NTSTATUS status;
struct security_descriptor *sd = NULL;
+ if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
+ *access_granted = access_mask;
+
+ DEBUG(10,("smbd_check_open_rights: not checking ACL "
+ "on DELETE_ACCESS on file %s. Granting 0x%x\n",
+ smb_fname_str_dbg(smb_fname),
+ (unsigned int)*access_granted ));
+ return NT_STATUS_OK;
+ }
+
+ if (access_mask == DELETE_ACCESS &&
+ VALID_STAT(smb_fname->st) &&
+ S_ISLNK(smb_fname->st.st_ex_mode)) {
+ /* We can always delete a symlink. */
+ DEBUG(10,("smbd_check_open_rights: not checking ACL "
+ "on DELETE_ACCESS on symlink %s.\n",
+ smb_fname_str_dbg(smb_fname) ));
+ return NT_STATUS_OK;
+ }
+
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
"was %s\n", fsp_str_dbg(fsp),
(unsigned int)smb_fname_parent->st.st_ex_uid,
strerror(errno) ));
- }
-
- DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
+ } else {
+ DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
"parent directory uid %u.\n", fsp_str_dbg(fsp),
(unsigned int)smb_fname_parent->st.st_ex_uid));
+ /* Ensure the uid entry is updated. */
+ fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
+ }
+
TALLOC_FREE(smb_fname_parent);
}
/* Ensure we're pointing at the same place. */
if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
- smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino ||
- smb_fname_cwd->st.st_ex_mode != psbuf->st_ex_mode ) {
+ smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
DEBUG(0,("change_dir_owner_to_parent: "
- "device/inode/mode on directory %s changed. "
+ "device/inode on directory %s changed. "
"Refusing to chown !\n", fname ));
status = NT_STATUS_ACCESS_DENIED;
goto chdir;
"directory %s to parent directory uid %u.\n",
fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
+ /* Ensure the uid entry is updated. */
+ psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid;
+
chdir:
vfs_ChDir(conn,saved_dir);
out:
int accmode = (flags & O_ACCMODE);
int local_flags = flags;
bool file_existed = VALID_STAT(fsp->fsp_name->st);
+ bool file_created = false;
fsp->fh->fd = -1;
errno = EPERM;
}
if ((local_flags & O_CREAT) && !file_existed) {
-
- /* Inherit the ACL if required */
- if (lp_inherit_perms(SNUM(conn))) {
- inherit_access_posix_acl(conn, parent_dir,
- smb_fname->base_name,
- unx_mode);
- }
-
- /* Change the owner if required. */
- if (lp_inherit_owner(SNUM(conn))) {
- change_file_owner_to_parent(conn, parent_dir,
- fsp);
- }
-
- notify_fname(conn, NOTIFY_ACTION_ADDED,
- FILE_NOTIFY_CHANGE_FILE_NAME,
- smb_fname->base_name);
+ file_created = true;
}
} else {
fd_close(fsp);
return status;
}
+
+ if (file_created) {
+ /* Do all inheritance work after we've
+ done a successful stat call and filled
+ in the stat struct in fsp->fsp_name. */
+
+ /* Inherit the ACL if required */
+ if (lp_inherit_perms(SNUM(conn))) {
+ inherit_access_posix_acl(conn, parent_dir,
+ smb_fname->base_name,
+ unx_mode);
+ }
+
+ /* Change the owner if required. */
+ if (lp_inherit_owner(SNUM(conn))) {
+ change_file_owner_to_parent(conn, parent_dir,
+ fsp);
+ }
+
+ notify_fname(conn, NOTIFY_ACTION_ADDED,
+ FILE_NOTIFY_CHANGE_FILE_NAME,
+ smb_fname->base_name);
+ }
}
/*
return NT_STATUS_OK;
}
-/*******************************************************************
- Return True if the filename is one of the special executable types.
-********************************************************************/
-
-bool is_executable(const char *fname)
-{
- if ((fname = strrchr_m(fname,'.'))) {
- if (strequal(fname,".com") ||
- strequal(fname,".dll") ||
- strequal(fname,".exe") ||
- strequal(fname,".sym")) {
- return True;
- }
- }
- return False;
-}
-
/****************************************************************************
Check if we can open a file with a share mode.
Returns True if conflict, False if not.
return NT_STATUS_OK;
}
-static bool is_delete_request(files_struct *fsp) {
- return ((fsp->access_mask == DELETE_ACCESS) &&
- (fsp->oplock_type == NO_OPLOCK));
-}
-
/*
* Send a break message to the oplock holder and delay the open for
* our client.
}
if (exclusive != NULL) { /* Found an exclusive oplock */
- bool delay_it = is_delete_request(fsp) ?
- BATCH_OPLOCK_TYPE(exclusive->op_type) : true;
SMB_ASSERT(!have_level2);
- if (delay_it) {
- send_break_message(fsp, exclusive, mid, oplock_request);
- return true;
- }
+ send_break_message(fsp, exclusive, mid, oplock_request);
+ return true;
}
/*
create_options, fsp_to_dup_into);
}
-/****************************************************************************
- Open a file with a share mode - old openX method - map into NTCreate.
-****************************************************************************/
-
-bool map_open_params_to_ntcreate(const struct smb_filename *smb_fname,
- int deny_mode, int open_func,
- uint32 *paccess_mask,
- uint32 *pshare_mode,
- uint32 *pcreate_disposition,
- uint32 *pcreate_options)
-{
- uint32 access_mask;
- uint32 share_mode;
- uint32 create_disposition;
- uint32 create_options = FILE_NON_DIRECTORY_FILE;
-
- DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
- "open_func = 0x%x\n",
- smb_fname_str_dbg(smb_fname), (unsigned int)deny_mode,
- (unsigned int)open_func ));
-
- /* Create the NT compatible access_mask. */
- switch (GET_OPENX_MODE(deny_mode)) {
- case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
- case DOS_OPEN_RDONLY:
- access_mask = FILE_GENERIC_READ;
- break;
- case DOS_OPEN_WRONLY:
- access_mask = FILE_GENERIC_WRITE;
- break;
- case DOS_OPEN_RDWR:
- case DOS_OPEN_FCB:
- access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
- break;
- default:
- DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
- (unsigned int)GET_OPENX_MODE(deny_mode)));
- return False;
- }
-
- /* Create the NT compatible create_disposition. */
- switch (open_func) {
- case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
- create_disposition = FILE_CREATE;
- break;
-
- case OPENX_FILE_EXISTS_OPEN:
- create_disposition = FILE_OPEN;
- break;
-
- case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
- create_disposition = FILE_OPEN_IF;
- break;
-
- case OPENX_FILE_EXISTS_TRUNCATE:
- create_disposition = FILE_OVERWRITE;
- break;
-
- case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
- create_disposition = FILE_OVERWRITE_IF;
- break;
-
- default:
- /* From samba4 - to be confirmed. */
- if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
- create_disposition = FILE_CREATE;
- break;
- }
- DEBUG(10,("map_open_params_to_ntcreate: bad "
- "open_func 0x%x\n", (unsigned int)open_func));
- return False;
- }
-
- /* Create the NT compatible share modes. */
- switch (GET_DENY_MODE(deny_mode)) {
- case DENY_ALL:
- share_mode = FILE_SHARE_NONE;
- break;
-
- case DENY_WRITE:
- share_mode = FILE_SHARE_READ;
- break;
-
- case DENY_READ:
- share_mode = FILE_SHARE_WRITE;
- break;
-
- case DENY_NONE:
- share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
- break;
-
- case DENY_DOS:
- create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
- if (is_executable(smb_fname->base_name)) {
- share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
- } else {
- if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
- share_mode = FILE_SHARE_READ;
- } else {
- share_mode = FILE_SHARE_NONE;
- }
- }
- break;
-
- case DENY_FCB:
- create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
- share_mode = FILE_SHARE_NONE;
- break;
-
- default:
- DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
- (unsigned int)GET_DENY_MODE(deny_mode) ));
- return False;
- }
-
- DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
- "share_mode = 0x%x, create_disposition = 0x%x, "
- "create_options = 0x%x\n",
- smb_fname_str_dbg(smb_fname),
- (unsigned int)access_mask,
- (unsigned int)share_mode,
- (unsigned int)create_disposition,
- (unsigned int)create_options ));
-
- if (paccess_mask) {
- *paccess_mask = access_mask;
- }
- if (pshare_mode) {
- *pshare_mode = share_mode;
- }
- if (pcreate_disposition) {
- *pcreate_disposition = create_disposition;
- }
- if (pcreate_options) {
- *pcreate_options = create_options;
- }
-
- return True;
-
-}
-
static void schedule_defer_open(struct share_mode_lock *lck,
struct timeval request_time,
struct smb_request *req)
ZERO_STRUCT(id);
- /* Windows allows a new file to be created and
- silently removes a FILE_ATTRIBUTE_DIRECTORY
- sent by the client. Do the same. */
-
- new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
-
if (conn->printer) {
/*
* Printers are handled completely differently.
unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
new_dos_attributes = 0;
} else {
+ /* Windows allows a new file to be created and
+ silently removes a FILE_ATTRIBUTE_DIRECTORY
+ sent by the client. Do the same. */
+
+ new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
+
/* We add aARCH to this as this mode is only used if the file is
* created new. */
unx_mode = unix_mode(conn, new_dos_attributes | aARCH,
remove_deferred_open_smb_message(req->mid);
}
- status = check_name(conn, smb_fname->base_name);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
if (!posix_open) {
new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
if (file_existed) {
char *parent_dir;
NTSTATUS status;
bool posix_open = false;
+ bool need_re_stat = false;
if(!CAN_WRITE(conn)) {
DEBUG(5,("mkdir_internal: failing create on read-only share "
if (lp_inherit_perms(SNUM(conn))) {
inherit_access_posix_acl(conn, parent_dir,
smb_dname->base_name, mode);
+ need_re_stat = true;
}
if (!posix_open) {
SMB_VFS_CHMOD(conn, smb_dname->base_name,
(smb_dname->st.st_ex_mode |
(mode & ~smb_dname->st.st_ex_mode)));
+ need_re_stat = true;
}
}
change_dir_owner_to_parent(conn, parent_dir,
smb_dname->base_name,
&smb_dname->st);
+ need_re_stat = true;
+ }
+
+ if (need_re_stat) {
+ if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
+ DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
+ smb_fname_str_dbg(smb_dname), strerror(errno)));
+ return map_nt_error_from_unix(errno);
+ }
}
notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
- /* Ensure we have a directory attribute. */
- file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
+ if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
+ /* Ensure we have a directory attribute. */
+ file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
+ }
DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
"share_access = 0x%x create_options = 0x%x, "
/* Setting FILE_SHARE_DELETE is the hint. */
- if (lp_acl_check_permissions(SNUM(conn))
- && (create_disposition != FILE_CREATE)
- && (share_access & FILE_SHARE_DELETE)
+ if ((create_disposition != FILE_CREATE)
&& (access_mask & DELETE_ACCESS)
&& (!(can_delete_file_in_directory(conn, smb_fname) ||
can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {
}
}
- /* All file access must go through check_name() */
-
- status = check_name(conn, smb_fname->base_name);
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
- }
-
status = create_file_unixpath(
conn, req, smb_fname, access_mask, share_access,
create_disposition, create_options, file_attributes,
git.samba.org / samba.git / blobdiff