2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/filesys.h"
25 #include "smbd/smbd.h"
26 #include "smbd/globals.h"
27 #include "fake_file.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_security.h"
30 #include "../librpc/gen_ndr/open_files.h"
31 #include "../librpc/gen_ndr/idmap.h"
32 #include "../librpc/gen_ndr/ioctl.h"
33 #include "passdb/lookup_sid.h"
37 #include "source3/lib/dbwrap/dbwrap_watch.h"
39 extern const struct generic_mapping file_generic_mapping;
41 struct deferred_open_record {
42 bool delayed_for_oplocks;
47 /****************************************************************************
48 If the requester wanted DELETE_ACCESS and was rejected because
49 the file ACL didn't include DELETE_ACCESS, see if the parent ACL
51 ****************************************************************************/
53 static bool parent_override_delete(connection_struct *conn,
54 const struct smb_filename *smb_fname,
56 uint32_t rejected_mask)
58 if ((access_mask & DELETE_ACCESS) &&
59 (rejected_mask & DELETE_ACCESS) &&
60 can_delete_file_in_directory(conn, smb_fname)) {
66 /****************************************************************************
67 Check if we have open rights.
68 ****************************************************************************/
70 NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
71 const struct smb_filename *smb_fname,
75 /* Check if we have rights to open. */
77 struct security_descriptor *sd = NULL;
78 uint32_t rejected_share_access;
79 uint32_t rejected_mask = access_mask;
80 uint32_t do_not_check_mask = 0;
82 rejected_share_access = access_mask & ~(conn->share_access);
84 if (rejected_share_access) {
85 DEBUG(10, ("smbd_check_access_rights: rejected share access 0x%x "
87 (unsigned int)access_mask,
88 smb_fname_str_dbg(smb_fname),
89 (unsigned int)rejected_share_access ));
90 return NT_STATUS_ACCESS_DENIED;
93 if (!use_privs && get_current_uid(conn) == (uid_t)0) {
94 /* I'm sorry sir, I didn't know you were root... */
95 DEBUG(10,("smbd_check_access_rights: root override "
96 "on %s. Granting 0x%x\n",
97 smb_fname_str_dbg(smb_fname),
98 (unsigned int)access_mask ));
102 if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
103 DEBUG(10,("smbd_check_access_rights: not checking ACL "
104 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
105 smb_fname_str_dbg(smb_fname),
106 (unsigned int)access_mask ));
110 if (access_mask == DELETE_ACCESS &&
111 VALID_STAT(smb_fname->st) &&
112 S_ISLNK(smb_fname->st.st_ex_mode)) {
113 /* We can always delete a symlink. */
114 DEBUG(10,("smbd_check_access_rights: not checking ACL "
115 "on DELETE_ACCESS on symlink %s.\n",
116 smb_fname_str_dbg(smb_fname) ));
120 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
123 SECINFO_DACL), talloc_tos(), &sd);
125 if (!NT_STATUS_IS_OK(status)) {
126 DEBUG(10, ("smbd_check_access_rights: Could not get acl "
128 smb_fname_str_dbg(smb_fname),
131 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
139 * If we can access the path to this file, by
140 * default we have FILE_READ_ATTRIBUTES from the
141 * containing directory. See the section:
142 * "Algorithm to Check Access to an Existing File"
145 * se_file_access_check() also takes care of
146 * owner WRITE_DAC and READ_CONTROL.
148 do_not_check_mask = FILE_READ_ATTRIBUTES;
151 * Samba 3.6 and earlier granted execute access even
152 * if the ACL did not contain execute rights.
153 * Samba 4.0 is more correct and checks it.
154 * The compatibilty mode allows to skip this check
155 * to smoothen upgrades.
157 if (lp_acl_allow_execute_always(SNUM(conn))) {
158 do_not_check_mask |= FILE_EXECUTE;
161 status = se_file_access_check(sd,
162 get_current_nttok(conn),
164 (access_mask & ~do_not_check_mask),
167 DEBUG(10,("smbd_check_access_rights: file %s requesting "
168 "0x%x returning 0x%x (%s)\n",
169 smb_fname_str_dbg(smb_fname),
170 (unsigned int)access_mask,
171 (unsigned int)rejected_mask,
172 nt_errstr(status) ));
174 if (!NT_STATUS_IS_OK(status)) {
175 if (DEBUGLEVEL >= 10) {
176 DEBUG(10,("smbd_check_access_rights: acl for %s is:\n",
177 smb_fname_str_dbg(smb_fname) ));
178 NDR_PRINT_DEBUG(security_descriptor, sd);
184 if (NT_STATUS_IS_OK(status) ||
185 !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
189 /* Here we know status == NT_STATUS_ACCESS_DENIED. */
193 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
194 (rejected_mask & FILE_WRITE_ATTRIBUTES) &&
195 !lp_store_dos_attributes(SNUM(conn)) &&
196 (lp_map_readonly(SNUM(conn)) ||
197 lp_map_archive(SNUM(conn)) ||
198 lp_map_hidden(SNUM(conn)) ||
199 lp_map_system(SNUM(conn)))) {
200 rejected_mask &= ~FILE_WRITE_ATTRIBUTES;
202 DEBUG(10,("smbd_check_access_rights: "
204 "FILE_WRITE_ATTRIBUTES "
206 smb_fname_str_dbg(smb_fname)));
209 if (parent_override_delete(conn,
213 /* Were we trying to do an open
214 * for delete and didn't get DELETE
215 * access (only) ? Check if the
216 * directory allows DELETE_CHILD.
218 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
221 rejected_mask &= ~DELETE_ACCESS;
223 DEBUG(10,("smbd_check_access_rights: "
227 smb_fname_str_dbg(smb_fname)));
230 if (rejected_mask != 0) {
231 return NT_STATUS_ACCESS_DENIED;
236 static NTSTATUS check_parent_access(struct connection_struct *conn,
237 struct smb_filename *smb_fname,
238 uint32_t access_mask)
241 char *parent_dir = NULL;
242 struct security_descriptor *parent_sd = NULL;
243 uint32_t access_granted = 0;
245 if (!parent_dirname(talloc_tos(),
246 smb_fname->base_name,
249 return NT_STATUS_NO_MEMORY;
252 if (get_current_uid(conn) == (uid_t)0) {
253 /* I'm sorry sir, I didn't know you were root... */
254 DEBUG(10,("check_parent_access: root override "
255 "on %s. Granting 0x%x\n",
256 smb_fname_str_dbg(smb_fname),
257 (unsigned int)access_mask ));
261 status = SMB_VFS_GET_NT_ACL(conn,
267 if (!NT_STATUS_IS_OK(status)) {
268 DEBUG(5,("check_parent_access: SMB_VFS_GET_NT_ACL failed for "
269 "%s with error %s\n",
276 * If we can access the path to this file, by
277 * default we have FILE_READ_ATTRIBUTES from the
278 * containing directory. See the section:
279 * "Algorithm to Check Access to an Existing File"
282 * se_file_access_check() also takes care of
283 * owner WRITE_DAC and READ_CONTROL.
285 status = se_file_access_check(parent_sd,
286 get_current_nttok(conn),
288 (access_mask & ~FILE_READ_ATTRIBUTES),
290 if(!NT_STATUS_IS_OK(status)) {
291 DEBUG(5,("check_parent_access: access check "
292 "on directory %s for "
293 "path %s for mask 0x%x returned (0x%x) %s\n",
295 smb_fname->base_name,
298 nt_errstr(status) ));
305 /****************************************************************************
306 Ensure when opening a base file for a stream open that we have permissions
307 to do so given the access mask on the base file.
308 ****************************************************************************/
310 static NTSTATUS check_base_file_access(struct connection_struct *conn,
311 struct smb_filename *smb_fname,
312 uint32_t access_mask)
316 status = smbd_calculate_access_mask(conn, smb_fname,
320 if (!NT_STATUS_IS_OK(status)) {
321 DEBUG(10, ("smbd_calculate_access_mask "
322 "on file %s returned %s\n",
323 smb_fname_str_dbg(smb_fname),
328 if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) {
330 if (!CAN_WRITE(conn)) {
331 return NT_STATUS_ACCESS_DENIED;
333 dosattrs = dos_mode(conn, smb_fname);
334 if (IS_DOS_READONLY(dosattrs)) {
335 return NT_STATUS_ACCESS_DENIED;
339 return smbd_check_access_rights(conn,
345 /****************************************************************************
346 fd support routines - attempt to do a dos_open.
347 ****************************************************************************/
349 NTSTATUS fd_open(struct connection_struct *conn,
354 struct smb_filename *smb_fname = fsp->fsp_name;
355 NTSTATUS status = NT_STATUS_OK;
359 * Never follow symlinks on a POSIX client. The
360 * client should be doing this.
363 if (fsp->posix_open || !lp_follow_symlinks(SNUM(conn))) {
368 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
369 if (fsp->fh->fd == -1) {
370 int posix_errno = errno;
372 #if defined(ENOTSUP) && defined(OSF1)
373 /* handle special Tru64 errno */
374 if (errno == ENOTSUP) {
379 /* fix broken NetBSD errno */
380 if (errno == EFTYPE) {
384 /* fix broken FreeBSD errno */
385 if (errno == EMLINK) {
388 #endif /* O_NOFOLLOW */
389 status = map_nt_error_from_unix(posix_errno);
390 if (errno == EMFILE) {
391 static time_t last_warned = 0L;
393 if (time((time_t *) NULL) > last_warned) {
394 DEBUG(0,("Too many open files, unable "
395 "to open more! smbd's max "
397 lp_max_open_files()));
398 last_warned = time((time_t *) NULL);
404 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
405 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
406 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
411 /****************************************************************************
412 Close the file associated with a fsp.
413 ****************************************************************************/
415 NTSTATUS fd_close(files_struct *fsp)
422 if (fsp->fh->fd == -1) {
423 return NT_STATUS_OK; /* What we used to call a stat open. */
425 if (fsp->fh->ref_count > 1) {
426 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
429 ret = SMB_VFS_CLOSE(fsp);
432 return map_nt_error_from_unix(errno);
437 /****************************************************************************
438 Change the ownership of a file to that of the parent directory.
439 Do this by fd if possible.
440 ****************************************************************************/
442 void change_file_owner_to_parent(connection_struct *conn,
443 const char *inherit_from_dir,
446 struct smb_filename *smb_fname_parent;
449 smb_fname_parent = synthetic_smb_fname(talloc_tos(), inherit_from_dir,
451 if (smb_fname_parent == NULL) {
455 ret = SMB_VFS_STAT(conn, smb_fname_parent);
457 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
458 "directory %s. Error was %s\n",
459 smb_fname_str_dbg(smb_fname_parent),
461 TALLOC_FREE(smb_fname_parent);
465 if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
466 /* Already this uid - no need to change. */
467 DEBUG(10,("change_file_owner_to_parent: file %s "
468 "is already owned by uid %d\n",
470 (int)fsp->fsp_name->st.st_ex_uid ));
471 TALLOC_FREE(smb_fname_parent);
476 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
479 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
480 "file %s to parent directory uid %u. Error "
481 "was %s\n", fsp_str_dbg(fsp),
482 (unsigned int)smb_fname_parent->st.st_ex_uid,
485 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
486 "parent directory uid %u.\n", fsp_str_dbg(fsp),
487 (unsigned int)smb_fname_parent->st.st_ex_uid));
488 /* Ensure the uid entry is updated. */
489 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
492 TALLOC_FREE(smb_fname_parent);
495 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
496 const char *inherit_from_dir,
498 SMB_STRUCT_STAT *psbuf)
500 struct smb_filename *smb_fname_parent;
501 struct smb_filename *smb_fname_cwd = NULL;
502 char *saved_dir = NULL;
503 TALLOC_CTX *ctx = talloc_tos();
504 NTSTATUS status = NT_STATUS_OK;
507 smb_fname_parent = synthetic_smb_fname(ctx, inherit_from_dir,
509 if (smb_fname_parent == NULL) {
510 return NT_STATUS_NO_MEMORY;
513 ret = SMB_VFS_STAT(conn, smb_fname_parent);
515 status = map_nt_error_from_unix(errno);
516 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
517 "directory %s. Error was %s\n",
518 smb_fname_str_dbg(smb_fname_parent),
523 /* We've already done an lstat into psbuf, and we know it's a
524 directory. If we can cd into the directory and the dev/ino
525 are the same then we can safely chown without races as
526 we're locking the directory in place by being in it. This
527 should work on any UNIX (thanks tridge :-). JRA.
530 saved_dir = vfs_GetWd(ctx,conn);
532 status = map_nt_error_from_unix(errno);
533 DEBUG(0,("change_dir_owner_to_parent: failed to get "
534 "current working directory. Error was %s\n",
539 /* Chdir into the new path. */
540 if (vfs_ChDir(conn, fname) == -1) {
541 status = map_nt_error_from_unix(errno);
542 DEBUG(0,("change_dir_owner_to_parent: failed to change "
543 "current working directory to %s. Error "
544 "was %s\n", fname, strerror(errno) ));
548 smb_fname_cwd = synthetic_smb_fname(ctx, ".", NULL, NULL);
549 if (smb_fname_cwd == NULL) {
550 status = NT_STATUS_NO_MEMORY;
554 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
556 status = map_nt_error_from_unix(errno);
557 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
558 "directory '.' (%s) Error was %s\n",
559 fname, strerror(errno)));
563 /* Ensure we're pointing at the same place. */
564 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
565 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
566 DEBUG(0,("change_dir_owner_to_parent: "
567 "device/inode on directory %s changed. "
568 "Refusing to chown !\n", fname ));
569 status = NT_STATUS_ACCESS_DENIED;
573 if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
574 /* Already this uid - no need to change. */
575 DEBUG(10,("change_dir_owner_to_parent: directory %s "
576 "is already owned by uid %d\n",
578 (int)smb_fname_cwd->st.st_ex_uid ));
579 status = NT_STATUS_OK;
584 ret = SMB_VFS_LCHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
588 status = map_nt_error_from_unix(errno);
589 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
590 "directory %s to parent directory uid %u. "
591 "Error was %s\n", fname,
592 (unsigned int)smb_fname_parent->st.st_ex_uid,
595 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
596 "directory %s to parent directory uid %u.\n",
597 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
598 /* Ensure the uid entry is updated. */
599 psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid;
603 vfs_ChDir(conn,saved_dir);
605 TALLOC_FREE(smb_fname_parent);
606 TALLOC_FREE(smb_fname_cwd);
610 /****************************************************************************
611 Open a file - returning a guaranteed ATOMIC indication of if the
612 file was created or not.
613 ****************************************************************************/
615 static NTSTATUS fd_open_atomic(struct connection_struct *conn,
621 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
622 bool file_existed = VALID_STAT(fsp->fsp_name->st);
624 *file_created = false;
626 if (!(flags & O_CREAT)) {
628 * We're not creating the file, just pass through.
630 return fd_open(conn, fsp, flags, mode);
633 if (flags & O_EXCL) {
635 * Fail if already exists, just pass through.
637 status = fd_open(conn, fsp, flags, mode);
640 * Here we've opened with O_CREAT|O_EXCL. If that went
641 * NT_STATUS_OK, we *know* we created this file.
643 *file_created = NT_STATUS_IS_OK(status);
649 * Now it gets tricky. We have O_CREAT, but not O_EXCL.
650 * To know absolutely if we created the file or not,
651 * we can never call O_CREAT without O_EXCL. So if
652 * we think the file existed, try without O_CREAT|O_EXCL.
653 * If we think the file didn't exist, try with
654 * O_CREAT|O_EXCL. Keep bouncing between these two
655 * requests until either the file is created, or
656 * opened. Either way, we keep going until we get
657 * a returnable result (error, or open/create).
661 int curr_flags = flags;
664 /* Just try open, do not create. */
665 curr_flags &= ~(O_CREAT);
666 status = fd_open(conn, fsp, curr_flags, mode);
667 if (NT_STATUS_EQUAL(status,
668 NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
670 * Someone deleted it in the meantime.
673 file_existed = false;
674 DEBUG(10,("fd_open_atomic: file %s existed. "
676 smb_fname_str_dbg(fsp->fsp_name)));
680 /* Try create exclusively, fail if it exists. */
681 curr_flags |= O_EXCL;
682 status = fd_open(conn, fsp, curr_flags, mode);
683 if (NT_STATUS_EQUAL(status,
684 NT_STATUS_OBJECT_NAME_COLLISION)) {
686 * Someone created it in the meantime.
687 * Retry without O_CREAT.
690 DEBUG(10,("fd_open_atomic: file %s "
691 "did not exist. Retry.\n",
692 smb_fname_str_dbg(fsp->fsp_name)));
695 if (NT_STATUS_IS_OK(status)) {
697 * Here we've opened with O_CREAT|O_EXCL
698 * and got success. We *know* we created
701 *file_created = true;
704 /* Create is done, or failed. */
710 /****************************************************************************
712 ****************************************************************************/
714 static NTSTATUS open_file(files_struct *fsp,
715 connection_struct *conn,
716 struct smb_request *req,
717 const char *parent_dir,
720 uint32 access_mask, /* client requested access mask. */
721 uint32 open_access_mask, /* what we're actually using in the open. */
722 bool *p_file_created)
724 struct smb_filename *smb_fname = fsp->fsp_name;
725 NTSTATUS status = NT_STATUS_OK;
726 int accmode = (flags & O_ACCMODE);
727 int local_flags = flags;
728 bool file_existed = VALID_STAT(fsp->fsp_name->st);
733 /* Check permissions */
736 * This code was changed after seeing a client open request
737 * containing the open mode of (DENY_WRITE/read-only) with
738 * the 'create if not exist' bit set. The previous code
739 * would fail to open the file read only on a read-only share
740 * as it was checking the flags parameter directly against O_RDONLY,
741 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
745 if (!CAN_WRITE(conn)) {
746 /* It's a read-only share - fail if we wanted to write. */
747 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
748 DEBUG(3,("Permission denied opening %s\n",
749 smb_fname_str_dbg(smb_fname)));
750 return NT_STATUS_ACCESS_DENIED;
752 if (flags & O_CREAT) {
753 /* We don't want to write - but we must make sure that
754 O_CREAT doesn't create the file if we have write
755 access into the directory.
757 flags &= ~(O_CREAT|O_EXCL);
758 local_flags &= ~(O_CREAT|O_EXCL);
763 * This little piece of insanity is inspired by the
764 * fact that an NT client can open a file for O_RDONLY,
765 * but set the create disposition to FILE_EXISTS_TRUNCATE.
766 * If the client *can* write to the file, then it expects to
767 * truncate the file, even though it is opening for readonly.
768 * Quicken uses this stupid trick in backup file creation...
769 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
770 * for helping track this one down. It didn't bite us in 2.0.x
771 * as we always opened files read-write in that release. JRA.
774 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
775 DEBUG(10,("open_file: truncate requested on read-only open "
776 "for file %s\n", smb_fname_str_dbg(smb_fname)));
777 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
780 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
781 (!file_existed && (local_flags & O_CREAT)) ||
782 ((local_flags & O_TRUNC) == O_TRUNC) ) {
786 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
788 * We would block on opening a FIFO with no one else on the
789 * other end. Do what we used to do and add O_NONBLOCK to the
793 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
794 local_flags &= ~O_TRUNC; /* Can't truncate a FIFO. */
795 local_flags |= O_NONBLOCK;
799 /* Don't create files with Microsoft wildcard characters. */
802 * wildcard characters are allowed in stream names
803 * only test the basefilename
805 wild = fsp->base_fsp->fsp_name->base_name;
807 wild = smb_fname->base_name;
809 if ((local_flags & O_CREAT) && !file_existed &&
811 return NT_STATUS_OBJECT_NAME_INVALID;
814 /* Can we access this file ? */
815 if (!fsp->base_fsp) {
816 /* Only do this check on non-stream open. */
818 status = smbd_check_access_rights(conn,
822 } else if (local_flags & O_CREAT){
823 status = check_parent_access(conn,
827 /* File didn't exist and no O_CREAT. */
828 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
830 if (!NT_STATUS_IS_OK(status)) {
831 DEBUG(10,("open_file: "
835 "smbd_check_access_rights" :
836 "check_parent_access",
837 smb_fname_str_dbg(smb_fname),
838 nt_errstr(status) ));
844 * Actually do the open - if O_TRUNC is needed handle it
845 * below under the share mode lock.
847 status = fd_open_atomic(conn, fsp, local_flags & ~O_TRUNC,
848 unx_mode, p_file_created);
849 if (!NT_STATUS_IS_OK(status)) {
850 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
851 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
852 nt_errstr(status),local_flags,flags));
856 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
858 /* If we have an fd, this stat should succeed. */
859 DEBUG(0,("Error doing fstat on open file %s "
861 smb_fname_str_dbg(smb_fname),
863 status = map_nt_error_from_unix(errno);
868 if (*p_file_created) {
869 /* We created this file. */
871 bool need_re_stat = false;
872 /* Do all inheritance work after we've
873 done a successful fstat call and filled
874 in the stat struct in fsp->fsp_name. */
876 /* Inherit the ACL if required */
877 if (lp_inherit_permissions(SNUM(conn))) {
878 inherit_access_posix_acl(conn, parent_dir,
879 smb_fname->base_name,
884 /* Change the owner if required. */
885 if (lp_inherit_owner(SNUM(conn))) {
886 change_file_owner_to_parent(conn, parent_dir,
892 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
893 /* If we have an fd, this stat should succeed. */
895 DEBUG(0,("Error doing fstat on open file %s "
897 smb_fname_str_dbg(smb_fname),
902 notify_fname(conn, NOTIFY_ACTION_ADDED,
903 FILE_NOTIFY_CHANGE_FILE_NAME,
904 smb_fname->base_name);
907 fsp->fh->fd = -1; /* What we used to call a stat open. */
909 /* File must exist for a stat open. */
910 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
913 status = smbd_check_access_rights(conn,
918 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
920 S_ISLNK(smb_fname->st.st_ex_mode)) {
921 /* This is a POSIX stat open for delete
922 * or rename on a symlink that points
924 DEBUG(10,("open_file: allowing POSIX "
925 "open on bad symlink %s\n",
926 smb_fname_str_dbg(smb_fname)));
927 status = NT_STATUS_OK;
930 if (!NT_STATUS_IS_OK(status)) {
931 DEBUG(10,("open_file: "
932 "smbd_check_access_rights on file "
934 smb_fname_str_dbg(smb_fname),
935 nt_errstr(status) ));
941 * POSIX allows read-only opens of directories. We don't
942 * want to do this (we use a different code path for this)
943 * so catch a directory open and return an EISDIR. JRA.
946 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
949 return NT_STATUS_FILE_IS_A_DIRECTORY;
952 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
953 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
954 fsp->file_pid = req ? req->smbpid : 0;
955 fsp->can_lock = True;
956 fsp->can_read = ((access_mask & FILE_READ_DATA) != 0);
959 ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) != 0);
960 fsp->print_file = NULL;
961 fsp->modified = False;
962 fsp->sent_oplock_break = NO_BREAK_SENT;
963 fsp->is_directory = False;
964 if (conn->aio_write_behind_list &&
965 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
966 conn->case_sensitive)) {
967 fsp->aio_write_behind = True;
970 fsp->wcp = NULL; /* Write cache pointer. */
972 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
973 conn->session_info->unix_info->unix_name,
974 smb_fname_str_dbg(smb_fname),
975 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
976 conn->num_files_open));
982 /****************************************************************************
983 Check if we can open a file with a share mode.
984 Returns True if conflict, False if not.
985 ****************************************************************************/
987 static bool share_conflict(struct share_mode_entry *entry,
991 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
992 "entry->share_access = 0x%x, "
993 "entry->private_options = 0x%x\n",
994 (unsigned int)entry->access_mask,
995 (unsigned int)entry->share_access,
996 (unsigned int)entry->private_options));
998 if (server_id_is_disconnected(&entry->pid)) {
1000 * note: cleanup should have been done by
1001 * delay_for_batch_oplocks()
1006 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
1007 (unsigned int)access_mask, (unsigned int)share_access));
1009 if ((entry->access_mask & (FILE_WRITE_DATA|
1013 DELETE_ACCESS)) == 0) {
1014 DEBUG(10,("share_conflict: No conflict due to "
1015 "entry->access_mask = 0x%x\n",
1016 (unsigned int)entry->access_mask ));
1020 if ((access_mask & (FILE_WRITE_DATA|
1024 DELETE_ACCESS)) == 0) {
1025 DEBUG(10,("share_conflict: No conflict due to "
1026 "access_mask = 0x%x\n",
1027 (unsigned int)access_mask ));
1031 #if 1 /* JRA TEST - Superdebug. */
1032 #define CHECK_MASK(num, am, right, sa, share) \
1033 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
1034 (unsigned int)(num), (unsigned int)(am), \
1035 (unsigned int)(right), (unsigned int)(am)&(right) )); \
1036 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
1037 (unsigned int)(num), (unsigned int)(sa), \
1038 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
1039 if (((am) & (right)) && !((sa) & (share))) { \
1040 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
1041 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
1042 (unsigned int)(share) )); \
1046 #define CHECK_MASK(num, am, right, sa, share) \
1047 if (((am) & (right)) && !((sa) & (share))) { \
1048 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
1049 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
1050 (unsigned int)(share) )); \
1055 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
1056 share_access, FILE_SHARE_WRITE);
1057 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
1058 entry->share_access, FILE_SHARE_WRITE);
1060 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
1061 share_access, FILE_SHARE_READ);
1062 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
1063 entry->share_access, FILE_SHARE_READ);
1065 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
1066 share_access, FILE_SHARE_DELETE);
1067 CHECK_MASK(6, access_mask, DELETE_ACCESS,
1068 entry->share_access, FILE_SHARE_DELETE);
1070 DEBUG(10,("share_conflict: No conflict.\n"));
1074 #if defined(DEVELOPER)
1075 static void validate_my_share_entries(struct smbd_server_connection *sconn,
1077 struct share_mode_entry *share_entry)
1079 struct server_id self = messaging_server_id(sconn->msg_ctx);
1082 if (!serverid_equal(&self, &share_entry->pid)) {
1086 if (share_entry->share_file_id == 0) {
1087 /* INTERNAL_OPEN_ONLY */
1091 if (!is_valid_share_mode_entry(share_entry)) {
1095 fsp = file_find_dif(sconn, share_entry->id,
1096 share_entry->share_file_id);
1098 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
1099 share_mode_str(talloc_tos(), num, share_entry) ));
1100 smb_panic("validate_my_share_entries: Cannot match a "
1101 "share entry with an open file\n");
1104 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
1113 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
1114 share_mode_str(talloc_tos(), num, share_entry) ));
1115 str = talloc_asprintf(talloc_tos(),
1116 "validate_my_share_entries: "
1117 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
1118 fsp->fsp_name->base_name,
1119 (unsigned int)fsp->oplock_type,
1120 (unsigned int)share_entry->op_type );
1126 bool is_stat_open(uint32 access_mask)
1128 const uint32_t stat_open_bits =
1129 (SYNCHRONIZE_ACCESS|
1130 FILE_READ_ATTRIBUTES|
1131 FILE_WRITE_ATTRIBUTES);
1133 return (((access_mask & stat_open_bits) != 0) &&
1134 ((access_mask & ~stat_open_bits) == 0));
1137 static bool has_delete_on_close(struct share_mode_lock *lck,
1140 struct share_mode_data *d = lck->data;
1143 if (d->num_share_modes == 0) {
1146 if (!is_delete_on_close_set(lck, name_hash)) {
1149 for (i=0; i<d->num_share_modes; i++) {
1150 if (!share_mode_stale_pid(d, i)) {
1157 /****************************************************************************
1158 Deal with share modes
1159 Invariant: Share mode must be locked on entry and exit.
1160 Returns -1 on error, or number of share modes on success (may be zero).
1161 ****************************************************************************/
1163 static NTSTATUS open_mode_check(connection_struct *conn,
1164 struct share_mode_lock *lck,
1166 uint32 share_access)
1170 if(lck->data->num_share_modes == 0) {
1171 return NT_STATUS_OK;
1174 if (is_stat_open(access_mask)) {
1175 /* Stat open that doesn't trigger oplock breaks or share mode
1176 * checks... ! JRA. */
1177 return NT_STATUS_OK;
1181 * Check if the share modes will give us access.
1184 #if defined(DEVELOPER)
1185 for(i = 0; i < lck->data->num_share_modes; i++) {
1186 validate_my_share_entries(conn->sconn, i,
1187 &lck->data->share_modes[i]);
1191 /* Now we check the share modes, after any oplock breaks. */
1192 for(i = 0; i < lck->data->num_share_modes; i++) {
1194 if (!is_valid_share_mode_entry(&lck->data->share_modes[i])) {
1198 /* someone else has a share lock on it, check to see if we can
1200 if (share_conflict(&lck->data->share_modes[i],
1201 access_mask, share_access)) {
1203 if (share_mode_stale_pid(lck->data, i)) {
1207 return NT_STATUS_SHARING_VIOLATION;
1211 return NT_STATUS_OK;
1215 * Send a break message to the oplock holder and delay the open for
1219 static NTSTATUS send_break_message(struct messaging_context *msg_ctx,
1220 const struct share_mode_entry *exclusive,
1224 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
1226 DEBUG(10, ("Sending break request to PID %s\n",
1227 procid_str_static(&exclusive->pid)));
1229 /* Create the message. */
1230 share_mode_entry_to_message(msg, exclusive);
1232 /* Overload entry->op_type */
1233 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET, break_to);
1235 status = messaging_send_buf(msg_ctx, exclusive->pid,
1236 MSG_SMB_BREAK_REQUEST,
1237 (uint8 *)msg, sizeof(msg));
1238 if (!NT_STATUS_IS_OK(status)) {
1239 DEBUG(3, ("Could not send oplock break message: %s\n",
1240 nt_errstr(status)));
1247 * Do internal consistency checks on the share mode for a file.
1250 static bool validate_oplock_types(struct share_mode_lock *lck)
1252 struct share_mode_data *d = lck->data;
1254 bool ex_or_batch = false;
1255 bool level2 = false;
1256 bool no_oplock = false;
1257 uint32_t num_non_stat_opens = 0;
1260 for (i=0; i<d->num_share_modes; i++) {
1261 struct share_mode_entry *e = &d->share_modes[i];
1263 if (!is_valid_share_mode_entry(e)) {
1267 if (e->op_type == NO_OPLOCK && is_stat_open(e->access_mask)) {
1268 /* We ignore stat opens in the table - they
1269 always have NO_OPLOCK and never get or
1270 cause breaks. JRA. */
1274 num_non_stat_opens += 1;
1276 if (BATCH_OPLOCK_TYPE(e->op_type)) {
1277 /* batch - can only be one. */
1278 if (share_mode_stale_pid(d, i)) {
1279 DEBUG(10, ("Found stale batch oplock\n"));
1282 if (ex_or_batch || batch || level2 || no_oplock) {
1283 DEBUG(0, ("Bad batch oplock entry %u.",
1290 if (EXCLUSIVE_OPLOCK_TYPE(e->op_type)) {
1291 if (share_mode_stale_pid(d, i)) {
1292 DEBUG(10, ("Found stale duplicate oplock\n"));
1295 /* Exclusive or batch - can only be one. */
1296 if (ex_or_batch || level2 || no_oplock) {
1297 DEBUG(0, ("Bad exclusive or batch oplock "
1298 "entry %u.", (unsigned)i));
1304 if (LEVEL_II_OPLOCK_TYPE(e->op_type)) {
1305 if (batch || ex_or_batch) {
1306 if (share_mode_stale_pid(d, i)) {
1307 DEBUG(10, ("Found stale LevelII "
1311 DEBUG(0, ("Bad levelII oplock entry %u.",
1318 if (e->op_type == NO_OPLOCK) {
1319 if (batch || ex_or_batch) {
1320 if (share_mode_stale_pid(d, i)) {
1321 DEBUG(10, ("Found stale NO_OPLOCK "
1325 DEBUG(0, ("Bad no oplock entry %u.",
1333 remove_stale_share_mode_entries(d);
1335 if ((batch || ex_or_batch) && (num_non_stat_opens != 1)) {
1336 DEBUG(1, ("got batch (%d) or ex (%d) non-exclusively (%d)\n",
1337 (int)batch, (int)ex_or_batch,
1338 (int)d->num_share_modes));
1345 static bool delay_for_oplock(files_struct *fsp,
1347 struct share_mode_lock *lck,
1348 bool have_sharing_violation,
1349 uint32_t create_disposition)
1351 struct share_mode_data *d = lck->data;
1352 struct share_mode_entry *entry;
1353 uint32_t num_non_stat_opens = 0;
1357 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1360 for (i=0; i<d->num_share_modes; i++) {
1361 struct share_mode_entry *e = &d->share_modes[i];
1362 if (e->op_type == NO_OPLOCK && is_stat_open(e->access_mask)) {
1365 num_non_stat_opens += 1;
1368 * We found the a non-stat open, which in the exclusive/batch
1369 * case will be inspected further down.
1373 if (num_non_stat_opens == 0) {
1375 * Nothing to wait for around
1379 if (num_non_stat_opens != 1) {
1381 * More than one open around. There can't be any exclusive or
1382 * batch left, this is all level2.
1387 if (server_id_is_disconnected(&entry->pid)) {
1390 * This could be achieved by sending a break message
1391 * to ourselves. Special considerations for files
1392 * with delete_on_close flag set!
1394 * For now we keep it simple and do not
1395 * allow delete on close for durable handles.
1400 switch (create_disposition) {
1401 case FILE_SUPERSEDE:
1402 case FILE_OVERWRITE_IF:
1403 break_to = NO_OPLOCK;
1406 break_to = LEVEL_II_OPLOCK;
1410 if (have_sharing_violation && (entry->op_type & BATCH_OPLOCK)) {
1411 if (share_mode_stale_pid(d, 0)) {
1414 send_break_message(fsp->conn->sconn->msg_ctx, entry, break_to);
1417 if (have_sharing_violation) {
1419 * Non-batch exclusive is not broken if we have a sharing
1424 if (LEVEL_II_OPLOCK_TYPE(entry->op_type) &&
1425 (break_to == NO_OPLOCK)) {
1426 if (share_mode_stale_pid(d, 0)) {
1429 DEBUG(10, ("Asynchronously breaking level2 oplock for "
1430 "create_disposition=%u\n",
1431 (unsigned)create_disposition));
1432 send_break_message(fsp->conn->sconn->msg_ctx, entry, break_to);
1435 if (!EXCLUSIVE_OPLOCK_TYPE(entry->op_type)) {
1437 * No break for NO_OPLOCK or LEVEL2_OPLOCK oplocks
1441 if (share_mode_stale_pid(d, 0)) {
1445 send_break_message(fsp->conn->sconn->msg_ctx, entry, break_to);
1449 static bool file_has_brlocks(files_struct *fsp)
1451 struct byte_range_lock *br_lck;
1453 br_lck = brl_get_locks_readonly(fsp);
1457 return (brl_num_locks(br_lck) > 0);
1460 static void grant_fsp_oplock_type(files_struct *fsp,
1461 struct share_mode_lock *lck,
1464 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
1465 lp_level2_oplocks(SNUM(fsp->conn));
1466 bool got_level2_oplock, got_a_none_oplock;
1469 /* Start by granting what the client asked for,
1470 but ensure no SAMBA_PRIVATE bits can be set. */
1471 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1473 if (oplock_request & INTERNAL_OPEN_ONLY) {
1474 /* No oplocks on internal open. */
1475 fsp->oplock_type = NO_OPLOCK;
1476 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1477 fsp->oplock_type, fsp_str_dbg(fsp)));
1481 if (lp_locking(fsp->conn->params) && file_has_brlocks(fsp)) {
1482 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
1484 fsp->oplock_type = NO_OPLOCK;
1487 if (is_stat_open(fsp->access_mask)) {
1488 /* Leave the value already set. */
1489 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1490 fsp->oplock_type, fsp_str_dbg(fsp)));
1494 got_level2_oplock = false;
1495 got_a_none_oplock = false;
1497 for (i=0; i<lck->data->num_share_modes; i++) {
1498 int op_type = lck->data->share_modes[i].op_type;
1500 if (LEVEL_II_OPLOCK_TYPE(op_type)) {
1501 got_level2_oplock = true;
1503 if (op_type == NO_OPLOCK) {
1504 got_a_none_oplock = true;
1509 * Match what was requested (fsp->oplock_type) with
1510 * what was found in the existing share modes.
1513 if (got_level2_oplock || got_a_none_oplock) {
1514 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1515 fsp->oplock_type = LEVEL_II_OPLOCK;
1520 * Don't grant level2 to clients that don't want them
1521 * or if we've turned them off.
1523 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1524 fsp->oplock_type = NO_OPLOCK;
1527 if (fsp->oplock_type == LEVEL_II_OPLOCK && !got_level2_oplock) {
1529 * We're the first level2 oplock. Indicate that in brlock.tdb.
1531 struct byte_range_lock *brl;
1533 brl = brl_get_locks(talloc_tos(), fsp);
1535 brl_set_have_read_oplocks(brl, true);
1540 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1541 fsp->oplock_type, fsp_str_dbg(fsp)));
1544 static bool request_timed_out(struct timeval request_time,
1545 struct timeval timeout)
1547 struct timeval now, end_time;
1549 end_time = timeval_sum(&request_time, &timeout);
1550 return (timeval_compare(&end_time, &now) < 0);
1553 struct defer_open_state {
1554 struct smbd_server_connection *sconn;
1558 static void defer_open_done(struct tevent_req *req);
1560 /****************************************************************************
1561 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1562 ****************************************************************************/
1564 static void defer_open(struct share_mode_lock *lck,
1565 struct timeval request_time,
1566 struct timeval timeout,
1567 struct smb_request *req,
1568 struct deferred_open_record *state)
1570 struct deferred_open_record *open_rec;
1572 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1573 "open entry for mid %llu\n",
1574 (unsigned int)request_time.tv_sec,
1575 (unsigned int)request_time.tv_usec,
1576 (unsigned long long)req->mid));
1578 open_rec = talloc(NULL, struct deferred_open_record);
1579 if (open_rec == NULL) {
1581 exit_server("talloc failed");
1587 struct defer_open_state *watch_state;
1588 struct tevent_req *watch_req;
1591 watch_state = talloc(open_rec, struct defer_open_state);
1592 if (watch_state == NULL) {
1593 exit_server("talloc failed");
1595 watch_state->sconn = req->sconn;
1596 watch_state->mid = req->mid;
1598 DEBUG(10, ("defering mid %llu\n",
1599 (unsigned long long)req->mid));
1601 watch_req = dbwrap_record_watch_send(
1602 watch_state, req->sconn->ev_ctx, lck->data->record,
1603 req->sconn->msg_ctx);
1604 if (watch_req == NULL) {
1605 exit_server("Could not watch share mode record");
1607 tevent_req_set_callback(watch_req, defer_open_done,
1610 ret = tevent_req_set_endtime(
1611 watch_req, req->sconn->ev_ctx,
1612 timeval_sum(&request_time, &timeout));
1616 if (!push_deferred_open_message_smb(req, request_time, timeout,
1617 state->id, open_rec)) {
1619 exit_server("push_deferred_open_message_smb failed");
1623 static void defer_open_done(struct tevent_req *req)
1625 struct defer_open_state *state = tevent_req_callback_data(
1626 req, struct defer_open_state);
1630 status = dbwrap_record_watch_recv(req, talloc_tos(), NULL);
1632 if (!NT_STATUS_IS_OK(status)) {
1633 DEBUG(5, ("dbwrap_record_watch_recv returned %s\n",
1634 nt_errstr(status)));
1636 * Even if it failed, retry anyway. TODO: We need a way to
1637 * tell a re-scheduled open about that error.
1641 DEBUG(10, ("scheduling mid %llu\n", (unsigned long long)state->mid));
1643 ret = schedule_deferred_open_message_smb(state->sconn, state->mid);
1649 /****************************************************************************
1650 On overwrite open ensure that the attributes match.
1651 ****************************************************************************/
1653 static bool open_match_attributes(connection_struct *conn,
1654 uint32 old_dos_attr,
1655 uint32 new_dos_attr,
1656 mode_t existing_unx_mode,
1657 mode_t new_unx_mode,
1658 mode_t *returned_unx_mode)
1660 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1662 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1663 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1665 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1666 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1667 *returned_unx_mode = new_unx_mode;
1669 *returned_unx_mode = (mode_t)0;
1672 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1673 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1674 "returned_unx_mode = 0%o\n",
1675 (unsigned int)old_dos_attr,
1676 (unsigned int)existing_unx_mode,
1677 (unsigned int)new_dos_attr,
1678 (unsigned int)*returned_unx_mode ));
1680 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1681 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1682 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1683 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1687 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1688 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1689 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1696 /****************************************************************************
1697 Special FCB or DOS processing in the case of a sharing violation.
1698 Try and find a duplicated file handle.
1699 ****************************************************************************/
1701 static NTSTATUS fcb_or_dos_open(struct smb_request *req,
1702 connection_struct *conn,
1703 files_struct *fsp_to_dup_into,
1704 const struct smb_filename *smb_fname,
1709 uint32 share_access,
1710 uint32 create_options)
1714 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1715 "file %s.\n", smb_fname_str_dbg(smb_fname)));
1717 for(fsp = file_find_di_first(conn->sconn, id); fsp;
1718 fsp = file_find_di_next(fsp)) {
1720 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1721 "vuid = %llu, file_pid = %u, private_options = 0x%x "
1722 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1723 fsp->fh->fd, (unsigned long long)fsp->vuid,
1724 (unsigned int)fsp->file_pid,
1725 (unsigned int)fsp->fh->private_options,
1726 (unsigned int)fsp->access_mask ));
1728 if (fsp != fsp_to_dup_into &&
1729 fsp->fh->fd != -1 &&
1730 fsp->vuid == vuid &&
1731 fsp->file_pid == file_pid &&
1732 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1733 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1734 (fsp->access_mask & FILE_WRITE_DATA) &&
1735 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1736 strequal(fsp->fsp_name->stream_name,
1737 smb_fname->stream_name)) {
1738 DEBUG(10,("fcb_or_dos_open: file match\n"));
1744 return NT_STATUS_NOT_FOUND;
1747 /* quite an insane set of semantics ... */
1748 if (is_executable(smb_fname->base_name) &&
1749 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1750 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1751 return NT_STATUS_INVALID_PARAMETER;
1754 /* We need to duplicate this fsp. */
1755 return dup_file_fsp(req, fsp, access_mask, share_access,
1756 create_options, fsp_to_dup_into);
1759 static void schedule_defer_open(struct share_mode_lock *lck,
1761 struct timeval request_time,
1762 struct smb_request *req)
1764 struct deferred_open_record state;
1766 /* This is a relative time, added to the absolute
1767 request_time value to get the absolute timeout time.
1768 Note that if this is the second or greater time we enter
1769 this codepath for this particular request mid then
1770 request_time is left as the absolute time of the *first*
1771 time this request mid was processed. This is what allows
1772 the request to eventually time out. */
1774 struct timeval timeout;
1776 /* Normally the smbd we asked should respond within
1777 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1778 * the client did, give twice the timeout as a safety
1779 * measure here in case the other smbd is stuck
1780 * somewhere else. */
1782 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1784 /* Nothing actually uses state.delayed_for_oplocks
1785 but it's handy to differentiate in debug messages
1786 between a 30 second delay due to oplock break, and
1787 a 1 second delay for share mode conflicts. */
1789 state.delayed_for_oplocks = True;
1790 state.async_open = false;
1793 if (!request_timed_out(request_time, timeout)) {
1794 defer_open(lck, request_time, timeout, req, &state);
1798 /****************************************************************************
1799 Reschedule an open call that went asynchronous.
1800 ****************************************************************************/
1802 static void schedule_async_open(struct timeval request_time,
1803 struct smb_request *req)
1805 struct deferred_open_record state;
1806 struct timeval timeout;
1808 timeout = timeval_set(20, 0);
1811 state.delayed_for_oplocks = false;
1812 state.async_open = true;
1814 if (!request_timed_out(request_time, timeout)) {
1815 defer_open(NULL, request_time, timeout, req, &state);
1819 /****************************************************************************
1820 Work out what access_mask to use from what the client sent us.
1821 ****************************************************************************/
1823 static NTSTATUS smbd_calculate_maximum_allowed_access(
1824 connection_struct *conn,
1825 const struct smb_filename *smb_fname,
1827 uint32_t *p_access_mask)
1829 struct security_descriptor *sd;
1830 uint32_t access_granted;
1833 if (!use_privs && (get_current_uid(conn) == (uid_t)0)) {
1834 *p_access_mask |= FILE_GENERIC_ALL;
1835 return NT_STATUS_OK;
1838 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1844 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1846 * File did not exist
1848 *p_access_mask = FILE_GENERIC_ALL;
1849 return NT_STATUS_OK;
1851 if (!NT_STATUS_IS_OK(status)) {
1852 DEBUG(10,("Could not get acl on file %s: %s\n",
1853 smb_fname_str_dbg(smb_fname),
1854 nt_errstr(status)));
1855 return NT_STATUS_ACCESS_DENIED;
1859 * If we can access the path to this file, by
1860 * default we have FILE_READ_ATTRIBUTES from the
1861 * containing directory. See the section:
1862 * "Algorithm to Check Access to an Existing File"
1865 * se_file_access_check()
1866 * also takes care of owner WRITE_DAC and READ_CONTROL.
1868 status = se_file_access_check(sd,
1869 get_current_nttok(conn),
1871 (*p_access_mask & ~FILE_READ_ATTRIBUTES),
1876 if (!NT_STATUS_IS_OK(status)) {
1877 DEBUG(10, ("Access denied on file %s: "
1878 "when calculating maximum access\n",
1879 smb_fname_str_dbg(smb_fname)));
1880 return NT_STATUS_ACCESS_DENIED;
1882 *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
1884 if (!(access_granted & DELETE_ACCESS)) {
1885 if (can_delete_file_in_directory(conn, smb_fname)) {
1886 *p_access_mask |= DELETE_ACCESS;
1890 return NT_STATUS_OK;
1893 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
1894 const struct smb_filename *smb_fname,
1896 uint32_t access_mask,
1897 uint32_t *access_mask_out)
1900 uint32_t orig_access_mask = access_mask;
1901 uint32_t rejected_share_access;
1904 * Convert GENERIC bits to specific bits.
1907 se_map_generic(&access_mask, &file_generic_mapping);
1909 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1910 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1912 status = smbd_calculate_maximum_allowed_access(
1913 conn, smb_fname, use_privs, &access_mask);
1915 if (!NT_STATUS_IS_OK(status)) {
1919 access_mask &= conn->share_access;
1922 rejected_share_access = access_mask & ~(conn->share_access);
1924 if (rejected_share_access) {
1925 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
1926 "file %s: rejected by share access mask[0x%08X] "
1927 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
1928 smb_fname_str_dbg(smb_fname),
1930 orig_access_mask, access_mask,
1931 rejected_share_access));
1932 return NT_STATUS_ACCESS_DENIED;
1935 *access_mask_out = access_mask;
1936 return NT_STATUS_OK;
1939 /****************************************************************************
1940 Remove the deferred open entry under lock.
1941 ****************************************************************************/
1943 /****************************************************************************
1944 Return true if this is a state pointer to an asynchronous create.
1945 ****************************************************************************/
1947 bool is_deferred_open_async(const struct deferred_open_record *rec)
1949 return rec->async_open;
1952 static bool clear_ads(uint32_t create_disposition)
1956 switch (create_disposition) {
1957 case FILE_SUPERSEDE:
1958 case FILE_OVERWRITE_IF:
1959 case FILE_OVERWRITE:
1968 static int disposition_to_open_flags(uint32_t create_disposition)
1973 * Currently we're using FILE_SUPERSEDE as the same as
1974 * FILE_OVERWRITE_IF but they really are
1975 * different. FILE_SUPERSEDE deletes an existing file
1976 * (requiring delete access) then recreates it.
1979 switch (create_disposition) {
1980 case FILE_SUPERSEDE:
1981 case FILE_OVERWRITE_IF:
1983 * If file exists replace/overwrite. If file doesn't
1986 ret = O_CREAT|O_TRUNC;
1991 * If file exists open. If file doesn't exist error.
1996 case FILE_OVERWRITE:
1998 * If file exists overwrite. If file doesn't exist
2006 * If file exists error. If file doesn't exist create.
2008 ret = O_CREAT|O_EXCL;
2013 * If file exists open. If file doesn't exist create.
2021 static int calculate_open_access_flags(uint32_t access_mask,
2023 uint32_t private_flags)
2025 bool need_write, need_read;
2028 * Note that we ignore the append flag as append does not
2029 * mean the same thing under DOS and Unix.
2032 need_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA));
2037 /* DENY_DOS opens are always underlying read-write on the
2038 file handle, no matter what the requested access mask
2042 ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
2043 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|
2044 FILE_READ_EA|FILE_EXECUTE));
2052 /****************************************************************************
2053 Open a file with a share mode. Passed in an already created files_struct *.
2054 ****************************************************************************/
2056 static NTSTATUS open_file_ntcreate(connection_struct *conn,
2057 struct smb_request *req,
2058 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
2059 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
2060 uint32 create_disposition, /* FILE_OPEN_IF etc. */
2061 uint32 create_options, /* options such as delete on close. */
2062 uint32 new_dos_attributes, /* attributes used for new file. */
2063 int oplock_request, /* internal Samba oplock codes. */
2064 struct smb2_lease *lease,
2065 /* Information (FILE_EXISTS etc.) */
2066 uint32_t private_flags, /* Samba specific flags. */
2070 struct smb_filename *smb_fname = fsp->fsp_name;
2073 bool file_existed = VALID_STAT(smb_fname->st);
2074 bool def_acl = False;
2075 bool posix_open = False;
2076 bool new_file_created = False;
2077 bool first_open_attempt = true;
2078 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
2079 mode_t new_unx_mode = (mode_t)0;
2080 mode_t unx_mode = (mode_t)0;
2082 uint32 existing_dos_attributes = 0;
2083 struct timeval request_time = timeval_zero();
2084 struct share_mode_lock *lck = NULL;
2085 uint32 open_access_mask = access_mask;
2088 SMB_STRUCT_STAT saved_stat = smb_fname->st;
2089 struct timespec old_write_time;
2092 if (conn->printer) {
2094 * Printers are handled completely differently.
2095 * Most of the passed parameters are ignored.
2099 *pinfo = FILE_WAS_CREATED;
2102 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
2103 smb_fname_str_dbg(smb_fname)));
2106 DEBUG(0,("open_file_ntcreate: printer open without "
2107 "an SMB request!\n"));
2108 return NT_STATUS_INTERNAL_ERROR;
2111 return print_spool_open(fsp, smb_fname->base_name,
2115 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
2117 return NT_STATUS_NO_MEMORY;
2120 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2122 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2123 new_dos_attributes = 0;
2125 /* Windows allows a new file to be created and
2126 silently removes a FILE_ATTRIBUTE_DIRECTORY
2127 sent by the client. Do the same. */
2129 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
2131 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
2133 unx_mode = unix_mode(conn, new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
2134 smb_fname, parent_dir);
2137 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
2138 "access_mask=0x%x share_access=0x%x "
2139 "create_disposition = 0x%x create_options=0x%x "
2140 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
2141 smb_fname_str_dbg(smb_fname), new_dos_attributes,
2142 access_mask, share_access, create_disposition,
2143 create_options, (unsigned int)unx_mode, oplock_request,
2144 (unsigned int)private_flags));
2147 /* Ensure req == NULL means INTERNAL_OPEN_ONLY */
2148 SMB_ASSERT(((oplock_request & INTERNAL_OPEN_ONLY) != 0));
2150 /* And req != NULL means no INTERNAL_OPEN_ONLY */
2151 SMB_ASSERT(((oplock_request & INTERNAL_OPEN_ONLY) == 0));
2155 * Only non-internal opens can be deferred at all
2159 struct deferred_open_record *open_rec;
2160 if (get_deferred_open_message_state(req,
2163 /* Remember the absolute time of the original
2164 request with this mid. We'll use it later to
2165 see if this has timed out. */
2167 /* If it was an async create retry, the file
2170 if (is_deferred_open_async(open_rec)) {
2171 SET_STAT_INVALID(smb_fname->st);
2172 file_existed = false;
2175 /* Ensure we don't reprocess this message. */
2176 remove_deferred_open_message_smb(req->sconn, req->mid);
2178 first_open_attempt = false;
2183 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
2185 existing_dos_attributes = dos_mode(conn, smb_fname);
2189 /* ignore any oplock requests if oplocks are disabled */
2190 if (!lp_oplocks(SNUM(conn)) ||
2191 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
2192 /* Mask off everything except the private Samba bits. */
2193 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
2196 /* this is for OS/2 long file names - say we don't support them */
2197 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
2198 /* OS/2 Workplace shell fix may be main code stream in a later
2200 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
2202 if (use_nt_status()) {
2203 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2205 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
2208 switch( create_disposition ) {
2210 /* If file exists open. If file doesn't exist error. */
2211 if (!file_existed) {
2212 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
2213 "requested for file %s and file "
2215 smb_fname_str_dbg(smb_fname)));
2217 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2221 case FILE_OVERWRITE:
2222 /* If file exists overwrite. If file doesn't exist
2224 if (!file_existed) {
2225 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
2226 "requested for file %s and file "
2228 smb_fname_str_dbg(smb_fname) ));
2230 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2235 /* If file exists error. If file doesn't exist
2238 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
2239 "requested for file %s and file "
2240 "already exists.\n",
2241 smb_fname_str_dbg(smb_fname)));
2242 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
2247 return map_nt_error_from_unix(errno);
2251 case FILE_SUPERSEDE:
2252 case FILE_OVERWRITE_IF:
2256 return NT_STATUS_INVALID_PARAMETER;
2259 flags2 = disposition_to_open_flags(create_disposition);
2261 /* We only care about matching attributes on file exists and
2264 if (!posix_open && file_existed &&
2265 ((create_disposition == FILE_OVERWRITE) ||
2266 (create_disposition == FILE_OVERWRITE_IF))) {
2267 if (!open_match_attributes(conn, existing_dos_attributes,
2269 smb_fname->st.st_ex_mode,
2270 unx_mode, &new_unx_mode)) {
2271 DEBUG(5,("open_file_ntcreate: attributes missmatch "
2272 "for file %s (%x %x) (0%o, 0%o)\n",
2273 smb_fname_str_dbg(smb_fname),
2274 existing_dos_attributes,
2276 (unsigned int)smb_fname->st.st_ex_mode,
2277 (unsigned int)unx_mode ));
2279 return NT_STATUS_ACCESS_DENIED;
2283 status = smbd_calculate_access_mask(conn, smb_fname,
2287 if (!NT_STATUS_IS_OK(status)) {
2288 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
2289 "on file %s returned %s\n",
2290 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
2294 open_access_mask = access_mask;
2296 if (flags2 & O_TRUNC) {
2297 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
2300 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
2301 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
2305 * Note that we ignore the append flag as append does not
2306 * mean the same thing under DOS and Unix.
2309 flags = calculate_open_access_flags(access_mask, oplock_request,
2313 * Currently we only look at FILE_WRITE_THROUGH for create options.
2317 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
2322 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
2326 if (!posix_open && !CAN_WRITE(conn)) {
2328 * We should really return a permission denied error if either
2329 * O_CREAT or O_TRUNC are set, but for compatibility with
2330 * older versions of Samba we just AND them out.
2332 flags2 &= ~(O_CREAT|O_TRUNC);
2335 if (first_open_attempt && lp_kernel_oplocks(SNUM(conn))) {
2337 * With kernel oplocks the open breaking an oplock
2338 * blocks until the oplock holder has given up the
2339 * oplock or closed the file. We prevent this by first
2340 * trying to open the file with O_NONBLOCK (see "man
2341 * fcntl" on Linux). For the second try, triggered by
2342 * an oplock break response, we do not need this
2345 * This is true under the assumption that only Samba
2346 * requests kernel oplocks. Once someone else like
2347 * NFSv4 starts to use that API, we will have to
2348 * modify this by communicating with the NFSv4 server.
2350 flags2 |= O_NONBLOCK;
2354 * Ensure we can't write on a read-only share or file.
2357 if (flags != O_RDONLY && file_existed &&
2358 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
2359 DEBUG(5,("open_file_ntcreate: write access requested for "
2360 "file %s on read only %s\n",
2361 smb_fname_str_dbg(smb_fname),
2362 !CAN_WRITE(conn) ? "share" : "file" ));
2364 return NT_STATUS_ACCESS_DENIED;
2367 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
2368 fsp->share_access = share_access;
2369 fsp->fh->private_options = private_flags;
2370 fsp->access_mask = open_access_mask; /* We change this to the
2371 * requested access_mask after
2372 * the open is done. */
2373 fsp->posix_open = posix_open;
2375 /* Ensure no SAMBA_PRIVATE bits can be set. */
2376 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
2378 if (timeval_is_zero(&request_time)) {
2379 request_time = fsp->open_time;
2383 * Ensure we pay attention to default ACLs on directories if required.
2386 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
2387 (def_acl = directory_has_default_acl(conn, parent_dir))) {
2388 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
2391 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2392 "access_mask = 0x%x, open_access_mask = 0x%x\n",
2393 (unsigned int)flags, (unsigned int)flags2,
2394 (unsigned int)unx_mode, (unsigned int)access_mask,
2395 (unsigned int)open_access_mask));
2397 fsp_open = open_file(fsp, conn, req, parent_dir,
2398 flags|flags2, unx_mode, access_mask,
2399 open_access_mask, &new_file_created);
2401 if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_NETWORK_BUSY)) {
2402 struct deferred_open_record state;
2405 * EWOULDBLOCK/EAGAIN maps to NETWORK_BUSY.
2407 if (file_existed && S_ISFIFO(fsp->fsp_name->st.st_ex_mode)) {
2408 DEBUG(10, ("FIFO busy\n"));
2409 return NT_STATUS_NETWORK_BUSY;
2412 DEBUG(10, ("Internal open busy\n"));
2413 return NT_STATUS_NETWORK_BUSY;
2417 * From here on we assume this is an oplock break triggered
2420 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
2422 state.delayed_for_oplocks = false;
2423 state.async_open = false;
2424 state.id = fsp->file_id;
2425 defer_open(NULL, request_time, timeval_set(0, 0),
2427 DEBUG(10, ("No share mode lock found after "
2428 "EWOULDBLOCK, retrying sync\n"));
2429 return NT_STATUS_SHARING_VIOLATION;
2432 if (!validate_oplock_types(lck)) {
2433 smb_panic("validate_oplock_types failed");
2436 if (delay_for_oplock(fsp, 0, lck, false, create_disposition)) {
2437 schedule_defer_open(lck, fsp->file_id, request_time, req);
2439 DEBUG(10, ("Sent oplock break request to kernel "
2440 "oplock holder\n"));
2441 return NT_STATUS_SHARING_VIOLATION;
2445 * No oplock from Samba around. Immediately retry with
2448 state.delayed_for_oplocks = false;
2449 state.async_open = false;
2450 state.id = fsp->file_id;
2451 defer_open(lck, request_time, timeval_set(0, 0), req, &state);
2453 DEBUG(10, ("No Samba oplock around after EWOULDBLOCK. "
2454 "Retrying sync\n"));
2455 return NT_STATUS_SHARING_VIOLATION;
2458 if (!NT_STATUS_IS_OK(fsp_open)) {
2459 if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_RETRY)) {
2460 schedule_async_open(request_time, req);
2465 if (file_existed && !check_same_dev_ino(&saved_stat, &smb_fname->st)) {
2467 * The file did exist, but some other (local or NFS)
2468 * process either renamed/unlinked and re-created the
2469 * file with different dev/ino after we walked the path,
2470 * but before we did the open. We could retry the
2471 * open but it's a rare enough case it's easier to
2472 * just fail the open to prevent creating any problems
2473 * in the open file db having the wrong dev/ino key.
2476 DEBUG(1,("open_file_ntcreate: file %s - dev/ino mismatch. "
2477 "Old (dev=0x%llu, ino =0x%llu). "
2478 "New (dev=0x%llu, ino=0x%llu). Failing open "
2479 " with NT_STATUS_ACCESS_DENIED.\n",
2480 smb_fname_str_dbg(smb_fname),
2481 (unsigned long long)saved_stat.st_ex_dev,
2482 (unsigned long long)saved_stat.st_ex_ino,
2483 (unsigned long long)smb_fname->st.st_ex_dev,
2484 (unsigned long long)smb_fname->st.st_ex_ino));
2485 return NT_STATUS_ACCESS_DENIED;
2488 old_write_time = smb_fname->st.st_ex_mtime;
2491 * Deal with the race condition where two smbd's detect the
2492 * file doesn't exist and do the create at the same time. One
2493 * of them will win and set a share mode, the other (ie. this
2494 * one) should check if the requested share mode for this
2495 * create is allowed.
2499 * Now the file exists and fsp is successfully opened,
2500 * fsp->dev and fsp->inode are valid and should replace the
2501 * dev=0,inode=0 from a non existent file. Spotted by
2502 * Nadav Danieli <nadavd@exanet.com>. JRA.
2507 lck = get_share_mode_lock(talloc_tos(), id,
2509 smb_fname, &old_write_time);
2512 DEBUG(0, ("open_file_ntcreate: Could not get share "
2513 "mode lock for %s\n",
2514 smb_fname_str_dbg(smb_fname)));
2516 return NT_STATUS_SHARING_VIOLATION;
2519 /* Get the types we need to examine. */
2520 if (!validate_oplock_types(lck)) {
2521 smb_panic("validate_oplock_types failed");
2524 if (has_delete_on_close(lck, fsp->name_hash)) {
2527 return NT_STATUS_DELETE_PENDING;
2530 status = open_mode_check(conn, lck,
2531 access_mask, share_access);
2533 if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
2534 (lck->data->num_share_modes > 0)) {
2536 * This comes from ancient times out of open_mode_check. I
2537 * have no clue whether this is still necessary. I can't think
2538 * of a case where this would actually matter further down in
2539 * this function. I leave it here for further investigation
2542 file_existed = true;
2545 if ((req != NULL) &&
2547 fsp, oplock_request, lck,
2548 NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION),
2549 create_disposition)) {
2550 schedule_defer_open(lck, fsp->file_id, request_time, req);
2553 return NT_STATUS_SHARING_VIOLATION;
2556 if (!NT_STATUS_IS_OK(status)) {
2557 uint32 can_access_mask;
2558 bool can_access = True;
2560 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
2562 /* Check if this can be done with the deny_dos and fcb
2565 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
2566 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
2568 DEBUG(0, ("DOS open without an SMB "
2572 return NT_STATUS_INTERNAL_ERROR;
2575 /* Use the client requested access mask here,
2576 * not the one we open with. */
2577 status = fcb_or_dos_open(req,
2588 if (NT_STATUS_IS_OK(status)) {
2591 *pinfo = FILE_WAS_OPENED;
2593 return NT_STATUS_OK;
2598 * This next line is a subtlety we need for
2599 * MS-Access. If a file open will fail due to share
2600 * permissions and also for security (access) reasons,
2601 * we need to return the access failed error, not the
2602 * share error. We can't open the file due to kernel
2603 * oplock deadlock (it's possible we failed above on
2604 * the open_mode_check()) so use a userspace check.
2607 if (flags & O_RDWR) {
2608 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
2609 } else if (flags & O_WRONLY) {
2610 can_access_mask = FILE_WRITE_DATA;
2612 can_access_mask = FILE_READ_DATA;
2615 if (((can_access_mask & FILE_WRITE_DATA) &&
2616 !CAN_WRITE(conn)) ||
2617 !NT_STATUS_IS_OK(smbd_check_access_rights(conn,
2620 can_access_mask))) {
2625 * If we're returning a share violation, ensure we
2626 * cope with the braindead 1 second delay (SMB1 only).
2629 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
2630 !conn->sconn->using_smb2 &&
2631 lp_defer_sharing_violations()) {
2632 struct timeval timeout;
2633 struct deferred_open_record state;
2636 /* this is a hack to speed up torture tests
2638 timeout_usecs = lp_parm_int(SNUM(conn),
2639 "smbd","sharedelay",
2640 SHARING_VIOLATION_USEC_WAIT);
2642 /* This is a relative time, added to the absolute
2643 request_time value to get the absolute timeout time.
2644 Note that if this is the second or greater time we enter
2645 this codepath for this particular request mid then
2646 request_time is left as the absolute time of the *first*
2647 time this request mid was processed. This is what allows
2648 the request to eventually time out. */
2650 timeout = timeval_set(0, timeout_usecs);
2652 /* Nothing actually uses state.delayed_for_oplocks
2653 but it's handy to differentiate in debug messages
2654 between a 30 second delay due to oplock break, and
2655 a 1 second delay for share mode conflicts. */
2657 state.delayed_for_oplocks = False;
2658 state.async_open = false;
2662 && !request_timed_out(request_time,
2664 defer_open(lck, request_time, timeout,
2673 * We have detected a sharing violation here
2674 * so return the correct error code
2676 status = NT_STATUS_SHARING_VIOLATION;
2678 status = NT_STATUS_ACCESS_DENIED;
2683 /* Should we atomically (to the client at least) truncate ? */
2684 if ((!new_file_created) &&
2685 (flags2 & O_TRUNC) &&
2686 (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode))) {
2689 ret = vfs_set_filelen(fsp, 0);
2691 status = map_nt_error_from_unix(errno);
2698 grant_fsp_oplock_type(fsp, lck, oplock_request);
2701 * We have the share entry *locked*.....
2704 /* Delete streams if create_disposition requires it */
2705 if (!new_file_created && clear_ads(create_disposition) &&
2706 !is_ntfs_stream_smb_fname(smb_fname)) {
2707 status = delete_all_streams(conn, smb_fname->base_name);
2708 if (!NT_STATUS_IS_OK(status)) {
2715 /* note that we ignore failure for the following. It is
2716 basically a hack for NFS, and NFS will never set one of
2717 these only read them. Nobody but Samba can ever set a deny
2718 mode and we have already checked our more authoritative
2719 locking database for permission to set this deny mode. If
2720 the kernel refuses the operations then the kernel is wrong.
2721 note that GPFS supports it as well - jmcd */
2723 if (fsp->fh->fd != -1 && lp_kernel_share_modes(SNUM(conn))) {
2725 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
2726 if(ret_flock == -1 ){
2731 return NT_STATUS_SHARING_VIOLATION;
2736 * At this point onwards, we can guarantee that the share entry
2737 * is locked, whether we created the file or not, and that the
2738 * deny mode is compatible with all current opens.
2742 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2743 * but we don't have to store this - just ignore it on access check.
2745 if (conn->sconn->using_smb2) {
2747 * SMB2 doesn't return it (according to Microsoft tests).
2748 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
2749 * File created with access = 0x7 (Read, Write, Delete)
2750 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
2752 fsp->access_mask = access_mask;
2754 /* But SMB1 does. */
2755 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2759 /* stat opens on existing files don't get oplocks. */
2760 if (is_stat_open(open_access_mask)) {
2761 fsp->oplock_type = NO_OPLOCK;
2765 if (new_file_created) {
2766 info = FILE_WAS_CREATED;
2768 if (flags2 & O_TRUNC) {
2769 info = FILE_WAS_OVERWRITTEN;
2771 info = FILE_WAS_OPENED;
2780 * Setup the oplock info in both the shared memory and
2784 status = set_file_oplock(fsp);
2785 if (!NT_STATUS_IS_OK(status)) {
2787 * Could not get the kernel oplock
2789 fsp->oplock_type = NO_OPLOCK;
2792 if (!set_share_mode(lck, fsp, get_current_uid(conn),
2794 fsp->oplock_type)) {
2797 return NT_STATUS_NO_MEMORY;
2800 /* Handle strange delete on close create semantics. */
2801 if (create_options & FILE_DELETE_ON_CLOSE) {
2803 status = can_set_delete_on_close(fsp, new_dos_attributes);
2805 if (!NT_STATUS_IS_OK(status)) {
2806 /* Remember to delete the mode we just added. */
2807 del_share_mode(lck, fsp);
2812 /* Note that here we set the *inital* delete on close flag,
2813 not the regular one. The magic gets handled in close. */
2814 fsp->initial_delete_on_close = True;
2817 if (info != FILE_WAS_OPENED) {
2818 /* Files should be initially set as archive */
2819 if (lp_map_archive(SNUM(conn)) ||
2820 lp_store_dos_attributes(SNUM(conn))) {
2822 if (file_set_dosmode(conn, smb_fname,
2823 new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
2824 parent_dir, true) == 0) {
2825 unx_mode = smb_fname->st.st_ex_mode;
2831 /* Determine sparse flag. */
2833 /* POSIX opens are sparse by default. */
2834 fsp->is_sparse = true;
2836 fsp->is_sparse = (file_existed &&
2837 (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE));
2841 * Take care of inherited ACLs on created files - if default ACL not
2845 if (!posix_open && new_file_created && !def_acl) {
2847 int saved_errno = errno; /* We might get ENOSYS in the next
2850 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2852 errno = saved_errno; /* Ignore ENOSYS */
2855 } else if (new_unx_mode) {
2859 /* Attributes need changing. File already existed. */
2862 int saved_errno = errno; /* We might get ENOSYS in the
2864 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2866 if (ret == -1 && errno == ENOSYS) {
2867 errno = saved_errno; /* Ignore ENOSYS */
2869 DEBUG(5, ("open_file_ntcreate: reset "
2870 "attributes of file %s to 0%o\n",
2871 smb_fname_str_dbg(smb_fname),
2872 (unsigned int)new_unx_mode));
2873 ret = 0; /* Don't do the fchmod below. */
2878 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2879 DEBUG(5, ("open_file_ntcreate: failed to reset "
2880 "attributes of file %s to 0%o\n",
2881 smb_fname_str_dbg(smb_fname),
2882 (unsigned int)new_unx_mode));
2887 * Deal with other opens having a modified write time.
2889 struct timespec write_time = get_share_mode_write_time(lck);
2891 if (!null_timespec(write_time)) {
2892 update_stat_ex_mtime(&fsp->fsp_name->st, write_time);
2898 return NT_STATUS_OK;
2901 static NTSTATUS mkdir_internal(connection_struct *conn,
2902 struct smb_filename *smb_dname,
2903 uint32 file_attributes)
2906 char *parent_dir = NULL;
2908 bool posix_open = false;
2909 bool need_re_stat = false;
2910 uint32_t access_mask = SEC_DIR_ADD_SUBDIR;
2912 if (!CAN_WRITE(conn) || (access_mask & ~(conn->share_access))) {
2913 DEBUG(5,("mkdir_internal: failing share access "
2914 "%s\n", lp_servicename(talloc_tos(), SNUM(conn))));
2915 return NT_STATUS_ACCESS_DENIED;
2918 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2920 return NT_STATUS_NO_MEMORY;
2923 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2925 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2927 mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, smb_dname, parent_dir);
2930 status = check_parent_access(conn,
2933 if(!NT_STATUS_IS_OK(status)) {
2934 DEBUG(5,("mkdir_internal: check_parent_access "
2935 "on directory %s for path %s returned %s\n",
2937 smb_dname->base_name,
2938 nt_errstr(status) ));
2942 if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2943 return map_nt_error_from_unix(errno);
2946 /* Ensure we're checking for a symlink here.... */
2947 /* We don't want to get caught by a symlink racer. */
2949 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2950 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2951 smb_fname_str_dbg(smb_dname), strerror(errno)));
2952 return map_nt_error_from_unix(errno);
2955 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2956 DEBUG(0, ("Directory '%s' just created is not a directory !\n",
2957 smb_fname_str_dbg(smb_dname)));
2958 return NT_STATUS_NOT_A_DIRECTORY;
2961 if (lp_store_dos_attributes(SNUM(conn))) {
2963 file_set_dosmode(conn, smb_dname,
2964 file_attributes | FILE_ATTRIBUTE_DIRECTORY,
2969 if (lp_inherit_permissions(SNUM(conn))) {
2970 inherit_access_posix_acl(conn, parent_dir,
2971 smb_dname->base_name, mode);
2972 need_re_stat = true;
2977 * Check if high bits should have been set,
2978 * then (if bits are missing): add them.
2979 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2982 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2983 (mode & ~smb_dname->st.st_ex_mode)) {
2984 SMB_VFS_CHMOD(conn, smb_dname->base_name,
2985 (smb_dname->st.st_ex_mode |
2986 (mode & ~smb_dname->st.st_ex_mode)));
2987 need_re_stat = true;
2991 /* Change the owner if required. */
2992 if (lp_inherit_owner(SNUM(conn))) {
2993 change_dir_owner_to_parent(conn, parent_dir,
2994 smb_dname->base_name,
2996 need_re_stat = true;
3000 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
3001 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
3002 smb_fname_str_dbg(smb_dname), strerror(errno)));
3003 return map_nt_error_from_unix(errno);
3007 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
3008 smb_dname->base_name);
3010 return NT_STATUS_OK;
3013 /****************************************************************************
3014 Open a directory from an NT SMB call.
3015 ****************************************************************************/
3017 static NTSTATUS open_directory(connection_struct *conn,
3018 struct smb_request *req,
3019 struct smb_filename *smb_dname,
3021 uint32 share_access,
3022 uint32 create_disposition,
3023 uint32 create_options,
3024 uint32 file_attributes,
3026 files_struct **result)
3028 files_struct *fsp = NULL;
3029 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
3030 struct share_mode_lock *lck = NULL;
3032 struct timespec mtimespec;
3035 if (is_ntfs_stream_smb_fname(smb_dname)) {
3036 DEBUG(2, ("open_directory: %s is a stream name!\n",
3037 smb_fname_str_dbg(smb_dname)));
3038 return NT_STATUS_NOT_A_DIRECTORY;
3041 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
3042 /* Ensure we have a directory attribute. */
3043 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
3046 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
3047 "share_access = 0x%x create_options = 0x%x, "
3048 "create_disposition = 0x%x, file_attributes = 0x%x\n",
3049 smb_fname_str_dbg(smb_dname),
3050 (unsigned int)access_mask,
3051 (unsigned int)share_access,
3052 (unsigned int)create_options,
3053 (unsigned int)create_disposition,
3054 (unsigned int)file_attributes));
3056 status = smbd_calculate_access_mask(conn, smb_dname, false,
3057 access_mask, &access_mask);
3058 if (!NT_STATUS_IS_OK(status)) {
3059 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
3060 "on file %s returned %s\n",
3061 smb_fname_str_dbg(smb_dname),
3062 nt_errstr(status)));
3066 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
3067 !security_token_has_privilege(get_current_nttok(conn),
3068 SEC_PRIV_SECURITY)) {
3069 DEBUG(10, ("open_directory: open on %s "
3070 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3071 smb_fname_str_dbg(smb_dname)));
3072 return NT_STATUS_PRIVILEGE_NOT_HELD;
3075 switch( create_disposition ) {
3079 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3082 info = FILE_WAS_OPENED;
3087 /* If directory exists error. If directory doesn't
3091 status = NT_STATUS_OBJECT_NAME_COLLISION;
3092 DEBUG(2, ("open_directory: unable to create "
3093 "%s. Error was %s\n",
3094 smb_fname_str_dbg(smb_dname),
3095 nt_errstr(status)));
3099 status = mkdir_internal(conn, smb_dname,
3102 if (!NT_STATUS_IS_OK(status)) {
3103 DEBUG(2, ("open_directory: unable to create "
3104 "%s. Error was %s\n",
3105 smb_fname_str_dbg(smb_dname),
3106 nt_errstr(status)));
3110 info = FILE_WAS_CREATED;
3115 * If directory exists open. If directory doesn't
3120 status = NT_STATUS_OK;
3121 info = FILE_WAS_OPENED;
3123 status = mkdir_internal(conn, smb_dname,
3126 if (NT_STATUS_IS_OK(status)) {
3127 info = FILE_WAS_CREATED;
3129 /* Cope with create race. */
3130 if (!NT_STATUS_EQUAL(status,
3131 NT_STATUS_OBJECT_NAME_COLLISION)) {
3132 DEBUG(2, ("open_directory: unable to create "
3133 "%s. Error was %s\n",
3134 smb_fname_str_dbg(smb_dname),
3135 nt_errstr(status)));
3138 info = FILE_WAS_OPENED;
3144 case FILE_SUPERSEDE:
3145 case FILE_OVERWRITE:
3146 case FILE_OVERWRITE_IF:
3148 DEBUG(5,("open_directory: invalid create_disposition "
3149 "0x%x for directory %s\n",
3150 (unsigned int)create_disposition,
3151 smb_fname_str_dbg(smb_dname)));
3152 return NT_STATUS_INVALID_PARAMETER;
3155 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
3156 DEBUG(5,("open_directory: %s is not a directory !\n",
3157 smb_fname_str_dbg(smb_dname)));
3158 return NT_STATUS_NOT_A_DIRECTORY;
3161 if (info == FILE_WAS_OPENED) {
3162 status = smbd_check_access_rights(conn,
3166 if (!NT_STATUS_IS_OK(status)) {
3167 DEBUG(10, ("open_directory: smbd_check_access_rights on "
3168 "file %s failed with %s\n",
3169 smb_fname_str_dbg(smb_dname),
3170 nt_errstr(status)));
3175 status = file_new(req, conn, &fsp);
3176 if(!NT_STATUS_IS_OK(status)) {
3181 * Setup the files_struct for it.
3184 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
3185 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
3186 fsp->file_pid = req ? req->smbpid : 0;
3187 fsp->can_lock = False;
3188 fsp->can_read = False;
3189 fsp->can_write = False;
3191 fsp->share_access = share_access;
3192 fsp->fh->private_options = 0;
3194 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
3196 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
3197 fsp->print_file = NULL;
3198 fsp->modified = False;
3199 fsp->oplock_type = NO_OPLOCK;
3200 fsp->sent_oplock_break = NO_BREAK_SENT;
3201 fsp->is_directory = True;
3202 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
3203 status = fsp_set_smb_fname(fsp, smb_dname);
3204 if (!NT_STATUS_IS_OK(status)) {
3205 file_free(req, fsp);
3209 /* Don't store old timestamps for directory
3210 handles in the internal database. We don't
3211 update them in there if new objects
3212 are creaded in the directory. Currently
3213 we only update timestamps on file writes.
3216 ZERO_STRUCT(mtimespec);
3218 if (access_mask & (FILE_LIST_DIRECTORY|
3220 FILE_ADD_SUBDIRECTORY|
3223 FILE_DELETE_CHILD)) {
3225 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
3227 /* POSIX allows us to open a directory with O_RDONLY. */
3228 status = fd_open(conn, fsp, O_RDONLY, 0);
3230 if (!NT_STATUS_IS_OK(status)) {
3231 DEBUG(5, ("open_directory: Could not open fd for "
3233 smb_fname_str_dbg(smb_dname),
3234 nt_errstr(status)));
3235 file_free(req, fsp);
3240 DEBUG(10, ("Not opening Directory %s\n",
3241 smb_fname_str_dbg(smb_dname)));
3244 status = vfs_stat_fsp(fsp);
3245 if (!NT_STATUS_IS_OK(status)) {
3247 file_free(req, fsp);
3251 /* Ensure there was no race condition. */
3252 if (!check_same_stat(&smb_dname->st, &fsp->fsp_name->st)) {
3253 DEBUG(5,("open_directory: stat struct differs for "
3255 smb_fname_str_dbg(smb_dname)));
3257 file_free(req, fsp);
3258 return NT_STATUS_ACCESS_DENIED;
3261 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
3262 conn->connectpath, smb_dname,
3266 DEBUG(0, ("open_directory: Could not get share mode lock for "
3267 "%s\n", smb_fname_str_dbg(smb_dname)));
3269 file_free(req, fsp);
3270 return NT_STATUS_SHARING_VIOLATION;
3273 if (has_delete_on_close(lck, fsp->name_hash)) {
3276 file_free(req, fsp);
3277 return NT_STATUS_DELETE_PENDING;
3280 status = open_mode_check(conn, lck,
3281 access_mask, share_access);
3283 if (!NT_STATUS_IS_OK(status)) {
3286 file_free(req, fsp);
3290 if (!set_share_mode(lck, fsp, get_current_uid(conn),
3291 req ? req->mid : 0, NO_OPLOCK)) {
3294 file_free(req, fsp);
3295 return NT_STATUS_NO_MEMORY;
3298 /* For directories the delete on close bit at open time seems
3299 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
3300 if (create_options & FILE_DELETE_ON_CLOSE) {
3301 status = can_set_delete_on_close(fsp, 0);
3302 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
3303 del_share_mode(lck, fsp);
3306 file_free(req, fsp);
3310 if (NT_STATUS_IS_OK(status)) {
3311 /* Note that here we set the *inital* delete on close flag,
3312 not the regular one. The magic gets handled in close. */
3313 fsp->initial_delete_on_close = True;
3319 * Deal with other opens having a modified write time. Is this
3320 * possible for directories?
3322 struct timespec write_time = get_share_mode_write_time(lck);
3324 if (!null_timespec(write_time)) {
3325 update_stat_ex_mtime(&fsp->fsp_name->st, write_time);
3336 return NT_STATUS_OK;
3339 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
3340 struct smb_filename *smb_dname)
3345 status = SMB_VFS_CREATE_FILE(
3348 0, /* root_dir_fid */
3349 smb_dname, /* fname */
3350 FILE_READ_ATTRIBUTES, /* access_mask */
3351 FILE_SHARE_NONE, /* share_access */
3352 FILE_CREATE, /* create_disposition*/
3353 FILE_DIRECTORY_FILE, /* create_options */
3354 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
3355 0, /* oplock_request */
3357 0, /* allocation_size */
3358 0, /* private_flags */
3364 if (NT_STATUS_IS_OK(status)) {
3365 close_file(req, fsp, NORMAL_CLOSE);
3371 /****************************************************************************
3372 Receive notification that one of our open files has been renamed by another
3374 ****************************************************************************/
3376 void msg_file_was_renamed(struct messaging_context *msg,
3379 struct server_id server_id,
3383 char *frm = (char *)data->data;
3385 const char *sharepath;
3386 const char *base_name;
3387 const char *stream_name;
3388 struct smb_filename *smb_fname = NULL;
3389 size_t sp_len, bn_len;
3391 struct smbd_server_connection *sconn =
3392 talloc_get_type_abort(private_data,
3393 struct smbd_server_connection);
3395 if (data->data == NULL
3396 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
3397 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
3398 (int)data->length));
3402 /* Unpack the message. */
3403 pull_file_id_24(frm, &id);
3404 sharepath = &frm[24];
3405 sp_len = strlen(sharepath);
3406 base_name = sharepath + sp_len + 1;
3407 bn_len = strlen(base_name);
3408 stream_name = sharepath + sp_len + 1 + bn_len + 1;
3410 /* stream_name must always be NULL if there is no stream. */
3411 if (stream_name[0] == '\0') {
3415 smb_fname = synthetic_smb_fname(talloc_tos(), base_name,
3417 if (smb_fname == NULL) {
3421 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
3423 sharepath, smb_fname_str_dbg(smb_fname),
3424 file_id_string_tos(&id)));
3426 for(fsp = file_find_di_first(sconn, id); fsp;
3427 fsp = file_find_di_next(fsp)) {
3428 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
3430 DEBUG(10,("msg_file_was_renamed: renaming file %s from %s -> %s\n",
3431 fsp_fnum_dbg(fsp), fsp_str_dbg(fsp),
3432 smb_fname_str_dbg(smb_fname)));
3433 status = fsp_set_smb_fname(fsp, smb_fname);
3434 if (!NT_STATUS_IS_OK(status)) {
3439 /* Now we have the complete path we can work out if this is
3440 actually within this share and adjust newname accordingly. */
3441 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
3442 "not sharepath %s) "
3443 "%s from %s -> %s\n",
3444 fsp->conn->connectpath,
3448 smb_fname_str_dbg(smb_fname)));
3452 TALLOC_FREE(smb_fname);
3457 * If a main file is opened for delete, all streams need to be checked for
3458 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
3459 * If that works, delete them all by setting the delete on close and close.
3462 NTSTATUS open_streams_for_delete(connection_struct *conn,
3465 struct stream_struct *stream_info = NULL;
3466 files_struct **streams = NULL;
3468 unsigned int num_streams = 0;
3469 TALLOC_CTX *frame = talloc_stackframe();
3472 status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
3473 &num_streams, &stream_info);
3475 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
3476 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
3477 DEBUG(10, ("no streams around\n"));
3479 return NT_STATUS_OK;
3482 if (!NT_STATUS_IS_OK(status)) {
3483 DEBUG(10, ("vfs_streaminfo failed: %s\n",
3484 nt_errstr(status)));
3488 DEBUG(10, ("open_streams_for_delete found %d streams\n",
3491 if (num_streams == 0) {
3493 return NT_STATUS_OK;
3496 streams = talloc_array(talloc_tos(), files_struct *, num_streams);
3497 if (streams == NULL) {
3498 DEBUG(0, ("talloc failed\n"));
3499 status = NT_STATUS_NO_MEMORY;
3503 for (i=0; i<num_streams; i++) {
3504 struct smb_filename *smb_fname;
3506 if (strequal(stream_info[i].name, "::$DATA")) {
3511 smb_fname = synthetic_smb_fname(
3512 talloc_tos(), fname, stream_info[i].name, NULL);
3513 if (smb_fname == NULL) {
3514 status = NT_STATUS_NO_MEMORY;
3518 if (SMB_VFS_STAT(conn, smb_fname) == -1) {
3519 DEBUG(10, ("Unable to stat stream: %s\n",
3520 smb_fname_str_dbg(smb_fname)));
3523 status = SMB_VFS_CREATE_FILE(
3526 0, /* root_dir_fid */
3527 smb_fname, /* fname */
3528 DELETE_ACCESS, /* access_mask */
3529 (FILE_SHARE_READ | /* share_access */
3530 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
3531 FILE_OPEN, /* create_disposition*/
3532 0, /* create_options */
3533 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
3534 0, /* oplock_request */
3536 0, /* allocation_size */
3537 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
3540 &streams[i], /* result */
3543 if (!NT_STATUS_IS_OK(status)) {
3544 DEBUG(10, ("Could not open stream %s: %s\n",
3545 smb_fname_str_dbg(smb_fname),
3546 nt_errstr(status)));
3548 TALLOC_FREE(smb_fname);
3551 TALLOC_FREE(smb_fname);
3555 * don't touch the variable "status" beyond this point :-)
3558 for (i -= 1 ; i >= 0; i--) {
3559 if (streams[i] == NULL) {
3563 DEBUG(10, ("Closing stream # %d, %s\n", i,
3564 fsp_str_dbg(streams[i])));
3565 close_file(NULL, streams[i], NORMAL_CLOSE);
3573 /*********************************************************************
3574 Create a default ACL by inheriting from the parent. If no inheritance
3575 from the parent available, don't set anything. This will leave the actual
3576 permissions the new file or directory already got from the filesystem
3577 as the NT ACL when read.
3578 *********************************************************************/
3580 static NTSTATUS inherit_new_acl(files_struct *fsp)
3582 TALLOC_CTX *frame = talloc_stackframe();
3583 char *parent_name = NULL;
3584 struct security_descriptor *parent_desc = NULL;
3585 NTSTATUS status = NT_STATUS_OK;
3586 struct security_descriptor *psd = NULL;
3587 const struct dom_sid *owner_sid = NULL;
3588 const struct dom_sid *group_sid = NULL;
3589 uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
3590 struct security_token *token = fsp->conn->session_info->security_token;
3591 bool inherit_owner = lp_inherit_owner(SNUM(fsp->conn));
3592 bool inheritable_components = false;
3593 bool try_builtin_administrators = false;
3594 const struct dom_sid *BA_U_sid = NULL;
3595 const struct dom_sid *BA_G_sid = NULL;
3596 bool try_system = false;
3597 const struct dom_sid *SY_U_sid = NULL;
3598 const struct dom_sid *SY_G_sid = NULL;
3601 if (!parent_dirname(frame, fsp->fsp_name->base_name, &parent_name, NULL)) {
3603 return NT_STATUS_NO_MEMORY;
3606 status = SMB_VFS_GET_NT_ACL(fsp->conn,
3608 (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
3611 if (!NT_STATUS_IS_OK(status)) {
3616 inheritable_components = sd_has_inheritable_components(parent_desc,
3619 if (!inheritable_components && !inherit_owner) {
3621 /* Nothing to inherit and not setting owner. */
3622 return NT_STATUS_OK;
3625 /* Create an inherited descriptor from the parent. */
3627 if (DEBUGLEVEL >= 10) {
3628 DEBUG(10,("inherit_new_acl: parent acl for %s is:\n",
3629 fsp_str_dbg(fsp) ));
3630 NDR_PRINT_DEBUG(security_descriptor, parent_desc);
3633 /* Inherit from parent descriptor if "inherit owner" set. */
3634 if (inherit_owner) {
3635 owner_sid = parent_desc->owner_sid;
3636 group_sid = parent_desc->group_sid;
3639 if (owner_sid == NULL) {
3640 if (security_token_has_builtin_administrators(token)) {
3641 try_builtin_administrators = true;
3642 } else if (security_token_is_system(token)) {
3643 try_builtin_administrators = true;
3648 if (group_sid == NULL &&
3649 token->num_sids == PRIMARY_GROUP_SID_INDEX)
3651 if (security_token_is_system(token)) {
3652 try_builtin_administrators = true;
3657 if (try_builtin_administrators) {
3662 ok = sids_to_unixids(&global_sid_Builtin_Administrators, 1, &ids);
3666 BA_U_sid = &global_sid_Builtin_Administrators;
3667 BA_G_sid = &global_sid_Builtin_Administrators;
3670 BA_U_sid = &global_sid_Builtin_Administrators;
3673 BA_G_sid = &global_sid_Builtin_Administrators;
3686 ok = sids_to_unixids(&global_sid_System, 1, &ids);
3690 SY_U_sid = &global_sid_System;
3691 SY_G_sid = &global_sid_System;
3694 SY_U_sid = &global_sid_System;
3697 SY_G_sid = &global_sid_System;
3705 if (owner_sid == NULL) {
3706 owner_sid = BA_U_sid;
3709 if (owner_sid == NULL) {
3710 owner_sid = SY_U_sid;
3713 if (group_sid == NULL) {
3714 group_sid = SY_G_sid;
3717 if (try_system && group_sid == NULL) {
3718 group_sid = BA_G_sid;
3721 if (owner_sid == NULL) {
3722 owner_sid = &token->sids[PRIMARY_USER_SID_INDEX];
3724 if (group_sid == NULL) {
3725 if (token->num_sids == PRIMARY_GROUP_SID_INDEX) {
3726 group_sid = &token->sids[PRIMARY_USER_SID_INDEX];
3728 group_sid = &token->sids[PRIMARY_GROUP_SID_INDEX];
3732 status = se_create_child_secdesc(frame,
3739 if (!NT_STATUS_IS_OK(status)) {
3744 /* If inheritable_components == false,
3745 se_create_child_secdesc()
3746 creates a security desriptor with a NULL dacl
3747 entry, but with SEC_DESC_DACL_PRESENT. We need
3748 to remove that flag. */
3750 if (!inheritable_components) {
3751 security_info_sent &= ~SECINFO_DACL;
3752 psd->type &= ~SEC_DESC_DACL_PRESENT;
3755 if (DEBUGLEVEL >= 10) {
3756 DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
3757 fsp_str_dbg(fsp) ));
3758 NDR_PRINT_DEBUG(security_descriptor, psd);
3761 if (inherit_owner) {
3762 /* We need to be root to force this. */
3765 status = SMB_VFS_FSET_NT_ACL(fsp,
3768 if (inherit_owner) {
3776 * Wrapper around open_file_ntcreate and open_directory
3779 static NTSTATUS create_file_unixpath(connection_struct *conn,
3780 struct smb_request *req,
3781 struct smb_filename *smb_fname,
3782 uint32_t access_mask,
3783 uint32_t share_access,
3784 uint32_t create_disposition,
3785 uint32_t create_options,
3786 uint32_t file_attributes,
3787 uint32_t oplock_request,
3788 struct smb2_lease *lease,
3789 uint64_t allocation_size,
3790 uint32_t private_flags,
3791 struct security_descriptor *sd,
3792 struct ea_list *ea_list,
3794 files_struct **result,
3797 int info = FILE_WAS_OPENED;
3798 files_struct *base_fsp = NULL;
3799 files_struct *fsp = NULL;
3802 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
3803 "file_attributes = 0x%x, share_access = 0x%x, "
3804 "create_disposition = 0x%x create_options = 0x%x "
3805 "oplock_request = 0x%x private_flags = 0x%x "
3806 "ea_list = 0x%p, sd = 0x%p, "
3808 (unsigned int)access_mask,
3809 (unsigned int)file_attributes,
3810 (unsigned int)share_access,
3811 (unsigned int)create_disposition,
3812 (unsigned int)create_options,
3813 (unsigned int)oplock_request,
3814 (unsigned int)private_flags,
3815 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3817 if (create_options & FILE_OPEN_BY_FILE_ID) {
3818 status = NT_STATUS_NOT_SUPPORTED;
3822 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
3823 status = NT_STATUS_INVALID_PARAMETER;
3828 oplock_request |= INTERNAL_OPEN_ONLY;
3831 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3832 && (access_mask & DELETE_ACCESS)
3833 && !is_ntfs_stream_smb_fname(smb_fname)) {
3835 * We can't open a file with DELETE access if any of the
3836 * streams is open without FILE_SHARE_DELETE
3838 status = open_streams_for_delete(conn, smb_fname->base_name);
3840 if (!NT_STATUS_IS_OK(status)) {
3845 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
3846 !security_token_has_privilege(get_current_nttok(conn),
3847 SEC_PRIV_SECURITY)) {
3848 DEBUG(10, ("create_file_unixpath: open on %s "
3849 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3850 smb_fname_str_dbg(smb_fname)));
3851 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3855 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3856 && is_ntfs_stream_smb_fname(smb_fname)
3857 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
3858 uint32 base_create_disposition;
3859 struct smb_filename *smb_fname_base = NULL;
3861 if (create_options & FILE_DIRECTORY_FILE) {
3862 status = NT_STATUS_NOT_A_DIRECTORY;
3866 switch (create_disposition) {
3868 base_create_disposition = FILE_OPEN;
3871 base_create_disposition = FILE_OPEN_IF;
3875 /* Create an smb_filename with stream_name == NULL. */
3876 smb_fname_base = synthetic_smb_fname(talloc_tos(),
3877 smb_fname->base_name,
3879 if (smb_fname_base == NULL) {
3880 status = NT_STATUS_NO_MEMORY;
3884 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
3885 DEBUG(10, ("Unable to stat stream: %s\n",
3886 smb_fname_str_dbg(smb_fname_base)));
3889 * https://bugzilla.samba.org/show_bug.cgi?id=10229
3890 * We need to check if the requested access mask
3891 * could be used to open the underlying file (if
3892 * it existed), as we're passing in zero for the
3893 * access mask to the base filename.
3895 status = check_base_file_access(conn,
3899 if (!NT_STATUS_IS_OK(status)) {
3900 DEBUG(10, ("Permission check "
3901 "for base %s failed: "
3902 "%s\n", smb_fname->base_name,
3903 nt_errstr(status)));
3908 /* Open the base file. */
3909 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
3912 | FILE_SHARE_DELETE,
3913 base_create_disposition,
3914 0, 0, 0, NULL, 0, 0, NULL, NULL,
3916 TALLOC_FREE(smb_fname_base);
3918 if (!NT_STATUS_IS_OK(status)) {
3919 DEBUG(10, ("create_file_unixpath for base %s failed: "
3920 "%s\n", smb_fname->base_name,
3921 nt_errstr(status)));
3924 /* we don't need to low level fd */
3929 * If it's a request for a directory open, deal with it separately.
3932 if (create_options & FILE_DIRECTORY_FILE) {
3934 if (create_options & FILE_NON_DIRECTORY_FILE) {
3935 status = NT_STATUS_INVALID_PARAMETER;
3939 /* Can't open a temp directory. IFS kit test. */
3940 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
3941 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
3942 status = NT_STATUS_INVALID_PARAMETER;
3947 * We will get a create directory here if the Win32
3948 * app specified a security descriptor in the
3949 * CreateDirectory() call.
3953 status = open_directory(
3954 conn, req, smb_fname, access_mask, share_access,
3955 create_disposition, create_options, file_attributes,
3960 * Ordinary file case.
3963 status = file_new(req, conn, &fsp);
3964 if(!NT_STATUS_IS_OK(status)) {
3968 status = fsp_set_smb_fname(fsp, smb_fname);
3969 if (!NT_STATUS_IS_OK(status)) {
3975 * We're opening the stream element of a
3976 * base_fsp we already opened. Set up the
3979 fsp->base_fsp = base_fsp;
3982 if (allocation_size) {
3983 fsp->initial_allocation_size = smb_roundup(fsp->conn,
3987 status = open_file_ntcreate(conn,
4000 if(!NT_STATUS_IS_OK(status)) {
4001 file_free(req, fsp);
4005 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
4007 /* A stream open never opens a directory */
4010 status = NT_STATUS_FILE_IS_A_DIRECTORY;
4015 * Fail the open if it was explicitly a non-directory
4019 if (create_options & FILE_NON_DIRECTORY_FILE) {
4020 status = NT_STATUS_FILE_IS_A_DIRECTORY;
4025 status = open_directory(
4026 conn, req, smb_fname, access_mask,
4027 share_access, create_disposition,
4028 create_options, file_attributes,
4033 if (!NT_STATUS_IS_OK(status)) {
4037 fsp->base_fsp = base_fsp;
4039 if ((ea_list != NULL) &&
4040 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
4041 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
4042 if (!NT_STATUS_IS_OK(status)) {
4047 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
4048 status = NT_STATUS_ACCESS_DENIED;
4052 /* Save the requested allocation size. */
4053 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
4055 && (allocation_size > fsp->fsp_name->st.st_ex_size)) {
4056 fsp->initial_allocation_size = smb_roundup(
4057 fsp->conn, allocation_size);
4058 if (fsp->is_directory) {
4059 /* Can't set allocation size on a directory. */
4060 status = NT_STATUS_ACCESS_DENIED;
4063 if (vfs_allocate_file_space(
4064 fsp, fsp->initial_allocation_size) == -1) {
4065 status = NT_STATUS_DISK_FULL;
4069 fsp->initial_allocation_size = smb_roundup(
4070 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
4073 fsp->initial_allocation_size = 0;
4076 if ((info == FILE_WAS_CREATED) && lp_nt_acl_support(SNUM(conn)) &&
4077 fsp->base_fsp == NULL) {
4080 * According to the MS documentation, the only time the security
4081 * descriptor is applied to the opened file is iff we *created* the
4082 * file; an existing file stays the same.
4084 * Also, it seems (from observation) that you can open the file with
4085 * any access mask but you can still write the sd. We need to override
4086 * the granted access before we call set_sd
4087 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
4090 uint32_t sec_info_sent;
4091 uint32_t saved_access_mask = fsp->access_mask;
4093 sec_info_sent = get_sec_info(sd);
4095 fsp->access_mask = FILE_GENERIC_ALL;
4097 if (sec_info_sent & (SECINFO_OWNER|
4101 status = set_sd(fsp, sd, sec_info_sent);
4104 fsp->access_mask = saved_access_mask;
4106 if (!NT_STATUS_IS_OK(status)) {
4109 } else if (lp_inherit_acls(SNUM(conn))) {
4110 /* Inherit from parent. Errors here are not fatal. */
4111 status = inherit_new_acl(fsp);
4112 if (!NT_STATUS_IS_OK(status)) {
4113 DEBUG(10,("inherit_new_acl: failed for %s with %s\n",
4115 nt_errstr(status) ));
4120 if ((conn->fs_capabilities & FILE_FILE_COMPRESSION)
4121 && (create_options & FILE_NO_COMPRESSION)
4122 && (info == FILE_WAS_CREATED)) {
4123 status = SMB_VFS_SET_COMPRESSION(conn, fsp, fsp,
4124 COMPRESSION_FORMAT_NONE);
4125 if (!NT_STATUS_IS_OK(status)) {
4126 DEBUG(1, ("failed to disable compression: %s\n",
4127 nt_errstr(status)));
4131 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
4134 if (pinfo != NULL) {
4138 smb_fname->st = fsp->fsp_name->st;
4140 return NT_STATUS_OK;
4143 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
4146 if (base_fsp && fsp->base_fsp == base_fsp) {
4148 * The close_file below will close
4153 close_file(req, fsp, ERROR_CLOSE);
4156 if (base_fsp != NULL) {
4157 close_file(req, base_fsp, ERROR_CLOSE);
4164 * Calculate the full path name given a relative fid.
4166 NTSTATUS get_relative_fid_filename(connection_struct *conn,
4167 struct smb_request *req,
4168 uint16_t root_dir_fid,
4169 const struct smb_filename *smb_fname,
4170 struct smb_filename **smb_fname_out)
4172 files_struct *dir_fsp;
4173 char *parent_fname = NULL;
4174 char *new_base_name = NULL;
4177 if (root_dir_fid == 0 || !smb_fname) {
4178 status = NT_STATUS_INTERNAL_ERROR;
4182 dir_fsp = file_fsp(req, root_dir_fid);
4184 if (dir_fsp == NULL) {
4185 status = NT_STATUS_INVALID_HANDLE;
4189 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
4190 status = NT_STATUS_INVALID_HANDLE;
4194 if (!dir_fsp->is_directory) {
4197 * Check to see if this is a mac fork of some kind.
4200 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
4201 is_ntfs_stream_smb_fname(smb_fname)) {
4202 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
4207 we need to handle the case when we get a
4208 relative open relative to a file and the
4209 pathname is blank - this is a reopen!
4210 (hint from demyn plantenberg)
4213 status = NT_STATUS_INVALID_HANDLE;
4217 if (ISDOT(dir_fsp->fsp_name->base_name)) {
4219 * We're at the toplevel dir, the final file name
4220 * must not contain ./, as this is filtered out
4221 * normally by srvstr_get_path and unix_convert
4222 * explicitly rejects paths containing ./.
4224 parent_fname = talloc_strdup(talloc_tos(), "");
4225 if (parent_fname == NULL) {
4226 status = NT_STATUS_NO_MEMORY;
4230 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
4233 * Copy in the base directory name.
4236 parent_fname = talloc_array(talloc_tos(), char,
4238 if (parent_fname == NULL) {
4239 status = NT_STATUS_NO_MEMORY;
4242 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
4246 * Ensure it ends in a '/'.
4247 * We used TALLOC_SIZE +2 to add space for the '/'.
4251 && (parent_fname[dir_name_len-1] != '\\')
4252 && (parent_fname[dir_name_len-1] != '/')) {
4253 parent_fname[dir_name_len] = '/';
4254 parent_fname[dir_name_len+1] = '\0';
4258 new_base_name = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
4259 smb_fname->base_name);
4260 if (new_base_name == NULL) {
4261 status = NT_STATUS_NO_MEMORY;
4265 status = filename_convert(req,
4267 req->flags2 & FLAGS2_DFS_PATHNAMES,
4272 if (!NT_STATUS_IS_OK(status)) {
4277 TALLOC_FREE(parent_fname);
4278 TALLOC_FREE(new_base_name);
4282 NTSTATUS create_file_default(connection_struct *conn,
4283 struct smb_request *req,
4284 uint16_t root_dir_fid,
4285 struct smb_filename *smb_fname,
4286 uint32_t access_mask,
4287 uint32_t share_access,
4288 uint32_t create_disposition,
4289 uint32_t create_options,
4290 uint32_t file_attributes,
4291 uint32_t oplock_request,
4292 struct smb2_lease *lease,
4293 uint64_t allocation_size,
4294 uint32_t private_flags,
4295 struct security_descriptor *sd,
4296 struct ea_list *ea_list,
4297 files_struct **result,
4300 int info = FILE_WAS_OPENED;
4301 files_struct *fsp = NULL;
4303 bool stream_name = false;
4305 DEBUG(10,("create_file: access_mask = 0x%x "
4306 "file_attributes = 0x%x, share_access = 0x%x, "
4307 "create_disposition = 0x%x create_options = 0x%x "
4308 "oplock_request = 0x%x "
4309 "private_flags = 0x%x "
4310 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
4312 (unsigned int)access_mask,
4313 (unsigned int)file_attributes,
4314 (unsigned int)share_access,
4315 (unsigned int)create_disposition,
4316 (unsigned int)create_options,
4317 (unsigned int)oplock_request,
4318 (unsigned int)private_flags,
4319 (unsigned int)root_dir_fid,
4320 ea_list, sd, smb_fname_str_dbg(smb_fname)));
4323 * Calculate the filename from the root_dir_if if necessary.
4326 if (root_dir_fid != 0) {
4327 struct smb_filename *smb_fname_out = NULL;
4328 status = get_relative_fid_filename(conn, req, root_dir_fid,
4329 smb_fname, &smb_fname_out);
4330 if (!NT_STATUS_IS_OK(status)) {
4333 smb_fname = smb_fname_out;
4337 * Check to see if this is a mac fork of some kind.
4340 stream_name = is_ntfs_stream_smb_fname(smb_fname);
4342 enum FAKE_FILE_TYPE fake_file_type;
4344 fake_file_type = is_fake_file(smb_fname);
4346 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
4349 * Here we go! support for changing the disk quotas
4352 * We need to fake up to open this MAGIC QUOTA file
4353 * and return a valid FID.
4355 * w2k close this file directly after openening xp
4356 * also tries a QUERY_FILE_INFO on the file and then
4359 status = open_fake_file(req, conn, req->vuid,
4360 fake_file_type, smb_fname,
4362 if (!NT_STATUS_IS_OK(status)) {
4366 ZERO_STRUCT(smb_fname->st);
4370 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
4371 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
4376 if (is_ntfs_default_stream_smb_fname(smb_fname)) {
4378 smb_fname->stream_name = NULL;
4379 /* We have to handle this error here. */
4380 if (create_options & FILE_DIRECTORY_FILE) {
4381 status = NT_STATUS_NOT_A_DIRECTORY;
4384 if (lp_posix_pathnames()) {
4385 ret = SMB_VFS_LSTAT(conn, smb_fname);
4387 ret = SMB_VFS_STAT(conn, smb_fname);
4390 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) {
4391 status = NT_STATUS_FILE_IS_A_DIRECTORY;
4396 status = create_file_unixpath(
4397 conn, req, smb_fname, access_mask, share_access,
4398 create_disposition, create_options, file_attributes,
4399 oplock_request, lease, allocation_size, private_flags,
4403 if (!NT_STATUS_IS_OK(status)) {
4408 DEBUG(10, ("create_file: info=%d\n", info));
4411 if (pinfo != NULL) {
4414 return NT_STATUS_OK;
4417 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
4420 close_file(req, fsp, ERROR_CLOSE);
git.samba.org / samba.git / blob