return the correct error code
1612 status = NT_STATUS_SHARING_VIOLATION;
1614 status = NT_STATUS_ACCESS_DENIED;
1620 * We exit this block with the share entry *locked*.....
1624 SMB_ASSERT(!file_existed || (lck != NULL));
1627 * Ensure we pay attention to default ACLs on directories if required.
1630 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1631 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1635 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1636 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1637 (unsigned int)flags, (unsigned int)flags2,
1638 (unsigned int)unx_mode, (unsigned int)access_mask,
1639 (unsigned int)open_access_mask));
1642 * open_file strips any O_TRUNC flags itself.
1645 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1646 flags|flags2, unx_mode, access_mask,
1649 if (!NT_STATUS_IS_OK(fsp_open)) {
1656 if (!file_existed) {
1657 struct timespec old_write_time = get_mtimespec(psbuf);
1659 * Deal with the race condition where two smbd's detect the
1660 * file doesn't exist and do the create at the same time. One
1661 * of them will win and set a share mode, the other (ie. this
1662 * one) should check if the requested share mode for this
1663 * create is allowed.
1667 * Now the file exists and fsp is successfully opened,
1668 * fsp->dev and fsp->inode are valid and should replace the
1669 * dev=0,inode=0 from a non existent file. Spotted by
1670 * Nadav Danieli <nadavd@exanet.com>. JRA.
1675 lck = get_share_mode_lock(talloc_tos(), id,
1677 fname, &old_write_time);
1680 DEBUG(0, ("open_file_ntcreate: Could not get share "
1681 "mode lock for %s\n", fname));
1683 return NT_STATUS_SHARING_VIOLATION;
1686 /* First pass - send break only on batch oplocks. */
1688 && delay_for_oplocks(lck, fsp, req->mid, 1,
1690 schedule_defer_open(lck, request_time, req);
1693 return NT_STATUS_SHARING_VIOLATION;
1696 status = open_mode_check(conn, fname, lck,
1697 access_mask, share_access,
1698 create_options, &file_existed);
1700 if (NT_STATUS_IS_OK(status)) {
1701 /* We might be going to allow this open. Check oplock
1703 /* Second pass - send break for both batch or
1704 * exclusive oplocks. */
1706 && delay_for_oplocks(lck, fsp, req->mid, 2,
1708 schedule_defer_open(lck, request_time, req);
1711 return NT_STATUS_SHARING_VIOLATION;
1715 if (!NT_STATUS_IS_OK(status)) {
1716 struct deferred_open_record state;
1720 state.delayed_for_oplocks = False;
1723 /* Do it all over again immediately. In the second
1724 * round we will find that the file existed and handle
1725 * the DELETE_PENDING and FCB cases correctly. No need
1726 * to duplicate the code here. Essentially this is a
1727 * "goto top of this function", but don't tell
1731 defer_open(lck, request_time, timeval_zero(),
1739 * We exit this block with the share entry *locked*.....
1744 SMB_ASSERT(lck != NULL);
1746 /* note that we ignore failure for the following. It is
1747 basically a hack for NFS, and NFS will never set one of
1748 these only read them. Nobody but Samba can ever set a deny
1749 mode and we have already checked our more authoritative
1750 locking database for permission to set this deny mode. If
1751 the kernel refuses the operations then the kernel is wrong.
1752 note that GPFS supports it as well - jmcd */
1754 if (fsp->fh->fd != -1) {
1755 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
1756 if(ret_flock == -1 ){
1761 return NT_STATUS_SHARING_VIOLATION;
1766 * At this point onwards, we can guarentee that the share entry
1767 * is locked, whether we created the file or not, and that the
1768 * deny mode is compatible with all current opens.
1772 * If requested, truncate the file.
1775 if (flags2&O_TRUNC) {
1777 * We are modifing the file after open - update the stat
1780 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
1781 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
1782 status = map_nt_error_from_unix(errno);
1789 /* Record the options we were opened with. */
1790 fsp->share_access = share_access;
1791 fsp->fh->private_options = create_options;
1792 fsp->access_mask = access_mask;
1795 /* stat opens on existing files don't get oplocks. */
1796 if (is_stat_open(open_access_mask)) {
1797 fsp->oplock_type = NO_OPLOCK;
1800 if (!(flags2 & O_TRUNC)) {
1801 info = FILE_WAS_OPENED;
1803 info = FILE_WAS_OVERWRITTEN;
1806 info = FILE_WAS_CREATED;
1814 * Setup the oplock info in both the shared memory and
1818 if ((fsp->oplock_type != NO_OPLOCK) &&
1819 (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) {
1820 if (!set_file_oplock(fsp, fsp->oplock_type)) {
1821 /* Could not get the kernel oplock */
1822 fsp->oplock_type = NO_OPLOCK;
1826 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
1827 new_file_created = True;
1830 set_share_mode(lck, fsp, current_user.ut.uid, 0, fsp->oplock_type, new_file_created);
1832 /* Handle strange delete on close create semantics. */
1833 if ((create_options & FILE_DELETE_ON_CLOSE)
1834 && (((conn->fs_capabilities & FILE_NAMED_STREAMS)
1835 && is_ntfs_stream_name(fname))
1836 || can_set_initial_delete_on_close(lck))) {
1837 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
1839 if (!NT_STATUS_IS_OK(status)) {
1840 /* Remember to delete the mode we just added. */
1841 del_share_mode(lck, fsp);
1846 /* Note that here we set the *inital* delete on close flag,
1847 not the regular one. The magic gets handled in close. */
1848 fsp->initial_delete_on_close = True;
1851 if (new_file_created) {
1852 /* Files should be initially set as archive */
1853 if (lp_map_archive(SNUM(conn)) ||
1854 lp_store_dos_attributes(SNUM(conn))) {
1856 SMB_STRUCT_STAT tmp_sbuf;
1857 SET_STAT_INVALID(tmp_sbuf);
1858 if (file_set_dosmode(
1860 new_dos_attributes | aARCH,
1861 &tmp_sbuf, parent_dir,
1863 unx_mode = tmp_sbuf.st_mode;
1870 * Take care of inherited ACLs on created files - if default ACL not
1874 if (!posix_open && !file_existed && !def_acl) {
1876 int saved_errno = errno; /* We might get ENOSYS in the next
1879 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
1881 errno = saved_errno; /* Ignore ENOSYS */
1884 } else if (new_unx_mode) {
1888 /* Attributes need changing. File already existed. */
1891 int saved_errno = errno; /* We might get ENOSYS in the
1893 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
1895 if (ret == -1 && errno == ENOSYS) {
1896 errno = saved_errno; /* Ignore ENOSYS */
1898 DEBUG(5, ("open_file_ntcreate: reset "
1899 "attributes of file %s to 0%o\n",
1900 fname, (unsigned int)new_unx_mode));
1901 ret = 0; /* Don't do the fchmod below. */
1906 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
1907 DEBUG(5, ("open_file_ntcreate: failed to reset "
1908 "attributes of file %s to 0%o\n",
1909 fname, (unsigned int)new_unx_mode));
1912 /* If this is a successful open, we must remove any deferred open
1915 del_deferred_open_entry(lck, req->mid);
1919 return NT_STATUS_OK;
1922 /****************************************************************************
1923 Open a file with a share mode.
1924 ****************************************************************************/
1926 NTSTATUS open_file_ntcreate(connection_struct *conn,
1927 struct smb_request *req,
1929 SMB_STRUCT_STAT *psbuf,
1930 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1931 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1932 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1933 uint32 create_options, /* options such as delete on close. */
1934 uint32 new_dos_attributes, /* attributes used for new file. */
1935 int oplock_request, /* internal Samba oplock codes. */
1936 /* Information (FILE_EXISTS etc.) */
1938 files_struct **result)
1941 files_struct *fsp = NULL;
1945 status = file_new(conn, &fsp);
1946 if(!NT_STATUS_IS_OK(status)) {
1950 status = open_file_ntcreate_internal(conn,
1963 if(!NT_STATUS_IS_OK(status)) {
1972 /****************************************************************************
1973 Open a file for for write to ensure that we can fchmod it.
1974 ****************************************************************************/
1976 NTSTATUS open_file_fchmod(connection_struct *conn, const char *fname,
1977 SMB_STRUCT_STAT *psbuf, files_struct **result)
1979 files_struct *fsp = NULL;
1982 if (!VALID_STAT(*psbuf)) {
1983 return NT_STATUS_INVALID_PARAMETER;
1986 status = file_new(conn, &fsp);
1987 if(!NT_STATUS_IS_OK(status)) {
1991 /* note! we must use a non-zero desired access or we don't get
1992 a real file descriptor. Oh what a twisted web we weave. */
1993 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
1994 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
1997 * This is not a user visible file open.
1998 * Don't set a share mode.
2001 if (!NT_STATUS_IS_OK(status)) {
2007 return NT_STATUS_OK;
2010 /****************************************************************************
2011 Close the fchmod file fd - ensure no locks are lost.
2012 ****************************************************************************/
2014 NTSTATUS close_file_fchmod(files_struct *fsp)
2016 NTSTATUS status = fd_close(fsp);
2021 static NTSTATUS mkdir_internal(connection_struct *conn,
2023 uint32 file_attributes,
2024 SMB_STRUCT_STAT *psbuf)
2028 const char *dirname;
2030 bool posix_open = false;
2032 if(!CAN_WRITE(conn)) {
2033 DEBUG(5,("mkdir_internal: failing create on read-only share "
2034 "%s\n", lp_servicename(SNUM(conn))));
2035 return NT_STATUS_ACCESS_DENIED;
2038 status = check_name(conn, name);
2039 if (!NT_STATUS_IS_OK(status)) {
2043 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2045 return NT_STATUS_NO_MEMORY;
2048 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2050 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2052 mode = unix_mode(conn, aDIR, name, parent_dir);
2055 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2056 return map_nt_error_from_unix(errno);
2059 /* Ensure we're checking for a symlink here.... */
2060 /* We don't want to get caught by a symlink racer. */
2062 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2063 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2064 name, strerror(errno)));
2065 return map_nt_error_from_unix(errno);
2068 if (!S_ISDIR(psbuf->st_mode)) {
2069 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2071 return NT_STATUS_ACCESS_DENIED;
2074 if (lp_store_dos_attributes(SNUM(conn))) {
2076 file_set_dosmode(conn, name,
2077 file_attributes | aDIR, NULL,
2083 if (lp_inherit_perms(SNUM(conn))) {
2084 inherit_access_acl(conn, parent_dir, name, mode);
2087 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2089 * Check if high bits should have been set,
2090 * then (if bits are missing): add them.
2091 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2094 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2095 SMB_VFS_CHMOD(conn, name,
2096 psbuf->st_mode | (mode & ~psbuf->st_mode));
2100 /* Change the owner if required. */
2101 if (lp_inherit_owner(SNUM(conn))) {
2102 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2105 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2108 return NT_STATUS_OK;
2111 /****************************************************************************
2112 Open a directory from an NT SMB call.
2113 ****************************************************************************/
2115 NTSTATUS open_directory(connection_struct *conn,
2116 struct smb_request *req,
2118 SMB_STRUCT_STAT *psbuf,
2120 uint32 share_access,
2121 uint32 create_disposition,
2122 uint32 create_options,
2123 uint32 file_attributes,
2125 files_struct **result)
2127 files_struct *fsp = NULL;
2128 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2129 struct share_mode_lock *lck = NULL;
2131 struct timespec mtimespec;
2134 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2135 "share_access = 0x%x create_options = 0x%x, "
2136 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2138 (unsigned int)access_mask,
2139 (unsigned int)share_access,
2140 (unsigned int)create_options,
2141 (unsigned int)create_disposition,
2142 (unsigned int)file_attributes));
2144 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2145 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2146 is_ntfs_stream_name(fname)) {
2147 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2148 return NT_STATUS_NOT_A_DIRECTORY;
2151 switch( create_disposition ) {
2154 info = FILE_WAS_OPENED;
2157 * We want to follow symlinks here.
2160 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2161 return map_nt_error_from_unix(errno);
2168 /* If directory exists error. If directory doesn't
2171 status = mkdir_internal(conn,
2176 if (!NT_STATUS_IS_OK(status)) {
2177 DEBUG(2, ("open_directory: unable to create "
2178 "%s. Error was %s\n", fname,
2179 nt_errstr(status)));
2183 info = FILE_WAS_CREATED;
2188 * If directory exists open. If directory doesn't
2192 status = mkdir_internal(conn,
2197 if (NT_STATUS_IS_OK(status)) {
2198 info = FILE_WAS_CREATED;
2201 if (NT_STATUS_EQUAL(status,
2202 NT_STATUS_OBJECT_NAME_COLLISION)) {
2203 info = FILE_WAS_OPENED;
2204 status = NT_STATUS_OK;
2209 case FILE_SUPERSEDE:
2210 case FILE_OVERWRITE:
2211 case FILE_OVERWRITE_IF:
2213 DEBUG(5,("open_directory: invalid create_disposition "
2214 "0x%x for directory %s\n",
2215 (unsigned int)create_disposition, fname));
2216 return NT_STATUS_INVALID_PARAMETER;
2219 if(!S_ISDIR(psbuf->st_mode)) {
2220 DEBUG(5,("open_directory: %s is not a directory !\n",
2222 return NT_STATUS_NOT_A_DIRECTORY;
2225 status = file_new(conn, &fsp);
2226 if(!NT_STATUS_IS_OK(status)) {
2231 * Setup the files_struct for it.
2234 fsp->mode = psbuf->st_mode;
2235 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2236 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2237 fsp->file_pid = req ? req->smbpid : 0;
2238 fsp->can_lock = False;
2239 fsp->can_read = False;
2240 fsp->can_write = False;
2242 fsp->share_access = share_access;
2243 fsp->fh->private_options = create_options;
2244 fsp->access_mask = access_mask;
2246 fsp->print_file = False;
2247 fsp->modified = False;
2248 fsp->oplock_type = NO_OPLOCK;
2249 fsp->sent_oplock_break = NO_BREAK_SENT;
2250 fsp->is_directory = True;
2251 fsp->is_stat = False;
2252 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2254 string_set(&fsp->fsp_name,fname);
2256 mtimespec = get_mtimespec(psbuf);
2258 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2263 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2265 return NT_STATUS_SHARING_VIOLATION;
2268 status = open_mode_check(conn, fname, lck,
2269 access_mask, share_access,
2270 create_options, &dir_existed);
2272 if (!NT_STATUS_IS_OK(status)) {
2278 set_share_mode(lck, fsp, current_user.ut.uid, 0, NO_OPLOCK, True);
2280 /* For directories the delete on close bit at open time seems
2281 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2282 if (create_options & FILE_DELETE_ON_CLOSE) {
2283 status = can_set_delete_on_close(fsp, True, 0);
2284 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2290 if (NT_STATUS_IS_OK(status)) {
2291 /* Note that here we set the *inital* delete on close flag,
2292 not the regular one. The magic gets handled in close. */
2293 fsp->initial_delete_on_close = True;
2304 return NT_STATUS_OK;
2307 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2310 SMB_STRUCT_STAT sbuf;
2313 SET_STAT_INVALID(sbuf);
2315 status = open_directory(conn, req, directory, &sbuf,
2316 FILE_READ_ATTRIBUTES, /* Just a stat open */
2317 FILE_SHARE_NONE, /* Ignored for stat opens */
2320 FILE_ATTRIBUTE_DIRECTORY,
2324 if (NT_STATUS_IS_OK(status)) {
2325 close_file(fsp, NORMAL_CLOSE);
2331 /****************************************************************************
2332 Open a pseudo-file (no locking checks - a 'stat' open).
2333 ****************************************************************************/
2335 NTSTATUS open_file_stat(connection_struct *conn, struct smb_request *req,
2336 const char *fname, SMB_STRUCT_STAT *psbuf,
2337 files_struct **result)
2339 files_struct *fsp = NULL;
2342 if (!VALID_STAT(*psbuf)) {
2343 return NT_STATUS_INVALID_PARAMETER;
2346 /* Can't 'stat' open directories. */
2347 if(S_ISDIR(psbuf->st_mode)) {
2348 return NT_STATUS_FILE_IS_A_DIRECTORY;
2351 status = file_new(conn, &fsp);
2352 if(!NT_STATUS_IS_OK(status)) {
2356 DEBUG(5,("open_file_stat: 'opening' file %s\n", fname));
2359 * Setup the files_struct for it.
2362 fsp->mode = psbuf->st_mode;
2363 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2364 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2365 fsp->file_pid = req ? req->smbpid : 0;
2366 fsp->can_lock = False;
2367 fsp->can_read = False;
2368 fsp->can_write = False;
2369 fsp->print_file = False;
2370 fsp->modified = False;
2371 fsp->oplock_type = NO_OPLOCK;
2372 fsp->sent_oplock_break = NO_BREAK_SENT;
2373 fsp->is_directory = False;
2374 fsp->is_stat = True;
2375 string_set(&fsp->fsp_name,fname);
2378 return NT_STATUS_OK;
2381 /****************************************************************************
2382 Receive notification that one of our open files has been renamed by another
2384 ****************************************************************************/
2386 void msg_file_was_renamed(struct messaging_context *msg,
2389 struct server_id server_id,
2393 char *frm = (char *)data->data;
2395 const char *sharepath;
2396 const char *newname;
2399 if (data->data == NULL
2400 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2401 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2402 (int)data->length));
2406 /* Unpack the message. */
2407 pull_file_id_16(frm, &id);
2408 sharepath = &frm[16];
2409 newname = sharepath + strlen(sharepath) + 1;
2410 sp_len = strlen(sharepath);
2412 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2414 sharepath, newname, file_id_string_tos(&id)));
2416 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2417 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2418 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2419 fsp->fnum, fsp->fsp_name, newname ));
2420 string_set(&fsp->fsp_name, newname);
2423 /* Now we have the complete path we can work out if this is
2424 actually within this share and adjust newname accordingly. */
2425 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2426 "not sharepath %s) "
2427 "fnum %d from %s -> %s\n",
2428 fsp->conn->connectpath,
2437 struct case_semantics_state {
2438 connection_struct *conn;
2439 bool case_sensitive;
2441 bool short_case_preserve;
2444 /****************************************************************************
2445 Restore case semantics.
2446 ****************************************************************************/
2447 static int restore_case_semantics(struct case_semantics_state *state)
2449 state->conn->case_sensitive = state->case_sensitive;
2450 state->conn->case_preserve = state->case_preserve;
2451 state->conn->short_case_preserve = state->short_case_preserve;
2455 /****************************************************************************
2456 Save case semantics.
2457 ****************************************************************************/
2458 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2459 connection_struct *conn)
2461 struct case_semantics_state *result;
2463 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2464 DEBUG(0, ("talloc failed\n"));
2468 result->conn = conn;
2469 result->case_sensitive = conn->case_sensitive;
2470 result->case_preserve = conn->case_preserve;
2471 result->short_case_preserve = conn->short_case_preserve;
2474 conn->case_sensitive = True;
2475 conn->case_preserve = True;
2476 conn->short_case_preserve = True;
2478 talloc_set_destructor(result, restore_case_semantics);
2484 * If a main file is opened for delete, all streams need to be checked for
2485 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2486 * If that works, delete them all by setting the delete on close and close.
2489 static NTSTATUS open_streams_for_delete(connection_struct *conn,
2492 struct stream_struct *stream_info;
2493 files_struct **streams;
2495 unsigned int num_streams;
2496 TALLOC_CTX *frame = talloc_stackframe();
2499 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2500 &num_streams, &stream_info);
2502 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2503 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2504 DEBUG(10, ("no streams around\n"));
2506 return NT_STATUS_OK;
2509 if (!NT_STATUS_IS_OK(status)) {
2510 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2511 nt_errstr(status)));
2515 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2518 if (num_streams == 0) {
2520 return NT_STATUS_OK;
2523 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2524 if (streams == NULL) {
2525 DEBUG(0, ("talloc failed\n"));
2526 status = NT_STATUS_NO_MEMORY;
2530 for (i=0; i<num_streams; i++) {
2533 if (strequal(stream_info[i].name, "::$DATA")) {
2538 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2539 stream_info[i].name);
2541 if (streamname == NULL) {
2542 DEBUG(0, ("talloc_aprintf failed\n"));
2543 status = NT_STATUS_NO_MEMORY;
2547 status = create_file_unixpath
2550 streamname, /* fname */
2551 DELETE_ACCESS, /* access_mask */
2552 FILE_SHARE_READ | FILE_SHARE_WRITE
2553 | FILE_SHARE_DELETE, /* share_access */
2554 FILE_OPEN, /* create_disposition*/
2555 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2556 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2557 0, /* oplock_request */
2558 0, /* allocation_size */
2561 &streams[i], /* result */
2565 TALLOC_FREE(streamname);
2567 if (!NT_STATUS_IS_OK(status)) {
2568 DEBUG(10, ("Could not open stream %s: %s\n",
2569 streamname, nt_errstr(status)));
2575 * don't touch the variable "status" beyond this point :-)
2578 for (i -= 1 ; i >= 0; i--) {
2579 if (streams[i] == NULL) {
2583 DEBUG(10, ("Closing stream # %d, %s\n", i,
2584 streams[i]->fsp_name));
2585 close_file(streams[i], NORMAL_CLOSE);
2594 * Wrapper around open_file_ntcreate and open_directory
2597 NTSTATUS create_file_unixpath(connection_struct *conn,
2598 struct smb_request *req,
2600 uint32_t access_mask,
2601 uint32_t share_access,
2602 uint32_t create_disposition,
2603 uint32_t create_options,
2604 uint32_t file_attributes,
2605 uint32_t oplock_request,
2606 SMB_BIG_UINT allocation_size,
2607 struct security_descriptor *sd,
2608 struct ea_list *ea_list,
2610 files_struct **result,
2612 SMB_STRUCT_STAT *psbuf)
2614 SMB_STRUCT_STAT sbuf;
2615 int info = FILE_WAS_OPENED;
2616 files_struct *base_fsp = NULL;
2617 files_struct *fsp = NULL;
2620 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2621 "file_attributes = 0x%x, share_access = 0x%x, "
2622 "create_disposition = 0x%x create_options = 0x%x "
2623 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2625 (unsigned int)access_mask,
2626 (unsigned int)file_attributes,
2627 (unsigned int)share_access,
2628 (unsigned int)create_disposition,
2629 (unsigned int)create_options,
2630 (unsigned int)oplock_request,
2631 ea_list, sd, fname));
2633 if (create_options & FILE_OPEN_BY_FILE_ID) {
2634 status = NT_STATUS_NOT_SUPPORTED;
2638 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2639 status = NT_STATUS_INVALID_PARAMETER;
2644 oplock_request |= INTERNAL_OPEN_ONLY;
2647 if (psbuf != NULL) {
2651 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2652 SET_STAT_INVALID(sbuf);
2656 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2657 && (access_mask & DELETE_ACCESS)
2658 && !is_ntfs_stream_name(fname)) {
2660 * We can't open a file with DELETE access if any of the
2661 * streams is open without FILE_SHARE_DELETE
2663 status = open_streams_for_delete(conn, fname);
2665 if (!NT_STATUS_IS_OK(status)) {
2670 /* This is the correct thing to do (check every time) but can_delete
2671 * is expensive (it may have to read the parent directory
2672 * permissions). So for now we're not doing it unless we have a strong
2673 * hint the client is really going to delete this file. If the client
2674 * is forcing FILE_CREATE let the filesystem take care of the
2677 /* Setting FILE_SHARE_DELETE is the hint. */
2679 if (lp_acl_check_permissions(SNUM(conn))
2680 && (create_disposition != FILE_CREATE)
2681 && (share_access & FILE_SHARE_DELETE)
2682 && (access_mask & DELETE_ACCESS)
2683 && (!can_delete_file_in_directory(conn, fname))) {
2684 status = NT_STATUS_ACCESS_DENIED;
2689 /* We need to support SeSecurityPrivilege for this. */
2690 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2691 !user_has_privileges(current_user.nt_user_token,
2693 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2698 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2699 && is_ntfs_stream_name(fname)
2700 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2702 uint32 base_create_disposition;
2704 if (create_options & FILE_DIRECTORY_FILE) {
2705 status = NT_STATUS_NOT_A_DIRECTORY;
2709 status = split_ntfs_stream_name(talloc_tos(), fname,
2711 if (!NT_STATUS_IS_OK(status)) {
2712 DEBUG(10, ("create_file_unixpath: "
2713 "split_ntfs_stream_name failed: %s\n",
2714 nt_errstr(status)));
2718 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2720 switch (create_disposition) {
2722 base_create_disposition = FILE_OPEN;
2725 base_create_disposition = FILE_OPEN_IF;
2729 DEBUG(10, ("Recursing into create_file_unixpath for "
2730 "base %s\n", base));
2732 /* This call will break any oplock on the base file,
2733 * but will not actually open an underlying fd. */
2735 status = create_file_unixpath(conn, req, base, 0,
2738 | FILE_SHARE_DELETE,
2739 base_create_disposition,
2740 0, 0, 0, 0, NULL, NULL,
2741 &base_fsp, NULL, NULL);
2742 if (!NT_STATUS_IS_OK(status)) {
2743 DEBUG(10, ("create_file_unixpath for base %s failed: "
2744 "%s\n", base, nt_errstr(status)));
2750 * If it's a request for a directory open, deal with it separately.
2753 if (create_options & FILE_DIRECTORY_FILE) {
2755 if (create_options & FILE_NON_DIRECTORY_FILE) {
2756 status = NT_STATUS_INVALID_PARAMETER;
2760 /* Can't open a temp directory. IFS kit test. */
2761 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2762 status = NT_STATUS_INVALID_PARAMETER;
2767 * We will get a create directory here if the Win32
2768 * app specified a security descriptor in the
2769 * CreateDirectory() call.
2773 status = open_directory(
2774 conn, req, fname, &sbuf, access_mask, share_access,
2775 create_disposition, create_options, file_attributes,
2780 * Ordinary file case.
2785 * We're opening the stream element of a base_fsp
2786 * we already opened. We need to initialize
2787 * the fsp first, and set up the base_fsp pointer.
2789 status = file_new(conn, &fsp);
2790 if(!NT_STATUS_IS_OK(status)) {
2794 fsp->base_fsp = base_fsp;
2796 status = open_file_ntcreate_internal(conn,
2809 if(!NT_STATUS_IS_OK(status)) {
2814 status = open_file_ntcreate(
2815 conn, req, fname, &sbuf, access_mask, share_access,
2816 create_disposition, create_options, file_attributes,
2817 oplock_request, &info, &fsp);
2820 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2823 * Fail the open if it was explicitly a non-directory
2827 if (create_options & FILE_NON_DIRECTORY_FILE) {
2828 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2833 status = open_directory(
2834 conn, req, fname, &sbuf, access_mask,
2835 share_access, create_disposition,
2836 create_options, file_attributes,
2841 if (!NT_STATUS_IS_OK(status)) {
2845 fsp->base_fsp = base_fsp;
2848 * According to the MS documentation, the only time the security
2849 * descriptor is applied to the opened file is iff we *created* the
2850 * file; an existing file stays the same.
2852 * Also, it seems (from observation) that you can open the file with
2853 * any access mask but you can still write the sd. We need to override
2854 * the granted access before we call set_sd
2855 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
2858 if ((sd != NULL) && (info == FILE_WAS_CREATED)
2859 && lp_nt_acl_support(SNUM(conn))) {
2861 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
2862 uint32_t saved_access_mask = fsp->access_mask;
2864 if (sd->owner_sid == NULL) {
2865 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
2867 if (sd->group_sid == NULL) {
2868 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
2870 if (sd->sacl == NULL) {
2871 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
2873 if (sd->dacl == NULL) {
2874 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
2877 fsp->access_mask = FILE_GENERIC_ALL;
2879 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
2881 fsp->access_mask = saved_access_mask;
2883 if (!NT_STATUS_IS_OK(status)) {
2888 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
2889 status = set_ea(conn, fsp, fname, ea_list);
2890 if (!NT_STATUS_IS_OK(status)) {
2895 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
2896 status = NT_STATUS_ACCESS_DENIED;
2900 /* Save the requested allocation size. */
2901 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
2903 && (allocation_size > sbuf.st_size)) {
2904 fsp->initial_allocation_size = smb_roundup(
2905 fsp->conn, allocation_size);
2906 if (fsp->is_directory) {
2907 /* Can't set allocation size on a directory. */
2908 status = NT_STATUS_ACCESS_DENIED;
2911 if (vfs_allocate_file_space(
2912 fsp, fsp->initial_allocation_size) == -1) {
2913 status = NT_STATUS_DISK_FULL;
2917 fsp->initial_allocation_size = smb_roundup(
2918 fsp->conn, (SMB_BIG_UINT)sbuf.st_size);
2922 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
2925 if (pinfo != NULL) {
2928 if (psbuf != NULL) {
2929 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
2933 SMB_VFS_FSTAT(fsp, psbuf);
2936 return NT_STATUS_OK;
2939 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
2942 if (base_fsp && fsp->base_fsp == base_fsp) {
2944 * The close_file below will close
2949 close_file(fsp, ERROR_CLOSE);
2952 if (base_fsp != NULL) {
2953 close_file(base_fsp, ERROR_CLOSE);
2959 NTSTATUS create_file(connection_struct *conn,
2960 struct smb_request *req,
2961 uint16_t root_dir_fid,
2963 uint32_t access_mask,
2964 uint32_t share_access,
2965 uint32_t create_disposition,
2966 uint32_t create_options,
2967 uint32_t file_attributes,
2968 uint32_t oplock_request,
2969 SMB_BIG_UINT allocation_size,
2970 struct security_descriptor *sd,
2971 struct ea_list *ea_list,
2973 files_struct **result,
2975 SMB_STRUCT_STAT *psbuf)
2977 struct case_semantics_state *case_state = NULL;
2978 SMB_STRUCT_STAT sbuf;
2979 int info = FILE_WAS_OPENED;
2980 files_struct *fsp = NULL;
2983 DEBUG(10,("create_file: access_mask = 0x%x "
2984 "file_attributes = 0x%x, share_access = 0x%x, "
2985 "create_disposition = 0x%x create_options = 0x%x "
2986 "oplock_request = 0x%x "
2987 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
2989 (unsigned int)access_mask,
2990 (unsigned int)file_attributes,
2991 (unsigned int)share_access,
2992 (unsigned int)create_disposition,
2993 (unsigned int)create_options,
2994 (unsigned int)oplock_request,
2995 (unsigned int)root_dir_fid,
2996 ea_list, sd, fname));
2999 * Get the file name.
3002 if (root_dir_fid != 0) {
3004 * This filename is relative to a directory fid.
3006 char *parent_fname = NULL;
3007 files_struct *dir_fsp = file_fsp(root_dir_fid);
3009 if (dir_fsp == NULL) {
3010 status = NT_STATUS_INVALID_HANDLE;
3014 if (!dir_fsp->is_directory) {
3017 * Check to see if this is a mac fork of some kind.
3020 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3021 is_ntfs_stream_name(fname)) {
3022 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3027 we need to handle the case when we get a
3028 relative open relative to a file and the
3029 pathname is blank - this is a reopen!
3030 (hint from demyn plantenberg)
3033 status = NT_STATUS_INVALID_HANDLE;
3037 if (ISDOT(dir_fsp->fsp_name)) {
3039 * We're at the toplevel dir, the final file name
3040 * must not contain ./, as this is filtered out
3041 * normally by srvstr_get_path and unix_convert
3042 * explicitly rejects paths containing ./.
3044 parent_fname = talloc_strdup(talloc_tos(), "");
3045 if (parent_fname == NULL) {
3046 status = NT_STATUS_NO_MEMORY;
3050 size_t dir_name_len = strlen(dir_fsp->fsp_name);
3053 * Copy in the base directory name.
3056 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3058 if (parent_fname == NULL) {
3059 status = NT_STATUS_NO_MEMORY;
3062 memcpy(parent_fname, dir_fsp->fsp_name,
3066 * Ensure it ends in a '/'.
3067 * We used TALLOC_SIZE +2 to add space for the '/'.
3071 && (parent_fname[dir_name_len-1] != '\\')
3072 && (parent_fname[dir_name_len-1] != '/')) {
3073 parent_fname[dir_name_len] = '/';
3074 parent_fname[dir_name_len+1] = '\0';
3078 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3080 if (fname == NULL) {
3081 status = NT_STATUS_NO_MEMORY;
3087 * Check to see if this is a mac fork of some kind.
3090 if (is_ntfs_stream_name(fname)) {
3091 enum FAKE_FILE_TYPE fake_file_type;
3093 fake_file_type = is_fake_file(fname);
3095 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3098 * Here we go! support for changing the disk quotas
3101 * We need to fake up to open this MAGIC QUOTA file
3102 * and return a valid FID.
3104 * w2k close this file directly after openening xp
3105 * also tries a QUERY_FILE_INFO on the file and then
3109 status = open_fake_file(conn, fake_file_type, fname,
3111 if (!NT_STATUS_IS_OK(status)) {
3119 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3120 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3125 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3126 char *resolved_fname;
3128 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3131 if (!NT_STATUS_IS_OK(status)) {
3133 * For PATH_NOT_COVERED we had
3134 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3135 * ERRSRV, ERRbadpath);
3136 * Need to fix in callers
3140 fname = resolved_fname;
3144 * Check if POSIX semantics are wanted.
3147 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3148 case_state = set_posix_case_semantics(talloc_tos(), conn);
3149 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
3153 char *converted_fname;
3155 SET_STAT_INVALID(sbuf);
3157 status = unix_convert(talloc_tos(), conn, fname, False,
3158 &converted_fname, NULL, &sbuf);
3159 if (!NT_STATUS_IS_OK(status)) {
3162 fname = converted_fname;
3165 TALLOC_FREE(case_state);
3167 /* All file access must go through check_name() */
3169 status = check_name(conn, fname);
3170 if (!NT_STATUS_IS_OK(status)) {
3174 status = create_file_unixpath(
3175 conn, req, fname, access_mask, share_access,
3176 create_disposition, create_options, file_attributes,
3177 oplock_request, allocation_size, sd, ea_list,
3178 &fsp, &info, &sbuf);
3180 if (!NT_STATUS_IS_OK(status)) {
3185 DEBUG(10, ("create_file: info=%d\n", info));
3188 if (pinfo != NULL) {
3191 if (psbuf != NULL) {
3194 return NT_STATUS_OK;
3197 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3200 close_file(fsp, ERROR_CLOSE);