2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/filesys.h"
25 #include "smbd/smbd.h"
26 #include "smbd/globals.h"
27 #include "fake_file.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_security.h"
30 #include "../librpc/gen_ndr/open_files.h"
35 extern const struct generic_mapping file_generic_mapping;
37 struct deferred_open_record {
38 bool delayed_for_oplocks;
43 /****************************************************************************
44 If the requester wanted DELETE_ACCESS and was rejected because
45 the file ACL didn't include DELETE_ACCESS, see if the parent ACL
47 ****************************************************************************/
49 static bool parent_override_delete(connection_struct *conn,
50 const struct smb_filename *smb_fname,
52 uint32_t rejected_mask)
54 if ((access_mask & DELETE_ACCESS) &&
55 (rejected_mask & DELETE_ACCESS) &&
56 can_delete_file_in_directory(conn, smb_fname)) {
62 /****************************************************************************
63 Check if we have open rights.
64 ****************************************************************************/
66 NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
67 const struct smb_filename *smb_fname,
71 /* Check if we have rights to open. */
73 struct security_descriptor *sd = NULL;
74 uint32_t rejected_share_access;
75 uint32_t rejected_mask = access_mask;
77 rejected_share_access = access_mask & ~(conn->share_access);
79 if (rejected_share_access) {
80 DEBUG(10, ("smbd_check_access_rights: rejected share access 0x%x "
82 (unsigned int)access_mask,
83 smb_fname_str_dbg(smb_fname),
84 (unsigned int)rejected_share_access ));
85 return NT_STATUS_ACCESS_DENIED;
88 if (!use_privs && get_current_uid(conn) == (uid_t)0) {
89 /* I'm sorry sir, I didn't know you were root... */
90 DEBUG(10,("smbd_check_access_rights: root override "
91 "on %s. Granting 0x%x\n",
92 smb_fname_str_dbg(smb_fname),
93 (unsigned int)access_mask ));
97 if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
98 DEBUG(10,("smbd_check_access_rights: not checking ACL "
99 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
100 smb_fname_str_dbg(smb_fname),
101 (unsigned int)access_mask ));
105 if (access_mask == DELETE_ACCESS &&
106 VALID_STAT(smb_fname->st) &&
107 S_ISLNK(smb_fname->st.st_ex_mode)) {
108 /* We can always delete a symlink. */
109 DEBUG(10,("smbd_check_access_rights: not checking ACL "
110 "on DELETE_ACCESS on symlink %s.\n",
111 smb_fname_str_dbg(smb_fname) ));
115 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
118 SECINFO_DACL), talloc_tos(), &sd);
120 if (!NT_STATUS_IS_OK(status)) {
121 DEBUG(10, ("smbd_check_access_rights: Could not get acl "
123 smb_fname_str_dbg(smb_fname),
126 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
134 * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes care of
135 * owner WRITE_DAC and READ_CONTROL.
137 status = se_file_access_check(sd,
138 get_current_nttok(conn),
140 (access_mask & ~FILE_READ_ATTRIBUTES),
143 DEBUG(10,("smbd_check_access_rights: file %s requesting "
144 "0x%x returning 0x%x (%s)\n",
145 smb_fname_str_dbg(smb_fname),
146 (unsigned int)access_mask,
147 (unsigned int)rejected_mask,
148 nt_errstr(status) ));
150 if (!NT_STATUS_IS_OK(status)) {
151 if (DEBUGLEVEL >= 10) {
152 DEBUG(10,("smbd_check_access_rights: acl for %s is:\n",
153 smb_fname_str_dbg(smb_fname) ));
154 NDR_PRINT_DEBUG(security_descriptor, sd);
160 if (NT_STATUS_IS_OK(status) ||
161 !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
165 /* Here we know status == NT_STATUS_ACCESS_DENIED. */
169 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
170 (rejected_mask & FILE_WRITE_ATTRIBUTES) &&
171 !lp_store_dos_attributes(SNUM(conn)) &&
172 (lp_map_readonly(SNUM(conn)) ||
173 lp_map_archive(SNUM(conn)) ||
174 lp_map_hidden(SNUM(conn)) ||
175 lp_map_system(SNUM(conn)))) {
176 rejected_mask &= ~FILE_WRITE_ATTRIBUTES;
178 DEBUG(10,("smbd_check_access_rights: "
180 "FILE_WRITE_ATTRIBUTES "
182 smb_fname_str_dbg(smb_fname)));
185 if (parent_override_delete(conn,
189 /* Were we trying to do an open
190 * for delete and didn't get DELETE
191 * access (only) ? Check if the
192 * directory allows DELETE_CHILD.
194 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
197 rejected_mask &= ~DELETE_ACCESS;
199 DEBUG(10,("smbd_check_access_rights: "
203 smb_fname_str_dbg(smb_fname)));
206 if (rejected_mask != 0) {
207 return NT_STATUS_ACCESS_DENIED;
212 static NTSTATUS check_parent_access(struct connection_struct *conn,
213 struct smb_filename *smb_fname,
214 uint32_t access_mask)
217 char *parent_dir = NULL;
218 struct security_descriptor *parent_sd = NULL;
219 uint32_t access_granted = 0;
221 if (!parent_dirname(talloc_tos(),
222 smb_fname->base_name,
225 return NT_STATUS_NO_MEMORY;
228 if (get_current_uid(conn) == (uid_t)0) {
229 /* I'm sorry sir, I didn't know you were root... */
230 DEBUG(10,("check_parent_access: root override "
231 "on %s. Granting 0x%x\n",
232 smb_fname_str_dbg(smb_fname),
233 (unsigned int)access_mask ));
237 status = SMB_VFS_GET_NT_ACL(conn,
243 if (!NT_STATUS_IS_OK(status)) {
244 DEBUG(5,("check_parent_access: SMB_VFS_GET_NT_ACL failed for "
245 "%s with error %s\n",
252 * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes care of
253 * owner WRITE_DAC and READ_CONTROL.
255 status = se_file_access_check(parent_sd,
256 get_current_nttok(conn),
258 (access_mask & ~FILE_READ_ATTRIBUTES),
260 if(!NT_STATUS_IS_OK(status)) {
261 DEBUG(5,("check_parent_access: access check "
262 "on directory %s for "
263 "path %s for mask 0x%x returned (0x%x) %s\n",
265 smb_fname->base_name,
268 nt_errstr(status) ));
275 /****************************************************************************
276 fd support routines - attempt to do a dos_open.
277 ****************************************************************************/
279 NTSTATUS fd_open(struct connection_struct *conn,
284 struct smb_filename *smb_fname = fsp->fsp_name;
285 NTSTATUS status = NT_STATUS_OK;
289 * Never follow symlinks on a POSIX client. The
290 * client should be doing this.
293 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
298 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
299 if (fsp->fh->fd == -1) {
300 int posix_errno = errno;
302 #if defined(ENOTSUP) && defined(OSF1)
303 /* handle special Tru64 errno */
304 if (errno == ENOTSUP) {
309 /* fix broken NetBSD errno */
310 if (errno == EFTYPE) {
314 /* fix broken FreeBSD errno */
315 if (errno == EMLINK) {
318 #endif /* O_NOFOLLOW */
319 status = map_nt_error_from_unix(posix_errno);
320 if (errno == EMFILE) {
321 static time_t last_warned = 0L;
323 if (time((time_t *) NULL) > last_warned) {
324 DEBUG(0,("Too many open files, unable "
325 "to open more! smbd's max "
327 lp_max_open_files()));
328 last_warned = time((time_t *) NULL);
334 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
335 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
336 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
341 /****************************************************************************
342 Close the file associated with a fsp.
343 ****************************************************************************/
345 NTSTATUS fd_close(files_struct *fsp)
352 if (fsp->fh->fd == -1) {
353 return NT_STATUS_OK; /* What we used to call a stat open. */
355 if (fsp->fh->ref_count > 1) {
356 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
359 ret = SMB_VFS_CLOSE(fsp);
362 return map_nt_error_from_unix(errno);
367 /****************************************************************************
368 Change the ownership of a file to that of the parent directory.
369 Do this by fd if possible.
370 ****************************************************************************/
372 void change_file_owner_to_parent(connection_struct *conn,
373 const char *inherit_from_dir,
376 struct smb_filename *smb_fname_parent = NULL;
380 status = create_synthetic_smb_fname(talloc_tos(), inherit_from_dir,
381 NULL, NULL, &smb_fname_parent);
382 if (!NT_STATUS_IS_OK(status)) {
386 ret = SMB_VFS_STAT(conn, smb_fname_parent);
388 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
389 "directory %s. Error was %s\n",
390 smb_fname_str_dbg(smb_fname_parent),
392 TALLOC_FREE(smb_fname_parent);
396 if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
397 /* Already this uid - no need to change. */
398 DEBUG(10,("change_file_owner_to_parent: file %s "
399 "is already owned by uid %d\n",
401 (int)fsp->fsp_name->st.st_ex_uid ));
402 TALLOC_FREE(smb_fname_parent);
407 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
410 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
411 "file %s to parent directory uid %u. Error "
412 "was %s\n", fsp_str_dbg(fsp),
413 (unsigned int)smb_fname_parent->st.st_ex_uid,
416 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
417 "parent directory uid %u.\n", fsp_str_dbg(fsp),
418 (unsigned int)smb_fname_parent->st.st_ex_uid));
419 /* Ensure the uid entry is updated. */
420 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
423 TALLOC_FREE(smb_fname_parent);
426 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
427 const char *inherit_from_dir,
429 SMB_STRUCT_STAT *psbuf)
431 struct smb_filename *smb_fname_parent = NULL;
432 struct smb_filename *smb_fname_cwd = NULL;
433 char *saved_dir = NULL;
434 TALLOC_CTX *ctx = talloc_tos();
435 NTSTATUS status = NT_STATUS_OK;
438 status = create_synthetic_smb_fname(ctx, inherit_from_dir, NULL, NULL,
440 if (!NT_STATUS_IS_OK(status)) {
444 ret = SMB_VFS_STAT(conn, smb_fname_parent);
446 status = map_nt_error_from_unix(errno);
447 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
448 "directory %s. Error was %s\n",
449 smb_fname_str_dbg(smb_fname_parent),
454 /* We've already done an lstat into psbuf, and we know it's a
455 directory. If we can cd into the directory and the dev/ino
456 are the same then we can safely chown without races as
457 we're locking the directory in place by being in it. This
458 should work on any UNIX (thanks tridge :-). JRA.
461 saved_dir = vfs_GetWd(ctx,conn);
463 status = map_nt_error_from_unix(errno);
464 DEBUG(0,("change_dir_owner_to_parent: failed to get "
465 "current working directory. Error was %s\n",
470 /* Chdir into the new path. */
471 if (vfs_ChDir(conn, fname) == -1) {
472 status = map_nt_error_from_unix(errno);
473 DEBUG(0,("change_dir_owner_to_parent: failed to change "
474 "current working directory to %s. Error "
475 "was %s\n", fname, strerror(errno) ));
479 status = create_synthetic_smb_fname(ctx, ".", NULL, NULL,
481 if (!NT_STATUS_IS_OK(status)) {
485 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
487 status = map_nt_error_from_unix(errno);
488 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
489 "directory '.' (%s) Error was %s\n",
490 fname, strerror(errno)));
494 /* Ensure we're pointing at the same place. */
495 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
496 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
497 DEBUG(0,("change_dir_owner_to_parent: "
498 "device/inode on directory %s changed. "
499 "Refusing to chown !\n", fname ));
500 status = NT_STATUS_ACCESS_DENIED;
504 if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
505 /* Already this uid - no need to change. */
506 DEBUG(10,("change_dir_owner_to_parent: directory %s "
507 "is already owned by uid %d\n",
509 (int)smb_fname_cwd->st.st_ex_uid ));
510 status = NT_STATUS_OK;
515 ret = SMB_VFS_LCHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
519 status = map_nt_error_from_unix(errno);
520 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
521 "directory %s to parent directory uid %u. "
522 "Error was %s\n", fname,
523 (unsigned int)smb_fname_parent->st.st_ex_uid,
526 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
527 "directory %s to parent directory uid %u.\n",
528 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
529 /* Ensure the uid entry is updated. */
530 psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid;
534 vfs_ChDir(conn,saved_dir);
536 TALLOC_FREE(smb_fname_parent);
537 TALLOC_FREE(smb_fname_cwd);
541 /****************************************************************************
542 Open a file - returning a guaranteed ATOMIC indication of if the
543 file was created or not.
544 ****************************************************************************/
546 static NTSTATUS fd_open_atomic(struct connection_struct *conn,
552 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
553 bool file_existed = VALID_STAT(fsp->fsp_name->st);
555 *file_created = false;
557 if (!(flags & O_CREAT)) {
559 * We're not creating the file, just pass through.
561 return fd_open(conn, fsp, flags, mode);
564 if (flags & O_EXCL) {
566 * Fail if already exists, just pass through.
568 status = fd_open(conn, fsp, flags, mode);
571 * Here we've opened with O_CREAT|O_EXCL. If that went
572 * NT_STATUS_OK, we *know* we created this file.
574 *file_created = NT_STATUS_IS_OK(status);
580 * Now it gets tricky. We have O_CREAT, but not O_EXCL.
581 * To know absolutely if we created the file or not,
582 * we can never call O_CREAT without O_EXCL. So if
583 * we think the file existed, try without O_CREAT|O_EXCL.
584 * If we think the file didn't exist, try with
585 * O_CREAT|O_EXCL. Keep bouncing between these two
586 * requests until either the file is created, or
587 * opened. Either way, we keep going until we get
588 * a returnable result (error, or open/create).
592 int curr_flags = flags;
595 /* Just try open, do not create. */
596 curr_flags &= ~(O_CREAT);
597 status = fd_open(conn, fsp, curr_flags, mode);
598 if (NT_STATUS_EQUAL(status,
599 NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
601 * Someone deleted it in the meantime.
604 file_existed = false;
605 DEBUG(10,("fd_open_atomic: file %s existed. "
607 smb_fname_str_dbg(fsp->fsp_name)));
611 /* Try create exclusively, fail if it exists. */
612 curr_flags |= O_EXCL;
613 status = fd_open(conn, fsp, curr_flags, mode);
614 if (NT_STATUS_EQUAL(status,
615 NT_STATUS_OBJECT_NAME_COLLISION)) {
617 * Someone created it in the meantime.
618 * Retry without O_CREAT.
621 DEBUG(10,("fd_open_atomic: file %s "
622 "did not exist. Retry.\n",
623 smb_fname_str_dbg(fsp->fsp_name)));
626 if (NT_STATUS_IS_OK(status)) {
628 * Here we've opened with O_CREAT|O_EXCL
629 * and got success. We *know* we created
632 *file_created = true;
635 /* Create is done, or failed. */
641 /****************************************************************************
643 ****************************************************************************/
645 static NTSTATUS open_file(files_struct *fsp,
646 connection_struct *conn,
647 struct smb_request *req,
648 const char *parent_dir,
651 uint32 access_mask, /* client requested access mask. */
652 uint32 open_access_mask, /* what we're actually using in the open. */
653 bool *p_file_created)
655 struct smb_filename *smb_fname = fsp->fsp_name;
656 NTSTATUS status = NT_STATUS_OK;
657 int accmode = (flags & O_ACCMODE);
658 int local_flags = flags;
659 bool file_existed = VALID_STAT(fsp->fsp_name->st);
664 /* Check permissions */
667 * This code was changed after seeing a client open request
668 * containing the open mode of (DENY_WRITE/read-only) with
669 * the 'create if not exist' bit set. The previous code
670 * would fail to open the file read only on a read-only share
671 * as it was checking the flags parameter directly against O_RDONLY,
672 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
676 if (!CAN_WRITE(conn)) {
677 /* It's a read-only share - fail if we wanted to write. */
678 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
679 DEBUG(3,("Permission denied opening %s\n",
680 smb_fname_str_dbg(smb_fname)));
681 return NT_STATUS_ACCESS_DENIED;
683 if (flags & O_CREAT) {
684 /* We don't want to write - but we must make sure that
685 O_CREAT doesn't create the file if we have write
686 access into the directory.
688 flags &= ~(O_CREAT|O_EXCL);
689 local_flags &= ~(O_CREAT|O_EXCL);
694 * This little piece of insanity is inspired by the
695 * fact that an NT client can open a file for O_RDONLY,
696 * but set the create disposition to FILE_EXISTS_TRUNCATE.
697 * If the client *can* write to the file, then it expects to
698 * truncate the file, even though it is opening for readonly.
699 * Quicken uses this stupid trick in backup file creation...
700 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
701 * for helping track this one down. It didn't bite us in 2.0.x
702 * as we always opened files read-write in that release. JRA.
705 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
706 DEBUG(10,("open_file: truncate requested on read-only open "
707 "for file %s\n", smb_fname_str_dbg(smb_fname)));
708 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
711 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
712 (!file_existed && (local_flags & O_CREAT)) ||
713 ((local_flags & O_TRUNC) == O_TRUNC) ) {
717 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
719 * We would block on opening a FIFO with no one else on the
720 * other end. Do what we used to do and add O_NONBLOCK to the
724 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
725 local_flags &= ~O_TRUNC; /* Can't truncate a FIFO. */
726 local_flags |= O_NONBLOCK;
730 /* Don't create files with Microsoft wildcard characters. */
733 * wildcard characters are allowed in stream names
734 * only test the basefilename
736 wild = fsp->base_fsp->fsp_name->base_name;
738 wild = smb_fname->base_name;
740 if ((local_flags & O_CREAT) && !file_existed &&
742 return NT_STATUS_OBJECT_NAME_INVALID;
745 /* Can we access this file ? */
746 if (!fsp->base_fsp) {
747 /* Only do this check on non-stream open. */
749 status = smbd_check_access_rights(conn,
753 } else if (local_flags & O_CREAT){
754 status = check_parent_access(conn,
758 /* File didn't exist and no O_CREAT. */
759 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
761 if (!NT_STATUS_IS_OK(status)) {
762 DEBUG(10,("open_file: "
766 "smbd_check_access_rights" :
767 "check_parent_access",
768 smb_fname_str_dbg(smb_fname),
769 nt_errstr(status) ));
774 /* Actually do the open */
775 status = fd_open_atomic(conn, fsp, local_flags,
776 unx_mode, p_file_created);
777 if (!NT_STATUS_IS_OK(status)) {
778 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
779 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
780 nt_errstr(status),local_flags,flags));
784 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
786 /* If we have an fd, this stat should succeed. */
787 DEBUG(0,("Error doing fstat on open file %s "
789 smb_fname_str_dbg(smb_fname),
791 status = map_nt_error_from_unix(errno);
796 if (*p_file_created) {
797 /* We created this file. */
799 bool need_re_stat = false;
800 /* Do all inheritance work after we've
801 done a successful fstat call and filled
802 in the stat struct in fsp->fsp_name. */
804 /* Inherit the ACL if required */
805 if (lp_inherit_perms(SNUM(conn))) {
806 inherit_access_posix_acl(conn, parent_dir,
807 smb_fname->base_name,
812 /* Change the owner if required. */
813 if (lp_inherit_owner(SNUM(conn))) {
814 change_file_owner_to_parent(conn, parent_dir,
820 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
821 /* If we have an fd, this stat should succeed. */
823 DEBUG(0,("Error doing fstat on open file %s "
825 smb_fname_str_dbg(smb_fname),
830 notify_fname(conn, NOTIFY_ACTION_ADDED,
831 FILE_NOTIFY_CHANGE_FILE_NAME,
832 smb_fname->base_name);
835 fsp->fh->fd = -1; /* What we used to call a stat open. */
837 /* File must exist for a stat open. */
838 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
841 status = smbd_check_access_rights(conn,
846 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
848 S_ISLNK(smb_fname->st.st_ex_mode)) {
849 /* This is a POSIX stat open for delete
850 * or rename on a symlink that points
852 DEBUG(10,("open_file: allowing POSIX "
853 "open on bad symlink %s\n",
854 smb_fname_str_dbg(smb_fname)));
855 status = NT_STATUS_OK;
858 if (!NT_STATUS_IS_OK(status)) {
859 DEBUG(10,("open_file: "
860 "smbd_check_access_rights on file "
862 smb_fname_str_dbg(smb_fname),
863 nt_errstr(status) ));
869 * POSIX allows read-only opens of directories. We don't
870 * want to do this (we use a different code path for this)
871 * so catch a directory open and return an EISDIR. JRA.
874 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
877 return NT_STATUS_FILE_IS_A_DIRECTORY;
880 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
881 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
882 fsp->file_pid = req ? req->smbpid : 0;
883 fsp->can_lock = True;
884 fsp->can_read = ((access_mask & FILE_READ_DATA) != 0);
887 ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) != 0);
888 fsp->print_file = NULL;
889 fsp->modified = False;
890 fsp->sent_oplock_break = NO_BREAK_SENT;
891 fsp->is_directory = False;
892 if (conn->aio_write_behind_list &&
893 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
894 conn->case_sensitive)) {
895 fsp->aio_write_behind = True;
898 fsp->wcp = NULL; /* Write cache pointer. */
900 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
901 conn->session_info->unix_info->unix_name,
902 smb_fname_str_dbg(smb_fname),
903 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
904 conn->num_files_open));
910 /****************************************************************************
911 Check if we can open a file with a share mode.
912 Returns True if conflict, False if not.
913 ****************************************************************************/
915 static bool share_conflict(struct share_mode_entry *entry,
919 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
920 "entry->share_access = 0x%x, "
921 "entry->private_options = 0x%x\n",
922 (unsigned int)entry->access_mask,
923 (unsigned int)entry->share_access,
924 (unsigned int)entry->private_options));
926 if (server_id_is_disconnected(&entry->pid)) {
928 * note: cleanup should have been done by
929 * delay_for_batch_oplocks()
934 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
935 (unsigned int)access_mask, (unsigned int)share_access));
937 if ((entry->access_mask & (FILE_WRITE_DATA|
941 DELETE_ACCESS)) == 0) {
942 DEBUG(10,("share_conflict: No conflict due to "
943 "entry->access_mask = 0x%x\n",
944 (unsigned int)entry->access_mask ));
948 if ((access_mask & (FILE_WRITE_DATA|
952 DELETE_ACCESS)) == 0) {
953 DEBUG(10,("share_conflict: No conflict due to "
954 "access_mask = 0x%x\n",
955 (unsigned int)access_mask ));
959 #if 1 /* JRA TEST - Superdebug. */
960 #define CHECK_MASK(num, am, right, sa, share) \
961 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
962 (unsigned int)(num), (unsigned int)(am), \
963 (unsigned int)(right), (unsigned int)(am)&(right) )); \
964 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
965 (unsigned int)(num), (unsigned int)(sa), \
966 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
967 if (((am) & (right)) && !((sa) & (share))) { \
968 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
969 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
970 (unsigned int)(share) )); \
974 #define CHECK_MASK(num, am, right, sa, share) \
975 if (((am) & (right)) && !((sa) & (share))) { \
976 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
977 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
978 (unsigned int)(share) )); \
983 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
984 share_access, FILE_SHARE_WRITE);
985 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
986 entry->share_access, FILE_SHARE_WRITE);
988 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
989 share_access, FILE_SHARE_READ);
990 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
991 entry->share_access, FILE_SHARE_READ);
993 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
994 share_access, FILE_SHARE_DELETE);
995 CHECK_MASK(6, access_mask, DELETE_ACCESS,
996 entry->share_access, FILE_SHARE_DELETE);
998 DEBUG(10,("share_conflict: No conflict.\n"));
1002 #if defined(DEVELOPER)
1003 static void validate_my_share_entries(struct smbd_server_connection *sconn,
1005 struct share_mode_entry *share_entry)
1007 struct server_id self = messaging_server_id(sconn->msg_ctx);
1010 if (!serverid_equal(&self, &share_entry->pid)) {
1014 if (is_deferred_open_entry(share_entry) &&
1015 !open_was_deferred(sconn, share_entry->op_mid)) {
1016 char *str = talloc_asprintf(talloc_tos(),
1017 "Got a deferred entry without a request: "
1019 share_mode_str(talloc_tos(), num, share_entry));
1023 if (!is_valid_share_mode_entry(share_entry)) {
1027 fsp = file_find_dif(sconn, share_entry->id,
1028 share_entry->share_file_id);
1030 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
1031 share_mode_str(talloc_tos(), num, share_entry) ));
1032 smb_panic("validate_my_share_entries: Cannot match a "
1033 "share entry with an open file\n");
1036 if (is_deferred_open_entry(share_entry)) {
1040 if ((share_entry->op_type == NO_OPLOCK) &&
1041 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
1042 /* Someone has already written to it, but I haven't yet
1047 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
1056 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
1057 share_mode_str(talloc_tos(), num, share_entry) ));
1058 str = talloc_asprintf(talloc_tos(),
1059 "validate_my_share_entries: "
1060 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
1061 fsp->fsp_name->base_name,
1062 (unsigned int)fsp->oplock_type,
1063 (unsigned int)share_entry->op_type );
1069 bool is_stat_open(uint32 access_mask)
1071 const uint32_t stat_open_bits =
1072 (SYNCHRONIZE_ACCESS|
1073 FILE_READ_ATTRIBUTES|
1074 FILE_WRITE_ATTRIBUTES);
1076 return (((access_mask & stat_open_bits) != 0) &&
1077 ((access_mask & ~stat_open_bits) == 0));
1080 /****************************************************************************
1081 Deal with share modes
1082 Invarient: Share mode must be locked on entry and exit.
1083 Returns -1 on error, or number of share modes on success (may be zero).
1084 ****************************************************************************/
1086 static NTSTATUS open_mode_check(connection_struct *conn,
1087 struct share_mode_lock *lck,
1090 uint32 share_access,
1091 uint32 create_options,
1096 if(lck->data->num_share_modes == 0) {
1097 return NT_STATUS_OK;
1100 /* A delete on close prohibits everything */
1102 if (is_delete_on_close_set(lck, name_hash)) {
1104 * Check the delete on close token
1105 * is valid. It could have been left
1106 * after a server crash.
1108 for(i = 0; i < lck->data->num_share_modes; i++) {
1109 if (!share_mode_stale_pid(lck->data, i)) {
1111 *file_existed = true;
1113 return NT_STATUS_DELETE_PENDING;
1116 return NT_STATUS_OK;
1119 if (is_stat_open(access_mask)) {
1120 /* Stat open that doesn't trigger oplock breaks or share mode
1121 * checks... ! JRA. */
1122 return NT_STATUS_OK;
1126 * Check if the share modes will give us access.
1129 #if defined(DEVELOPER)
1130 for(i = 0; i < lck->data->num_share_modes; i++) {
1131 validate_my_share_entries(conn->sconn, i,
1132 &lck->data->share_modes[i]);
1136 /* Now we check the share modes, after any oplock breaks. */
1137 for(i = 0; i < lck->data->num_share_modes; i++) {
1139 if (!is_valid_share_mode_entry(&lck->data->share_modes[i])) {
1143 /* someone else has a share lock on it, check to see if we can
1145 if (share_conflict(&lck->data->share_modes[i],
1146 access_mask, share_access)) {
1148 if (share_mode_stale_pid(lck->data, i)) {
1152 *file_existed = true;
1154 return NT_STATUS_SHARING_VIOLATION;
1158 if (lck->data->num_share_modes != 0) {
1159 *file_existed = true;
1162 return NT_STATUS_OK;
1166 * Send a break message to the oplock holder and delay the open for
1170 static NTSTATUS send_break_message(files_struct *fsp,
1171 struct share_mode_entry *exclusive,
1176 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
1178 DEBUG(10, ("Sending break request to PID %s\n",
1179 procid_str_static(&exclusive->pid)));
1180 exclusive->op_mid = mid;
1182 /* Create the message. */
1183 share_mode_entry_to_message(msg, exclusive);
1185 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
1186 don't want this set in the share mode struct pointed to by lck. */
1188 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
1189 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET,
1190 exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
1193 status = messaging_send_buf(fsp->conn->sconn->msg_ctx, exclusive->pid,
1194 MSG_SMB_BREAK_REQUEST,
1196 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
1197 if (!NT_STATUS_IS_OK(status)) {
1198 DEBUG(3, ("Could not send oplock break message: %s\n",
1199 nt_errstr(status)));
1206 * Return share_mode_entry pointers for :
1207 * 1). Batch oplock entry.
1208 * 2). Batch or exclusive oplock entry (may be identical to #1).
1209 * bool have_level2_oplock
1210 * bool have_no_oplock.
1211 * Do internal consistency checks on the share mode for a file.
1214 static void find_oplock_types(files_struct *fsp,
1216 const struct share_mode_lock *lck,
1217 struct share_mode_entry **pp_batch,
1218 struct share_mode_entry **pp_ex_or_batch,
1220 bool *got_no_oplock)
1225 *pp_ex_or_batch = NULL;
1226 *got_level2 = false;
1227 *got_no_oplock = false;
1229 /* Ignore stat or internal opens, as is done in
1230 delay_for_batch_oplocks() and
1231 delay_for_exclusive_oplocks().
1233 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1237 for (i=0; i<lck->data->num_share_modes; i++) {
1238 if (!is_valid_share_mode_entry(&lck->data->share_modes[i])) {
1242 if (lck->data->share_modes[i].op_type == NO_OPLOCK &&
1243 is_stat_open(lck->data->share_modes[i].access_mask)) {
1244 /* We ignore stat opens in the table - they
1245 always have NO_OPLOCK and never get or
1246 cause breaks. JRA. */
1250 if (BATCH_OPLOCK_TYPE(lck->data->share_modes[i].op_type)) {
1251 /* batch - can only be one. */
1252 if (share_mode_stale_pid(lck->data, i)) {
1253 DEBUG(10, ("Found stale batch oplock\n"));
1256 if (*pp_ex_or_batch || *pp_batch || *got_level2 || *got_no_oplock) {
1257 smb_panic("Bad batch oplock entry.");
1259 *pp_batch = &lck->data->share_modes[i];
1262 if (EXCLUSIVE_OPLOCK_TYPE(lck->data->share_modes[i].op_type)) {
1263 if (share_mode_stale_pid(lck->data, i)) {
1264 DEBUG(10, ("Found stale duplicate oplock\n"));
1267 /* Exclusive or batch - can only be one. */
1268 if (*pp_ex_or_batch || *got_level2 || *got_no_oplock) {
1269 smb_panic("Bad exclusive or batch oplock entry.");
1271 *pp_ex_or_batch = &lck->data->share_modes[i];
1274 if (LEVEL_II_OPLOCK_TYPE(lck->data->share_modes[i].op_type)) {
1275 if (*pp_batch || *pp_ex_or_batch) {
1276 if (share_mode_stale_pid(lck->data, i)) {
1277 DEBUG(10, ("Found stale LevelII "
1281 smb_panic("Bad levelII oplock entry.");
1286 if (lck->data->share_modes[i].op_type == NO_OPLOCK) {
1287 if (*pp_batch || *pp_ex_or_batch) {
1288 if (share_mode_stale_pid(lck->data, i)) {
1289 DEBUG(10, ("Found stale NO_OPLOCK "
1293 smb_panic("Bad no oplock entry.");
1295 *got_no_oplock = true;
1300 static bool delay_for_batch_oplocks(files_struct *fsp,
1303 struct share_mode_entry *batch_entry)
1305 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1308 if (batch_entry == NULL) {
1312 if (server_id_is_disconnected(&batch_entry->pid)) {
1315 * This could be achieved by sending a break message
1316 * to ourselves. Special considerations for files
1317 * with delete_on_close flag set!
1319 * For now we keep it simple and do not
1320 * allow delete on close for durable handles.
1325 /* Found a batch oplock */
1326 send_break_message(fsp, batch_entry, mid, oplock_request);
1330 static bool delay_for_exclusive_oplocks(files_struct *fsp,
1333 struct share_mode_entry *ex_entry)
1335 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1338 if (ex_entry == NULL) {
1342 if (server_id_is_disconnected(&ex_entry->pid)) {
1344 * since only durable handles can get disconnected,
1345 * and we can only get durable handles with batch oplocks,
1346 * this should actually never be reached...
1351 send_break_message(fsp, ex_entry, mid, oplock_request);
1355 static bool file_has_brlocks(files_struct *fsp)
1357 struct byte_range_lock *br_lck;
1359 br_lck = brl_get_locks_readonly(fsp);
1363 return br_lck->num_locks > 0 ? true : false;
1366 static void grant_fsp_oplock_type(files_struct *fsp,
1368 bool got_level2_oplock,
1369 bool got_a_none_oplock)
1371 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
1372 lp_level2_oplocks(SNUM(fsp->conn));
1374 /* Start by granting what the client asked for,
1375 but ensure no SAMBA_PRIVATE bits can be set. */
1376 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1378 if (oplock_request & INTERNAL_OPEN_ONLY) {
1379 /* No oplocks on internal open. */
1380 fsp->oplock_type = NO_OPLOCK;
1381 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1382 fsp->oplock_type, fsp_str_dbg(fsp)));
1386 if (lp_locking(fsp->conn->params) && file_has_brlocks(fsp)) {
1387 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
1389 fsp->oplock_type = NO_OPLOCK;
1392 if (is_stat_open(fsp->access_mask)) {
1393 /* Leave the value already set. */
1394 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1395 fsp->oplock_type, fsp_str_dbg(fsp)));
1400 * Match what was requested (fsp->oplock_type) with
1401 * what was found in the existing share modes.
1404 if (got_a_none_oplock) {
1405 fsp->oplock_type = NO_OPLOCK;
1406 } else if (got_level2_oplock) {
1407 if (fsp->oplock_type == NO_OPLOCK ||
1408 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
1409 /* Store a level2 oplock, but don't tell the client */
1410 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1412 fsp->oplock_type = LEVEL_II_OPLOCK;
1415 /* All share_mode_entries are placeholders or deferred.
1416 * Silently upgrade to fake levelII if the client didn't
1417 * ask for an oplock. */
1418 if (fsp->oplock_type == NO_OPLOCK) {
1419 /* Store a level2 oplock, but don't tell the client */
1420 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1425 * Don't grant level2 to clients that don't want them
1426 * or if we've turned them off.
1428 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1429 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1432 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1433 fsp->oplock_type, fsp_str_dbg(fsp)));
1436 static bool request_timed_out(struct timeval request_time,
1437 struct timeval timeout)
1439 struct timeval now, end_time;
1441 end_time = timeval_sum(&request_time, &timeout);
1442 return (timeval_compare(&end_time, &now) < 0);
1445 /****************************************************************************
1446 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1447 ****************************************************************************/
1449 static void defer_open(struct share_mode_lock *lck,
1450 struct timeval request_time,
1451 struct timeval timeout,
1452 struct smb_request *req,
1453 struct deferred_open_record *state)
1455 struct server_id self = messaging_server_id(req->sconn->msg_ctx);
1457 /* Paranoia check */
1462 for (i=0; i<lck->data->num_share_modes; i++) {
1463 struct share_mode_entry *e = &lck->data->share_modes[i];
1465 if (is_deferred_open_entry(e) &&
1466 serverid_equal(&self, &e->pid) &&
1467 (e->op_mid == req->mid)) {
1468 DEBUG(0, ("Trying to defer an already deferred "
1469 "request: mid=%llu, exiting\n",
1470 (unsigned long long)req->mid));
1472 exit_server("attempt to defer a deferred request");
1477 /* End paranoia check */
1479 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1480 "open entry for mid %llu\n",
1481 (unsigned int)request_time.tv_sec,
1482 (unsigned int)request_time.tv_usec,
1483 (unsigned long long)req->mid));
1485 if (!push_deferred_open_message_smb(req, request_time, timeout,
1486 state->id, (char *)state, sizeof(*state))) {
1488 exit_server("push_deferred_open_message_smb failed");
1491 add_deferred_open(lck, req->mid, request_time, self, state->id);
1496 /****************************************************************************
1497 On overwrite open ensure that the attributes match.
1498 ****************************************************************************/
1500 static bool open_match_attributes(connection_struct *conn,
1501 uint32 old_dos_attr,
1502 uint32 new_dos_attr,
1503 mode_t existing_unx_mode,
1504 mode_t new_unx_mode,
1505 mode_t *returned_unx_mode)
1507 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1509 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1510 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1512 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1513 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1514 *returned_unx_mode = new_unx_mode;
1516 *returned_unx_mode = (mode_t)0;
1519 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1520 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1521 "returned_unx_mode = 0%o\n",
1522 (unsigned int)old_dos_attr,
1523 (unsigned int)existing_unx_mode,
1524 (unsigned int)new_dos_attr,
1525 (unsigned int)*returned_unx_mode ));
1527 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1528 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1529 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1530 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1534 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1535 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1536 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1543 /****************************************************************************
1544 Special FCB or DOS processing in the case of a sharing violation.
1545 Try and find a duplicated file handle.
1546 ****************************************************************************/
1548 static NTSTATUS fcb_or_dos_open(struct smb_request *req,
1549 connection_struct *conn,
1550 files_struct *fsp_to_dup_into,
1551 const struct smb_filename *smb_fname,
1556 uint32 share_access,
1557 uint32 create_options)
1561 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1562 "file %s.\n", smb_fname_str_dbg(smb_fname)));
1564 for(fsp = file_find_di_first(conn->sconn, id); fsp;
1565 fsp = file_find_di_next(fsp)) {
1567 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1568 "vuid = %llu, file_pid = %u, private_options = 0x%x "
1569 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1570 fsp->fh->fd, (unsigned long long)fsp->vuid,
1571 (unsigned int)fsp->file_pid,
1572 (unsigned int)fsp->fh->private_options,
1573 (unsigned int)fsp->access_mask ));
1575 if (fsp != fsp_to_dup_into &&
1576 fsp->fh->fd != -1 &&
1577 fsp->vuid == vuid &&
1578 fsp->file_pid == file_pid &&
1579 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1580 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1581 (fsp->access_mask & FILE_WRITE_DATA) &&
1582 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1583 strequal(fsp->fsp_name->stream_name,
1584 smb_fname->stream_name)) {
1585 DEBUG(10,("fcb_or_dos_open: file match\n"));
1591 return NT_STATUS_NOT_FOUND;
1594 /* quite an insane set of semantics ... */
1595 if (is_executable(smb_fname->base_name) &&
1596 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1597 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1598 return NT_STATUS_INVALID_PARAMETER;
1601 /* We need to duplicate this fsp. */
1602 return dup_file_fsp(req, fsp, access_mask, share_access,
1603 create_options, fsp_to_dup_into);
1606 static void schedule_defer_open(struct share_mode_lock *lck,
1607 struct timeval request_time,
1608 struct smb_request *req)
1610 struct deferred_open_record state;
1612 /* This is a relative time, added to the absolute
1613 request_time value to get the absolute timeout time.
1614 Note that if this is the second or greater time we enter
1615 this codepath for this particular request mid then
1616 request_time is left as the absolute time of the *first*
1617 time this request mid was processed. This is what allows
1618 the request to eventually time out. */
1620 struct timeval timeout;
1622 /* Normally the smbd we asked should respond within
1623 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1624 * the client did, give twice the timeout as a safety
1625 * measure here in case the other smbd is stuck
1626 * somewhere else. */
1628 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1630 /* Nothing actually uses state.delayed_for_oplocks
1631 but it's handy to differentiate in debug messages
1632 between a 30 second delay due to oplock break, and
1633 a 1 second delay for share mode conflicts. */
1635 state.delayed_for_oplocks = True;
1636 state.async_open = false;
1637 state.id = lck->data->id;
1639 if (!request_timed_out(request_time, timeout)) {
1640 defer_open(lck, request_time, timeout, req, &state);
1644 /****************************************************************************
1645 Reschedule an open call that went asynchronous.
1646 ****************************************************************************/
1648 static void schedule_async_open(struct timeval request_time,
1649 struct smb_request *req)
1651 struct deferred_open_record state;
1652 struct timeval timeout;
1654 timeout = timeval_set(20, 0);
1657 state.delayed_for_oplocks = false;
1658 state.async_open = true;
1660 if (!request_timed_out(request_time, timeout)) {
1661 defer_open(NULL, request_time, timeout, req, &state);
1665 /****************************************************************************
1666 Work out what access_mask to use from what the client sent us.
1667 ****************************************************************************/
1669 static NTSTATUS smbd_calculate_maximum_allowed_access(
1670 connection_struct *conn,
1671 const struct smb_filename *smb_fname,
1673 uint32_t *p_access_mask)
1675 struct security_descriptor *sd;
1676 uint32_t access_granted;
1679 if (!use_privs && (get_current_uid(conn) == (uid_t)0)) {
1680 *p_access_mask |= FILE_GENERIC_ALL;
1681 return NT_STATUS_OK;
1684 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1690 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1692 * File did not exist
1694 *p_access_mask = FILE_GENERIC_ALL;
1695 return NT_STATUS_OK;
1697 if (!NT_STATUS_IS_OK(status)) {
1698 DEBUG(10,("Could not get acl on file %s: %s\n",
1699 smb_fname_str_dbg(smb_fname),
1700 nt_errstr(status)));
1701 return NT_STATUS_ACCESS_DENIED;
1705 * Never test FILE_READ_ATTRIBUTES. se_file_access_check()
1706 * also takes care of owner WRITE_DAC and READ_CONTROL.
1708 status = se_file_access_check(sd,
1709 get_current_nttok(conn),
1711 (*p_access_mask & ~FILE_READ_ATTRIBUTES),
1716 if (!NT_STATUS_IS_OK(status)) {
1717 DEBUG(10, ("Access denied on file %s: "
1718 "when calculating maximum access\n",
1719 smb_fname_str_dbg(smb_fname)));
1720 return NT_STATUS_ACCESS_DENIED;
1722 *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
1724 if (!(access_granted & DELETE_ACCESS)) {
1725 if (can_delete_file_in_directory(conn, smb_fname)) {
1726 *p_access_mask |= DELETE_ACCESS;
1730 return NT_STATUS_OK;
1733 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
1734 const struct smb_filename *smb_fname,
1736 uint32_t access_mask,
1737 uint32_t *access_mask_out)
1740 uint32_t orig_access_mask = access_mask;
1741 uint32_t rejected_share_access;
1744 * Convert GENERIC bits to specific bits.
1747 se_map_generic(&access_mask, &file_generic_mapping);
1749 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1750 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1752 status = smbd_calculate_maximum_allowed_access(
1753 conn, smb_fname, use_privs, &access_mask);
1755 if (!NT_STATUS_IS_OK(status)) {
1759 access_mask &= conn->share_access;
1762 rejected_share_access = access_mask & ~(conn->share_access);
1764 if (rejected_share_access) {
1765 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
1766 "file %s: rejected by share access mask[0x%08X] "
1767 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
1768 smb_fname_str_dbg(smb_fname),
1770 orig_access_mask, access_mask,
1771 rejected_share_access));
1772 return NT_STATUS_ACCESS_DENIED;
1775 *access_mask_out = access_mask;
1776 return NT_STATUS_OK;
1779 /****************************************************************************
1780 Remove the deferred open entry under lock.
1781 ****************************************************************************/
1783 void remove_deferred_open_entry(struct file_id id, uint64_t mid,
1784 struct server_id pid)
1786 struct share_mode_lock *lck = get_existing_share_mode_lock(
1789 DEBUG(0, ("could not get share mode lock\n"));
1792 del_deferred_open_entry(lck, mid, pid);
1796 /****************************************************************************
1797 Return true if this is a state pointer to an asynchronous create.
1798 ****************************************************************************/
1800 bool is_deferred_open_async(const void *ptr)
1802 const struct deferred_open_record *state = (const struct deferred_open_record *)ptr;
1804 return state->async_open;
1807 static bool clear_ads(uint32_t create_disposition)
1811 switch (create_disposition) {
1812 case FILE_SUPERSEDE:
1813 case FILE_OVERWRITE_IF:
1814 case FILE_OVERWRITE:
1823 static int disposition_to_open_flags(uint32_t create_disposition)
1828 * Currently we're using FILE_SUPERSEDE as the same as
1829 * FILE_OVERWRITE_IF but they really are
1830 * different. FILE_SUPERSEDE deletes an existing file
1831 * (requiring delete access) then recreates it.
1834 switch (create_disposition) {
1835 case FILE_SUPERSEDE:
1836 case FILE_OVERWRITE_IF:
1838 * If file exists replace/overwrite. If file doesn't
1841 ret = O_CREAT|O_TRUNC;
1846 * If file exists open. If file doesn't exist error.
1851 case FILE_OVERWRITE:
1853 * If file exists overwrite. If file doesn't exist
1861 * If file exists error. If file doesn't exist create.
1863 ret = O_CREAT|O_EXCL;
1868 * If file exists open. If file doesn't exist create.
1876 static int calculate_open_access_flags(uint32_t access_mask,
1878 uint32_t private_flags)
1880 bool need_write, need_read;
1883 * Note that we ignore the append flag as append does not
1884 * mean the same thing under DOS and Unix.
1888 ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1889 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE));
1895 /* DENY_DOS opens are always underlying read-write on the
1896 file handle, no matter what the requested access mask
1900 ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1901 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|
1902 FILE_READ_EA|FILE_EXECUTE));
1910 /****************************************************************************
1911 Open a file with a share mode. Passed in an already created files_struct *.
1912 ****************************************************************************/
1914 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1915 struct smb_request *req,
1916 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1917 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1918 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1919 uint32 create_options, /* options such as delete on close. */
1920 uint32 new_dos_attributes, /* attributes used for new file. */
1921 int oplock_request, /* internal Samba oplock codes. */
1922 /* Information (FILE_EXISTS etc.) */
1923 uint32_t private_flags, /* Samba specific flags. */
1927 struct smb_filename *smb_fname = fsp->fsp_name;
1930 bool file_existed = VALID_STAT(smb_fname->st);
1931 bool def_acl = False;
1932 bool posix_open = False;
1933 bool new_file_created = False;
1934 bool first_open_attempt = true;
1935 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1936 mode_t new_unx_mode = (mode_t)0;
1937 mode_t unx_mode = (mode_t)0;
1939 uint32 existing_dos_attributes = 0;
1940 struct timeval request_time = timeval_zero();
1941 struct share_mode_lock *lck = NULL;
1942 uint32 open_access_mask = access_mask;
1945 SMB_STRUCT_STAT saved_stat = smb_fname->st;
1946 struct share_mode_entry *batch_entry = NULL;
1947 struct share_mode_entry *exclusive_entry = NULL;
1948 bool got_level2_oplock = false;
1949 bool got_a_none_oplock = false;
1950 struct timespec old_write_time;
1953 if (conn->printer) {
1955 * Printers are handled completely differently.
1956 * Most of the passed parameters are ignored.
1960 *pinfo = FILE_WAS_CREATED;
1963 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1964 smb_fname_str_dbg(smb_fname)));
1967 DEBUG(0,("open_file_ntcreate: printer open without "
1968 "an SMB request!\n"));
1969 return NT_STATUS_INTERNAL_ERROR;
1972 return print_spool_open(fsp, smb_fname->base_name,
1976 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
1978 return NT_STATUS_NO_MEMORY;
1981 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1983 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1984 new_dos_attributes = 0;
1986 /* Windows allows a new file to be created and
1987 silently removes a FILE_ATTRIBUTE_DIRECTORY
1988 sent by the client. Do the same. */
1990 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
1992 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
1994 unx_mode = unix_mode(conn, new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
1995 smb_fname, parent_dir);
1998 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1999 "access_mask=0x%x share_access=0x%x "
2000 "create_disposition = 0x%x create_options=0x%x "
2001 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
2002 smb_fname_str_dbg(smb_fname), new_dos_attributes,
2003 access_mask, share_access, create_disposition,
2004 create_options, (unsigned int)unx_mode, oplock_request,
2005 (unsigned int)private_flags));
2007 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
2008 DEBUG(0, ("No smb request but not an internal only open!\n"));
2009 return NT_STATUS_INTERNAL_ERROR;
2013 * Only non-internal opens can be deferred at all
2018 if (get_deferred_open_message_state(req,
2021 /* Remember the absolute time of the original
2022 request with this mid. We'll use it later to
2023 see if this has timed out. */
2025 /* If it was an async create retry, the file
2028 if (is_deferred_open_async(ptr)) {
2029 SET_STAT_INVALID(smb_fname->st);
2030 file_existed = false;
2032 struct deferred_open_record *state = (struct deferred_open_record *)ptr;
2033 /* Remove the deferred open entry under lock. */
2034 remove_deferred_open_entry(
2035 state->id, req->mid,
2036 messaging_server_id(req->sconn->msg_ctx));
2039 /* Ensure we don't reprocess this message. */
2040 remove_deferred_open_message_smb(req->sconn, req->mid);
2042 first_open_attempt = false;
2047 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
2049 existing_dos_attributes = dos_mode(conn, smb_fname);
2053 /* ignore any oplock requests if oplocks are disabled */
2054 if (!lp_oplocks(SNUM(conn)) ||
2055 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
2056 /* Mask off everything except the private Samba bits. */
2057 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
2060 /* this is for OS/2 long file names - say we don't support them */
2061 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
2062 /* OS/2 Workplace shell fix may be main code stream in a later
2064 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
2066 if (use_nt_status()) {
2067 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2069 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
2072 switch( create_disposition ) {
2074 /* If file exists open. If file doesn't exist error. */
2075 if (!file_existed) {
2076 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
2077 "requested for file %s and file "
2079 smb_fname_str_dbg(smb_fname)));
2081 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2085 case FILE_OVERWRITE:
2086 /* If file exists overwrite. If file doesn't exist
2088 if (!file_existed) {
2089 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
2090 "requested for file %s and file "
2092 smb_fname_str_dbg(smb_fname) ));
2094 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2099 /* If file exists error. If file doesn't exist
2102 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
2103 "requested for file %s and file "
2104 "already exists.\n",
2105 smb_fname_str_dbg(smb_fname)));
2106 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
2111 return map_nt_error_from_unix(errno);
2115 case FILE_SUPERSEDE:
2116 case FILE_OVERWRITE_IF:
2120 return NT_STATUS_INVALID_PARAMETER;
2123 flags2 = disposition_to_open_flags(create_disposition);
2125 /* We only care about matching attributes on file exists and
2128 if (!posix_open && file_existed &&
2129 ((create_disposition == FILE_OVERWRITE) ||
2130 (create_disposition == FILE_OVERWRITE_IF))) {
2131 if (!open_match_attributes(conn, existing_dos_attributes,
2133 smb_fname->st.st_ex_mode,
2134 unx_mode, &new_unx_mode)) {
2135 DEBUG(5,("open_file_ntcreate: attributes missmatch "
2136 "for file %s (%x %x) (0%o, 0%o)\n",
2137 smb_fname_str_dbg(smb_fname),
2138 existing_dos_attributes,
2140 (unsigned int)smb_fname->st.st_ex_mode,
2141 (unsigned int)unx_mode ));
2143 return NT_STATUS_ACCESS_DENIED;
2147 status = smbd_calculate_access_mask(conn, smb_fname,
2151 if (!NT_STATUS_IS_OK(status)) {
2152 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
2153 "on file %s returned %s\n",
2154 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
2158 open_access_mask = access_mask;
2160 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
2161 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
2164 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
2165 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
2169 * Note that we ignore the append flag as append does not
2170 * mean the same thing under DOS and Unix.
2173 flags = calculate_open_access_flags(access_mask, oplock_request,
2177 * Currently we only look at FILE_WRITE_THROUGH for create options.
2181 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
2186 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
2190 if (!posix_open && !CAN_WRITE(conn)) {
2192 * We should really return a permission denied error if either
2193 * O_CREAT or O_TRUNC are set, but for compatibility with
2194 * older versions of Samba we just AND them out.
2196 flags2 &= ~(O_CREAT|O_TRUNC);
2199 if (first_open_attempt && lp_kernel_oplocks(SNUM(conn))) {
2201 * With kernel oplocks the open breaking an oplock
2202 * blocks until the oplock holder has given up the
2203 * oplock or closed the file. We prevent this by first
2204 * trying to open the file with O_NONBLOCK (see "man
2205 * fcntl" on Linux). For the second try, triggered by
2206 * an oplock break response, we do not need this
2209 * This is true under the assumption that only Samba
2210 * requests kernel oplocks. Once someone else like
2211 * NFSv4 starts to use that API, we will have to
2212 * modify this by communicating with the NFSv4 server.
2214 flags2 |= O_NONBLOCK;
2218 * Ensure we can't write on a read-only share or file.
2221 if (flags != O_RDONLY && file_existed &&
2222 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
2223 DEBUG(5,("open_file_ntcreate: write access requested for "
2224 "file %s on read only %s\n",
2225 smb_fname_str_dbg(smb_fname),
2226 !CAN_WRITE(conn) ? "share" : "file" ));
2228 return NT_STATUS_ACCESS_DENIED;
2231 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
2232 fsp->share_access = share_access;
2233 fsp->fh->private_options = private_flags;
2234 fsp->access_mask = open_access_mask; /* We change this to the
2235 * requested access_mask after
2236 * the open is done. */
2237 fsp->posix_open = posix_open;
2239 /* Ensure no SAMBA_PRIVATE bits can be set. */
2240 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
2242 if (timeval_is_zero(&request_time)) {
2243 request_time = fsp->open_time;
2247 * Ensure we pay attention to default ACLs on directories if required.
2250 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
2251 (def_acl = directory_has_default_acl(conn, parent_dir))) {
2252 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
2255 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2256 "access_mask = 0x%x, open_access_mask = 0x%x\n",
2257 (unsigned int)flags, (unsigned int)flags2,
2258 (unsigned int)unx_mode, (unsigned int)access_mask,
2259 (unsigned int)open_access_mask));
2261 fsp_open = open_file(fsp, conn, req, parent_dir,
2262 flags|flags2, unx_mode, access_mask,
2263 open_access_mask, &new_file_created);
2265 if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_NETWORK_BUSY)) {
2266 struct deferred_open_record state;
2269 * EWOULDBLOCK/EAGAIN maps to NETWORK_BUSY.
2271 if (file_existed && S_ISFIFO(fsp->fsp_name->st.st_ex_mode)) {
2272 DEBUG(10, ("FIFO busy\n"));
2273 return NT_STATUS_NETWORK_BUSY;
2276 DEBUG(10, ("Internal open busy\n"));
2277 return NT_STATUS_NETWORK_BUSY;
2281 * From here on we assume this is an oplock break triggered
2284 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
2286 state.delayed_for_oplocks = false;
2287 state.async_open = false;
2288 state.id = fsp->file_id;
2289 defer_open(NULL, request_time, timeval_set(0, 0),
2291 DEBUG(10, ("No share mode lock found after "
2292 "EWOULDBLOCK, retrying sync\n"));
2293 return NT_STATUS_SHARING_VIOLATION;
2296 find_oplock_types(fsp, 0, lck, &batch_entry, &exclusive_entry,
2297 &got_level2_oplock, &got_a_none_oplock);
2299 if (delay_for_batch_oplocks(fsp, req->mid, 0, batch_entry) ||
2300 delay_for_exclusive_oplocks(fsp, req->mid, 0,
2302 schedule_defer_open(lck, request_time, req);
2304 DEBUG(10, ("Sent oplock break request to kernel "
2305 "oplock holder\n"));
2306 return NT_STATUS_SHARING_VIOLATION;
2310 * No oplock from Samba around. Immediately retry with
2313 state.delayed_for_oplocks = false;
2314 state.async_open = false;
2315 state.id = lck->data->id;
2316 defer_open(lck, request_time, timeval_set(0, 0), req, &state);
2318 DEBUG(10, ("No Samba oplock around after EWOULDBLOCK. "
2319 "Retrying sync\n"));
2320 return NT_STATUS_SHARING_VIOLATION;
2323 if (!NT_STATUS_IS_OK(fsp_open)) {
2324 if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_RETRY)) {
2325 schedule_async_open(request_time, req);
2331 if (file_existed && !check_same_dev_ino(&saved_stat, &smb_fname->st)) {
2333 * The file did exist, but some other (local or NFS)
2334 * process either renamed/unlinked and re-created the
2335 * file with different dev/ino after we walked the path,
2336 * but before we did the open. We could retry the
2337 * open but it's a rare enough case it's easier to
2338 * just fail the open to prevent creating any problems
2339 * in the open file db having the wrong dev/ino key.
2343 DEBUG(1,("open_file_ntcreate: file %s - dev/ino mismatch. "
2344 "Old (dev=0x%llu, ino =0x%llu). "
2345 "New (dev=0x%llu, ino=0x%llu). Failing open "
2346 " with NT_STATUS_ACCESS_DENIED.\n",
2347 smb_fname_str_dbg(smb_fname),
2348 (unsigned long long)saved_stat.st_ex_dev,
2349 (unsigned long long)saved_stat.st_ex_ino,
2350 (unsigned long long)smb_fname->st.st_ex_dev,
2351 (unsigned long long)smb_fname->st.st_ex_ino));
2352 return NT_STATUS_ACCESS_DENIED;
2355 old_write_time = smb_fname->st.st_ex_mtime;
2358 * Deal with the race condition where two smbd's detect the
2359 * file doesn't exist and do the create at the same time. One
2360 * of them will win and set a share mode, the other (ie. this
2361 * one) should check if the requested share mode for this
2362 * create is allowed.
2366 * Now the file exists and fsp is successfully opened,
2367 * fsp->dev and fsp->inode are valid and should replace the
2368 * dev=0,inode=0 from a non existent file. Spotted by
2369 * Nadav Danieli <nadavd@exanet.com>. JRA.
2374 lck = get_share_mode_lock(talloc_tos(), id,
2376 smb_fname, &old_write_time);
2379 DEBUG(0, ("open_file_ntcreate: Could not get share "
2380 "mode lock for %s\n",
2381 smb_fname_str_dbg(smb_fname)));
2383 return NT_STATUS_SHARING_VIOLATION;
2386 /* Get the types we need to examine. */
2387 find_oplock_types(fsp,
2393 &got_a_none_oplock);
2395 /* First pass - send break only on batch oplocks. */
2396 if ((req != NULL) &&
2397 delay_for_batch_oplocks(fsp,
2401 schedule_defer_open(lck, request_time, req);
2404 return NT_STATUS_SHARING_VIOLATION;
2407 status = open_mode_check(conn, lck, fsp->name_hash,
2408 access_mask, share_access,
2409 create_options, &file_existed);
2411 if (NT_STATUS_IS_OK(status)) {
2412 /* We might be going to allow this open. Check oplock
2414 /* Second pass - send break for both batch or
2415 * exclusive oplocks. */
2416 if ((req != NULL) &&
2417 delay_for_exclusive_oplocks(
2422 schedule_defer_open(lck, request_time, req);
2425 return NT_STATUS_SHARING_VIOLATION;
2429 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
2430 /* DELETE_PENDING is not deferred for a second */
2436 if (!NT_STATUS_IS_OK(status)) {
2437 uint32 can_access_mask;
2438 bool can_access = True;
2440 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
2442 /* Check if this can be done with the deny_dos and fcb
2445 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
2446 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
2448 DEBUG(0, ("DOS open without an SMB "
2452 return NT_STATUS_INTERNAL_ERROR;
2455 /* Use the client requested access mask here,
2456 * not the one we open with. */
2457 status = fcb_or_dos_open(req,
2468 if (NT_STATUS_IS_OK(status)) {
2471 *pinfo = FILE_WAS_OPENED;
2473 return NT_STATUS_OK;
2478 * This next line is a subtlety we need for
2479 * MS-Access. If a file open will fail due to share
2480 * permissions and also for security (access) reasons,
2481 * we need to return the access failed error, not the
2482 * share error. We can't open the file due to kernel
2483 * oplock deadlock (it's possible we failed above on
2484 * the open_mode_check()) so use a userspace check.
2487 if (flags & O_RDWR) {
2488 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
2489 } else if (flags & O_WRONLY) {
2490 can_access_mask = FILE_WRITE_DATA;
2492 can_access_mask = FILE_READ_DATA;
2495 if (((can_access_mask & FILE_WRITE_DATA) &&
2496 !CAN_WRITE(conn)) ||
2497 !NT_STATUS_IS_OK(smbd_check_access_rights(conn,
2500 can_access_mask))) {
2505 * If we're returning a share violation, ensure we
2506 * cope with the braindead 1 second delay.
2509 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
2510 lp_defer_sharing_violations()) {
2511 struct timeval timeout;
2512 struct deferred_open_record state;
2515 /* this is a hack to speed up torture tests
2517 timeout_usecs = lp_parm_int(SNUM(conn),
2518 "smbd","sharedelay",
2519 SHARING_VIOLATION_USEC_WAIT);
2521 /* This is a relative time, added to the absolute
2522 request_time value to get the absolute timeout time.
2523 Note that if this is the second or greater time we enter
2524 this codepath for this particular request mid then
2525 request_time is left as the absolute time of the *first*
2526 time this request mid was processed. This is what allows
2527 the request to eventually time out. */
2529 timeout = timeval_set(0, timeout_usecs);
2531 /* Nothing actually uses state.delayed_for_oplocks
2532 but it's handy to differentiate in debug messages
2533 between a 30 second delay due to oplock break, and
2534 a 1 second delay for share mode conflicts. */
2536 state.delayed_for_oplocks = False;
2537 state.async_open = false;
2541 && !request_timed_out(request_time,
2543 defer_open(lck, request_time, timeout,
2552 * We have detected a sharing violation here
2553 * so return the correct error code
2555 status = NT_STATUS_SHARING_VIOLATION;
2557 status = NT_STATUS_ACCESS_DENIED;
2562 grant_fsp_oplock_type(fsp,
2568 * We have the share entry *locked*.....
2571 /* Delete streams if create_disposition requires it */
2572 if (!new_file_created && clear_ads(create_disposition) &&
2573 !is_ntfs_stream_smb_fname(smb_fname)) {
2574 status = delete_all_streams(conn, smb_fname->base_name);
2575 if (!NT_STATUS_IS_OK(status)) {
2582 /* note that we ignore failure for the following. It is
2583 basically a hack for NFS, and NFS will never set one of
2584 these only read them. Nobody but Samba can ever set a deny
2585 mode and we have already checked our more authoritative
2586 locking database for permission to set this deny mode. If
2587 the kernel refuses the operations then the kernel is wrong.
2588 note that GPFS supports it as well - jmcd */
2590 if (fsp->fh->fd != -1 && lp_kernel_share_modes(SNUM(conn))) {
2592 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
2593 if(ret_flock == -1 ){
2598 return NT_STATUS_SHARING_VIOLATION;
2603 * At this point onwards, we can guarantee that the share entry
2604 * is locked, whether we created the file or not, and that the
2605 * deny mode is compatible with all current opens.
2609 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2610 * but we don't have to store this - just ignore it on access check.
2612 if (conn->sconn->using_smb2) {
2614 * SMB2 doesn't return it (according to Microsoft tests).
2615 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
2616 * File created with access = 0x7 (Read, Write, Delete)
2617 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
2619 fsp->access_mask = access_mask;
2621 /* But SMB1 does. */
2622 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2626 /* stat opens on existing files don't get oplocks. */
2627 if (is_stat_open(open_access_mask)) {
2628 fsp->oplock_type = NO_OPLOCK;
2632 if (new_file_created) {
2633 info = FILE_WAS_CREATED;
2635 if (flags2 & O_TRUNC) {
2636 info = FILE_WAS_OVERWRITTEN;
2638 info = FILE_WAS_OPENED;
2647 * Setup the oplock info in both the shared memory and
2651 status = set_file_oplock(fsp, fsp->oplock_type);
2652 if (!NT_STATUS_IS_OK(status)) {
2654 * Could not get the kernel oplock or there are byte-range
2655 * locks on the file.
2657 fsp->oplock_type = NO_OPLOCK;
2660 set_share_mode(lck, fsp, get_current_uid(conn),
2664 /* Handle strange delete on close create semantics. */
2665 if (create_options & FILE_DELETE_ON_CLOSE) {
2667 status = can_set_delete_on_close(fsp, new_dos_attributes);
2669 if (!NT_STATUS_IS_OK(status)) {
2670 /* Remember to delete the mode we just added. */
2671 del_share_mode(lck, fsp);
2676 /* Note that here we set the *inital* delete on close flag,
2677 not the regular one. The magic gets handled in close. */
2678 fsp->initial_delete_on_close = True;
2681 if (info != FILE_WAS_OPENED) {
2682 /* Files should be initially set as archive */
2683 if (lp_map_archive(SNUM(conn)) ||
2684 lp_store_dos_attributes(SNUM(conn))) {
2686 if (file_set_dosmode(conn, smb_fname,
2687 new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
2688 parent_dir, true) == 0) {
2689 unx_mode = smb_fname->st.st_ex_mode;
2695 /* Determine sparse flag. */
2697 /* POSIX opens are sparse by default. */
2698 fsp->is_sparse = true;
2700 fsp->is_sparse = (file_existed &&
2701 (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE));
2705 * Take care of inherited ACLs on created files - if default ACL not
2709 if (!posix_open && new_file_created && !def_acl) {
2711 int saved_errno = errno; /* We might get ENOSYS in the next
2714 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2716 errno = saved_errno; /* Ignore ENOSYS */
2719 } else if (new_unx_mode) {
2723 /* Attributes need changing. File already existed. */
2726 int saved_errno = errno; /* We might get ENOSYS in the
2728 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2730 if (ret == -1 && errno == ENOSYS) {
2731 errno = saved_errno; /* Ignore ENOSYS */
2733 DEBUG(5, ("open_file_ntcreate: reset "
2734 "attributes of file %s to 0%o\n",
2735 smb_fname_str_dbg(smb_fname),
2736 (unsigned int)new_unx_mode));
2737 ret = 0; /* Don't do the fchmod below. */
2742 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2743 DEBUG(5, ("open_file_ntcreate: failed to reset "
2744 "attributes of file %s to 0%o\n",
2745 smb_fname_str_dbg(smb_fname),
2746 (unsigned int)new_unx_mode));
2749 /* If this is a successful open, we must remove any deferred open
2752 del_deferred_open_entry(lck, req->mid,
2753 messaging_server_id(req->sconn->msg_ctx));
2757 return NT_STATUS_OK;
2761 /****************************************************************************
2762 Open a file for for write to ensure that we can fchmod it.
2763 ****************************************************************************/
2765 NTSTATUS open_file_fchmod(connection_struct *conn,
2766 struct smb_filename *smb_fname,
2767 files_struct **result)
2769 if (!VALID_STAT(smb_fname->st)) {
2770 return NT_STATUS_INVALID_PARAMETER;
2773 return SMB_VFS_CREATE_FILE(
2776 0, /* root_dir_fid */
2777 smb_fname, /* fname */
2778 FILE_WRITE_DATA, /* access_mask */
2779 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2781 FILE_OPEN, /* create_disposition*/
2782 0, /* create_options */
2783 0, /* file_attributes */
2784 INTERNAL_OPEN_ONLY, /* oplock_request */
2785 0, /* allocation_size */
2786 0, /* private_flags */
2789 result, /* result */
2793 static NTSTATUS mkdir_internal(connection_struct *conn,
2794 struct smb_filename *smb_dname,
2795 uint32 file_attributes)
2798 char *parent_dir = NULL;
2800 bool posix_open = false;
2801 bool need_re_stat = false;
2802 uint32_t access_mask = SEC_DIR_ADD_SUBDIR;
2804 if (!CAN_WRITE(conn) || (access_mask & ~(conn->share_access))) {
2805 DEBUG(5,("mkdir_internal: failing share access "
2806 "%s\n", lp_servicename(talloc_tos(), SNUM(conn))));
2807 return NT_STATUS_ACCESS_DENIED;
2810 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2812 return NT_STATUS_NO_MEMORY;
2815 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2817 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2819 mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, smb_dname, parent_dir);
2822 status = check_parent_access(conn,
2825 if(!NT_STATUS_IS_OK(status)) {
2826 DEBUG(5,("mkdir_internal: check_parent_access "
2827 "on directory %s for path %s returned %s\n",
2829 smb_dname->base_name,
2830 nt_errstr(status) ));
2834 if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2835 return map_nt_error_from_unix(errno);
2838 /* Ensure we're checking for a symlink here.... */
2839 /* We don't want to get caught by a symlink racer. */
2841 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2842 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2843 smb_fname_str_dbg(smb_dname), strerror(errno)));
2844 return map_nt_error_from_unix(errno);
2847 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2848 DEBUG(0, ("Directory '%s' just created is not a directory !\n",
2849 smb_fname_str_dbg(smb_dname)));
2850 return NT_STATUS_NOT_A_DIRECTORY;
2853 if (lp_store_dos_attributes(SNUM(conn))) {
2855 file_set_dosmode(conn, smb_dname,
2856 file_attributes | FILE_ATTRIBUTE_DIRECTORY,
2861 if (lp_inherit_perms(SNUM(conn))) {
2862 inherit_access_posix_acl(conn, parent_dir,
2863 smb_dname->base_name, mode);
2864 need_re_stat = true;
2869 * Check if high bits should have been set,
2870 * then (if bits are missing): add them.
2871 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2874 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2875 (mode & ~smb_dname->st.st_ex_mode)) {
2876 SMB_VFS_CHMOD(conn, smb_dname->base_name,
2877 (smb_dname->st.st_ex_mode |
2878 (mode & ~smb_dname->st.st_ex_mode)));
2879 need_re_stat = true;
2883 /* Change the owner if required. */
2884 if (lp_inherit_owner(SNUM(conn))) {
2885 change_dir_owner_to_parent(conn, parent_dir,
2886 smb_dname->base_name,
2888 need_re_stat = true;
2892 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2893 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2894 smb_fname_str_dbg(smb_dname), strerror(errno)));
2895 return map_nt_error_from_unix(errno);
2899 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2900 smb_dname->base_name);
2902 return NT_STATUS_OK;
2905 /****************************************************************************
2906 Open a directory from an NT SMB call.
2907 ****************************************************************************/
2909 static NTSTATUS open_directory(connection_struct *conn,
2910 struct smb_request *req,
2911 struct smb_filename *smb_dname,
2913 uint32 share_access,
2914 uint32 create_disposition,
2915 uint32 create_options,
2916 uint32 file_attributes,
2918 files_struct **result)
2920 files_struct *fsp = NULL;
2921 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
2922 struct share_mode_lock *lck = NULL;
2924 struct timespec mtimespec;
2927 if (is_ntfs_stream_smb_fname(smb_dname)) {
2928 DEBUG(2, ("open_directory: %s is a stream name!\n",
2929 smb_fname_str_dbg(smb_dname)));
2930 return NT_STATUS_NOT_A_DIRECTORY;
2933 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2934 /* Ensure we have a directory attribute. */
2935 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
2938 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2939 "share_access = 0x%x create_options = 0x%x, "
2940 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2941 smb_fname_str_dbg(smb_dname),
2942 (unsigned int)access_mask,
2943 (unsigned int)share_access,
2944 (unsigned int)create_options,
2945 (unsigned int)create_disposition,
2946 (unsigned int)file_attributes));
2948 status = smbd_calculate_access_mask(conn, smb_dname, false,
2949 access_mask, &access_mask);
2950 if (!NT_STATUS_IS_OK(status)) {
2951 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
2952 "on file %s returned %s\n",
2953 smb_fname_str_dbg(smb_dname),
2954 nt_errstr(status)));
2958 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2959 !security_token_has_privilege(get_current_nttok(conn),
2960 SEC_PRIV_SECURITY)) {
2961 DEBUG(10, ("open_directory: open on %s "
2962 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2963 smb_fname_str_dbg(smb_dname)));
2964 return NT_STATUS_PRIVILEGE_NOT_HELD;
2967 switch( create_disposition ) {
2971 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2974 info = FILE_WAS_OPENED;
2979 /* If directory exists error. If directory doesn't
2983 status = NT_STATUS_OBJECT_NAME_COLLISION;
2984 DEBUG(2, ("open_directory: unable to create "
2985 "%s. Error was %s\n",
2986 smb_fname_str_dbg(smb_dname),
2987 nt_errstr(status)));
2991 status = mkdir_internal(conn, smb_dname,
2994 if (!NT_STATUS_IS_OK(status)) {
2995 DEBUG(2, ("open_directory: unable to create "
2996 "%s. Error was %s\n",
2997 smb_fname_str_dbg(smb_dname),
2998 nt_errstr(status)));
3002 info = FILE_WAS_CREATED;
3007 * If directory exists open. If directory doesn't
3012 status = NT_STATUS_OK;
3013 info = FILE_WAS_OPENED;
3015 status = mkdir_internal(conn, smb_dname,
3018 if (NT_STATUS_IS_OK(status)) {
3019 info = FILE_WAS_CREATED;
3021 /* Cope with create race. */
3022 if (!NT_STATUS_EQUAL(status,
3023 NT_STATUS_OBJECT_NAME_COLLISION)) {
3024 DEBUG(2, ("open_directory: unable to create "
3025 "%s. Error was %s\n",
3026 smb_fname_str_dbg(smb_dname),
3027 nt_errstr(status)));
3030 info = FILE_WAS_OPENED;
3036 case FILE_SUPERSEDE:
3037 case FILE_OVERWRITE:
3038 case FILE_OVERWRITE_IF:
3040 DEBUG(5,("open_directory: invalid create_disposition "
3041 "0x%x for directory %s\n",
3042 (unsigned int)create_disposition,
3043 smb_fname_str_dbg(smb_dname)));
3044 return NT_STATUS_INVALID_PARAMETER;
3047 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
3048 DEBUG(5,("open_directory: %s is not a directory !\n",
3049 smb_fname_str_dbg(smb_dname)));
3050 return NT_STATUS_NOT_A_DIRECTORY;
3053 if (info == FILE_WAS_OPENED) {
3054 status = smbd_check_access_rights(conn,
3058 if (!NT_STATUS_IS_OK(status)) {
3059 DEBUG(10, ("open_directory: smbd_check_access_rights on "
3060 "file %s failed with %s\n",
3061 smb_fname_str_dbg(smb_dname),
3062 nt_errstr(status)));
3067 status = file_new(req, conn, &fsp);
3068 if(!NT_STATUS_IS_OK(status)) {
3073 * Setup the files_struct for it.
3076 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
3077 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
3078 fsp->file_pid = req ? req->smbpid : 0;
3079 fsp->can_lock = False;
3080 fsp->can_read = False;
3081 fsp->can_write = False;
3083 fsp->share_access = share_access;
3084 fsp->fh->private_options = 0;
3086 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
3088 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
3089 fsp->print_file = NULL;
3090 fsp->modified = False;
3091 fsp->oplock_type = NO_OPLOCK;
3092 fsp->sent_oplock_break = NO_BREAK_SENT;
3093 fsp->is_directory = True;
3094 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
3095 status = fsp_set_smb_fname(fsp, smb_dname);
3096 if (!NT_STATUS_IS_OK(status)) {
3097 file_free(req, fsp);
3101 mtimespec = smb_dname->st.st_ex_mtime;
3104 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
3106 /* POSIX allows us to open a directory with O_RDONLY. */
3107 status = fd_open(conn, fsp, O_RDONLY, 0);
3109 if (!NT_STATUS_IS_OK(status)) {
3110 DEBUG(5, ("open_directory: Could not open fd for "
3112 smb_fname_str_dbg(smb_dname),
3113 nt_errstr(status)));
3114 file_free(req, fsp);
3118 status = vfs_stat_fsp(fsp);
3119 if (!NT_STATUS_IS_OK(status)) {
3121 file_free(req, fsp);
3125 /* Ensure there was no race condition. */
3126 if (!check_same_stat(&smb_dname->st, &fsp->fsp_name->st)) {
3127 DEBUG(5,("open_directory: stat struct differs for "
3129 smb_fname_str_dbg(smb_dname)));
3131 file_free(req, fsp);
3132 return NT_STATUS_ACCESS_DENIED;
3135 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
3136 conn->connectpath, smb_dname,
3140 DEBUG(0, ("open_directory: Could not get share mode lock for "
3141 "%s\n", smb_fname_str_dbg(smb_dname)));
3143 file_free(req, fsp);
3144 return NT_STATUS_SHARING_VIOLATION;
3147 status = open_mode_check(conn, lck, fsp->name_hash,
3148 access_mask, share_access,
3149 create_options, &dir_existed);
3151 if (!NT_STATUS_IS_OK(status)) {
3154 file_free(req, fsp);
3158 set_share_mode(lck, fsp, get_current_uid(conn),
3159 req ? req->mid : 0, NO_OPLOCK);
3161 /* For directories the delete on close bit at open time seems
3162 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
3163 if (create_options & FILE_DELETE_ON_CLOSE) {
3164 status = can_set_delete_on_close(fsp, 0);
3165 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
3168 file_free(req, fsp);
3172 if (NT_STATUS_IS_OK(status)) {
3173 /* Note that here we set the *inital* delete on close flag,
3174 not the regular one. The magic gets handled in close. */
3175 fsp->initial_delete_on_close = True;
3186 return NT_STATUS_OK;
3189 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
3190 struct smb_filename *smb_dname)
3195 status = SMB_VFS_CREATE_FILE(
3198 0, /* root_dir_fid */
3199 smb_dname, /* fname */
3200 FILE_READ_ATTRIBUTES, /* access_mask */
3201 FILE_SHARE_NONE, /* share_access */
3202 FILE_CREATE, /* create_disposition*/
3203 FILE_DIRECTORY_FILE, /* create_options */
3204 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
3205 0, /* oplock_request */
3206 0, /* allocation_size */
3207 0, /* private_flags */
3213 if (NT_STATUS_IS_OK(status)) {
3214 close_file(req, fsp, NORMAL_CLOSE);
3220 /****************************************************************************
3221 Receive notification that one of our open files has been renamed by another
3223 ****************************************************************************/
3225 void msg_file_was_renamed(struct messaging_context *msg,
3228 struct server_id server_id,
3232 char *frm = (char *)data->data;
3234 const char *sharepath;
3235 const char *base_name;
3236 const char *stream_name;
3237 struct smb_filename *smb_fname = NULL;
3238 size_t sp_len, bn_len;
3240 struct smbd_server_connection *sconn =
3241 talloc_get_type_abort(private_data,
3242 struct smbd_server_connection);
3244 if (data->data == NULL
3245 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
3246 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
3247 (int)data->length));
3251 /* Unpack the message. */
3252 pull_file_id_24(frm, &id);
3253 sharepath = &frm[24];
3254 sp_len = strlen(sharepath);
3255 base_name = sharepath + sp_len + 1;
3256 bn_len = strlen(base_name);
3257 stream_name = sharepath + sp_len + 1 + bn_len + 1;
3259 /* stream_name must always be NULL if there is no stream. */
3260 if (stream_name[0] == '\0') {
3264 status = create_synthetic_smb_fname(talloc_tos(), base_name,
3265 stream_name, NULL, &smb_fname);
3266 if (!NT_STATUS_IS_OK(status)) {
3270 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
3272 sharepath, smb_fname_str_dbg(smb_fname),
3273 file_id_string_tos(&id)));
3275 for(fsp = file_find_di_first(sconn, id); fsp;
3276 fsp = file_find_di_next(fsp)) {
3277 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
3279 DEBUG(10,("msg_file_was_renamed: renaming file %s from %s -> %s\n",
3280 fsp_fnum_dbg(fsp), fsp_str_dbg(fsp),
3281 smb_fname_str_dbg(smb_fname)));
3282 status = fsp_set_smb_fname(fsp, smb_fname);
3283 if (!NT_STATUS_IS_OK(status)) {
3288 /* Now we have the complete path we can work out if this is
3289 actually within this share and adjust newname accordingly. */
3290 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
3291 "not sharepath %s) "
3292 "%s from %s -> %s\n",
3293 fsp->conn->connectpath,
3297 smb_fname_str_dbg(smb_fname)));
3301 TALLOC_FREE(smb_fname);
3306 * If a main file is opened for delete, all streams need to be checked for
3307 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
3308 * If that works, delete them all by setting the delete on close and close.
3311 NTSTATUS open_streams_for_delete(connection_struct *conn,
3314 struct stream_struct *stream_info = NULL;
3315 files_struct **streams = NULL;
3317 unsigned int num_streams = 0;
3318 TALLOC_CTX *frame = talloc_stackframe();
3321 status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
3322 &num_streams, &stream_info);
3324 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
3325 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
3326 DEBUG(10, ("no streams around\n"));
3328 return NT_STATUS_OK;
3331 if (!NT_STATUS_IS_OK(status)) {
3332 DEBUG(10, ("vfs_streaminfo failed: %s\n",
3333 nt_errstr(status)));
3337 DEBUG(10, ("open_streams_for_delete found %d streams\n",
3340 if (num_streams == 0) {
3342 return NT_STATUS_OK;
3345 streams = talloc_array(talloc_tos(), files_struct *, num_streams);
3346 if (streams == NULL) {
3347 DEBUG(0, ("talloc failed\n"));
3348 status = NT_STATUS_NO_MEMORY;
3352 for (i=0; i<num_streams; i++) {
3353 struct smb_filename *smb_fname = NULL;
3355 if (strequal(stream_info[i].name, "::$DATA")) {
3360 status = create_synthetic_smb_fname(talloc_tos(), fname,
3361 stream_info[i].name,
3363 if (!NT_STATUS_IS_OK(status)) {
3367 if (SMB_VFS_STAT(conn, smb_fname) == -1) {
3368 DEBUG(10, ("Unable to stat stream: %s\n",
3369 smb_fname_str_dbg(smb_fname)));
3372 status = SMB_VFS_CREATE_FILE(
3375 0, /* root_dir_fid */
3376 smb_fname, /* fname */
3377 DELETE_ACCESS, /* access_mask */
3378 (FILE_SHARE_READ | /* share_access */
3379 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
3380 FILE_OPEN, /* create_disposition*/
3381 0, /* create_options */
3382 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
3383 0, /* oplock_request */
3384 0, /* allocation_size */
3385 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
3388 &streams[i], /* result */
3391 if (!NT_STATUS_IS_OK(status)) {
3392 DEBUG(10, ("Could not open stream %s: %s\n",
3393 smb_fname_str_dbg(smb_fname),
3394 nt_errstr(status)));
3396 TALLOC_FREE(smb_fname);
3399 TALLOC_FREE(smb_fname);
3403 * don't touch the variable "status" beyond this point :-)
3406 for (i -= 1 ; i >= 0; i--) {
3407 if (streams[i] == NULL) {
3411 DEBUG(10, ("Closing stream # %d, %s\n", i,
3412 fsp_str_dbg(streams[i])));
3413 close_file(NULL, streams[i], NORMAL_CLOSE);
3421 /*********************************************************************
3422 Create a default ACL by inheriting from the parent. If no inheritance
3423 from the parent available, don't set anything. This will leave the actual
3424 permissions the new file or directory already got from the filesystem
3425 as the NT ACL when read.
3426 *********************************************************************/
3428 static NTSTATUS inherit_new_acl(files_struct *fsp)
3430 TALLOC_CTX *frame = talloc_stackframe();
3431 char *parent_name = NULL;
3432 struct security_descriptor *parent_desc = NULL;
3433 NTSTATUS status = NT_STATUS_OK;
3434 struct security_descriptor *psd = NULL;
3435 struct dom_sid *owner_sid = NULL;
3436 struct dom_sid *group_sid = NULL;
3437 uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
3438 bool inherit_owner = lp_inherit_owner(SNUM(fsp->conn));
3439 bool inheritable_components = false;
3442 if (!parent_dirname(frame, fsp->fsp_name->base_name, &parent_name, NULL)) {
3443 return NT_STATUS_NO_MEMORY;
3446 status = SMB_VFS_GET_NT_ACL(fsp->conn,
3448 (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
3451 if (!NT_STATUS_IS_OK(status)) {
3455 inheritable_components = sd_has_inheritable_components(parent_desc,
3458 if (!inheritable_components && !inherit_owner) {
3460 /* Nothing to inherit and not setting owner. */
3461 return NT_STATUS_OK;
3464 /* Create an inherited descriptor from the parent. */
3466 if (DEBUGLEVEL >= 10) {
3467 DEBUG(10,("inherit_new_acl: parent acl for %s is:\n",
3468 fsp_str_dbg(fsp) ));
3469 NDR_PRINT_DEBUG(security_descriptor, parent_desc);
3472 /* Inherit from parent descriptor if "inherit owner" set. */
3473 if (inherit_owner) {
3474 owner_sid = parent_desc->owner_sid;
3475 group_sid = parent_desc->group_sid;
3478 if (owner_sid == NULL) {
3479 owner_sid = &fsp->conn->session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
3481 if (group_sid == NULL) {
3482 group_sid = &fsp->conn->session_info->security_token->sids[PRIMARY_GROUP_SID_INDEX];
3485 status = se_create_child_secdesc(frame,
3492 if (!NT_STATUS_IS_OK(status)) {
3497 /* If inheritable_components == false,
3498 se_create_child_secdesc()
3499 creates a security desriptor with a NULL dacl
3500 entry, but with SEC_DESC_DACL_PRESENT. We need
3501 to remove that flag. */
3503 if (!inheritable_components) {
3504 security_info_sent &= ~SECINFO_DACL;
3505 psd->type &= ~SEC_DESC_DACL_PRESENT;
3508 if (DEBUGLEVEL >= 10) {
3509 DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
3510 fsp_str_dbg(fsp) ));
3511 NDR_PRINT_DEBUG(security_descriptor, psd);
3514 if (inherit_owner) {
3515 /* We need to be root to force this. */
3518 status = SMB_VFS_FSET_NT_ACL(fsp,
3521 if (inherit_owner) {
3529 * Wrapper around open_file_ntcreate and open_directory
3532 static NTSTATUS create_file_unixpath(connection_struct *conn,
3533 struct smb_request *req,
3534 struct smb_filename *smb_fname,
3535 uint32_t access_mask,
3536 uint32_t share_access,
3537 uint32_t create_disposition,
3538 uint32_t create_options,
3539 uint32_t file_attributes,
3540 uint32_t oplock_request,
3541 uint64_t allocation_size,
3542 uint32_t private_flags,
3543 struct security_descriptor *sd,
3544 struct ea_list *ea_list,
3546 files_struct **result,
3549 int info = FILE_WAS_OPENED;
3550 files_struct *base_fsp = NULL;
3551 files_struct *fsp = NULL;
3554 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
3555 "file_attributes = 0x%x, share_access = 0x%x, "
3556 "create_disposition = 0x%x create_options = 0x%x "
3557 "oplock_request = 0x%x private_flags = 0x%x "
3558 "ea_list = 0x%p, sd = 0x%p, "
3560 (unsigned int)access_mask,
3561 (unsigned int)file_attributes,
3562 (unsigned int)share_access,
3563 (unsigned int)create_disposition,
3564 (unsigned int)create_options,
3565 (unsigned int)oplock_request,
3566 (unsigned int)private_flags,
3567 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3569 if (create_options & FILE_OPEN_BY_FILE_ID) {
3570 status = NT_STATUS_NOT_SUPPORTED;
3574 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
3575 status = NT_STATUS_INVALID_PARAMETER;
3580 oplock_request |= INTERNAL_OPEN_ONLY;
3583 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3584 && (access_mask & DELETE_ACCESS)
3585 && !is_ntfs_stream_smb_fname(smb_fname)) {
3587 * We can't open a file with DELETE access if any of the
3588 * streams is open without FILE_SHARE_DELETE
3590 status = open_streams_for_delete(conn, smb_fname->base_name);
3592 if (!NT_STATUS_IS_OK(status)) {
3597 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
3598 !security_token_has_privilege(get_current_nttok(conn),
3599 SEC_PRIV_SECURITY)) {
3600 DEBUG(10, ("create_file_unixpath: open on %s "
3601 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3602 smb_fname_str_dbg(smb_fname)));
3603 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3607 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3608 && is_ntfs_stream_smb_fname(smb_fname)
3609 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
3610 uint32 base_create_disposition;
3611 struct smb_filename *smb_fname_base = NULL;
3613 if (create_options & FILE_DIRECTORY_FILE) {
3614 status = NT_STATUS_NOT_A_DIRECTORY;
3618 switch (create_disposition) {
3620 base_create_disposition = FILE_OPEN;
3623 base_create_disposition = FILE_OPEN_IF;
3627 /* Create an smb_filename with stream_name == NULL. */
3628 status = create_synthetic_smb_fname(talloc_tos(),
3629 smb_fname->base_name,
3632 if (!NT_STATUS_IS_OK(status)) {
3636 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
3637 DEBUG(10, ("Unable to stat stream: %s\n",
3638 smb_fname_str_dbg(smb_fname_base)));
3641 /* Open the base file. */
3642 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
3645 | FILE_SHARE_DELETE,
3646 base_create_disposition,
3647 0, 0, 0, 0, 0, NULL, NULL,
3649 TALLOC_FREE(smb_fname_base);
3651 if (!NT_STATUS_IS_OK(status)) {
3652 DEBUG(10, ("create_file_unixpath for base %s failed: "
3653 "%s\n", smb_fname->base_name,
3654 nt_errstr(status)));
3657 /* we don't need to low level fd */
3662 * If it's a request for a directory open, deal with it separately.
3665 if (create_options & FILE_DIRECTORY_FILE) {
3667 if (create_options & FILE_NON_DIRECTORY_FILE) {
3668 status = NT_STATUS_INVALID_PARAMETER;
3672 /* Can't open a temp directory. IFS kit test. */
3673 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
3674 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
3675 status = NT_STATUS_INVALID_PARAMETER;
3680 * We will get a create directory here if the Win32
3681 * app specified a security descriptor in the
3682 * CreateDirectory() call.
3686 status = open_directory(
3687 conn, req, smb_fname, access_mask, share_access,
3688 create_disposition, create_options, file_attributes,
3693 * Ordinary file case.
3696 status = file_new(req, conn, &fsp);
3697 if(!NT_STATUS_IS_OK(status)) {
3701 status = fsp_set_smb_fname(fsp, smb_fname);
3702 if (!NT_STATUS_IS_OK(status)) {
3708 * We're opening the stream element of a
3709 * base_fsp we already opened. Set up the
3712 fsp->base_fsp = base_fsp;
3715 if (allocation_size) {
3716 fsp->initial_allocation_size = smb_roundup(fsp->conn,
3720 status = open_file_ntcreate(conn,
3732 if(!NT_STATUS_IS_OK(status)) {
3733 file_free(req, fsp);
3737 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3739 /* A stream open never opens a directory */
3742 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3747 * Fail the open if it was explicitly a non-directory
3751 if (create_options & FILE_NON_DIRECTORY_FILE) {
3752 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3757 status = open_directory(
3758 conn, req, smb_fname, access_mask,
3759 share_access, create_disposition,
3760 create_options, file_attributes,
3765 if (!NT_STATUS_IS_OK(status)) {
3769 fsp->base_fsp = base_fsp;
3771 if ((ea_list != NULL) &&
3772 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
3773 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
3774 if (!NT_STATUS_IS_OK(status)) {
3779 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
3780 status = NT_STATUS_ACCESS_DENIED;
3784 /* Save the requested allocation size. */
3785 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3787 && (allocation_size > fsp->fsp_name->st.st_ex_size)) {
3788 fsp->initial_allocation_size = smb_roundup(
3789 fsp->conn, allocation_size);
3790 if (fsp->is_directory) {
3791 /* Can't set allocation size on a directory. */
3792 status = NT_STATUS_ACCESS_DENIED;
3795 if (vfs_allocate_file_space(
3796 fsp, fsp->initial_allocation_size) == -1) {
3797 status = NT_STATUS_DISK_FULL;
3801 fsp->initial_allocation_size = smb_roundup(
3802 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
3805 fsp->initial_allocation_size = 0;
3808 if ((info == FILE_WAS_CREATED) && lp_nt_acl_support(SNUM(conn)) &&
3809 fsp->base_fsp == NULL) {
3812 * According to the MS documentation, the only time the security
3813 * descriptor is applied to the opened file is iff we *created* the
3814 * file; an existing file stays the same.
3816 * Also, it seems (from observation) that you can open the file with
3817 * any access mask but you can still write the sd. We need to override
3818 * the granted access before we call set_sd
3819 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3822 uint32_t sec_info_sent;
3823 uint32_t saved_access_mask = fsp->access_mask;
3825 sec_info_sent = get_sec_info(sd);
3827 fsp->access_mask = FILE_GENERIC_ALL;
3829 if (sec_info_sent & (SECINFO_OWNER|
3833 status = set_sd(fsp, sd, sec_info_sent);
3836 fsp->access_mask = saved_access_mask;
3838 if (!NT_STATUS_IS_OK(status)) {
3841 } else if (lp_inherit_acls(SNUM(conn))) {
3842 /* Inherit from parent. Errors here are not fatal. */
3843 status = inherit_new_acl(fsp);
3844 if (!NT_STATUS_IS_OK(status)) {
3845 DEBUG(10,("inherit_new_acl: failed for %s with %s\n",
3847 nt_errstr(status) ));
3852 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3855 if (pinfo != NULL) {
3859 smb_fname->st = fsp->fsp_name->st;
3861 return NT_STATUS_OK;
3864 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3867 if (base_fsp && fsp->base_fsp == base_fsp) {
3869 * The close_file below will close
3874 close_file(req, fsp, ERROR_CLOSE);
3877 if (base_fsp != NULL) {
3878 close_file(req, base_fsp, ERROR_CLOSE);
3885 * Calculate the full path name given a relative fid.
3887 NTSTATUS get_relative_fid_filename(connection_struct *conn,
3888 struct smb_request *req,
3889 uint16_t root_dir_fid,
3890 const struct smb_filename *smb_fname,
3891 struct smb_filename **smb_fname_out)
3893 files_struct *dir_fsp;
3894 char *parent_fname = NULL;
3895 char *new_base_name = NULL;
3898 if (root_dir_fid == 0 || !smb_fname) {
3899 status = NT_STATUS_INTERNAL_ERROR;
3903 dir_fsp = file_fsp(req, root_dir_fid);
3905 if (dir_fsp == NULL) {
3906 status = NT_STATUS_INVALID_HANDLE;
3910 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
3911 status = NT_STATUS_INVALID_HANDLE;
3915 if (!dir_fsp->is_directory) {
3918 * Check to see if this is a mac fork of some kind.
3921 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3922 is_ntfs_stream_smb_fname(smb_fname)) {
3923 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3928 we need to handle the case when we get a
3929 relative open relative to a file and the
3930 pathname is blank - this is a reopen!
3931 (hint from demyn plantenberg)
3934 status = NT_STATUS_INVALID_HANDLE;
3938 if (ISDOT(dir_fsp->fsp_name->base_name)) {
3940 * We're at the toplevel dir, the final file name
3941 * must not contain ./, as this is filtered out
3942 * normally by srvstr_get_path and unix_convert
3943 * explicitly rejects paths containing ./.
3945 parent_fname = talloc_strdup(talloc_tos(), "");
3946 if (parent_fname == NULL) {
3947 status = NT_STATUS_NO_MEMORY;
3951 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
3954 * Copy in the base directory name.
3957 parent_fname = talloc_array(talloc_tos(), char,
3959 if (parent_fname == NULL) {
3960 status = NT_STATUS_NO_MEMORY;
3963 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
3967 * Ensure it ends in a '/'.
3968 * We used TALLOC_SIZE +2 to add space for the '/'.
3972 && (parent_fname[dir_name_len-1] != '\\')
3973 && (parent_fname[dir_name_len-1] != '/')) {
3974 parent_fname[dir_name_len] = '/';
3975 parent_fname[dir_name_len+1] = '\0';
3979 new_base_name = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3980 smb_fname->base_name);
3981 if (new_base_name == NULL) {
3982 status = NT_STATUS_NO_MEMORY;
3986 status = filename_convert(req,
3988 req->flags2 & FLAGS2_DFS_PATHNAMES,
3993 if (!NT_STATUS_IS_OK(status)) {
3998 TALLOC_FREE(parent_fname);
3999 TALLOC_FREE(new_base_name);
4003 NTSTATUS create_file_default(connection_struct *conn,
4004 struct smb_request *req,
4005 uint16_t root_dir_fid,
4006 struct smb_filename *smb_fname,
4007 uint32_t access_mask,
4008 uint32_t share_access,
4009 uint32_t create_disposition,
4010 uint32_t create_options,
4011 uint32_t file_attributes,
4012 uint32_t oplock_request,
4013 uint64_t allocation_size,
4014 uint32_t private_flags,
4015 struct security_descriptor *sd,
4016 struct ea_list *ea_list,
4017 files_struct **result,
4020 int info = FILE_WAS_OPENED;
4021 files_struct *fsp = NULL;
4023 bool stream_name = false;
4025 DEBUG(10,("create_file: access_mask = 0x%x "
4026 "file_attributes = 0x%x, share_access = 0x%x, "
4027 "create_disposition = 0x%x create_options = 0x%x "
4028 "oplock_request = 0x%x "
4029 "private_flags = 0x%x "
4030 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
4032 (unsigned int)access_mask,
4033 (unsigned int)file_attributes,
4034 (unsigned int)share_access,
4035 (unsigned int)create_disposition,
4036 (unsigned int)create_options,
4037 (unsigned int)oplock_request,
4038 (unsigned int)private_flags,
4039 (unsigned int)root_dir_fid,
4040 ea_list, sd, smb_fname_str_dbg(smb_fname)));
4043 * Calculate the filename from the root_dir_if if necessary.
4046 if (root_dir_fid != 0) {
4047 struct smb_filename *smb_fname_out = NULL;
4048 status = get_relative_fid_filename(conn, req, root_dir_fid,
4049 smb_fname, &smb_fname_out);
4050 if (!NT_STATUS_IS_OK(status)) {
4053 smb_fname = smb_fname_out;
4057 * Check to see if this is a mac fork of some kind.
4060 stream_name = is_ntfs_stream_smb_fname(smb_fname);
4062 enum FAKE_FILE_TYPE fake_file_type;
4064 fake_file_type = is_fake_file(smb_fname);
4066 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
4069 * Here we go! support for changing the disk quotas
4072 * We need to fake up to open this MAGIC QUOTA file
4073 * and return a valid FID.
4075 * w2k close this file directly after openening xp
4076 * also tries a QUERY_FILE_INFO on the file and then
4079 status = open_fake_file(req, conn, req->vuid,
4080 fake_file_type, smb_fname,
4082 if (!NT_STATUS_IS_OK(status)) {
4086 ZERO_STRUCT(smb_fname->st);
4090 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
4091 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
4096 if (is_ntfs_default_stream_smb_fname(smb_fname)) {
4098 smb_fname->stream_name = NULL;
4099 /* We have to handle this error here. */
4100 if (create_options & FILE_DIRECTORY_FILE) {
4101 status = NT_STATUS_NOT_A_DIRECTORY;
4104 if (lp_posix_pathnames()) {
4105 ret = SMB_VFS_LSTAT(conn, smb_fname);
4107 ret = SMB_VFS_STAT(conn, smb_fname);
4110 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) {
4111 status = NT_STATUS_FILE_IS_A_DIRECTORY;
4116 status = create_file_unixpath(
4117 conn, req, smb_fname, access_mask, share_access,
4118 create_disposition, create_options, file_attributes,
4119 oplock_request, allocation_size, private_flags,
4123 if (!NT_STATUS_IS_OK(status)) {
4128 DEBUG(10, ("create_file: info=%d\n", info));
4131 if (pinfo != NULL) {
4134 return NT_STATUS_OK;
4137 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
4140 close_file(req, fsp, ERROR_CLOSE);
git.samba.org / amitay / samba.git / blob