vfs3: Pass "lease" through SMB_VFS_CREATE_FILE
[metze/samba/wip.git] / source3 / smbd / open.c
1 /* 
2    Unix SMB/CIFS implementation.
3    file opening and share modes
4    Copyright (C) Andrew Tridgell 1992-1998
5    Copyright (C) Jeremy Allison 2001-2004
6    Copyright (C) Volker Lendecke 2005
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 3 of the License, or
11    (at your option) any later version.
12
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17
18    You should have received a copy of the GNU General Public License
19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "system/filesys.h"
24 #include "printing.h"
25 #include "smbd/smbd.h"
26 #include "smbd/globals.h"
27 #include "fake_file.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_security.h"
30 #include "../librpc/gen_ndr/open_files.h"
31 #include "../librpc/gen_ndr/idmap.h"
32 #include "../librpc/gen_ndr/ioctl.h"
33 #include "passdb/lookup_sid.h"
34 #include "auth.h"
35 #include "serverid.h"
36 #include "messages.h"
37 #include "source3/lib/dbwrap/dbwrap_watch.h"
38
39 extern const struct generic_mapping file_generic_mapping;
40
41 struct deferred_open_record {
42         bool delayed_for_oplocks;
43         bool async_open;
44         struct file_id id;
45 };
46
47 /****************************************************************************
48  If the requester wanted DELETE_ACCESS and was rejected because
49  the file ACL didn't include DELETE_ACCESS, see if the parent ACL
50  overrides this.
51 ****************************************************************************/
52
53 static bool parent_override_delete(connection_struct *conn,
54                                         const struct smb_filename *smb_fname,
55                                         uint32_t access_mask,
56                                         uint32_t rejected_mask)
57 {
58         if ((access_mask & DELETE_ACCESS) &&
59                     (rejected_mask & DELETE_ACCESS) &&
60                     can_delete_file_in_directory(conn, smb_fname)) {
61                 return true;
62         }
63         return false;
64 }
65
66 /****************************************************************************
67  Check if we have open rights.
68 ****************************************************************************/
69
70 NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
71                                 const struct smb_filename *smb_fname,
72                                 bool use_privs,
73                                 uint32_t access_mask)
74 {
75         /* Check if we have rights to open. */
76         NTSTATUS status;
77         struct security_descriptor *sd = NULL;
78         uint32_t rejected_share_access;
79         uint32_t rejected_mask = access_mask;
80         uint32_t do_not_check_mask = 0;
81
82         rejected_share_access = access_mask & ~(conn->share_access);
83
84         if (rejected_share_access) {
85                 DEBUG(10, ("smbd_check_access_rights: rejected share access 0x%x "
86                         "on %s (0x%x)\n",
87                         (unsigned int)access_mask,
88                         smb_fname_str_dbg(smb_fname),
89                         (unsigned int)rejected_share_access ));
90                 return NT_STATUS_ACCESS_DENIED;
91         }
92
93         if (!use_privs && get_current_uid(conn) == (uid_t)0) {
94                 /* I'm sorry sir, I didn't know you were root... */
95                 DEBUG(10,("smbd_check_access_rights: root override "
96                         "on %s. Granting 0x%x\n",
97                         smb_fname_str_dbg(smb_fname),
98                         (unsigned int)access_mask ));
99                 return NT_STATUS_OK;
100         }
101
102         if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
103                 DEBUG(10,("smbd_check_access_rights: not checking ACL "
104                         "on DELETE_ACCESS on file %s. Granting 0x%x\n",
105                         smb_fname_str_dbg(smb_fname),
106                         (unsigned int)access_mask ));
107                 return NT_STATUS_OK;
108         }
109
110         if (access_mask == DELETE_ACCESS &&
111                         VALID_STAT(smb_fname->st) &&
112                         S_ISLNK(smb_fname->st.st_ex_mode)) {
113                 /* We can always delete a symlink. */
114                 DEBUG(10,("smbd_check_access_rights: not checking ACL "
115                         "on DELETE_ACCESS on symlink %s.\n",
116                         smb_fname_str_dbg(smb_fname) ));
117                 return NT_STATUS_OK;
118         }
119
120         status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
121                         (SECINFO_OWNER |
122                         SECINFO_GROUP |
123                          SECINFO_DACL), talloc_tos(), &sd);
124
125         if (!NT_STATUS_IS_OK(status)) {
126                 DEBUG(10, ("smbd_check_access_rights: Could not get acl "
127                         "on %s: %s\n",
128                         smb_fname_str_dbg(smb_fname),
129                         nt_errstr(status)));
130
131                 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
132                         goto access_denied;
133                 }
134
135                 return status;
136         }
137
138         /*
139          * If we can access the path to this file, by
140          * default we have FILE_READ_ATTRIBUTES from the
141          * containing directory. See the section:
142          * "Algorithm to Check Access to an Existing File"
143          * in MS-FSA.pdf.
144          *
145          * se_file_access_check() also takes care of
146          * owner WRITE_DAC and READ_CONTROL.
147          */
148         do_not_check_mask = FILE_READ_ATTRIBUTES;
149
150         /*
151          * Samba 3.6 and earlier granted execute access even
152          * if the ACL did not contain execute rights.
153          * Samba 4.0 is more correct and checks it.
154          * The compatibilty mode allows to skip this check
155          * to smoothen upgrades.
156          */
157         if (lp_acl_allow_execute_always(SNUM(conn))) {
158                 do_not_check_mask |= FILE_EXECUTE;
159         }
160
161         status = se_file_access_check(sd,
162                                 get_current_nttok(conn),
163                                 use_privs,
164                                 (access_mask & ~do_not_check_mask),
165                                 &rejected_mask);
166
167         DEBUG(10,("smbd_check_access_rights: file %s requesting "
168                 "0x%x returning 0x%x (%s)\n",
169                 smb_fname_str_dbg(smb_fname),
170                 (unsigned int)access_mask,
171                 (unsigned int)rejected_mask,
172                 nt_errstr(status) ));
173
174         if (!NT_STATUS_IS_OK(status)) {
175                 if (DEBUGLEVEL >= 10) {
176                         DEBUG(10,("smbd_check_access_rights: acl for %s is:\n",
177                                 smb_fname_str_dbg(smb_fname) ));
178                         NDR_PRINT_DEBUG(security_descriptor, sd);
179                 }
180         }
181
182         TALLOC_FREE(sd);
183
184         if (NT_STATUS_IS_OK(status) ||
185                         !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
186                 return status;
187         }
188
189         /* Here we know status == NT_STATUS_ACCESS_DENIED. */
190
191   access_denied:
192
193         if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
194                         (rejected_mask & FILE_WRITE_ATTRIBUTES) &&
195                         !lp_store_dos_attributes(SNUM(conn)) &&
196                         (lp_map_readonly(SNUM(conn)) ||
197                         lp_map_archive(SNUM(conn)) ||
198                         lp_map_hidden(SNUM(conn)) ||
199                         lp_map_system(SNUM(conn)))) {
200                 rejected_mask &= ~FILE_WRITE_ATTRIBUTES;
201
202                 DEBUG(10,("smbd_check_access_rights: "
203                         "overrode "
204                         "FILE_WRITE_ATTRIBUTES "
205                         "on file %s\n",
206                         smb_fname_str_dbg(smb_fname)));
207         }
208
209         if (parent_override_delete(conn,
210                                 smb_fname,
211                                 access_mask,
212                                 rejected_mask)) {
213                 /* Were we trying to do an open
214                  * for delete and didn't get DELETE
215                  * access (only) ? Check if the
216                  * directory allows DELETE_CHILD.
217                  * See here:
218                  * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
219                  * for details. */
220
221                 rejected_mask &= ~DELETE_ACCESS;
222
223                 DEBUG(10,("smbd_check_access_rights: "
224                         "overrode "
225                         "DELETE_ACCESS on "
226                         "file %s\n",
227                         smb_fname_str_dbg(smb_fname)));
228         }
229
230         if (rejected_mask != 0) {
231                 return NT_STATUS_ACCESS_DENIED;
232         }
233         return NT_STATUS_OK;
234 }
235
236 static NTSTATUS check_parent_access(struct connection_struct *conn,
237                                 struct smb_filename *smb_fname,
238                                 uint32_t access_mask)
239 {
240         NTSTATUS status;
241         char *parent_dir = NULL;
242         struct security_descriptor *parent_sd = NULL;
243         uint32_t access_granted = 0;
244
245         if (!parent_dirname(talloc_tos(),
246                                 smb_fname->base_name,
247                                 &parent_dir,
248                                 NULL)) {
249                 return NT_STATUS_NO_MEMORY;
250         }
251
252         if (get_current_uid(conn) == (uid_t)0) {
253                 /* I'm sorry sir, I didn't know you were root... */
254                 DEBUG(10,("check_parent_access: root override "
255                         "on %s. Granting 0x%x\n",
256                         smb_fname_str_dbg(smb_fname),
257                         (unsigned int)access_mask ));
258                 return NT_STATUS_OK;
259         }
260
261         status = SMB_VFS_GET_NT_ACL(conn,
262                                 parent_dir,
263                                 SECINFO_DACL,
264                                     talloc_tos(),
265                                 &parent_sd);
266
267         if (!NT_STATUS_IS_OK(status)) {
268                 DEBUG(5,("check_parent_access: SMB_VFS_GET_NT_ACL failed for "
269                         "%s with error %s\n",
270                         parent_dir,
271                         nt_errstr(status)));
272                 return status;
273         }
274
275         /*
276          * If we can access the path to this file, by
277          * default we have FILE_READ_ATTRIBUTES from the
278          * containing directory. See the section:
279          * "Algorithm to Check Access to an Existing File"
280          * in MS-FSA.pdf.
281          *
282          * se_file_access_check() also takes care of
283          * owner WRITE_DAC and READ_CONTROL.
284          */
285         status = se_file_access_check(parent_sd,
286                                 get_current_nttok(conn),
287                                 false,
288                                 (access_mask & ~FILE_READ_ATTRIBUTES),
289                                 &access_granted);
290         if(!NT_STATUS_IS_OK(status)) {
291                 DEBUG(5,("check_parent_access: access check "
292                         "on directory %s for "
293                         "path %s for mask 0x%x returned (0x%x) %s\n",
294                         parent_dir,
295                         smb_fname->base_name,
296                         access_mask,
297                         access_granted,
298                         nt_errstr(status) ));
299                 return status;
300         }
301
302         return NT_STATUS_OK;
303 }
304
305 /****************************************************************************
306  Ensure when opening a base file for a stream open that we have permissions
307  to do so given the access mask on the base file.
308 ****************************************************************************/
309
310 static NTSTATUS check_base_file_access(struct connection_struct *conn,
311                                 struct smb_filename *smb_fname,
312                                 uint32_t access_mask)
313 {
314         NTSTATUS status;
315
316         status = smbd_calculate_access_mask(conn, smb_fname,
317                                         false,
318                                         access_mask,
319                                         &access_mask);
320         if (!NT_STATUS_IS_OK(status)) {
321                 DEBUG(10, ("smbd_calculate_access_mask "
322                         "on file %s returned %s\n",
323                         smb_fname_str_dbg(smb_fname),
324                         nt_errstr(status)));
325                 return status;
326         }
327
328         if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) {
329                 uint32_t dosattrs;
330                 if (!CAN_WRITE(conn)) {
331                         return NT_STATUS_ACCESS_DENIED;
332                 }
333                 dosattrs = dos_mode(conn, smb_fname);
334                 if (IS_DOS_READONLY(dosattrs)) {
335                         return NT_STATUS_ACCESS_DENIED;
336                 }
337         }
338
339         return smbd_check_access_rights(conn,
340                                         smb_fname,
341                                         false,
342                                         access_mask);
343 }
344
345 /****************************************************************************
346  fd support routines - attempt to do a dos_open.
347 ****************************************************************************/
348
349 NTSTATUS fd_open(struct connection_struct *conn,
350                  files_struct *fsp,
351                  int flags,
352                  mode_t mode)
353 {
354         struct smb_filename *smb_fname = fsp->fsp_name;
355         NTSTATUS status = NT_STATUS_OK;
356
357 #ifdef O_NOFOLLOW
358         /* 
359          * Never follow symlinks on a POSIX client. The
360          * client should be doing this.
361          */
362
363         if (fsp->posix_open || !lp_follow_symlinks(SNUM(conn))) {
364                 flags |= O_NOFOLLOW;
365         }
366 #endif
367
368         fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
369         if (fsp->fh->fd == -1) {
370                 int posix_errno = errno;
371 #ifdef O_NOFOLLOW
372 #if defined(ENOTSUP) && defined(OSF1)
373                 /* handle special Tru64 errno */
374                 if (errno == ENOTSUP) {
375                         posix_errno = ELOOP;
376                 }
377 #endif /* ENOTSUP */
378 #ifdef EFTYPE
379                 /* fix broken NetBSD errno */
380                 if (errno == EFTYPE) {
381                         posix_errno = ELOOP;
382                 }
383 #endif /* EFTYPE */
384                 /* fix broken FreeBSD errno */
385                 if (errno == EMLINK) {
386                         posix_errno = ELOOP;
387                 }
388 #endif /* O_NOFOLLOW */
389                 status = map_nt_error_from_unix(posix_errno);
390                 if (errno == EMFILE) {
391                         static time_t last_warned = 0L;
392
393                         if (time((time_t *) NULL) > last_warned) {
394                                 DEBUG(0,("Too many open files, unable "
395                                         "to open more!  smbd's max "
396                                         "open files = %d\n",
397                                         lp_max_open_files()));
398                                 last_warned = time((time_t *) NULL);
399                         }
400                 }
401
402         }
403
404         DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
405                   smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
406                 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
407
408         return status;
409 }
410
411 /****************************************************************************
412  Close the file associated with a fsp.
413 ****************************************************************************/
414
415 NTSTATUS fd_close(files_struct *fsp)
416 {
417         int ret;
418
419         if (fsp->dptr) {
420                 dptr_CloseDir(fsp);
421         }
422         if (fsp->fh->fd == -1) {
423                 return NT_STATUS_OK; /* What we used to call a stat open. */
424         }
425         if (fsp->fh->ref_count > 1) {
426                 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
427         }
428
429         ret = SMB_VFS_CLOSE(fsp);
430         fsp->fh->fd = -1;
431         if (ret == -1) {
432                 return map_nt_error_from_unix(errno);
433         }
434         return NT_STATUS_OK;
435 }
436
437 /****************************************************************************
438  Change the ownership of a file to that of the parent directory.
439  Do this by fd if possible.
440 ****************************************************************************/
441
442 void change_file_owner_to_parent(connection_struct *conn,
443                                         const char *inherit_from_dir,
444                                         files_struct *fsp)
445 {
446         struct smb_filename *smb_fname_parent;
447         int ret;
448
449         smb_fname_parent = synthetic_smb_fname(talloc_tos(), inherit_from_dir,
450                                                NULL, NULL);
451         if (smb_fname_parent == NULL) {
452                 return;
453         }
454
455         ret = SMB_VFS_STAT(conn, smb_fname_parent);
456         if (ret == -1) {
457                 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
458                          "directory %s. Error was %s\n",
459                          smb_fname_str_dbg(smb_fname_parent),
460                          strerror(errno)));
461                 TALLOC_FREE(smb_fname_parent);
462                 return;
463         }
464
465         if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
466                 /* Already this uid - no need to change. */
467                 DEBUG(10,("change_file_owner_to_parent: file %s "
468                         "is already owned by uid %d\n",
469                         fsp_str_dbg(fsp),
470                         (int)fsp->fsp_name->st.st_ex_uid ));
471                 TALLOC_FREE(smb_fname_parent);
472                 return;
473         }
474
475         become_root();
476         ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
477         unbecome_root();
478         if (ret == -1) {
479                 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
480                          "file %s to parent directory uid %u. Error "
481                          "was %s\n", fsp_str_dbg(fsp),
482                          (unsigned int)smb_fname_parent->st.st_ex_uid,
483                          strerror(errno) ));
484         } else {
485                 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
486                         "parent directory uid %u.\n", fsp_str_dbg(fsp),
487                         (unsigned int)smb_fname_parent->st.st_ex_uid));
488                 /* Ensure the uid entry is updated. */
489                 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
490         }
491
492         TALLOC_FREE(smb_fname_parent);
493 }
494
495 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
496                                        const char *inherit_from_dir,
497                                        const char *fname,
498                                        SMB_STRUCT_STAT *psbuf)
499 {
500         struct smb_filename *smb_fname_parent;
501         struct smb_filename *smb_fname_cwd = NULL;
502         char *saved_dir = NULL;
503         TALLOC_CTX *ctx = talloc_tos();
504         NTSTATUS status = NT_STATUS_OK;
505         int ret;
506
507         smb_fname_parent = synthetic_smb_fname(ctx, inherit_from_dir,
508                                                NULL, NULL);
509         if (smb_fname_parent == NULL) {
510                 return NT_STATUS_NO_MEMORY;
511         }
512
513         ret = SMB_VFS_STAT(conn, smb_fname_parent);
514         if (ret == -1) {
515                 status = map_nt_error_from_unix(errno);
516                 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
517                          "directory %s. Error was %s\n",
518                          smb_fname_str_dbg(smb_fname_parent),
519                          strerror(errno)));
520                 goto out;
521         }
522
523         /* We've already done an lstat into psbuf, and we know it's a
524            directory. If we can cd into the directory and the dev/ino
525            are the same then we can safely chown without races as
526            we're locking the directory in place by being in it.  This
527            should work on any UNIX (thanks tridge :-). JRA.
528         */
529
530         saved_dir = vfs_GetWd(ctx,conn);
531         if (!saved_dir) {
532                 status = map_nt_error_from_unix(errno);
533                 DEBUG(0,("change_dir_owner_to_parent: failed to get "
534                          "current working directory. Error was %s\n",
535                          strerror(errno)));
536                 goto out;
537         }
538
539         /* Chdir into the new path. */
540         if (vfs_ChDir(conn, fname) == -1) {
541                 status = map_nt_error_from_unix(errno);
542                 DEBUG(0,("change_dir_owner_to_parent: failed to change "
543                          "current working directory to %s. Error "
544                          "was %s\n", fname, strerror(errno) ));
545                 goto chdir;
546         }
547
548         smb_fname_cwd = synthetic_smb_fname(ctx, ".", NULL, NULL);
549         if (smb_fname_cwd == NULL) {
550                 status = NT_STATUS_NO_MEMORY;
551                 goto chdir;
552         }
553
554         ret = SMB_VFS_STAT(conn, smb_fname_cwd);
555         if (ret == -1) {
556                 status = map_nt_error_from_unix(errno);
557                 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
558                          "directory '.' (%s) Error was %s\n",
559                          fname, strerror(errno)));
560                 goto chdir;
561         }
562
563         /* Ensure we're pointing at the same place. */
564         if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
565             smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
566                 DEBUG(0,("change_dir_owner_to_parent: "
567                          "device/inode on directory %s changed. "
568                          "Refusing to chown !\n", fname ));
569                 status = NT_STATUS_ACCESS_DENIED;
570                 goto chdir;
571         }
572
573         if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
574                 /* Already this uid - no need to change. */
575                 DEBUG(10,("change_dir_owner_to_parent: directory %s "
576                         "is already owned by uid %d\n",
577                         fname,
578                         (int)smb_fname_cwd->st.st_ex_uid ));
579                 status = NT_STATUS_OK;
580                 goto chdir;
581         }
582
583         become_root();
584         ret = SMB_VFS_LCHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
585                             (gid_t)-1);
586         unbecome_root();
587         if (ret == -1) {
588                 status = map_nt_error_from_unix(errno);
589                 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
590                           "directory %s to parent directory uid %u. "
591                           "Error was %s\n", fname,
592                           (unsigned int)smb_fname_parent->st.st_ex_uid,
593                           strerror(errno) ));
594         } else {
595                 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
596                         "directory %s to parent directory uid %u.\n",
597                         fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
598                 /* Ensure the uid entry is updated. */
599                 psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid;
600         }
601
602  chdir:
603         vfs_ChDir(conn,saved_dir);
604  out:
605         TALLOC_FREE(smb_fname_parent);
606         TALLOC_FREE(smb_fname_cwd);
607         return status;
608 }
609
610 /****************************************************************************
611  Open a file - returning a guaranteed ATOMIC indication of if the
612  file was created or not.
613 ****************************************************************************/
614
615 static NTSTATUS fd_open_atomic(struct connection_struct *conn,
616                         files_struct *fsp,
617                         int flags,
618                         mode_t mode,
619                         bool *file_created)
620 {
621         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
622         bool file_existed = VALID_STAT(fsp->fsp_name->st);
623
624         *file_created = false;
625
626         if (!(flags & O_CREAT)) {
627                 /*
628                  * We're not creating the file, just pass through.
629                  */
630                 return fd_open(conn, fsp, flags, mode);
631         }
632
633         if (flags & O_EXCL) {
634                 /*
635                  * Fail if already exists, just pass through.
636                  */
637                 status = fd_open(conn, fsp, flags, mode);
638
639                 /*
640                  * Here we've opened with O_CREAT|O_EXCL. If that went
641                  * NT_STATUS_OK, we *know* we created this file.
642                  */
643                 *file_created = NT_STATUS_IS_OK(status);
644
645                 return status;
646         }
647
648         /*
649          * Now it gets tricky. We have O_CREAT, but not O_EXCL.
650          * To know absolutely if we created the file or not,
651          * we can never call O_CREAT without O_EXCL. So if
652          * we think the file existed, try without O_CREAT|O_EXCL.
653          * If we think the file didn't exist, try with
654          * O_CREAT|O_EXCL. Keep bouncing between these two
655          * requests until either the file is created, or
656          * opened. Either way, we keep going until we get
657          * a returnable result (error, or open/create).
658          */
659
660         while(1) {
661                 int curr_flags = flags;
662
663                 if (file_existed) {
664                         /* Just try open, do not create. */
665                         curr_flags &= ~(O_CREAT);
666                         status = fd_open(conn, fsp, curr_flags, mode);
667                         if (NT_STATUS_EQUAL(status,
668                                         NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
669                                 /*
670                                  * Someone deleted it in the meantime.
671                                  * Retry with O_EXCL.
672                                  */
673                                 file_existed = false;
674                                 DEBUG(10,("fd_open_atomic: file %s existed. "
675                                         "Retry.\n",
676                                         smb_fname_str_dbg(fsp->fsp_name)));
677                                         continue;
678                         }
679                 } else {
680                         /* Try create exclusively, fail if it exists. */
681                         curr_flags |= O_EXCL;
682                         status = fd_open(conn, fsp, curr_flags, mode);
683                         if (NT_STATUS_EQUAL(status,
684                                         NT_STATUS_OBJECT_NAME_COLLISION)) {
685                                 /*
686                                  * Someone created it in the meantime.
687                                  * Retry without O_CREAT.
688                                  */
689                                 file_existed = true;
690                                 DEBUG(10,("fd_open_atomic: file %s "
691                                         "did not exist. Retry.\n",
692                                         smb_fname_str_dbg(fsp->fsp_name)));
693                                 continue;
694                         }
695                         if (NT_STATUS_IS_OK(status)) {
696                                 /*
697                                  * Here we've opened with O_CREAT|O_EXCL
698                                  * and got success. We *know* we created
699                                  * this file.
700                                  */
701                                 *file_created = true;
702                         }
703                 }
704                 /* Create is done, or failed. */
705                 break;
706         }
707         return status;
708 }
709
710 /****************************************************************************
711  Open a file.
712 ****************************************************************************/
713
714 static NTSTATUS open_file(files_struct *fsp,
715                           connection_struct *conn,
716                           struct smb_request *req,
717                           const char *parent_dir,
718                           int flags,
719                           mode_t unx_mode,
720                           uint32 access_mask, /* client requested access mask. */
721                           uint32 open_access_mask, /* what we're actually using in the open. */
722                           bool *p_file_created)
723 {
724         struct smb_filename *smb_fname = fsp->fsp_name;
725         NTSTATUS status = NT_STATUS_OK;
726         int accmode = (flags & O_ACCMODE);
727         int local_flags = flags;
728         bool file_existed = VALID_STAT(fsp->fsp_name->st);
729
730         fsp->fh->fd = -1;
731         errno = EPERM;
732
733         /* Check permissions */
734
735         /*
736          * This code was changed after seeing a client open request 
737          * containing the open mode of (DENY_WRITE/read-only) with
738          * the 'create if not exist' bit set. The previous code
739          * would fail to open the file read only on a read-only share
740          * as it was checking the flags parameter  directly against O_RDONLY,
741          * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
742          * JRA.
743          */
744
745         if (!CAN_WRITE(conn)) {
746                 /* It's a read-only share - fail if we wanted to write. */
747                 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
748                         DEBUG(3,("Permission denied opening %s\n",
749                                  smb_fname_str_dbg(smb_fname)));
750                         return NT_STATUS_ACCESS_DENIED;
751                 }
752                 if (flags & O_CREAT) {
753                         /* We don't want to write - but we must make sure that
754                            O_CREAT doesn't create the file if we have write
755                            access into the directory.
756                         */
757                         flags &= ~(O_CREAT|O_EXCL);
758                         local_flags &= ~(O_CREAT|O_EXCL);
759                 }
760         }
761
762         /*
763          * This little piece of insanity is inspired by the
764          * fact that an NT client can open a file for O_RDONLY,
765          * but set the create disposition to FILE_EXISTS_TRUNCATE.
766          * If the client *can* write to the file, then it expects to
767          * truncate the file, even though it is opening for readonly.
768          * Quicken uses this stupid trick in backup file creation...
769          * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
770          * for helping track this one down. It didn't bite us in 2.0.x
771          * as we always opened files read-write in that release. JRA.
772          */
773
774         if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
775                 DEBUG(10,("open_file: truncate requested on read-only open "
776                           "for file %s\n", smb_fname_str_dbg(smb_fname)));
777                 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
778         }
779
780         if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
781             (!file_existed && (local_flags & O_CREAT)) ||
782             ((local_flags & O_TRUNC) == O_TRUNC) ) {
783                 const char *wild;
784                 int ret;
785
786 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
787                 /*
788                  * We would block on opening a FIFO with no one else on the
789                  * other end. Do what we used to do and add O_NONBLOCK to the
790                  * open flags. JRA.
791                  */
792
793                 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
794                         local_flags &= ~O_TRUNC; /* Can't truncate a FIFO. */
795                         local_flags |= O_NONBLOCK;
796                 }
797 #endif
798
799                 /* Don't create files with Microsoft wildcard characters. */
800                 if (fsp->base_fsp) {
801                         /*
802                          * wildcard characters are allowed in stream names
803                          * only test the basefilename
804                          */
805                         wild = fsp->base_fsp->fsp_name->base_name;
806                 } else {
807                         wild = smb_fname->base_name;
808                 }
809                 if ((local_flags & O_CREAT) && !file_existed &&
810                     ms_has_wild(wild))  {
811                         return NT_STATUS_OBJECT_NAME_INVALID;
812                 }
813
814                 /* Can we access this file ? */
815                 if (!fsp->base_fsp) {
816                         /* Only do this check on non-stream open. */
817                         if (file_existed) {
818                                 status = smbd_check_access_rights(conn,
819                                                 smb_fname,
820                                                 false,
821                                                 access_mask);
822                         } else if (local_flags & O_CREAT){
823                                 status = check_parent_access(conn,
824                                                 smb_fname,
825                                                 SEC_DIR_ADD_FILE);
826                         } else {
827                                 /* File didn't exist and no O_CREAT. */
828                                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
829                         }
830                         if (!NT_STATUS_IS_OK(status)) {
831                                 DEBUG(10,("open_file: "
832                                         "%s on file "
833                                         "%s returned %s\n",
834                                         file_existed ?
835                                                 "smbd_check_access_rights" :
836                                                 "check_parent_access",
837                                         smb_fname_str_dbg(smb_fname),
838                                         nt_errstr(status) ));
839                                 return status;
840                         }
841                 }
842
843                 /*
844                  * Actually do the open - if O_TRUNC is needed handle it
845                  * below under the share mode lock.
846                  */
847                 status = fd_open_atomic(conn, fsp, local_flags & ~O_TRUNC,
848                                 unx_mode, p_file_created);
849                 if (!NT_STATUS_IS_OK(status)) {
850                         DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
851                                  "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
852                                  nt_errstr(status),local_flags,flags));
853                         return status;
854                 }
855
856                 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
857                 if (ret == -1) {
858                         /* If we have an fd, this stat should succeed. */
859                         DEBUG(0,("Error doing fstat on open file %s "
860                                 "(%s)\n",
861                                 smb_fname_str_dbg(smb_fname),
862                                 strerror(errno) ));
863                         status = map_nt_error_from_unix(errno);
864                         fd_close(fsp);
865                         return status;
866                 }
867
868                 if (*p_file_created) {
869                         /* We created this file. */
870
871                         bool need_re_stat = false;
872                         /* Do all inheritance work after we've
873                            done a successful fstat call and filled
874                            in the stat struct in fsp->fsp_name. */
875
876                         /* Inherit the ACL if required */
877                         if (lp_inherit_permissions(SNUM(conn))) {
878                                 inherit_access_posix_acl(conn, parent_dir,
879                                                          smb_fname->base_name,
880                                                          unx_mode);
881                                 need_re_stat = true;
882                         }
883
884                         /* Change the owner if required. */
885                         if (lp_inherit_owner(SNUM(conn))) {
886                                 change_file_owner_to_parent(conn, parent_dir,
887                                                             fsp);
888                                 need_re_stat = true;
889                         }
890
891                         if (need_re_stat) {
892                                 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
893                                 /* If we have an fd, this stat should succeed. */
894                                 if (ret == -1) {
895                                         DEBUG(0,("Error doing fstat on open file %s "
896                                                  "(%s)\n",
897                                                  smb_fname_str_dbg(smb_fname),
898                                                  strerror(errno) ));
899                                 }
900                         }
901
902                         notify_fname(conn, NOTIFY_ACTION_ADDED,
903                                      FILE_NOTIFY_CHANGE_FILE_NAME,
904                                      smb_fname->base_name);
905                 }
906         } else {
907                 fsp->fh->fd = -1; /* What we used to call a stat open. */
908                 if (!file_existed) {
909                         /* File must exist for a stat open. */
910                         return NT_STATUS_OBJECT_NAME_NOT_FOUND;
911                 }
912
913                 status = smbd_check_access_rights(conn,
914                                 smb_fname,
915                                 false,
916                                 access_mask);
917
918                 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
919                                 fsp->posix_open &&
920                                 S_ISLNK(smb_fname->st.st_ex_mode)) {
921                         /* This is a POSIX stat open for delete
922                          * or rename on a symlink that points
923                          * nowhere. Allow. */
924                         DEBUG(10,("open_file: allowing POSIX "
925                                   "open on bad symlink %s\n",
926                                   smb_fname_str_dbg(smb_fname)));
927                         status = NT_STATUS_OK;
928                 }
929
930                 if (!NT_STATUS_IS_OK(status)) {
931                         DEBUG(10,("open_file: "
932                                 "smbd_check_access_rights on file "
933                                 "%s returned %s\n",
934                                 smb_fname_str_dbg(smb_fname),
935                                 nt_errstr(status) ));
936                         return status;
937                 }
938         }
939
940         /*
941          * POSIX allows read-only opens of directories. We don't
942          * want to do this (we use a different code path for this)
943          * so catch a directory open and return an EISDIR. JRA.
944          */
945
946         if(S_ISDIR(smb_fname->st.st_ex_mode)) {
947                 fd_close(fsp);
948                 errno = EISDIR;
949                 return NT_STATUS_FILE_IS_A_DIRECTORY;
950         }
951
952         fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
953         fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
954         fsp->file_pid = req ? req->smbpid : 0;
955         fsp->can_lock = True;
956         fsp->can_read = ((access_mask & FILE_READ_DATA) != 0);
957         fsp->can_write =
958                 CAN_WRITE(conn) &&
959                 ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) != 0);
960         fsp->print_file = NULL;
961         fsp->modified = False;
962         fsp->sent_oplock_break = NO_BREAK_SENT;
963         fsp->is_directory = False;
964         if (conn->aio_write_behind_list &&
965             is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
966                        conn->case_sensitive)) {
967                 fsp->aio_write_behind = True;
968         }
969
970         fsp->wcp = NULL; /* Write cache pointer. */
971
972         DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
973                  conn->session_info->unix_info->unix_name,
974                  smb_fname_str_dbg(smb_fname),
975                  BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
976                  conn->num_files_open));
977
978         errno = 0;
979         return NT_STATUS_OK;
980 }
981
982 /****************************************************************************
983  Check if we can open a file with a share mode.
984  Returns True if conflict, False if not.
985 ****************************************************************************/
986
987 static bool share_conflict(struct share_mode_entry *entry,
988                            uint32 access_mask,
989                            uint32 share_access)
990 {
991         DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
992                   "entry->share_access = 0x%x, "
993                   "entry->private_options = 0x%x\n",
994                   (unsigned int)entry->access_mask,
995                   (unsigned int)entry->share_access,
996                   (unsigned int)entry->private_options));
997
998         if (server_id_is_disconnected(&entry->pid)) {
999                 /*
1000                  * note: cleanup should have been done by
1001                  * delay_for_batch_oplocks()
1002                  */
1003                 return false;
1004         }
1005
1006         DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
1007                   (unsigned int)access_mask, (unsigned int)share_access));
1008
1009         if ((entry->access_mask & (FILE_WRITE_DATA|
1010                                    FILE_APPEND_DATA|
1011                                    FILE_READ_DATA|
1012                                    FILE_EXECUTE|
1013                                    DELETE_ACCESS)) == 0) {
1014                 DEBUG(10,("share_conflict: No conflict due to "
1015                           "entry->access_mask = 0x%x\n",
1016                           (unsigned int)entry->access_mask ));
1017                 return False;
1018         }
1019
1020         if ((access_mask & (FILE_WRITE_DATA|
1021                             FILE_APPEND_DATA|
1022                             FILE_READ_DATA|
1023                             FILE_EXECUTE|
1024                             DELETE_ACCESS)) == 0) {
1025                 DEBUG(10,("share_conflict: No conflict due to "
1026                           "access_mask = 0x%x\n",
1027                           (unsigned int)access_mask ));
1028                 return False;
1029         }
1030
1031 #if 1 /* JRA TEST - Superdebug. */
1032 #define CHECK_MASK(num, am, right, sa, share) \
1033         DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
1034                 (unsigned int)(num), (unsigned int)(am), \
1035                 (unsigned int)(right), (unsigned int)(am)&(right) )); \
1036         DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
1037                 (unsigned int)(num), (unsigned int)(sa), \
1038                 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
1039         if (((am) & (right)) && !((sa) & (share))) { \
1040                 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
1041 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
1042                         (unsigned int)(share) )); \
1043                 return True; \
1044         }
1045 #else
1046 #define CHECK_MASK(num, am, right, sa, share) \
1047         if (((am) & (right)) && !((sa) & (share))) { \
1048                 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
1049 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
1050                         (unsigned int)(share) )); \
1051                 return True; \
1052         }
1053 #endif
1054
1055         CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
1056                    share_access, FILE_SHARE_WRITE);
1057         CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
1058                    entry->share_access, FILE_SHARE_WRITE);
1059
1060         CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
1061                    share_access, FILE_SHARE_READ);
1062         CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
1063                    entry->share_access, FILE_SHARE_READ);
1064
1065         CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
1066                    share_access, FILE_SHARE_DELETE);
1067         CHECK_MASK(6, access_mask, DELETE_ACCESS,
1068                    entry->share_access, FILE_SHARE_DELETE);
1069
1070         DEBUG(10,("share_conflict: No conflict.\n"));
1071         return False;
1072 }
1073
1074 #if defined(DEVELOPER)
1075 static void validate_my_share_entries(struct smbd_server_connection *sconn,
1076                                       int num,
1077                                       struct share_mode_entry *share_entry)
1078 {
1079         struct server_id self = messaging_server_id(sconn->msg_ctx);
1080         files_struct *fsp;
1081
1082         if (!serverid_equal(&self, &share_entry->pid)) {
1083                 return;
1084         }
1085
1086         if (share_entry->share_file_id == 0) {
1087                 /* INTERNAL_OPEN_ONLY */
1088                 return;
1089         }
1090
1091         if (!is_valid_share_mode_entry(share_entry)) {
1092                 return;
1093         }
1094
1095         fsp = file_find_dif(sconn, share_entry->id,
1096                             share_entry->share_file_id);
1097         if (!fsp) {
1098                 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
1099                          share_mode_str(talloc_tos(), num, share_entry) ));
1100                 smb_panic("validate_my_share_entries: Cannot match a "
1101                           "share entry with an open file\n");
1102         }
1103
1104         if (((uint16)fsp->oplock_type) != share_entry->op_type) {
1105                 goto panic;
1106         }
1107
1108         return;
1109
1110  panic:
1111         {
1112                 char *str;
1113                 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
1114                          share_mode_str(talloc_tos(), num, share_entry) ));
1115                 str = talloc_asprintf(talloc_tos(),
1116                         "validate_my_share_entries: "
1117                         "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
1118                          fsp->fsp_name->base_name,
1119                          (unsigned int)fsp->oplock_type,
1120                          (unsigned int)share_entry->op_type );
1121                 smb_panic(str);
1122         }
1123 }
1124 #endif
1125
1126 bool is_stat_open(uint32 access_mask)
1127 {
1128         const uint32_t stat_open_bits =
1129                 (SYNCHRONIZE_ACCESS|
1130                  FILE_READ_ATTRIBUTES|
1131                  FILE_WRITE_ATTRIBUTES);
1132
1133         return (((access_mask &  stat_open_bits) != 0) &&
1134                 ((access_mask & ~stat_open_bits) == 0));
1135 }
1136
1137 static bool has_delete_on_close(struct share_mode_lock *lck,
1138                                 uint32_t name_hash)
1139 {
1140         struct share_mode_data *d = lck->data;
1141         uint32_t i;
1142
1143         if (d->num_share_modes == 0) {
1144                 return false;
1145         }
1146         if (!is_delete_on_close_set(lck, name_hash)) {
1147                 return false;
1148         }
1149         for (i=0; i<d->num_share_modes; i++) {
1150                 if (!share_mode_stale_pid(d, i)) {
1151                         return true;
1152                 }
1153         }
1154         return false;
1155 }
1156
1157 /****************************************************************************
1158  Deal with share modes
1159  Invariant: Share mode must be locked on entry and exit.
1160  Returns -1 on error, or number of share modes on success (may be zero).
1161 ****************************************************************************/
1162
1163 static NTSTATUS open_mode_check(connection_struct *conn,
1164                                 struct share_mode_lock *lck,
1165                                 uint32 access_mask,
1166                                 uint32 share_access)
1167 {
1168         int i;
1169
1170         if(lck->data->num_share_modes == 0) {
1171                 return NT_STATUS_OK;
1172         }
1173
1174         if (is_stat_open(access_mask)) {
1175                 /* Stat open that doesn't trigger oplock breaks or share mode
1176                  * checks... ! JRA. */
1177                 return NT_STATUS_OK;
1178         }
1179
1180         /*
1181          * Check if the share modes will give us access.
1182          */
1183
1184 #if defined(DEVELOPER)
1185         for(i = 0; i < lck->data->num_share_modes; i++) {
1186                 validate_my_share_entries(conn->sconn, i,
1187                                           &lck->data->share_modes[i]);
1188         }
1189 #endif
1190
1191         /* Now we check the share modes, after any oplock breaks. */
1192         for(i = 0; i < lck->data->num_share_modes; i++) {
1193
1194                 if (!is_valid_share_mode_entry(&lck->data->share_modes[i])) {
1195                         continue;
1196                 }
1197
1198                 /* someone else has a share lock on it, check to see if we can
1199                  * too */
1200                 if (share_conflict(&lck->data->share_modes[i],
1201                                    access_mask, share_access)) {
1202
1203                         if (share_mode_stale_pid(lck->data, i)) {
1204                                 continue;
1205                         }
1206
1207                         return NT_STATUS_SHARING_VIOLATION;
1208                 }
1209         }
1210
1211         return NT_STATUS_OK;
1212 }
1213
1214 /*
1215  * Send a break message to the oplock holder and delay the open for
1216  * our client.
1217  */
1218
1219 static NTSTATUS send_break_message(struct messaging_context *msg_ctx,
1220                                    const struct share_mode_entry *exclusive,
1221                                    uint16_t break_to)
1222 {
1223         NTSTATUS status;
1224         char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
1225
1226         DEBUG(10, ("Sending break request to PID %s\n",
1227                    procid_str_static(&exclusive->pid)));
1228
1229         /* Create the message. */
1230         share_mode_entry_to_message(msg, exclusive);
1231
1232         /* Overload entry->op_type */
1233         SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET, break_to);
1234
1235         status = messaging_send_buf(msg_ctx, exclusive->pid,
1236                                     MSG_SMB_BREAK_REQUEST,
1237                                     (uint8 *)msg, sizeof(msg));
1238         if (!NT_STATUS_IS_OK(status)) {
1239                 DEBUG(3, ("Could not send oplock break message: %s\n",
1240                           nt_errstr(status)));
1241         }
1242
1243         return status;
1244 }
1245
1246 /*
1247  * Do internal consistency checks on the share mode for a file.
1248  */
1249
1250 static bool validate_oplock_types(struct share_mode_lock *lck)
1251 {
1252         struct share_mode_data *d = lck->data;
1253         bool batch = false;
1254         bool ex_or_batch = false;
1255         bool level2 = false;
1256         bool no_oplock = false;
1257         uint32_t num_non_stat_opens = 0;
1258         uint32_t i;
1259
1260         for (i=0; i<d->num_share_modes; i++) {
1261                 struct share_mode_entry *e = &d->share_modes[i];
1262
1263                 if (!is_valid_share_mode_entry(e)) {
1264                         continue;
1265                 }
1266
1267                 if (e->op_type == NO_OPLOCK && is_stat_open(e->access_mask)) {
1268                         /* We ignore stat opens in the table - they
1269                            always have NO_OPLOCK and never get or
1270                            cause breaks. JRA. */
1271                         continue;
1272                 }
1273
1274                 num_non_stat_opens += 1;
1275
1276                 if (BATCH_OPLOCK_TYPE(e->op_type)) {
1277                         /* batch - can only be one. */
1278                         if (share_mode_stale_pid(d, i)) {
1279                                 DEBUG(10, ("Found stale batch oplock\n"));
1280                                 continue;
1281                         }
1282                         if (ex_or_batch || batch || level2 || no_oplock) {
1283                                 DEBUG(0, ("Bad batch oplock entry %u.",
1284                                           (unsigned)i));
1285                                 return false;
1286                         }
1287                         batch = true;
1288                 }
1289
1290                 if (EXCLUSIVE_OPLOCK_TYPE(e->op_type)) {
1291                         if (share_mode_stale_pid(d, i)) {
1292                                 DEBUG(10, ("Found stale duplicate oplock\n"));
1293                                 continue;
1294                         }
1295                         /* Exclusive or batch - can only be one. */
1296                         if (ex_or_batch || level2 || no_oplock) {
1297                                 DEBUG(0, ("Bad exclusive or batch oplock "
1298                                           "entry %u.", (unsigned)i));
1299                                 return false;
1300                         }
1301                         ex_or_batch = true;
1302                 }
1303
1304                 if (LEVEL_II_OPLOCK_TYPE(e->op_type)) {
1305                         if (batch || ex_or_batch) {
1306                                 if (share_mode_stale_pid(d, i)) {
1307                                         DEBUG(10, ("Found stale LevelII "
1308                                                    "oplock\n"));
1309                                         continue;
1310                                 }
1311                                 DEBUG(0, ("Bad levelII oplock entry %u.",
1312                                           (unsigned)i));
1313                                 return false;
1314                         }
1315                         level2 = true;
1316                 }
1317
1318                 if (e->op_type == NO_OPLOCK) {
1319                         if (batch || ex_or_batch) {
1320                                 if (share_mode_stale_pid(d, i)) {
1321                                         DEBUG(10, ("Found stale NO_OPLOCK "
1322                                                    "entry\n"));
1323                                         continue;
1324                                 }
1325                                 DEBUG(0, ("Bad no oplock entry %u.",
1326                                           (unsigned)i));
1327                                 return false;
1328                         }
1329                         no_oplock = true;
1330                 }
1331         }
1332
1333         remove_stale_share_mode_entries(d);
1334
1335         if ((batch || ex_or_batch) && (num_non_stat_opens != 1)) {
1336                 DEBUG(1, ("got batch (%d) or ex (%d) non-exclusively (%d)\n",
1337                           (int)batch, (int)ex_or_batch,
1338                           (int)d->num_share_modes));
1339                 return false;
1340         }
1341
1342         return true;
1343 }
1344
1345 static bool delay_for_oplock(files_struct *fsp,
1346                              int oplock_request,
1347                              struct share_mode_lock *lck,
1348                              bool have_sharing_violation,
1349                              uint32_t create_disposition)
1350 {
1351         struct share_mode_data *d = lck->data;
1352         struct share_mode_entry *entry;
1353         uint32_t num_non_stat_opens = 0;
1354         uint32_t i;
1355         uint16_t break_to;
1356
1357         if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1358                 return false;
1359         }
1360         for (i=0; i<d->num_share_modes; i++) {
1361                 struct share_mode_entry *e = &d->share_modes[i];
1362                 if (e->op_type == NO_OPLOCK && is_stat_open(e->access_mask)) {
1363                         continue;
1364                 }
1365                 num_non_stat_opens += 1;
1366
1367                 /*
1368                  * We found the a non-stat open, which in the exclusive/batch
1369                  * case will be inspected further down.
1370                  */
1371                 entry = e;
1372         }
1373         if (num_non_stat_opens == 0) {
1374                 /*
1375                  * Nothing to wait for around
1376                  */
1377                 return false;
1378         }
1379         if (num_non_stat_opens != 1) {
1380                 /*
1381                  * More than one open around. There can't be any exclusive or
1382                  * batch left, this is all level2.
1383                  */
1384                 return false;
1385         }
1386
1387         if (server_id_is_disconnected(&entry->pid)) {
1388                 /*
1389                  * TODO: clean up.
1390                  * This could be achieved by sending a break message
1391                  * to ourselves. Special considerations for files
1392                  * with delete_on_close flag set!
1393                  *
1394                  * For now we keep it simple and do not
1395                  * allow delete on close for durable handles.
1396                  */
1397                 return false;
1398         }
1399
1400         switch (create_disposition) {
1401         case FILE_SUPERSEDE:
1402         case FILE_OVERWRITE_IF:
1403                 break_to = NO_OPLOCK;
1404                 break;
1405         default:
1406                 break_to = LEVEL_II_OPLOCK;
1407                 break;
1408         }
1409
1410         if (have_sharing_violation && (entry->op_type & BATCH_OPLOCK)) {
1411                 if (share_mode_stale_pid(d, 0)) {
1412                         return false;
1413                 }
1414                 send_break_message(fsp->conn->sconn->msg_ctx, entry, break_to);
1415                 return true;
1416         }
1417         if (have_sharing_violation) {
1418                 /*
1419                  * Non-batch exclusive is not broken if we have a sharing
1420                  * violation
1421                  */
1422                 return false;
1423         }
1424         if (LEVEL_II_OPLOCK_TYPE(entry->op_type) &&
1425             (break_to == NO_OPLOCK)) {
1426                 if (share_mode_stale_pid(d, 0)) {
1427                         return false;
1428                 }
1429                 DEBUG(10, ("Asynchronously breaking level2 oplock for "
1430                            "create_disposition=%u\n",
1431                            (unsigned)create_disposition));
1432                 send_break_message(fsp->conn->sconn->msg_ctx, entry, break_to);
1433                 return false;
1434         }
1435         if (!EXCLUSIVE_OPLOCK_TYPE(entry->op_type)) {
1436                 /*
1437                  * No break for NO_OPLOCK or LEVEL2_OPLOCK oplocks
1438                  */
1439                 return false;
1440         }
1441         if (share_mode_stale_pid(d, 0)) {
1442                 return false;
1443         }
1444
1445         send_break_message(fsp->conn->sconn->msg_ctx, entry, break_to);
1446         return true;
1447 }
1448
1449 static bool file_has_brlocks(files_struct *fsp)
1450 {
1451         struct byte_range_lock *br_lck;
1452
1453         br_lck = brl_get_locks_readonly(fsp);
1454         if (!br_lck)
1455                 return false;
1456
1457         return (brl_num_locks(br_lck) > 0);
1458 }
1459
1460 static void grant_fsp_oplock_type(files_struct *fsp,
1461                                   struct share_mode_lock *lck,
1462                                   int oplock_request)
1463 {
1464         bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
1465                             lp_level2_oplocks(SNUM(fsp->conn));
1466         bool got_level2_oplock, got_a_none_oplock;
1467         uint32_t i;
1468
1469         /* Start by granting what the client asked for,
1470            but ensure no SAMBA_PRIVATE bits can be set. */
1471         fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1472
1473         if (oplock_request & INTERNAL_OPEN_ONLY) {
1474                 /* No oplocks on internal open. */
1475                 fsp->oplock_type = NO_OPLOCK;
1476                 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1477                         fsp->oplock_type, fsp_str_dbg(fsp)));
1478                 return;
1479         }
1480
1481         if (lp_locking(fsp->conn->params) && file_has_brlocks(fsp)) {
1482                 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
1483                         fsp_str_dbg(fsp)));
1484                 fsp->oplock_type = NO_OPLOCK;
1485         }
1486
1487         if (is_stat_open(fsp->access_mask)) {
1488                 /* Leave the value already set. */
1489                 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1490                         fsp->oplock_type, fsp_str_dbg(fsp)));
1491                 return;
1492         }
1493
1494         got_level2_oplock = false;
1495         got_a_none_oplock = false;
1496
1497         for (i=0; i<lck->data->num_share_modes; i++) {
1498                 int op_type = lck->data->share_modes[i].op_type;
1499
1500                 if (LEVEL_II_OPLOCK_TYPE(op_type)) {
1501                         got_level2_oplock = true;
1502                 }
1503                 if (op_type == NO_OPLOCK) {
1504                         got_a_none_oplock = true;
1505                 }
1506         }
1507
1508         /*
1509          * Match what was requested (fsp->oplock_type) with
1510          * what was found in the existing share modes.
1511          */
1512
1513         if (got_level2_oplock || got_a_none_oplock) {
1514                 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
1515                         fsp->oplock_type = LEVEL_II_OPLOCK;
1516                 }
1517         }
1518
1519         /*
1520          * Don't grant level2 to clients that don't want them
1521          * or if we've turned them off.
1522          */
1523         if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1524                 fsp->oplock_type = NO_OPLOCK;
1525         }
1526
1527         if (fsp->oplock_type == LEVEL_II_OPLOCK && !got_level2_oplock) {
1528                 /*
1529                  * We're the first level2 oplock. Indicate that in brlock.tdb.
1530                  */
1531                 struct byte_range_lock *brl;
1532
1533                 brl = brl_get_locks(talloc_tos(), fsp);
1534                 if (brl != NULL) {
1535                         brl_set_have_read_oplocks(brl, true);
1536                         TALLOC_FREE(brl);
1537                 }
1538         }
1539
1540         DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1541                   fsp->oplock_type, fsp_str_dbg(fsp)));
1542 }
1543
1544 static bool request_timed_out(struct timeval request_time,
1545                               struct timeval timeout)
1546 {
1547         struct timeval now, end_time;
1548         GetTimeOfDay(&now);
1549         end_time = timeval_sum(&request_time, &timeout);
1550         return (timeval_compare(&end_time, &now) < 0);
1551 }
1552
1553 struct defer_open_state {
1554         struct smbd_server_connection *sconn;
1555         uint64_t mid;
1556 };
1557
1558 static void defer_open_done(struct tevent_req *req);
1559
1560 /****************************************************************************
1561  Handle the 1 second delay in returning a SHARING_VIOLATION error.
1562 ****************************************************************************/
1563
1564 static void defer_open(struct share_mode_lock *lck,
1565                        struct timeval request_time,
1566                        struct timeval timeout,
1567                        struct smb_request *req,
1568                        struct deferred_open_record *state)
1569 {
1570         struct deferred_open_record *open_rec;
1571
1572         DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1573                   "open entry for mid %llu\n",
1574                   (unsigned int)request_time.tv_sec,
1575                   (unsigned int)request_time.tv_usec,
1576                   (unsigned long long)req->mid));
1577
1578         open_rec = talloc(NULL, struct deferred_open_record);
1579         if (open_rec == NULL) {
1580                 TALLOC_FREE(lck);
1581                 exit_server("talloc failed");
1582         }
1583
1584         *open_rec = *state;
1585
1586         if (lck) {
1587                 struct defer_open_state *watch_state;
1588                 struct tevent_req *watch_req;
1589                 bool ret;
1590
1591                 watch_state = talloc(open_rec, struct defer_open_state);
1592                 if (watch_state == NULL) {
1593                         exit_server("talloc failed");
1594                 }
1595                 watch_state->sconn = req->sconn;
1596                 watch_state->mid = req->mid;
1597
1598                 DEBUG(10, ("defering mid %llu\n",
1599                            (unsigned long long)req->mid));
1600
1601                 watch_req = dbwrap_record_watch_send(
1602                         watch_state, req->sconn->ev_ctx, lck->data->record,
1603                         req->sconn->msg_ctx);
1604                 if (watch_req == NULL) {
1605                         exit_server("Could not watch share mode record");
1606                 }
1607                 tevent_req_set_callback(watch_req, defer_open_done,
1608                                         watch_state);
1609
1610                 ret = tevent_req_set_endtime(
1611                         watch_req, req->sconn->ev_ctx,
1612                         timeval_sum(&request_time, &timeout));
1613                 SMB_ASSERT(ret);
1614         }
1615
1616         if (!push_deferred_open_message_smb(req, request_time, timeout,
1617                                             state->id, open_rec)) {
1618                 TALLOC_FREE(lck);
1619                 exit_server("push_deferred_open_message_smb failed");
1620         }
1621 }
1622
1623 static void defer_open_done(struct tevent_req *req)
1624 {
1625         struct defer_open_state *state = tevent_req_callback_data(
1626                 req, struct defer_open_state);
1627         NTSTATUS status;
1628         bool ret;
1629
1630         status = dbwrap_record_watch_recv(req, talloc_tos(), NULL);
1631         TALLOC_FREE(req);
1632         if (!NT_STATUS_IS_OK(status)) {
1633                 DEBUG(5, ("dbwrap_record_watch_recv returned %s\n",
1634                           nt_errstr(status)));
1635                 /*
1636                  * Even if it failed, retry anyway. TODO: We need a way to
1637                  * tell a re-scheduled open about that error.
1638                  */
1639         }
1640
1641         DEBUG(10, ("scheduling mid %llu\n", (unsigned long long)state->mid));
1642
1643         ret = schedule_deferred_open_message_smb(state->sconn, state->mid);
1644         SMB_ASSERT(ret);
1645         TALLOC_FREE(state);
1646 }
1647
1648
1649 /****************************************************************************
1650  On overwrite open ensure that the attributes match.
1651 ****************************************************************************/
1652
1653 static bool open_match_attributes(connection_struct *conn,
1654                                   uint32 old_dos_attr,
1655                                   uint32 new_dos_attr,
1656                                   mode_t existing_unx_mode,
1657                                   mode_t new_unx_mode,
1658                                   mode_t *returned_unx_mode)
1659 {
1660         uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1661
1662         noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1663         noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1664
1665         if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) || 
1666            (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1667                 *returned_unx_mode = new_unx_mode;
1668         } else {
1669                 *returned_unx_mode = (mode_t)0;
1670         }
1671
1672         DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1673                   "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1674                   "returned_unx_mode = 0%o\n",
1675                   (unsigned int)old_dos_attr,
1676                   (unsigned int)existing_unx_mode,
1677                   (unsigned int)new_dos_attr,
1678                   (unsigned int)*returned_unx_mode ));
1679
1680         /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1681         if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1682                 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1683                     !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1684                         return False;
1685                 }
1686         }
1687         if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1688                 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1689                     !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1690                         return False;
1691                 }
1692         }
1693         return True;
1694 }
1695
1696 /****************************************************************************
1697  Special FCB or DOS processing in the case of a sharing violation.
1698  Try and find a duplicated file handle.
1699 ****************************************************************************/
1700
1701 static NTSTATUS fcb_or_dos_open(struct smb_request *req,
1702                                 connection_struct *conn,
1703                                 files_struct *fsp_to_dup_into,
1704                                 const struct smb_filename *smb_fname,
1705                                 struct file_id id,
1706                                 uint16 file_pid,
1707                                 uint64_t vuid,
1708                                 uint32 access_mask,
1709                                 uint32 share_access,
1710                                 uint32 create_options)
1711 {
1712         files_struct *fsp;
1713
1714         DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1715                  "file %s.\n", smb_fname_str_dbg(smb_fname)));
1716
1717         for(fsp = file_find_di_first(conn->sconn, id); fsp;
1718             fsp = file_find_di_next(fsp)) {
1719
1720                 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1721                           "vuid = %llu, file_pid = %u, private_options = 0x%x "
1722                           "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1723                           fsp->fh->fd, (unsigned long long)fsp->vuid,
1724                           (unsigned int)fsp->file_pid,
1725                           (unsigned int)fsp->fh->private_options,
1726                           (unsigned int)fsp->access_mask ));
1727
1728                 if (fsp != fsp_to_dup_into &&
1729                     fsp->fh->fd != -1 &&
1730                     fsp->vuid == vuid &&
1731                     fsp->file_pid == file_pid &&
1732                     (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1733                                                  NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1734                     (fsp->access_mask & FILE_WRITE_DATA) &&
1735                     strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1736                     strequal(fsp->fsp_name->stream_name,
1737                              smb_fname->stream_name)) {
1738                         DEBUG(10,("fcb_or_dos_open: file match\n"));
1739                         break;
1740                 }
1741         }
1742
1743         if (!fsp) {
1744                 return NT_STATUS_NOT_FOUND;
1745         }
1746
1747         /* quite an insane set of semantics ... */
1748         if (is_executable(smb_fname->base_name) &&
1749             (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1750                 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1751                 return NT_STATUS_INVALID_PARAMETER;
1752         }
1753
1754         /* We need to duplicate this fsp. */
1755         return dup_file_fsp(req, fsp, access_mask, share_access,
1756                             create_options, fsp_to_dup_into);
1757 }
1758
1759 static void schedule_defer_open(struct share_mode_lock *lck,
1760                                 struct file_id id,
1761                                 struct timeval request_time,
1762                                 struct smb_request *req)
1763 {
1764         struct deferred_open_record state;
1765
1766         /* This is a relative time, added to the absolute
1767            request_time value to get the absolute timeout time.
1768            Note that if this is the second or greater time we enter
1769            this codepath for this particular request mid then
1770            request_time is left as the absolute time of the *first*
1771            time this request mid was processed. This is what allows
1772            the request to eventually time out. */
1773
1774         struct timeval timeout;
1775
1776         /* Normally the smbd we asked should respond within
1777          * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1778          * the client did, give twice the timeout as a safety
1779          * measure here in case the other smbd is stuck
1780          * somewhere else. */
1781
1782         timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1783
1784         /* Nothing actually uses state.delayed_for_oplocks
1785            but it's handy to differentiate in debug messages
1786            between a 30 second delay due to oplock break, and
1787            a 1 second delay for share mode conflicts. */
1788
1789         state.delayed_for_oplocks = True;
1790         state.async_open = false;
1791         state.id = id;
1792
1793         if (!request_timed_out(request_time, timeout)) {
1794                 defer_open(lck, request_time, timeout, req, &state);
1795         }
1796 }
1797
1798 /****************************************************************************
1799  Reschedule an open call that went asynchronous.
1800 ****************************************************************************/
1801
1802 static void schedule_async_open(struct timeval request_time,
1803                                 struct smb_request *req)
1804 {
1805         struct deferred_open_record state;
1806         struct timeval timeout;
1807
1808         timeout = timeval_set(20, 0);
1809
1810         ZERO_STRUCT(state);
1811         state.delayed_for_oplocks = false;
1812         state.async_open = true;
1813
1814         if (!request_timed_out(request_time, timeout)) {
1815                 defer_open(NULL, request_time, timeout, req, &state);
1816         }
1817 }
1818
1819 /****************************************************************************
1820  Work out what access_mask to use from what the client sent us.
1821 ****************************************************************************/
1822
1823 static NTSTATUS smbd_calculate_maximum_allowed_access(
1824         connection_struct *conn,
1825         const struct smb_filename *smb_fname,
1826         bool use_privs,
1827         uint32_t *p_access_mask)
1828 {
1829         struct security_descriptor *sd;
1830         uint32_t access_granted;
1831         NTSTATUS status;
1832
1833         if (!use_privs && (get_current_uid(conn) == (uid_t)0)) {
1834                 *p_access_mask |= FILE_GENERIC_ALL;
1835                 return NT_STATUS_OK;
1836         }
1837
1838         status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1839                                     (SECINFO_OWNER |
1840                                      SECINFO_GROUP |
1841                                      SECINFO_DACL),
1842                                     talloc_tos(), &sd);
1843
1844         if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1845                 /*
1846                  * File did not exist
1847                  */
1848                 *p_access_mask = FILE_GENERIC_ALL;
1849                 return NT_STATUS_OK;
1850         }
1851         if (!NT_STATUS_IS_OK(status)) {
1852                 DEBUG(10,("Could not get acl on file %s: %s\n",
1853                           smb_fname_str_dbg(smb_fname),
1854                           nt_errstr(status)));
1855                 return NT_STATUS_ACCESS_DENIED;
1856         }
1857
1858         /*
1859          * If we can access the path to this file, by
1860          * default we have FILE_READ_ATTRIBUTES from the
1861          * containing directory. See the section:
1862          * "Algorithm to Check Access to an Existing File"
1863          * in MS-FSA.pdf.
1864          *
1865          * se_file_access_check()
1866          * also takes care of owner WRITE_DAC and READ_CONTROL.
1867          */
1868         status = se_file_access_check(sd,
1869                                  get_current_nttok(conn),
1870                                  use_privs,
1871                                  (*p_access_mask & ~FILE_READ_ATTRIBUTES),
1872                                  &access_granted);
1873
1874         TALLOC_FREE(sd);
1875
1876         if (!NT_STATUS_IS_OK(status)) {
1877                 DEBUG(10, ("Access denied on file %s: "
1878                            "when calculating maximum access\n",
1879                            smb_fname_str_dbg(smb_fname)));
1880                 return NT_STATUS_ACCESS_DENIED;
1881         }
1882         *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
1883
1884         if (!(access_granted & DELETE_ACCESS)) {
1885                 if (can_delete_file_in_directory(conn, smb_fname)) {
1886                         *p_access_mask |= DELETE_ACCESS;
1887                 }
1888         }
1889
1890         return NT_STATUS_OK;
1891 }
1892
1893 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
1894                                     const struct smb_filename *smb_fname,
1895                                     bool use_privs,
1896                                     uint32_t access_mask,
1897                                     uint32_t *access_mask_out)
1898 {
1899         NTSTATUS status;
1900         uint32_t orig_access_mask = access_mask;
1901         uint32_t rejected_share_access;
1902
1903         /*
1904          * Convert GENERIC bits to specific bits.
1905          */
1906
1907         se_map_generic(&access_mask, &file_generic_mapping);
1908
1909         /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1910         if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1911
1912                 status = smbd_calculate_maximum_allowed_access(
1913                         conn, smb_fname, use_privs, &access_mask);
1914
1915                 if (!NT_STATUS_IS_OK(status)) {
1916                         return status;
1917                 }
1918
1919                 access_mask &= conn->share_access;
1920         }
1921
1922         rejected_share_access = access_mask & ~(conn->share_access);
1923
1924         if (rejected_share_access) {
1925                 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
1926                         "file %s: rejected by share access mask[0x%08X] "
1927                         "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
1928                         smb_fname_str_dbg(smb_fname),
1929                         conn->share_access,
1930                         orig_access_mask, access_mask,
1931                         rejected_share_access));
1932                 return NT_STATUS_ACCESS_DENIED;
1933         }
1934
1935         *access_mask_out = access_mask;
1936         return NT_STATUS_OK;
1937 }
1938
1939 /****************************************************************************
1940  Remove the deferred open entry under lock.
1941 ****************************************************************************/
1942
1943 /****************************************************************************
1944  Return true if this is a state pointer to an asynchronous create.
1945 ****************************************************************************/
1946
1947 bool is_deferred_open_async(const struct deferred_open_record *rec)
1948 {
1949         return rec->async_open;
1950 }
1951
1952 static bool clear_ads(uint32_t create_disposition)
1953 {
1954         bool ret = false;
1955
1956         switch (create_disposition) {
1957         case FILE_SUPERSEDE:
1958         case FILE_OVERWRITE_IF:
1959         case FILE_OVERWRITE:
1960                 ret = true;
1961                 break;
1962         default:
1963                 break;
1964         }
1965         return ret;
1966 }
1967
1968 static int disposition_to_open_flags(uint32_t create_disposition)
1969 {
1970         int ret = 0;
1971
1972         /*
1973          * Currently we're using FILE_SUPERSEDE as the same as
1974          * FILE_OVERWRITE_IF but they really are
1975          * different. FILE_SUPERSEDE deletes an existing file
1976          * (requiring delete access) then recreates it.
1977          */
1978
1979         switch (create_disposition) {
1980         case FILE_SUPERSEDE:
1981         case FILE_OVERWRITE_IF:
1982                 /*
1983                  * If file exists replace/overwrite. If file doesn't
1984                  * exist create.
1985                  */
1986                 ret = O_CREAT|O_TRUNC;
1987                 break;
1988
1989         case FILE_OPEN:
1990                 /*
1991                  * If file exists open. If file doesn't exist error.
1992                  */
1993                 ret = 0;
1994                 break;
1995
1996         case FILE_OVERWRITE:
1997                 /*
1998                  * If file exists overwrite. If file doesn't exist
1999                  * error.
2000                  */
2001                 ret = O_TRUNC;
2002                 break;
2003
2004         case FILE_CREATE:
2005                 /*
2006                  * If file exists error. If file doesn't exist create.
2007                  */
2008                 ret = O_CREAT|O_EXCL;
2009                 break;
2010
2011         case FILE_OPEN_IF:
2012                 /*
2013                  * If file exists open. If file doesn't exist create.
2014                  */
2015                 ret = O_CREAT;
2016                 break;
2017         }
2018         return ret;
2019 }
2020
2021 static int calculate_open_access_flags(uint32_t access_mask,
2022                                        int oplock_request,
2023                                        uint32_t private_flags)
2024 {
2025         bool need_write, need_read;
2026
2027         /*
2028          * Note that we ignore the append flag as append does not
2029          * mean the same thing under DOS and Unix.
2030          */
2031
2032         need_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA));
2033         if (!need_write) {
2034                 return O_RDONLY;
2035         }
2036
2037         /* DENY_DOS opens are always underlying read-write on the
2038            file handle, no matter what the requested access mask
2039            says. */
2040
2041         need_read =
2042                 ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
2043                  access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|
2044                                 FILE_READ_EA|FILE_EXECUTE));
2045
2046         if (!need_read) {
2047                 return O_WRONLY;
2048         }
2049         return O_RDWR;
2050 }
2051
2052 /****************************************************************************
2053  Open a file with a share mode. Passed in an already created files_struct *.
2054 ****************************************************************************/
2055
2056 static NTSTATUS open_file_ntcreate(connection_struct *conn,
2057                             struct smb_request *req,
2058                             uint32 access_mask,         /* access bits (FILE_READ_DATA etc.) */
2059                             uint32 share_access,        /* share constants (FILE_SHARE_READ etc) */
2060                             uint32 create_disposition,  /* FILE_OPEN_IF etc. */
2061                             uint32 create_options,      /* options such as delete on close. */
2062                             uint32 new_dos_attributes,  /* attributes used for new file. */
2063                             int oplock_request,         /* internal Samba oplock codes. */
2064                                                         /* Information (FILE_EXISTS etc.) */
2065                             uint32_t private_flags,     /* Samba specific flags. */
2066                             int *pinfo,
2067                             files_struct *fsp)
2068 {
2069         struct smb_filename *smb_fname = fsp->fsp_name;
2070         int flags=0;
2071         int flags2=0;
2072         bool file_existed = VALID_STAT(smb_fname->st);
2073         bool def_acl = False;
2074         bool posix_open = False;
2075         bool new_file_created = False;
2076         bool first_open_attempt = true;
2077         NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
2078         mode_t new_unx_mode = (mode_t)0;
2079         mode_t unx_mode = (mode_t)0;
2080         int info;
2081         uint32 existing_dos_attributes = 0;
2082         struct timeval request_time = timeval_zero();
2083         struct share_mode_lock *lck = NULL;
2084         uint32 open_access_mask = access_mask;
2085         NTSTATUS status;
2086         char *parent_dir;
2087         SMB_STRUCT_STAT saved_stat = smb_fname->st;
2088         struct timespec old_write_time;
2089         struct file_id id;
2090
2091         if (conn->printer) {
2092                 /*
2093                  * Printers are handled completely differently.
2094                  * Most of the passed parameters are ignored.
2095                  */
2096
2097                 if (pinfo) {
2098                         *pinfo = FILE_WAS_CREATED;
2099                 }
2100
2101                 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
2102                            smb_fname_str_dbg(smb_fname)));
2103
2104                 if (!req) {
2105                         DEBUG(0,("open_file_ntcreate: printer open without "
2106                                 "an SMB request!\n"));
2107                         return NT_STATUS_INTERNAL_ERROR;
2108                 }
2109
2110                 return print_spool_open(fsp, smb_fname->base_name,
2111                                         req->vuid);
2112         }
2113
2114         if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
2115                             NULL)) {
2116                 return NT_STATUS_NO_MEMORY;
2117         }
2118
2119         if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2120                 posix_open = True;
2121                 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2122                 new_dos_attributes = 0;
2123         } else {
2124                 /* Windows allows a new file to be created and
2125                    silently removes a FILE_ATTRIBUTE_DIRECTORY
2126                    sent by the client. Do the same. */
2127
2128                 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
2129
2130                 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
2131                  * created new. */
2132                 unx_mode = unix_mode(conn, new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
2133                                      smb_fname, parent_dir);
2134         }
2135
2136         DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
2137                    "access_mask=0x%x share_access=0x%x "
2138                    "create_disposition = 0x%x create_options=0x%x "
2139                    "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
2140                    smb_fname_str_dbg(smb_fname), new_dos_attributes,
2141                    access_mask, share_access, create_disposition,
2142                    create_options, (unsigned int)unx_mode, oplock_request,
2143                    (unsigned int)private_flags));
2144
2145         if (req == NULL) {
2146                 /* Ensure req == NULL means INTERNAL_OPEN_ONLY */
2147                 SMB_ASSERT(((oplock_request & INTERNAL_OPEN_ONLY) != 0));
2148         } else {
2149                 /* And req != NULL means no INTERNAL_OPEN_ONLY */
2150                 SMB_ASSERT(((oplock_request & INTERNAL_OPEN_ONLY) == 0));
2151         }
2152
2153         /*
2154          * Only non-internal opens can be deferred at all
2155          */
2156
2157         if (req) {
2158                 struct deferred_open_record *open_rec;
2159                 if (get_deferred_open_message_state(req,
2160                                 &request_time,
2161                                 &open_rec)) {
2162                         /* Remember the absolute time of the original
2163                            request with this mid. We'll use it later to
2164                            see if this has timed out. */
2165
2166                         /* If it was an async create retry, the file
2167                            didn't exist. */
2168
2169                         if (is_deferred_open_async(open_rec)) {
2170                                 SET_STAT_INVALID(smb_fname->st);
2171                                 file_existed = false;
2172                         }
2173
2174                         /* Ensure we don't reprocess this message. */
2175                         remove_deferred_open_message_smb(req->sconn, req->mid);
2176
2177                         first_open_attempt = false;
2178                 }
2179         }
2180
2181         if (!posix_open) {
2182                 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
2183                 if (file_existed) {
2184                         existing_dos_attributes = dos_mode(conn, smb_fname);
2185                 }
2186         }
2187
2188         /* ignore any oplock requests if oplocks are disabled */
2189         if (!lp_oplocks(SNUM(conn)) ||
2190             IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
2191                 /* Mask off everything except the private Samba bits. */
2192                 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
2193         }
2194
2195         /* this is for OS/2 long file names - say we don't support them */
2196         if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
2197                 /* OS/2 Workplace shell fix may be main code stream in a later
2198                  * release. */
2199                 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
2200                          "supported.\n"));
2201                 if (use_nt_status()) {
2202                         return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2203                 }
2204                 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
2205         }
2206
2207         switch( create_disposition ) {
2208                 case FILE_OPEN:
2209                         /* If file exists open. If file doesn't exist error. */
2210                         if (!file_existed) {
2211                                 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
2212                                          "requested for file %s and file "
2213                                          "doesn't exist.\n",
2214                                          smb_fname_str_dbg(smb_fname)));
2215                                 errno = ENOENT;
2216                                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2217                         }
2218                         break;
2219
2220                 case FILE_OVERWRITE:
2221                         /* If file exists overwrite. If file doesn't exist
2222                          * error. */
2223                         if (!file_existed) {
2224                                 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
2225                                          "requested for file %s and file "
2226                                          "doesn't exist.\n",
2227                                          smb_fname_str_dbg(smb_fname) ));
2228                                 errno = ENOENT;
2229                                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2230                         }
2231                         break;
2232
2233                 case FILE_CREATE:
2234                         /* If file exists error. If file doesn't exist
2235                          * create. */
2236                         if (file_existed) {
2237                                 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
2238                                          "requested for file %s and file "
2239                                          "already exists.\n",
2240                                          smb_fname_str_dbg(smb_fname)));
2241                                 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
2242                                         errno = EISDIR;
2243                                 } else {
2244                                         errno = EEXIST;
2245                                 }
2246                                 return map_nt_error_from_unix(errno);
2247                         }
2248                         break;
2249
2250                 case FILE_SUPERSEDE:
2251                 case FILE_OVERWRITE_IF:
2252                 case FILE_OPEN_IF:
2253                         break;
2254                 default:
2255                         return NT_STATUS_INVALID_PARAMETER;
2256         }
2257
2258         flags2 = disposition_to_open_flags(create_disposition);
2259
2260         /* We only care about matching attributes on file exists and
2261          * overwrite. */
2262
2263         if (!posix_open && file_existed &&
2264             ((create_disposition == FILE_OVERWRITE) ||
2265              (create_disposition == FILE_OVERWRITE_IF))) {
2266                 if (!open_match_attributes(conn, existing_dos_attributes,
2267                                            new_dos_attributes,
2268                                            smb_fname->st.st_ex_mode,
2269                                            unx_mode, &new_unx_mode)) {
2270                         DEBUG(5,("open_file_ntcreate: attributes missmatch "
2271                                  "for file %s (%x %x) (0%o, 0%o)\n",
2272                                  smb_fname_str_dbg(smb_fname),
2273                                  existing_dos_attributes,
2274                                  new_dos_attributes,
2275                                  (unsigned int)smb_fname->st.st_ex_mode,
2276                                  (unsigned int)unx_mode ));
2277                         errno = EACCES;
2278                         return NT_STATUS_ACCESS_DENIED;
2279                 }
2280         }
2281
2282         status = smbd_calculate_access_mask(conn, smb_fname,
2283                                         false,
2284                                         access_mask,
2285                                         &access_mask); 
2286         if (!NT_STATUS_IS_OK(status)) {
2287                 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
2288                         "on file %s returned %s\n",
2289                         smb_fname_str_dbg(smb_fname), nt_errstr(status)));
2290                 return status;
2291         }
2292
2293         open_access_mask = access_mask;
2294
2295         if (flags2 & O_TRUNC) {
2296                 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
2297         }
2298
2299         DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
2300                    "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
2301                     access_mask));
2302
2303         /*
2304          * Note that we ignore the append flag as append does not
2305          * mean the same thing under DOS and Unix.
2306          */
2307
2308         flags = calculate_open_access_flags(access_mask, oplock_request,
2309                                             private_flags);
2310
2311         /*
2312          * Currently we only look at FILE_WRITE_THROUGH for create options.
2313          */
2314
2315 #if defined(O_SYNC)
2316         if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
2317                 flags2 |= O_SYNC;
2318         }
2319 #endif /* O_SYNC */
2320
2321         if (posix_open && (access_mask & FILE_APPEND_DATA)) {
2322                 flags2 |= O_APPEND;
2323         }
2324
2325         if (!posix_open && !CAN_WRITE(conn)) {
2326                 /*
2327                  * We should really return a permission denied error if either
2328                  * O_CREAT or O_TRUNC are set, but for compatibility with
2329                  * older versions of Samba we just AND them out.
2330                  */
2331                 flags2 &= ~(O_CREAT|O_TRUNC);
2332         }
2333
2334         if (first_open_attempt && lp_kernel_oplocks(SNUM(conn))) {
2335                 /*
2336                  * With kernel oplocks the open breaking an oplock
2337                  * blocks until the oplock holder has given up the
2338                  * oplock or closed the file. We prevent this by first
2339                  * trying to open the file with O_NONBLOCK (see "man
2340                  * fcntl" on Linux). For the second try, triggered by
2341                  * an oplock break response, we do not need this
2342                  * anymore.
2343                  *
2344                  * This is true under the assumption that only Samba
2345                  * requests kernel oplocks. Once someone else like
2346                  * NFSv4 starts to use that API, we will have to
2347                  * modify this by communicating with the NFSv4 server.
2348                  */
2349                 flags2 |= O_NONBLOCK;
2350         }
2351
2352         /*
2353          * Ensure we can't write on a read-only share or file.
2354          */
2355
2356         if (flags != O_RDONLY && file_existed &&
2357             (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
2358                 DEBUG(5,("open_file_ntcreate: write access requested for "
2359                          "file %s on read only %s\n",
2360                          smb_fname_str_dbg(smb_fname),
2361                          !CAN_WRITE(conn) ? "share" : "file" ));
2362                 errno = EACCES;
2363                 return NT_STATUS_ACCESS_DENIED;
2364         }
2365
2366         fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
2367         fsp->share_access = share_access;
2368         fsp->fh->private_options = private_flags;
2369         fsp->access_mask = open_access_mask; /* We change this to the
2370                                               * requested access_mask after
2371                                               * the open is done. */
2372         fsp->posix_open = posix_open;
2373
2374         /* Ensure no SAMBA_PRIVATE bits can be set. */
2375         fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
2376
2377         if (timeval_is_zero(&request_time)) {
2378                 request_time = fsp->open_time;
2379         }
2380
2381         /*
2382          * Ensure we pay attention to default ACLs on directories if required.
2383          */
2384
2385         if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
2386             (def_acl = directory_has_default_acl(conn, parent_dir))) {
2387                 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
2388         }
2389
2390         DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2391                 "access_mask = 0x%x, open_access_mask = 0x%x\n",
2392                  (unsigned int)flags, (unsigned int)flags2,
2393                  (unsigned int)unx_mode, (unsigned int)access_mask,
2394                  (unsigned int)open_access_mask));
2395
2396         fsp_open = open_file(fsp, conn, req, parent_dir,
2397                              flags|flags2, unx_mode, access_mask,
2398                              open_access_mask, &new_file_created);
2399
2400         if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_NETWORK_BUSY)) {
2401                 struct deferred_open_record state;
2402
2403                 /*
2404                  * EWOULDBLOCK/EAGAIN maps to NETWORK_BUSY.
2405                  */
2406                 if (file_existed && S_ISFIFO(fsp->fsp_name->st.st_ex_mode)) {
2407                         DEBUG(10, ("FIFO busy\n"));
2408                         return NT_STATUS_NETWORK_BUSY;
2409                 }
2410                 if (req == NULL) {
2411                         DEBUG(10, ("Internal open busy\n"));
2412                         return NT_STATUS_NETWORK_BUSY;
2413                 }
2414
2415                 /*
2416                  * From here on we assume this is an oplock break triggered
2417                  */
2418
2419                 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
2420                 if (lck == NULL) {
2421                         state.delayed_for_oplocks = false;
2422                         state.async_open = false;
2423                         state.id = fsp->file_id;
2424                         defer_open(NULL, request_time, timeval_set(0, 0),
2425                                    req, &state);
2426                         DEBUG(10, ("No share mode lock found after "
2427                                    "EWOULDBLOCK, retrying sync\n"));
2428                         return NT_STATUS_SHARING_VIOLATION;
2429                 }
2430
2431                 if (!validate_oplock_types(lck)) {
2432                         smb_panic("validate_oplock_types failed");
2433                 }
2434
2435                 if (delay_for_oplock(fsp, 0, lck, false, create_disposition)) {
2436                         schedule_defer_open(lck, fsp->file_id, request_time, req);
2437                         TALLOC_FREE(lck);
2438                         DEBUG(10, ("Sent oplock break request to kernel "
2439                                    "oplock holder\n"));
2440                         return NT_STATUS_SHARING_VIOLATION;
2441                 }
2442
2443                 /*
2444                  * No oplock from Samba around. Immediately retry with
2445                  * a blocking open.
2446                  */
2447                 state.delayed_for_oplocks = false;
2448                 state.async_open = false;
2449                 state.id = fsp->file_id;
2450                 defer_open(lck, request_time, timeval_set(0, 0), req, &state);
2451                 TALLOC_FREE(lck);
2452                 DEBUG(10, ("No Samba oplock around after EWOULDBLOCK. "
2453                            "Retrying sync\n"));
2454                 return NT_STATUS_SHARING_VIOLATION;
2455         }
2456
2457         if (!NT_STATUS_IS_OK(fsp_open)) {
2458                 if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_RETRY)) {
2459                         schedule_async_open(request_time, req);
2460                 }
2461                 return fsp_open;
2462         }
2463
2464         if (file_existed && !check_same_dev_ino(&saved_stat, &smb_fname->st)) {
2465                 /*
2466                  * The file did exist, but some other (local or NFS)
2467                  * process either renamed/unlinked and re-created the
2468                  * file with different dev/ino after we walked the path,
2469                  * but before we did the open. We could retry the
2470                  * open but it's a rare enough case it's easier to
2471                  * just fail the open to prevent creating any problems
2472                  * in the open file db having the wrong dev/ino key.
2473                  */
2474                 fd_close(fsp);
2475                 DEBUG(1,("open_file_ntcreate: file %s - dev/ino mismatch. "
2476                         "Old (dev=0x%llu, ino =0x%llu). "
2477                         "New (dev=0x%llu, ino=0x%llu). Failing open "
2478                         " with NT_STATUS_ACCESS_DENIED.\n",
2479                          smb_fname_str_dbg(smb_fname),
2480                          (unsigned long long)saved_stat.st_ex_dev,
2481                          (unsigned long long)saved_stat.st_ex_ino,
2482                          (unsigned long long)smb_fname->st.st_ex_dev,
2483                          (unsigned long long)smb_fname->st.st_ex_ino));
2484                 return NT_STATUS_ACCESS_DENIED;
2485         }
2486
2487         old_write_time = smb_fname->st.st_ex_mtime;
2488
2489         /*
2490          * Deal with the race condition where two smbd's detect the
2491          * file doesn't exist and do the create at the same time. One
2492          * of them will win and set a share mode, the other (ie. this
2493          * one) should check if the requested share mode for this
2494          * create is allowed.
2495          */
2496
2497         /*
2498          * Now the file exists and fsp is successfully opened,
2499          * fsp->dev and fsp->inode are valid and should replace the
2500          * dev=0,inode=0 from a non existent file. Spotted by
2501          * Nadav Danieli <nadavd@exanet.com>. JRA.
2502          */
2503
2504         id = fsp->file_id;
2505
2506         lck = get_share_mode_lock(talloc_tos(), id,
2507                                   conn->connectpath,
2508                                   smb_fname, &old_write_time);
2509
2510         if (lck == NULL) {
2511                 DEBUG(0, ("open_file_ntcreate: Could not get share "
2512                           "mode lock for %s\n",
2513                           smb_fname_str_dbg(smb_fname)));
2514                 fd_close(fsp);
2515                 return NT_STATUS_SHARING_VIOLATION;
2516         }
2517
2518         /* Get the types we need to examine. */
2519         if (!validate_oplock_types(lck)) {
2520                 smb_panic("validate_oplock_types failed");
2521         }
2522
2523         if (has_delete_on_close(lck, fsp->name_hash)) {
2524                 TALLOC_FREE(lck);
2525                 fd_close(fsp);
2526                 return NT_STATUS_DELETE_PENDING;
2527         }
2528
2529         status = open_mode_check(conn, lck,
2530                                  access_mask, share_access);
2531
2532         if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
2533             (lck->data->num_share_modes > 0)) {
2534                 /*
2535                  * This comes from ancient times out of open_mode_check. I
2536                  * have no clue whether this is still necessary. I can't think
2537                  * of a case where this would actually matter further down in
2538                  * this function. I leave it here for further investigation
2539                  * :-)
2540                  */
2541                 file_existed = true;
2542         }
2543
2544         if ((req != NULL) &&
2545             delay_for_oplock(
2546                     fsp, oplock_request, lck,
2547                     NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION),
2548                     create_disposition)) {
2549                 schedule_defer_open(lck, fsp->file_id, request_time, req);
2550                 TALLOC_FREE(lck);
2551                 fd_close(fsp);
2552                 return NT_STATUS_SHARING_VIOLATION;
2553         }
2554
2555         if (!NT_STATUS_IS_OK(status)) {
2556                 uint32 can_access_mask;
2557                 bool can_access = True;
2558
2559                 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
2560
2561                 /* Check if this can be done with the deny_dos and fcb
2562                  * calls. */
2563                 if (private_flags &
2564                     (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
2565                      NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
2566                         if (req == NULL) {
2567                                 DEBUG(0, ("DOS open without an SMB "
2568                                           "request!\n"));
2569                                 TALLOC_FREE(lck);
2570                                 fd_close(fsp);
2571                                 return NT_STATUS_INTERNAL_ERROR;
2572                         }
2573
2574                         /* Use the client requested access mask here,
2575                          * not the one we open with. */
2576                         status = fcb_or_dos_open(req,
2577                                                  conn,
2578                                                  fsp,
2579                                                  smb_fname,
2580                                                  id,
2581                                                  req->smbpid,
2582                                                  req->vuid,
2583                                                  access_mask,
2584                                                  share_access,
2585                                                  create_options);
2586
2587                         if (NT_STATUS_IS_OK(status)) {
2588                                 TALLOC_FREE(lck);
2589                                 if (pinfo) {
2590                                         *pinfo = FILE_WAS_OPENED;
2591                                 }
2592                                 return NT_STATUS_OK;
2593                         }
2594                 }
2595
2596                 /*
2597                  * This next line is a subtlety we need for
2598                  * MS-Access. If a file open will fail due to share
2599                  * permissions and also for security (access) reasons,
2600                  * we need to return the access failed error, not the
2601                  * share error. We can't open the file due to kernel
2602                  * oplock deadlock (it's possible we failed above on
2603                  * the open_mode_check()) so use a userspace check.
2604                  */
2605
2606                 if (flags & O_RDWR) {
2607                         can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
2608                 } else if (flags & O_WRONLY) {
2609                         can_access_mask = FILE_WRITE_DATA;
2610                 } else {
2611                         can_access_mask = FILE_READ_DATA;
2612                 }
2613
2614                 if (((can_access_mask & FILE_WRITE_DATA) &&
2615                      !CAN_WRITE(conn)) ||
2616                     !NT_STATUS_IS_OK(smbd_check_access_rights(conn,
2617                                                               smb_fname,
2618                                                               false,
2619                                                               can_access_mask))) {
2620                         can_access = False;
2621                 }
2622
2623                 /*
2624                  * If we're returning a share violation, ensure we
2625                  * cope with the braindead 1 second delay (SMB1 only).
2626                  */
2627
2628                 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
2629                     !conn->sconn->using_smb2 &&
2630                     lp_defer_sharing_violations()) {
2631                         struct timeval timeout;
2632                         struct deferred_open_record state;
2633                         int timeout_usecs;
2634
2635                         /* this is a hack to speed up torture tests
2636                            in 'make test' */
2637                         timeout_usecs = lp_parm_int(SNUM(conn),
2638                                                     "smbd","sharedelay",
2639                                                     SHARING_VIOLATION_USEC_WAIT);
2640
2641                         /* This is a relative time, added to the absolute
2642                            request_time value to get the absolute timeout time.
2643                            Note that if this is the second or greater time we enter
2644                            this codepath for this particular request mid then
2645                            request_time is left as the absolute time of the *first*
2646                            time this request mid was processed. This is what allows
2647                            the request to eventually time out. */
2648
2649                         timeout = timeval_set(0, timeout_usecs);
2650
2651                         /* Nothing actually uses state.delayed_for_oplocks
2652                            but it's handy to differentiate in debug messages
2653                            between a 30 second delay due to oplock break, and
2654                            a 1 second delay for share mode conflicts. */
2655
2656                         state.delayed_for_oplocks = False;
2657                         state.async_open = false;
2658                         state.id = id;
2659
2660                         if ((req != NULL)
2661                             && !request_timed_out(request_time,
2662                                                   timeout)) {
2663                                 defer_open(lck, request_time, timeout,
2664                                            req, &state);
2665                         }
2666                 }
2667
2668                 TALLOC_FREE(lck);
2669                 fd_close(fsp);
2670                 if (can_access) {
2671                         /*
2672                          * We have detected a sharing violation here
2673                          * so return the correct error code
2674                          */
2675                         status = NT_STATUS_SHARING_VIOLATION;
2676                 } else {
2677                         status = NT_STATUS_ACCESS_DENIED;
2678                 }
2679                 return status;
2680         }
2681
2682         /* Should we atomically (to the client at least) truncate ? */
2683         if ((!new_file_created) &&
2684             (flags2 & O_TRUNC) &&
2685             (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode))) {
2686                 int ret;
2687
2688                 ret = vfs_set_filelen(fsp, 0);
2689                 if (ret != 0) {
2690                         status = map_nt_error_from_unix(errno);
2691                         TALLOC_FREE(lck);
2692                         fd_close(fsp);
2693                         return status;
2694                 }
2695         }
2696
2697         grant_fsp_oplock_type(fsp, lck, oplock_request);
2698
2699         /*
2700          * We have the share entry *locked*.....
2701          */
2702
2703         /* Delete streams if create_disposition requires it */
2704         if (!new_file_created && clear_ads(create_disposition) &&
2705             !is_ntfs_stream_smb_fname(smb_fname)) {
2706                 status = delete_all_streams(conn, smb_fname->base_name);
2707                 if (!NT_STATUS_IS_OK(status)) {
2708                         TALLOC_FREE(lck);
2709                         fd_close(fsp);
2710                         return status;
2711                 }
2712         }
2713
2714         /* note that we ignore failure for the following. It is
2715            basically a hack for NFS, and NFS will never set one of
2716            these only read them. Nobody but Samba can ever set a deny
2717            mode and we have already checked our more authoritative
2718            locking database for permission to set this deny mode. If
2719            the kernel refuses the operations then the kernel is wrong.
2720            note that GPFS supports it as well - jmcd */
2721
2722         if (fsp->fh->fd != -1 && lp_kernel_share_modes(SNUM(conn))) {
2723                 int ret_flock;
2724                 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
2725                 if(ret_flock == -1 ){
2726
2727                         TALLOC_FREE(lck);
2728                         fd_close(fsp);
2729
2730                         return NT_STATUS_SHARING_VIOLATION;
2731                 }
2732         }
2733
2734         /*
2735          * At this point onwards, we can guarantee that the share entry
2736          * is locked, whether we created the file or not, and that the
2737          * deny mode is compatible with all current opens.
2738          */
2739
2740         /*
2741          * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2742          * but we don't have to store this - just ignore it on access check.
2743          */
2744         if (conn->sconn->using_smb2) {
2745                 /*
2746                  * SMB2 doesn't return it (according to Microsoft tests).
2747                  * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
2748                  * File created with access = 0x7 (Read, Write, Delete)
2749                  * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
2750                  */
2751                 fsp->access_mask = access_mask;
2752         } else {
2753                 /* But SMB1 does. */
2754                 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2755         }
2756
2757         if (file_existed) {
2758                 /* stat opens on existing files don't get oplocks. */
2759                 if (is_stat_open(open_access_mask)) {
2760                         fsp->oplock_type = NO_OPLOCK;
2761                 }
2762         }
2763
2764         if (new_file_created) {
2765                 info = FILE_WAS_CREATED;
2766         } else {
2767                 if (flags2 & O_TRUNC) {
2768                         info = FILE_WAS_OVERWRITTEN;
2769                 } else {
2770                         info = FILE_WAS_OPENED;
2771                 }
2772         }
2773
2774         if (pinfo) {
2775                 *pinfo = info;
2776         }
2777
2778         /*
2779          * Setup the oplock info in both the shared memory and
2780          * file structs.
2781          */
2782
2783         status = set_file_oplock(fsp);
2784         if (!NT_STATUS_IS_OK(status)) {
2785                 /*
2786                  * Could not get the kernel oplock
2787                  */
2788                 fsp->oplock_type = NO_OPLOCK;
2789         }
2790
2791         if (!set_share_mode(lck, fsp, get_current_uid(conn),
2792                             req ? req->mid : 0,
2793                             fsp->oplock_type)) {
2794                 TALLOC_FREE(lck);
2795                 fd_close(fsp);
2796                 return NT_STATUS_NO_MEMORY;
2797         }
2798
2799         /* Handle strange delete on close create semantics. */
2800         if (create_options & FILE_DELETE_ON_CLOSE) {
2801
2802                 status = can_set_delete_on_close(fsp, new_dos_attributes);
2803
2804                 if (!NT_STATUS_IS_OK(status)) {
2805                         /* Remember to delete the mode we just added. */
2806                         del_share_mode(lck, fsp);
2807                         TALLOC_FREE(lck);
2808                         fd_close(fsp);
2809                         return status;
2810                 }
2811                 /* Note that here we set the *inital* delete on close flag,
2812                    not the regular one. The magic gets handled in close. */
2813                 fsp->initial_delete_on_close = True;
2814         }
2815
2816         if (info != FILE_WAS_OPENED) {
2817                 /* Files should be initially set as archive */
2818                 if (lp_map_archive(SNUM(conn)) ||
2819                     lp_store_dos_attributes(SNUM(conn))) {
2820                         if (!posix_open) {
2821                                 if (file_set_dosmode(conn, smb_fname,
2822                                             new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
2823                                             parent_dir, true) == 0) {
2824                                         unx_mode = smb_fname->st.st_ex_mode;
2825                                 }
2826                         }
2827                 }
2828         }
2829
2830         /* Determine sparse flag. */
2831         if (posix_open) {
2832                 /* POSIX opens are sparse by default. */
2833                 fsp->is_sparse = true;
2834         } else {
2835                 fsp->is_sparse = (file_existed &&
2836                         (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE));
2837         }
2838
2839         /*
2840          * Take care of inherited ACLs on created files - if default ACL not
2841          * selected.
2842          */
2843
2844         if (!posix_open && new_file_created && !def_acl) {
2845
2846                 int saved_errno = errno; /* We might get ENOSYS in the next
2847                                           * call.. */
2848
2849                 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2850                     errno == ENOSYS) {
2851                         errno = saved_errno; /* Ignore ENOSYS */
2852                 }
2853
2854         } else if (new_unx_mode) {
2855
2856                 int ret = -1;
2857
2858                 /* Attributes need changing. File already existed. */
2859
2860                 {
2861                         int saved_errno = errno; /* We might get ENOSYS in the
2862                                                   * next call.. */
2863                         ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2864
2865                         if (ret == -1 && errno == ENOSYS) {
2866                                 errno = saved_errno; /* Ignore ENOSYS */
2867                         } else {
2868                                 DEBUG(5, ("open_file_ntcreate: reset "
2869                                           "attributes of file %s to 0%o\n",
2870                                           smb_fname_str_dbg(smb_fname),
2871                                           (unsigned int)new_unx_mode));
2872                                 ret = 0; /* Don't do the fchmod below. */
2873                         }
2874                 }
2875
2876                 if ((ret == -1) &&
2877                     (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2878                         DEBUG(5, ("open_file_ntcreate: failed to reset "
2879                                   "attributes of file %s to 0%o\n",
2880                                   smb_fname_str_dbg(smb_fname),
2881                                   (unsigned int)new_unx_mode));
2882         }
2883
2884         {
2885                 /*
2886                  * Deal with other opens having a modified write time.
2887                  */
2888                 struct timespec write_time = get_share_mode_write_time(lck);
2889
2890                 if (!null_timespec(write_time)) {
2891                         update_stat_ex_mtime(&fsp->fsp_name->st, write_time);
2892                 }
2893         }
2894
2895         TALLOC_FREE(lck);
2896
2897         return NT_STATUS_OK;
2898 }
2899
2900 static NTSTATUS mkdir_internal(connection_struct *conn,
2901                                struct smb_filename *smb_dname,
2902                                uint32 file_attributes)
2903 {
2904         mode_t mode;
2905         char *parent_dir = NULL;
2906         NTSTATUS status;
2907         bool posix_open = false;
2908         bool need_re_stat = false;
2909         uint32_t access_mask = SEC_DIR_ADD_SUBDIR;
2910
2911         if (!CAN_WRITE(conn) || (access_mask & ~(conn->share_access))) {
2912                 DEBUG(5,("mkdir_internal: failing share access "
2913                          "%s\n", lp_servicename(talloc_tos(), SNUM(conn))));
2914                 return NT_STATUS_ACCESS_DENIED;
2915         }
2916
2917         if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2918                             NULL)) {
2919                 return NT_STATUS_NO_MEMORY;
2920         }
2921
2922         if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2923                 posix_open = true;
2924                 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2925         } else {
2926                 mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, smb_dname, parent_dir);
2927         }
2928
2929         status = check_parent_access(conn,
2930                                         smb_dname,
2931                                         access_mask);
2932         if(!NT_STATUS_IS_OK(status)) {
2933                 DEBUG(5,("mkdir_internal: check_parent_access "
2934                         "on directory %s for path %s returned %s\n",
2935                         parent_dir,
2936                         smb_dname->base_name,
2937                         nt_errstr(status) ));
2938                 return status;
2939         }
2940
2941         if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2942                 return map_nt_error_from_unix(errno);
2943         }
2944
2945         /* Ensure we're checking for a symlink here.... */
2946         /* We don't want to get caught by a symlink racer. */
2947
2948         if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2949                 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2950                           smb_fname_str_dbg(smb_dname), strerror(errno)));
2951                 return map_nt_error_from_unix(errno);
2952         }
2953
2954         if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2955                 DEBUG(0, ("Directory '%s' just created is not a directory !\n",
2956                           smb_fname_str_dbg(smb_dname)));
2957                 return NT_STATUS_NOT_A_DIRECTORY;
2958         }
2959
2960         if (lp_store_dos_attributes(SNUM(conn))) {
2961                 if (!posix_open) {
2962                         file_set_dosmode(conn, smb_dname,
2963                                          file_attributes | FILE_ATTRIBUTE_DIRECTORY,
2964                                          parent_dir, true);
2965                 }
2966         }
2967
2968         if (lp_inherit_permissions(SNUM(conn))) {
2969                 inherit_access_posix_acl(conn, parent_dir,
2970                                          smb_dname->base_name, mode);
2971                 need_re_stat = true;
2972         }
2973
2974         if (!posix_open) {
2975                 /*
2976                  * Check if high bits should have been set,
2977                  * then (if bits are missing): add them.
2978                  * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2979                  * dir.
2980                  */
2981                 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2982                     (mode & ~smb_dname->st.st_ex_mode)) {
2983                         SMB_VFS_CHMOD(conn, smb_dname->base_name,
2984                                       (smb_dname->st.st_ex_mode |
2985                                           (mode & ~smb_dname->st.st_ex_mode)));
2986                         need_re_stat = true;
2987                 }
2988         }
2989
2990         /* Change the owner if required. */
2991         if (lp_inherit_owner(SNUM(conn))) {
2992                 change_dir_owner_to_parent(conn, parent_dir,
2993                                            smb_dname->base_name,
2994                                            &smb_dname->st);
2995                 need_re_stat = true;
2996         }
2997
2998         if (need_re_stat) {
2999                 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
3000                         DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
3001                           smb_fname_str_dbg(smb_dname), strerror(errno)));
3002                         return map_nt_error_from_unix(errno);
3003                 }
3004         }
3005
3006         notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
3007                      smb_dname->base_name);
3008
3009         return NT_STATUS_OK;
3010 }
3011
3012 /****************************************************************************
3013  Open a directory from an NT SMB call.
3014 ****************************************************************************/
3015
3016 static NTSTATUS open_directory(connection_struct *conn,
3017                                struct smb_request *req,
3018                                struct smb_filename *smb_dname,
3019                                uint32 access_mask,
3020                                uint32 share_access,
3021                                uint32 create_disposition,
3022                                uint32 create_options,
3023                                uint32 file_attributes,
3024                                int *pinfo,
3025                                files_struct **result)
3026 {
3027         files_struct *fsp = NULL;
3028         bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
3029         struct share_mode_lock *lck = NULL;
3030         NTSTATUS status;
3031         struct timespec mtimespec;
3032         int info = 0;
3033
3034         if (is_ntfs_stream_smb_fname(smb_dname)) {
3035                 DEBUG(2, ("open_directory: %s is a stream name!\n",
3036                           smb_fname_str_dbg(smb_dname)));
3037                 return NT_STATUS_NOT_A_DIRECTORY;
3038         }
3039
3040         if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
3041                 /* Ensure we have a directory attribute. */
3042                 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
3043         }
3044
3045         DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
3046                  "share_access = 0x%x create_options = 0x%x, "
3047                  "create_disposition = 0x%x, file_attributes = 0x%x\n",
3048                  smb_fname_str_dbg(smb_dname),
3049                  (unsigned int)access_mask,
3050                  (unsigned int)share_access,
3051                  (unsigned int)create_options,
3052                  (unsigned int)create_disposition,
3053                  (unsigned int)file_attributes));
3054
3055         status = smbd_calculate_access_mask(conn, smb_dname, false,
3056                                             access_mask, &access_mask);
3057         if (!NT_STATUS_IS_OK(status)) {
3058                 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
3059                         "on file %s returned %s\n",
3060                         smb_fname_str_dbg(smb_dname),
3061                         nt_errstr(status)));
3062                 return status;
3063         }
3064
3065         if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
3066                         !security_token_has_privilege(get_current_nttok(conn),
3067                                         SEC_PRIV_SECURITY)) {
3068                 DEBUG(10, ("open_directory: open on %s "
3069                         "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3070                         smb_fname_str_dbg(smb_dname)));
3071                 return NT_STATUS_PRIVILEGE_NOT_HELD;
3072         }
3073
3074         switch( create_disposition ) {
3075                 case FILE_OPEN:
3076
3077                         if (!dir_existed) {
3078                                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3079                         }
3080
3081                         info = FILE_WAS_OPENED;
3082                         break;
3083
3084                 case FILE_CREATE:
3085
3086                         /* If directory exists error. If directory doesn't
3087                          * exist create. */
3088
3089                         if (dir_existed) {
3090                                 status = NT_STATUS_OBJECT_NAME_COLLISION;
3091                                 DEBUG(2, ("open_directory: unable to create "
3092                                           "%s. Error was %s\n",
3093                                           smb_fname_str_dbg(smb_dname),
3094                                           nt_errstr(status)));
3095                                 return status;
3096                         }
3097
3098                         status = mkdir_internal(conn, smb_dname,
3099                                                 file_attributes);
3100
3101                         if (!NT_STATUS_IS_OK(status)) {
3102                                 DEBUG(2, ("open_directory: unable to create "
3103                                           "%s. Error was %s\n",
3104                                           smb_fname_str_dbg(smb_dname),
3105                                           nt_errstr(status)));
3106