2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 extern const struct generic_mapping file_generic_mapping;
25 extern struct current_user current_user;
26 extern userdom_struct current_user_info;
27 extern bool global_client_failed_oplock_break;
29 struct deferred_open_record {
30 bool delayed_for_oplocks;
34 /****************************************************************************
35 fd support routines - attempt to do a dos_open.
36 ****************************************************************************/
38 static NTSTATUS fd_open(struct connection_struct *conn,
44 NTSTATUS status = NT_STATUS_OK;
48 * Never follow symlinks on a POSIX client. The
49 * client should be doing this.
52 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
57 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
58 if (fsp->fh->fd == -1) {
59 status = map_nt_error_from_unix(errno);
62 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
63 fname, flags, (int)mode, fsp->fh->fd,
64 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
69 /****************************************************************************
70 Close the file associated with a fsp.
71 ****************************************************************************/
73 NTSTATUS fd_close(files_struct *fsp)
77 if (fsp->fh->fd == -1) {
78 return NT_STATUS_OK; /* What we used to call a stat open. */
80 if (fsp->fh->ref_count > 1) {
81 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
84 ret = SMB_VFS_CLOSE(fsp);
87 return map_nt_error_from_unix(errno);
92 /****************************************************************************
93 Change the ownership of a file to that of the parent directory.
94 Do this by fd if possible.
95 ****************************************************************************/
97 static void change_file_owner_to_parent(connection_struct *conn,
98 const char *inherit_from_dir,
101 SMB_STRUCT_STAT parent_st;
104 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
106 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
107 "directory %s. Error was %s\n",
108 inherit_from_dir, strerror(errno) ));
113 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
116 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
117 "file %s to parent directory uid %u. Error "
118 "was %s\n", fsp->fsp_name,
119 (unsigned int)parent_st.st_uid,
123 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
124 "parent directory uid %u.\n", fsp->fsp_name,
125 (unsigned int)parent_st.st_uid ));
128 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
129 const char *inherit_from_dir,
131 SMB_STRUCT_STAT *psbuf)
133 char *saved_dir = NULL;
134 SMB_STRUCT_STAT sbuf;
135 SMB_STRUCT_STAT parent_st;
136 TALLOC_CTX *ctx = talloc_tos();
137 NTSTATUS status = NT_STATUS_OK;
140 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
142 status = map_nt_error_from_unix(errno);
143 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
144 "directory %s. Error was %s\n",
145 inherit_from_dir, strerror(errno) ));
149 /* We've already done an lstat into psbuf, and we know it's a
150 directory. If we can cd into the directory and the dev/ino
151 are the same then we can safely chown without races as
152 we're locking the directory in place by being in it. This
153 should work on any UNIX (thanks tridge :-). JRA.
156 saved_dir = vfs_GetWd(ctx,conn);
158 status = map_nt_error_from_unix(errno);
159 DEBUG(0,("change_dir_owner_to_parent: failed to get "
160 "current working directory. Error was %s\n",
165 /* Chdir into the new path. */
166 if (vfs_ChDir(conn, fname) == -1) {
167 status = map_nt_error_from_unix(errno);
168 DEBUG(0,("change_dir_owner_to_parent: failed to change "
169 "current working directory to %s. Error "
170 "was %s\n", fname, strerror(errno) ));
174 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
175 status = map_nt_error_from_unix(errno);
176 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
177 "directory '.' (%s) Error was %s\n",
178 fname, strerror(errno)));
182 /* Ensure we're pointing at the same place. */
183 if (sbuf.st_dev != psbuf->st_dev ||
184 sbuf.st_ino != psbuf->st_ino ||
185 sbuf.st_mode != psbuf->st_mode ) {
186 DEBUG(0,("change_dir_owner_to_parent: "
187 "device/inode/mode on directory %s changed. "
188 "Refusing to chown !\n", fname ));
189 status = NT_STATUS_ACCESS_DENIED;
194 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
197 status = map_nt_error_from_unix(errno);
198 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
199 "directory %s to parent directory uid %u. "
200 "Error was %s\n", fname,
201 (unsigned int)parent_st.st_uid, strerror(errno) ));
205 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
206 "directory %s to parent directory uid %u.\n",
207 fname, (unsigned int)parent_st.st_uid ));
211 vfs_ChDir(conn,saved_dir);
215 /****************************************************************************
217 ****************************************************************************/
219 static NTSTATUS open_file(files_struct *fsp,
220 connection_struct *conn,
221 struct smb_request *req,
222 const char *parent_dir,
225 SMB_STRUCT_STAT *psbuf,
228 uint32 access_mask, /* client requested access mask. */
229 uint32 open_access_mask) /* what we're actually using in the open. */
231 NTSTATUS status = NT_STATUS_OK;
232 int accmode = (flags & O_ACCMODE);
233 int local_flags = flags;
234 bool file_existed = VALID_STAT(*psbuf);
239 /* Check permissions */
242 * This code was changed after seeing a client open request
243 * containing the open mode of (DENY_WRITE/read-only) with
244 * the 'create if not exist' bit set. The previous code
245 * would fail to open the file read only on a read-only share
246 * as it was checking the flags parameter directly against O_RDONLY,
247 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
251 if (!CAN_WRITE(conn)) {
252 /* It's a read-only share - fail if we wanted to write. */
253 if(accmode != O_RDONLY) {
254 DEBUG(3,("Permission denied opening %s\n", path));
255 return NT_STATUS_ACCESS_DENIED;
256 } else if(flags & O_CREAT) {
257 /* We don't want to write - but we must make sure that
258 O_CREAT doesn't create the file if we have write
259 access into the directory.
262 local_flags &= ~O_CREAT;
267 * This little piece of insanity is inspired by the
268 * fact that an NT client can open a file for O_RDONLY,
269 * but set the create disposition to FILE_EXISTS_TRUNCATE.
270 * If the client *can* write to the file, then it expects to
271 * truncate the file, even though it is opening for readonly.
272 * Quicken uses this stupid trick in backup file creation...
273 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
274 * for helping track this one down. It didn't bite us in 2.0.x
275 * as we always opened files read-write in that release. JRA.
278 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
279 DEBUG(10,("open_file: truncate requested on read-only open "
280 "for file %s\n", path));
281 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
284 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
285 (!file_existed && (local_flags & O_CREAT)) ||
286 ((local_flags & O_TRUNC) == O_TRUNC) ) {
289 * We can't actually truncate here as the file may be locked.
290 * open_file_ntcreate will take care of the truncate later. JRA.
293 local_flags &= ~O_TRUNC;
295 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
297 * We would block on opening a FIFO with no one else on the
298 * other end. Do what we used to do and add O_NONBLOCK to the
302 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
303 local_flags |= O_NONBLOCK;
307 /* Don't create files with Microsoft wildcard characters. */
308 if ((local_flags & O_CREAT) && !file_existed &&
310 return NT_STATUS_OBJECT_NAME_INVALID;
313 /* Actually do the open */
314 status = fd_open(conn, path, fsp, local_flags, unx_mode);
315 if (!NT_STATUS_IS_OK(status)) {
316 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
318 path,nt_errstr(status),local_flags,flags));
322 if ((local_flags & O_CREAT) && !file_existed) {
324 /* Inherit the ACL if required */
325 if (lp_inherit_perms(SNUM(conn))) {
326 inherit_access_acl(conn, parent_dir, path,
330 /* Change the owner if required. */
331 if (lp_inherit_owner(SNUM(conn))) {
332 change_file_owner_to_parent(conn, parent_dir,
336 notify_fname(conn, NOTIFY_ACTION_ADDED,
337 FILE_NOTIFY_CHANGE_FILE_NAME, path);
341 fsp->fh->fd = -1; /* What we used to call a stat open. */
347 if (fsp->fh->fd == -1) {
348 ret = SMB_VFS_STAT(conn, path, psbuf);
350 ret = SMB_VFS_FSTAT(fsp, psbuf);
351 /* If we have an fd, this stat should succeed. */
353 DEBUG(0,("Error doing fstat on open file %s "
354 "(%s)\n", path,strerror(errno) ));
358 /* For a non-io open, this stat failing means file not found. JRA */
360 status = map_nt_error_from_unix(errno);
367 * POSIX allows read-only opens of directories. We don't
368 * want to do this (we use a different code path for this)
369 * so catch a directory open and return an EISDIR. JRA.
372 if(S_ISDIR(psbuf->st_mode)) {
375 return NT_STATUS_FILE_IS_A_DIRECTORY;
378 fsp->mode = psbuf->st_mode;
379 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
380 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
381 fsp->file_pid = req ? req->smbpid : 0;
382 fsp->can_lock = True;
383 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
384 if (!CAN_WRITE(conn)) {
385 fsp->can_write = False;
387 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
390 fsp->print_file = False;
391 fsp->modified = False;
392 fsp->sent_oplock_break = NO_BREAK_SENT;
393 fsp->is_directory = False;
394 fsp->is_stat = False;
395 if (conn->aio_write_behind_list &&
396 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
397 fsp->aio_write_behind = True;
400 string_set(&fsp->fsp_name, path);
401 fsp->wcp = NULL; /* Write cache pointer. */
403 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
404 *current_user_info.smb_name ?
405 current_user_info.smb_name : conn->user,fsp->fsp_name,
406 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
407 conn->num_files_open + 1));
413 /*******************************************************************
414 Return True if the filename is one of the special executable types.
415 ********************************************************************/
417 static bool is_executable(const char *fname)
419 if ((fname = strrchr_m(fname,'.'))) {
420 if (strequal(fname,".com") ||
421 strequal(fname,".dll") ||
422 strequal(fname,".exe") ||
423 strequal(fname,".sym")) {
430 /****************************************************************************
431 Check if we can open a file with a share mode.
432 Returns True if conflict, False if not.
433 ****************************************************************************/
435 static bool share_conflict(struct share_mode_entry *entry,
439 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
440 "entry->share_access = 0x%x, "
441 "entry->private_options = 0x%x\n",
442 (unsigned int)entry->access_mask,
443 (unsigned int)entry->share_access,
444 (unsigned int)entry->private_options));
446 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
447 (unsigned int)access_mask, (unsigned int)share_access));
449 if ((entry->access_mask & (FILE_WRITE_DATA|
453 DELETE_ACCESS)) == 0) {
454 DEBUG(10,("share_conflict: No conflict due to "
455 "entry->access_mask = 0x%x\n",
456 (unsigned int)entry->access_mask ));
460 if ((access_mask & (FILE_WRITE_DATA|
464 DELETE_ACCESS)) == 0) {
465 DEBUG(10,("share_conflict: No conflict due to "
466 "access_mask = 0x%x\n",
467 (unsigned int)access_mask ));
471 #if 1 /* JRA TEST - Superdebug. */
472 #define CHECK_MASK(num, am, right, sa, share) \
473 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
474 (unsigned int)(num), (unsigned int)(am), \
475 (unsigned int)(right), (unsigned int)(am)&(right) )); \
476 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
477 (unsigned int)(num), (unsigned int)(sa), \
478 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
479 if (((am) & (right)) && !((sa) & (share))) { \
480 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
481 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
482 (unsigned int)(share) )); \
486 #define CHECK_MASK(num, am, right, sa, share) \
487 if (((am) & (right)) && !((sa) & (share))) { \
488 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
489 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
490 (unsigned int)(share) )); \
495 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
496 share_access, FILE_SHARE_WRITE);
497 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
498 entry->share_access, FILE_SHARE_WRITE);
500 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
501 share_access, FILE_SHARE_READ);
502 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
503 entry->share_access, FILE_SHARE_READ);
505 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
506 share_access, FILE_SHARE_DELETE);
507 CHECK_MASK(6, access_mask, DELETE_ACCESS,
508 entry->share_access, FILE_SHARE_DELETE);
510 DEBUG(10,("share_conflict: No conflict.\n"));
514 #if defined(DEVELOPER)
515 static void validate_my_share_entries(int num,
516 struct share_mode_entry *share_entry)
520 if (!procid_is_me(&share_entry->pid)) {
524 if (is_deferred_open_entry(share_entry) &&
525 !open_was_deferred(share_entry->op_mid)) {
526 char *str = talloc_asprintf(talloc_tos(),
527 "Got a deferred entry without a request: "
529 share_mode_str(talloc_tos(), num, share_entry));
533 if (!is_valid_share_mode_entry(share_entry)) {
537 fsp = file_find_dif(share_entry->id,
538 share_entry->share_file_id);
540 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
541 share_mode_str(talloc_tos(), num, share_entry) ));
542 smb_panic("validate_my_share_entries: Cannot match a "
543 "share entry with an open file\n");
546 if (is_deferred_open_entry(share_entry) ||
547 is_unused_share_mode_entry(share_entry)) {
551 if ((share_entry->op_type == NO_OPLOCK) &&
552 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
553 /* Someone has already written to it, but I haven't yet
558 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
567 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
568 share_mode_str(talloc_tos(), num, share_entry) ));
569 str = talloc_asprintf(talloc_tos(),
570 "validate_my_share_entries: "
571 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
572 fsp->fsp_name, (unsigned int)fsp->oplock_type,
573 (unsigned int)share_entry->op_type );
579 static bool is_stat_open(uint32 access_mask)
581 return (access_mask &&
582 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
583 FILE_WRITE_ATTRIBUTES))==0) &&
584 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
585 FILE_WRITE_ATTRIBUTES)) != 0));
588 /****************************************************************************
589 Deal with share modes
590 Invarient: Share mode must be locked on entry and exit.
591 Returns -1 on error, or number of share modes on success (may be zero).
592 ****************************************************************************/
594 static NTSTATUS open_mode_check(connection_struct *conn,
596 struct share_mode_lock *lck,
599 uint32 create_options,
604 if(lck->num_share_modes == 0) {
608 *file_existed = True;
610 /* A delete on close prohibits everything */
612 if (lck->delete_on_close) {
613 return NT_STATUS_DELETE_PENDING;
616 if (is_stat_open(access_mask)) {
617 /* Stat open that doesn't trigger oplock breaks or share mode
618 * checks... ! JRA. */
623 * Check if the share modes will give us access.
626 #if defined(DEVELOPER)
627 for(i = 0; i < lck->num_share_modes; i++) {
628 validate_my_share_entries(i, &lck->share_modes[i]);
632 if (!lp_share_modes(SNUM(conn))) {
636 /* Now we check the share modes, after any oplock breaks. */
637 for(i = 0; i < lck->num_share_modes; i++) {
639 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
643 /* someone else has a share lock on it, check to see if we can
645 if (share_conflict(&lck->share_modes[i],
646 access_mask, share_access)) {
647 return NT_STATUS_SHARING_VIOLATION;
654 static bool is_delete_request(files_struct *fsp) {
655 return ((fsp->access_mask == DELETE_ACCESS) &&
656 (fsp->oplock_type == NO_OPLOCK));
660 * 1) No files open at all or internal open: Grant whatever the client wants.
662 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
663 * request, break if the oplock around is a batch oplock. If it's another
664 * requested access type, break.
666 * 3) Only level2 around: Grant level2 and do nothing else.
669 static bool delay_for_oplocks(struct share_mode_lock *lck,
676 struct share_mode_entry *exclusive = NULL;
677 bool valid_entry = False;
678 bool delay_it = False;
679 bool have_level2 = False;
681 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
683 if (oplock_request & INTERNAL_OPEN_ONLY) {
684 fsp->oplock_type = NO_OPLOCK;
687 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
691 for (i=0; i<lck->num_share_modes; i++) {
693 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
697 /* At least one entry is not an invalid or deferred entry. */
700 if (pass_number == 1) {
701 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
702 SMB_ASSERT(exclusive == NULL);
703 exclusive = &lck->share_modes[i];
706 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
707 SMB_ASSERT(exclusive == NULL);
708 exclusive = &lck->share_modes[i];
712 if (lck->share_modes[i].op_type == LEVEL_II_OPLOCK) {
713 SMB_ASSERT(exclusive == NULL);
719 /* All entries are placeholders or deferred.
720 * Directly grant whatever the client wants. */
721 if (fsp->oplock_type == NO_OPLOCK) {
722 /* Store a level2 oplock, but don't tell the client */
723 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
728 if (exclusive != NULL) { /* Found an exclusive oplock */
729 SMB_ASSERT(!have_level2);
730 delay_it = is_delete_request(fsp) ?
731 BATCH_OPLOCK_TYPE(exclusive->op_type) : True;
734 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
735 /* We can at most grant level2 as there are other
736 * level2 or NO_OPLOCK entries. */
737 fsp->oplock_type = LEVEL_II_OPLOCK;
740 if ((fsp->oplock_type == NO_OPLOCK) && have_level2) {
741 /* Store a level2 oplock, but don't tell the client */
742 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
750 * Send a break message to the oplock holder and delay the open for
754 DEBUG(10, ("Sending break request to PID %s\n",
755 procid_str_static(&exclusive->pid)));
756 exclusive->op_mid = mid;
758 /* Create the message. */
759 share_mode_entry_to_message(msg, exclusive);
761 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
762 don't want this set in the share mode struct pointed to by lck. */
764 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
765 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
768 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
769 MSG_SMB_BREAK_REQUEST,
771 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
772 if (!NT_STATUS_IS_OK(status)) {
773 DEBUG(3, ("Could not send oplock break message: %s\n",
780 static bool request_timed_out(struct timeval request_time,
781 struct timeval timeout)
783 struct timeval now, end_time;
785 end_time = timeval_sum(&request_time, &timeout);
786 return (timeval_compare(&end_time, &now) < 0);
789 /****************************************************************************
790 Handle the 1 second delay in returning a SHARING_VIOLATION error.
791 ****************************************************************************/
793 static void defer_open(struct share_mode_lock *lck,
794 struct timeval request_time,
795 struct timeval timeout,
796 struct smb_request *req,
797 struct deferred_open_record *state)
803 for (i=0; i<lck->num_share_modes; i++) {
804 struct share_mode_entry *e = &lck->share_modes[i];
806 if (!is_deferred_open_entry(e)) {
810 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
811 DEBUG(0, ("Trying to defer an already deferred "
812 "request: mid=%d, exiting\n", req->mid));
813 exit_server("attempt to defer a deferred request");
817 /* End paranoia check */
819 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
820 "open entry for mid %u\n",
821 (unsigned int)request_time.tv_sec,
822 (unsigned int)request_time.tv_usec,
823 (unsigned int)req->mid));
825 if (!push_deferred_smb_message(req, request_time, timeout,
826 (char *)state, sizeof(*state))) {
827 exit_server("push_deferred_smb_message failed");
829 add_deferred_open(lck, req->mid, request_time, state->id);
832 * Push the MID of this packet on the signing queue.
833 * We only do this once, the first time we push the packet
834 * onto the deferred open queue, as this has a side effect
835 * of incrementing the response sequence number.
838 srv_defer_sign_response(req->mid);
842 /****************************************************************************
843 On overwrite open ensure that the attributes match.
844 ****************************************************************************/
846 static bool open_match_attributes(connection_struct *conn,
850 mode_t existing_unx_mode,
852 mode_t *returned_unx_mode)
854 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
856 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
857 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
859 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
860 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
861 *returned_unx_mode = new_unx_mode;
863 *returned_unx_mode = (mode_t)0;
866 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
867 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
868 "returned_unx_mode = 0%o\n",
870 (unsigned int)old_dos_attr,
871 (unsigned int)existing_unx_mode,
872 (unsigned int)new_dos_attr,
873 (unsigned int)*returned_unx_mode ));
875 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
876 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
877 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
878 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
882 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
883 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
884 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
891 /****************************************************************************
892 Special FCB or DOS processing in the case of a sharing violation.
893 Try and find a duplicated file handle.
894 ****************************************************************************/
896 static files_struct *fcb_or_dos_open(connection_struct *conn,
903 uint32 create_options)
906 files_struct *dup_fsp;
908 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
909 "file %s.\n", fname ));
911 for(fsp = file_find_di_first(id); fsp;
912 fsp = file_find_di_next(fsp)) {
914 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
915 "vuid = %u, file_pid = %u, private_options = 0x%x "
916 "access_mask = 0x%x\n", fsp->fsp_name,
917 fsp->fh->fd, (unsigned int)fsp->vuid,
918 (unsigned int)fsp->file_pid,
919 (unsigned int)fsp->fh->private_options,
920 (unsigned int)fsp->access_mask ));
922 if (fsp->fh->fd != -1 &&
924 fsp->file_pid == file_pid &&
925 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
926 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
927 (fsp->access_mask & FILE_WRITE_DATA) &&
928 strequal(fsp->fsp_name, fname)) {
929 DEBUG(10,("fcb_or_dos_open: file match\n"));
938 /* quite an insane set of semantics ... */
939 if (is_executable(fname) &&
940 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
941 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
945 /* We need to duplicate this fsp. */
946 if (!NT_STATUS_IS_OK(dup_file_fsp(fsp, access_mask, share_access,
947 create_options, &dup_fsp))) {
954 /****************************************************************************
955 Open a file with a share mode - old openX method - map into NTCreate.
956 ****************************************************************************/
958 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
959 uint32 *paccess_mask,
961 uint32 *pcreate_disposition,
962 uint32 *pcreate_options)
966 uint32 create_disposition;
967 uint32 create_options = 0;
969 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
970 "open_func = 0x%x\n",
971 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
973 /* Create the NT compatible access_mask. */
974 switch (GET_OPENX_MODE(deny_mode)) {
975 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
976 case DOS_OPEN_RDONLY:
977 access_mask = FILE_GENERIC_READ;
979 case DOS_OPEN_WRONLY:
980 access_mask = FILE_GENERIC_WRITE;
984 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
987 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
988 (unsigned int)GET_OPENX_MODE(deny_mode)));
992 /* Create the NT compatible create_disposition. */
994 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
995 create_disposition = FILE_CREATE;
998 case OPENX_FILE_EXISTS_OPEN:
999 create_disposition = FILE_OPEN;
1002 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1003 create_disposition = FILE_OPEN_IF;
1006 case OPENX_FILE_EXISTS_TRUNCATE:
1007 create_disposition = FILE_OVERWRITE;
1010 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1011 create_disposition = FILE_OVERWRITE_IF;
1015 /* From samba4 - to be confirmed. */
1016 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1017 create_disposition = FILE_CREATE;
1020 DEBUG(10,("map_open_params_to_ntcreate: bad "
1021 "open_func 0x%x\n", (unsigned int)open_func));
1025 /* Create the NT compatible share modes. */
1026 switch (GET_DENY_MODE(deny_mode)) {
1028 share_mode = FILE_SHARE_NONE;
1032 share_mode = FILE_SHARE_READ;
1036 share_mode = FILE_SHARE_WRITE;
1040 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1044 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1045 if (is_executable(fname)) {
1046 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1048 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1049 share_mode = FILE_SHARE_READ;
1051 share_mode = FILE_SHARE_NONE;
1057 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1058 share_mode = FILE_SHARE_NONE;
1062 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1063 (unsigned int)GET_DENY_MODE(deny_mode) ));
1067 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1068 "share_mode = 0x%x, create_disposition = 0x%x, "
1069 "create_options = 0x%x\n",
1071 (unsigned int)access_mask,
1072 (unsigned int)share_mode,
1073 (unsigned int)create_disposition,
1074 (unsigned int)create_options ));
1077 *paccess_mask = access_mask;
1080 *pshare_mode = share_mode;
1082 if (pcreate_disposition) {
1083 *pcreate_disposition = create_disposition;
1085 if (pcreate_options) {
1086 *pcreate_options = create_options;
1093 static void schedule_defer_open(struct share_mode_lock *lck,
1094 struct timeval request_time,
1095 struct smb_request *req)
1097 struct deferred_open_record state;
1099 /* This is a relative time, added to the absolute
1100 request_time value to get the absolute timeout time.
1101 Note that if this is the second or greater time we enter
1102 this codepath for this particular request mid then
1103 request_time is left as the absolute time of the *first*
1104 time this request mid was processed. This is what allows
1105 the request to eventually time out. */
1107 struct timeval timeout;
1109 /* Normally the smbd we asked should respond within
1110 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1111 * the client did, give twice the timeout as a safety
1112 * measure here in case the other smbd is stuck
1113 * somewhere else. */
1115 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1117 /* Nothing actually uses state.delayed_for_oplocks
1118 but it's handy to differentiate in debug messages
1119 between a 30 second delay due to oplock break, and
1120 a 1 second delay for share mode conflicts. */
1122 state.delayed_for_oplocks = True;
1125 if (!request_timed_out(request_time, timeout)) {
1126 defer_open(lck, request_time, timeout, req, &state);
1130 /****************************************************************************
1131 Open a file with a share mode.
1132 ****************************************************************************/
1134 NTSTATUS open_file_ntcreate(connection_struct *conn,
1135 struct smb_request *req,
1137 SMB_STRUCT_STAT *psbuf,
1138 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1139 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1140 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1141 uint32 create_options, /* options such as delete on close. */
1142 uint32 new_dos_attributes, /* attributes used for new file. */
1143 int oplock_request, /* internal Samba oplock codes. */
1144 /* Information (FILE_EXISTS etc.) */
1146 files_struct **result)
1150 bool file_existed = VALID_STAT(*psbuf);
1151 bool def_acl = False;
1152 bool posix_open = False;
1153 bool new_file_created = False;
1155 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1156 files_struct *fsp = NULL;
1157 mode_t new_unx_mode = (mode_t)0;
1158 mode_t unx_mode = (mode_t)0;
1160 uint32 existing_dos_attributes = 0;
1161 struct pending_message_list *pml = NULL;
1162 struct timeval request_time = timeval_zero();
1163 struct share_mode_lock *lck = NULL;
1164 uint32 open_access_mask = access_mask;
1168 const char *newname;
1172 if (conn->printer) {
1174 * Printers are handled completely differently.
1175 * Most of the passed parameters are ignored.
1179 *pinfo = FILE_WAS_CREATED;
1182 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1184 return print_fsp_open(conn, fname, result);
1187 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1189 return NT_STATUS_NO_MEMORY;
1192 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1194 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1195 new_dos_attributes = 0;
1197 /* We add aARCH to this as this mode is only used if the file is
1199 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1203 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1204 "access_mask=0x%x share_access=0x%x "
1205 "create_disposition = 0x%x create_options=0x%x "
1206 "unix mode=0%o oplock_request=%d\n",
1207 fname, new_dos_attributes, access_mask, share_access,
1208 create_disposition, create_options, unx_mode,
1211 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1212 DEBUG(0, ("No smb request but not an internal only open!\n"));
1213 return NT_STATUS_INTERNAL_ERROR;
1217 * Only non-internal opens can be deferred at all
1221 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1222 struct deferred_open_record *state =
1223 (struct deferred_open_record *)pml->private_data.data;
1225 /* Remember the absolute time of the original
1226 request with this mid. We'll use it later to
1227 see if this has timed out. */
1229 request_time = pml->request_time;
1231 /* Remove the deferred open entry under lock. */
1232 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1235 DEBUG(0, ("could not get share mode lock\n"));
1237 del_deferred_open_entry(lck, req->mid);
1241 /* Ensure we don't reprocess this message. */
1242 remove_deferred_open_smb_message(req->mid);
1245 status = check_name(conn, fname);
1246 if (!NT_STATUS_IS_OK(status)) {
1251 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1253 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1257 /* ignore any oplock requests if oplocks are disabled */
1258 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1259 IS_VETO_OPLOCK_PATH(conn, fname)) {
1260 /* Mask off everything except the private Samba bits. */
1261 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1264 /* this is for OS/2 long file names - say we don't support them */
1265 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1266 /* OS/2 Workplace shell fix may be main code stream in a later
1268 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1270 if (use_nt_status()) {
1271 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1273 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1276 switch( create_disposition ) {
1278 * Currently we're using FILE_SUPERSEDE as the same as
1279 * FILE_OVERWRITE_IF but they really are
1280 * different. FILE_SUPERSEDE deletes an existing file
1281 * (requiring delete access) then recreates it.
1283 case FILE_SUPERSEDE:
1284 /* If file exists replace/overwrite. If file doesn't
1286 flags2 |= (O_CREAT | O_TRUNC);
1289 case FILE_OVERWRITE_IF:
1290 /* If file exists replace/overwrite. If file doesn't
1292 flags2 |= (O_CREAT | O_TRUNC);
1296 /* If file exists open. If file doesn't exist error. */
1297 if (!file_existed) {
1298 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1299 "requested for file %s and file "
1300 "doesn't exist.\n", fname ));
1302 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1306 case FILE_OVERWRITE:
1307 /* If file exists overwrite. If file doesn't exist
1309 if (!file_existed) {
1310 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1311 "requested for file %s and file "
1312 "doesn't exist.\n", fname ));
1314 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1320 /* If file exists error. If file doesn't exist
1323 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1324 "requested for file %s and file "
1325 "already exists.\n", fname ));
1326 if (S_ISDIR(psbuf->st_mode)) {
1331 return map_nt_error_from_unix(errno);
1333 flags2 |= (O_CREAT|O_EXCL);
1337 /* If file exists open. If file doesn't exist
1343 return NT_STATUS_INVALID_PARAMETER;
1346 /* We only care about matching attributes on file exists and
1349 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1350 (create_disposition == FILE_OVERWRITE_IF))) {
1351 if (!open_match_attributes(conn, fname,
1352 existing_dos_attributes,
1353 new_dos_attributes, psbuf->st_mode,
1354 unx_mode, &new_unx_mode)) {
1355 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1356 "for file %s (%x %x) (0%o, 0%o)\n",
1357 fname, existing_dos_attributes,
1359 (unsigned int)psbuf->st_mode,
1360 (unsigned int)unx_mode ));
1362 return NT_STATUS_ACCESS_DENIED;
1366 /* This is a nasty hack - must fix... JRA. */
1367 if (access_mask == MAXIMUM_ALLOWED_ACCESS) {
1368 open_access_mask = access_mask = FILE_GENERIC_ALL;
1372 * Convert GENERIC bits to specific bits.
1375 se_map_generic(&access_mask, &file_generic_mapping);
1376 open_access_mask = access_mask;
1378 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1379 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1382 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1383 "access_mask=0x%x\n", fname, access_mask ));
1386 * Note that we ignore the append flag as append does not
1387 * mean the same thing under DOS and Unix.
1390 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1391 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1392 /* DENY_DOS opens are always underlying read-write on the
1393 file handle, no matter what the requested access mask
1395 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1396 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1406 * Currently we only look at FILE_WRITE_THROUGH for create options.
1410 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1415 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1419 if (!posix_open && !CAN_WRITE(conn)) {
1421 * We should really return a permission denied error if either
1422 * O_CREAT or O_TRUNC are set, but for compatibility with
1423 * older versions of Samba we just AND them out.
1425 flags2 &= ~(O_CREAT|O_TRUNC);
1429 * Ensure we can't write on a read-only share or file.
1432 if (flags != O_RDONLY && file_existed &&
1433 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1434 DEBUG(5,("open_file_ntcreate: write access requested for "
1435 "file %s on read only %s\n",
1436 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1438 return NT_STATUS_ACCESS_DENIED;
1441 status = file_new(conn, &fsp);
1442 if(!NT_STATUS_IS_OK(status)) {
1446 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1447 fsp->share_access = share_access;
1448 fsp->fh->private_options = create_options;
1449 fsp->access_mask = open_access_mask; /* We change this to the
1450 * requested access_mask after
1451 * the open is done. */
1452 fsp->posix_open = posix_open;
1454 /* Ensure no SAMBA_PRIVATE bits can be set. */
1455 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1457 if (timeval_is_zero(&request_time)) {
1458 request_time = fsp->open_time;
1462 struct timespec old_write_time = get_mtimespec(psbuf);
1463 id = vfs_file_id_from_sbuf(conn, psbuf);
1465 lck = get_share_mode_lock(talloc_tos(), id,
1467 fname, &old_write_time);
1471 DEBUG(0, ("Could not get share mode lock\n"));
1472 return NT_STATUS_SHARING_VIOLATION;
1475 /* First pass - send break only on batch oplocks. */
1477 && delay_for_oplocks(lck, fsp, req->mid, 1,
1479 schedule_defer_open(lck, request_time, req);
1482 return NT_STATUS_SHARING_VIOLATION;
1485 /* Use the client requested access mask here, not the one we
1487 status = open_mode_check(conn, fname, lck,
1488 access_mask, share_access,
1489 create_options, &file_existed);
1491 if (NT_STATUS_IS_OK(status)) {
1492 /* We might be going to allow this open. Check oplock
1494 /* Second pass - send break for both batch or
1495 * exclusive oplocks. */
1497 && delay_for_oplocks(lck, fsp, req->mid, 2,
1499 schedule_defer_open(lck, request_time, req);
1502 return NT_STATUS_SHARING_VIOLATION;
1506 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1507 /* DELETE_PENDING is not deferred for a second */
1513 if (!NT_STATUS_IS_OK(status)) {
1514 uint32 can_access_mask;
1515 bool can_access = True;
1517 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1519 /* Check if this can be done with the deny_dos and fcb
1521 if (create_options &
1522 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1523 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1524 files_struct *fsp_dup;
1527 DEBUG(0, ("DOS open without an SMB "
1531 return NT_STATUS_INTERNAL_ERROR;
1534 /* Use the client requested access mask here,
1535 * not the one we open with. */
1536 fsp_dup = fcb_or_dos_open(conn, fname, id,
1547 *pinfo = FILE_WAS_OPENED;
1549 conn->num_files_open++;
1551 return NT_STATUS_OK;
1556 * This next line is a subtlety we need for
1557 * MS-Access. If a file open will fail due to share
1558 * permissions and also for security (access) reasons,
1559 * we need to return the access failed error, not the
1560 * share error. We can't open the file due to kernel
1561 * oplock deadlock (it's possible we failed above on
1562 * the open_mode_check()) so use a userspace check.
1565 if (flags & O_RDWR) {
1566 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1567 } else if (flags & O_WRONLY) {
1568 can_access_mask = FILE_WRITE_DATA;
1570 can_access_mask = FILE_READ_DATA;
1573 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1574 !can_access_file(conn,fname,psbuf,can_access_mask)) {
1579 * If we're returning a share violation, ensure we
1580 * cope with the braindead 1 second delay.
1583 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1584 lp_defer_sharing_violations()) {
1585 struct timeval timeout;
1586 struct deferred_open_record state;
1589 /* this is a hack to speed up torture tests
1591 timeout_usecs = lp_parm_int(SNUM(conn),
1592 "smbd","sharedelay",
1593 SHARING_VIOLATION_USEC_WAIT);
1595 /* This is a relative time, added to the absolute
1596 request_time value to get the absolute timeout time.
1597 Note that if this is the second or greater time we enter
1598 this codepath for this particular request mid then
1599 request_time is left as the absolute time of the *first*
1600 time this request mid was processed. This is what allows
1601 the request to eventually time out. */
1603 timeout = timeval_set(0, timeout_usecs);
1605 /* Nothing actually uses state.delayed_for_oplocks
1606 but it's handy to differentiate in debug messages
1607 between a 30 second delay due to oplock break, and
1608 a 1 second delay for share mode conflicts. */
1610 state.delayed_for_oplocks = False;
1614 && !request_timed_out(request_time,
1616 defer_open(lck, request_time, timeout,
1624 * We have detected a sharing violation here
1625 * so return the correct error code
1627 status = NT_STATUS_SHARING_VIOLATION;
1629 status = NT_STATUS_ACCESS_DENIED;
1636 * We exit this block with the share entry *locked*.....
1640 SMB_ASSERT(!file_existed || (lck != NULL));
1643 * Ensure we pay attention to default ACLs on directories if required.
1646 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1647 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1651 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1652 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1653 (unsigned int)flags, (unsigned int)flags2,
1654 (unsigned int)unx_mode, (unsigned int)access_mask,
1655 (unsigned int)open_access_mask));
1658 * open_file strips any O_TRUNC flags itself.
1661 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1662 flags|flags2, unx_mode, access_mask,
1665 if (!NT_STATUS_IS_OK(fsp_open)) {
1673 if (!file_existed) {
1674 struct timespec old_write_time = get_mtimespec(psbuf);
1676 * Deal with the race condition where two smbd's detect the
1677 * file doesn't exist and do the create at the same time. One
1678 * of them will win and set a share mode, the other (ie. this
1679 * one) should check if the requested share mode for this
1680 * create is allowed.
1684 * Now the file exists and fsp is successfully opened,
1685 * fsp->dev and fsp->inode are valid and should replace the
1686 * dev=0,inode=0 from a non existent file. Spotted by
1687 * Nadav Danieli <nadavd@exanet.com>. JRA.
1692 lck = get_share_mode_lock(talloc_tos(), id,
1694 fname, &old_write_time);
1697 DEBUG(0, ("open_file_ntcreate: Could not get share "
1698 "mode lock for %s\n", fname));
1701 return NT_STATUS_SHARING_VIOLATION;
1704 /* First pass - send break only on batch oplocks. */
1706 && delay_for_oplocks(lck, fsp, req->mid, 1,
1708 schedule_defer_open(lck, request_time, req);
1712 return NT_STATUS_SHARING_VIOLATION;
1715 status = open_mode_check(conn, fname, lck,
1716 access_mask, share_access,
1717 create_options, &file_existed);
1719 if (NT_STATUS_IS_OK(status)) {
1720 /* We might be going to allow this open. Check oplock
1722 /* Second pass - send break for both batch or
1723 * exclusive oplocks. */
1725 && delay_for_oplocks(lck, fsp, req->mid, 2,
1727 schedule_defer_open(lck, request_time, req);
1731 return NT_STATUS_SHARING_VIOLATION;
1735 if (!NT_STATUS_IS_OK(status)) {
1736 struct deferred_open_record state;
1741 state.delayed_for_oplocks = False;
1744 /* Do it all over again immediately. In the second
1745 * round we will find that the file existed and handle
1746 * the DELETE_PENDING and FCB cases correctly. No need
1747 * to duplicate the code here. Essentially this is a
1748 * "goto top of this function", but don't tell
1752 defer_open(lck, request_time, timeval_zero(),
1760 * We exit this block with the share entry *locked*.....
1765 SMB_ASSERT(lck != NULL);
1767 /* note that we ignore failure for the following. It is
1768 basically a hack for NFS, and NFS will never set one of
1769 these only read them. Nobody but Samba can ever set a deny
1770 mode and we have already checked our more authoritative
1771 locking database for permission to set this deny mode. If
1772 the kernel refuses the operations then the kernel is wrong.
1773 note that GPFS supports it as well - jmcd */
1775 if (fsp->fh->fd != -1) {
1776 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
1777 if(ret_flock == -1 ){
1783 return NT_STATUS_SHARING_VIOLATION;
1788 * At this point onwards, we can guarentee that the share entry
1789 * is locked, whether we created the file or not, and that the
1790 * deny mode is compatible with all current opens.
1794 * If requested, truncate the file.
1797 if (flags2&O_TRUNC) {
1799 * We are modifing the file after open - update the stat
1802 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
1803 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
1804 status = map_nt_error_from_unix(errno);
1812 /* Record the options we were opened with. */
1813 fsp->share_access = share_access;
1814 fsp->fh->private_options = create_options;
1815 fsp->access_mask = access_mask;
1818 /* stat opens on existing files don't get oplocks. */
1819 if (is_stat_open(open_access_mask)) {
1820 fsp->oplock_type = NO_OPLOCK;
1823 if (!(flags2 & O_TRUNC)) {
1824 info = FILE_WAS_OPENED;
1826 info = FILE_WAS_OVERWRITTEN;
1829 info = FILE_WAS_CREATED;
1837 * Setup the oplock info in both the shared memory and
1841 if ((fsp->oplock_type != NO_OPLOCK) &&
1842 (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) {
1843 if (!set_file_oplock(fsp, fsp->oplock_type)) {
1844 /* Could not get the kernel oplock */
1845 fsp->oplock_type = NO_OPLOCK;
1849 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
1850 new_file_created = True;
1853 set_share_mode(lck, fsp, current_user.ut.uid, 0, fsp->oplock_type, new_file_created);
1855 /* Handle strange delete on close create semantics. */
1856 if ((create_options & FILE_DELETE_ON_CLOSE)
1857 && (is_ntfs_stream_name(fname)
1858 || can_set_initial_delete_on_close(lck))) {
1859 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
1861 if (!NT_STATUS_IS_OK(status)) {
1862 /* Remember to delete the mode we just added. */
1863 del_share_mode(lck, fsp);
1869 /* Note that here we set the *inital* delete on close flag,
1870 not the regular one. The magic gets handled in close. */
1871 fsp->initial_delete_on_close = True;
1874 if (new_file_created) {
1875 /* Files should be initially set as archive */
1876 if (lp_map_archive(SNUM(conn)) ||
1877 lp_store_dos_attributes(SNUM(conn))) {
1879 SMB_STRUCT_STAT tmp_sbuf;
1880 SET_STAT_INVALID(tmp_sbuf);
1881 if (file_set_dosmode(
1883 new_dos_attributes | aARCH,
1884 &tmp_sbuf, parent_dir,
1886 unx_mode = tmp_sbuf.st_mode;
1893 * Take care of inherited ACLs on created files - if default ACL not
1897 if (!posix_open && !file_existed && !def_acl) {
1899 int saved_errno = errno; /* We might get ENOSYS in the next
1902 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
1904 errno = saved_errno; /* Ignore ENOSYS */
1907 } else if (new_unx_mode) {
1911 /* Attributes need changing. File already existed. */
1914 int saved_errno = errno; /* We might get ENOSYS in the
1916 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
1918 if (ret == -1 && errno == ENOSYS) {
1919 errno = saved_errno; /* Ignore ENOSYS */
1921 DEBUG(5, ("open_file_ntcreate: reset "
1922 "attributes of file %s to 0%o\n",
1923 fname, (unsigned int)new_unx_mode));
1924 ret = 0; /* Don't do the fchmod below. */
1929 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
1930 DEBUG(5, ("open_file_ntcreate: failed to reset "
1931 "attributes of file %s to 0%o\n",
1932 fname, (unsigned int)new_unx_mode));
1935 /* If this is a successful open, we must remove any deferred open
1938 del_deferred_open_entry(lck, req->mid);
1942 conn->num_files_open++;
1945 return NT_STATUS_OK;
1948 /****************************************************************************
1949 Open a file for for write to ensure that we can fchmod it.
1950 ****************************************************************************/
1952 NTSTATUS open_file_fchmod(connection_struct *conn, const char *fname,
1953 SMB_STRUCT_STAT *psbuf, files_struct **result)
1955 files_struct *fsp = NULL;
1958 if (!VALID_STAT(*psbuf)) {
1959 return NT_STATUS_INVALID_PARAMETER;
1962 status = file_new(conn, &fsp);
1963 if(!NT_STATUS_IS_OK(status)) {
1967 /* note! we must use a non-zero desired access or we don't get
1968 a real file descriptor. Oh what a twisted web we weave. */
1969 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
1970 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
1973 * This is not a user visible file open.
1974 * Don't set a share mode and don't increment
1975 * the conn->num_files_open.
1978 if (!NT_STATUS_IS_OK(status)) {
1984 return NT_STATUS_OK;
1987 /****************************************************************************
1988 Close the fchmod file fd - ensure no locks are lost.
1989 ****************************************************************************/
1991 NTSTATUS close_file_fchmod(files_struct *fsp)
1993 NTSTATUS status = fd_close(fsp);
1998 static NTSTATUS mkdir_internal(connection_struct *conn,
2000 uint32 file_attributes,
2001 SMB_STRUCT_STAT *psbuf)
2005 const char *dirname;
2007 bool posix_open = false;
2009 if(!CAN_WRITE(conn)) {
2010 DEBUG(5,("mkdir_internal: failing create on read-only share "
2011 "%s\n", lp_servicename(SNUM(conn))));
2012 return NT_STATUS_ACCESS_DENIED;
2015 status = check_name(conn, name);
2016 if (!NT_STATUS_IS_OK(status)) {
2020 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2022 return NT_STATUS_NO_MEMORY;
2025 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2027 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2029 mode = unix_mode(conn, aDIR, name, parent_dir);
2032 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2033 return map_nt_error_from_unix(errno);
2036 /* Ensure we're checking for a symlink here.... */
2037 /* We don't want to get caught by a symlink racer. */
2039 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2040 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2041 name, strerror(errno)));
2042 return map_nt_error_from_unix(errno);
2045 if (!S_ISDIR(psbuf->st_mode)) {
2046 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2048 return NT_STATUS_ACCESS_DENIED;
2051 if (lp_store_dos_attributes(SNUM(conn))) {
2053 file_set_dosmode(conn, name,
2054 file_attributes | aDIR, NULL,
2060 if (lp_inherit_perms(SNUM(conn))) {
2061 inherit_access_acl(conn, parent_dir, name, mode);
2064 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2066 * Check if high bits should have been set,
2067 * then (if bits are missing): add them.
2068 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2071 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2072 SMB_VFS_CHMOD(conn, name,
2073 psbuf->st_mode | (mode & ~psbuf->st_mode));
2077 /* Change the owner if required. */
2078 if (lp_inherit_owner(SNUM(conn))) {
2079 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2082 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2085 return NT_STATUS_OK;
2088 /****************************************************************************
2089 Open a directory from an NT SMB call.
2090 ****************************************************************************/
2092 NTSTATUS open_directory(connection_struct *conn,
2093 struct smb_request *req,
2095 SMB_STRUCT_STAT *psbuf,
2097 uint32 share_access,
2098 uint32 create_disposition,
2099 uint32 create_options,
2100 uint32 file_attributes,
2102 files_struct **result)
2104 files_struct *fsp = NULL;
2105 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2106 struct share_mode_lock *lck = NULL;
2108 struct timespec mtimespec;
2111 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2112 "share_access = 0x%x create_options = 0x%x, "
2113 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2115 (unsigned int)access_mask,
2116 (unsigned int)share_access,
2117 (unsigned int)create_options,
2118 (unsigned int)create_disposition,
2119 (unsigned int)file_attributes));
2121 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) && is_ntfs_stream_name(fname)) {
2122 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2123 return NT_STATUS_NOT_A_DIRECTORY;
2126 switch( create_disposition ) {
2129 info = FILE_WAS_OPENED;
2132 * We want to follow symlinks here.
2135 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2136 return map_nt_error_from_unix(errno);
2143 /* If directory exists error. If directory doesn't
2146 status = mkdir_internal(conn,
2151 if (!NT_STATUS_IS_OK(status)) {
2152 DEBUG(2, ("open_directory: unable to create "
2153 "%s. Error was %s\n", fname,
2154 nt_errstr(status)));
2158 info = FILE_WAS_CREATED;
2163 * If directory exists open. If directory doesn't
2167 status = mkdir_internal(conn,
2172 if (NT_STATUS_IS_OK(status)) {
2173 info = FILE_WAS_CREATED;
2176 if (NT_STATUS_EQUAL(status,
2177 NT_STATUS_OBJECT_NAME_COLLISION)) {
2178 info = FILE_WAS_OPENED;
2179 status = NT_STATUS_OK;
2184 case FILE_SUPERSEDE:
2185 case FILE_OVERWRITE:
2186 case FILE_OVERWRITE_IF:
2188 DEBUG(5,("open_directory: invalid create_disposition "
2189 "0x%x for directory %s\n",
2190 (unsigned int)create_disposition, fname));
2191 return NT_STATUS_INVALID_PARAMETER;
2194 if(!S_ISDIR(psbuf->st_mode)) {
2195 DEBUG(5,("open_directory: %s is not a directory !\n",
2197 return NT_STATUS_NOT_A_DIRECTORY;
2200 status = file_new(conn, &fsp);
2201 if(!NT_STATUS_IS_OK(status)) {
2206 * Setup the files_struct for it.
2209 fsp->mode = psbuf->st_mode;
2210 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2211 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2212 fsp->file_pid = req ? req->smbpid : 0;
2213 fsp->can_lock = False;
2214 fsp->can_read = False;
2215 fsp->can_write = False;
2217 fsp->share_access = share_access;
2218 fsp->fh->private_options = create_options;
2219 fsp->access_mask = access_mask;
2221 fsp->print_file = False;
2222 fsp->modified = False;
2223 fsp->oplock_type = NO_OPLOCK;
2224 fsp->sent_oplock_break = NO_BREAK_SENT;
2225 fsp->is_directory = True;
2226 fsp->is_stat = False;
2227 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2229 string_set(&fsp->fsp_name,fname);
2231 mtimespec = get_mtimespec(psbuf);
2233 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2238 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2240 return NT_STATUS_SHARING_VIOLATION;
2243 status = open_mode_check(conn, fname, lck,
2244 access_mask, share_access,
2245 create_options, &dir_existed);
2247 if (!NT_STATUS_IS_OK(status)) {
2253 set_share_mode(lck, fsp, current_user.ut.uid, 0, NO_OPLOCK, True);
2255 /* For directories the delete on close bit at open time seems
2256 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2257 if (create_options & FILE_DELETE_ON_CLOSE) {
2258 status = can_set_delete_on_close(fsp, True, 0);
2259 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2265 if (NT_STATUS_IS_OK(status)) {
2266 /* Note that here we set the *inital* delete on close flag,
2267 not the regular one. The magic gets handled in close. */
2268 fsp->initial_delete_on_close = True;
2278 conn->num_files_open++;
2281 return NT_STATUS_OK;
2284 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2287 SMB_STRUCT_STAT sbuf;
2290 SET_STAT_INVALID(sbuf);
2292 status = open_directory(conn, req, directory, &sbuf,
2293 FILE_READ_ATTRIBUTES, /* Just a stat open */
2294 FILE_SHARE_NONE, /* Ignored for stat opens */
2297 FILE_ATTRIBUTE_DIRECTORY,
2301 if (NT_STATUS_IS_OK(status)) {
2302 close_file(fsp, NORMAL_CLOSE);
2308 /****************************************************************************
2309 Open a pseudo-file (no locking checks - a 'stat' open).
2310 ****************************************************************************/
2312 NTSTATUS open_file_stat(connection_struct *conn, struct smb_request *req,
2313 const char *fname, SMB_STRUCT_STAT *psbuf,
2314 files_struct **result)
2316 files_struct *fsp = NULL;
2319 if (!VALID_STAT(*psbuf)) {
2320 return NT_STATUS_INVALID_PARAMETER;
2323 /* Can't 'stat' open directories. */
2324 if(S_ISDIR(psbuf->st_mode)) {
2325 return NT_STATUS_FILE_IS_A_DIRECTORY;
2328 status = file_new(conn, &fsp);
2329 if(!NT_STATUS_IS_OK(status)) {
2333 DEBUG(5,("open_file_stat: 'opening' file %s\n", fname));
2336 * Setup the files_struct for it.
2339 fsp->mode = psbuf->st_mode;
2340 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2341 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2342 fsp->file_pid = req ? req->smbpid : 0;
2343 fsp->can_lock = False;
2344 fsp->can_read = False;
2345 fsp->can_write = False;
2346 fsp->print_file = False;
2347 fsp->modified = False;
2348 fsp->oplock_type = NO_OPLOCK;
2349 fsp->sent_oplock_break = NO_BREAK_SENT;
2350 fsp->is_directory = False;
2351 fsp->is_stat = True;
2352 string_set(&fsp->fsp_name,fname);
2354 conn->num_files_open++;
2357 return NT_STATUS_OK;
2360 /****************************************************************************
2361 Receive notification that one of our open files has been renamed by another
2363 ****************************************************************************/
2365 void msg_file_was_renamed(struct messaging_context *msg,
2368 struct server_id server_id,
2372 char *frm = (char *)data->data;
2374 const char *sharepath;
2375 const char *newname;
2378 if (data->data == NULL
2379 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2380 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2381 (int)data->length));
2385 /* Unpack the message. */
2386 pull_file_id_16(frm, &id);
2387 sharepath = &frm[16];
2388 newname = sharepath + strlen(sharepath) + 1;
2389 sp_len = strlen(sharepath);
2391 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2393 sharepath, newname, file_id_string_tos(&id)));
2395 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2396 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2397 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2398 fsp->fnum, fsp->fsp_name, newname ));
2399 string_set(&fsp->fsp_name, newname);
2402 /* Now we have the complete path we can work out if this is
2403 actually within this share and adjust newname accordingly. */
2404 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2405 "not sharepath %s) "
2406 "fnum %d from %s -> %s\n",
2407 fsp->conn->connectpath,
2416 struct case_semantics_state {
2417 connection_struct *conn;
2418 bool case_sensitive;
2420 bool short_case_preserve;
2423 /****************************************************************************
2424 Restore case semantics.
2425 ****************************************************************************/
2426 static int restore_case_semantics(struct case_semantics_state *state)
2428 state->conn->case_sensitive = state->case_sensitive;
2429 state->conn->case_preserve = state->case_preserve;
2430 state->conn->short_case_preserve = state->short_case_preserve;
2434 /****************************************************************************
2435 Save case semantics.
2436 ****************************************************************************/
2437 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2438 connection_struct *conn)
2440 struct case_semantics_state *result;
2442 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2443 DEBUG(0, ("talloc failed\n"));
2447 result->conn = conn;
2448 result->case_sensitive = conn->case_sensitive;
2449 result->case_preserve = conn->case_preserve;
2450 result->short_case_preserve = conn->short_case_preserve;
2453 conn->case_sensitive = True;
2454 conn->case_preserve = True;
2455 conn->short_case_preserve = True;
2457 talloc_set_destructor(result, restore_case_semantics);
2463 * If a main file is opened for delete, all streams need to be checked for
2464 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2465 * If that works, delete them all by setting the delete on close and close.
2468 static NTSTATUS open_streams_for_delete(connection_struct *conn,
2471 struct stream_struct *stream_info;
2472 files_struct **streams;
2474 unsigned int num_streams;
2475 TALLOC_CTX *frame = talloc_stackframe();
2478 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2479 &num_streams, &stream_info);
2481 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2482 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2483 DEBUG(10, ("no streams around\n"));
2485 return NT_STATUS_OK;
2488 if (!NT_STATUS_IS_OK(status)) {
2489 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2490 nt_errstr(status)));
2494 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2497 if (num_streams == 0) {
2499 return NT_STATUS_OK;
2502 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2503 if (streams == NULL) {
2504 DEBUG(0, ("talloc failed\n"));
2505 status = NT_STATUS_NO_MEMORY;
2509 for (i=0; i<num_streams; i++) {
2512 if (strequal(stream_info[i].name, "::$DATA")) {
2517 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2518 stream_info[i].name);
2520 if (streamname == NULL) {
2521 DEBUG(0, ("talloc_aprintf failed\n"));
2522 status = NT_STATUS_NO_MEMORY;
2526 status = create_file_unixpath
2529 streamname, /* fname */
2530 DELETE_ACCESS, /* access_mask */
2531 FILE_SHARE_READ | FILE_SHARE_WRITE
2532 | FILE_SHARE_DELETE, /* share_access */
2533 FILE_OPEN, /* create_disposition*/
2534 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2535 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2536 0, /* oplock_request */
2537 0, /* allocation_size */
2540 &streams[i], /* result */
2544 TALLOC_FREE(streamname);
2546 if (!NT_STATUS_IS_OK(status)) {
2547 DEBUG(10, ("Could not open stream %s: %s\n",
2548 streamname, nt_errstr(status)));
2554 * don't touch the variable "status" beyond this point :-)
2557 for (i -= 1 ; i >= 0; i--) {
2558 if (streams[i] == NULL) {
2562 DEBUG(10, ("Closing stream # %d, %s\n", i,
2563 streams[i]->fsp_name));
2564 close_file(streams[i], NORMAL_CLOSE);
2573 * Wrapper around open_file_ntcreate and open_directory
2576 NTSTATUS create_file_unixpath(connection_struct *conn,
2577 struct smb_request *req,
2579 uint32_t access_mask,
2580 uint32_t share_access,
2581 uint32_t create_disposition,
2582 uint32_t create_options,
2583 uint32_t file_attributes,
2584 uint32_t oplock_request,
2585 SMB_BIG_UINT allocation_size,
2586 struct security_descriptor *sd,
2587 struct ea_list *ea_list,
2589 files_struct **result,
2591 SMB_STRUCT_STAT *psbuf)
2593 SMB_STRUCT_STAT sbuf;
2594 int info = FILE_WAS_OPENED;
2595 files_struct *base_fsp = NULL;
2596 files_struct *fsp = NULL;
2599 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2600 "file_attributes = 0x%x, share_access = 0x%x, "
2601 "create_disposition = 0x%x create_options = 0x%x "
2602 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2604 (unsigned int)access_mask,
2605 (unsigned int)file_attributes,
2606 (unsigned int)share_access,
2607 (unsigned int)create_disposition,
2608 (unsigned int)create_options,
2609 (unsigned int)oplock_request,
2610 ea_list, sd, fname));
2612 if (create_options & FILE_OPEN_BY_FILE_ID) {
2613 status = NT_STATUS_NOT_SUPPORTED;
2618 oplock_request |= INTERNAL_OPEN_ONLY;
2621 if (psbuf != NULL) {
2625 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2626 SET_STAT_INVALID(sbuf);
2630 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2631 && (access_mask & DELETE_ACCESS)
2632 && !is_ntfs_stream_name(fname)) {
2634 * We can't open a file with DELETE access if any of the
2635 * streams is open without FILE_SHARE_DELETE
2637 status = open_streams_for_delete(conn, fname);
2639 if (!NT_STATUS_IS_OK(status)) {
2644 /* This is the correct thing to do (check every time) but can_delete
2645 * is expensive (it may have to read the parent directory
2646 * permissions). So for now we're not doing it unless we have a strong
2647 * hint the client is really going to delete this file. If the client
2648 * is forcing FILE_CREATE let the filesystem take care of the
2651 /* Setting FILE_SHARE_DELETE is the hint. */
2653 if (lp_acl_check_permissions(SNUM(conn))
2654 && (create_disposition != FILE_CREATE)
2655 && (share_access & FILE_SHARE_DELETE)
2656 && (access_mask & DELETE_ACCESS)
2657 && (((dos_mode(conn, fname, &sbuf) & FILE_ATTRIBUTE_READONLY)
2658 && !lp_delete_readonly(SNUM(conn)))
2659 || !can_delete_file_in_directory(conn, fname))) {
2660 status = NT_STATUS_ACCESS_DENIED;
2665 /* We need to support SeSecurityPrivilege for this. */
2666 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2667 !user_has_privileges(current_user.nt_user_token,
2669 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2674 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2675 && is_ntfs_stream_name(fname)
2676 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2678 uint32 base_create_disposition;
2680 if (create_options & FILE_DIRECTORY_FILE) {
2681 status = NT_STATUS_NOT_A_DIRECTORY;
2685 status = split_ntfs_stream_name(talloc_tos(), fname,
2687 if (!NT_STATUS_IS_OK(status)) {
2688 DEBUG(10, ("create_file_unixpath: "
2689 "split_ntfs_stream_name failed: %s\n",
2690 nt_errstr(status)));
2694 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2696 switch (create_disposition) {
2698 base_create_disposition = FILE_OPEN;
2701 base_create_disposition = FILE_OPEN_IF;
2705 status = create_file_unixpath(conn, NULL, base, 0,
2708 | FILE_SHARE_DELETE,
2709 base_create_disposition,
2710 0, 0, 0, 0, NULL, NULL,
2711 &base_fsp, NULL, NULL);
2712 if (!NT_STATUS_IS_OK(status)) {
2713 DEBUG(10, ("create_file_unixpath for base %s failed: "
2714 "%s\n", base, nt_errstr(status)));
2720 * If it's a request for a directory open, deal with it separately.
2723 if (create_options & FILE_DIRECTORY_FILE) {
2725 if (create_options & FILE_NON_DIRECTORY_FILE) {
2726 status = NT_STATUS_INVALID_PARAMETER;
2730 /* Can't open a temp directory. IFS kit test. */
2731 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2732 status = NT_STATUS_INVALID_PARAMETER;
2737 * We will get a create directory here if the Win32
2738 * app specified a security descriptor in the
2739 * CreateDirectory() call.
2743 status = open_directory(
2744 conn, req, fname, &sbuf, access_mask, share_access,
2745 create_disposition, create_options, file_attributes,
2750 * Ordinary file case.
2753 status = open_file_ntcreate(
2754 conn, req, fname, &sbuf, access_mask, share_access,
2755 create_disposition, create_options, file_attributes,
2756 oplock_request, &info, &fsp);
2758 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2761 * Fail the open if it was explicitly a non-directory
2765 if (create_options & FILE_NON_DIRECTORY_FILE) {
2766 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2771 status = open_directory(
2772 conn, req, fname, &sbuf, access_mask,
2773 share_access, create_disposition,
2774 create_options, file_attributes,
2779 if (!NT_STATUS_IS_OK(status)) {
2784 * According to the MS documentation, the only time the security
2785 * descriptor is applied to the opened file is iff we *created* the
2786 * file; an existing file stays the same.
2788 * Also, it seems (from observation) that you can open the file with
2789 * any access mask but you can still write the sd. We need to override
2790 * the granted access before we call set_sd
2791 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
2794 if ((sd != NULL) && (info == FILE_WAS_CREATED)
2795 && lp_nt_acl_support(SNUM(conn))) {
2797 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
2798 uint32_t saved_access_mask = fsp->access_mask;
2800 if (sd->owner_sid == NULL) {
2801 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
2803 if (sd->group_sid == NULL) {
2804 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
2806 if (sd->sacl == NULL) {
2807 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
2809 if (sd->dacl == NULL) {
2810 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
2813 fsp->access_mask = FILE_GENERIC_ALL;
2815 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
2817 fsp->access_mask = saved_access_mask;
2819 if (!NT_STATUS_IS_OK(status)) {
2824 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
2825 status = set_ea(conn, fsp, fname, ea_list);
2826 if (!NT_STATUS_IS_OK(status)) {
2831 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
2832 status = NT_STATUS_ACCESS_DENIED;
2836 /* Save the requested allocation size. */
2837 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
2839 && (allocation_size > sbuf.st_size)) {
2840 fsp->initial_allocation_size = smb_roundup(
2841 fsp->conn, allocation_size);
2842 if (fsp->is_directory) {
2843 /* Can't set allocation size on a directory. */
2844 status = NT_STATUS_ACCESS_DENIED;
2847 if (vfs_allocate_file_space(
2848 fsp, fsp->initial_allocation_size) == -1) {
2849 status = NT_STATUS_DISK_FULL;
2853 fsp->initial_allocation_size = smb_roundup(
2854 fsp->conn, (SMB_BIG_UINT)sbuf.st_size);
2858 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
2861 * Set fsp->base_fsp late enough that we can't "goto fail" anymore. In
2862 * the fail: branch we call close_file(fsp, ERROR_CLOSE) which would
2863 * also close fsp->base_fsp which we have to also do explicitly in
2864 * this routine here, as not in all "goto fail:" we have the fsp set
2865 * up already to be initialized with the base_fsp.
2868 fsp->base_fsp = base_fsp;
2871 if (pinfo != NULL) {
2874 if (psbuf != NULL) {
2875 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
2879 SMB_VFS_FSTAT(fsp, psbuf);
2882 return NT_STATUS_OK;
2885 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
2888 close_file(fsp, ERROR_CLOSE);
2891 if (base_fsp != NULL) {
2892 close_file(base_fsp, ERROR_CLOSE);
2898 NTSTATUS create_file(connection_struct *conn,
2899 struct smb_request *req,
2900 uint16_t root_dir_fid,
2902 uint32_t access_mask,
2903 uint32_t share_access,
2904 uint32_t create_disposition,
2905 uint32_t create_options,
2906 uint32_t file_attributes,
2907 uint32_t oplock_request,
2908 SMB_BIG_UINT allocation_size,
2909 struct security_descriptor *sd,
2910 struct ea_list *ea_list,
2912 files_struct **result,
2914 SMB_STRUCT_STAT *psbuf)
2916 struct case_semantics_state *case_state = NULL;
2917 SMB_STRUCT_STAT sbuf;
2918 int info = FILE_WAS_OPENED;
2919 files_struct *fsp = NULL;
2922 DEBUG(10,("create_file: access_mask = 0x%x "
2923 "file_attributes = 0x%x, share_access = 0x%x, "
2924 "create_disposition = 0x%x create_options = 0x%x "
2925 "oplock_request = 0x%x "
2926 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
2928 (unsigned int)access_mask,
2929 (unsigned int)file_attributes,
2930 (unsigned int)share_access,
2931 (unsigned int)create_disposition,
2932 (unsigned int)create_options,
2933 (unsigned int)oplock_request,
2934 (unsigned int)root_dir_fid,
2935 ea_list, sd, fname));
2938 * Get the file name.
2941 if (root_dir_fid != 0) {
2943 * This filename is relative to a directory fid.
2945 char *parent_fname = NULL;
2946 files_struct *dir_fsp = file_fsp(root_dir_fid);
2948 if (dir_fsp == NULL) {
2949 status = NT_STATUS_INVALID_HANDLE;
2953 if (!dir_fsp->is_directory) {
2956 * Check to see if this is a mac fork of some kind.
2959 if (is_ntfs_stream_name(fname)) {
2960 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
2965 we need to handle the case when we get a
2966 relative open relative to a file and the
2967 pathname is blank - this is a reopen!
2968 (hint from demyn plantenberg)
2971 status = NT_STATUS_INVALID_HANDLE;
2975 if (ISDOT(dir_fsp->fsp_name)) {
2977 * We're at the toplevel dir, the final file name
2978 * must not contain ./, as this is filtered out
2979 * normally by srvstr_get_path and unix_convert
2980 * explicitly rejects paths containing ./.
2982 parent_fname = talloc_strdup(talloc_tos(), "");
2983 if (parent_fname == NULL) {
2984 status = NT_STATUS_NO_MEMORY;
2988 size_t dir_name_len = strlen(dir_fsp->fsp_name);
2991 * Copy in the base directory name.
2994 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
2996 if (parent_fname == NULL) {
2997 status = NT_STATUS_NO_MEMORY;
3000 memcpy(parent_fname, dir_fsp->fsp_name,
3004 * Ensure it ends in a '/'.
3005 * We used TALLOC_SIZE +2 to add space for the '/'.
3009 && (parent_fname[dir_name_len-1] != '\\')
3010 && (parent_fname[dir_name_len-1] != '/')) {
3011 parent_fname[dir_name_len] = '/';
3012 parent_fname[dir_name_len+1] = '\0';
3016 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3018 if (fname == NULL) {
3019 status = NT_STATUS_NO_MEMORY;
3025 * Check to see if this is a mac fork of some kind.
3028 if (is_ntfs_stream_name(fname)) {
3029 enum FAKE_FILE_TYPE fake_file_type;
3031 fake_file_type = is_fake_file(fname);
3033 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3036 * Here we go! support for changing the disk quotas
3039 * We need to fake up to open this MAGIC QUOTA file
3040 * and return a valid FID.
3042 * w2k close this file directly after openening xp
3043 * also tries a QUERY_FILE_INFO on the file and then
3046 status = open_fake_file(conn, fake_file_type, fname,
3048 if (!NT_STATUS_IS_OK(status)) {
3056 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3057 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3062 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3063 char *resolved_fname;
3065 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3068 if (!NT_STATUS_IS_OK(status)) {
3070 * For PATH_NOT_COVERED we had
3071 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3072 * ERRSRV, ERRbadpath);
3073 * Need to fix in callers
3077 fname = resolved_fname;
3081 * Check if POSIX semantics are wanted.
3084 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3085 case_state = set_posix_case_semantics(talloc_tos(), conn);
3086 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
3090 char *converted_fname;
3092 SET_STAT_INVALID(sbuf);
3094 status = unix_convert(talloc_tos(), conn, fname, False,
3095 &converted_fname, NULL, &sbuf);
3096 if (!NT_STATUS_IS_OK(status)) {
3099 fname = converted_fname;
3102 TALLOC_FREE(case_state);
3104 /* All file access must go through check_name() */
3106 status = check_name(conn, fname);
3107 if (!NT_STATUS_IS_OK(status)) {
3111 status = create_file_unixpath(
3112 conn, req, fname, access_mask, share_access,
3113 create_disposition, create_options, file_attributes,
3114 oplock_request, allocation_size, sd, ea_list,
3115 &fsp, &info, &sbuf);
3117 if (!NT_STATUS_IS_OK(status)) {
3122 DEBUG(10, ("create_file: info=%d\n", info));
3125 if (pinfo != NULL) {
3128 if (psbuf != NULL) {
3131 return NT_STATUS_OK;
3134 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3137 close_file(fsp, ERROR_CLOSE);
git.samba.org / samba.git / blob