2 Unix SMB/CIFS implementation.
3 filename handling routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 1999-2007
6 Copyright (C) Ying Chen 2000
7 Copyright (C) Volker Lendecke 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 * New hash table stat cache code added by Ying Chen.
28 #include "system/filesys.h"
29 #include "fake_file.h"
30 #include "smbd/smbd.h"
31 #include "smbd/globals.h"
32 #include "lib/util/memcache.h"
33 #include "libcli/smb/reparse_symlink.h"
35 uint32_t ucf_flags_from_smb_request(struct smb_request *req)
37 uint32_t ucf_flags = 0;
43 if (req->posix_pathnames) {
44 ucf_flags |= UCF_POSIX_PATHNAMES;
46 if (!req->sconn->using_smb2) {
47 ucf_flags |= UCF_LCOMP_LNK_OK;
50 if (req->flags2 & FLAGS2_DFS_PATHNAMES) {
51 ucf_flags |= UCF_DFS_PATHNAME;
53 if (req->flags2 & FLAGS2_REPARSE_PATH) {
54 ucf_flags |= UCF_GMT_PATHNAME;
60 uint32_t filename_create_ucf_flags(struct smb_request *req, uint32_t create_disposition)
62 uint32_t ucf_flags = 0;
64 ucf_flags |= ucf_flags_from_smb_request(req);
66 switch (create_disposition) {
73 case FILE_OVERWRITE_IF:
74 ucf_flags |= UCF_PREP_CREATEFILE;
81 /****************************************************************************
82 Mangle the 2nd name and check if it is then equal to the first name.
83 ****************************************************************************/
85 static bool mangled_equal(const char *name1,
87 const struct share_params *p)
91 if (!name_to_8_3(name2, mname, False, p)) {
94 return strequal(name1, mname);
98 * Strip a valid @GMT-token from any incoming filename path,
99 * adding any NTTIME encoded in the pathname into the
100 * twrp field of the passed in smb_fname.
102 * Valid @GMT-tokens look like @GMT-YYYY-MM-DD-HH-MM-SS
103 * at the *start* of a pathname component.
105 * If twrp is passed in then smb_fname->twrp is set to that
106 * value, and the @GMT-token part of the filename is removed
107 * and does not change the stored smb_fname->twrp.
111 NTSTATUS canonicalize_snapshot_path(struct smb_filename *smb_fname,
118 smb_fname->twrp = twrp;
121 if (!(ucf_flags & UCF_GMT_PATHNAME)) {
125 found = extract_snapshot_token(smb_fname->base_name, &twrp);
130 if (smb_fname->twrp == 0) {
131 smb_fname->twrp = twrp;
137 static bool strnorm(char *s, int case_default)
139 if (case_default == CASE_UPPER)
140 return strupper_m(s);
142 return strlower_m(s);
146 * Utility function to normalize case on an incoming client filename
147 * if required on this connection struct.
148 * Performs an in-place case conversion guaranteed to stay the same size.
151 static NTSTATUS normalize_filename_case(connection_struct *conn,
157 if (ucf_flags & UCF_POSIX_PATHNAMES) {
159 * POSIX never normalizes filename case.
163 if (!conn->case_sensitive) {
166 if (conn->case_preserve) {
169 if (conn->short_case_preserve) {
172 ok = strnorm(filename, lp_default_case(SNUM(conn)));
174 return NT_STATUS_INVALID_PARAMETER;
179 /****************************************************************************
180 Check if two filenames are equal.
181 This needs to be careful about whether we are case sensitive.
182 ****************************************************************************/
184 static bool fname_equal(const char *name1, const char *name2,
187 /* Normal filename handling */
188 if (case_sensitive) {
189 return(strcmp(name1,name2) == 0);
192 return(strequal(name1,name2));
195 static bool sname_equal(const char *name1, const char *name2,
199 const char *s1 = NULL;
200 const char *s2 = NULL;
203 const char *e1 = NULL;
204 const char *e2 = NULL;
208 match = fname_equal(name1, name2, case_sensitive);
213 if (name1[0] != ':') {
216 if (name2[0] != ':') {
220 e1 = strchr(s1, ':');
224 n1 = PTR_DIFF(e1, s1);
227 e2 = strchr(s2, ':');
231 n2 = PTR_DIFF(e2, s2);
234 /* Normal filename handling */
235 if (case_sensitive) {
236 return (strncmp(s1, s2, n1) == 0);
240 * We can't use strnequal() here
241 * as it takes the number of codepoints
242 * and not the number of bytes.
244 * So we make a copy before calling
247 * Note that we TALLOC_FREE() in reverse order
248 * in order to avoid memory fragmentation.
251 c1 = talloc_strndup(talloc_tos(), s1, n1);
252 c2 = talloc_strndup(talloc_tos(), s2, n2);
253 if (c1 == NULL || c2 == NULL) {
256 return (strncmp(s1, s2, n1) == 0);
259 match = strequal(c1, c2);
265 /****************************************************************************
266 Scan a directory to find a filename, matching without case sensitivity.
267 If the name looks like a mangled name then try via the mangling functions
268 ****************************************************************************/
270 NTSTATUS get_real_filename_full_scan_at(struct files_struct *dirfsp,
276 struct connection_struct *conn = dirfsp->conn;
277 struct smb_Dir *cur_dir = NULL;
278 const char *dname = NULL;
279 char *talloced = NULL;
280 char *unmangled_name = NULL;
283 /* If we have a case-sensitive filesystem, it doesn't do us any
284 * good to search for a name. If a case variation of the name was
285 * there, then the original stat(2) would have found it.
287 if (!mangled && !(conn->fs_capabilities & FILE_CASE_SENSITIVE_SEARCH)) {
288 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
292 * The incoming name can be mangled, and if we de-mangle it
293 * here it will not compare correctly against the filename (name2)
294 * read from the directory and then mangled by the name_to_8_3()
295 * call. We need to mangle both names or neither.
298 * Fix for bug found by Dina Fine. If in case sensitive mode then
299 * the mangle cache is no good (3 letter extension could be wrong
300 * case - so don't demangle in this case - leave as mangled and
301 * allow the mangling of the directory entry read (which is done
302 * case insensitively) to match instead. This will lead to more
303 * false positive matches but we fail completely without it. JRA.
306 if (mangled && !conn->case_sensitive) {
307 mangled = !mangle_lookup_name_from_8_3(talloc_tos(), name,
311 /* Name is now unmangled. */
312 name = unmangled_name;
316 /* open the directory */
317 status = OpenDir_from_pathref(talloc_tos(), dirfsp, NULL, 0, &cur_dir);
318 if (!NT_STATUS_IS_OK(status)) {
319 DBG_NOTICE("scan dir didn't open dir [%s]: %s\n",
322 TALLOC_FREE(unmangled_name);
326 /* now scan for matching names */
327 while ((dname = ReadDirName(cur_dir, &talloced))) {
329 /* Is it dot or dot dot. */
330 if (ISDOT(dname) || ISDOTDOT(dname)) {
331 TALLOC_FREE(talloced);
336 * At this point dname is the unmangled name.
337 * name is either mangled or not, depending on the state
338 * of the "mangled" variable. JRA.
342 * Check mangled name against mangled name, or unmangled name
343 * against unmangled name.
346 if ((mangled && mangled_equal(name,dname,conn->params)) ||
347 fname_equal(name, dname, conn->case_sensitive)) {
348 /* we've found the file, change it's name and return */
349 *found_name = talloc_strdup(mem_ctx, dname);
350 TALLOC_FREE(unmangled_name);
351 TALLOC_FREE(cur_dir);
353 TALLOC_FREE(talloced);
354 return NT_STATUS_NO_MEMORY;
356 TALLOC_FREE(talloced);
359 TALLOC_FREE(talloced);
362 TALLOC_FREE(unmangled_name);
363 TALLOC_FREE(cur_dir);
364 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
367 /****************************************************************************
368 Wrapper around the vfs get_real_filename and the full directory scan
370 ****************************************************************************/
372 NTSTATUS get_real_filename_at(struct files_struct *dirfsp,
377 struct connection_struct *conn = dirfsp->conn;
381 mangled = mangle_is_mangled(name, conn->params);
384 status = get_real_filename_full_scan_at(
385 dirfsp, name, mangled, mem_ctx, found_name);
389 /* Try the vfs first to take advantage of case-insensitive stat. */
390 status = SMB_VFS_GET_REAL_FILENAME_AT(
391 dirfsp->conn, dirfsp, name, mem_ctx, found_name);
394 * If the case-insensitive stat was successful, or returned an error
395 * other than EOPNOTSUPP then there is no need to fall back on the
396 * full directory scan.
398 if (NT_STATUS_IS_OK(status) ||
399 !NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
403 status = get_real_filename_full_scan_at(
404 dirfsp, name, mangled, mem_ctx, found_name);
409 * Create the memcache-key for GETREALFILENAME_CACHE: This supplements
410 * the stat cache for the last component to be looked up. Cache
411 * contents is the correctly capitalized translation of the parameter
412 * "name" as it exists on disk. This is indexed by inode of the dirfsp
413 * and name, and contrary to stat_cahce_lookup() it does not
414 * vfs_stat() the last component. This will be taken care of by an
415 * attempt to do a openat_pathref_fsp().
417 static bool get_real_filename_cache_key(
419 struct files_struct *dirfsp,
423 struct file_id fid = vfs_file_id_from_sbuf(
424 dirfsp->conn, &dirfsp->fsp_name->st);
427 size_t namelen, keylen;
429 upper = talloc_strdup_upper(mem_ctx, name);
433 namelen = talloc_get_size(upper);
435 keylen = namelen + sizeof(fid);
436 if (keylen < sizeof(fid)) {
441 key = talloc_size(mem_ctx, keylen);
447 memcpy(key, &fid, sizeof(fid));
448 memcpy(key + sizeof(fid), upper, namelen);
451 *_key = (DATA_BLOB) { .data = key, .length = keylen, };
456 * Lightweight function to just get last component
457 * for rename / enumerate directory calls.
460 char *get_original_lcomp(TALLOC_CTX *ctx,
461 connection_struct *conn,
462 const char *filename_in,
465 char *last_slash = NULL;
469 last_slash = strrchr(filename_in, '/');
470 if (last_slash != NULL) {
471 orig_lcomp = talloc_strdup(ctx, last_slash+1);
473 orig_lcomp = talloc_strdup(ctx, filename_in);
475 if (orig_lcomp == NULL) {
478 status = normalize_filename_case(conn, orig_lcomp, ucf_flags);
479 if (!NT_STATUS_IS_OK(status)) {
480 TALLOC_FREE(orig_lcomp);
487 * Deal with the SMB1 semantics of sending a pathname with a
488 * wildcard as the terminal component for a SMB1search or
492 NTSTATUS filename_convert_smb1_search_path(TALLOC_CTX *ctx,
493 connection_struct *conn,
496 struct files_struct **_dirfsp,
497 struct smb_filename **_smb_fname_out,
503 struct smb_filename *smb_fname = NULL;
506 *_smb_fname_out = NULL;
510 DBG_DEBUG("name_in: %s\n", name_in);
512 if (ucf_flags & UCF_GMT_PATHNAME) {
513 extract_snapshot_token(name_in, &twrp);
514 ucf_flags &= ~UCF_GMT_PATHNAME;
517 /* Get the original lcomp. */
518 mask = get_original_lcomp(ctx,
523 return NT_STATUS_NO_MEMORY;
526 if (mask[0] == '\0') {
527 /* Windows and OS/2 systems treat search on the root as * */
529 mask = talloc_strdup(ctx, "*");
531 return NT_STATUS_NO_MEMORY;
535 DBG_DEBUG("mask = %s\n", mask);
538 * Remove the terminal component so
539 * filename_convert_dirfsp never sees the mask.
541 p = strrchr_m(name_in,'/');
543 /* filename_convert_dirfsp handles a '\0' name. */
549 DBG_DEBUG("For filename_convert_dirfsp: name_in = %s\n",
552 /* Convert the parent directory path. */
553 status = filename_convert_dirfsp(ctx,
561 if (!NT_STATUS_IS_OK(status)) {
562 DBG_DEBUG("filename_convert error for %s: %s\n",
567 *_smb_fname_out = talloc_move(ctx, &smb_fname);
568 *_mask_out = talloc_move(ctx, &mask);
574 * Get the correct capitalized stream name hanging off
575 * base_fsp. Equivalent of get_real_filename(), but for streams.
577 static NTSTATUS get_real_stream_name(
579 struct files_struct *base_fsp,
580 const char *stream_name,
583 unsigned int i, num_streams = 0;
584 struct stream_struct *streams = NULL;
587 status = vfs_fstreaminfo(
588 base_fsp, talloc_tos(), &num_streams, &streams);
589 if (!NT_STATUS_IS_OK(status)) {
593 for (i=0; i<num_streams; i++) {
594 bool equal = sname_equal(stream_name, streams[i].name, false);
596 DBG_DEBUG("comparing [%s] and [%s]: %sequal\n",
599 equal ? "" : "not ");
602 *_found = talloc_move(mem_ctx, &streams[i].name);
603 TALLOC_FREE(streams);
608 TALLOC_FREE(streams);
609 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
612 static bool filename_split_lcomp(
617 const char **_fname_rel,
618 const char **_streamname)
620 const char *lcomp = NULL;
621 const char *fname_rel = NULL;
622 const char *streamname = NULL;
623 char *dirname = NULL;
625 if (name_in[0] == '\0') {
627 dirname = talloc_strdup(mem_ctx, "");
628 if (dirname == NULL) {
634 lcomp = strrchr_m(name_in, '/');
637 dirname = talloc_strndup(mem_ctx, name_in, lcomp - name_in);
638 if (dirname == NULL) {
645 * No slash, dir is empty
647 dirname = talloc_strdup(mem_ctx, "");
648 if (dirname == NULL) {
652 if (!posix && (name_in[0] == ':')) {
654 * Special case for stream on root directory
657 streamname = name_in;
665 streamname = strchr_m(fname_rel, ':');
667 if (streamname != NULL) {
668 fname_rel = talloc_strndup(
671 streamname - fname_rel);
672 if (fname_rel == NULL) {
673 TALLOC_FREE(dirname);
681 *_fname_rel = fname_rel;
682 *_streamname = streamname;
687 * Create the correct capitalization of a file name to be created.
689 static NTSTATUS filename_convert_normalize_new(
691 struct connection_struct *conn,
695 char *name = name_in;
699 if (!conn->case_preserve ||
700 (mangle_is_8_3(name, false,
702 !conn->short_case_preserve)) {
704 char *normalized = talloc_strdup(mem_ctx, name);
705 if (normalized == NULL) {
706 return NT_STATUS_NO_MEMORY;
709 strnorm(normalized, lp_default_case(SNUM(conn)));
713 if (mangle_is_mangled(name, conn->params)) {
715 char *unmangled = NULL;
717 found = mangle_lookup_name_from_8_3(
718 mem_ctx, name, &unmangled, conn->params);
724 if (name != name_in) {
732 * Open smb_fname_rel->fsp as a pathref fsp with a case insensitive
733 * fallback using GETREALFILENAME_CACHE and get_real_filename_at() if
734 * the first attempt based on the filename sent by the client gives
737 static NTSTATUS openat_pathref_fsp_case_insensitive(
738 struct files_struct *dirfsp,
739 struct smb_filename *smb_fname_rel,
742 const bool posix = (ucf_flags & UCF_POSIX_PATHNAMES);
743 DATA_BLOB cache_key = { .data = NULL, };
744 char *found_name = NULL;
748 SET_STAT_INVALID(smb_fname_rel->st);
750 /* Check veto files - only looks at last component. */
751 if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) {
752 DBG_DEBUG("veto files rejecting last component %s\n",
753 smb_fname_str_dbg(smb_fname_rel));
754 return NT_STATUS_NETWORK_OPEN_RESTRICTION;
757 status = openat_pathref_fsp(dirfsp, smb_fname_rel);
759 if (NT_STATUS_IS_OK(status)) {
763 if (VALID_STAT(smb_fname_rel->st)) {
765 * We got an error although the object existed. Might
766 * be a symlink we don't want.
771 if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
773 * Only retry on ENOENT
778 if (posix || dirfsp->conn->case_sensitive) {
780 * Only return case insensitive if required
785 if (lp_stat_cache()) {
786 char *base_name = smb_fname_rel->base_name;
787 DATA_BLOB value = { .data = NULL };
789 ok = get_real_filename_cache_key(
790 talloc_tos(), dirfsp, base_name, &cache_key);
793 * probably ENOMEM, just bail
798 DO_PROFILE_INC(statcache_lookups);
800 ok = memcache_lookup(
801 NULL, GETREALFILENAME_CACHE, cache_key, &value);
803 DO_PROFILE_INC(statcache_misses);
806 DO_PROFILE_INC(statcache_hits);
808 TALLOC_FREE(smb_fname_rel->base_name);
809 smb_fname_rel->base_name = talloc_memdup(
810 smb_fname_rel, value.data, value.length);
811 if (smb_fname_rel->base_name == NULL) {
812 TALLOC_FREE(cache_key.data);
813 return NT_STATUS_NO_MEMORY;
816 if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) {
817 DBG_DEBUG("veto files rejecting last component %s\n",
818 smb_fname_str_dbg(smb_fname_rel));
819 TALLOC_FREE(cache_key.data);
820 return NT_STATUS_NETWORK_OPEN_RESTRICTION;
823 status = openat_pathref_fsp(dirfsp, smb_fname_rel);
824 if (NT_STATUS_IS_OK(status)) {
825 TALLOC_FREE(cache_key.data);
829 memcache_delete(NULL, GETREALFILENAME_CACHE, cache_key);
833 status = get_real_filename_at(
834 dirfsp, smb_fname_rel->base_name, smb_fname_rel, &found_name);
835 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
836 (ucf_flags & UCF_PREP_CREATEFILE)) {
840 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
843 if (NT_STATUS_IS_OK(status)) {
844 TALLOC_FREE(smb_fname_rel->base_name);
845 smb_fname_rel->base_name = found_name;
847 if (IS_VETO_PATH(dirfsp->conn, smb_fname_rel->base_name)) {
848 DBG_DEBUG("veto files rejecting last component %s\n",
849 smb_fname_str_dbg(smb_fname_rel));
850 return NT_STATUS_NETWORK_OPEN_RESTRICTION;
853 status = openat_pathref_fsp(dirfsp, smb_fname_rel);
856 if (NT_STATUS_IS_OK(status) && (cache_key.data != NULL)) {
858 .data = (uint8_t *)smb_fname_rel->base_name,
859 .length = strlen(smb_fname_rel->base_name) + 1,
862 memcache_add(NULL, GETREALFILENAME_CACHE, cache_key, value);
865 TALLOC_FREE(cache_key.data);
870 static const char *previous_slash(const char *name_in, const char *slash)
872 const char *prev = name_in;
875 const char *next = strchr_m(prev, '/');
877 SMB_ASSERT(next != NULL); /* we have at least one slash */
886 if (prev == name_in) {
887 /* no previous slash */
894 static char *symlink_target_path(
897 const char *substitute,
900 size_t name_in_len = strlen(name_in);
901 const char *p_unparsed = NULL;
902 const char *parent = NULL;
905 SMB_ASSERT(unparsed <= name_in_len);
907 p_unparsed = name_in + (name_in_len - unparsed);
909 if (substitute[0] == '/') {
910 ret = talloc_asprintf(mem_ctx, "%s%s", substitute, p_unparsed);
915 parent = strrchr_m(name_in, '/');
917 parent = previous_slash(name_in, p_unparsed);
920 if (parent == NULL) {
921 /* no previous slash */
925 ret = talloc_asprintf(
928 (int)(parent - name_in),
935 static NTSTATUS safe_symlink_target_path(
937 const char *connectpath,
939 const char *substitute,
944 char *abs_target = NULL;
945 char *abs_target_canon = NULL;
946 const char *relative = NULL;
947 char *name_out = NULL;
948 NTSTATUS status = NT_STATUS_NO_MEMORY;
951 target = symlink_target_path(mem_ctx, name_in, substitute, unparsed);
952 if (target == NULL) {
956 DBG_DEBUG("name_in: %s, substitute: %s, unparsed: %zu, target=%s\n",
962 if (target[0] == '/') {
965 abs_target = talloc_asprintf(
966 target, "%s/%s", connectpath, target);
967 if (abs_target == NULL) {
972 abs_target_canon = canonicalize_absolute_path(target, abs_target);
973 if (abs_target_canon == NULL) {
977 DBG_DEBUG("abs_target_canon=%s\n", abs_target_canon);
979 in_share = subdir_of(
980 connectpath, strlen(connectpath), abs_target_canon, &relative);
982 DBG_DEBUG("wide link to %s\n", abs_target_canon);
983 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
987 name_out = talloc_strdup(mem_ctx, relative);
988 if (name_out == NULL) {
992 status = NT_STATUS_OK;
993 *_name_out = name_out;
1000 * Split up name_in as sent by the client into a directory pathref fsp
1001 * and a relative smb_filename.
1003 static NTSTATUS filename_convert_dirfsp_nosymlink(
1004 TALLOC_CTX *mem_ctx,
1005 connection_struct *conn,
1006 const char *name_in,
1009 struct files_struct **_dirfsp,
1010 struct smb_filename **_smb_fname,
1014 struct smb_filename *smb_dirname = NULL;
1015 struct smb_filename *smb_fname_rel = NULL;
1016 struct smb_filename *smb_fname = NULL;
1017 const bool posix = (ucf_flags & UCF_POSIX_PATHNAMES);
1018 char *dirname = NULL;
1019 const char *fname_rel = NULL;
1020 const char *streamname = NULL;
1021 char *saved_streamname = NULL;
1022 struct files_struct *base_fsp = NULL;
1024 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1026 SMB_ASSERT(!(ucf_flags & UCF_DFS_PATHNAME));
1028 if (is_fake_file_path(name_in)) {
1029 smb_fname = synthetic_smb_fname_split(mem_ctx, name_in, posix);
1030 if (smb_fname == NULL) {
1031 return NT_STATUS_NO_MEMORY;
1033 smb_fname->st = (SMB_STRUCT_STAT) { .st_ex_nlink = 1 };
1034 smb_fname->st.st_ex_btime =
1035 (struct timespec){0, SAMBA_UTIME_OMIT};
1036 smb_fname->st.st_ex_atime =
1037 (struct timespec){0, SAMBA_UTIME_OMIT};
1038 smb_fname->st.st_ex_mtime =
1039 (struct timespec){0, SAMBA_UTIME_OMIT};
1040 smb_fname->st.st_ex_ctime =
1041 (struct timespec){0, SAMBA_UTIME_OMIT};
1043 *_dirfsp = conn->cwd_fsp;
1044 *_smb_fname = smb_fname;
1045 return NT_STATUS_OK;
1049 * Catch an invalid path of "." before we
1050 * call filename_split_lcomp(). We need to
1051 * do this as filename_split_lcomp() will
1052 * use "." for the missing relative component
1053 * when an empty name_in path is sent by
1056 if (ISDOT(name_in)) {
1057 status = NT_STATUS_OBJECT_NAME_INVALID;
1061 ok = filename_split_lcomp(
1069 status = NT_STATUS_NO_MEMORY;
1073 if ((streamname != NULL) &&
1074 ((conn->fs_capabilities & FILE_NAMED_STREAMS) == 0)) {
1075 status = NT_STATUS_OBJECT_NAME_INVALID;
1080 bool name_has_wild = ms_has_wild(dirname);
1081 name_has_wild |= ms_has_wild(fname_rel);
1082 if (name_has_wild) {
1083 status = NT_STATUS_OBJECT_NAME_INVALID;
1088 if (dirname[0] == '\0') {
1089 status = synthetic_pathref(
1096 posix ? SMB_FILENAME_POSIX_PATH : 0,
1099 struct open_symlink_err *symlink_err = NULL;
1101 status = normalize_filename_case(conn, dirname, ucf_flags);
1102 if (!NT_STATUS_IS_OK(status)) {
1103 DBG_ERR("normalize_filename_case %s failed: %s\n",
1109 status = openat_pathref_fsp_nosymlink(mem_ctx,
1118 if (NT_STATUS_EQUAL(status, NT_STATUS_STOPPED_ON_SYMLINK)) {
1119 size_t name_in_len, dirname_len;
1121 if (lp_host_msdfs() && lp_msdfs_root(SNUM(conn)) &&
1122 strnequal(symlink_err->reparse->substitute_name,
1125 status = NT_STATUS_PATH_NOT_COVERED;
1129 name_in_len = strlen(name_in);
1130 dirname_len = strlen(dirname);
1132 SMB_ASSERT(name_in_len >= dirname_len);
1134 *_substitute = talloc_move(
1136 &symlink_err->reparse->substitute_name);
1137 *_unparsed = symlink_err->unparsed +
1138 (name_in_len - dirname_len);
1144 if (!NT_STATUS_IS_OK(status)) {
1145 DBG_DEBUG("opening directory %s failed: %s\n",
1148 TALLOC_FREE(dirname);
1150 if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1152 * Except ACCESS_DENIED, everything else leads
1153 * to PATH_NOT_FOUND.
1155 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
1161 if (!VALID_STAT_OF_DIR(smb_dirname->st)) {
1162 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
1165 smb_dirname->fsp->fsp_flags.is_directory = true;
1168 * Only look at bad last component values
1169 * once we know we have a valid directory. That
1170 * way we won't confuse error messages from
1171 * opening the directory path with error
1172 * messages from a bad last component.
1175 /* Relative filename can't be empty */
1176 if (fname_rel[0] == '\0') {
1177 status = NT_STATUS_OBJECT_NAME_INVALID;
1181 /* Relative filename can't be ".." */
1182 if (ISDOTDOT(fname_rel)) {
1183 status = NT_STATUS_OBJECT_NAME_INVALID;
1186 /* Relative name can only be dot if directory is empty. */
1187 if (ISDOT(fname_rel) && dirname[0] != '\0') {
1188 status = NT_STATUS_OBJECT_NAME_INVALID;
1192 TALLOC_FREE(dirname);
1194 smb_fname_rel = synthetic_smb_fname(
1200 posix ? SMB_FILENAME_POSIX_PATH : 0);
1201 if (smb_fname_rel == NULL) {
1202 status = NT_STATUS_NO_MEMORY;
1206 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
1207 is_named_stream(smb_fname_rel)) {
1209 * Find the base_fsp first without the stream.
1211 saved_streamname = smb_fname_rel->stream_name;
1212 smb_fname_rel->stream_name = NULL;
1215 status = normalize_filename_case(
1216 conn, smb_fname_rel->base_name, ucf_flags);
1217 if (!NT_STATUS_IS_OK(status)) {
1218 DBG_ERR("normalize_filename_case %s failed: %s\n",
1219 smb_fname_rel->base_name,
1224 status = openat_pathref_fsp_case_insensitive(
1225 smb_dirname->fsp, smb_fname_rel, ucf_flags);
1227 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
1228 VALID_STAT(smb_fname_rel->st) &&
1229 S_ISLNK(smb_fname_rel->st.st_ex_mode)) {
1232 * If we're on an MSDFS share, see if this is
1235 if (lp_host_msdfs() &&
1236 lp_msdfs_root(SNUM(conn)) &&
1237 is_msdfs_link(smb_dirname->fsp, smb_fname_rel))
1239 status = NT_STATUS_PATH_NOT_COVERED;
1243 #if defined(WITH_SMB1SERVER)
1245 * In SMB1 posix mode, if this is a symlink,
1246 * allow access to the name with a NULL smb_fname->fsp.
1248 if (ucf_flags & UCF_LCOMP_LNK_OK) {
1249 SMB_ASSERT(smb_fname_rel->fsp == NULL);
1250 SMB_ASSERT(streamname == NULL);
1252 smb_fname = full_path_from_dirfsp_atname(
1256 if (smb_fname == NULL) {
1257 status = NT_STATUS_NO_MEMORY;
1265 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
1266 !VALID_STAT(smb_fname_rel->st)) {
1268 char *normalized = NULL;
1271 * Creating a new file
1274 status = filename_convert_normalize_new(
1277 smb_fname_rel->base_name,
1279 if (!NT_STATUS_IS_OK(status)) {
1280 DBG_DEBUG("filename_convert_normalize_new failed: "
1285 if (normalized != NULL) {
1286 smb_fname_rel->base_name = normalized;
1289 smb_fname_rel->stream_name = saved_streamname;
1291 smb_fname = full_path_from_dirfsp_atname(
1292 mem_ctx, smb_dirname->fsp, smb_fname_rel);
1293 if (smb_fname == NULL) {
1294 status = NT_STATUS_NO_MEMORY;
1300 if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_OPEN_RESTRICTION)) {
1301 /* A vetoed file, pretend it's not there */
1302 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
1304 if (!NT_STATUS_IS_OK(status)) {
1308 if (saved_streamname == NULL) {
1309 /* smb_fname must be allocated off mem_ctx. */
1310 smb_fname = cp_smb_filename(mem_ctx,
1311 smb_fname_rel->fsp->fsp_name);
1312 if (smb_fname == NULL) {
1315 status = move_smb_fname_fsp_link(smb_fname, smb_fname_rel);
1316 if (!NT_STATUS_IS_OK(status)) {
1322 base_fsp = smb_fname_rel->fsp;
1323 smb_fname_fsp_unlink(smb_fname_rel);
1324 SET_STAT_INVALID(smb_fname_rel->st);
1326 smb_fname_rel->stream_name = saved_streamname;
1328 status = open_stream_pathref_fsp(&base_fsp, smb_fname_rel);
1330 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
1331 !conn->case_sensitive) {
1334 status = get_real_stream_name(
1337 smb_fname_rel->stream_name,
1340 if (NT_STATUS_IS_OK(status)) {
1341 smb_fname_rel->stream_name = found;
1343 status = open_stream_pathref_fsp(
1344 &base_fsp, smb_fname_rel);
1348 if (NT_STATUS_IS_OK(status)) {
1349 /* smb_fname must be allocated off mem_ctx. */
1350 smb_fname = cp_smb_filename(mem_ctx,
1351 smb_fname_rel->fsp->fsp_name);
1352 if (smb_fname == NULL) {
1355 status = move_smb_fname_fsp_link(smb_fname, smb_fname_rel);
1356 if (!NT_STATUS_IS_OK(status)) {
1362 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1364 * Creating a new stream
1366 * We should save the already-open base fsp for
1367 * create_file_unixpath() somehow.
1369 smb_fname = full_path_from_dirfsp_atname(
1370 mem_ctx, smb_dirname->fsp, smb_fname_rel);
1371 if (smb_fname == NULL) {
1372 status = NT_STATUS_NO_MEMORY;
1376 * When open_stream_pathref_fsp() returns
1377 * NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp
1378 * has been set to NULL, so we must free base_fsp separately
1379 * to prevent fd-leaks when opening a stream that doesn't
1383 file_free(NULL, base_fsp);
1388 if (!NT_STATUS_IS_OK(status)) {
1393 *_dirfsp = smb_dirname->fsp;
1394 *_smb_fname = smb_fname;
1396 smb_fname_fsp_unlink(smb_fname_rel);
1397 TALLOC_FREE(smb_fname_rel);
1398 return NT_STATUS_OK;
1402 * If open_stream_pathref_fsp() returns an error, smb_fname_rel->fsp
1403 * has been set to NULL, so we must free base_fsp separately
1404 * to prevent fd-leaks when opening a stream that doesn't
1407 if (base_fsp != NULL) {
1409 file_free(NULL, base_fsp);
1412 TALLOC_FREE(dirname);
1413 TALLOC_FREE(smb_dirname);
1414 TALLOC_FREE(smb_fname_rel);
1418 NTSTATUS filename_convert_dirfsp(
1419 TALLOC_CTX *mem_ctx,
1420 connection_struct *conn,
1421 const char *name_in,
1424 struct files_struct **_dirfsp,
1425 struct smb_filename **_smb_fname)
1427 char *substitute = NULL;
1428 size_t unparsed = 0;
1430 char *target = NULL;
1431 size_t symlink_redirects = 0;
1434 if (symlink_redirects > 40) {
1435 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
1438 status = filename_convert_dirfsp_nosymlink(
1449 if (!NT_STATUS_EQUAL(status, NT_STATUS_STOPPED_ON_SYMLINK)) {
1453 if (!lp_follow_symlinks(SNUM(conn))) {
1454 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
1458 * Right now, SMB2 and SMB1 always traverse symlinks
1459 * within the share. SMB1+POSIX traverses non-terminal
1460 * symlinks within the share.
1462 * When we add SMB2+POSIX we need to return
1463 * a NT_STATUS_STOPPED_ON_SYMLINK error here, using the
1464 * symlink target data read below if SMB2+POSIX has
1465 * UCF_POSIX_PATHNAMES set to cause the client to
1466 * resolve all symlinks locally.
1469 status = safe_symlink_target_path(
1476 if (!NT_STATUS_IS_OK(status)) {
1481 symlink_redirects += 1;
1486 char *full_path_from_dirfsp_at_basename(TALLOC_CTX *mem_ctx,
1487 const struct files_struct *dirfsp,
1488 const char *at_base_name)
1492 if (dirfsp == dirfsp->conn->cwd_fsp ||
1493 ISDOT(dirfsp->fsp_name->base_name) || at_base_name[0] == '/') {
1494 path = talloc_strdup(mem_ctx, at_base_name);
1496 path = talloc_asprintf(mem_ctx,
1498 dirfsp->fsp_name->base_name,
1506 * Build the full path from a dirfsp and dirfsp relative name
1508 struct smb_filename *
1509 full_path_from_dirfsp_atname(TALLOC_CTX *mem_ctx,
1510 const struct files_struct *dirfsp,
1511 const struct smb_filename *atname)
1513 struct smb_filename *fname = NULL;
1516 path = full_path_from_dirfsp_at_basename(mem_ctx,
1523 fname = synthetic_smb_fname(mem_ctx,
1525 atname->stream_name,
1530 if (fname == NULL) {