2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 extern const struct generic_mapping file_generic_mapping;
25 extern bool global_client_failed_oplock_break;
27 struct deferred_open_record {
28 bool delayed_for_oplocks;
32 /****************************************************************************
33 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
34 ****************************************************************************/
36 NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
37 const NT_USER_TOKEN *token,
38 uint32_t access_desired,
39 uint32_t *access_granted)
41 return se_access_check(sd,
43 (access_desired & ~FILE_READ_ATTRIBUTES),
47 /****************************************************************************
48 Check if we have open rights.
49 ****************************************************************************/
51 static NTSTATUS check_open_rights(struct connection_struct *conn,
55 /* Check if we have rights to open. */
57 uint32_t access_granted = 0;
58 struct security_descriptor *sd;
60 status = SMB_VFS_GET_NT_ACL(conn, fname,
61 (OWNER_SECURITY_INFORMATION |
62 GROUP_SECURITY_INFORMATION |
63 DACL_SECURITY_INFORMATION),&sd);
65 if (!NT_STATUS_IS_OK(status)) {
66 DEBUG(10, ("check_open_rights: Could not get acl "
73 status = smb1_file_se_access_check(sd,
74 conn->server_info->ptok,
82 /****************************************************************************
83 fd support routines - attempt to do a dos_open.
84 ****************************************************************************/
86 static NTSTATUS fd_open(struct connection_struct *conn,
92 NTSTATUS status = NT_STATUS_OK;
96 * Never follow symlinks on a POSIX client. The
97 * client should be doing this.
100 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
105 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
106 if (fsp->fh->fd == -1) {
107 status = map_nt_error_from_unix(errno);
110 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
111 fname, flags, (int)mode, fsp->fh->fd,
112 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
117 /****************************************************************************
118 Close the file associated with a fsp.
119 ****************************************************************************/
121 NTSTATUS fd_close(files_struct *fsp)
125 if (fsp->fh->fd == -1) {
126 return NT_STATUS_OK; /* What we used to call a stat open. */
128 if (fsp->fh->ref_count > 1) {
129 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
132 ret = SMB_VFS_CLOSE(fsp);
135 return map_nt_error_from_unix(errno);
140 /****************************************************************************
141 Change the ownership of a file to that of the parent directory.
142 Do this by fd if possible.
143 ****************************************************************************/
145 static void change_file_owner_to_parent(connection_struct *conn,
146 const char *inherit_from_dir,
149 SMB_STRUCT_STAT parent_st;
152 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
154 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
155 "directory %s. Error was %s\n",
156 inherit_from_dir, strerror(errno) ));
161 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
164 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
165 "file %s to parent directory uid %u. Error "
166 "was %s\n", fsp->fsp_name,
167 (unsigned int)parent_st.st_uid,
171 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
172 "parent directory uid %u.\n", fsp->fsp_name,
173 (unsigned int)parent_st.st_uid ));
176 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
177 const char *inherit_from_dir,
179 SMB_STRUCT_STAT *psbuf)
181 char *saved_dir = NULL;
182 SMB_STRUCT_STAT sbuf;
183 SMB_STRUCT_STAT parent_st;
184 TALLOC_CTX *ctx = talloc_tos();
185 NTSTATUS status = NT_STATUS_OK;
188 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
190 status = map_nt_error_from_unix(errno);
191 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
192 "directory %s. Error was %s\n",
193 inherit_from_dir, strerror(errno) ));
197 /* We've already done an lstat into psbuf, and we know it's a
198 directory. If we can cd into the directory and the dev/ino
199 are the same then we can safely chown without races as
200 we're locking the directory in place by being in it. This
201 should work on any UNIX (thanks tridge :-). JRA.
204 saved_dir = vfs_GetWd(ctx,conn);
206 status = map_nt_error_from_unix(errno);
207 DEBUG(0,("change_dir_owner_to_parent: failed to get "
208 "current working directory. Error was %s\n",
213 /* Chdir into the new path. */
214 if (vfs_ChDir(conn, fname) == -1) {
215 status = map_nt_error_from_unix(errno);
216 DEBUG(0,("change_dir_owner_to_parent: failed to change "
217 "current working directory to %s. Error "
218 "was %s\n", fname, strerror(errno) ));
222 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
223 status = map_nt_error_from_unix(errno);
224 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
225 "directory '.' (%s) Error was %s\n",
226 fname, strerror(errno)));
230 /* Ensure we're pointing at the same place. */
231 if (sbuf.st_dev != psbuf->st_dev ||
232 sbuf.st_ino != psbuf->st_ino ||
233 sbuf.st_mode != psbuf->st_mode ) {
234 DEBUG(0,("change_dir_owner_to_parent: "
235 "device/inode/mode on directory %s changed. "
236 "Refusing to chown !\n", fname ));
237 status = NT_STATUS_ACCESS_DENIED;
242 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
245 status = map_nt_error_from_unix(errno);
246 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
247 "directory %s to parent directory uid %u. "
248 "Error was %s\n", fname,
249 (unsigned int)parent_st.st_uid, strerror(errno) ));
253 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
254 "directory %s to parent directory uid %u.\n",
255 fname, (unsigned int)parent_st.st_uid ));
259 vfs_ChDir(conn,saved_dir);
263 /****************************************************************************
265 ****************************************************************************/
267 static NTSTATUS open_file(files_struct *fsp,
268 connection_struct *conn,
269 struct smb_request *req,
270 const char *parent_dir,
273 SMB_STRUCT_STAT *psbuf,
276 uint32 access_mask, /* client requested access mask. */
277 uint32 open_access_mask) /* what we're actually using in the open. */
279 NTSTATUS status = NT_STATUS_OK;
280 int accmode = (flags & O_ACCMODE);
281 int local_flags = flags;
282 bool file_existed = VALID_STAT(*psbuf);
287 /* Check permissions */
290 * This code was changed after seeing a client open request
291 * containing the open mode of (DENY_WRITE/read-only) with
292 * the 'create if not exist' bit set. The previous code
293 * would fail to open the file read only on a read-only share
294 * as it was checking the flags parameter directly against O_RDONLY,
295 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
299 if (!CAN_WRITE(conn)) {
300 /* It's a read-only share - fail if we wanted to write. */
301 if(accmode != O_RDONLY) {
302 DEBUG(3,("Permission denied opening %s\n", path));
303 return NT_STATUS_ACCESS_DENIED;
304 } else if(flags & O_CREAT) {
305 /* We don't want to write - but we must make sure that
306 O_CREAT doesn't create the file if we have write
307 access into the directory.
310 local_flags &= ~O_CREAT;
315 * This little piece of insanity is inspired by the
316 * fact that an NT client can open a file for O_RDONLY,
317 * but set the create disposition to FILE_EXISTS_TRUNCATE.
318 * If the client *can* write to the file, then it expects to
319 * truncate the file, even though it is opening for readonly.
320 * Quicken uses this stupid trick in backup file creation...
321 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
322 * for helping track this one down. It didn't bite us in 2.0.x
323 * as we always opened files read-write in that release. JRA.
326 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
327 DEBUG(10,("open_file: truncate requested on read-only open "
328 "for file %s\n", path));
329 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
332 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
333 (!file_existed && (local_flags & O_CREAT)) ||
334 ((local_flags & O_TRUNC) == O_TRUNC) ) {
338 * We can't actually truncate here as the file may be locked.
339 * open_file_ntcreate will take care of the truncate later. JRA.
342 local_flags &= ~O_TRUNC;
344 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
346 * We would block on opening a FIFO with no one else on the
347 * other end. Do what we used to do and add O_NONBLOCK to the
351 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
352 local_flags |= O_NONBLOCK;
356 /* Don't create files with Microsoft wildcard characters. */
359 * wildcard characters are allowed in stream names
360 * only test the basefilename
362 wild = fsp->base_fsp->fsp_name;
366 if ((local_flags & O_CREAT) && !file_existed &&
368 return NT_STATUS_OBJECT_NAME_INVALID;
371 /* Actually do the open */
372 status = fd_open(conn, path, fsp, local_flags, unx_mode);
373 if (!NT_STATUS_IS_OK(status)) {
374 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
376 path,nt_errstr(status),local_flags,flags));
380 if ((local_flags & O_CREAT) && !file_existed) {
382 /* Inherit the ACL if required */
383 if (lp_inherit_perms(SNUM(conn))) {
384 inherit_access_posix_acl(conn, parent_dir, path,
388 /* Change the owner if required. */
389 if (lp_inherit_owner(SNUM(conn))) {
390 change_file_owner_to_parent(conn, parent_dir,
394 notify_fname(conn, NOTIFY_ACTION_ADDED,
395 FILE_NOTIFY_CHANGE_FILE_NAME, path);
399 fsp->fh->fd = -1; /* What we used to call a stat open. */
401 status = check_open_rights(conn,
404 if (!NT_STATUS_IS_OK(status)) {
405 DEBUG(10, ("open_file: Access denied on "
416 if (fsp->fh->fd == -1) {
417 ret = SMB_VFS_STAT(conn, path, psbuf);
419 ret = SMB_VFS_FSTAT(fsp, psbuf);
420 /* If we have an fd, this stat should succeed. */
422 DEBUG(0,("Error doing fstat on open file %s "
423 "(%s)\n", path,strerror(errno) ));
427 /* For a non-io open, this stat failing means file not found. JRA */
429 status = map_nt_error_from_unix(errno);
436 * POSIX allows read-only opens of directories. We don't
437 * want to do this (we use a different code path for this)
438 * so catch a directory open and return an EISDIR. JRA.
441 if(S_ISDIR(psbuf->st_mode)) {
444 return NT_STATUS_FILE_IS_A_DIRECTORY;
447 fsp->mode = psbuf->st_mode;
448 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
449 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
450 fsp->file_pid = req ? req->smbpid : 0;
451 fsp->can_lock = True;
452 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
453 if (!CAN_WRITE(conn)) {
454 fsp->can_write = False;
456 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
459 fsp->print_file = False;
460 fsp->modified = False;
461 fsp->sent_oplock_break = NO_BREAK_SENT;
462 fsp->is_directory = False;
463 if (conn->aio_write_behind_list &&
464 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
465 fsp->aio_write_behind = True;
468 string_set(&fsp->fsp_name, path);
469 fsp->wcp = NULL; /* Write cache pointer. */
471 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
472 conn->server_info->unix_name,
474 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
475 conn->num_files_open));
481 /*******************************************************************
482 Return True if the filename is one of the special executable types.
483 ********************************************************************/
485 static bool is_executable(const char *fname)
487 if ((fname = strrchr_m(fname,'.'))) {
488 if (strequal(fname,".com") ||
489 strequal(fname,".dll") ||
490 strequal(fname,".exe") ||
491 strequal(fname,".sym")) {
498 /****************************************************************************
499 Check if we can open a file with a share mode.
500 Returns True if conflict, False if not.
501 ****************************************************************************/
503 static bool share_conflict(struct share_mode_entry *entry,
507 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
508 "entry->share_access = 0x%x, "
509 "entry->private_options = 0x%x\n",
510 (unsigned int)entry->access_mask,
511 (unsigned int)entry->share_access,
512 (unsigned int)entry->private_options));
514 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
515 (unsigned int)access_mask, (unsigned int)share_access));
517 if ((entry->access_mask & (FILE_WRITE_DATA|
521 DELETE_ACCESS)) == 0) {
522 DEBUG(10,("share_conflict: No conflict due to "
523 "entry->access_mask = 0x%x\n",
524 (unsigned int)entry->access_mask ));
528 if ((access_mask & (FILE_WRITE_DATA|
532 DELETE_ACCESS)) == 0) {
533 DEBUG(10,("share_conflict: No conflict due to "
534 "access_mask = 0x%x\n",
535 (unsigned int)access_mask ));
539 #if 1 /* JRA TEST - Superdebug. */
540 #define CHECK_MASK(num, am, right, sa, share) \
541 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
542 (unsigned int)(num), (unsigned int)(am), \
543 (unsigned int)(right), (unsigned int)(am)&(right) )); \
544 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
545 (unsigned int)(num), (unsigned int)(sa), \
546 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
547 if (((am) & (right)) && !((sa) & (share))) { \
548 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
549 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
550 (unsigned int)(share) )); \
554 #define CHECK_MASK(num, am, right, sa, share) \
555 if (((am) & (right)) && !((sa) & (share))) { \
556 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
557 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
558 (unsigned int)(share) )); \
563 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
564 share_access, FILE_SHARE_WRITE);
565 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
566 entry->share_access, FILE_SHARE_WRITE);
568 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
569 share_access, FILE_SHARE_READ);
570 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
571 entry->share_access, FILE_SHARE_READ);
573 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
574 share_access, FILE_SHARE_DELETE);
575 CHECK_MASK(6, access_mask, DELETE_ACCESS,
576 entry->share_access, FILE_SHARE_DELETE);
578 DEBUG(10,("share_conflict: No conflict.\n"));
582 #if defined(DEVELOPER)
583 static void validate_my_share_entries(int num,
584 struct share_mode_entry *share_entry)
588 if (!procid_is_me(&share_entry->pid)) {
592 if (is_deferred_open_entry(share_entry) &&
593 !open_was_deferred(share_entry->op_mid)) {
594 char *str = talloc_asprintf(talloc_tos(),
595 "Got a deferred entry without a request: "
597 share_mode_str(talloc_tos(), num, share_entry));
601 if (!is_valid_share_mode_entry(share_entry)) {
605 fsp = file_find_dif(share_entry->id,
606 share_entry->share_file_id);
608 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
609 share_mode_str(talloc_tos(), num, share_entry) ));
610 smb_panic("validate_my_share_entries: Cannot match a "
611 "share entry with an open file\n");
614 if (is_deferred_open_entry(share_entry) ||
615 is_unused_share_mode_entry(share_entry)) {
619 if ((share_entry->op_type == NO_OPLOCK) &&
620 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
621 /* Someone has already written to it, but I haven't yet
626 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
635 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
636 share_mode_str(talloc_tos(), num, share_entry) ));
637 str = talloc_asprintf(talloc_tos(),
638 "validate_my_share_entries: "
639 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
640 fsp->fsp_name, (unsigned int)fsp->oplock_type,
641 (unsigned int)share_entry->op_type );
647 static bool is_stat_open(uint32 access_mask)
649 return (access_mask &&
650 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
651 FILE_WRITE_ATTRIBUTES))==0) &&
652 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
653 FILE_WRITE_ATTRIBUTES)) != 0));
656 /****************************************************************************
657 Deal with share modes
658 Invarient: Share mode must be locked on entry and exit.
659 Returns -1 on error, or number of share modes on success (may be zero).
660 ****************************************************************************/
662 static NTSTATUS open_mode_check(connection_struct *conn,
664 struct share_mode_lock *lck,
667 uint32 create_options,
672 if(lck->num_share_modes == 0) {
676 *file_existed = True;
678 /* A delete on close prohibits everything */
680 if (lck->delete_on_close) {
681 return NT_STATUS_DELETE_PENDING;
684 if (is_stat_open(access_mask)) {
685 /* Stat open that doesn't trigger oplock breaks or share mode
686 * checks... ! JRA. */
691 * Check if the share modes will give us access.
694 #if defined(DEVELOPER)
695 for(i = 0; i < lck->num_share_modes; i++) {
696 validate_my_share_entries(i, &lck->share_modes[i]);
700 if (!lp_share_modes(SNUM(conn))) {
704 /* Now we check the share modes, after any oplock breaks. */
705 for(i = 0; i < lck->num_share_modes; i++) {
707 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
711 /* someone else has a share lock on it, check to see if we can
713 if (share_conflict(&lck->share_modes[i],
714 access_mask, share_access)) {
715 return NT_STATUS_SHARING_VIOLATION;
722 static bool is_delete_request(files_struct *fsp) {
723 return ((fsp->access_mask == DELETE_ACCESS) &&
724 (fsp->oplock_type == NO_OPLOCK));
728 * 1) No files open at all or internal open: Grant whatever the client wants.
730 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
731 * request, break if the oplock around is a batch oplock. If it's another
732 * requested access type, break.
734 * 3) Only level2 around: Grant level2 and do nothing else.
737 static bool delay_for_oplocks(struct share_mode_lock *lck,
744 struct share_mode_entry *exclusive = NULL;
745 bool valid_entry = False;
746 bool delay_it = False;
747 bool have_level2 = False;
749 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
751 if (oplock_request & INTERNAL_OPEN_ONLY) {
752 fsp->oplock_type = NO_OPLOCK;
755 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
759 for (i=0; i<lck->num_share_modes; i++) {
761 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
765 /* At least one entry is not an invalid or deferred entry. */
768 if (pass_number == 1) {
769 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
770 SMB_ASSERT(exclusive == NULL);
771 exclusive = &lck->share_modes[i];
774 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
775 SMB_ASSERT(exclusive == NULL);
776 exclusive = &lck->share_modes[i];
780 if (lck->share_modes[i].op_type == LEVEL_II_OPLOCK) {
781 SMB_ASSERT(exclusive == NULL);
787 /* All entries are placeholders or deferred.
788 * Directly grant whatever the client wants. */
789 if (fsp->oplock_type == NO_OPLOCK) {
790 /* Store a level2 oplock, but don't tell the client */
791 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
796 if (exclusive != NULL) { /* Found an exclusive oplock */
797 SMB_ASSERT(!have_level2);
798 delay_it = is_delete_request(fsp) ?
799 BATCH_OPLOCK_TYPE(exclusive->op_type) : True;
802 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
803 /* We can at most grant level2 as there are other
804 * level2 or NO_OPLOCK entries. */
805 fsp->oplock_type = LEVEL_II_OPLOCK;
808 if ((fsp->oplock_type == NO_OPLOCK) && have_level2) {
809 /* Store a level2 oplock, but don't tell the client */
810 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
818 * Send a break message to the oplock holder and delay the open for
822 DEBUG(10, ("Sending break request to PID %s\n",
823 procid_str_static(&exclusive->pid)));
824 exclusive->op_mid = mid;
826 /* Create the message. */
827 share_mode_entry_to_message(msg, exclusive);
829 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
830 don't want this set in the share mode struct pointed to by lck. */
832 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
833 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
836 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
837 MSG_SMB_BREAK_REQUEST,
839 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
840 if (!NT_STATUS_IS_OK(status)) {
841 DEBUG(3, ("Could not send oplock break message: %s\n",
848 static bool request_timed_out(struct timeval request_time,
849 struct timeval timeout)
851 struct timeval now, end_time;
853 end_time = timeval_sum(&request_time, &timeout);
854 return (timeval_compare(&end_time, &now) < 0);
857 /****************************************************************************
858 Handle the 1 second delay in returning a SHARING_VIOLATION error.
859 ****************************************************************************/
861 static void defer_open(struct share_mode_lock *lck,
862 struct timeval request_time,
863 struct timeval timeout,
864 struct smb_request *req,
865 struct deferred_open_record *state)
871 for (i=0; i<lck->num_share_modes; i++) {
872 struct share_mode_entry *e = &lck->share_modes[i];
874 if (!is_deferred_open_entry(e)) {
878 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
879 DEBUG(0, ("Trying to defer an already deferred "
880 "request: mid=%d, exiting\n", req->mid));
881 exit_server("attempt to defer a deferred request");
885 /* End paranoia check */
887 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
888 "open entry for mid %u\n",
889 (unsigned int)request_time.tv_sec,
890 (unsigned int)request_time.tv_usec,
891 (unsigned int)req->mid));
893 if (!push_deferred_smb_message(req, request_time, timeout,
894 (char *)state, sizeof(*state))) {
895 exit_server("push_deferred_smb_message failed");
897 add_deferred_open(lck, req->mid, request_time, state->id);
900 * Push the MID of this packet on the signing queue.
901 * We only do this once, the first time we push the packet
902 * onto the deferred open queue, as this has a side effect
903 * of incrementing the response sequence number.
906 srv_defer_sign_response(req->mid);
910 /****************************************************************************
911 On overwrite open ensure that the attributes match.
912 ****************************************************************************/
914 static bool open_match_attributes(connection_struct *conn,
918 mode_t existing_unx_mode,
920 mode_t *returned_unx_mode)
922 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
924 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
925 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
927 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
928 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
929 *returned_unx_mode = new_unx_mode;
931 *returned_unx_mode = (mode_t)0;
934 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
935 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
936 "returned_unx_mode = 0%o\n",
938 (unsigned int)old_dos_attr,
939 (unsigned int)existing_unx_mode,
940 (unsigned int)new_dos_attr,
941 (unsigned int)*returned_unx_mode ));
943 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
944 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
945 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
946 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
950 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
951 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
952 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
959 /****************************************************************************
960 Special FCB or DOS processing in the case of a sharing violation.
961 Try and find a duplicated file handle.
962 ****************************************************************************/
964 static NTSTATUS fcb_or_dos_open(struct smb_request *req,
965 connection_struct *conn,
966 files_struct *fsp_to_dup_into,
973 uint32 create_options)
977 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
978 "file %s.\n", fname ));
980 for(fsp = file_find_di_first(id); fsp;
981 fsp = file_find_di_next(fsp)) {
983 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
984 "vuid = %u, file_pid = %u, private_options = 0x%x "
985 "access_mask = 0x%x\n", fsp->fsp_name,
986 fsp->fh->fd, (unsigned int)fsp->vuid,
987 (unsigned int)fsp->file_pid,
988 (unsigned int)fsp->fh->private_options,
989 (unsigned int)fsp->access_mask ));
991 if (fsp->fh->fd != -1 &&
993 fsp->file_pid == file_pid &&
994 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
995 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
996 (fsp->access_mask & FILE_WRITE_DATA) &&
997 strequal(fsp->fsp_name, fname)) {
998 DEBUG(10,("fcb_or_dos_open: file match\n"));
1004 return NT_STATUS_NOT_FOUND;
1007 /* quite an insane set of semantics ... */
1008 if (is_executable(fname) &&
1009 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1010 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1011 return NT_STATUS_INVALID_PARAMETER;
1014 /* We need to duplicate this fsp. */
1015 dup_file_fsp(req, fsp, access_mask, share_access,
1016 create_options, fsp_to_dup_into);
1018 return NT_STATUS_OK;
1021 /****************************************************************************
1022 Open a file with a share mode - old openX method - map into NTCreate.
1023 ****************************************************************************/
1025 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
1026 uint32 *paccess_mask,
1027 uint32 *pshare_mode,
1028 uint32 *pcreate_disposition,
1029 uint32 *pcreate_options)
1033 uint32 create_disposition;
1034 uint32 create_options = 0;
1036 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1037 "open_func = 0x%x\n",
1038 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
1040 /* Create the NT compatible access_mask. */
1041 switch (GET_OPENX_MODE(deny_mode)) {
1042 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1043 case DOS_OPEN_RDONLY:
1044 access_mask = FILE_GENERIC_READ;
1046 case DOS_OPEN_WRONLY:
1047 access_mask = FILE_GENERIC_WRITE;
1051 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1054 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1055 (unsigned int)GET_OPENX_MODE(deny_mode)));
1059 /* Create the NT compatible create_disposition. */
1060 switch (open_func) {
1061 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1062 create_disposition = FILE_CREATE;
1065 case OPENX_FILE_EXISTS_OPEN:
1066 create_disposition = FILE_OPEN;
1069 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1070 create_disposition = FILE_OPEN_IF;
1073 case OPENX_FILE_EXISTS_TRUNCATE:
1074 create_disposition = FILE_OVERWRITE;
1077 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1078 create_disposition = FILE_OVERWRITE_IF;
1082 /* From samba4 - to be confirmed. */
1083 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1084 create_disposition = FILE_CREATE;
1087 DEBUG(10,("map_open_params_to_ntcreate: bad "
1088 "open_func 0x%x\n", (unsigned int)open_func));
1092 /* Create the NT compatible share modes. */
1093 switch (GET_DENY_MODE(deny_mode)) {
1095 share_mode = FILE_SHARE_NONE;
1099 share_mode = FILE_SHARE_READ;
1103 share_mode = FILE_SHARE_WRITE;
1107 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1111 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1112 if (is_executable(fname)) {
1113 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1115 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1116 share_mode = FILE_SHARE_READ;
1118 share_mode = FILE_SHARE_NONE;
1124 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1125 share_mode = FILE_SHARE_NONE;
1129 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1130 (unsigned int)GET_DENY_MODE(deny_mode) ));
1134 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1135 "share_mode = 0x%x, create_disposition = 0x%x, "
1136 "create_options = 0x%x\n",
1138 (unsigned int)access_mask,
1139 (unsigned int)share_mode,
1140 (unsigned int)create_disposition,
1141 (unsigned int)create_options ));
1144 *paccess_mask = access_mask;
1147 *pshare_mode = share_mode;
1149 if (pcreate_disposition) {
1150 *pcreate_disposition = create_disposition;
1152 if (pcreate_options) {
1153 *pcreate_options = create_options;
1160 static void schedule_defer_open(struct share_mode_lock *lck,
1161 struct timeval request_time,
1162 struct smb_request *req)
1164 struct deferred_open_record state;
1166 /* This is a relative time, added to the absolute
1167 request_time value to get the absolute timeout time.
1168 Note that if this is the second or greater time we enter
1169 this codepath for this particular request mid then
1170 request_time is left as the absolute time of the *first*
1171 time this request mid was processed. This is what allows
1172 the request to eventually time out. */
1174 struct timeval timeout;
1176 /* Normally the smbd we asked should respond within
1177 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1178 * the client did, give twice the timeout as a safety
1179 * measure here in case the other smbd is stuck
1180 * somewhere else. */
1182 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1184 /* Nothing actually uses state.delayed_for_oplocks
1185 but it's handy to differentiate in debug messages
1186 between a 30 second delay due to oplock break, and
1187 a 1 second delay for share mode conflicts. */
1189 state.delayed_for_oplocks = True;
1192 if (!request_timed_out(request_time, timeout)) {
1193 defer_open(lck, request_time, timeout, req, &state);
1197 /****************************************************************************
1198 Work out what access_mask to use from what the client sent us.
1199 ****************************************************************************/
1201 static NTSTATUS calculate_access_mask(connection_struct *conn,
1204 uint32_t access_mask,
1205 uint32_t *access_mask_out)
1210 * Convert GENERIC bits to specific bits.
1213 se_map_generic(&access_mask, &file_generic_mapping);
1215 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1216 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1219 struct security_descriptor *sd;
1220 uint32_t access_granted = 0;
1222 status = SMB_VFS_GET_NT_ACL(conn, fname,
1223 (OWNER_SECURITY_INFORMATION |
1224 GROUP_SECURITY_INFORMATION |
1225 DACL_SECURITY_INFORMATION),&sd);
1227 if (!NT_STATUS_IS_OK(status)) {
1228 DEBUG(10, ("calculate_access_mask: Could not get acl "
1231 nt_errstr(status)));
1232 return NT_STATUS_ACCESS_DENIED;
1235 status = smb1_file_se_access_check(sd,
1236 conn->server_info->ptok,
1242 if (!NT_STATUS_IS_OK(status)) {
1243 DEBUG(10, ("calculate_access_mask: Access denied on "
1244 "file %s: when calculating maximum access\n",
1246 return NT_STATUS_ACCESS_DENIED;
1249 access_mask = access_granted;
1251 access_mask = FILE_GENERIC_ALL;
1255 *access_mask_out = access_mask;
1256 return NT_STATUS_OK;
1259 /****************************************************************************
1260 Open a file with a share mode. Passed in an already created files_struct *.
1261 ****************************************************************************/
1263 static NTSTATUS open_file_ntcreate_internal(connection_struct *conn,
1264 struct smb_request *req,
1266 SMB_STRUCT_STAT *psbuf,
1267 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1268 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1269 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1270 uint32 create_options, /* options such as delete on close. */
1271 uint32 new_dos_attributes, /* attributes used for new file. */
1272 int oplock_request, /* internal Samba oplock codes. */
1273 /* Information (FILE_EXISTS etc.) */
1279 bool file_existed = VALID_STAT(*psbuf);
1280 bool def_acl = False;
1281 bool posix_open = False;
1282 bool new_file_created = False;
1284 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1285 mode_t new_unx_mode = (mode_t)0;
1286 mode_t unx_mode = (mode_t)0;
1288 uint32 existing_dos_attributes = 0;
1289 struct pending_message_list *pml = NULL;
1290 struct timeval request_time = timeval_zero();
1291 struct share_mode_lock *lck = NULL;
1292 uint32 open_access_mask = access_mask;
1296 const char *newname;
1300 if (conn->printer) {
1302 * Printers are handled completely differently.
1303 * Most of the passed parameters are ignored.
1307 *pinfo = FILE_WAS_CREATED;
1310 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1312 return print_fsp_open(req, conn, fname, req->vuid, fsp);
1315 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1317 return NT_STATUS_NO_MEMORY;
1320 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1322 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1323 new_dos_attributes = 0;
1325 /* We add aARCH to this as this mode is only used if the file is
1327 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1331 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1332 "access_mask=0x%x share_access=0x%x "
1333 "create_disposition = 0x%x create_options=0x%x "
1334 "unix mode=0%o oplock_request=%d\n",
1335 fname, new_dos_attributes, access_mask, share_access,
1336 create_disposition, create_options, unx_mode,
1339 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1340 DEBUG(0, ("No smb request but not an internal only open!\n"));
1341 return NT_STATUS_INTERNAL_ERROR;
1345 * Only non-internal opens can be deferred at all
1349 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1350 struct deferred_open_record *state =
1351 (struct deferred_open_record *)pml->private_data.data;
1353 /* Remember the absolute time of the original
1354 request with this mid. We'll use it later to
1355 see if this has timed out. */
1357 request_time = pml->request_time;
1359 /* Remove the deferred open entry under lock. */
1360 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1363 DEBUG(0, ("could not get share mode lock\n"));
1365 del_deferred_open_entry(lck, req->mid);
1369 /* Ensure we don't reprocess this message. */
1370 remove_deferred_open_smb_message(req->mid);
1373 status = check_name(conn, fname);
1374 if (!NT_STATUS_IS_OK(status)) {
1379 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1381 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1385 /* ignore any oplock requests if oplocks are disabled */
1386 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1387 IS_VETO_OPLOCK_PATH(conn, fname)) {
1388 /* Mask off everything except the private Samba bits. */
1389 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1392 /* this is for OS/2 long file names - say we don't support them */
1393 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1394 /* OS/2 Workplace shell fix may be main code stream in a later
1396 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1398 if (use_nt_status()) {
1399 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1401 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1404 switch( create_disposition ) {
1406 * Currently we're using FILE_SUPERSEDE as the same as
1407 * FILE_OVERWRITE_IF but they really are
1408 * different. FILE_SUPERSEDE deletes an existing file
1409 * (requiring delete access) then recreates it.
1411 case FILE_SUPERSEDE:
1412 /* If file exists replace/overwrite. If file doesn't
1414 flags2 |= (O_CREAT | O_TRUNC);
1417 case FILE_OVERWRITE_IF:
1418 /* If file exists replace/overwrite. If file doesn't
1420 flags2 |= (O_CREAT | O_TRUNC);
1424 /* If file exists open. If file doesn't exist error. */
1425 if (!file_existed) {
1426 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1427 "requested for file %s and file "
1428 "doesn't exist.\n", fname ));
1430 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1434 case FILE_OVERWRITE:
1435 /* If file exists overwrite. If file doesn't exist
1437 if (!file_existed) {
1438 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1439 "requested for file %s and file "
1440 "doesn't exist.\n", fname ));
1442 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1448 /* If file exists error. If file doesn't exist
1451 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1452 "requested for file %s and file "
1453 "already exists.\n", fname ));
1454 if (S_ISDIR(psbuf->st_mode)) {
1459 return map_nt_error_from_unix(errno);
1461 flags2 |= (O_CREAT|O_EXCL);
1465 /* If file exists open. If file doesn't exist
1471 return NT_STATUS_INVALID_PARAMETER;
1474 /* We only care about matching attributes on file exists and
1477 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1478 (create_disposition == FILE_OVERWRITE_IF))) {
1479 if (!open_match_attributes(conn, fname,
1480 existing_dos_attributes,
1481 new_dos_attributes, psbuf->st_mode,
1482 unx_mode, &new_unx_mode)) {
1483 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1484 "for file %s (%x %x) (0%o, 0%o)\n",
1485 fname, existing_dos_attributes,
1487 (unsigned int)psbuf->st_mode,
1488 (unsigned int)unx_mode ));
1490 return NT_STATUS_ACCESS_DENIED;
1494 status = calculate_access_mask(conn, fname, file_existed,
1497 if (!NT_STATUS_IS_OK(status)) {
1498 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1499 "on file %s returned %s\n",
1501 nt_errstr(status)));
1505 open_access_mask = access_mask;
1507 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1508 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1511 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1512 "access_mask=0x%x\n", fname, access_mask ));
1515 * Note that we ignore the append flag as append does not
1516 * mean the same thing under DOS and Unix.
1519 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1520 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1521 /* DENY_DOS opens are always underlying read-write on the
1522 file handle, no matter what the requested access mask
1524 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1525 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1535 * Currently we only look at FILE_WRITE_THROUGH for create options.
1539 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1544 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1548 if (!posix_open && !CAN_WRITE(conn)) {
1550 * We should really return a permission denied error if either
1551 * O_CREAT or O_TRUNC are set, but for compatibility with
1552 * older versions of Samba we just AND them out.
1554 flags2 &= ~(O_CREAT|O_TRUNC);
1558 * Ensure we can't write on a read-only share or file.
1561 if (flags != O_RDONLY && file_existed &&
1562 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1563 DEBUG(5,("open_file_ntcreate: write access requested for "
1564 "file %s on read only %s\n",
1565 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1567 return NT_STATUS_ACCESS_DENIED;
1570 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1571 fsp->share_access = share_access;
1572 fsp->fh->private_options = create_options;
1573 fsp->access_mask = open_access_mask; /* We change this to the
1574 * requested access_mask after
1575 * the open is done. */
1576 fsp->posix_open = posix_open;
1578 /* Ensure no SAMBA_PRIVATE bits can be set. */
1579 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1581 if (timeval_is_zero(&request_time)) {
1582 request_time = fsp->open_time;
1586 struct timespec old_write_time = get_mtimespec(psbuf);
1587 id = vfs_file_id_from_sbuf(conn, psbuf);
1589 lck = get_share_mode_lock(talloc_tos(), id,
1591 fname, &old_write_time);
1594 DEBUG(0, ("Could not get share mode lock\n"));
1595 return NT_STATUS_SHARING_VIOLATION;
1598 /* First pass - send break only on batch oplocks. */
1600 && delay_for_oplocks(lck, fsp, req->mid, 1,
1602 schedule_defer_open(lck, request_time, req);
1604 return NT_STATUS_SHARING_VIOLATION;
1607 /* Use the client requested access mask here, not the one we
1609 status = open_mode_check(conn, fname, lck,
1610 access_mask, share_access,
1611 create_options, &file_existed);
1613 if (NT_STATUS_IS_OK(status)) {
1614 /* We might be going to allow this open. Check oplock
1616 /* Second pass - send break for both batch or
1617 * exclusive oplocks. */
1619 && delay_for_oplocks(lck, fsp, req->mid, 2,
1621 schedule_defer_open(lck, request_time, req);
1623 return NT_STATUS_SHARING_VIOLATION;
1627 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1628 /* DELETE_PENDING is not deferred for a second */
1633 if (!NT_STATUS_IS_OK(status)) {
1634 uint32 can_access_mask;
1635 bool can_access = True;
1637 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1639 /* Check if this can be done with the deny_dos and fcb
1641 if (create_options &
1642 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1643 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1645 DEBUG(0, ("DOS open without an SMB "
1648 return NT_STATUS_INTERNAL_ERROR;
1651 /* Use the client requested access mask here,
1652 * not the one we open with. */
1653 status = fcb_or_dos_open(req,
1664 if (NT_STATUS_IS_OK(status)) {
1667 *pinfo = FILE_WAS_OPENED;
1669 return NT_STATUS_OK;
1674 * This next line is a subtlety we need for
1675 * MS-Access. If a file open will fail due to share
1676 * permissions and also for security (access) reasons,
1677 * we need to return the access failed error, not the
1678 * share error. We can't open the file due to kernel
1679 * oplock deadlock (it's possible we failed above on
1680 * the open_mode_check()) so use a userspace check.
1683 if (flags & O_RDWR) {
1684 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1685 } else if (flags & O_WRONLY) {
1686 can_access_mask = FILE_WRITE_DATA;
1688 can_access_mask = FILE_READ_DATA;
1691 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1692 !can_access_file_data(conn,fname,psbuf,can_access_mask)) {
1697 * If we're returning a share violation, ensure we
1698 * cope with the braindead 1 second delay.
1701 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1702 lp_defer_sharing_violations()) {
1703 struct timeval timeout;
1704 struct deferred_open_record state;
1707 /* this is a hack to speed up torture tests
1709 timeout_usecs = lp_parm_int(SNUM(conn),
1710 "smbd","sharedelay",
1711 SHARING_VIOLATION_USEC_WAIT);
1713 /* This is a relative time, added to the absolute
1714 request_time value to get the absolute timeout time.
1715 Note that if this is the second or greater time we enter
1716 this codepath for this particular request mid then
1717 request_time is left as the absolute time of the *first*
1718 time this request mid was processed. This is what allows
1719 the request to eventually time out. */
1721 timeout = timeval_set(0, timeout_usecs);
1723 /* Nothing actually uses state.delayed_for_oplocks
1724 but it's handy to differentiate in debug messages
1725 between a 30 second delay due to oplock break, and
1726 a 1 second delay for share mode conflicts. */
1728 state.delayed_for_oplocks = False;
1732 && !request_timed_out(request_time,
1734 defer_open(lck, request_time, timeout,
1742 * We have detected a sharing violation here
1743 * so return the correct error code
1745 status = NT_STATUS_SHARING_VIOLATION;
1747 status = NT_STATUS_ACCESS_DENIED;
1753 * We exit this block with the share entry *locked*.....
1757 SMB_ASSERT(!file_existed || (lck != NULL));
1760 * Ensure we pay attention to default ACLs on directories if required.
1763 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1764 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1768 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1769 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1770 (unsigned int)flags, (unsigned int)flags2,
1771 (unsigned int)unx_mode, (unsigned int)access_mask,
1772 (unsigned int)open_access_mask));
1775 * open_file strips any O_TRUNC flags itself.
1778 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1779 flags|flags2, unx_mode, access_mask,
1782 if (!NT_STATUS_IS_OK(fsp_open)) {
1789 if (!file_existed) {
1790 struct timespec old_write_time = get_mtimespec(psbuf);
1792 * Deal with the race condition where two smbd's detect the
1793 * file doesn't exist and do the create at the same time. One
1794 * of them will win and set a share mode, the other (ie. this
1795 * one) should check if the requested share mode for this
1796 * create is allowed.
1800 * Now the file exists and fsp is successfully opened,
1801 * fsp->dev and fsp->inode are valid and should replace the
1802 * dev=0,inode=0 from a non existent file. Spotted by
1803 * Nadav Danieli <nadavd@exanet.com>. JRA.
1808 lck = get_share_mode_lock(talloc_tos(), id,
1810 fname, &old_write_time);
1813 DEBUG(0, ("open_file_ntcreate: Could not get share "
1814 "mode lock for %s\n", fname));
1816 return NT_STATUS_SHARING_VIOLATION;
1819 /* First pass - send break only on batch oplocks. */
1821 && delay_for_oplocks(lck, fsp, req->mid, 1,
1823 schedule_defer_open(lck, request_time, req);
1826 return NT_STATUS_SHARING_VIOLATION;
1829 status = open_mode_check(conn, fname, lck,
1830 access_mask, share_access,
1831 create_options, &file_existed);
1833 if (NT_STATUS_IS_OK(status)) {
1834 /* We might be going to allow this open. Check oplock
1836 /* Second pass - send break for both batch or
1837 * exclusive oplocks. */
1839 && delay_for_oplocks(lck, fsp, req->mid, 2,
1841 schedule_defer_open(lck, request_time, req);
1844 return NT_STATUS_SHARING_VIOLATION;
1848 if (!NT_STATUS_IS_OK(status)) {
1849 struct deferred_open_record state;
1853 state.delayed_for_oplocks = False;
1856 /* Do it all over again immediately. In the second
1857 * round we will find that the file existed and handle
1858 * the DELETE_PENDING and FCB cases correctly. No need
1859 * to duplicate the code here. Essentially this is a
1860 * "goto top of this function", but don't tell
1864 defer_open(lck, request_time, timeval_zero(),
1872 * We exit this block with the share entry *locked*.....
1877 SMB_ASSERT(lck != NULL);
1879 /* note that we ignore failure for the following. It is
1880 basically a hack for NFS, and NFS will never set one of
1881 these only read them. Nobody but Samba can ever set a deny
1882 mode and we have already checked our more authoritative
1883 locking database for permission to set this deny mode. If
1884 the kernel refuses the operations then the kernel is wrong.
1885 note that GPFS supports it as well - jmcd */
1887 if (fsp->fh->fd != -1) {
1888 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
1889 if(ret_flock == -1 ){
1894 return NT_STATUS_SHARING_VIOLATION;
1899 * At this point onwards, we can guarentee that the share entry
1900 * is locked, whether we created the file or not, and that the
1901 * deny mode is compatible with all current opens.
1905 * If requested, truncate the file.
1908 if (flags2&O_TRUNC) {
1910 * We are modifing the file after open - update the stat
1913 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
1914 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
1915 status = map_nt_error_from_unix(errno);
1922 /* Record the options we were opened with. */
1923 fsp->share_access = share_access;
1924 fsp->fh->private_options = create_options;
1926 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
1928 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
1931 /* stat opens on existing files don't get oplocks. */
1932 if (is_stat_open(open_access_mask)) {
1933 fsp->oplock_type = NO_OPLOCK;
1936 if (!(flags2 & O_TRUNC)) {
1937 info = FILE_WAS_OPENED;
1939 info = FILE_WAS_OVERWRITTEN;
1942 info = FILE_WAS_CREATED;
1950 * Setup the oplock info in both the shared memory and
1954 if ((fsp->oplock_type != NO_OPLOCK) &&
1955 (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) {
1956 if (!set_file_oplock(fsp, fsp->oplock_type)) {
1957 /* Could not get the kernel oplock */
1958 fsp->oplock_type = NO_OPLOCK;
1962 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
1963 new_file_created = True;
1966 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
1967 fsp->oplock_type, new_file_created);
1969 /* Handle strange delete on close create semantics. */
1970 if ((create_options & FILE_DELETE_ON_CLOSE)
1971 && (((conn->fs_capabilities & FILE_NAMED_STREAMS)
1972 && is_ntfs_stream_name(fname))
1973 || can_set_initial_delete_on_close(lck))) {
1974 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
1976 if (!NT_STATUS_IS_OK(status)) {
1977 /* Remember to delete the mode we just added. */
1978 del_share_mode(lck, fsp);
1983 /* Note that here we set the *inital* delete on close flag,
1984 not the regular one. The magic gets handled in close. */
1985 fsp->initial_delete_on_close = True;
1988 if (new_file_created) {
1989 /* Files should be initially set as archive */
1990 if (lp_map_archive(SNUM(conn)) ||
1991 lp_store_dos_attributes(SNUM(conn))) {
1993 SMB_STRUCT_STAT tmp_sbuf;
1994 SET_STAT_INVALID(tmp_sbuf);
1995 if (file_set_dosmode(
1997 new_dos_attributes | aARCH,
1998 &tmp_sbuf, parent_dir,
2000 unx_mode = tmp_sbuf.st_mode;
2007 * Take care of inherited ACLs on created files - if default ACL not
2011 if (!posix_open && !file_existed && !def_acl) {
2013 int saved_errno = errno; /* We might get ENOSYS in the next
2016 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2018 errno = saved_errno; /* Ignore ENOSYS */
2021 } else if (new_unx_mode) {
2025 /* Attributes need changing. File already existed. */
2028 int saved_errno = errno; /* We might get ENOSYS in the
2030 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2032 if (ret == -1 && errno == ENOSYS) {
2033 errno = saved_errno; /* Ignore ENOSYS */
2035 DEBUG(5, ("open_file_ntcreate: reset "
2036 "attributes of file %s to 0%o\n",
2037 fname, (unsigned int)new_unx_mode));
2038 ret = 0; /* Don't do the fchmod below. */
2043 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2044 DEBUG(5, ("open_file_ntcreate: failed to reset "
2045 "attributes of file %s to 0%o\n",
2046 fname, (unsigned int)new_unx_mode));
2049 /* If this is a successful open, we must remove any deferred open
2052 del_deferred_open_entry(lck, req->mid);
2056 return NT_STATUS_OK;
2059 /****************************************************************************
2060 Open a file with a share mode.
2061 ****************************************************************************/
2063 NTSTATUS open_file_ntcreate(connection_struct *conn,
2064 struct smb_request *req,
2066 SMB_STRUCT_STAT *psbuf,
2067 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
2068 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
2069 uint32 create_disposition, /* FILE_OPEN_IF etc. */
2070 uint32 create_options, /* options such as delete on close. */
2071 uint32 new_dos_attributes, /* attributes used for new file. */
2072 int oplock_request, /* internal Samba oplock codes. */
2073 /* Information (FILE_EXISTS etc.) */
2075 files_struct **result)
2078 files_struct *fsp = NULL;
2082 status = file_new(req, conn, &fsp);
2083 if(!NT_STATUS_IS_OK(status)) {
2087 status = open_file_ntcreate_internal(conn,
2100 if(!NT_STATUS_IS_OK(status)) {
2101 file_free(req, fsp);
2109 /****************************************************************************
2110 Open a file for for write to ensure that we can fchmod it.
2111 ****************************************************************************/
2113 NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn,
2115 SMB_STRUCT_STAT *psbuf, files_struct **result)
2117 files_struct *fsp = NULL;
2120 if (!VALID_STAT(*psbuf)) {
2121 return NT_STATUS_INVALID_PARAMETER;
2124 status = file_new(req, conn, &fsp);
2125 if(!NT_STATUS_IS_OK(status)) {
2129 /* note! we must use a non-zero desired access or we don't get
2130 a real file descriptor. Oh what a twisted web we weave. */
2131 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
2132 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
2135 * This is not a user visible file open.
2136 * Don't set a share mode.
2139 if (!NT_STATUS_IS_OK(status)) {
2140 file_free(req, fsp);
2145 return NT_STATUS_OK;
2148 /****************************************************************************
2149 Close the fchmod file fd - ensure no locks are lost.
2150 ****************************************************************************/
2152 NTSTATUS close_file_fchmod(struct smb_request *req, files_struct *fsp)
2154 NTSTATUS status = fd_close(fsp);
2155 file_free(req, fsp);
2159 static NTSTATUS mkdir_internal(connection_struct *conn,
2161 uint32 file_attributes,
2162 SMB_STRUCT_STAT *psbuf)
2166 const char *dirname;
2168 bool posix_open = false;
2170 if(!CAN_WRITE(conn)) {
2171 DEBUG(5,("mkdir_internal: failing create on read-only share "
2172 "%s\n", lp_servicename(SNUM(conn))));
2173 return NT_STATUS_ACCESS_DENIED;
2176 status = check_name(conn, name);
2177 if (!NT_STATUS_IS_OK(status)) {
2181 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2183 return NT_STATUS_NO_MEMORY;
2186 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2188 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2190 mode = unix_mode(conn, aDIR, name, parent_dir);
2193 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2194 return map_nt_error_from_unix(errno);
2197 /* Ensure we're checking for a symlink here.... */
2198 /* We don't want to get caught by a symlink racer. */
2200 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2201 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2202 name, strerror(errno)));
2203 return map_nt_error_from_unix(errno);
2206 if (!S_ISDIR(psbuf->st_mode)) {
2207 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2209 return NT_STATUS_ACCESS_DENIED;
2212 if (lp_store_dos_attributes(SNUM(conn))) {
2214 file_set_dosmode(conn, name,
2215 file_attributes | aDIR, NULL,
2221 if (lp_inherit_perms(SNUM(conn))) {
2222 inherit_access_posix_acl(conn, parent_dir, name, mode);
2225 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2227 * Check if high bits should have been set,
2228 * then (if bits are missing): add them.
2229 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2232 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2233 SMB_VFS_CHMOD(conn, name,
2234 psbuf->st_mode | (mode & ~psbuf->st_mode));
2238 /* Change the owner if required. */
2239 if (lp_inherit_owner(SNUM(conn))) {
2240 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2243 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2246 return NT_STATUS_OK;
2249 /****************************************************************************
2250 Open a directory from an NT SMB call.
2251 ****************************************************************************/
2253 NTSTATUS open_directory(connection_struct *conn,
2254 struct smb_request *req,
2256 SMB_STRUCT_STAT *psbuf,
2258 uint32 share_access,
2259 uint32 create_disposition,
2260 uint32 create_options,
2261 uint32 file_attributes,
2263 files_struct **result)
2265 files_struct *fsp = NULL;
2266 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2267 struct share_mode_lock *lck = NULL;
2269 struct timespec mtimespec;
2272 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2273 "share_access = 0x%x create_options = 0x%x, "
2274 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2276 (unsigned int)access_mask,
2277 (unsigned int)share_access,
2278 (unsigned int)create_options,
2279 (unsigned int)create_disposition,
2280 (unsigned int)file_attributes));
2282 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2283 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2284 is_ntfs_stream_name(fname)) {
2285 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2286 return NT_STATUS_NOT_A_DIRECTORY;
2289 status = calculate_access_mask(conn, fname, dir_existed,
2292 if (!NT_STATUS_IS_OK(status)) {
2293 DEBUG(10, ("open_directory: calculate_access_mask "
2294 "on file %s returned %s\n",
2296 nt_errstr(status)));
2300 switch( create_disposition ) {
2303 info = FILE_WAS_OPENED;
2306 * We want to follow symlinks here.
2309 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2310 return map_nt_error_from_unix(errno);
2317 /* If directory exists error. If directory doesn't
2320 status = mkdir_internal(conn,
2325 if (!NT_STATUS_IS_OK(status)) {
2326 DEBUG(2, ("open_directory: unable to create "
2327 "%s. Error was %s\n", fname,
2328 nt_errstr(status)));
2332 info = FILE_WAS_CREATED;
2337 * If directory exists open. If directory doesn't
2341 status = mkdir_internal(conn,
2346 if (NT_STATUS_IS_OK(status)) {
2347 info = FILE_WAS_CREATED;
2350 if (NT_STATUS_EQUAL(status,
2351 NT_STATUS_OBJECT_NAME_COLLISION)) {
2352 info = FILE_WAS_OPENED;
2353 status = NT_STATUS_OK;
2358 case FILE_SUPERSEDE:
2359 case FILE_OVERWRITE:
2360 case FILE_OVERWRITE_IF:
2362 DEBUG(5,("open_directory: invalid create_disposition "
2363 "0x%x for directory %s\n",
2364 (unsigned int)create_disposition, fname));
2365 return NT_STATUS_INVALID_PARAMETER;
2368 if(!S_ISDIR(psbuf->st_mode)) {
2369 DEBUG(5,("open_directory: %s is not a directory !\n",
2371 return NT_STATUS_NOT_A_DIRECTORY;
2374 if (info == FILE_WAS_OPENED) {
2375 status = check_open_rights(conn,
2378 if (!NT_STATUS_IS_OK(status)) {
2379 DEBUG(10, ("open_directory: check_open_rights on "
2380 "file %s failed with %s\n",
2382 nt_errstr(status)));
2387 status = file_new(req, conn, &fsp);
2388 if(!NT_STATUS_IS_OK(status)) {
2393 * Setup the files_struct for it.
2396 fsp->mode = psbuf->st_mode;
2397 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2398 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2399 fsp->file_pid = req ? req->smbpid : 0;
2400 fsp->can_lock = False;
2401 fsp->can_read = False;
2402 fsp->can_write = False;
2404 fsp->share_access = share_access;
2405 fsp->fh->private_options = create_options;
2407 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2409 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2410 fsp->print_file = False;
2411 fsp->modified = False;
2412 fsp->oplock_type = NO_OPLOCK;
2413 fsp->sent_oplock_break = NO_BREAK_SENT;
2414 fsp->is_directory = True;
2415 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2417 string_set(&fsp->fsp_name,fname);
2419 mtimespec = get_mtimespec(psbuf);
2421 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2426 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2427 file_free(req, fsp);
2428 return NT_STATUS_SHARING_VIOLATION;
2431 status = open_mode_check(conn, fname, lck,
2432 access_mask, share_access,
2433 create_options, &dir_existed);
2435 if (!NT_STATUS_IS_OK(status)) {
2437 file_free(req, fsp);
2441 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK,
2444 /* For directories the delete on close bit at open time seems
2445 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2446 if (create_options & FILE_DELETE_ON_CLOSE) {
2447 status = can_set_delete_on_close(fsp, True, 0);
2448 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2450 file_free(req, fsp);
2454 if (NT_STATUS_IS_OK(status)) {
2455 /* Note that here we set the *inital* delete on close flag,
2456 not the regular one. The magic gets handled in close. */
2457 fsp->initial_delete_on_close = True;
2468 return NT_STATUS_OK;
2471 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2474 SMB_STRUCT_STAT sbuf;
2477 SET_STAT_INVALID(sbuf);
2479 status = open_directory(conn, req, directory, &sbuf,
2480 FILE_READ_ATTRIBUTES, /* Just a stat open */
2481 FILE_SHARE_NONE, /* Ignored for stat opens */
2484 FILE_ATTRIBUTE_DIRECTORY,
2488 if (NT_STATUS_IS_OK(status)) {
2489 close_file(req, fsp, NORMAL_CLOSE);
2495 /****************************************************************************
2496 Receive notification that one of our open files has been renamed by another
2498 ****************************************************************************/
2500 void msg_file_was_renamed(struct messaging_context *msg,
2503 struct server_id server_id,
2507 char *frm = (char *)data->data;
2509 const char *sharepath;
2510 const char *newname;
2513 if (data->data == NULL
2514 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2515 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2516 (int)data->length));
2520 /* Unpack the message. */
2521 pull_file_id_16(frm, &id);
2522 sharepath = &frm[16];
2523 newname = sharepath + strlen(sharepath) + 1;
2524 sp_len = strlen(sharepath);
2526 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2528 sharepath, newname, file_id_string_tos(&id)));
2530 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2531 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2532 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2533 fsp->fnum, fsp->fsp_name, newname ));
2534 string_set(&fsp->fsp_name, newname);
2537 /* Now we have the complete path we can work out if this is
2538 actually within this share and adjust newname accordingly. */
2539 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2540 "not sharepath %s) "
2541 "fnum %d from %s -> %s\n",
2542 fsp->conn->connectpath,
2551 struct case_semantics_state {
2552 connection_struct *conn;
2553 bool case_sensitive;
2555 bool short_case_preserve;
2558 /****************************************************************************
2559 Restore case semantics.
2560 ****************************************************************************/
2561 static int restore_case_semantics(struct case_semantics_state *state)
2563 state->conn->case_sensitive = state->case_sensitive;
2564 state->conn->case_preserve = state->case_preserve;
2565 state->conn->short_case_preserve = state->short_case_preserve;
2569 /****************************************************************************
2570 Save case semantics.
2571 ****************************************************************************/
2572 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2573 connection_struct *conn)
2575 struct case_semantics_state *result;
2577 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2578 DEBUG(0, ("talloc failed\n"));
2582 result->conn = conn;
2583 result->case_sensitive = conn->case_sensitive;
2584 result->case_preserve = conn->case_preserve;
2585 result->short_case_preserve = conn->short_case_preserve;
2588 conn->case_sensitive = True;
2589 conn->case_preserve = True;
2590 conn->short_case_preserve = True;
2592 talloc_set_destructor(result, restore_case_semantics);
2598 * If a main file is opened for delete, all streams need to be checked for
2599 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2600 * If that works, delete them all by setting the delete on close and close.
2603 static NTSTATUS open_streams_for_delete(connection_struct *conn,
2606 struct stream_struct *stream_info;
2607 files_struct **streams;
2609 unsigned int num_streams;
2610 TALLOC_CTX *frame = talloc_stackframe();
2613 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2614 &num_streams, &stream_info);
2616 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2617 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2618 DEBUG(10, ("no streams around\n"));
2620 return NT_STATUS_OK;
2623 if (!NT_STATUS_IS_OK(status)) {
2624 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2625 nt_errstr(status)));
2629 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2632 if (num_streams == 0) {
2634 return NT_STATUS_OK;
2637 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2638 if (streams == NULL) {
2639 DEBUG(0, ("talloc failed\n"));
2640 status = NT_STATUS_NO_MEMORY;
2644 for (i=0; i<num_streams; i++) {
2647 if (strequal(stream_info[i].name, "::$DATA")) {
2652 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2653 stream_info[i].name);
2655 if (streamname == NULL) {
2656 DEBUG(0, ("talloc_aprintf failed\n"));
2657 status = NT_STATUS_NO_MEMORY;
2661 status = create_file_unixpath
2664 streamname, /* fname */
2665 DELETE_ACCESS, /* access_mask */
2666 FILE_SHARE_READ | FILE_SHARE_WRITE
2667 | FILE_SHARE_DELETE, /* share_access */
2668 FILE_OPEN, /* create_disposition*/
2669 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2670 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2671 0, /* oplock_request */
2672 0, /* allocation_size */
2675 &streams[i], /* result */
2679 TALLOC_FREE(streamname);
2681 if (!NT_STATUS_IS_OK(status)) {
2682 DEBUG(10, ("Could not open stream %s: %s\n",
2683 streamname, nt_errstr(status)));
2689 * don't touch the variable "status" beyond this point :-)
2692 for (i -= 1 ; i >= 0; i--) {
2693 if (streams[i] == NULL) {
2697 DEBUG(10, ("Closing stream # %d, %s\n", i,
2698 streams[i]->fsp_name));
2699 close_file(NULL, streams[i], NORMAL_CLOSE);
2708 * Wrapper around open_file_ntcreate and open_directory
2711 NTSTATUS create_file_unixpath(connection_struct *conn,
2712 struct smb_request *req,
2714 uint32_t access_mask,
2715 uint32_t share_access,
2716 uint32_t create_disposition,
2717 uint32_t create_options,
2718 uint32_t file_attributes,
2719 uint32_t oplock_request,
2720 uint64_t allocation_size,
2721 struct security_descriptor *sd,
2722 struct ea_list *ea_list,
2724 files_struct **result,
2726 SMB_STRUCT_STAT *psbuf)
2728 SMB_STRUCT_STAT sbuf;
2729 int info = FILE_WAS_OPENED;
2730 files_struct *base_fsp = NULL;
2731 files_struct *fsp = NULL;
2734 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2735 "file_attributes = 0x%x, share_access = 0x%x, "
2736 "create_disposition = 0x%x create_options = 0x%x "
2737 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2739 (unsigned int)access_mask,
2740 (unsigned int)file_attributes,
2741 (unsigned int)share_access,
2742 (unsigned int)create_disposition,
2743 (unsigned int)create_options,
2744 (unsigned int)oplock_request,
2745 ea_list, sd, fname));
2747 if (create_options & FILE_OPEN_BY_FILE_ID) {
2748 status = NT_STATUS_NOT_SUPPORTED;
2752 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2753 status = NT_STATUS_INVALID_PARAMETER;
2758 oplock_request |= INTERNAL_OPEN_ONLY;
2761 if (psbuf != NULL) {
2765 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2766 SET_STAT_INVALID(sbuf);
2770 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2771 && (access_mask & DELETE_ACCESS)
2772 && !is_ntfs_stream_name(fname)) {
2774 * We can't open a file with DELETE access if any of the
2775 * streams is open without FILE_SHARE_DELETE
2777 status = open_streams_for_delete(conn, fname);
2779 if (!NT_STATUS_IS_OK(status)) {
2784 /* This is the correct thing to do (check every time) but can_delete
2785 * is expensive (it may have to read the parent directory
2786 * permissions). So for now we're not doing it unless we have a strong
2787 * hint the client is really going to delete this file. If the client
2788 * is forcing FILE_CREATE let the filesystem take care of the
2791 /* Setting FILE_SHARE_DELETE is the hint. */
2793 if (lp_acl_check_permissions(SNUM(conn))
2794 && (create_disposition != FILE_CREATE)
2795 && (share_access & FILE_SHARE_DELETE)
2796 && (access_mask & DELETE_ACCESS)
2797 && (!can_delete_file_in_directory(conn, fname))) {
2798 status = NT_STATUS_ACCESS_DENIED;
2803 /* We need to support SeSecurityPrivilege for this. */
2804 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2805 !user_has_privileges(current_user.nt_user_token,
2807 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2812 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2813 && is_ntfs_stream_name(fname)
2814 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2816 uint32 base_create_disposition;
2818 if (create_options & FILE_DIRECTORY_FILE) {
2819 status = NT_STATUS_NOT_A_DIRECTORY;
2823 status = split_ntfs_stream_name(talloc_tos(), fname,
2825 if (!NT_STATUS_IS_OK(status)) {
2826 DEBUG(10, ("create_file_unixpath: "
2827 "split_ntfs_stream_name failed: %s\n",
2828 nt_errstr(status)));
2832 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2834 switch (create_disposition) {
2836 base_create_disposition = FILE_OPEN;
2839 base_create_disposition = FILE_OPEN_IF;
2843 status = create_file_unixpath(conn, NULL, base, 0,
2846 | FILE_SHARE_DELETE,
2847 base_create_disposition,
2848 0, 0, 0, 0, NULL, NULL,
2849 &base_fsp, NULL, NULL);
2850 if (!NT_STATUS_IS_OK(status)) {
2851 DEBUG(10, ("create_file_unixpath for base %s failed: "
2852 "%s\n", base, nt_errstr(status)));
2858 * If it's a request for a directory open, deal with it separately.
2861 if (create_options & FILE_DIRECTORY_FILE) {
2863 if (create_options & FILE_NON_DIRECTORY_FILE) {
2864 status = NT_STATUS_INVALID_PARAMETER;
2868 /* Can't open a temp directory. IFS kit test. */
2869 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2870 status = NT_STATUS_INVALID_PARAMETER;
2875 * We will get a create directory here if the Win32
2876 * app specified a security descriptor in the
2877 * CreateDirectory() call.
2881 status = open_directory(
2882 conn, req, fname, &sbuf, access_mask, share_access,
2883 create_disposition, create_options, file_attributes,
2888 * Ordinary file case.
2893 * We're opening the stream element of a base_fsp
2894 * we already opened. We need to initialize
2895 * the fsp first, and set up the base_fsp pointer.
2897 status = file_new(req, conn, &fsp);
2898 if(!NT_STATUS_IS_OK(status)) {
2902 fsp->base_fsp = base_fsp;
2904 status = open_file_ntcreate_internal(conn,
2917 if(!NT_STATUS_IS_OK(status)) {
2918 file_free(req, fsp);
2922 status = open_file_ntcreate(
2923 conn, req, fname, &sbuf, access_mask, share_access,
2924 create_disposition, create_options, file_attributes,
2925 oplock_request, &info, &fsp);
2928 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2930 /* A stream open never opens a directory */
2933 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2938 * Fail the open if it was explicitly a non-directory
2942 if (create_options & FILE_NON_DIRECTORY_FILE) {
2943 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2948 status = open_directory(
2949 conn, req, fname, &sbuf, access_mask,
2950 share_access, create_disposition,
2951 create_options, file_attributes,
2956 if (!NT_STATUS_IS_OK(status)) {
2960 fsp->base_fsp = base_fsp;
2963 * According to the MS documentation, the only time the security
2964 * descriptor is applied to the opened file is iff we *created* the
2965 * file; an existing file stays the same.
2967 * Also, it seems (from observation) that you can open the file with
2968 * any access mask but you can still write the sd. We need to override
2969 * the granted access before we call set_sd
2970 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
2973 if ((sd != NULL) && (info == FILE_WAS_CREATED)
2974 && lp_nt_acl_support(SNUM(conn))) {
2976 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
2977 uint32_t saved_access_mask = fsp->access_mask;
2979 if (sd->owner_sid == NULL) {
2980 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
2982 if (sd->group_sid == NULL) {
2983 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
2985 if (sd->sacl == NULL) {
2986 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
2988 if (sd->dacl == NULL) {
2989 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
2992 fsp->access_mask = FILE_GENERIC_ALL;
2994 /* Convert all the generic bits. */
2995 security_acl_map_generic(sd->dacl, &file_generic_mapping);
2996 security_acl_map_generic(sd->sacl, &file_generic_mapping);
2998 if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
2999 GROUP_SECURITY_INFORMATION|
3000 DACL_SECURITY_INFORMATION|
3001 SACL_SECURITY_INFORMATION)) {
3002 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3005 fsp->access_mask = saved_access_mask;
3007 if (!NT_STATUS_IS_OK(status)) {
3012 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
3013 status = set_ea(conn, fsp, fname, ea_list);
3014 if (!NT_STATUS_IS_OK(status)) {
3019 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
3020 status = NT_STATUS_ACCESS_DENIED;
3024 /* Save the requested allocation size. */
3025 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3027 && (allocation_size > sbuf.st_size)) {
3028 fsp->initial_allocation_size = smb_roundup(
3029 fsp->conn, allocation_size);
3030 if (fsp->is_directory) {
3031 /* Can't set allocation size on a directory. */
3032 status = NT_STATUS_ACCESS_DENIED;
3035 if (vfs_allocate_file_space(
3036 fsp, fsp->initial_allocation_size) == -1) {
3037 status = NT_STATUS_DISK_FULL;
3041 fsp->initial_allocation_size = smb_roundup(
3042 fsp->conn, (uint64_t)sbuf.st_size);
3046 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3049 if (pinfo != NULL) {
3052 if (psbuf != NULL) {
3053 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
3057 SMB_VFS_FSTAT(fsp, psbuf);
3060 return NT_STATUS_OK;
3063 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3066 if (base_fsp && fsp->base_fsp == base_fsp) {
3068 * The close_file below will close
3073 close_file(req, fsp, ERROR_CLOSE);
3076 if (base_fsp != NULL) {
3077 close_file(req, base_fsp, ERROR_CLOSE);
3083 NTSTATUS create_file(connection_struct *conn,
3084 struct smb_request *req,
3085 uint16_t root_dir_fid,
3087 uint32_t access_mask,
3088 uint32_t share_access,
3089 uint32_t create_disposition,
3090 uint32_t create_options,
3091 uint32_t file_attributes,
3092 uint32_t oplock_request,
3093 uint64_t allocation_size,
3094 struct security_descriptor *sd,
3095 struct ea_list *ea_list,
3097 files_struct **result,
3099 SMB_STRUCT_STAT *psbuf)
3101 struct case_semantics_state *case_state = NULL;
3102 SMB_STRUCT_STAT sbuf;
3103 int info = FILE_WAS_OPENED;
3104 files_struct *fsp = NULL;
3107 DEBUG(10,("create_file: access_mask = 0x%x "
3108 "file_attributes = 0x%x, share_access = 0x%x, "
3109 "create_disposition = 0x%x create_options = 0x%x "
3110 "oplock_request = 0x%x "
3111 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3113 (unsigned int)access_mask,
3114 (unsigned int)file_attributes,
3115 (unsigned int)share_access,
3116 (unsigned int)create_disposition,
3117 (unsigned int)create_options,
3118 (unsigned int)oplock_request,
3119 (unsigned int)root_dir_fid,
3120 ea_list, sd, fname));
3123 * Get the file name.
3126 if (root_dir_fid != 0) {
3128 * This filename is relative to a directory fid.
3130 char *parent_fname = NULL;
3131 files_struct *dir_fsp = file_fsp(req, root_dir_fid);
3133 if (dir_fsp == NULL) {
3134 status = NT_STATUS_INVALID_HANDLE;
3138 if (!dir_fsp->is_directory) {
3141 * Check to see if this is a mac fork of some kind.
3144 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3145 is_ntfs_stream_name(fname)) {
3146 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3151 we need to handle the case when we get a
3152 relative open relative to a file and the
3153 pathname is blank - this is a reopen!
3154 (hint from demyn plantenberg)
3157 status = NT_STATUS_INVALID_HANDLE;
3161 if (ISDOT(dir_fsp->fsp_name)) {
3163 * We're at the toplevel dir, the final file name
3164 * must not contain ./, as this is filtered out
3165 * normally by srvstr_get_path and unix_convert
3166 * explicitly rejects paths containing ./.
3168 parent_fname = talloc_strdup(talloc_tos(), "");
3169 if (parent_fname == NULL) {
3170 status = NT_STATUS_NO_MEMORY;
3174 size_t dir_name_len = strlen(dir_fsp->fsp_name);
3177 * Copy in the base directory name.
3180 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3182 if (parent_fname == NULL) {
3183 status = NT_STATUS_NO_MEMORY;
3186 memcpy(parent_fname, dir_fsp->fsp_name,
3190 * Ensure it ends in a '/'.
3191 * We used TALLOC_SIZE +2 to add space for the '/'.
3195 && (parent_fname[dir_name_len-1] != '\\')
3196 && (parent_fname[dir_name_len-1] != '/')) {
3197 parent_fname[dir_name_len] = '/';
3198 parent_fname[dir_name_len+1] = '\0';
3202 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3204 if (fname == NULL) {
3205 status = NT_STATUS_NO_MEMORY;
3211 * Check to see if this is a mac fork of some kind.
3214 if (is_ntfs_stream_name(fname)) {
3215 enum FAKE_FILE_TYPE fake_file_type;
3217 fake_file_type = is_fake_file(fname);
3219 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3222 * Here we go! support for changing the disk quotas
3225 * We need to fake up to open this MAGIC QUOTA file
3226 * and return a valid FID.
3228 * w2k close this file directly after openening xp
3229 * also tries a QUERY_FILE_INFO on the file and then
3232 status = open_fake_file(req, conn, req->vuid,
3233 fake_file_type, fname,
3235 if (!NT_STATUS_IS_OK(status)) {
3243 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3244 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3249 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3250 char *resolved_fname;
3252 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3255 if (!NT_STATUS_IS_OK(status)) {
3257 * For PATH_NOT_COVERED we had
3258 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3259 * ERRSRV, ERRbadpath);
3260 * Need to fix in callers
3264 fname = resolved_fname;
3268 * Check if POSIX semantics are wanted.
3271 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3272 case_state = set_posix_case_semantics(talloc_tos(), conn);
3273 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
3277 char *converted_fname;
3279 SET_STAT_INVALID(sbuf);
3281 status = unix_convert(talloc_tos(), conn, fname, False,
3282 &converted_fname, NULL, &sbuf);
3283 if (!NT_STATUS_IS_OK(status)) {
3286 fname = converted_fname;
3289 TALLOC_FREE(case_state);
3291 /* All file access must go through check_name() */
3293 status = check_name(conn, fname);
3294 if (!NT_STATUS_IS_OK(status)) {
3298 status = create_file_unixpath(
3299 conn, req, fname, access_mask, share_access,
3300 create_disposition, create_options, file_attributes,
3301 oplock_request, allocation_size, sd, ea_list,
3302 &fsp, &info, &sbuf);
3304 if (!NT_STATUS_IS_OK(status)) {
3309 DEBUG(10, ("create_file: info=%d\n", info));
3312 if (pinfo != NULL) {
3315 if (psbuf != NULL) {
3318 return NT_STATUS_OK;
3321 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3324 close_file(req, fsp, ERROR_CLOSE);
git.samba.org / samba.git / blob