2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 extern const struct generic_mapping file_generic_mapping;
25 extern bool global_client_failed_oplock_break;
27 struct deferred_open_record {
28 bool delayed_for_oplocks;
32 /****************************************************************************
33 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
34 ****************************************************************************/
36 NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
37 const NT_USER_TOKEN *token,
38 uint32_t access_desired,
39 uint32_t *access_granted)
41 return se_access_check(sd,
43 (access_desired & ~FILE_READ_ATTRIBUTES),
47 /****************************************************************************
48 Check if we have open rights.
49 ****************************************************************************/
51 static NTSTATUS check_open_rights(struct connection_struct *conn,
54 uint32_t *access_granted)
56 /* Check if we have rights to open. */
58 struct security_descriptor *sd;
62 status = SMB_VFS_GET_NT_ACL(conn, fname,
63 (OWNER_SECURITY_INFORMATION |
64 GROUP_SECURITY_INFORMATION |
65 DACL_SECURITY_INFORMATION),&sd);
67 if (!NT_STATUS_IS_OK(status)) {
68 DEBUG(10, ("check_open_rights: Could not get acl "
75 status = smb1_file_se_access_check(sd,
76 conn->server_info->ptok,
82 DEBUG(10,("check_open_rights: file %s requesting "
83 "0x%x returning 0x%x (%s)\n",
85 (unsigned int)access_mask,
86 (unsigned int)*access_granted,
92 /****************************************************************************
93 fd support routines - attempt to do a dos_open.
94 ****************************************************************************/
96 static NTSTATUS fd_open(struct connection_struct *conn,
102 NTSTATUS status = NT_STATUS_OK;
106 * Never follow symlinks on a POSIX client. The
107 * client should be doing this.
110 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
115 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
116 if (fsp->fh->fd == -1) {
117 status = map_nt_error_from_unix(errno);
120 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
121 fname, flags, (int)mode, fsp->fh->fd,
122 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
127 /****************************************************************************
128 Close the file associated with a fsp.
129 ****************************************************************************/
131 NTSTATUS fd_close(files_struct *fsp)
135 if (fsp->fh->fd == -1) {
136 return NT_STATUS_OK; /* What we used to call a stat open. */
138 if (fsp->fh->ref_count > 1) {
139 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
142 ret = SMB_VFS_CLOSE(fsp);
145 return map_nt_error_from_unix(errno);
150 /****************************************************************************
151 Change the ownership of a file to that of the parent directory.
152 Do this by fd if possible.
153 ****************************************************************************/
155 static void change_file_owner_to_parent(connection_struct *conn,
156 const char *inherit_from_dir,
159 SMB_STRUCT_STAT parent_st;
162 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
164 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
165 "directory %s. Error was %s\n",
166 inherit_from_dir, strerror(errno) ));
171 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
174 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
175 "file %s to parent directory uid %u. Error "
176 "was %s\n", fsp->fsp_name,
177 (unsigned int)parent_st.st_uid,
181 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
182 "parent directory uid %u.\n", fsp->fsp_name,
183 (unsigned int)parent_st.st_uid ));
186 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
187 const char *inherit_from_dir,
189 SMB_STRUCT_STAT *psbuf)
191 char *saved_dir = NULL;
192 SMB_STRUCT_STAT sbuf;
193 SMB_STRUCT_STAT parent_st;
194 TALLOC_CTX *ctx = talloc_tos();
195 NTSTATUS status = NT_STATUS_OK;
198 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
200 status = map_nt_error_from_unix(errno);
201 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
202 "directory %s. Error was %s\n",
203 inherit_from_dir, strerror(errno) ));
207 /* We've already done an lstat into psbuf, and we know it's a
208 directory. If we can cd into the directory and the dev/ino
209 are the same then we can safely chown without races as
210 we're locking the directory in place by being in it. This
211 should work on any UNIX (thanks tridge :-). JRA.
214 saved_dir = vfs_GetWd(ctx,conn);
216 status = map_nt_error_from_unix(errno);
217 DEBUG(0,("change_dir_owner_to_parent: failed to get "
218 "current working directory. Error was %s\n",
223 /* Chdir into the new path. */
224 if (vfs_ChDir(conn, fname) == -1) {
225 status = map_nt_error_from_unix(errno);
226 DEBUG(0,("change_dir_owner_to_parent: failed to change "
227 "current working directory to %s. Error "
228 "was %s\n", fname, strerror(errno) ));
232 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
233 status = map_nt_error_from_unix(errno);
234 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
235 "directory '.' (%s) Error was %s\n",
236 fname, strerror(errno)));
240 /* Ensure we're pointing at the same place. */
241 if (sbuf.st_dev != psbuf->st_dev ||
242 sbuf.st_ino != psbuf->st_ino ||
243 sbuf.st_mode != psbuf->st_mode ) {
244 DEBUG(0,("change_dir_owner_to_parent: "
245 "device/inode/mode on directory %s changed. "
246 "Refusing to chown !\n", fname ));
247 status = NT_STATUS_ACCESS_DENIED;
252 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
255 status = map_nt_error_from_unix(errno);
256 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
257 "directory %s to parent directory uid %u. "
258 "Error was %s\n", fname,
259 (unsigned int)parent_st.st_uid, strerror(errno) ));
263 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
264 "directory %s to parent directory uid %u.\n",
265 fname, (unsigned int)parent_st.st_uid ));
269 vfs_ChDir(conn,saved_dir);
273 /****************************************************************************
275 ****************************************************************************/
277 static NTSTATUS open_file(files_struct *fsp,
278 connection_struct *conn,
279 struct smb_request *req,
280 const char *parent_dir,
283 SMB_STRUCT_STAT *psbuf,
286 uint32 access_mask, /* client requested access mask. */
287 uint32 open_access_mask) /* what we're actually using in the open. */
289 NTSTATUS status = NT_STATUS_OK;
290 int accmode = (flags & O_ACCMODE);
291 int local_flags = flags;
292 bool file_existed = VALID_STAT(*psbuf);
297 /* Check permissions */
300 * This code was changed after seeing a client open request
301 * containing the open mode of (DENY_WRITE/read-only) with
302 * the 'create if not exist' bit set. The previous code
303 * would fail to open the file read only on a read-only share
304 * as it was checking the flags parameter directly against O_RDONLY,
305 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
309 if (!CAN_WRITE(conn)) {
310 /* It's a read-only share - fail if we wanted to write. */
311 if(accmode != O_RDONLY) {
312 DEBUG(3,("Permission denied opening %s\n", path));
313 return NT_STATUS_ACCESS_DENIED;
314 } else if(flags & O_CREAT) {
315 /* We don't want to write - but we must make sure that
316 O_CREAT doesn't create the file if we have write
317 access into the directory.
320 local_flags &= ~O_CREAT;
325 * This little piece of insanity is inspired by the
326 * fact that an NT client can open a file for O_RDONLY,
327 * but set the create disposition to FILE_EXISTS_TRUNCATE.
328 * If the client *can* write to the file, then it expects to
329 * truncate the file, even though it is opening for readonly.
330 * Quicken uses this stupid trick in backup file creation...
331 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
332 * for helping track this one down. It didn't bite us in 2.0.x
333 * as we always opened files read-write in that release. JRA.
336 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
337 DEBUG(10,("open_file: truncate requested on read-only open "
338 "for file %s\n", path));
339 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
342 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
343 (!file_existed && (local_flags & O_CREAT)) ||
344 ((local_flags & O_TRUNC) == O_TRUNC) ) {
348 * We can't actually truncate here as the file may be locked.
349 * open_file_ntcreate will take care of the truncate later. JRA.
352 local_flags &= ~O_TRUNC;
354 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
356 * We would block on opening a FIFO with no one else on the
357 * other end. Do what we used to do and add O_NONBLOCK to the
361 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
362 local_flags |= O_NONBLOCK;
366 /* Don't create files with Microsoft wildcard characters. */
369 * wildcard characters are allowed in stream names
370 * only test the basefilename
372 wild = fsp->base_fsp->fsp_name;
376 if ((local_flags & O_CREAT) && !file_existed &&
378 return NT_STATUS_OBJECT_NAME_INVALID;
381 /* Actually do the open */
382 status = fd_open(conn, path, fsp, local_flags, unx_mode);
383 if (!NT_STATUS_IS_OK(status)) {
384 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
386 path,nt_errstr(status),local_flags,flags));
390 if ((local_flags & O_CREAT) && !file_existed) {
392 /* Inherit the ACL if required */
393 if (lp_inherit_perms(SNUM(conn))) {
394 inherit_access_posix_acl(conn, parent_dir, path,
398 /* Change the owner if required. */
399 if (lp_inherit_owner(SNUM(conn))) {
400 change_file_owner_to_parent(conn, parent_dir,
404 notify_fname(conn, NOTIFY_ACTION_ADDED,
405 FILE_NOTIFY_CHANGE_FILE_NAME, path);
409 fsp->fh->fd = -1; /* What we used to call a stat open. */
411 uint32_t access_granted = 0;
413 status = check_open_rights(conn,
417 if (!NT_STATUS_IS_OK(status)) {
419 /* Were we trying to do a stat open
420 * for delete and didn't get DELETE
421 * access (only) ? Check if the
422 * directory allows DELETE_CHILD.
424 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
427 if (!(NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
428 (access_mask & DELETE_ACCESS) &&
429 (access_granted == DELETE_ACCESS) &&
430 can_delete_file_in_directory(conn, path))) {
431 DEBUG(10, ("open_file: Access denied on "
437 DEBUG(10,("open_file: overrode ACCESS_DENIED "
447 if (fsp->fh->fd == -1) {
448 ret = SMB_VFS_STAT(conn, path, psbuf);
450 ret = SMB_VFS_FSTAT(fsp, psbuf);
451 /* If we have an fd, this stat should succeed. */
453 DEBUG(0,("Error doing fstat on open file %s "
454 "(%s)\n", path,strerror(errno) ));
458 /* For a non-io open, this stat failing means file not found. JRA */
460 status = map_nt_error_from_unix(errno);
467 * POSIX allows read-only opens of directories. We don't
468 * want to do this (we use a different code path for this)
469 * so catch a directory open and return an EISDIR. JRA.
472 if(S_ISDIR(psbuf->st_mode)) {
475 return NT_STATUS_FILE_IS_A_DIRECTORY;
478 fsp->mode = psbuf->st_mode;
479 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
480 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
481 fsp->file_pid = req ? req->smbpid : 0;
482 fsp->can_lock = True;
483 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
484 if (!CAN_WRITE(conn)) {
485 fsp->can_write = False;
487 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
490 fsp->print_file = False;
491 fsp->modified = False;
492 fsp->sent_oplock_break = NO_BREAK_SENT;
493 fsp->is_directory = False;
494 if (conn->aio_write_behind_list &&
495 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
496 fsp->aio_write_behind = True;
499 string_set(&fsp->fsp_name, path);
500 fsp->wcp = NULL; /* Write cache pointer. */
502 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
503 conn->server_info->unix_name,
505 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
506 conn->num_files_open));
512 /*******************************************************************
513 Return True if the filename is one of the special executable types.
514 ********************************************************************/
516 static bool is_executable(const char *fname)
518 if ((fname = strrchr_m(fname,'.'))) {
519 if (strequal(fname,".com") ||
520 strequal(fname,".dll") ||
521 strequal(fname,".exe") ||
522 strequal(fname,".sym")) {
529 /****************************************************************************
530 Check if we can open a file with a share mode.
531 Returns True if conflict, False if not.
532 ****************************************************************************/
534 static bool share_conflict(struct share_mode_entry *entry,
538 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
539 "entry->share_access = 0x%x, "
540 "entry->private_options = 0x%x\n",
541 (unsigned int)entry->access_mask,
542 (unsigned int)entry->share_access,
543 (unsigned int)entry->private_options));
545 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
546 (unsigned int)access_mask, (unsigned int)share_access));
548 if ((entry->access_mask & (FILE_WRITE_DATA|
552 DELETE_ACCESS)) == 0) {
553 DEBUG(10,("share_conflict: No conflict due to "
554 "entry->access_mask = 0x%x\n",
555 (unsigned int)entry->access_mask ));
559 if ((access_mask & (FILE_WRITE_DATA|
563 DELETE_ACCESS)) == 0) {
564 DEBUG(10,("share_conflict: No conflict due to "
565 "access_mask = 0x%x\n",
566 (unsigned int)access_mask ));
570 #if 1 /* JRA TEST - Superdebug. */
571 #define CHECK_MASK(num, am, right, sa, share) \
572 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
573 (unsigned int)(num), (unsigned int)(am), \
574 (unsigned int)(right), (unsigned int)(am)&(right) )); \
575 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
576 (unsigned int)(num), (unsigned int)(sa), \
577 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
578 if (((am) & (right)) && !((sa) & (share))) { \
579 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
580 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
581 (unsigned int)(share) )); \
585 #define CHECK_MASK(num, am, right, sa, share) \
586 if (((am) & (right)) && !((sa) & (share))) { \
587 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
588 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
589 (unsigned int)(share) )); \
594 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
595 share_access, FILE_SHARE_WRITE);
596 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
597 entry->share_access, FILE_SHARE_WRITE);
599 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
600 share_access, FILE_SHARE_READ);
601 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
602 entry->share_access, FILE_SHARE_READ);
604 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
605 share_access, FILE_SHARE_DELETE);
606 CHECK_MASK(6, access_mask, DELETE_ACCESS,
607 entry->share_access, FILE_SHARE_DELETE);
609 DEBUG(10,("share_conflict: No conflict.\n"));
613 #if defined(DEVELOPER)
614 static void validate_my_share_entries(int num,
615 struct share_mode_entry *share_entry)
619 if (!procid_is_me(&share_entry->pid)) {
623 if (is_deferred_open_entry(share_entry) &&
624 !open_was_deferred(share_entry->op_mid)) {
625 char *str = talloc_asprintf(talloc_tos(),
626 "Got a deferred entry without a request: "
628 share_mode_str(talloc_tos(), num, share_entry));
632 if (!is_valid_share_mode_entry(share_entry)) {
636 fsp = file_find_dif(share_entry->id,
637 share_entry->share_file_id);
639 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
640 share_mode_str(talloc_tos(), num, share_entry) ));
641 smb_panic("validate_my_share_entries: Cannot match a "
642 "share entry with an open file\n");
645 if (is_deferred_open_entry(share_entry) ||
646 is_unused_share_mode_entry(share_entry)) {
650 if ((share_entry->op_type == NO_OPLOCK) &&
651 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
652 /* Someone has already written to it, but I haven't yet
657 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
666 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
667 share_mode_str(talloc_tos(), num, share_entry) ));
668 str = talloc_asprintf(talloc_tos(),
669 "validate_my_share_entries: "
670 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
671 fsp->fsp_name, (unsigned int)fsp->oplock_type,
672 (unsigned int)share_entry->op_type );
678 static bool is_stat_open(uint32 access_mask)
680 return (access_mask &&
681 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
682 FILE_WRITE_ATTRIBUTES))==0) &&
683 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
684 FILE_WRITE_ATTRIBUTES)) != 0));
687 /****************************************************************************
688 Deal with share modes
689 Invarient: Share mode must be locked on entry and exit.
690 Returns -1 on error, or number of share modes on success (may be zero).
691 ****************************************************************************/
693 static NTSTATUS open_mode_check(connection_struct *conn,
695 struct share_mode_lock *lck,
698 uint32 create_options,
703 if(lck->num_share_modes == 0) {
707 *file_existed = True;
709 /* A delete on close prohibits everything */
711 if (lck->delete_on_close) {
712 return NT_STATUS_DELETE_PENDING;
715 if (is_stat_open(access_mask)) {
716 /* Stat open that doesn't trigger oplock breaks or share mode
717 * checks... ! JRA. */
722 * Check if the share modes will give us access.
725 #if defined(DEVELOPER)
726 for(i = 0; i < lck->num_share_modes; i++) {
727 validate_my_share_entries(i, &lck->share_modes[i]);
731 if (!lp_share_modes(SNUM(conn))) {
735 /* Now we check the share modes, after any oplock breaks. */
736 for(i = 0; i < lck->num_share_modes; i++) {
738 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
742 /* someone else has a share lock on it, check to see if we can
744 if (share_conflict(&lck->share_modes[i],
745 access_mask, share_access)) {
746 return NT_STATUS_SHARING_VIOLATION;
753 static bool is_delete_request(files_struct *fsp) {
754 return ((fsp->access_mask == DELETE_ACCESS) &&
755 (fsp->oplock_type == NO_OPLOCK));
759 * Send a break message to the oplock holder and delay the open for
763 static NTSTATUS send_break_message(files_struct *fsp,
764 struct share_mode_entry *exclusive,
769 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
771 DEBUG(10, ("Sending break request to PID %s\n",
772 procid_str_static(&exclusive->pid)));
773 exclusive->op_mid = mid;
775 /* Create the message. */
776 share_mode_entry_to_message(msg, exclusive);
778 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
779 don't want this set in the share mode struct pointed to by lck. */
781 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
782 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
785 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
786 MSG_SMB_BREAK_REQUEST,
788 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
789 if (!NT_STATUS_IS_OK(status)) {
790 DEBUG(3, ("Could not send oplock break message: %s\n",
798 * 1) No files open at all or internal open: Grant whatever the client wants.
800 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
801 * request, break if the oplock around is a batch oplock. If it's another
802 * requested access type, break.
804 * 3) Only level2 around: Grant level2 and do nothing else.
807 static bool delay_for_oplocks(struct share_mode_lock *lck,
813 extern uint32 global_client_caps;
815 struct share_mode_entry *exclusive = NULL;
816 bool valid_entry = false;
817 bool have_level2 = false;
818 bool have_a_none_oplock = false;
819 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
820 lp_level2_oplocks(SNUM(fsp->conn));
822 if (oplock_request & INTERNAL_OPEN_ONLY) {
823 fsp->oplock_type = NO_OPLOCK;
826 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
830 for (i=0; i<lck->num_share_modes; i++) {
832 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
836 /* At least one entry is not an invalid or deferred entry. */
839 if (pass_number == 1) {
840 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
841 SMB_ASSERT(exclusive == NULL);
842 exclusive = &lck->share_modes[i];
845 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
846 SMB_ASSERT(exclusive == NULL);
847 exclusive = &lck->share_modes[i];
851 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
852 SMB_ASSERT(exclusive == NULL);
856 if (lck->share_modes[i].op_type == NO_OPLOCK) {
857 have_a_none_oplock = true;
861 if (exclusive != NULL) { /* Found an exclusive oplock */
862 bool delay_it = is_delete_request(fsp) ?
863 BATCH_OPLOCK_TYPE(exclusive->op_type) : true;
864 SMB_ASSERT(!have_level2);
866 send_break_message(fsp, exclusive, mid, oplock_request);
872 * Match what was requested (fsp->oplock_type) with
873 * what was found in the existing share modes.
877 /* All entries are placeholders or deferred.
878 * Directly grant whatever the client wants. */
879 if (fsp->oplock_type == NO_OPLOCK) {
880 /* Store a level2 oplock, but don't tell the client */
881 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
883 } else if (have_a_none_oplock) {
884 fsp->oplock_type = NO_OPLOCK;
885 } else if (have_level2) {
886 if (fsp->oplock_type == NO_OPLOCK ||
887 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
888 /* Store a level2 oplock, but don't tell the client */
889 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
891 fsp->oplock_type = LEVEL_II_OPLOCK;
894 /* This case can never happen. */
899 * Don't grant level2 to clients that don't want them
900 * or if we've turned them off.
902 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
903 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
906 DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n",
907 fsp->oplock_type, fsp->fsp_name));
913 static bool request_timed_out(struct timeval request_time,
914 struct timeval timeout)
916 struct timeval now, end_time;
918 end_time = timeval_sum(&request_time, &timeout);
919 return (timeval_compare(&end_time, &now) < 0);
922 /****************************************************************************
923 Handle the 1 second delay in returning a SHARING_VIOLATION error.
924 ****************************************************************************/
926 static void defer_open(struct share_mode_lock *lck,
927 struct timeval request_time,
928 struct timeval timeout,
929 struct smb_request *req,
930 struct deferred_open_record *state)
936 for (i=0; i<lck->num_share_modes; i++) {
937 struct share_mode_entry *e = &lck->share_modes[i];
939 if (!is_deferred_open_entry(e)) {
943 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
944 DEBUG(0, ("Trying to defer an already deferred "
945 "request: mid=%d, exiting\n", req->mid));
946 exit_server("attempt to defer a deferred request");
950 /* End paranoia check */
952 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
953 "open entry for mid %u\n",
954 (unsigned int)request_time.tv_sec,
955 (unsigned int)request_time.tv_usec,
956 (unsigned int)req->mid));
958 if (!push_deferred_smb_message(req, request_time, timeout,
959 (char *)state, sizeof(*state))) {
960 exit_server("push_deferred_smb_message failed");
962 add_deferred_open(lck, req->mid, request_time, state->id);
965 * Push the MID of this packet on the signing queue.
966 * We only do this once, the first time we push the packet
967 * onto the deferred open queue, as this has a side effect
968 * of incrementing the response sequence number.
971 srv_defer_sign_response(req->mid);
975 /****************************************************************************
976 On overwrite open ensure that the attributes match.
977 ****************************************************************************/
979 static bool open_match_attributes(connection_struct *conn,
983 mode_t existing_unx_mode,
985 mode_t *returned_unx_mode)
987 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
989 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
990 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
992 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
993 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
994 *returned_unx_mode = new_unx_mode;
996 *returned_unx_mode = (mode_t)0;
999 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
1000 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1001 "returned_unx_mode = 0%o\n",
1003 (unsigned int)old_dos_attr,
1004 (unsigned int)existing_unx_mode,
1005 (unsigned int)new_dos_attr,
1006 (unsigned int)*returned_unx_mode ));
1008 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1009 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1010 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1011 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1015 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1016 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1017 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1024 /****************************************************************************
1025 Special FCB or DOS processing in the case of a sharing violation.
1026 Try and find a duplicated file handle.
1027 ****************************************************************************/
1029 static NTSTATUS fcb_or_dos_open(connection_struct *conn,
1030 files_struct *fsp_to_dup_into,
1036 uint32 share_access,
1037 uint32 create_options)
1041 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1042 "file %s.\n", fname ));
1044 for(fsp = file_find_di_first(id); fsp;
1045 fsp = file_find_di_next(fsp)) {
1047 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1048 "vuid = %u, file_pid = %u, private_options = 0x%x "
1049 "access_mask = 0x%x\n", fsp->fsp_name,
1050 fsp->fh->fd, (unsigned int)fsp->vuid,
1051 (unsigned int)fsp->file_pid,
1052 (unsigned int)fsp->fh->private_options,
1053 (unsigned int)fsp->access_mask ));
1055 if (fsp->fh->fd != -1 &&
1056 fsp->vuid == vuid &&
1057 fsp->file_pid == file_pid &&
1058 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1059 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1060 (fsp->access_mask & FILE_WRITE_DATA) &&
1061 strequal(fsp->fsp_name, fname)) {
1062 DEBUG(10,("fcb_or_dos_open: file match\n"));
1068 return NT_STATUS_NOT_FOUND;
1071 /* quite an insane set of semantics ... */
1072 if (is_executable(fname) &&
1073 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1074 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1075 return NT_STATUS_INVALID_PARAMETER;
1078 /* We need to duplicate this fsp. */
1079 dup_file_fsp(fsp, access_mask, share_access,
1080 create_options, fsp_to_dup_into);
1082 return NT_STATUS_OK;
1085 /****************************************************************************
1086 Open a file with a share mode - old openX method - map into NTCreate.
1087 ****************************************************************************/
1089 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
1090 uint32 *paccess_mask,
1091 uint32 *pshare_mode,
1092 uint32 *pcreate_disposition,
1093 uint32 *pcreate_options)
1097 uint32 create_disposition;
1098 uint32 create_options = FILE_NON_DIRECTORY_FILE;
1100 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1101 "open_func = 0x%x\n",
1102 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
1104 /* Create the NT compatible access_mask. */
1105 switch (GET_OPENX_MODE(deny_mode)) {
1106 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1107 case DOS_OPEN_RDONLY:
1108 access_mask = FILE_GENERIC_READ;
1110 case DOS_OPEN_WRONLY:
1111 access_mask = FILE_GENERIC_WRITE;
1115 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1118 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1119 (unsigned int)GET_OPENX_MODE(deny_mode)));
1123 /* Create the NT compatible create_disposition. */
1124 switch (open_func) {
1125 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1126 create_disposition = FILE_CREATE;
1129 case OPENX_FILE_EXISTS_OPEN:
1130 create_disposition = FILE_OPEN;
1133 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1134 create_disposition = FILE_OPEN_IF;
1137 case OPENX_FILE_EXISTS_TRUNCATE:
1138 create_disposition = FILE_OVERWRITE;
1141 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1142 create_disposition = FILE_OVERWRITE_IF;
1146 /* From samba4 - to be confirmed. */
1147 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1148 create_disposition = FILE_CREATE;
1151 DEBUG(10,("map_open_params_to_ntcreate: bad "
1152 "open_func 0x%x\n", (unsigned int)open_func));
1156 /* Create the NT compatible share modes. */
1157 switch (GET_DENY_MODE(deny_mode)) {
1159 share_mode = FILE_SHARE_NONE;
1163 share_mode = FILE_SHARE_READ;
1167 share_mode = FILE_SHARE_WRITE;
1171 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1175 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1176 if (is_executable(fname)) {
1177 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1179 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1180 share_mode = FILE_SHARE_READ;
1182 share_mode = FILE_SHARE_NONE;
1188 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1189 share_mode = FILE_SHARE_NONE;
1193 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1194 (unsigned int)GET_DENY_MODE(deny_mode) ));
1198 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1199 "share_mode = 0x%x, create_disposition = 0x%x, "
1200 "create_options = 0x%x\n",
1202 (unsigned int)access_mask,
1203 (unsigned int)share_mode,
1204 (unsigned int)create_disposition,
1205 (unsigned int)create_options ));
1208 *paccess_mask = access_mask;
1211 *pshare_mode = share_mode;
1213 if (pcreate_disposition) {
1214 *pcreate_disposition = create_disposition;
1216 if (pcreate_options) {
1217 *pcreate_options = create_options;
1224 static void schedule_defer_open(struct share_mode_lock *lck,
1225 struct timeval request_time,
1226 struct smb_request *req)
1228 struct deferred_open_record state;
1230 /* This is a relative time, added to the absolute
1231 request_time value to get the absolute timeout time.
1232 Note that if this is the second or greater time we enter
1233 this codepath for this particular request mid then
1234 request_time is left as the absolute time of the *first*
1235 time this request mid was processed. This is what allows
1236 the request to eventually time out. */
1238 struct timeval timeout;
1240 /* Normally the smbd we asked should respond within
1241 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1242 * the client did, give twice the timeout as a safety
1243 * measure here in case the other smbd is stuck
1244 * somewhere else. */
1246 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1248 /* Nothing actually uses state.delayed_for_oplocks
1249 but it's handy to differentiate in debug messages
1250 between a 30 second delay due to oplock break, and
1251 a 1 second delay for share mode conflicts. */
1253 state.delayed_for_oplocks = True;
1256 if (!request_timed_out(request_time, timeout)) {
1257 defer_open(lck, request_time, timeout, req, &state);
1261 /****************************************************************************
1262 Work out what access_mask to use from what the client sent us.
1263 ****************************************************************************/
1265 static NTSTATUS calculate_access_mask(connection_struct *conn,
1268 uint32_t access_mask,
1269 uint32_t *access_mask_out)
1274 * Convert GENERIC bits to specific bits.
1277 se_map_generic(&access_mask, &file_generic_mapping);
1279 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1280 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1283 struct security_descriptor *sd;
1284 uint32_t access_granted = 0;
1286 status = SMB_VFS_GET_NT_ACL(conn, fname,
1287 (OWNER_SECURITY_INFORMATION |
1288 GROUP_SECURITY_INFORMATION |
1289 DACL_SECURITY_INFORMATION),&sd);
1291 if (!NT_STATUS_IS_OK(status)) {
1292 DEBUG(10, ("calculate_access_mask: Could not get acl "
1295 nt_errstr(status)));
1296 return NT_STATUS_ACCESS_DENIED;
1299 status = smb1_file_se_access_check(sd,
1300 conn->server_info->ptok,
1306 if (!NT_STATUS_IS_OK(status)) {
1307 DEBUG(10, ("calculate_access_mask: Access denied on "
1308 "file %s: when calculating maximum access\n",
1310 return NT_STATUS_ACCESS_DENIED;
1313 access_mask = access_granted;
1315 access_mask = FILE_GENERIC_ALL;
1319 *access_mask_out = access_mask;
1320 return NT_STATUS_OK;
1323 /****************************************************************************
1324 Open a file with a share mode. Passed in an already created files_struct *.
1325 ****************************************************************************/
1327 static NTSTATUS open_file_ntcreate_internal(connection_struct *conn,
1328 struct smb_request *req,
1330 SMB_STRUCT_STAT *psbuf,
1331 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1332 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1333 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1334 uint32 create_options, /* options such as delete on close. */
1335 uint32 new_dos_attributes, /* attributes used for new file. */
1336 int oplock_request, /* internal Samba oplock codes. */
1337 /* Information (FILE_EXISTS etc.) */
1343 bool file_existed = VALID_STAT(*psbuf);
1344 bool def_acl = False;
1345 bool posix_open = False;
1346 bool new_file_created = False;
1348 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1349 mode_t new_unx_mode = (mode_t)0;
1350 mode_t unx_mode = (mode_t)0;
1352 uint32 existing_dos_attributes = 0;
1353 struct pending_message_list *pml = NULL;
1354 struct timeval request_time = timeval_zero();
1355 struct share_mode_lock *lck = NULL;
1356 uint32 open_access_mask = access_mask;
1360 const char *newname;
1364 if (conn->printer) {
1366 * Printers are handled completely differently.
1367 * Most of the passed parameters are ignored.
1371 *pinfo = FILE_WAS_CREATED;
1374 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1376 return print_fsp_open(conn, fname, req->vuid, fsp, psbuf);
1379 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1381 return NT_STATUS_NO_MEMORY;
1384 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1386 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1387 new_dos_attributes = 0;
1389 /* We add aARCH to this as this mode is only used if the file is
1391 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1395 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1396 "access_mask=0x%x share_access=0x%x "
1397 "create_disposition = 0x%x create_options=0x%x "
1398 "unix mode=0%o oplock_request=%d\n",
1399 fname, new_dos_attributes, access_mask, share_access,
1400 create_disposition, create_options, unx_mode,
1403 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1404 DEBUG(0, ("No smb request but not an internal only open!\n"));
1405 return NT_STATUS_INTERNAL_ERROR;
1409 * Only non-internal opens can be deferred at all
1413 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1414 struct deferred_open_record *state =
1415 (struct deferred_open_record *)pml->private_data.data;
1417 /* Remember the absolute time of the original
1418 request with this mid. We'll use it later to
1419 see if this has timed out. */
1421 request_time = pml->request_time;
1423 /* Remove the deferred open entry under lock. */
1424 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1427 DEBUG(0, ("could not get share mode lock\n"));
1429 del_deferred_open_entry(lck, req->mid);
1433 /* Ensure we don't reprocess this message. */
1434 remove_deferred_open_smb_message(req->mid);
1437 status = check_name(conn, fname);
1438 if (!NT_STATUS_IS_OK(status)) {
1443 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1445 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1449 /* ignore any oplock requests if oplocks are disabled */
1450 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1451 IS_VETO_OPLOCK_PATH(conn, fname)) {
1452 /* Mask off everything except the private Samba bits. */
1453 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1456 /* this is for OS/2 long file names - say we don't support them */
1457 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1458 /* OS/2 Workplace shell fix may be main code stream in a later
1460 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1462 if (use_nt_status()) {
1463 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1465 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1468 switch( create_disposition ) {
1470 * Currently we're using FILE_SUPERSEDE as the same as
1471 * FILE_OVERWRITE_IF but they really are
1472 * different. FILE_SUPERSEDE deletes an existing file
1473 * (requiring delete access) then recreates it.
1475 case FILE_SUPERSEDE:
1476 /* If file exists replace/overwrite. If file doesn't
1478 flags2 |= (O_CREAT | O_TRUNC);
1481 case FILE_OVERWRITE_IF:
1482 /* If file exists replace/overwrite. If file doesn't
1484 flags2 |= (O_CREAT | O_TRUNC);
1488 /* If file exists open. If file doesn't exist error. */
1489 if (!file_existed) {
1490 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1491 "requested for file %s and file "
1492 "doesn't exist.\n", fname ));
1494 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1498 case FILE_OVERWRITE:
1499 /* If file exists overwrite. If file doesn't exist
1501 if (!file_existed) {
1502 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1503 "requested for file %s and file "
1504 "doesn't exist.\n", fname ));
1506 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1512 /* If file exists error. If file doesn't exist
1515 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1516 "requested for file %s and file "
1517 "already exists.\n", fname ));
1518 if (S_ISDIR(psbuf->st_mode)) {
1523 return map_nt_error_from_unix(errno);
1525 flags2 |= (O_CREAT|O_EXCL);
1529 /* If file exists open. If file doesn't exist
1535 return NT_STATUS_INVALID_PARAMETER;
1538 /* We only care about matching attributes on file exists and
1541 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1542 (create_disposition == FILE_OVERWRITE_IF))) {
1543 if (!open_match_attributes(conn, fname,
1544 existing_dos_attributes,
1545 new_dos_attributes, psbuf->st_mode,
1546 unx_mode, &new_unx_mode)) {
1547 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1548 "for file %s (%x %x) (0%o, 0%o)\n",
1549 fname, existing_dos_attributes,
1551 (unsigned int)psbuf->st_mode,
1552 (unsigned int)unx_mode ));
1554 return NT_STATUS_ACCESS_DENIED;
1558 status = calculate_access_mask(conn, fname, file_existed,
1561 if (!NT_STATUS_IS_OK(status)) {
1562 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1563 "on file %s returned %s\n",
1565 nt_errstr(status)));
1569 open_access_mask = access_mask;
1571 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1572 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1575 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1576 "access_mask=0x%x\n", fname, access_mask ));
1579 * Note that we ignore the append flag as append does not
1580 * mean the same thing under DOS and Unix.
1583 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1584 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1585 /* DENY_DOS opens are always underlying read-write on the
1586 file handle, no matter what the requested access mask
1588 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1589 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1599 * Currently we only look at FILE_WRITE_THROUGH for create options.
1603 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1608 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1612 if (!posix_open && !CAN_WRITE(conn)) {
1614 * We should really return a permission denied error if either
1615 * O_CREAT or O_TRUNC are set, but for compatibility with
1616 * older versions of Samba we just AND them out.
1618 flags2 &= ~(O_CREAT|O_TRUNC);
1622 * Ensure we can't write on a read-only share or file.
1625 if (flags != O_RDONLY && file_existed &&
1626 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1627 DEBUG(5,("open_file_ntcreate: write access requested for "
1628 "file %s on read only %s\n",
1629 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1631 return NT_STATUS_ACCESS_DENIED;
1634 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1635 fsp->share_access = share_access;
1636 fsp->fh->private_options = create_options;
1637 fsp->access_mask = open_access_mask; /* We change this to the
1638 * requested access_mask after
1639 * the open is done. */
1640 fsp->posix_open = posix_open;
1642 /* Ensure no SAMBA_PRIVATE bits can be set. */
1643 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1645 if (timeval_is_zero(&request_time)) {
1646 request_time = fsp->open_time;
1650 struct timespec old_write_time = get_mtimespec(psbuf);
1651 id = vfs_file_id_from_sbuf(conn, psbuf);
1653 lck = get_share_mode_lock(talloc_tos(), id,
1655 fname, &old_write_time);
1658 DEBUG(0, ("Could not get share mode lock\n"));
1659 return NT_STATUS_SHARING_VIOLATION;
1662 /* First pass - send break only on batch oplocks. */
1664 && delay_for_oplocks(lck, fsp, req->mid, 1,
1666 schedule_defer_open(lck, request_time, req);
1668 return NT_STATUS_SHARING_VIOLATION;
1671 /* Use the client requested access mask here, not the one we
1673 status = open_mode_check(conn, fname, lck,
1674 access_mask, share_access,
1675 create_options, &file_existed);
1677 if (NT_STATUS_IS_OK(status)) {
1678 /* We might be going to allow this open. Check oplock
1680 /* Second pass - send break for both batch or
1681 * exclusive oplocks. */
1683 && delay_for_oplocks(lck, fsp, req->mid, 2,
1685 schedule_defer_open(lck, request_time, req);
1687 return NT_STATUS_SHARING_VIOLATION;
1691 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1692 /* DELETE_PENDING is not deferred for a second */
1697 if (!NT_STATUS_IS_OK(status)) {
1698 uint32 can_access_mask;
1699 bool can_access = True;
1701 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1703 /* Check if this can be done with the deny_dos and fcb
1705 if (create_options &
1706 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1707 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1709 DEBUG(0, ("DOS open without an SMB "
1712 return NT_STATUS_INTERNAL_ERROR;
1715 /* Use the client requested access mask here,
1716 * not the one we open with. */
1717 status = fcb_or_dos_open(conn,
1727 if (NT_STATUS_IS_OK(status)) {
1730 *pinfo = FILE_WAS_OPENED;
1732 return NT_STATUS_OK;
1737 * This next line is a subtlety we need for
1738 * MS-Access. If a file open will fail due to share
1739 * permissions and also for security (access) reasons,
1740 * we need to return the access failed error, not the
1741 * share error. We can't open the file due to kernel
1742 * oplock deadlock (it's possible we failed above on
1743 * the open_mode_check()) so use a userspace check.
1746 if (flags & O_RDWR) {
1747 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1748 } else if (flags & O_WRONLY) {
1749 can_access_mask = FILE_WRITE_DATA;
1751 can_access_mask = FILE_READ_DATA;
1754 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1755 !can_access_file_data(conn,fname,psbuf,can_access_mask)) {
1760 * If we're returning a share violation, ensure we
1761 * cope with the braindead 1 second delay.
1764 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1765 lp_defer_sharing_violations()) {
1766 struct timeval timeout;
1767 struct deferred_open_record state;
1770 /* this is a hack to speed up torture tests
1772 timeout_usecs = lp_parm_int(SNUM(conn),
1773 "smbd","sharedelay",
1774 SHARING_VIOLATION_USEC_WAIT);
1776 /* This is a relative time, added to the absolute
1777 request_time value to get the absolute timeout time.
1778 Note that if this is the second or greater time we enter
1779 this codepath for this particular request mid then
1780 request_time is left as the absolute time of the *first*
1781 time this request mid was processed. This is what allows
1782 the request to eventually time out. */
1784 timeout = timeval_set(0, timeout_usecs);
1786 /* Nothing actually uses state.delayed_for_oplocks
1787 but it's handy to differentiate in debug messages
1788 between a 30 second delay due to oplock break, and
1789 a 1 second delay for share mode conflicts. */
1791 state.delayed_for_oplocks = False;
1795 && !request_timed_out(request_time,
1797 defer_open(lck, request_time, timeout,
1805 * We have detected a sharing violation here
1806 * so return the correct error code
1808 status = NT_STATUS_SHARING_VIOLATION;
1810 status = NT_STATUS_ACCESS_DENIED;
1816 * We exit this block with the share entry *locked*.....
1820 SMB_ASSERT(!file_existed || (lck != NULL));
1823 * Ensure we pay attention to default ACLs on directories if required.
1826 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1827 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1831 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1832 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1833 (unsigned int)flags, (unsigned int)flags2,
1834 (unsigned int)unx_mode, (unsigned int)access_mask,
1835 (unsigned int)open_access_mask));
1838 * open_file strips any O_TRUNC flags itself.
1841 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1842 flags|flags2, unx_mode, access_mask,
1845 if (!NT_STATUS_IS_OK(fsp_open)) {
1852 if (!file_existed) {
1853 struct timespec old_write_time = get_mtimespec(psbuf);
1855 * Deal with the race condition where two smbd's detect the
1856 * file doesn't exist and do the create at the same time. One
1857 * of them will win and set a share mode, the other (ie. this
1858 * one) should check if the requested share mode for this
1859 * create is allowed.
1863 * Now the file exists and fsp is successfully opened,
1864 * fsp->dev and fsp->inode are valid and should replace the
1865 * dev=0,inode=0 from a non existent file. Spotted by
1866 * Nadav Danieli <nadavd@exanet.com>. JRA.
1871 lck = get_share_mode_lock(talloc_tos(), id,
1873 fname, &old_write_time);
1876 DEBUG(0, ("open_file_ntcreate: Could not get share "
1877 "mode lock for %s\n", fname));
1879 return NT_STATUS_SHARING_VIOLATION;
1882 /* First pass - send break only on batch oplocks. */
1884 && delay_for_oplocks(lck, fsp, req->mid, 1,
1886 schedule_defer_open(lck, request_time, req);
1889 return NT_STATUS_SHARING_VIOLATION;
1892 status = open_mode_check(conn, fname, lck,
1893 access_mask, share_access,
1894 create_options, &file_existed);
1896 if (NT_STATUS_IS_OK(status)) {
1897 /* We might be going to allow this open. Check oplock
1899 /* Second pass - send break for both batch or
1900 * exclusive oplocks. */
1902 && delay_for_oplocks(lck, fsp, req->mid, 2,
1904 schedule_defer_open(lck, request_time, req);
1907 return NT_STATUS_SHARING_VIOLATION;
1911 if (!NT_STATUS_IS_OK(status)) {
1912 struct deferred_open_record state;
1916 state.delayed_for_oplocks = False;
1919 /* Do it all over again immediately. In the second
1920 * round we will find that the file existed and handle
1921 * the DELETE_PENDING and FCB cases correctly. No need
1922 * to duplicate the code here. Essentially this is a
1923 * "goto top of this function", but don't tell
1927 defer_open(lck, request_time, timeval_zero(),
1935 * We exit this block with the share entry *locked*.....
1940 SMB_ASSERT(lck != NULL);
1942 /* note that we ignore failure for the following. It is
1943 basically a hack for NFS, and NFS will never set one of
1944 these only read them. Nobody but Samba can ever set a deny
1945 mode and we have already checked our more authoritative
1946 locking database for permission to set this deny mode. If
1947 the kernel refuses the operations then the kernel is wrong.
1948 note that GPFS supports it as well - jmcd */
1950 if (fsp->fh->fd != -1) {
1951 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
1952 if(ret_flock == -1 ){
1957 return NT_STATUS_SHARING_VIOLATION;
1962 * At this point onwards, we can guarentee that the share entry
1963 * is locked, whether we created the file or not, and that the
1964 * deny mode is compatible with all current opens.
1968 * If requested, truncate the file.
1971 if (flags2&O_TRUNC) {
1973 * We are modifing the file after open - update the stat
1976 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
1977 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
1978 status = map_nt_error_from_unix(errno);
1985 /* Record the options we were opened with. */
1986 fsp->share_access = share_access;
1987 fsp->fh->private_options = create_options;
1989 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
1991 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
1994 /* stat opens on existing files don't get oplocks. */
1995 if (is_stat_open(open_access_mask)) {
1996 fsp->oplock_type = NO_OPLOCK;
1999 if (!(flags2 & O_TRUNC)) {
2000 info = FILE_WAS_OPENED;
2002 info = FILE_WAS_OVERWRITTEN;
2005 info = FILE_WAS_CREATED;
2013 * Setup the oplock info in both the shared memory and
2017 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2018 /* Could not get the kernel oplock */
2019 fsp->oplock_type = NO_OPLOCK;
2022 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2023 new_file_created = True;
2026 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
2029 /* Handle strange delete on close create semantics. */
2030 if (create_options & FILE_DELETE_ON_CLOSE) {
2032 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
2034 if (!NT_STATUS_IS_OK(status)) {
2035 /* Remember to delete the mode we just added. */
2036 del_share_mode(lck, fsp);
2041 /* Note that here we set the *inital* delete on close flag,
2042 not the regular one. The magic gets handled in close. */
2043 fsp->initial_delete_on_close = True;
2046 if (new_file_created) {
2047 /* Files should be initially set as archive */
2048 if (lp_map_archive(SNUM(conn)) ||
2049 lp_store_dos_attributes(SNUM(conn))) {
2051 SMB_STRUCT_STAT tmp_sbuf;
2052 SET_STAT_INVALID(tmp_sbuf);
2053 if (file_set_dosmode(
2055 new_dos_attributes | aARCH,
2056 &tmp_sbuf, parent_dir,
2058 unx_mode = tmp_sbuf.st_mode;
2065 * Take care of inherited ACLs on created files - if default ACL not
2069 if (!posix_open && !file_existed && !def_acl) {
2071 int saved_errno = errno; /* We might get ENOSYS in the next
2074 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2076 errno = saved_errno; /* Ignore ENOSYS */
2079 } else if (new_unx_mode) {
2083 /* Attributes need changing. File already existed. */
2086 int saved_errno = errno; /* We might get ENOSYS in the
2088 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2090 if (ret == -1 && errno == ENOSYS) {
2091 errno = saved_errno; /* Ignore ENOSYS */
2093 DEBUG(5, ("open_file_ntcreate: reset "
2094 "attributes of file %s to 0%o\n",
2095 fname, (unsigned int)new_unx_mode));
2096 ret = 0; /* Don't do the fchmod below. */
2101 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2102 DEBUG(5, ("open_file_ntcreate: failed to reset "
2103 "attributes of file %s to 0%o\n",
2104 fname, (unsigned int)new_unx_mode));
2107 /* If this is a successful open, we must remove any deferred open
2110 del_deferred_open_entry(lck, req->mid);
2114 return NT_STATUS_OK;
2117 /****************************************************************************
2118 Open a file with a share mode.
2119 ****************************************************************************/
2121 NTSTATUS open_file_ntcreate(connection_struct *conn,
2122 struct smb_request *req,
2124 SMB_STRUCT_STAT *psbuf,
2125 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
2126 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
2127 uint32 create_disposition, /* FILE_OPEN_IF etc. */
2128 uint32 create_options, /* options such as delete on close. */
2129 uint32 new_dos_attributes, /* attributes used for new file. */
2130 int oplock_request, /* internal Samba oplock codes. */
2131 /* Information (FILE_EXISTS etc.) */
2133 files_struct **result)
2136 files_struct *fsp = NULL;
2140 status = file_new(conn, &fsp);
2141 if(!NT_STATUS_IS_OK(status)) {
2145 status = open_file_ntcreate_internal(conn,
2158 if(!NT_STATUS_IS_OK(status)) {
2167 /****************************************************************************
2168 Open a file for for write to ensure that we can fchmod it.
2169 ****************************************************************************/
2171 NTSTATUS open_file_fchmod(connection_struct *conn, const char *fname,
2172 SMB_STRUCT_STAT *psbuf, files_struct **result)
2174 files_struct *fsp = NULL;
2177 if (!VALID_STAT(*psbuf)) {
2178 return NT_STATUS_INVALID_PARAMETER;
2181 status = file_new(conn, &fsp);
2182 if(!NT_STATUS_IS_OK(status)) {
2186 /* note! we must use a non-zero desired access or we don't get
2187 a real file descriptor. Oh what a twisted web we weave. */
2188 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
2189 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
2192 * This is not a user visible file open.
2193 * Don't set a share mode.
2196 if (!NT_STATUS_IS_OK(status)) {
2202 return NT_STATUS_OK;
2205 /****************************************************************************
2206 Close the fchmod file fd - ensure no locks are lost.
2207 ****************************************************************************/
2209 NTSTATUS close_file_fchmod(files_struct *fsp)
2211 NTSTATUS status = fd_close(fsp);
2216 static NTSTATUS mkdir_internal(connection_struct *conn,
2218 uint32 file_attributes,
2219 SMB_STRUCT_STAT *psbuf)
2223 const char *dirname;
2225 bool posix_open = false;
2227 if(!CAN_WRITE(conn)) {
2228 DEBUG(5,("mkdir_internal: failing create on read-only share "
2229 "%s\n", lp_servicename(SNUM(conn))));
2230 return NT_STATUS_ACCESS_DENIED;
2233 status = check_name(conn, name);
2234 if (!NT_STATUS_IS_OK(status)) {
2238 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2240 return NT_STATUS_NO_MEMORY;
2243 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2245 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2247 mode = unix_mode(conn, aDIR, name, parent_dir);
2250 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2251 return map_nt_error_from_unix(errno);
2254 /* Ensure we're checking for a symlink here.... */
2255 /* We don't want to get caught by a symlink racer. */
2257 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2258 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2259 name, strerror(errno)));
2260 return map_nt_error_from_unix(errno);
2263 if (!S_ISDIR(psbuf->st_mode)) {
2264 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2266 return NT_STATUS_ACCESS_DENIED;
2269 if (lp_store_dos_attributes(SNUM(conn))) {
2271 file_set_dosmode(conn, name,
2272 file_attributes | aDIR, NULL,
2278 if (lp_inherit_perms(SNUM(conn))) {
2279 inherit_access_posix_acl(conn, parent_dir, name, mode);
2282 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2284 * Check if high bits should have been set,
2285 * then (if bits are missing): add them.
2286 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2289 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2290 SMB_VFS_CHMOD(conn, name,
2291 psbuf->st_mode | (mode & ~psbuf->st_mode));
2295 /* Change the owner if required. */
2296 if (lp_inherit_owner(SNUM(conn))) {
2297 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2300 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2303 return NT_STATUS_OK;
2306 /****************************************************************************
2307 Open a directory from an NT SMB call.
2308 ****************************************************************************/
2310 NTSTATUS open_directory(connection_struct *conn,
2311 struct smb_request *req,
2313 SMB_STRUCT_STAT *psbuf,
2315 uint32 share_access,
2316 uint32 create_disposition,
2317 uint32 create_options,
2318 uint32 file_attributes,
2320 files_struct **result)
2322 files_struct *fsp = NULL;
2323 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2324 struct share_mode_lock *lck = NULL;
2326 struct timespec mtimespec;
2329 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2330 "share_access = 0x%x create_options = 0x%x, "
2331 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2333 (unsigned int)access_mask,
2334 (unsigned int)share_access,
2335 (unsigned int)create_options,
2336 (unsigned int)create_disposition,
2337 (unsigned int)file_attributes));
2339 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2340 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2341 is_ntfs_stream_name(fname)) {
2342 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2343 return NT_STATUS_NOT_A_DIRECTORY;
2346 status = calculate_access_mask(conn, fname, dir_existed,
2349 if (!NT_STATUS_IS_OK(status)) {
2350 DEBUG(10, ("open_directory: calculate_access_mask "
2351 "on file %s returned %s\n",
2353 nt_errstr(status)));
2357 switch( create_disposition ) {
2360 info = FILE_WAS_OPENED;
2363 * We want to follow symlinks here.
2366 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2367 return map_nt_error_from_unix(errno);
2374 /* If directory exists error. If directory doesn't
2377 status = mkdir_internal(conn,
2382 if (!NT_STATUS_IS_OK(status)) {
2383 DEBUG(2, ("open_directory: unable to create "
2384 "%s. Error was %s\n", fname,
2385 nt_errstr(status)));
2389 info = FILE_WAS_CREATED;
2394 * If directory exists open. If directory doesn't
2398 status = mkdir_internal(conn,
2403 if (NT_STATUS_IS_OK(status)) {
2404 info = FILE_WAS_CREATED;
2407 if (NT_STATUS_EQUAL(status,
2408 NT_STATUS_OBJECT_NAME_COLLISION)) {
2409 info = FILE_WAS_OPENED;
2410 status = NT_STATUS_OK;
2415 case FILE_SUPERSEDE:
2416 case FILE_OVERWRITE:
2417 case FILE_OVERWRITE_IF:
2419 DEBUG(5,("open_directory: invalid create_disposition "
2420 "0x%x for directory %s\n",
2421 (unsigned int)create_disposition, fname));
2422 return NT_STATUS_INVALID_PARAMETER;
2425 if(!S_ISDIR(psbuf->st_mode)) {
2426 DEBUG(5,("open_directory: %s is not a directory !\n",
2428 return NT_STATUS_NOT_A_DIRECTORY;
2431 if (info == FILE_WAS_OPENED) {
2432 uint32_t access_granted = 0;
2433 status = check_open_rights(conn,
2437 if (!NT_STATUS_IS_OK(status)) {
2438 DEBUG(10, ("open_directory: check_open_rights on "
2439 "file %s failed with %s\n",
2441 nt_errstr(status)));
2446 status = file_new(conn, &fsp);
2447 if(!NT_STATUS_IS_OK(status)) {
2452 * Setup the files_struct for it.
2455 fsp->mode = psbuf->st_mode;
2456 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2457 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2458 fsp->file_pid = req ? req->smbpid : 0;
2459 fsp->can_lock = False;
2460 fsp->can_read = False;
2461 fsp->can_write = False;
2463 fsp->share_access = share_access;
2464 fsp->fh->private_options = create_options;
2466 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2468 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2469 fsp->print_file = False;
2470 fsp->modified = False;
2471 fsp->oplock_type = NO_OPLOCK;
2472 fsp->sent_oplock_break = NO_BREAK_SENT;
2473 fsp->is_directory = True;
2474 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2476 string_set(&fsp->fsp_name,fname);
2478 mtimespec = get_mtimespec(psbuf);
2480 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2485 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2487 return NT_STATUS_SHARING_VIOLATION;
2490 status = open_mode_check(conn, fname, lck,
2491 access_mask, share_access,
2492 create_options, &dir_existed);
2494 if (!NT_STATUS_IS_OK(status)) {
2500 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
2502 /* For directories the delete on close bit at open time seems
2503 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2504 if (create_options & FILE_DELETE_ON_CLOSE) {
2505 status = can_set_delete_on_close(fsp, True, 0);
2506 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2512 if (NT_STATUS_IS_OK(status)) {
2513 /* Note that here we set the *inital* delete on close flag,
2514 not the regular one. The magic gets handled in close. */
2515 fsp->initial_delete_on_close = True;
2526 return NT_STATUS_OK;
2529 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2532 SMB_STRUCT_STAT sbuf;
2535 SET_STAT_INVALID(sbuf);
2537 status = open_directory(conn, req, directory, &sbuf,
2538 FILE_READ_ATTRIBUTES, /* Just a stat open */
2539 FILE_SHARE_NONE, /* Ignored for stat opens */
2542 FILE_ATTRIBUTE_DIRECTORY,
2546 if (NT_STATUS_IS_OK(status)) {
2547 close_file(fsp, NORMAL_CLOSE);
2553 /****************************************************************************
2554 Receive notification that one of our open files has been renamed by another
2556 ****************************************************************************/
2558 void msg_file_was_renamed(struct messaging_context *msg,
2561 struct server_id server_id,
2565 char *frm = (char *)data->data;
2567 const char *sharepath;
2568 const char *newname;
2571 if (data->data == NULL
2572 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2573 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2574 (int)data->length));
2578 /* Unpack the message. */
2579 pull_file_id_16(frm, &id);
2580 sharepath = &frm[16];
2581 newname = sharepath + strlen(sharepath) + 1;
2582 sp_len = strlen(sharepath);
2584 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2586 sharepath, newname, file_id_string_tos(&id)));
2588 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2589 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2590 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2591 fsp->fnum, fsp->fsp_name, newname ));
2592 string_set(&fsp->fsp_name, newname);
2595 /* Now we have the complete path we can work out if this is
2596 actually within this share and adjust newname accordingly. */
2597 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2598 "not sharepath %s) "
2599 "fnum %d from %s -> %s\n",
2600 fsp->conn->connectpath,
2609 struct case_semantics_state {
2610 connection_struct *conn;
2611 bool case_sensitive;
2613 bool short_case_preserve;
2616 /****************************************************************************
2617 Restore case semantics.
2618 ****************************************************************************/
2619 static int restore_case_semantics(struct case_semantics_state *state)
2621 state->conn->case_sensitive = state->case_sensitive;
2622 state->conn->case_preserve = state->case_preserve;
2623 state->conn->short_case_preserve = state->short_case_preserve;
2627 /****************************************************************************
2628 Save case semantics.
2629 ****************************************************************************/
2630 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2631 connection_struct *conn)
2633 struct case_semantics_state *result;
2635 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2636 DEBUG(0, ("talloc failed\n"));
2640 result->conn = conn;
2641 result->case_sensitive = conn->case_sensitive;
2642 result->case_preserve = conn->case_preserve;
2643 result->short_case_preserve = conn->short_case_preserve;
2646 conn->case_sensitive = True;
2647 conn->case_preserve = True;
2648 conn->short_case_preserve = True;
2650 talloc_set_destructor(result, restore_case_semantics);
2656 * If a main file is opened for delete, all streams need to be checked for
2657 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2658 * If that works, delete them all by setting the delete on close and close.
2661 static NTSTATUS open_streams_for_delete(connection_struct *conn,
2664 struct stream_struct *stream_info;
2665 files_struct **streams;
2667 unsigned int num_streams;
2668 TALLOC_CTX *frame = talloc_stackframe();
2671 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2672 &num_streams, &stream_info);
2674 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2675 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2676 DEBUG(10, ("no streams around\n"));
2678 return NT_STATUS_OK;
2681 if (!NT_STATUS_IS_OK(status)) {
2682 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2683 nt_errstr(status)));
2687 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2690 if (num_streams == 0) {
2692 return NT_STATUS_OK;
2695 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2696 if (streams == NULL) {
2697 DEBUG(0, ("talloc failed\n"));
2698 status = NT_STATUS_NO_MEMORY;
2702 for (i=0; i<num_streams; i++) {
2705 if (strequal(stream_info[i].name, "::$DATA")) {
2710 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2711 stream_info[i].name);
2713 if (streamname == NULL) {
2714 DEBUG(0, ("talloc_aprintf failed\n"));
2715 status = NT_STATUS_NO_MEMORY;
2719 status = create_file_unixpath
2722 streamname, /* fname */
2723 DELETE_ACCESS, /* access_mask */
2724 FILE_SHARE_READ | FILE_SHARE_WRITE
2725 | FILE_SHARE_DELETE, /* share_access */
2726 FILE_OPEN, /* create_disposition*/
2727 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2728 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2729 0, /* oplock_request */
2730 0, /* allocation_size */
2733 &streams[i], /* result */
2737 TALLOC_FREE(streamname);
2739 if (!NT_STATUS_IS_OK(status)) {
2740 DEBUG(10, ("Could not open stream %s: %s\n",
2741 streamname, nt_errstr(status)));
2747 * don't touch the variable "status" beyond this point :-)
2750 for (i -= 1 ; i >= 0; i--) {
2751 if (streams[i] == NULL) {
2755 DEBUG(10, ("Closing stream # %d, %s\n", i,
2756 streams[i]->fsp_name));
2757 close_file(streams[i], NORMAL_CLOSE);
2766 * Wrapper around open_file_ntcreate and open_directory
2769 NTSTATUS create_file_unixpath(connection_struct *conn,
2770 struct smb_request *req,
2772 uint32_t access_mask,
2773 uint32_t share_access,
2774 uint32_t create_disposition,
2775 uint32_t create_options,
2776 uint32_t file_attributes,
2777 uint32_t oplock_request,
2778 SMB_BIG_UINT allocation_size,
2779 struct security_descriptor *sd,
2780 struct ea_list *ea_list,
2782 files_struct **result,
2784 SMB_STRUCT_STAT *psbuf)
2786 SMB_STRUCT_STAT sbuf;
2787 int info = FILE_WAS_OPENED;
2788 files_struct *base_fsp = NULL;
2789 files_struct *fsp = NULL;
2792 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2793 "file_attributes = 0x%x, share_access = 0x%x, "
2794 "create_disposition = 0x%x create_options = 0x%x "
2795 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2797 (unsigned int)access_mask,
2798 (unsigned int)file_attributes,
2799 (unsigned int)share_access,
2800 (unsigned int)create_disposition,
2801 (unsigned int)create_options,
2802 (unsigned int)oplock_request,
2803 ea_list, sd, fname));
2805 if (create_options & FILE_OPEN_BY_FILE_ID) {
2806 status = NT_STATUS_NOT_SUPPORTED;
2810 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2811 status = NT_STATUS_INVALID_PARAMETER;
2816 oplock_request |= INTERNAL_OPEN_ONLY;
2819 if (psbuf != NULL) {
2823 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2824 SET_STAT_INVALID(sbuf);
2828 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2829 && (access_mask & DELETE_ACCESS)
2830 && !is_ntfs_stream_name(fname)) {
2832 * We can't open a file with DELETE access if any of the
2833 * streams is open without FILE_SHARE_DELETE
2835 status = open_streams_for_delete(conn, fname);
2837 if (!NT_STATUS_IS_OK(status)) {
2842 /* This is the correct thing to do (check every time) but can_delete
2843 * is expensive (it may have to read the parent directory
2844 * permissions). So for now we're not doing it unless we have a strong
2845 * hint the client is really going to delete this file. If the client
2846 * is forcing FILE_CREATE let the filesystem take care of the
2849 /* Setting FILE_SHARE_DELETE is the hint. */
2851 if (lp_acl_check_permissions(SNUM(conn))
2852 && (create_disposition != FILE_CREATE)
2853 && (share_access & FILE_SHARE_DELETE)
2854 && (access_mask & DELETE_ACCESS)
2855 && (!(can_delete_file_in_directory(conn, fname) ||
2856 can_access_file_acl(conn, fname, DELETE_ACCESS)))) {
2857 status = NT_STATUS_ACCESS_DENIED;
2858 DEBUG(10,("create_file_unixpath: open file %s "
2859 "for delete ACCESS_DENIED\n", fname ));
2864 /* We need to support SeSecurityPrivilege for this. */
2865 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2866 !user_has_privileges(current_user.nt_user_token,
2868 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2873 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2874 && is_ntfs_stream_name(fname)
2875 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2877 uint32 base_create_disposition;
2879 if (create_options & FILE_DIRECTORY_FILE) {
2880 status = NT_STATUS_NOT_A_DIRECTORY;
2884 status = split_ntfs_stream_name(talloc_tos(), fname,
2886 if (!NT_STATUS_IS_OK(status)) {
2887 DEBUG(10, ("create_file_unixpath: "
2888 "split_ntfs_stream_name failed: %s\n",
2889 nt_errstr(status)));
2893 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2895 switch (create_disposition) {
2897 base_create_disposition = FILE_OPEN;
2900 base_create_disposition = FILE_OPEN_IF;
2904 status = create_file_unixpath(conn, NULL, base, 0,
2907 | FILE_SHARE_DELETE,
2908 base_create_disposition,
2909 0, 0, 0, 0, NULL, NULL,
2910 &base_fsp, NULL, NULL);
2911 if (!NT_STATUS_IS_OK(status)) {
2912 DEBUG(10, ("create_file_unixpath for base %s failed: "
2913 "%s\n", base, nt_errstr(status)));
2916 /* we don't need to low level fd */
2921 * If it's a request for a directory open, deal with it separately.
2924 if (create_options & FILE_DIRECTORY_FILE) {
2926 if (create_options & FILE_NON_DIRECTORY_FILE) {
2927 status = NT_STATUS_INVALID_PARAMETER;
2931 /* Can't open a temp directory. IFS kit test. */
2932 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2933 status = NT_STATUS_INVALID_PARAMETER;
2938 * We will get a create directory here if the Win32
2939 * app specified a security descriptor in the
2940 * CreateDirectory() call.
2944 status = open_directory(
2945 conn, req, fname, &sbuf, access_mask, share_access,
2946 create_disposition, create_options, file_attributes,
2951 * Ordinary file case.
2956 * We're opening the stream element of a base_fsp
2957 * we already opened. We need to initialize
2958 * the fsp first, and set up the base_fsp pointer.
2960 status = file_new(conn, &fsp);
2961 if(!NT_STATUS_IS_OK(status)) {
2965 fsp->base_fsp = base_fsp;
2967 status = open_file_ntcreate_internal(conn,
2980 if(!NT_STATUS_IS_OK(status)) {
2985 status = open_file_ntcreate(
2986 conn, req, fname, &sbuf, access_mask, share_access,
2987 create_disposition, create_options, file_attributes,
2988 oplock_request, &info, &fsp);
2991 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2993 /* A stream open never opens a directory */
2996 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3001 * Fail the open if it was explicitly a non-directory
3005 if (create_options & FILE_NON_DIRECTORY_FILE) {
3006 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3011 status = open_directory(
3012 conn, req, fname, &sbuf, access_mask,
3013 share_access, create_disposition,
3014 create_options, file_attributes,
3019 if (!NT_STATUS_IS_OK(status)) {
3023 fsp->base_fsp = base_fsp;
3026 * According to the MS documentation, the only time the security
3027 * descriptor is applied to the opened file is iff we *created* the
3028 * file; an existing file stays the same.
3030 * Also, it seems (from observation) that you can open the file with
3031 * any access mask but you can still write the sd. We need to override
3032 * the granted access before we call set_sd
3033 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3036 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3037 && lp_nt_acl_support(SNUM(conn))) {
3039 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
3040 uint32_t saved_access_mask = fsp->access_mask;
3042 if (sd->owner_sid == NULL) {
3043 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
3045 if (sd->group_sid == NULL) {
3046 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
3048 if (sd->sacl == NULL) {
3049 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
3051 if (sd->dacl == NULL) {
3052 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
3055 fsp->access_mask = FILE_GENERIC_ALL;
3057 /* Convert all the generic bits. */
3058 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3059 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3061 if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
3062 GROUP_SECURITY_INFORMATION|
3063 DACL_SECURITY_INFORMATION|
3064 SACL_SECURITY_INFORMATION)) {
3065 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3068 fsp->access_mask = saved_access_mask;
3070 if (!NT_STATUS_IS_OK(status)) {
3075 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
3076 status = set_ea(conn, fsp, fname, ea_list);
3077 if (!NT_STATUS_IS_OK(status)) {
3082 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
3083 status = NT_STATUS_ACCESS_DENIED;
3087 /* Save the requested allocation size. */
3088 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3090 && (allocation_size > sbuf.st_size)) {
3091 fsp->initial_allocation_size = smb_roundup(
3092 fsp->conn, allocation_size);
3093 if (fsp->is_directory) {
3094 /* Can't set allocation size on a directory. */
3095 status = NT_STATUS_ACCESS_DENIED;
3098 if (vfs_allocate_file_space(
3099 fsp, fsp->initial_allocation_size) == -1) {
3100 status = NT_STATUS_DISK_FULL;
3104 fsp->initial_allocation_size = smb_roundup(
3105 fsp->conn, (SMB_BIG_UINT)sbuf.st_size);
3109 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3112 if (pinfo != NULL) {
3115 if (psbuf != NULL) {
3116 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
3120 SMB_VFS_FSTAT(fsp, psbuf);
3123 return NT_STATUS_OK;
3126 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3129 if (base_fsp && fsp->base_fsp == base_fsp) {
3131 * The close_file below will close
3136 close_file(fsp, ERROR_CLOSE);
3139 if (base_fsp != NULL) {
3140 close_file(base_fsp, ERROR_CLOSE);
3146 NTSTATUS create_file(connection_struct *conn,
3147 struct smb_request *req,
3148 uint16_t root_dir_fid,
3150 uint32_t access_mask,
3151 uint32_t share_access,
3152 uint32_t create_disposition,
3153 uint32_t create_options,
3154 uint32_t file_attributes,
3155 uint32_t oplock_request,
3156 SMB_BIG_UINT allocation_size,
3157 struct security_descriptor *sd,
3158 struct ea_list *ea_list,
3160 files_struct **result,
3162 SMB_STRUCT_STAT *psbuf)
3164 struct case_semantics_state *case_state = NULL;
3165 SMB_STRUCT_STAT sbuf;
3166 int info = FILE_WAS_OPENED;
3167 files_struct *fsp = NULL;
3170 DEBUG(10,("create_file: access_mask = 0x%x "
3171 "file_attributes = 0x%x, share_access = 0x%x, "
3172 "create_disposition = 0x%x create_options = 0x%x "
3173 "oplock_request = 0x%x "
3174 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3176 (unsigned int)access_mask,
3177 (unsigned int)file_attributes,
3178 (unsigned int)share_access,
3179 (unsigned int)create_disposition,
3180 (unsigned int)create_options,
3181 (unsigned int)oplock_request,
3182 (unsigned int)root_dir_fid,
3183 ea_list, sd, fname));
3186 * Get the file name.
3189 if (root_dir_fid != 0) {
3191 * This filename is relative to a directory fid.
3193 char *parent_fname = NULL;
3194 files_struct *dir_fsp = file_fsp(root_dir_fid);
3196 if (dir_fsp == NULL) {
3197 status = NT_STATUS_INVALID_HANDLE;
3201 if (!dir_fsp->is_directory) {
3204 * Check to see if this is a mac fork of some kind.
3207 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3208 is_ntfs_stream_name(fname)) {
3209 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3214 we need to handle the case when we get a
3215 relative open relative to a file and the
3216 pathname is blank - this is a reopen!
3217 (hint from demyn plantenberg)
3220 status = NT_STATUS_INVALID_HANDLE;
3224 if (ISDOT(dir_fsp->fsp_name)) {
3226 * We're at the toplevel dir, the final file name
3227 * must not contain ./, as this is filtered out
3228 * normally by srvstr_get_path and unix_convert
3229 * explicitly rejects paths containing ./.
3231 parent_fname = talloc_strdup(talloc_tos(), "");
3232 if (parent_fname == NULL) {
3233 status = NT_STATUS_NO_MEMORY;
3237 size_t dir_name_len = strlen(dir_fsp->fsp_name);
3240 * Copy in the base directory name.
3243 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3245 if (parent_fname == NULL) {
3246 status = NT_STATUS_NO_MEMORY;
3249 memcpy(parent_fname, dir_fsp->fsp_name,
3253 * Ensure it ends in a '/'.
3254 * We used TALLOC_SIZE +2 to add space for the '/'.
3258 && (parent_fname[dir_name_len-1] != '\\')
3259 && (parent_fname[dir_name_len-1] != '/')) {
3260 parent_fname[dir_name_len] = '/';
3261 parent_fname[dir_name_len+1] = '\0';
3265 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3267 if (fname == NULL) {
3268 status = NT_STATUS_NO_MEMORY;
3274 * Check to see if this is a mac fork of some kind.
3277 if (is_ntfs_stream_name(fname)) {
3278 enum FAKE_FILE_TYPE fake_file_type;
3280 fake_file_type = is_fake_file(fname);
3282 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3285 * Here we go! support for changing the disk quotas
3288 * We need to fake up to open this MAGIC QUOTA file
3289 * and return a valid FID.
3291 * w2k close this file directly after openening xp
3292 * also tries a QUERY_FILE_INFO on the file and then
3295 status = open_fake_file(conn, req->vuid,
3296 fake_file_type, fname,
3298 if (!NT_STATUS_IS_OK(status)) {
3306 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3307 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3312 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3313 char *resolved_fname;
3315 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3318 if (!NT_STATUS_IS_OK(status)) {
3320 * For PATH_NOT_COVERED we had
3321 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3322 * ERRSRV, ERRbadpath);
3323 * Need to fix in callers
3327 fname = resolved_fname;
3331 * Check if POSIX semantics are wanted.
3334 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3335 case_state = set_posix_case_semantics(talloc_tos(), conn);
3336 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
3340 char *converted_fname;
3342 SET_STAT_INVALID(sbuf);
3344 status = unix_convert(talloc_tos(), conn, fname, False,
3345 &converted_fname, NULL, &sbuf);
3346 if (!NT_STATUS_IS_OK(status)) {
3349 fname = converted_fname;
3352 TALLOC_FREE(case_state);
3354 /* All file access must go through check_name() */
3356 status = check_name(conn, fname);
3357 if (!NT_STATUS_IS_OK(status)) {
3361 status = create_file_unixpath(
3362 conn, req, fname, access_mask, share_access,
3363 create_disposition, create_options, file_attributes,
3364 oplock_request, allocation_size, sd, ea_list,
3365 &fsp, &info, &sbuf);
3367 if (!NT_STATUS_IS_OK(status)) {
3372 DEBUG(10, ("create_file: info=%d\n", info));
3375 if (pinfo != NULL) {
3378 if (psbuf != NULL) {
3381 return NT_STATUS_OK;
3384 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3387 close_file(fsp, ERROR_CLOSE);
git.samba.org / samba.git / blob