2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 1992-2007.
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/filesys.h"
24 #include "lib/util/server_id.h"
26 #include "smbd/smbd.h"
27 #include "smbd/globals.h"
28 #include "smbd/scavenger.h"
29 #include "fake_file.h"
30 #include "transfer_file.h"
33 #include "../librpc/gen_ndr/open_files.h"
35 /****************************************************************************
36 Run a file if it is a magic script.
37 ****************************************************************************/
39 static NTSTATUS check_magic(struct files_struct *fsp)
42 const struct loadparm_substitution *lp_sub =
43 loadparm_s3_global_substitution();
44 const char *magic_output = NULL;
47 TALLOC_CTX *ctx = NULL;
49 struct connection_struct *conn = fsp->conn;
53 if (!*lp_magic_script(talloc_tos(), lp_sub, SNUM(conn))) {
57 DEBUG(5,("checking magic for %s\n", fsp_str_dbg(fsp)));
59 ctx = talloc_stackframe();
61 fname = fsp->fsp_name->base_name;
63 if (!(p = strrchr_m(fname,'/'))) {
69 if (!strequal(lp_magic_script(talloc_tos(), lp_sub, SNUM(conn)),p)) {
70 status = NT_STATUS_OK;
74 if (*lp_magic_output(talloc_tos(), lp_sub, SNUM(conn))) {
75 magic_output = lp_magic_output(talloc_tos(), lp_sub, SNUM(conn));
77 magic_output = talloc_asprintf(ctx,
82 status = NT_STATUS_NO_MEMORY;
86 /* Ensure we don't depend on user's PATH. */
87 p = talloc_asprintf(ctx, "./%s", fname);
89 status = NT_STATUS_NO_MEMORY;
93 if (chmod(fname, 0755) == -1) {
94 status = map_nt_error_from_unix(errno);
97 ret = smbrun(p, &tmp_fd, NULL);
98 DEBUG(3,("Invoking magic command %s gave %d\n",
102 if (ret != 0 || tmp_fd == -1) {
106 status = NT_STATUS_UNSUCCESSFUL;
109 outfd = open(magic_output, O_CREAT|O_EXCL|O_RDWR, 0600);
113 status = map_nt_error_from_unix(err);
117 if (sys_fstat(tmp_fd, &st, false) == -1) {
121 status = map_nt_error_from_unix(err);
125 if (transfer_file(tmp_fd,outfd,(off_t)st.st_ex_size) == (off_t)-1) {
129 status = map_nt_error_from_unix(err);
133 if (close(outfd) == -1) {
134 status = map_nt_error_from_unix(errno);
138 status = NT_STATUS_OK;
145 /****************************************************************************
147 ****************************************************************************/
149 NTSTATUS delete_all_streams(connection_struct *conn,
150 const struct smb_filename *smb_fname)
152 struct stream_struct *stream_info = NULL;
154 unsigned int num_streams = 0;
155 TALLOC_CTX *frame = talloc_stackframe();
158 status = vfs_streaminfo(conn, NULL, smb_fname, talloc_tos(),
159 &num_streams, &stream_info);
161 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
162 DEBUG(10, ("no streams around\n"));
167 if (!NT_STATUS_IS_OK(status)) {
168 DEBUG(10, ("vfs_streaminfo failed: %s\n",
173 DEBUG(10, ("delete_all_streams found %d streams\n",
176 if (num_streams == 0) {
181 for (i=0; i<num_streams; i++) {
183 struct smb_filename *smb_fname_stream;
185 if (strequal(stream_info[i].name, "::$DATA")) {
189 smb_fname_stream = synthetic_smb_fname(talloc_tos(),
190 smb_fname->base_name,
194 ~SMB_FILENAME_POSIX_PATH));
196 if (smb_fname_stream == NULL) {
197 DEBUG(0, ("talloc_aprintf failed\n"));
198 status = NT_STATUS_NO_MEMORY;
202 res = SMB_VFS_UNLINKAT(conn,
208 status = map_nt_error_from_unix(errno);
209 DEBUG(10, ("Could not delete stream %s: %s\n",
210 smb_fname_str_dbg(smb_fname_stream),
212 TALLOC_FREE(smb_fname_stream);
215 TALLOC_FREE(smb_fname_stream);
223 struct has_other_nonposix_opens_state {
228 static bool has_other_nonposix_opens_fn(
229 struct share_mode_entry *e,
233 struct has_other_nonposix_opens_state *state = private_data;
234 struct files_struct *fsp = state->fsp;
236 if (e->name_hash != fsp->name_hash) {
239 if ((fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) &&
240 (e->flags & SHARE_MODE_FLAG_POSIX_OPEN)) {
243 if (e->share_file_id == fsp->fh->gen_id) {
244 struct server_id self = messaging_server_id(
245 fsp->conn->sconn->msg_ctx);
246 if (server_id_equal(&self, &e->pid)) {
250 if (share_entry_stale_pid(e)) {
254 state->found_another = true;
258 bool has_other_nonposix_opens(struct share_mode_lock *lck,
259 struct files_struct *fsp)
261 struct has_other_nonposix_opens_state state = { .fsp = fsp };
264 ok = share_mode_forall_entries(
265 lck, has_other_nonposix_opens_fn, &state);
269 return state.found_another;
272 /****************************************************************************
273 Deal with removing a share mode on last close.
274 ****************************************************************************/
276 static NTSTATUS close_remove_share_mode(files_struct *fsp,
277 enum file_close_type close_type)
279 connection_struct *conn = fsp->conn;
280 bool delete_file = false;
281 bool changed_user = false;
282 struct share_mode_lock *lck = NULL;
283 NTSTATUS status = NT_STATUS_OK;
286 const struct security_unix_token *del_token = NULL;
287 const struct security_token *del_nt_token = NULL;
288 bool got_tokens = false;
292 /* Ensure any pending write time updates are done. */
293 if (fsp->update_write_time_event) {
294 fsp_flush_write_time_update(fsp);
298 * Lock the share entries, and determine if we should delete
299 * on close. If so delete whilst the lock is still in effect.
300 * This prevents race conditions with the file being created. JRA.
303 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
305 DEBUG(0, ("close_remove_share_mode: Could not get share mode "
306 "lock for file %s\n", fsp_str_dbg(fsp)));
307 return NT_STATUS_INVALID_PARAMETER;
310 /* Remove the oplock before potentially deleting the file. */
311 if(fsp->oplock_type) {
315 if (fsp->write_time_forced) {
318 DEBUG(10,("close_remove_share_mode: write time forced "
321 ts = nt_time_to_full_timespec(lck->data->changed_write_time);
322 set_close_write_time(fsp, ts);
323 } else if (fsp->update_write_time_on_close) {
324 /* Someone had a pending write. */
325 if (is_omit_timespec(&fsp->close_write_time)) {
326 DEBUG(10,("close_remove_share_mode: update to current time "
329 /* Update to current time due to "normal" write. */
330 set_close_write_time(fsp, timespec_current());
332 DEBUG(10,("close_remove_share_mode: write time pending "
335 /* Update to time set on close call. */
336 set_close_write_time(fsp, fsp->close_write_time);
340 if (fsp->initial_delete_on_close &&
341 !is_delete_on_close_set(lck, fsp->name_hash)) {
342 bool became_user = False;
344 /* Initial delete on close was set and no one else
345 * wrote a real delete on close. */
347 if (get_current_vuid(conn) != fsp->vuid) {
348 become_user_without_service(conn, fsp->vuid);
351 fsp->delete_on_close = true;
352 set_delete_on_close_lck(fsp, lck,
353 get_current_nttok(conn),
354 get_current_utok(conn));
356 unbecome_user_without_service();
360 delete_file = is_delete_on_close_set(lck, fsp->name_hash) &&
361 !has_other_nonposix_opens(lck, fsp);
364 * NT can set delete_on_close of the last open
365 * reference to a file.
368 normal_close = (close_type == NORMAL_CLOSE || close_type == SHUTDOWN_CLOSE);
370 if (!normal_close || !delete_file) {
371 status = NT_STATUS_OK;
376 * Ok, we have to delete the file
379 DEBUG(5,("close_remove_share_mode: file %s. Delete on close was set "
380 "- deleting file.\n", fsp_str_dbg(fsp)));
383 * Don't try to update the write time when we delete the file
385 fsp->update_write_time_on_close = false;
387 got_tokens = get_delete_on_close_token(lck, fsp->name_hash,
388 &del_nt_token, &del_token);
389 SMB_ASSERT(got_tokens);
391 if (!unix_token_equal(del_token, get_current_utok(conn))) {
392 /* Become the user who requested the delete. */
394 DEBUG(5,("close_remove_share_mode: file %s. "
395 "Change user to uid %u\n",
397 (unsigned int)del_token->uid));
399 if (!push_sec_ctx()) {
400 smb_panic("close_remove_share_mode: file %s. failed to push "
404 set_sec_ctx(del_token->uid,
413 /* We can only delete the file if the name we have is still valid and
414 hasn't been renamed. */
416 tmp_status = vfs_stat_fsp(fsp);
417 if (!NT_STATUS_IS_OK(tmp_status)) {
418 DEBUG(5,("close_remove_share_mode: file %s. Delete on close "
419 "was set and stat failed with error %s\n",
420 fsp_str_dbg(fsp), nt_errstr(tmp_status)));
422 * Don't save the errno here, we ignore this error
427 id = vfs_file_id_from_sbuf(conn, &fsp->fsp_name->st);
429 if (!file_id_equal(&fsp->file_id, &id)) {
430 struct file_id_buf ftmp1, ftmp2;
431 DEBUG(5,("close_remove_share_mode: file %s. Delete on close "
432 "was set and dev and/or inode does not match\n",
434 DEBUG(5,("close_remove_share_mode: file %s. stored file_id %s, "
437 file_id_str_buf(fsp->file_id, &ftmp1),
438 file_id_str_buf(id, &ftmp2)));
440 * Don't save the errno here, we ignore this error
445 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
446 && !is_ntfs_stream_smb_fname(fsp->fsp_name)) {
448 status = delete_all_streams(conn, fsp->fsp_name);
450 if (!NT_STATUS_IS_OK(status)) {
451 DEBUG(5, ("delete_all_streams failed: %s\n",
457 if (fsp->kernel_share_modes_taken) {
461 * A file system sharemode could block the unlink;
462 * remove filesystem sharemodes first.
464 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, 0, 0);
465 if (ret_flock == -1) {
466 DBG_INFO("removing kernel flock for %s failed: %s\n",
467 fsp_str_dbg(fsp), strerror(errno));
470 fsp->kernel_share_modes_taken = false;
474 ret = SMB_VFS_UNLINKAT(conn,
480 * This call can potentially fail as another smbd may
481 * have had the file open with delete on close set and
482 * deleted it when its last reference to this file
483 * went away. Hence we log this but not at debug level
487 DEBUG(5,("close_remove_share_mode: file %s. Delete on close "
488 "was set and unlink failed with error %s\n",
489 fsp_str_dbg(fsp), strerror(errno)));
491 status = map_nt_error_from_unix(errno);
494 /* As we now have POSIX opens which can unlink
495 * with other open files we may have taken
496 * this code path with more than one share mode
497 * entry - ensure we only delete once by resetting
498 * the delete on close flag. JRA.
501 fsp->delete_on_close = false;
502 reset_delete_on_close_lck(fsp, lck);
511 if (fsp->kernel_share_modes_taken) {
514 /* remove filesystem sharemodes */
515 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, 0, 0);
516 if (ret_flock == -1) {
517 DEBUG(2, ("close_remove_share_mode: removing kernel "
518 "flock for %s failed: %s\n",
519 fsp_str_dbg(fsp), strerror(errno)));
523 if (!del_share_mode(lck, fsp)) {
524 DEBUG(0, ("close_remove_share_mode: Could not delete share "
525 "entry for file %s\n", fsp_str_dbg(fsp)));
532 * Do the notification after we released the share
533 * mode lock. Inside notify_fname we take out another
534 * tdb lock. With ctdb also accessing our databases,
535 * this can lead to deadlocks. Putting this notify
536 * after the TALLOC_FREE(lck) above we avoid locking
537 * two records simultaneously. Notifies are async and
538 * informational only, so calling the notify_fname
539 * without holding the share mode lock should not do
542 notify_fname(conn, NOTIFY_ACTION_REMOVED,
543 FILE_NOTIFY_CHANGE_FILE_NAME,
544 fsp->fsp_name->base_name);
550 void set_close_write_time(struct files_struct *fsp, struct timespec ts)
552 DEBUG(6,("close_write_time: %s" , time_to_asc(convert_timespec_to_time_t(ts))));
554 if (is_omit_timespec(&ts)) {
557 fsp->write_time_forced = false;
558 fsp->update_write_time_on_close = true;
559 fsp->close_write_time = ts;
562 static NTSTATUS update_write_time_on_close(struct files_struct *fsp)
564 struct smb_file_time ft;
566 struct share_mode_lock *lck = NULL;
568 init_smb_file_time(&ft);
570 if (!fsp->update_write_time_on_close) {
574 if (is_omit_timespec(&fsp->close_write_time)) {
575 fsp->close_write_time = timespec_current();
578 /* Ensure we have a valid stat struct for the source. */
579 status = vfs_stat_fsp(fsp);
580 if (!NT_STATUS_IS_OK(status)) {
584 if (!VALID_STAT(fsp->fsp_name->st)) {
585 /* if it doesn't seem to be a real file */
590 * get_existing_share_mode_lock() isn't really the right
591 * call here, as we're being called after
592 * close_remove_share_mode() inside close_normal_file()
593 * so it's quite normal to not have an existing share
594 * mode here. However, get_share_mode_lock() doesn't
595 * work because that will create a new share mode if
596 * one doesn't exist - so stick with this call (just
597 * ignore any error we get if the share mode doesn't
601 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
603 /* On close if we're changing the real file time we
604 * must update it in the open file db too. */
605 (void)set_write_time(fsp->file_id, fsp->close_write_time);
607 /* Close write times overwrite sticky write times
608 so we must replace any sticky write time here. */
609 if (!null_nttime(lck->data->changed_write_time)) {
610 (void)set_sticky_write_time(fsp->file_id, fsp->close_write_time);
615 ft.mtime = fsp->close_write_time;
616 /* As this is a close based update, we are not directly changing the
617 file attributes from a client call, but indirectly from a write. */
618 status = smb_set_file_time(fsp->conn, fsp, fsp->fsp_name, &ft, false);
619 if (!NT_STATUS_IS_OK(status)) {
620 DEBUG(10,("update_write_time_on_close: smb_set_file_time "
621 "on file %s returned %s\n",
630 static NTSTATUS ntstatus_keeperror(NTSTATUS s1, NTSTATUS s2)
632 if (!NT_STATUS_IS_OK(s1)) {
638 /****************************************************************************
641 close_type can be NORMAL_CLOSE=0,SHUTDOWN_CLOSE,ERROR_CLOSE.
642 printing and magic scripts are only run on normal close.
643 delete on close is done on normal and shutdown close.
644 ****************************************************************************/
646 static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp,
647 enum file_close_type close_type)
649 NTSTATUS status = NT_STATUS_OK;
651 connection_struct *conn = fsp->conn;
652 bool is_durable = false;
654 if (fsp->num_aio_requests != 0) {
655 unsigned num_requests = fsp->num_aio_requests;
657 if (close_type != SHUTDOWN_CLOSE) {
659 * reply_close and the smb2 close must have
660 * taken care of this. No other callers of
661 * close_file should ever have created async
664 * We need to panic here because if we close()
665 * the fd while we have outstanding async I/O
666 * requests, in the worst case we could end up
667 * writing to the wrong file.
669 DEBUG(0, ("fsp->num_aio_requests=%u\n",
670 fsp->num_aio_requests));
671 smb_panic("can not close with outstanding aio "
676 * For shutdown close, just drop the async requests
677 * including a potential close request pending for
678 * this fsp. Drop the close request first, the
679 * destructor for the aio_requests would execute it.
681 TALLOC_FREE(fsp->deferred_close);
683 while (fsp->num_aio_requests != 0) {
685 * Previously we just called talloc_free()
686 * on the outstanding request, but this
687 * caused crashes (before the async callback
688 * functions were fixed not to reference req
689 * directly) and also leaves the SMB2 request
690 * outstanding on the processing queue.
692 * Using tevent_req_error() instead
693 * causes the outstanding SMB1/2/3 request to
694 * return with NT_STATUS_INVALID_HANDLE
695 * and removes it from the processing queue.
697 * The callback function called from this
698 * calls talloc_free(req). The destructor will remove
699 * itself from the fsp and the aio_requests array.
701 tevent_req_error(fsp->aio_requests[0], EBADF);
703 /* Paranoia to ensure we don't spin. */
705 if (fsp->num_aio_requests != num_requests) {
706 smb_panic("cannot cancel outstanding aio "
712 while (talloc_array_length(fsp->blocked_smb1_lock_reqs) != 0) {
713 smbd_smb1_brl_finish_by_req(
714 fsp->blocked_smb1_lock_reqs[0],
715 NT_STATUS_RANGE_NOT_LOCKED);
719 * If we're flushing on a close we can get a write
720 * error here, we must remember this.
723 if (NT_STATUS_IS_OK(status) && fsp->op != NULL) {
724 is_durable = fsp->op->global->durable;
727 if (close_type != SHUTDOWN_CLOSE) {
732 DATA_BLOB new_cookie = data_blob_null;
734 tmp = SMB_VFS_DURABLE_DISCONNECT(fsp,
735 fsp->op->global->backend_cookie,
738 if (NT_STATUS_IS_OK(tmp)) {
743 tv = req->request_time;
745 tv = timeval_current();
747 now = timeval_to_nttime(&tv);
749 data_blob_free(&fsp->op->global->backend_cookie);
750 fsp->op->global->backend_cookie = new_cookie;
752 fsp->op->compat = NULL;
753 tmp = smbXsrv_open_close(fsp->op, now);
754 if (!NT_STATUS_IS_OK(tmp)) {
755 DEBUG(1, ("Failed to update smbXsrv_open "
756 "record when disconnecting durable "
757 "handle for file %s: %s - "
758 "proceeding with normal close\n",
759 fsp_str_dbg(fsp), nt_errstr(tmp)));
761 scavenger_schedule_disconnected(fsp);
763 DEBUG(1, ("Failed to disconnect durable handle for "
764 "file %s: %s - proceeding with normal "
765 "close\n", fsp_str_dbg(fsp), nt_errstr(tmp)));
767 if (!NT_STATUS_IS_OK(tmp)) {
774 * This is the case where we successfully disconnected
775 * a durable handle and closed the underlying file.
776 * In all other cases, we proceed with a genuine close.
778 DEBUG(10, ("%s disconnected durable handle for file %s\n",
779 conn->session_info->unix_info->unix_name,
785 if (fsp->op != NULL) {
787 * Make sure the handle is not marked as durable anymore
789 fsp->op->global->durable = false;
792 if (fsp->print_file) {
793 /* FIXME: return spool errors */
794 print_spool_end(fsp, close_type);
799 /* If this is an old DOS or FCB open and we have multiple opens on
800 the same handle we only have one share mode. Ensure we only remove
801 the share mode on the last close. */
803 if (fsp->fh->ref_count == 1) {
804 /* Should we return on error here... ? */
805 tmp = close_remove_share_mode(fsp, close_type);
806 status = ntstatus_keeperror(status, tmp);
809 locking_close_file(fsp, close_type);
812 status = ntstatus_keeperror(status, tmp);
814 /* check for magic scripts */
815 if (close_type == NORMAL_CLOSE) {
816 tmp = check_magic(fsp);
817 status = ntstatus_keeperror(status, tmp);
821 * Ensure pending modtime is set after close.
824 tmp = update_write_time_on_close(fsp);
825 if (NT_STATUS_EQUAL(tmp, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
826 /* Someone renamed the file or a parent directory containing
827 * this file. We can't do anything about this, we don't have
828 * an "update timestamp by fd" call in POSIX. Eat the error. */
833 status = ntstatus_keeperror(status, tmp);
835 DEBUG(2,("%s closed file %s (numopen=%d) %s\n",
836 conn->session_info->unix_info->unix_name, fsp_str_dbg(fsp),
837 conn->num_files_open - 1,
838 nt_errstr(status) ));
843 /****************************************************************************
844 Function used by reply_rmdir to delete an entire directory
845 tree recursively. Return True on ok, False on fail.
846 ****************************************************************************/
848 bool recursive_rmdir(TALLOC_CTX *ctx,
849 connection_struct *conn,
850 struct smb_filename *smb_dname)
852 const char *dname = NULL;
853 char *talloced = NULL;
857 struct smb_Dir *dir_hnd;
860 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
862 dir_hnd = OpenDir(talloc_tos(), conn, smb_dname, NULL, 0);
866 while((dname = ReadDirName(dir_hnd, &offset, &st, &talloced))) {
867 struct smb_filename *smb_dname_full = NULL;
868 char *fullname = NULL;
869 bool do_break = true;
871 if (ISDOT(dname) || ISDOTDOT(dname)) {
872 TALLOC_FREE(talloced);
876 if (!is_visible_file(conn, smb_dname->base_name, dname, &st,
878 TALLOC_FREE(talloced);
882 /* Construct the full name. */
883 fullname = talloc_asprintf(ctx,
885 smb_dname->base_name,
892 smb_dname_full = synthetic_smb_fname(talloc_tos(),
897 if (smb_dname_full == NULL) {
902 if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
906 if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
907 if(!recursive_rmdir(ctx, conn, smb_dname_full)) {
910 retval = SMB_VFS_UNLINKAT(conn,
918 retval = SMB_VFS_UNLINKAT(conn,
927 /* Successful iteration. */
931 TALLOC_FREE(smb_dname_full);
932 TALLOC_FREE(fullname);
933 TALLOC_FREE(talloced);
939 TALLOC_FREE(dir_hnd);
943 /****************************************************************************
944 The internals of the rmdir code - called elsewhere.
945 ****************************************************************************/
947 static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, files_struct *fsp)
949 connection_struct *conn = fsp->conn;
950 struct smb_filename *smb_dname = fsp->fsp_name;
951 const struct loadparm_substitution *lp_sub =
952 loadparm_s3_global_substitution();
955 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
957 /* Might be a symlink. */
958 if(SMB_VFS_LSTAT(conn, smb_dname) != 0) {
959 return map_nt_error_from_unix(errno);
962 if (S_ISLNK(smb_dname->st.st_ex_mode)) {
963 /* Is what it points to a directory ? */
964 if(SMB_VFS_STAT(conn, smb_dname) != 0) {
965 return map_nt_error_from_unix(errno);
967 if (!(S_ISDIR(smb_dname->st.st_ex_mode))) {
968 return NT_STATUS_NOT_A_DIRECTORY;
970 ret = SMB_VFS_UNLINKAT(conn,
975 ret = SMB_VFS_UNLINKAT(conn,
981 notify_fname(conn, NOTIFY_ACTION_REMOVED,
982 FILE_NOTIFY_CHANGE_DIR_NAME,
983 smb_dname->base_name);
987 if(((errno == ENOTEMPTY)||(errno == EEXIST)) && *lp_veto_files(talloc_tos(), lp_sub, SNUM(conn))) {
989 * Check to see if the only thing in this directory are
990 * vetoed files/directories. If so then delete them and
991 * retry. If we fail to delete any of them (and we *don't*
992 * do a recursive delete) then fail the rmdir.
995 const char *dname = NULL;
996 char *talloced = NULL;
998 struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
1002 if(dir_hnd == NULL) {
1007 while ((dname = ReadDirName(dir_hnd, &dirpos, &st,
1008 &talloced)) != NULL) {
1009 if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0)) {
1010 TALLOC_FREE(talloced);
1013 if (!is_visible_file(conn, smb_dname->base_name, dname,
1015 TALLOC_FREE(talloced);
1018 if(!IS_VETO_PATH(conn, dname)) {
1019 TALLOC_FREE(dir_hnd);
1020 TALLOC_FREE(talloced);
1024 TALLOC_FREE(talloced);
1027 /* We only have veto files/directories.
1028 * Are we allowed to delete them ? */
1030 if(!lp_delete_veto_files(SNUM(conn))) {
1031 TALLOC_FREE(dir_hnd);
1036 /* Do a recursive delete. */
1037 RewindDir(dir_hnd,&dirpos);
1038 while ((dname = ReadDirName(dir_hnd, &dirpos, &st,
1039 &talloced)) != NULL) {
1040 struct smb_filename *smb_dname_full = NULL;
1041 char *fullname = NULL;
1042 bool do_break = true;
1044 if (ISDOT(dname) || ISDOTDOT(dname)) {
1045 TALLOC_FREE(talloced);
1048 if (!is_visible_file(conn, smb_dname->base_name, dname,
1050 TALLOC_FREE(talloced);
1054 fullname = talloc_asprintf(ctx,
1056 smb_dname->base_name,
1064 smb_dname_full = synthetic_smb_fname(talloc_tos(),
1069 if (smb_dname_full == NULL) {
1074 if(SMB_VFS_LSTAT(conn, smb_dname_full) != 0) {
1077 if(smb_dname_full->st.st_ex_mode & S_IFDIR) {
1079 if(!recursive_rmdir(ctx, conn,
1083 retval = SMB_VFS_UNLINKAT(conn,
1091 int retval = SMB_VFS_UNLINKAT(conn,
1100 /* Successful iteration. */
1104 TALLOC_FREE(fullname);
1105 TALLOC_FREE(smb_dname_full);
1106 TALLOC_FREE(talloced);
1110 TALLOC_FREE(dir_hnd);
1111 /* Retry the rmdir */
1112 ret = SMB_VFS_UNLINKAT(conn,
1121 DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
1122 "%s\n", smb_fname_str_dbg(smb_dname),
1124 return map_nt_error_from_unix(errno);
1127 notify_fname(conn, NOTIFY_ACTION_REMOVED,
1128 FILE_NOTIFY_CHANGE_DIR_NAME,
1129 smb_dname->base_name);
1131 return NT_STATUS_OK;
1134 /****************************************************************************
1135 Close a directory opened by an NT SMB call.
1136 ****************************************************************************/
1138 static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
1139 enum file_close_type close_type)
1141 struct share_mode_lock *lck = NULL;
1142 bool delete_dir = False;
1143 NTSTATUS status = NT_STATUS_OK;
1144 NTSTATUS status1 = NT_STATUS_OK;
1145 const struct security_token *del_nt_token = NULL;
1146 const struct security_unix_token *del_token = NULL;
1147 NTSTATUS notify_status;
1149 if (fsp->conn->sconn->using_smb2) {
1150 notify_status = STATUS_NOTIFY_CLEANUP;
1152 notify_status = NT_STATUS_OK;
1155 if (fsp->num_aio_requests != 0) {
1156 if (close_type != SHUTDOWN_CLOSE) {
1158 * We panic here because if we close() the fd while we
1159 * have outstanding async I/O requests, an async IO
1160 * request might use the fd. For directories the fd is
1161 * read-only, so this is not as bad as with files, but
1162 * still, better safe then sorry.
1164 DBG_ERR("fsp->num_aio_requests=%u\n",
1165 fsp->num_aio_requests);
1166 smb_panic("close with outstanding aio requests");
1167 return NT_STATUS_INTERNAL_ERROR;
1170 while (fsp->num_aio_requests != 0) {
1172 * The destructor of the req will remove itself from the
1173 * fsp. Don't use TALLOC_FREE here, this will overwrite
1174 * what the destructor just wrote into aio_requests[0].
1176 talloc_free(fsp->aio_requests[0]);
1181 * NT can set delete_on_close of the last open
1182 * reference to a directory also.
1185 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
1187 DEBUG(0, ("close_directory: Could not get share mode lock for "
1188 "%s\n", fsp_str_dbg(fsp)));
1189 file_free(req, fsp);
1190 return NT_STATUS_INVALID_PARAMETER;
1193 if (fsp->initial_delete_on_close) {
1194 bool became_user = False;
1196 /* Initial delete on close was set - for
1197 * directories we don't care if anyone else
1198 * wrote a real delete on close. */
1200 if (get_current_vuid(fsp->conn) != fsp->vuid) {
1201 become_user_without_service(fsp->conn, fsp->vuid);
1204 send_stat_cache_delete_message(fsp->conn->sconn->msg_ctx,
1205 fsp->fsp_name->base_name);
1206 set_delete_on_close_lck(fsp, lck,
1207 get_current_nttok(fsp->conn),
1208 get_current_utok(fsp->conn));
1209 fsp->delete_on_close = true;
1211 unbecome_user_without_service();
1215 delete_dir = get_delete_on_close_token(
1216 lck, fsp->name_hash, &del_nt_token, &del_token) &&
1217 !has_other_nonposix_opens(lck, fsp);
1219 if ((close_type == NORMAL_CLOSE || close_type == SHUTDOWN_CLOSE) &&
1222 /* Become the user who requested the delete. */
1224 if (!push_sec_ctx()) {
1225 smb_panic("close_directory: failed to push sec_ctx.\n");
1228 set_sec_ctx(del_token->uid,
1234 if (!del_share_mode(lck, fsp)) {
1235 DEBUG(0, ("close_directory: Could not delete share entry for "
1236 "%s\n", fsp_str_dbg(fsp)));
1241 if ((fsp->conn->fs_capabilities & FILE_NAMED_STREAMS)
1242 && !is_ntfs_stream_smb_fname(fsp->fsp_name)) {
1244 status = delete_all_streams(fsp->conn, fsp->fsp_name);
1245 if (!NT_STATUS_IS_OK(status)) {
1246 DEBUG(5, ("delete_all_streams failed: %s\n",
1247 nt_errstr(status)));
1248 file_free(req, fsp);
1253 status = rmdir_internals(talloc_tos(), fsp);
1255 DEBUG(5,("close_directory: %s. Delete on close was set - "
1256 "deleting directory returned %s.\n",
1257 fsp_str_dbg(fsp), nt_errstr(status)));
1259 /* unbecome user. */
1263 * Ensure we remove any change notify requests that would
1264 * now fail as the directory has been deleted.
1267 if (NT_STATUS_IS_OK(status)) {
1268 notify_status = NT_STATUS_DELETE_PENDING;
1271 if (!del_share_mode(lck, fsp)) {
1272 DEBUG(0, ("close_directory: Could not delete share entry for "
1273 "%s\n", fsp_str_dbg(fsp)));
1279 remove_pending_change_notify_requests_by_fid(fsp, notify_status);
1281 status1 = fd_close(fsp);
1283 if (!NT_STATUS_IS_OK(status1)) {
1284 DEBUG(0, ("Could not close dir! fname=%s, fd=%d, err=%d=%s\n",
1285 fsp_str_dbg(fsp), fsp->fh->fd, errno,
1290 * Do the code common to files and directories.
1292 file_free(req, fsp);
1294 if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(status1)) {
1300 /****************************************************************************
1301 Close a files_struct.
1302 ****************************************************************************/
1304 NTSTATUS close_file(struct smb_request *req, files_struct *fsp,
1305 enum file_close_type close_type)
1308 struct files_struct *base_fsp = fsp->base_fsp;
1310 if(fsp->is_directory) {
1311 status = close_directory(req, fsp, close_type);
1312 } else if (fsp->fake_file_handle != NULL) {
1313 status = close_fake_file(req, fsp);
1315 status = close_normal_file(req, fsp, close_type);
1318 if ((base_fsp != NULL) && (close_type != SHUTDOWN_CLOSE)) {
1321 * fsp was a stream, the base fsp can't be a stream as well
1323 * For SHUTDOWN_CLOSE this is not possible here, because
1324 * SHUTDOWN_CLOSE only happens from files.c which walks the
1325 * complete list of files. If we mess with more than one fsp
1326 * those loops will become confused.
1329 SMB_ASSERT(base_fsp->base_fsp == NULL);
1330 close_file(req, base_fsp, close_type);
1336 /****************************************************************************
1337 Deal with an (authorized) message to close a file given the share mode
1339 ****************************************************************************/
1341 void msg_close_file(struct messaging_context *msg_ctx,
1344 struct server_id server_id,
1347 files_struct *fsp = NULL;
1349 struct share_mode_entry e;
1350 struct smbd_server_connection *sconn =
1351 talloc_get_type_abort(private_data,
1352 struct smbd_server_connection);
1354 message_to_share_mode_entry(&id, &e, (char *)data->data);
1357 char *sm_str = share_mode_str(NULL, 0, &id, &e);
1359 smb_panic("talloc failed");
1361 DEBUG(10,("msg_close_file: got request to close share mode "
1362 "entry %s\n", sm_str));
1363 TALLOC_FREE(sm_str);
1366 fsp = file_find_dif(sconn, id, e.share_file_id);
1368 DEBUG(10,("msg_close_file: failed to find file.\n"));
1371 close_file(NULL, fsp, NORMAL_CLOSE);