2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/filesys.h"
25 #include "smbd/smbd.h"
26 #include "smbd/globals.h"
27 #include "fake_file.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_security.h"
30 #include "../librpc/gen_ndr/open_files.h"
34 extern const struct generic_mapping file_generic_mapping;
36 struct deferred_open_record {
37 bool delayed_for_oplocks;
42 /****************************************************************************
43 Check two stats have identical dev and ino fields.
44 ****************************************************************************/
46 static bool check_same_dev_ino(const SMB_STRUCT_STAT *sbuf1,
47 const SMB_STRUCT_STAT *sbuf2)
49 if (sbuf1->st_ex_dev != sbuf2->st_ex_dev ||
50 sbuf1->st_ex_ino != sbuf2->st_ex_ino) {
56 /****************************************************************************
57 If the requester wanted DELETE_ACCESS and was rejected because
58 the file ACL didn't include DELETE_ACCESS, see if the parent ACL
60 ****************************************************************************/
62 static bool parent_override_delete(connection_struct *conn,
63 const struct smb_filename *smb_fname,
65 uint32_t rejected_mask)
67 if ((access_mask & DELETE_ACCESS) &&
68 (rejected_mask & DELETE_ACCESS) &&
69 can_delete_file_in_directory(conn, smb_fname)) {
75 /****************************************************************************
76 Check if we have open rights.
77 ****************************************************************************/
79 NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
80 const struct smb_filename *smb_fname,
83 /* Check if we have rights to open. */
85 struct security_descriptor *sd = NULL;
86 uint32_t rejected_share_access;
87 uint32_t rejected_mask = access_mask;
89 rejected_share_access = access_mask & ~(conn->share_access);
91 if (rejected_share_access) {
92 DEBUG(10, ("smbd_check_access_rights: rejected share access 0x%x "
94 (unsigned int)access_mask,
95 smb_fname_str_dbg(smb_fname),
96 (unsigned int)rejected_share_access ));
97 return NT_STATUS_ACCESS_DENIED;
100 if (get_current_uid(conn) == (uid_t)0) {
101 /* I'm sorry sir, I didn't know you were root... */
102 DEBUG(10,("smbd_check_access_rights: root override "
103 "on %s. Granting 0x%x\n",
104 smb_fname_str_dbg(smb_fname),
105 (unsigned int)access_mask ));
109 if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
110 DEBUG(10,("smbd_check_access_rights: not checking ACL "
111 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
112 smb_fname_str_dbg(smb_fname),
113 (unsigned int)access_mask ));
117 if (access_mask == DELETE_ACCESS &&
118 VALID_STAT(smb_fname->st) &&
119 S_ISLNK(smb_fname->st.st_ex_mode)) {
120 /* We can always delete a symlink. */
121 DEBUG(10,("smbd_check_access_rights: not checking ACL "
122 "on DELETE_ACCESS on symlink %s.\n",
123 smb_fname_str_dbg(smb_fname) ));
127 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
132 if (!NT_STATUS_IS_OK(status)) {
133 DEBUG(10, ("smbd_check_access_rights: Could not get acl "
135 smb_fname_str_dbg(smb_fname),
138 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
146 * Never test FILE_READ_ATTRIBUTES. se_access_check() also takes care of
147 * owner WRITE_DAC and READ_CONTROL.
149 status = se_access_check(sd,
150 get_current_nttok(conn),
151 (access_mask & ~FILE_READ_ATTRIBUTES),
154 DEBUG(10,("smbd_check_access_rights: file %s requesting "
155 "0x%x returning 0x%x (%s)\n",
156 smb_fname_str_dbg(smb_fname),
157 (unsigned int)access_mask,
158 (unsigned int)rejected_mask,
159 nt_errstr(status) ));
161 if (!NT_STATUS_IS_OK(status)) {
162 if (DEBUGLEVEL >= 10) {
163 DEBUG(10,("smbd_check_access_rights: acl for %s is:\n",
164 smb_fname_str_dbg(smb_fname) ));
165 NDR_PRINT_DEBUG(security_descriptor, sd);
171 if (NT_STATUS_IS_OK(status) ||
172 !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
176 /* Here we know status == NT_STATUS_ACCESS_DENIED. */
180 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
181 (rejected_mask & FILE_WRITE_ATTRIBUTES) &&
182 !lp_store_dos_attributes(SNUM(conn)) &&
183 (lp_map_readonly(SNUM(conn)) ||
184 lp_map_archive(SNUM(conn)) ||
185 lp_map_hidden(SNUM(conn)) ||
186 lp_map_system(SNUM(conn)))) {
187 rejected_mask &= ~FILE_WRITE_ATTRIBUTES;
189 DEBUG(10,("smbd_check_access_rights: "
191 "FILE_WRITE_ATTRIBUTES "
193 smb_fname_str_dbg(smb_fname)));
196 if (parent_override_delete(conn,
200 /* Were we trying to do an open
201 * for delete and didn't get DELETE
202 * access (only) ? Check if the
203 * directory allows DELETE_CHILD.
205 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
208 rejected_mask &= ~DELETE_ACCESS;
210 DEBUG(10,("smbd_check_access_rights: "
214 smb_fname_str_dbg(smb_fname)));
217 if (rejected_mask != 0) {
218 return NT_STATUS_ACCESS_DENIED;
223 static NTSTATUS check_parent_access(struct connection_struct *conn,
224 struct smb_filename *smb_fname,
225 uint32_t access_mask)
228 char *parent_dir = NULL;
229 struct security_descriptor *parent_sd = NULL;
230 uint32_t access_granted = 0;
232 if (!parent_dirname(talloc_tos(),
233 smb_fname->base_name,
236 return NT_STATUS_NO_MEMORY;
239 if (get_current_uid(conn) == (uid_t)0) {
240 /* I'm sorry sir, I didn't know you were root... */
241 DEBUG(10,("check_parent_access: root override "
242 "on %s. Granting 0x%x\n",
243 smb_fname_str_dbg(smb_fname),
244 (unsigned int)access_mask ));
248 status = SMB_VFS_GET_NT_ACL(conn,
253 if (!NT_STATUS_IS_OK(status)) {
254 DEBUG(5,("check_parent_access: SMB_VFS_GET_NT_ACL failed for "
255 "%s with error %s\n",
262 * Never test FILE_READ_ATTRIBUTES. se_access_check() also takes care of
263 * owner WRITE_DAC and READ_CONTROL.
265 status = se_access_check(parent_sd,
266 get_current_nttok(conn),
267 (access_mask & ~FILE_READ_ATTRIBUTES),
269 if(!NT_STATUS_IS_OK(status)) {
270 DEBUG(5,("check_parent_access: access check "
271 "on directory %s for "
272 "path %s for mask 0x%x returned (0x%x) %s\n",
274 smb_fname->base_name,
277 nt_errstr(status) ));
284 /****************************************************************************
285 fd support routines - attempt to do a dos_open.
286 ****************************************************************************/
288 static NTSTATUS fd_open(struct connection_struct *conn,
293 struct smb_filename *smb_fname = fsp->fsp_name;
294 NTSTATUS status = NT_STATUS_OK;
298 * Never follow symlinks on a POSIX client. The
299 * client should be doing this.
302 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
307 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
308 if (fsp->fh->fd == -1) {
309 int posix_errno = errno;
311 #if defined(ENOTSUP) && defined(OSF1)
312 /* handle special Tru64 errno */
313 if (errno == ENOTSUP) {
318 /* fix broken NetBSD errno */
319 if (errno == EFTYPE) {
323 /* fix broken FreeBSD errno */
324 if (errno == EMLINK) {
327 #endif /* O_NOFOLLOW */
328 status = map_nt_error_from_unix(posix_errno);
329 if (errno == EMFILE) {
330 static time_t last_warned = 0L;
332 if (time((time_t *) NULL) > last_warned) {
333 DEBUG(0,("Too many open files, unable "
334 "to open more! smbd's max "
336 lp_max_open_files()));
337 last_warned = time((time_t *) NULL);
343 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
344 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
345 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
350 /****************************************************************************
351 Close the file associated with a fsp.
352 ****************************************************************************/
354 NTSTATUS fd_close(files_struct *fsp)
361 if (fsp->fh->fd == -1) {
362 return NT_STATUS_OK; /* What we used to call a stat open. */
364 if (fsp->fh->ref_count > 1) {
365 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
368 ret = SMB_VFS_CLOSE(fsp);
371 return map_nt_error_from_unix(errno);
376 /****************************************************************************
377 Change the ownership of a file to that of the parent directory.
378 Do this by fd if possible.
379 ****************************************************************************/
381 void change_file_owner_to_parent(connection_struct *conn,
382 const char *inherit_from_dir,
385 struct smb_filename *smb_fname_parent = NULL;
389 status = create_synthetic_smb_fname(talloc_tos(), inherit_from_dir,
390 NULL, NULL, &smb_fname_parent);
391 if (!NT_STATUS_IS_OK(status)) {
395 ret = SMB_VFS_STAT(conn, smb_fname_parent);
397 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
398 "directory %s. Error was %s\n",
399 smb_fname_str_dbg(smb_fname_parent),
401 TALLOC_FREE(smb_fname_parent);
405 if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
406 /* Already this uid - no need to change. */
407 DEBUG(10,("change_file_owner_to_parent: file %s "
408 "is already owned by uid %d\n",
410 (int)fsp->fsp_name->st.st_ex_uid ));
411 TALLOC_FREE(smb_fname_parent);
416 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
419 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
420 "file %s to parent directory uid %u. Error "
421 "was %s\n", fsp_str_dbg(fsp),
422 (unsigned int)smb_fname_parent->st.st_ex_uid,
425 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
426 "parent directory uid %u.\n", fsp_str_dbg(fsp),
427 (unsigned int)smb_fname_parent->st.st_ex_uid));
428 /* Ensure the uid entry is updated. */
429 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
432 TALLOC_FREE(smb_fname_parent);
435 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
436 const char *inherit_from_dir,
438 SMB_STRUCT_STAT *psbuf)
440 struct smb_filename *smb_fname_parent = NULL;
441 struct smb_filename *smb_fname_cwd = NULL;
442 char *saved_dir = NULL;
443 TALLOC_CTX *ctx = talloc_tos();
444 NTSTATUS status = NT_STATUS_OK;
447 status = create_synthetic_smb_fname(ctx, inherit_from_dir, NULL, NULL,
449 if (!NT_STATUS_IS_OK(status)) {
453 ret = SMB_VFS_STAT(conn, smb_fname_parent);
455 status = map_nt_error_from_unix(errno);
456 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
457 "directory %s. Error was %s\n",
458 smb_fname_str_dbg(smb_fname_parent),
463 /* We've already done an lstat into psbuf, and we know it's a
464 directory. If we can cd into the directory and the dev/ino
465 are the same then we can safely chown without races as
466 we're locking the directory in place by being in it. This
467 should work on any UNIX (thanks tridge :-). JRA.
470 saved_dir = vfs_GetWd(ctx,conn);
472 status = map_nt_error_from_unix(errno);
473 DEBUG(0,("change_dir_owner_to_parent: failed to get "
474 "current working directory. Error was %s\n",
479 /* Chdir into the new path. */
480 if (vfs_ChDir(conn, fname) == -1) {
481 status = map_nt_error_from_unix(errno);
482 DEBUG(0,("change_dir_owner_to_parent: failed to change "
483 "current working directory to %s. Error "
484 "was %s\n", fname, strerror(errno) ));
488 status = create_synthetic_smb_fname(ctx, ".", NULL, NULL,
490 if (!NT_STATUS_IS_OK(status)) {
494 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
496 status = map_nt_error_from_unix(errno);
497 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
498 "directory '.' (%s) Error was %s\n",
499 fname, strerror(errno)));
503 /* Ensure we're pointing at the same place. */
504 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
505 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
506 DEBUG(0,("change_dir_owner_to_parent: "
507 "device/inode on directory %s changed. "
508 "Refusing to chown !\n", fname ));
509 status = NT_STATUS_ACCESS_DENIED;
513 if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
514 /* Already this uid - no need to change. */
515 DEBUG(10,("change_dir_owner_to_parent: directory %s "
516 "is already owned by uid %d\n",
518 (int)smb_fname_cwd->st.st_ex_uid ));
519 status = NT_STATUS_OK;
524 ret = SMB_VFS_LCHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
528 status = map_nt_error_from_unix(errno);
529 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
530 "directory %s to parent directory uid %u. "
531 "Error was %s\n", fname,
532 (unsigned int)smb_fname_parent->st.st_ex_uid,
535 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
536 "directory %s to parent directory uid %u.\n",
537 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
538 /* Ensure the uid entry is updated. */
539 psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid;
543 vfs_ChDir(conn,saved_dir);
545 TALLOC_FREE(smb_fname_parent);
546 TALLOC_FREE(smb_fname_cwd);
550 /****************************************************************************
552 ****************************************************************************/
554 static NTSTATUS open_file(files_struct *fsp,
555 connection_struct *conn,
556 struct smb_request *req,
557 const char *parent_dir,
560 uint32 access_mask, /* client requested access mask. */
561 uint32 open_access_mask) /* what we're actually using in the open. */
563 struct smb_filename *smb_fname = fsp->fsp_name;
564 NTSTATUS status = NT_STATUS_OK;
565 int accmode = (flags & O_ACCMODE);
566 int local_flags = flags;
567 bool file_existed = VALID_STAT(fsp->fsp_name->st);
568 bool file_created = false;
573 /* Check permissions */
576 * This code was changed after seeing a client open request
577 * containing the open mode of (DENY_WRITE/read-only) with
578 * the 'create if not exist' bit set. The previous code
579 * would fail to open the file read only on a read-only share
580 * as it was checking the flags parameter directly against O_RDONLY,
581 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
585 if (!CAN_WRITE(conn)) {
586 /* It's a read-only share - fail if we wanted to write. */
587 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
588 DEBUG(3,("Permission denied opening %s\n",
589 smb_fname_str_dbg(smb_fname)));
590 return NT_STATUS_ACCESS_DENIED;
591 } else if(flags & O_CREAT) {
592 /* We don't want to write - but we must make sure that
593 O_CREAT doesn't create the file if we have write
594 access into the directory.
596 flags &= ~(O_CREAT|O_EXCL);
597 local_flags &= ~(O_CREAT|O_EXCL);
602 * This little piece of insanity is inspired by the
603 * fact that an NT client can open a file for O_RDONLY,
604 * but set the create disposition to FILE_EXISTS_TRUNCATE.
605 * If the client *can* write to the file, then it expects to
606 * truncate the file, even though it is opening for readonly.
607 * Quicken uses this stupid trick in backup file creation...
608 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
609 * for helping track this one down. It didn't bite us in 2.0.x
610 * as we always opened files read-write in that release. JRA.
613 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
614 DEBUG(10,("open_file: truncate requested on read-only open "
615 "for file %s\n", smb_fname_str_dbg(smb_fname)));
616 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
619 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
620 (!file_existed && (local_flags & O_CREAT)) ||
621 ((local_flags & O_TRUNC) == O_TRUNC) ) {
625 * We can't actually truncate here as the file may be locked.
626 * open_file_ntcreate will take care of the truncate later. JRA.
629 local_flags &= ~O_TRUNC;
631 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
633 * We would block on opening a FIFO with no one else on the
634 * other end. Do what we used to do and add O_NONBLOCK to the
638 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
639 local_flags |= O_NONBLOCK;
643 /* Don't create files with Microsoft wildcard characters. */
646 * wildcard characters are allowed in stream names
647 * only test the basefilename
649 wild = fsp->base_fsp->fsp_name->base_name;
651 wild = smb_fname->base_name;
653 if ((local_flags & O_CREAT) && !file_existed &&
655 return NT_STATUS_OBJECT_NAME_INVALID;
658 /* Can we access this file ? */
659 if (!fsp->base_fsp) {
660 /* Only do this check on non-stream open. */
662 status = smbd_check_access_rights(conn,
665 } else if (local_flags & O_CREAT){
666 status = check_parent_access(conn,
670 /* File didn't exist and no O_CREAT. */
671 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
673 if (!NT_STATUS_IS_OK(status)) {
674 DEBUG(10,("open_file: "
678 "smbd_check_access_rights" :
679 "check_parent_access",
680 smb_fname_str_dbg(smb_fname),
681 nt_errstr(status) ));
686 /* Actually do the open */
687 status = fd_open(conn, fsp, local_flags, unx_mode);
688 if (!NT_STATUS_IS_OK(status)) {
689 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
690 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
691 nt_errstr(status),local_flags,flags));
695 if ((local_flags & O_CREAT) && !file_existed) {
700 fsp->fh->fd = -1; /* What we used to call a stat open. */
702 /* File must exist for a stat open. */
703 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
706 status = smbd_check_access_rights(conn,
710 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
712 S_ISLNK(smb_fname->st.st_ex_mode)) {
713 /* This is a POSIX stat open for delete
714 * or rename on a symlink that points
716 DEBUG(10,("open_file: allowing POSIX "
717 "open on bad symlink %s\n",
718 smb_fname_str_dbg(smb_fname)));
719 status = NT_STATUS_OK;
722 if (!NT_STATUS_IS_OK(status)) {
723 DEBUG(10,("open_file: "
724 "smbd_check_access_rights on file "
726 smb_fname_str_dbg(smb_fname),
727 nt_errstr(status) ));
735 if (fsp->fh->fd == -1) {
736 ret = SMB_VFS_STAT(conn, smb_fname);
738 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
739 /* If we have an fd, this stat should succeed. */
741 DEBUG(0,("Error doing fstat on open file %s "
743 smb_fname_str_dbg(smb_fname),
748 /* For a non-io open, this stat failing means file not found. JRA */
750 status = map_nt_error_from_unix(errno);
756 bool need_re_stat = false;
757 /* Do all inheritance work after we've
758 done a successful stat call and filled
759 in the stat struct in fsp->fsp_name. */
761 /* Inherit the ACL if required */
762 if (lp_inherit_perms(SNUM(conn))) {
763 inherit_access_posix_acl(conn, parent_dir,
764 smb_fname->base_name,
769 /* Change the owner if required. */
770 if (lp_inherit_owner(SNUM(conn))) {
771 change_file_owner_to_parent(conn, parent_dir,
777 if (fsp->fh->fd == -1) {
778 ret = SMB_VFS_STAT(conn, smb_fname);
780 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
781 /* If we have an fd, this stat should succeed. */
783 DEBUG(0,("Error doing fstat on open file %s "
785 smb_fname_str_dbg(smb_fname),
791 notify_fname(conn, NOTIFY_ACTION_ADDED,
792 FILE_NOTIFY_CHANGE_FILE_NAME,
793 smb_fname->base_name);
798 * POSIX allows read-only opens of directories. We don't
799 * want to do this (we use a different code path for this)
800 * so catch a directory open and return an EISDIR. JRA.
803 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
806 return NT_STATUS_FILE_IS_A_DIRECTORY;
809 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
810 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
811 fsp->file_pid = req ? req->smbpid : 0;
812 fsp->can_lock = True;
813 fsp->can_read = ((access_mask & FILE_READ_DATA) != 0);
816 ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) != 0);
817 fsp->print_file = NULL;
818 fsp->modified = False;
819 fsp->sent_oplock_break = NO_BREAK_SENT;
820 fsp->is_directory = False;
821 if (conn->aio_write_behind_list &&
822 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
823 conn->case_sensitive)) {
824 fsp->aio_write_behind = True;
827 fsp->wcp = NULL; /* Write cache pointer. */
829 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
830 conn->session_info->unix_info->unix_name,
831 smb_fname_str_dbg(smb_fname),
832 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
833 conn->num_files_open));
839 /****************************************************************************
840 Check if we can open a file with a share mode.
841 Returns True if conflict, False if not.
842 ****************************************************************************/
844 static bool share_conflict(struct share_mode_entry *entry,
848 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
849 "entry->share_access = 0x%x, "
850 "entry->private_options = 0x%x\n",
851 (unsigned int)entry->access_mask,
852 (unsigned int)entry->share_access,
853 (unsigned int)entry->private_options));
855 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
856 (unsigned int)access_mask, (unsigned int)share_access));
858 if ((entry->access_mask & (FILE_WRITE_DATA|
862 DELETE_ACCESS)) == 0) {
863 DEBUG(10,("share_conflict: No conflict due to "
864 "entry->access_mask = 0x%x\n",
865 (unsigned int)entry->access_mask ));
869 if ((access_mask & (FILE_WRITE_DATA|
873 DELETE_ACCESS)) == 0) {
874 DEBUG(10,("share_conflict: No conflict due to "
875 "access_mask = 0x%x\n",
876 (unsigned int)access_mask ));
880 #if 1 /* JRA TEST - Superdebug. */
881 #define CHECK_MASK(num, am, right, sa, share) \
882 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
883 (unsigned int)(num), (unsigned int)(am), \
884 (unsigned int)(right), (unsigned int)(am)&(right) )); \
885 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
886 (unsigned int)(num), (unsigned int)(sa), \
887 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
888 if (((am) & (right)) && !((sa) & (share))) { \
889 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
890 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
891 (unsigned int)(share) )); \
895 #define CHECK_MASK(num, am, right, sa, share) \
896 if (((am) & (right)) && !((sa) & (share))) { \
897 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
898 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
899 (unsigned int)(share) )); \
904 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
905 share_access, FILE_SHARE_WRITE);
906 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
907 entry->share_access, FILE_SHARE_WRITE);
909 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
910 share_access, FILE_SHARE_READ);
911 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
912 entry->share_access, FILE_SHARE_READ);
914 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
915 share_access, FILE_SHARE_DELETE);
916 CHECK_MASK(6, access_mask, DELETE_ACCESS,
917 entry->share_access, FILE_SHARE_DELETE);
919 DEBUG(10,("share_conflict: No conflict.\n"));
923 #if defined(DEVELOPER)
924 static void validate_my_share_entries(struct smbd_server_connection *sconn,
926 struct share_mode_entry *share_entry)
928 struct server_id self = messaging_server_id(sconn->msg_ctx);
931 if (!serverid_equal(&self, &share_entry->pid)) {
935 if (is_deferred_open_entry(share_entry) &&
936 !open_was_deferred(sconn, share_entry->op_mid)) {
937 char *str = talloc_asprintf(talloc_tos(),
938 "Got a deferred entry without a request: "
940 share_mode_str(talloc_tos(), num, share_entry));
944 if (!is_valid_share_mode_entry(share_entry)) {
948 fsp = file_find_dif(sconn, share_entry->id,
949 share_entry->share_file_id);
951 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
952 share_mode_str(talloc_tos(), num, share_entry) ));
953 smb_panic("validate_my_share_entries: Cannot match a "
954 "share entry with an open file\n");
957 if (is_deferred_open_entry(share_entry)) {
961 if ((share_entry->op_type == NO_OPLOCK) &&
962 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
963 /* Someone has already written to it, but I haven't yet
968 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
977 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
978 share_mode_str(talloc_tos(), num, share_entry) ));
979 str = talloc_asprintf(talloc_tos(),
980 "validate_my_share_entries: "
981 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
982 fsp->fsp_name->base_name,
983 (unsigned int)fsp->oplock_type,
984 (unsigned int)share_entry->op_type );
990 bool is_stat_open(uint32 access_mask)
992 return (access_mask &&
993 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
994 FILE_WRITE_ATTRIBUTES))==0) &&
995 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
996 FILE_WRITE_ATTRIBUTES)) != 0));
999 /****************************************************************************
1000 Deal with share modes
1001 Invarient: Share mode must be locked on entry and exit.
1002 Returns -1 on error, or number of share modes on success (may be zero).
1003 ****************************************************************************/
1005 static NTSTATUS open_mode_check(connection_struct *conn,
1006 struct share_mode_lock *lck,
1009 uint32 share_access,
1010 uint32 create_options,
1015 if(lck->data->num_share_modes == 0) {
1016 return NT_STATUS_OK;
1019 /* A delete on close prohibits everything */
1021 if (is_delete_on_close_set(lck, name_hash)) {
1023 * Check the delete on close token
1024 * is valid. It could have been left
1025 * after a server crash.
1027 for(i = 0; i < lck->data->num_share_modes; i++) {
1028 if (!share_mode_stale_pid(lck->data, i)) {
1030 *file_existed = true;
1032 return NT_STATUS_DELETE_PENDING;
1035 return NT_STATUS_OK;
1038 if (is_stat_open(access_mask)) {
1039 /* Stat open that doesn't trigger oplock breaks or share mode
1040 * checks... ! JRA. */
1041 return NT_STATUS_OK;
1045 * Check if the share modes will give us access.
1048 #if defined(DEVELOPER)
1049 for(i = 0; i < lck->data->num_share_modes; i++) {
1050 validate_my_share_entries(conn->sconn, i,
1051 &lck->data->share_modes[i]);
1055 /* Now we check the share modes, after any oplock breaks. */
1056 for(i = 0; i < lck->data->num_share_modes; i++) {
1058 if (!is_valid_share_mode_entry(&lck->data->share_modes[i])) {
1062 /* someone else has a share lock on it, check to see if we can
1064 if (share_conflict(&lck->data->share_modes[i],
1065 access_mask, share_access)) {
1067 if (share_mode_stale_pid(lck->data, i)) {
1071 *file_existed = true;
1073 return NT_STATUS_SHARING_VIOLATION;
1077 if (lck->data->num_share_modes != 0) {
1078 *file_existed = true;
1081 return NT_STATUS_OK;
1084 static bool is_delete_request(files_struct *fsp) {
1085 return ((fsp->access_mask == DELETE_ACCESS) &&
1086 (fsp->oplock_type == NO_OPLOCK));
1090 * Send a break message to the oplock holder and delay the open for
1094 static NTSTATUS send_break_message(files_struct *fsp,
1095 struct share_mode_entry *exclusive,
1100 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
1102 DEBUG(10, ("Sending break request to PID %s\n",
1103 procid_str_static(&exclusive->pid)));
1104 exclusive->op_mid = mid;
1106 /* Create the message. */
1107 share_mode_entry_to_message(msg, exclusive);
1109 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
1110 don't want this set in the share mode struct pointed to by lck. */
1112 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
1113 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET,
1114 exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
1117 status = messaging_send_buf(fsp->conn->sconn->msg_ctx, exclusive->pid,
1118 MSG_SMB_BREAK_REQUEST,
1120 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
1121 if (!NT_STATUS_IS_OK(status)) {
1122 DEBUG(3, ("Could not send oplock break message: %s\n",
1123 nt_errstr(status)));
1130 * Return share_mode_entry pointers for :
1131 * 1). Batch oplock entry.
1132 * 2). Batch or exclusive oplock entry (may be identical to #1).
1133 * bool have_level2_oplock
1134 * bool have_no_oplock.
1135 * Do internal consistency checks on the share mode for a file.
1138 static void find_oplock_types(files_struct *fsp,
1140 const struct share_mode_lock *lck,
1141 struct share_mode_entry **pp_batch,
1142 struct share_mode_entry **pp_ex_or_batch,
1144 bool *got_no_oplock)
1149 *pp_ex_or_batch = NULL;
1150 *got_level2 = false;
1151 *got_no_oplock = false;
1153 /* Ignore stat or internal opens, as is done in
1154 delay_for_batch_oplocks() and
1155 delay_for_exclusive_oplocks().
1157 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1161 for (i=0; i<lck->data->num_share_modes; i++) {
1162 if (!is_valid_share_mode_entry(&lck->data->share_modes[i])) {
1166 if (lck->data->share_modes[i].op_type == NO_OPLOCK &&
1167 is_stat_open(lck->data->share_modes[i].access_mask)) {
1168 /* We ignore stat opens in the table - they
1169 always have NO_OPLOCK and never get or
1170 cause breaks. JRA. */
1174 if (BATCH_OPLOCK_TYPE(lck->data->share_modes[i].op_type)) {
1175 /* batch - can only be one. */
1176 if (share_mode_stale_pid(lck->data, i)) {
1177 DEBUG(10, ("Found stale batch oplock\n"));
1180 if (*pp_ex_or_batch || *pp_batch || *got_level2 || *got_no_oplock) {
1181 smb_panic("Bad batch oplock entry.");
1183 *pp_batch = &lck->data->share_modes[i];
1186 if (EXCLUSIVE_OPLOCK_TYPE(lck->data->share_modes[i].op_type)) {
1187 if (share_mode_stale_pid(lck->data, i)) {
1188 DEBUG(10, ("Found stale duplicate oplock\n"));
1191 /* Exclusive or batch - can only be one. */
1192 if (*pp_ex_or_batch || *got_level2 || *got_no_oplock) {
1193 smb_panic("Bad exclusive or batch oplock entry.");
1195 *pp_ex_or_batch = &lck->data->share_modes[i];
1198 if (LEVEL_II_OPLOCK_TYPE(lck->data->share_modes[i].op_type)) {
1199 if (*pp_batch || *pp_ex_or_batch) {
1200 if (share_mode_stale_pid(lck->data, i)) {
1201 DEBUG(10, ("Found stale LevelII "
1205 smb_panic("Bad levelII oplock entry.");
1210 if (lck->data->share_modes[i].op_type == NO_OPLOCK) {
1211 if (*pp_batch || *pp_ex_or_batch) {
1212 if (share_mode_stale_pid(lck->data, i)) {
1213 DEBUG(10, ("Found stale NO_OPLOCK "
1217 smb_panic("Bad no oplock entry.");
1219 *got_no_oplock = true;
1224 static bool delay_for_batch_oplocks(files_struct *fsp,
1227 struct share_mode_entry *batch_entry)
1229 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1232 if (batch_entry == NULL) {
1236 /* Found a batch oplock */
1237 send_break_message(fsp, batch_entry, mid, oplock_request);
1241 static bool delay_for_exclusive_oplocks(files_struct *fsp,
1244 struct share_mode_entry *ex_entry)
1248 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1251 if (ex_entry == NULL) {
1255 /* Found an exclusive or batch oplock */
1257 delay_it = is_delete_request(fsp) ?
1258 BATCH_OPLOCK_TYPE(ex_entry->op_type) : true;
1264 send_break_message(fsp, ex_entry, mid, oplock_request);
1268 static bool file_has_brlocks(files_struct *fsp)
1270 struct byte_range_lock *br_lck;
1272 br_lck = brl_get_locks_readonly(fsp);
1276 return br_lck->num_locks > 0 ? true : false;
1279 static void grant_fsp_oplock_type(files_struct *fsp,
1281 bool got_level2_oplock,
1282 bool got_a_none_oplock)
1284 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
1285 lp_level2_oplocks(SNUM(fsp->conn));
1287 /* Start by granting what the client asked for,
1288 but ensure no SAMBA_PRIVATE bits can be set. */
1289 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1291 if (oplock_request & INTERNAL_OPEN_ONLY) {
1292 /* No oplocks on internal open. */
1293 fsp->oplock_type = NO_OPLOCK;
1294 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1295 fsp->oplock_type, fsp_str_dbg(fsp)));
1299 if (lp_locking(fsp->conn->params) && file_has_brlocks(fsp)) {
1300 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
1302 fsp->oplock_type = NO_OPLOCK;
1305 if (is_stat_open(fsp->access_mask)) {
1306 /* Leave the value already set. */
1307 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1308 fsp->oplock_type, fsp_str_dbg(fsp)));
1313 * Match what was requested (fsp->oplock_type) with
1314 * what was found in the existing share modes.
1317 if (got_a_none_oplock) {
1318 fsp->oplock_type = NO_OPLOCK;
1319 } else if (got_level2_oplock) {
1320 if (fsp->oplock_type == NO_OPLOCK ||
1321 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
1322 /* Store a level2 oplock, but don't tell the client */
1323 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1325 fsp->oplock_type = LEVEL_II_OPLOCK;
1328 /* All share_mode_entries are placeholders or deferred.
1329 * Silently upgrade to fake levelII if the client didn't
1330 * ask for an oplock. */
1331 if (fsp->oplock_type == NO_OPLOCK) {
1332 /* Store a level2 oplock, but don't tell the client */
1333 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1338 * Don't grant level2 to clients that don't want them
1339 * or if we've turned them off.
1341 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1342 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1345 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1346 fsp->oplock_type, fsp_str_dbg(fsp)));
1349 bool request_timed_out(struct timeval request_time,
1350 struct timeval timeout)
1352 struct timeval now, end_time;
1354 end_time = timeval_sum(&request_time, &timeout);
1355 return (timeval_compare(&end_time, &now) < 0);
1358 /****************************************************************************
1359 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1360 ****************************************************************************/
1362 static void defer_open(struct share_mode_lock *lck,
1363 struct timeval request_time,
1364 struct timeval timeout,
1365 struct smb_request *req,
1366 struct deferred_open_record *state)
1368 struct server_id self = messaging_server_id(req->sconn->msg_ctx);
1370 /* Paranoia check */
1375 for (i=0; i<lck->data->num_share_modes; i++) {
1376 struct share_mode_entry *e = &lck->data->share_modes[i];
1378 if (is_deferred_open_entry(e) &&
1379 serverid_equal(&self, &e->pid) &&
1380 (e->op_mid == req->mid)) {
1381 DEBUG(0, ("Trying to defer an already deferred "
1382 "request: mid=%llu, exiting\n",
1383 (unsigned long long)req->mid));
1384 exit_server("attempt to defer a deferred request");
1389 /* End paranoia check */
1391 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1392 "open entry for mid %llu\n",
1393 (unsigned int)request_time.tv_sec,
1394 (unsigned int)request_time.tv_usec,
1395 (unsigned long long)req->mid));
1397 if (!push_deferred_open_message_smb(req, request_time, timeout,
1398 state->id, (char *)state, sizeof(*state))) {
1399 exit_server("push_deferred_open_message_smb failed");
1402 add_deferred_open(lck, req->mid, request_time, self, state->id);
1407 /****************************************************************************
1408 On overwrite open ensure that the attributes match.
1409 ****************************************************************************/
1411 bool open_match_attributes(connection_struct *conn,
1412 uint32 old_dos_attr,
1413 uint32 new_dos_attr,
1414 mode_t existing_unx_mode,
1415 mode_t new_unx_mode,
1416 mode_t *returned_unx_mode)
1418 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1420 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1421 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1423 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1424 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1425 *returned_unx_mode = new_unx_mode;
1427 *returned_unx_mode = (mode_t)0;
1430 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1431 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1432 "returned_unx_mode = 0%o\n",
1433 (unsigned int)old_dos_attr,
1434 (unsigned int)existing_unx_mode,
1435 (unsigned int)new_dos_attr,
1436 (unsigned int)*returned_unx_mode ));
1438 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1439 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1440 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1441 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1445 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1446 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1447 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1454 /****************************************************************************
1455 Special FCB or DOS processing in the case of a sharing violation.
1456 Try and find a duplicated file handle.
1457 ****************************************************************************/
1459 static NTSTATUS fcb_or_dos_open(struct smb_request *req,
1460 connection_struct *conn,
1461 files_struct *fsp_to_dup_into,
1462 const struct smb_filename *smb_fname,
1467 uint32 share_access,
1468 uint32 create_options)
1472 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1473 "file %s.\n", smb_fname_str_dbg(smb_fname)));
1475 for(fsp = file_find_di_first(conn->sconn, id); fsp;
1476 fsp = file_find_di_next(fsp)) {
1478 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1479 "vuid = %llu, file_pid = %u, private_options = 0x%x "
1480 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1481 fsp->fh->fd, (unsigned long long)fsp->vuid,
1482 (unsigned int)fsp->file_pid,
1483 (unsigned int)fsp->fh->private_options,
1484 (unsigned int)fsp->access_mask ));
1486 if (fsp->fh->fd != -1 &&
1487 fsp->vuid == vuid &&
1488 fsp->file_pid == file_pid &&
1489 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1490 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1491 (fsp->access_mask & FILE_WRITE_DATA) &&
1492 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1493 strequal(fsp->fsp_name->stream_name,
1494 smb_fname->stream_name)) {
1495 DEBUG(10,("fcb_or_dos_open: file match\n"));
1501 return NT_STATUS_NOT_FOUND;
1504 /* quite an insane set of semantics ... */
1505 if (is_executable(smb_fname->base_name) &&
1506 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1507 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1508 return NT_STATUS_INVALID_PARAMETER;
1511 /* We need to duplicate this fsp. */
1512 return dup_file_fsp(req, fsp, access_mask, share_access,
1513 create_options, fsp_to_dup_into);
1516 static void schedule_defer_open(struct share_mode_lock *lck,
1517 struct timeval request_time,
1518 struct smb_request *req)
1520 struct deferred_open_record state;
1522 /* This is a relative time, added to the absolute
1523 request_time value to get the absolute timeout time.
1524 Note that if this is the second or greater time we enter
1525 this codepath for this particular request mid then
1526 request_time is left as the absolute time of the *first*
1527 time this request mid was processed. This is what allows
1528 the request to eventually time out. */
1530 struct timeval timeout;
1532 /* Normally the smbd we asked should respond within
1533 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1534 * the client did, give twice the timeout as a safety
1535 * measure here in case the other smbd is stuck
1536 * somewhere else. */
1538 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1540 /* Nothing actually uses state.delayed_for_oplocks
1541 but it's handy to differentiate in debug messages
1542 between a 30 second delay due to oplock break, and
1543 a 1 second delay for share mode conflicts. */
1545 state.delayed_for_oplocks = True;
1546 state.async_open = false;
1547 state.id = lck->data->id;
1549 if (!request_timed_out(request_time, timeout)) {
1550 defer_open(lck, request_time, timeout, req, &state);
1554 /****************************************************************************
1555 Reschedule an open call that went asynchronous.
1556 ****************************************************************************/
1558 static void schedule_async_open(struct timeval request_time,
1559 struct smb_request *req)
1561 struct deferred_open_record state;
1562 struct timeval timeout;
1564 timeout = timeval_set(20, 0);
1567 state.delayed_for_oplocks = false;
1568 state.async_open = true;
1570 if (!request_timed_out(request_time, timeout)) {
1571 defer_open(NULL, request_time, timeout, req, &state);
1575 /****************************************************************************
1576 Work out what access_mask to use from what the client sent us.
1577 ****************************************************************************/
1579 static NTSTATUS smbd_calculate_maximum_allowed_access(
1580 connection_struct *conn,
1581 const struct smb_filename *smb_fname,
1582 uint32_t *p_access_mask)
1584 struct security_descriptor *sd;
1585 uint32_t access_granted;
1588 if (get_current_uid(conn) == (uid_t)0) {
1589 *p_access_mask |= FILE_GENERIC_ALL;
1590 return NT_STATUS_OK;
1593 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1598 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1600 * File did not exist
1602 *p_access_mask = FILE_GENERIC_ALL;
1603 return NT_STATUS_OK;
1605 if (!NT_STATUS_IS_OK(status)) {
1606 DEBUG(10,("smbd_calculate_access_mask: "
1607 "Could not get acl on file %s: %s\n",
1608 smb_fname_str_dbg(smb_fname),
1609 nt_errstr(status)));
1610 return NT_STATUS_ACCESS_DENIED;
1614 * Never test FILE_READ_ATTRIBUTES. se_access_check()
1615 * also takes care of owner WRITE_DAC and READ_CONTROL.
1617 status = se_access_check(sd,
1618 get_current_nttok(conn),
1619 (*p_access_mask & ~FILE_READ_ATTRIBUTES),
1624 if (!NT_STATUS_IS_OK(status)) {
1625 DEBUG(10, ("smbd_calculate_access_mask: "
1626 "Access denied on file %s: "
1627 "when calculating maximum access\n",
1628 smb_fname_str_dbg(smb_fname)));
1629 return NT_STATUS_ACCESS_DENIED;
1631 *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
1632 return NT_STATUS_OK;
1635 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
1636 const struct smb_filename *smb_fname,
1637 uint32_t access_mask,
1638 uint32_t *access_mask_out)
1641 uint32_t orig_access_mask = access_mask;
1642 uint32_t rejected_share_access;
1645 * Convert GENERIC bits to specific bits.
1648 se_map_generic(&access_mask, &file_generic_mapping);
1650 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1651 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1653 status = smbd_calculate_maximum_allowed_access(
1654 conn, smb_fname, &access_mask);
1656 if (!NT_STATUS_IS_OK(status)) {
1660 access_mask &= conn->share_access;
1663 rejected_share_access = access_mask & ~(conn->share_access);
1665 if (rejected_share_access) {
1666 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
1667 "file %s: rejected by share access mask[0x%08X] "
1668 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
1669 smb_fname_str_dbg(smb_fname),
1671 orig_access_mask, access_mask,
1672 rejected_share_access));
1673 return NT_STATUS_ACCESS_DENIED;
1676 *access_mask_out = access_mask;
1677 return NT_STATUS_OK;
1680 /****************************************************************************
1681 Remove the deferred open entry under lock.
1682 ****************************************************************************/
1684 void remove_deferred_open_entry(struct file_id id, uint64_t mid,
1685 struct server_id pid)
1687 struct share_mode_lock *lck = get_existing_share_mode_lock(
1690 DEBUG(0, ("could not get share mode lock\n"));
1693 del_deferred_open_entry(lck, mid, pid);
1697 /****************************************************************************
1698 Return true if this is a state pointer to an asynchronous create.
1699 ****************************************************************************/
1701 bool is_deferred_open_async(const void *ptr)
1703 const struct deferred_open_record *state = (const struct deferred_open_record *)ptr;
1705 return state->async_open;
1708 /****************************************************************************
1709 Open a file with a share mode. Passed in an already created files_struct *.
1710 ****************************************************************************/
1712 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1713 struct smb_request *req,
1714 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1715 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1716 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1717 uint32 create_options, /* options such as delete on close. */
1718 uint32 new_dos_attributes, /* attributes used for new file. */
1719 int oplock_request, /* internal Samba oplock codes. */
1720 /* Information (FILE_EXISTS etc.) */
1721 uint32_t private_flags, /* Samba specific flags. */
1725 struct smb_filename *smb_fname = fsp->fsp_name;
1728 bool file_existed = VALID_STAT(smb_fname->st);
1729 bool def_acl = False;
1730 bool posix_open = False;
1731 bool new_file_created = False;
1732 bool clear_ads = false;
1733 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1734 mode_t new_unx_mode = (mode_t)0;
1735 mode_t unx_mode = (mode_t)0;
1737 uint32 existing_dos_attributes = 0;
1738 struct timeval request_time = timeval_zero();
1739 struct share_mode_lock *lck = NULL;
1740 uint32 open_access_mask = access_mask;
1744 if (conn->printer) {
1746 * Printers are handled completely differently.
1747 * Most of the passed parameters are ignored.
1751 *pinfo = FILE_WAS_CREATED;
1754 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1755 smb_fname_str_dbg(smb_fname)));
1758 DEBUG(0,("open_file_ntcreate: printer open without "
1759 "an SMB request!\n"));
1760 return NT_STATUS_INTERNAL_ERROR;
1763 return print_spool_open(fsp, smb_fname->base_name,
1767 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
1769 return NT_STATUS_NO_MEMORY;
1772 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1774 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1775 new_dos_attributes = 0;
1777 /* Windows allows a new file to be created and
1778 silently removes a FILE_ATTRIBUTE_DIRECTORY
1779 sent by the client. Do the same. */
1781 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
1783 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
1785 unx_mode = unix_mode(conn, new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
1786 smb_fname, parent_dir);
1789 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1790 "access_mask=0x%x share_access=0x%x "
1791 "create_disposition = 0x%x create_options=0x%x "
1792 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
1793 smb_fname_str_dbg(smb_fname), new_dos_attributes,
1794 access_mask, share_access, create_disposition,
1795 create_options, (unsigned int)unx_mode, oplock_request,
1796 (unsigned int)private_flags));
1798 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1799 DEBUG(0, ("No smb request but not an internal only open!\n"));
1800 return NT_STATUS_INTERNAL_ERROR;
1804 * Only non-internal opens can be deferred at all
1809 if (get_deferred_open_message_state(req,
1812 /* Remember the absolute time of the original
1813 request with this mid. We'll use it later to
1814 see if this has timed out. */
1816 /* If it was an async create retry, the file
1819 if (is_deferred_open_async(ptr)) {
1820 SET_STAT_INVALID(smb_fname->st);
1821 file_existed = false;
1823 struct deferred_open_record *state = (struct deferred_open_record *)ptr;
1824 /* Remove the deferred open entry under lock. */
1825 remove_deferred_open_entry(
1826 state->id, req->mid,
1827 messaging_server_id(req->sconn->msg_ctx));
1830 /* Ensure we don't reprocess this message. */
1831 remove_deferred_open_message_smb(req->sconn, req->mid);
1836 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1838 existing_dos_attributes = dos_mode(conn, smb_fname);
1842 /* ignore any oplock requests if oplocks are disabled */
1843 if (!lp_oplocks(SNUM(conn)) ||
1844 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
1845 /* Mask off everything except the private Samba bits. */
1846 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1849 /* this is for OS/2 long file names - say we don't support them */
1850 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
1851 /* OS/2 Workplace shell fix may be main code stream in a later
1853 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1855 if (use_nt_status()) {
1856 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1858 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1861 switch( create_disposition ) {
1863 * Currently we're using FILE_SUPERSEDE as the same as
1864 * FILE_OVERWRITE_IF but they really are
1865 * different. FILE_SUPERSEDE deletes an existing file
1866 * (requiring delete access) then recreates it.
1868 case FILE_SUPERSEDE:
1869 /* If file exists replace/overwrite. If file doesn't
1871 flags2 |= (O_CREAT | O_TRUNC);
1875 case FILE_OVERWRITE_IF:
1876 /* If file exists replace/overwrite. If file doesn't
1878 flags2 |= (O_CREAT | O_TRUNC);
1883 /* If file exists open. If file doesn't exist error. */
1884 if (!file_existed) {
1885 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1886 "requested for file %s and file "
1888 smb_fname_str_dbg(smb_fname)));
1890 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1894 case FILE_OVERWRITE:
1895 /* If file exists overwrite. If file doesn't exist
1897 if (!file_existed) {
1898 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1899 "requested for file %s and file "
1901 smb_fname_str_dbg(smb_fname) ));
1903 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1910 /* If file exists error. If file doesn't exist
1913 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1914 "requested for file %s and file "
1915 "already exists.\n",
1916 smb_fname_str_dbg(smb_fname)));
1917 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
1922 return map_nt_error_from_unix(errno);
1924 flags2 |= (O_CREAT|O_EXCL);
1928 /* If file exists open. If file doesn't exist
1934 return NT_STATUS_INVALID_PARAMETER;
1937 /* We only care about matching attributes on file exists and
1940 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1941 (create_disposition == FILE_OVERWRITE_IF))) {
1942 if (!open_match_attributes(conn, existing_dos_attributes,
1944 smb_fname->st.st_ex_mode,
1945 unx_mode, &new_unx_mode)) {
1946 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1947 "for file %s (%x %x) (0%o, 0%o)\n",
1948 smb_fname_str_dbg(smb_fname),
1949 existing_dos_attributes,
1951 (unsigned int)smb_fname->st.st_ex_mode,
1952 (unsigned int)unx_mode ));
1954 return NT_STATUS_ACCESS_DENIED;
1958 status = smbd_calculate_access_mask(conn, smb_fname,
1961 if (!NT_STATUS_IS_OK(status)) {
1962 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
1963 "on file %s returned %s\n",
1964 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
1968 open_access_mask = access_mask;
1970 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1971 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1974 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1975 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
1979 * Note that we ignore the append flag as append does not
1980 * mean the same thing under DOS and Unix.
1983 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1984 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1985 /* DENY_DOS opens are always underlying read-write on the
1986 file handle, no matter what the requested access mask
1988 if ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1989 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1999 * Currently we only look at FILE_WRITE_THROUGH for create options.
2003 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
2008 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
2012 if (!posix_open && !CAN_WRITE(conn)) {
2014 * We should really return a permission denied error if either
2015 * O_CREAT or O_TRUNC are set, but for compatibility with
2016 * older versions of Samba we just AND them out.
2018 flags2 &= ~(O_CREAT|O_TRUNC);
2022 * Ensure we can't write on a read-only share or file.
2025 if (flags != O_RDONLY && file_existed &&
2026 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
2027 DEBUG(5,("open_file_ntcreate: write access requested for "
2028 "file %s on read only %s\n",
2029 smb_fname_str_dbg(smb_fname),
2030 !CAN_WRITE(conn) ? "share" : "file" ));
2032 return NT_STATUS_ACCESS_DENIED;
2035 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
2036 fsp->share_access = share_access;
2037 fsp->fh->private_options = private_flags;
2038 fsp->access_mask = open_access_mask; /* We change this to the
2039 * requested access_mask after
2040 * the open is done. */
2041 fsp->posix_open = posix_open;
2043 /* Ensure no SAMBA_PRIVATE bits can be set. */
2044 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
2046 if (timeval_is_zero(&request_time)) {
2047 request_time = fsp->open_time;
2051 struct share_mode_entry *batch_entry = NULL;
2052 struct share_mode_entry *exclusive_entry = NULL;
2053 bool got_level2_oplock = false;
2054 bool got_a_none_oplock = false;
2057 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
2058 id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
2060 lck = get_share_mode_lock(talloc_tos(), id,
2062 smb_fname, &old_write_time);
2064 DEBUG(0, ("Could not get share mode lock\n"));
2065 return NT_STATUS_SHARING_VIOLATION;
2068 /* Get the types we need to examine. */
2069 find_oplock_types(fsp,
2075 &got_a_none_oplock);
2077 /* First pass - send break only on batch oplocks. */
2078 if ((req != NULL) &&
2079 delay_for_batch_oplocks(fsp,
2083 schedule_defer_open(lck, request_time, req);
2085 return NT_STATUS_SHARING_VIOLATION;
2088 /* Use the client requested access mask here, not the one we
2090 status = open_mode_check(conn, lck, fsp->name_hash,
2091 access_mask, share_access,
2092 create_options, &file_existed);
2094 if (NT_STATUS_IS_OK(status)) {
2095 /* We might be going to allow this open. Check oplock
2097 /* Second pass - send break for both batch or
2098 * exclusive oplocks. */
2099 if ((req != NULL) &&
2100 delay_for_exclusive_oplocks(
2105 schedule_defer_open(lck, request_time, req);
2107 return NT_STATUS_SHARING_VIOLATION;
2111 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
2112 /* DELETE_PENDING is not deferred for a second */
2117 grant_fsp_oplock_type(fsp,
2122 if (!NT_STATUS_IS_OK(status)) {
2123 uint32 can_access_mask;
2124 bool can_access = True;
2126 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
2128 /* Check if this can be done with the deny_dos and fcb
2131 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
2132 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
2134 DEBUG(0, ("DOS open without an SMB "
2137 return NT_STATUS_INTERNAL_ERROR;
2140 /* Use the client requested access mask here,
2141 * not the one we open with. */
2142 status = fcb_or_dos_open(req,
2153 if (NT_STATUS_IS_OK(status)) {
2156 *pinfo = FILE_WAS_OPENED;
2158 return NT_STATUS_OK;
2163 * This next line is a subtlety we need for
2164 * MS-Access. If a file open will fail due to share
2165 * permissions and also for security (access) reasons,
2166 * we need to return the access failed error, not the
2167 * share error. We can't open the file due to kernel
2168 * oplock deadlock (it's possible we failed above on
2169 * the open_mode_check()) so use a userspace check.
2172 if (flags & O_RDWR) {
2173 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
2174 } else if (flags & O_WRONLY) {
2175 can_access_mask = FILE_WRITE_DATA;
2177 can_access_mask = FILE_READ_DATA;
2180 if (((can_access_mask & FILE_WRITE_DATA) &&
2181 !CAN_WRITE(conn)) ||
2182 !NT_STATUS_IS_OK(smbd_check_access_rights(conn,
2183 smb_fname, can_access_mask))) {
2188 * If we're returning a share violation, ensure we
2189 * cope with the braindead 1 second delay.
2192 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
2193 lp_defer_sharing_violations()) {
2194 struct timeval timeout;
2195 struct deferred_open_record state;
2198 /* this is a hack to speed up torture tests
2200 timeout_usecs = lp_parm_int(SNUM(conn),
2201 "smbd","sharedelay",
2202 SHARING_VIOLATION_USEC_WAIT);
2204 /* This is a relative time, added to the absolute
2205 request_time value to get the absolute timeout time.
2206 Note that if this is the second or greater time we enter
2207 this codepath for this particular request mid then
2208 request_time is left as the absolute time of the *first*
2209 time this request mid was processed. This is what allows
2210 the request to eventually time out. */
2212 timeout = timeval_set(0, timeout_usecs);
2214 /* Nothing actually uses state.delayed_for_oplocks
2215 but it's handy to differentiate in debug messages
2216 between a 30 second delay due to oplock break, and
2217 a 1 second delay for share mode conflicts. */
2219 state.delayed_for_oplocks = False;
2220 state.async_open = false;
2224 && !request_timed_out(request_time,
2226 defer_open(lck, request_time, timeout,
2234 * We have detected a sharing violation here
2235 * so return the correct error code
2237 status = NT_STATUS_SHARING_VIOLATION;
2239 status = NT_STATUS_ACCESS_DENIED;
2245 * We exit this block with the share entry *locked*.....
2249 SMB_ASSERT(!file_existed || (lck != NULL));
2252 * Ensure we pay attention to default ACLs on directories if required.
2255 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
2256 (def_acl = directory_has_default_acl(conn, parent_dir))) {
2257 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
2260 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2261 "access_mask = 0x%x, open_access_mask = 0x%x\n",
2262 (unsigned int)flags, (unsigned int)flags2,
2263 (unsigned int)unx_mode, (unsigned int)access_mask,
2264 (unsigned int)open_access_mask));
2267 * open_file strips any O_TRUNC flags itself.
2270 fsp_open = open_file(fsp, conn, req, parent_dir,
2271 flags|flags2, unx_mode, access_mask,
2274 if (!NT_STATUS_IS_OK(fsp_open)) {
2275 if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_RETRY)) {
2276 schedule_async_open(request_time, req);
2282 if (!file_existed) {
2283 struct share_mode_entry *batch_entry = NULL;
2284 struct share_mode_entry *exclusive_entry = NULL;
2285 bool got_level2_oplock = false;
2286 bool got_a_none_oplock = false;
2287 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
2290 * Deal with the race condition where two smbd's detect the
2291 * file doesn't exist and do the create at the same time. One
2292 * of them will win and set a share mode, the other (ie. this
2293 * one) should check if the requested share mode for this
2294 * create is allowed.
2298 * Now the file exists and fsp is successfully opened,
2299 * fsp->dev and fsp->inode are valid and should replace the
2300 * dev=0,inode=0 from a non existent file. Spotted by
2301 * Nadav Danieli <nadavd@exanet.com>. JRA.
2306 lck = get_share_mode_lock(talloc_tos(), id,
2308 smb_fname, &old_write_time);
2311 DEBUG(0, ("open_file_ntcreate: Could not get share "
2312 "mode lock for %s\n",
2313 smb_fname_str_dbg(smb_fname)));
2315 return NT_STATUS_SHARING_VIOLATION;
2318 /* Get the types we need to examine. */
2319 find_oplock_types(fsp,
2325 &got_a_none_oplock);
2327 /* First pass - send break only on batch oplocks. */
2328 if ((req != NULL) &&
2329 delay_for_batch_oplocks(fsp,
2333 schedule_defer_open(lck, request_time, req);
2336 return NT_STATUS_SHARING_VIOLATION;
2339 status = open_mode_check(conn, lck, fsp->name_hash,
2340 access_mask, share_access,
2341 create_options, &file_existed);
2343 if (NT_STATUS_IS_OK(status)) {
2344 /* We might be going to allow this open. Check oplock
2346 /* Second pass - send break for both batch or
2347 * exclusive oplocks. */
2348 if ((req != NULL) &&
2349 delay_for_exclusive_oplocks(
2354 schedule_defer_open(lck, request_time, req);
2357 return NT_STATUS_SHARING_VIOLATION;
2361 if (!NT_STATUS_IS_OK(status)) {
2362 struct deferred_open_record state;
2364 state.delayed_for_oplocks = False;
2365 state.async_open = false;
2368 /* Do it all over again immediately. In the second
2369 * round we will find that the file existed and handle
2370 * the DELETE_PENDING and FCB cases correctly. No need
2371 * to duplicate the code here. Essentially this is a
2372 * "goto top of this function", but don't tell
2376 defer_open(lck, request_time, timeval_zero(),
2384 grant_fsp_oplock_type(fsp,
2390 * We exit this block with the share entry *locked*.....
2395 SMB_ASSERT(lck != NULL);
2397 /* Delete streams if create_disposition requires it */
2398 if (file_existed && clear_ads &&
2399 !is_ntfs_stream_smb_fname(smb_fname)) {
2400 status = delete_all_streams(conn, smb_fname->base_name);
2401 if (!NT_STATUS_IS_OK(status)) {
2408 /* note that we ignore failure for the following. It is
2409 basically a hack for NFS, and NFS will never set one of
2410 these only read them. Nobody but Samba can ever set a deny
2411 mode and we have already checked our more authoritative
2412 locking database for permission to set this deny mode. If
2413 the kernel refuses the operations then the kernel is wrong.
2414 note that GPFS supports it as well - jmcd */
2416 if (fsp->fh->fd != -1) {
2418 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
2419 if(ret_flock == -1 ){
2424 return NT_STATUS_SHARING_VIOLATION;
2429 * At this point onwards, we can guarentee that the share entry
2430 * is locked, whether we created the file or not, and that the
2431 * deny mode is compatible with all current opens.
2435 * If requested, truncate the file.
2438 if (file_existed && (flags2&O_TRUNC)) {
2440 * We are modifying the file after open - update the stat
2443 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2444 (SMB_VFS_FSTAT(fsp, &smb_fname->st)==-1)) {
2445 status = map_nt_error_from_unix(errno);
2453 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2454 * but we don't have to store this - just ignore it on access check.
2456 if (conn->sconn->using_smb2) {
2458 * SMB2 doesn't return it (according to Microsoft tests).
2459 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
2460 * File created with access = 0x7 (Read, Write, Delete)
2461 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
2463 fsp->access_mask = access_mask;
2465 /* But SMB1 does. */
2466 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2470 /* stat opens on existing files don't get oplocks. */
2471 if (is_stat_open(open_access_mask)) {
2472 fsp->oplock_type = NO_OPLOCK;
2475 if (flags2 & O_TRUNC) {
2476 info = FILE_WAS_OVERWRITTEN;
2478 info = FILE_WAS_OPENED;
2481 info = FILE_WAS_CREATED;
2489 * Setup the oplock info in both the shared memory and
2493 status = set_file_oplock(fsp, fsp->oplock_type);
2494 if (!NT_STATUS_IS_OK(status)) {
2496 * Could not get the kernel oplock or there are byte-range
2497 * locks on the file.
2499 fsp->oplock_type = NO_OPLOCK;
2502 set_share_mode(lck, fsp, get_current_uid(conn),
2506 /* Handle strange delete on close create semantics. */
2507 if (create_options & FILE_DELETE_ON_CLOSE) {
2509 status = can_set_delete_on_close(fsp, new_dos_attributes);
2511 if (!NT_STATUS_IS_OK(status)) {
2512 /* Remember to delete the mode we just added. */
2513 del_share_mode(lck, fsp);
2518 /* Note that here we set the *inital* delete on close flag,
2519 not the regular one. The magic gets handled in close. */
2520 fsp->initial_delete_on_close = True;
2523 if (info == FILE_WAS_OVERWRITTEN
2524 || info == FILE_WAS_CREATED
2525 || info == FILE_WAS_SUPERSEDED) {
2526 new_file_created = True;
2529 if (new_file_created) {
2530 /* Files should be initially set as archive */
2531 if (lp_map_archive(SNUM(conn)) ||
2532 lp_store_dos_attributes(SNUM(conn))) {
2534 if (file_set_dosmode(conn, smb_fname,
2535 new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
2536 parent_dir, true) == 0) {
2537 unx_mode = smb_fname->st.st_ex_mode;
2543 /* Determine sparse flag. */
2545 /* POSIX opens are sparse by default. */
2546 fsp->is_sparse = true;
2548 fsp->is_sparse = (file_existed &&
2549 (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE));
2553 * Take care of inherited ACLs on created files - if default ACL not
2557 if (!posix_open && !file_existed && !def_acl) {
2559 int saved_errno = errno; /* We might get ENOSYS in the next
2562 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2564 errno = saved_errno; /* Ignore ENOSYS */
2567 } else if (new_unx_mode) {
2571 /* Attributes need changing. File already existed. */
2574 int saved_errno = errno; /* We might get ENOSYS in the
2576 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2578 if (ret == -1 && errno == ENOSYS) {
2579 errno = saved_errno; /* Ignore ENOSYS */
2581 DEBUG(5, ("open_file_ntcreate: reset "
2582 "attributes of file %s to 0%o\n",
2583 smb_fname_str_dbg(smb_fname),
2584 (unsigned int)new_unx_mode));
2585 ret = 0; /* Don't do the fchmod below. */
2590 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2591 DEBUG(5, ("open_file_ntcreate: failed to reset "
2592 "attributes of file %s to 0%o\n",
2593 smb_fname_str_dbg(smb_fname),
2594 (unsigned int)new_unx_mode));
2597 /* If this is a successful open, we must remove any deferred open
2600 del_deferred_open_entry(lck, req->mid,
2601 messaging_server_id(req->sconn->msg_ctx));
2605 return NT_STATUS_OK;
2609 /****************************************************************************
2610 Open a file for for write to ensure that we can fchmod it.
2611 ****************************************************************************/
2613 NTSTATUS open_file_fchmod(connection_struct *conn,
2614 struct smb_filename *smb_fname,
2615 files_struct **result)
2617 if (!VALID_STAT(smb_fname->st)) {
2618 return NT_STATUS_INVALID_PARAMETER;
2621 return SMB_VFS_CREATE_FILE(
2624 0, /* root_dir_fid */
2625 smb_fname, /* fname */
2626 FILE_WRITE_DATA, /* access_mask */
2627 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2629 FILE_OPEN, /* create_disposition*/
2630 0, /* create_options */
2631 0, /* file_attributes */
2632 INTERNAL_OPEN_ONLY, /* oplock_request */
2633 0, /* allocation_size */
2634 0, /* private_flags */
2637 result, /* result */
2641 static NTSTATUS mkdir_internal(connection_struct *conn,
2642 struct smb_filename *smb_dname,
2643 uint32 file_attributes)
2646 char *parent_dir = NULL;
2648 bool posix_open = false;
2649 bool need_re_stat = false;
2650 uint32_t access_mask = SEC_DIR_ADD_SUBDIR;
2652 if(access_mask & ~(conn->share_access)) {
2653 DEBUG(5,("mkdir_internal: failing share access "
2654 "%s\n", lp_servicename(SNUM(conn))));
2655 return NT_STATUS_ACCESS_DENIED;
2658 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2660 return NT_STATUS_NO_MEMORY;
2663 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2665 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2667 mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, smb_dname, parent_dir);
2670 status = check_parent_access(conn,
2673 if(!NT_STATUS_IS_OK(status)) {
2674 DEBUG(5,("mkdir_internal: check_parent_access "
2675 "on directory %s for path %s returned %s\n",
2677 smb_dname->base_name,
2678 nt_errstr(status) ));
2682 if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2683 return map_nt_error_from_unix(errno);
2686 /* Ensure we're checking for a symlink here.... */
2687 /* We don't want to get caught by a symlink racer. */
2689 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2690 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2691 smb_fname_str_dbg(smb_dname), strerror(errno)));
2692 return map_nt_error_from_unix(errno);
2695 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2696 DEBUG(0, ("Directory '%s' just created is not a directory !\n",
2697 smb_fname_str_dbg(smb_dname)));
2698 return NT_STATUS_NOT_A_DIRECTORY;
2701 if (lp_store_dos_attributes(SNUM(conn))) {
2703 file_set_dosmode(conn, smb_dname,
2704 file_attributes | FILE_ATTRIBUTE_DIRECTORY,
2709 if (lp_inherit_perms(SNUM(conn))) {
2710 inherit_access_posix_acl(conn, parent_dir,
2711 smb_dname->base_name, mode);
2712 need_re_stat = true;
2717 * Check if high bits should have been set,
2718 * then (if bits are missing): add them.
2719 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2722 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2723 (mode & ~smb_dname->st.st_ex_mode)) {
2724 SMB_VFS_CHMOD(conn, smb_dname->base_name,
2725 (smb_dname->st.st_ex_mode |
2726 (mode & ~smb_dname->st.st_ex_mode)));
2727 need_re_stat = true;
2731 /* Change the owner if required. */
2732 if (lp_inherit_owner(SNUM(conn))) {
2733 change_dir_owner_to_parent(conn, parent_dir,
2734 smb_dname->base_name,
2736 need_re_stat = true;
2740 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2741 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2742 smb_fname_str_dbg(smb_dname), strerror(errno)));
2743 return map_nt_error_from_unix(errno);
2747 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2748 smb_dname->base_name);
2750 return NT_STATUS_OK;
2753 /****************************************************************************
2754 Ensure we didn't get symlink raced on opening a directory.
2755 ****************************************************************************/
2757 bool check_same_stat(const SMB_STRUCT_STAT *sbuf1,
2758 const SMB_STRUCT_STAT *sbuf2)
2760 if (sbuf1->st_ex_uid != sbuf2->st_ex_uid ||
2761 sbuf1->st_ex_gid != sbuf2->st_ex_gid ||
2762 !check_same_dev_ino(sbuf1, sbuf2)) {
2768 /****************************************************************************
2769 Open a directory from an NT SMB call.
2770 ****************************************************************************/
2772 static NTSTATUS open_directory(connection_struct *conn,
2773 struct smb_request *req,
2774 struct smb_filename *smb_dname,
2776 uint32 share_access,
2777 uint32 create_disposition,
2778 uint32 create_options,
2779 uint32 file_attributes,
2781 files_struct **result)
2783 files_struct *fsp = NULL;
2784 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
2785 struct share_mode_lock *lck = NULL;
2787 struct timespec mtimespec;
2790 if (is_ntfs_stream_smb_fname(smb_dname)) {
2791 DEBUG(2, ("open_directory: %s is a stream name!\n",
2792 smb_fname_str_dbg(smb_dname)));
2793 return NT_STATUS_NOT_A_DIRECTORY;
2796 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2797 /* Ensure we have a directory attribute. */
2798 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
2801 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2802 "share_access = 0x%x create_options = 0x%x, "
2803 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2804 smb_fname_str_dbg(smb_dname),
2805 (unsigned int)access_mask,
2806 (unsigned int)share_access,
2807 (unsigned int)create_options,
2808 (unsigned int)create_disposition,
2809 (unsigned int)file_attributes));
2811 status = smbd_calculate_access_mask(conn, smb_dname,
2812 access_mask, &access_mask);
2813 if (!NT_STATUS_IS_OK(status)) {
2814 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
2815 "on file %s returned %s\n",
2816 smb_fname_str_dbg(smb_dname),
2817 nt_errstr(status)));
2821 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2822 !security_token_has_privilege(get_current_nttok(conn),
2823 SEC_PRIV_SECURITY)) {
2824 DEBUG(10, ("open_directory: open on %s "
2825 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2826 smb_fname_str_dbg(smb_dname)));
2827 return NT_STATUS_PRIVILEGE_NOT_HELD;
2830 switch( create_disposition ) {
2834 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2837 info = FILE_WAS_OPENED;
2842 /* If directory exists error. If directory doesn't
2846 status = NT_STATUS_OBJECT_NAME_COLLISION;
2847 DEBUG(2, ("open_directory: unable to create "
2848 "%s. Error was %s\n",
2849 smb_fname_str_dbg(smb_dname),
2850 nt_errstr(status)));
2854 status = mkdir_internal(conn, smb_dname,
2857 if (!NT_STATUS_IS_OK(status)) {
2858 DEBUG(2, ("open_directory: unable to create "
2859 "%s. Error was %s\n",
2860 smb_fname_str_dbg(smb_dname),
2861 nt_errstr(status)));
2865 info = FILE_WAS_CREATED;
2870 * If directory exists open. If directory doesn't
2875 status = NT_STATUS_OK;
2876 info = FILE_WAS_OPENED;
2878 status = mkdir_internal(conn, smb_dname,
2881 if (NT_STATUS_IS_OK(status)) {
2882 info = FILE_WAS_CREATED;
2884 /* Cope with create race. */
2885 if (!NT_STATUS_EQUAL(status,
2886 NT_STATUS_OBJECT_NAME_COLLISION)) {
2887 DEBUG(2, ("open_directory: unable to create "
2888 "%s. Error was %s\n",
2889 smb_fname_str_dbg(smb_dname),
2890 nt_errstr(status)));
2893 info = FILE_WAS_OPENED;
2899 case FILE_SUPERSEDE:
2900 case FILE_OVERWRITE:
2901 case FILE_OVERWRITE_IF:
2903 DEBUG(5,("open_directory: invalid create_disposition "
2904 "0x%x for directory %s\n",
2905 (unsigned int)create_disposition,
2906 smb_fname_str_dbg(smb_dname)));
2907 return NT_STATUS_INVALID_PARAMETER;
2910 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
2911 DEBUG(5,("open_directory: %s is not a directory !\n",
2912 smb_fname_str_dbg(smb_dname)));
2913 return NT_STATUS_NOT_A_DIRECTORY;
2916 if (info == FILE_WAS_OPENED) {
2917 status = smbd_check_access_rights(conn, smb_dname, access_mask);
2918 if (!NT_STATUS_IS_OK(status)) {
2919 DEBUG(10, ("open_directory: smbd_check_access_rights on "
2920 "file %s failed with %s\n",
2921 smb_fname_str_dbg(smb_dname),
2922 nt_errstr(status)));
2927 status = file_new(req, conn, &fsp);
2928 if(!NT_STATUS_IS_OK(status)) {
2933 * Setup the files_struct for it.
2936 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
2937 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2938 fsp->file_pid = req ? req->smbpid : 0;
2939 fsp->can_lock = False;
2940 fsp->can_read = False;
2941 fsp->can_write = False;
2943 fsp->share_access = share_access;
2944 fsp->fh->private_options = 0;
2946 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2948 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2949 fsp->print_file = NULL;
2950 fsp->modified = False;
2951 fsp->oplock_type = NO_OPLOCK;
2952 fsp->sent_oplock_break = NO_BREAK_SENT;
2953 fsp->is_directory = True;
2954 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2955 status = fsp_set_smb_fname(fsp, smb_dname);
2956 if (!NT_STATUS_IS_OK(status)) {
2957 file_free(req, fsp);
2961 mtimespec = smb_dname->st.st_ex_mtime;
2964 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
2966 /* POSIX allows us to open a directory with O_RDONLY. */
2967 status = fd_open(conn, fsp, O_RDONLY, 0);
2969 if (!NT_STATUS_IS_OK(status)) {
2970 DEBUG(5, ("open_directory: Could not open fd for "
2972 smb_fname_str_dbg(smb_dname),
2973 nt_errstr(status)));
2974 file_free(req, fsp);
2978 status = vfs_stat_fsp(fsp);
2979 if (!NT_STATUS_IS_OK(status)) {
2981 file_free(req, fsp);
2985 /* Ensure there was no race condition. */
2986 if (!check_same_stat(&smb_dname->st, &fsp->fsp_name->st)) {
2987 DEBUG(5,("open_directory: stat struct differs for "
2989 smb_fname_str_dbg(smb_dname)));
2991 file_free(req, fsp);
2992 return NT_STATUS_ACCESS_DENIED;
2995 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2996 conn->connectpath, smb_dname,
3000 DEBUG(0, ("open_directory: Could not get share mode lock for "
3001 "%s\n", smb_fname_str_dbg(smb_dname)));
3003 file_free(req, fsp);
3004 return NT_STATUS_SHARING_VIOLATION;
3007 status = open_mode_check(conn, lck, fsp->name_hash,
3008 access_mask, share_access,
3009 create_options, &dir_existed);
3011 if (!NT_STATUS_IS_OK(status)) {
3014 file_free(req, fsp);
3018 set_share_mode(lck, fsp, get_current_uid(conn),
3019 req ? req->mid : 0, NO_OPLOCK);
3021 /* For directories the delete on close bit at open time seems
3022 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
3023 if (create_options & FILE_DELETE_ON_CLOSE) {
3024 status = can_set_delete_on_close(fsp, 0);
3025 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
3028 file_free(req, fsp);
3032 if (NT_STATUS_IS_OK(status)) {
3033 /* Note that here we set the *inital* delete on close flag,
3034 not the regular one. The magic gets handled in close. */
3035 fsp->initial_delete_on_close = True;
3046 return NT_STATUS_OK;
3049 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
3050 struct smb_filename *smb_dname)
3055 status = SMB_VFS_CREATE_FILE(
3058 0, /* root_dir_fid */
3059 smb_dname, /* fname */
3060 FILE_READ_ATTRIBUTES, /* access_mask */
3061 FILE_SHARE_NONE, /* share_access */
3062 FILE_CREATE, /* create_disposition*/
3063 FILE_DIRECTORY_FILE, /* create_options */
3064 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
3065 0, /* oplock_request */
3066 0, /* allocation_size */
3067 0, /* private_flags */
3073 if (NT_STATUS_IS_OK(status)) {
3074 close_file(req, fsp, NORMAL_CLOSE);
3080 /****************************************************************************
3081 Receive notification that one of our open files has been renamed by another
3083 ****************************************************************************/
3085 void msg_file_was_renamed(struct messaging_context *msg,
3088 struct server_id server_id,
3092 char *frm = (char *)data->data;
3094 const char *sharepath;
3095 const char *base_name;
3096 const char *stream_name;
3097 struct smb_filename *smb_fname = NULL;
3098 size_t sp_len, bn_len;
3100 struct smbd_server_connection *sconn =
3101 talloc_get_type_abort(private_data,
3102 struct smbd_server_connection);
3104 if (data->data == NULL
3105 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
3106 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
3107 (int)data->length));
3111 /* Unpack the message. */
3112 pull_file_id_24(frm, &id);
3113 sharepath = &frm[24];
3114 sp_len = strlen(sharepath);
3115 base_name = sharepath + sp_len + 1;
3116 bn_len = strlen(base_name);
3117 stream_name = sharepath + sp_len + 1 + bn_len + 1;
3119 /* stream_name must always be NULL if there is no stream. */
3120 if (stream_name[0] == '\0') {
3124 status = create_synthetic_smb_fname(talloc_tos(), base_name,
3125 stream_name, NULL, &smb_fname);
3126 if (!NT_STATUS_IS_OK(status)) {
3130 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
3132 sharepath, smb_fname_str_dbg(smb_fname),
3133 file_id_string_tos(&id)));
3135 for(fsp = file_find_di_first(sconn, id); fsp;
3136 fsp = file_find_di_next(fsp)) {
3137 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
3139 DEBUG(10,("msg_file_was_renamed: renaming file %s from %s -> %s\n",
3140 fsp_fnum_dbg(fsp), fsp_str_dbg(fsp),
3141 smb_fname_str_dbg(smb_fname)));
3142 status = fsp_set_smb_fname(fsp, smb_fname);
3143 if (!NT_STATUS_IS_OK(status)) {
3148 /* Now we have the complete path we can work out if this is
3149 actually within this share and adjust newname accordingly. */
3150 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
3151 "not sharepath %s) "
3152 "%s from %s -> %s\n",
3153 fsp->conn->connectpath,
3157 smb_fname_str_dbg(smb_fname)));
3161 TALLOC_FREE(smb_fname);
3166 * If a main file is opened for delete, all streams need to be checked for
3167 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
3168 * If that works, delete them all by setting the delete on close and close.
3171 NTSTATUS open_streams_for_delete(connection_struct *conn,
3174 struct stream_struct *stream_info = NULL;
3175 files_struct **streams = NULL;
3177 unsigned int num_streams = 0;
3178 TALLOC_CTX *frame = talloc_stackframe();
3181 status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
3182 &num_streams, &stream_info);
3184 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
3185 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
3186 DEBUG(10, ("no streams around\n"));
3188 return NT_STATUS_OK;
3191 if (!NT_STATUS_IS_OK(status)) {
3192 DEBUG(10, ("vfs_streaminfo failed: %s\n",
3193 nt_errstr(status)));
3197 DEBUG(10, ("open_streams_for_delete found %d streams\n",
3200 if (num_streams == 0) {
3202 return NT_STATUS_OK;
3205 streams = talloc_array(talloc_tos(), files_struct *, num_streams);
3206 if (streams == NULL) {
3207 DEBUG(0, ("talloc failed\n"));
3208 status = NT_STATUS_NO_MEMORY;
3212 for (i=0; i<num_streams; i++) {
3213 struct smb_filename *smb_fname = NULL;
3215 if (strequal(stream_info[i].name, "::$DATA")) {
3220 status = create_synthetic_smb_fname(talloc_tos(), fname,
3221 stream_info[i].name,
3223 if (!NT_STATUS_IS_OK(status)) {
3227 if (SMB_VFS_STAT(conn, smb_fname) == -1) {
3228 DEBUG(10, ("Unable to stat stream: %s\n",
3229 smb_fname_str_dbg(smb_fname)));
3232 status = SMB_VFS_CREATE_FILE(
3235 0, /* root_dir_fid */
3236 smb_fname, /* fname */
3237 DELETE_ACCESS, /* access_mask */
3238 (FILE_SHARE_READ | /* share_access */
3239 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
3240 FILE_OPEN, /* create_disposition*/
3241 0, /* create_options */
3242 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
3243 0, /* oplock_request */
3244 0, /* allocation_size */
3245 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
3248 &streams[i], /* result */
3251 if (!NT_STATUS_IS_OK(status)) {
3252 DEBUG(10, ("Could not open stream %s: %s\n",
3253 smb_fname_str_dbg(smb_fname),
3254 nt_errstr(status)));
3256 TALLOC_FREE(smb_fname);
3259 TALLOC_FREE(smb_fname);
3263 * don't touch the variable "status" beyond this point :-)
3266 for (i -= 1 ; i >= 0; i--) {
3267 if (streams[i] == NULL) {
3271 DEBUG(10, ("Closing stream # %d, %s\n", i,
3272 fsp_str_dbg(streams[i])));
3273 close_file(NULL, streams[i], NORMAL_CLOSE);
3281 /*********************************************************************
3282 Create a default ACL by inheriting from the parent. If no inheritance
3283 from the parent available, don't set anything. This will leave the actual
3284 permissions the new file or directory already got from the filesystem
3285 as the NT ACL when read.
3286 *********************************************************************/
3288 static NTSTATUS inherit_new_acl(files_struct *fsp)
3290 TALLOC_CTX *ctx = talloc_tos();
3291 char *parent_name = NULL;
3292 struct security_descriptor *parent_desc = NULL;
3293 NTSTATUS status = NT_STATUS_OK;
3294 struct security_descriptor *psd = NULL;
3295 struct dom_sid *owner_sid = NULL;
3296 struct dom_sid *group_sid = NULL;
3297 uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
3298 bool inherit_owner = lp_inherit_owner(SNUM(fsp->conn));
3299 bool inheritable_components = false;
3302 if (!parent_dirname(ctx, fsp->fsp_name->base_name, &parent_name, NULL)) {
3303 return NT_STATUS_NO_MEMORY;
3306 status = SMB_VFS_GET_NT_ACL(fsp->conn,
3308 (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
3310 if (!NT_STATUS_IS_OK(status)) {
3314 inheritable_components = sd_has_inheritable_components(parent_desc,
3317 if (!inheritable_components && !inherit_owner) {
3318 /* Nothing to inherit and not setting owner. */
3319 return NT_STATUS_OK;
3322 /* Create an inherited descriptor from the parent. */
3324 if (DEBUGLEVEL >= 10) {
3325 DEBUG(10,("inherit_new_acl: parent acl for %s is:\n",
3326 fsp_str_dbg(fsp) ));
3327 NDR_PRINT_DEBUG(security_descriptor, parent_desc);
3330 /* Inherit from parent descriptor if "inherit owner" set. */
3331 if (inherit_owner) {
3332 owner_sid = parent_desc->owner_sid;
3333 group_sid = parent_desc->group_sid;
3336 if (owner_sid == NULL) {
3337 owner_sid = &fsp->conn->session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
3339 if (group_sid == NULL) {
3340 group_sid = &fsp->conn->session_info->security_token->sids[PRIMARY_GROUP_SID_INDEX];
3343 status = se_create_child_secdesc(ctx,
3350 if (!NT_STATUS_IS_OK(status)) {
3354 /* If inheritable_components == false,
3355 se_create_child_secdesc()
3356 creates a security desriptor with a NULL dacl
3357 entry, but with SEC_DESC_DACL_PRESENT. We need
3358 to remove that flag. */
3360 if (!inheritable_components) {
3361 security_info_sent &= ~SECINFO_DACL;
3362 psd->type &= ~SEC_DESC_DACL_PRESENT;
3365 if (DEBUGLEVEL >= 10) {
3366 DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
3367 fsp_str_dbg(fsp) ));
3368 NDR_PRINT_DEBUG(security_descriptor, psd);
3371 if (inherit_owner) {
3372 /* We need to be root to force this. */
3375 status = SMB_VFS_FSET_NT_ACL(fsp,
3378 if (inherit_owner) {
3385 * Wrapper around open_file_ntcreate and open_directory
3388 static NTSTATUS create_file_unixpath(connection_struct *conn,
3389 struct smb_request *req,
3390 struct smb_filename *smb_fname,
3391 uint32_t access_mask,
3392 uint32_t share_access,
3393 uint32_t create_disposition,
3394 uint32_t create_options,
3395 uint32_t file_attributes,
3396 uint32_t oplock_request,
3397 uint64_t allocation_size,
3398 uint32_t private_flags,
3399 struct security_descriptor *sd,
3400 struct ea_list *ea_list,
3402 files_struct **result,
3405 int info = FILE_WAS_OPENED;
3406 files_struct *base_fsp = NULL;
3407 files_struct *fsp = NULL;
3410 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
3411 "file_attributes = 0x%x, share_access = 0x%x, "
3412 "create_disposition = 0x%x create_options = 0x%x "
3413 "oplock_request = 0x%x private_flags = 0x%x "
3414 "ea_list = 0x%p, sd = 0x%p, "
3416 (unsigned int)access_mask,
3417 (unsigned int)file_attributes,
3418 (unsigned int)share_access,
3419 (unsigned int)create_disposition,
3420 (unsigned int)create_options,
3421 (unsigned int)oplock_request,
3422 (unsigned int)private_flags,
3423 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3425 if (create_options & FILE_OPEN_BY_FILE_ID) {
3426 status = NT_STATUS_NOT_SUPPORTED;
3430 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
3431 status = NT_STATUS_INVALID_PARAMETER;
3436 oplock_request |= INTERNAL_OPEN_ONLY;
3439 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3440 && (access_mask & DELETE_ACCESS)
3441 && !is_ntfs_stream_smb_fname(smb_fname)) {
3443 * We can't open a file with DELETE access if any of the
3444 * streams is open without FILE_SHARE_DELETE
3446 status = open_streams_for_delete(conn, smb_fname->base_name);
3448 if (!NT_STATUS_IS_OK(status)) {
3453 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
3454 !security_token_has_privilege(get_current_nttok(conn),
3455 SEC_PRIV_SECURITY)) {
3456 DEBUG(10, ("create_file_unixpath: open on %s "
3457 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3458 smb_fname_str_dbg(smb_fname)));
3459 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3463 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3464 && is_ntfs_stream_smb_fname(smb_fname)
3465 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
3466 uint32 base_create_disposition;
3467 struct smb_filename *smb_fname_base = NULL;
3469 if (create_options & FILE_DIRECTORY_FILE) {
3470 status = NT_STATUS_NOT_A_DIRECTORY;
3474 switch (create_disposition) {
3476 base_create_disposition = FILE_OPEN;
3479 base_create_disposition = FILE_OPEN_IF;
3483 /* Create an smb_filename with stream_name == NULL. */
3484 status = create_synthetic_smb_fname(talloc_tos(),
3485 smb_fname->base_name,
3488 if (!NT_STATUS_IS_OK(status)) {
3492 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
3493 DEBUG(10, ("Unable to stat stream: %s\n",
3494 smb_fname_str_dbg(smb_fname_base)));
3497 /* Open the base file. */
3498 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
3501 | FILE_SHARE_DELETE,
3502 base_create_disposition,
3503 0, 0, 0, 0, 0, NULL, NULL,
3505 TALLOC_FREE(smb_fname_base);
3507 if (!NT_STATUS_IS_OK(status)) {
3508 DEBUG(10, ("create_file_unixpath for base %s failed: "
3509 "%s\n", smb_fname->base_name,
3510 nt_errstr(status)));
3513 /* we don't need to low level fd */
3518 * If it's a request for a directory open, deal with it separately.
3521 if (create_options & FILE_DIRECTORY_FILE) {
3523 if (create_options & FILE_NON_DIRECTORY_FILE) {
3524 status = NT_STATUS_INVALID_PARAMETER;
3528 /* Can't open a temp directory. IFS kit test. */
3529 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
3530 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
3531 status = NT_STATUS_INVALID_PARAMETER;
3536 * We will get a create directory here if the Win32
3537 * app specified a security descriptor in the
3538 * CreateDirectory() call.
3542 status = open_directory(
3543 conn, req, smb_fname, access_mask, share_access,
3544 create_disposition, create_options, file_attributes,
3549 * Ordinary file case.
3552 status = file_new(req, conn, &fsp);
3553 if(!NT_STATUS_IS_OK(status)) {
3557 status = fsp_set_smb_fname(fsp, smb_fname);
3558 if (!NT_STATUS_IS_OK(status)) {
3563 * We're opening the stream element of a base_fsp
3564 * we already opened. Set up the base_fsp pointer.
3567 fsp->base_fsp = base_fsp;
3570 status = open_file_ntcreate(conn,
3582 if(!NT_STATUS_IS_OK(status)) {
3583 file_free(req, fsp);
3587 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3589 /* A stream open never opens a directory */
3592 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3597 * Fail the open if it was explicitly a non-directory
3601 if (create_options & FILE_NON_DIRECTORY_FILE) {
3602 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3607 status = open_directory(
3608 conn, req, smb_fname, access_mask,
3609 share_access, create_disposition,
3610 create_options, file_attributes,
3615 if (!NT_STATUS_IS_OK(status)) {
3619 fsp->base_fsp = base_fsp;
3621 if ((ea_list != NULL) &&
3622 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
3623 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
3624 if (!NT_STATUS_IS_OK(status)) {
3629 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
3630 status = NT_STATUS_ACCESS_DENIED;
3634 /* Save the requested allocation size. */
3635 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3637 && (allocation_size > fsp->fsp_name->st.st_ex_size)) {
3638 fsp->initial_allocation_size = smb_roundup(
3639 fsp->conn, allocation_size);
3640 if (fsp->is_directory) {
3641 /* Can't set allocation size on a directory. */
3642 status = NT_STATUS_ACCESS_DENIED;
3645 if (vfs_allocate_file_space(
3646 fsp, fsp->initial_allocation_size) == -1) {
3647 status = NT_STATUS_DISK_FULL;
3651 fsp->initial_allocation_size = smb_roundup(
3652 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
3656 if ((info == FILE_WAS_CREATED) && lp_nt_acl_support(SNUM(conn)) &&
3657 fsp->base_fsp == NULL) {
3660 * According to the MS documentation, the only time the security
3661 * descriptor is applied to the opened file is iff we *created* the
3662 * file; an existing file stays the same.
3664 * Also, it seems (from observation) that you can open the file with
3665 * any access mask but you can still write the sd. We need to override
3666 * the granted access before we call set_sd
3667 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3670 uint32_t sec_info_sent;
3671 uint32_t saved_access_mask = fsp->access_mask;
3673 sec_info_sent = get_sec_info(sd);
3675 fsp->access_mask = FILE_GENERIC_ALL;
3677 /* Convert all the generic bits. */
3678 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3679 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3681 if (sec_info_sent & (SECINFO_OWNER|
3685 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3688 fsp->access_mask = saved_access_mask;
3690 if (!NT_STATUS_IS_OK(status)) {
3693 } else if (lp_inherit_acls(SNUM(conn))) {
3694 /* Inherit from parent. Errors here are not fatal. */
3695 status = inherit_new_acl(fsp);
3696 if (!NT_STATUS_IS_OK(status)) {
3697 DEBUG(10,("inherit_new_acl: failed for %s with %s\n",
3699 nt_errstr(status) ));
3704 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3707 if (pinfo != NULL) {
3711 smb_fname->st = fsp->fsp_name->st;
3713 return NT_STATUS_OK;
3716 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3719 if (base_fsp && fsp->base_fsp == base_fsp) {
3721 * The close_file below will close
3726 close_file(req, fsp, ERROR_CLOSE);
3729 if (base_fsp != NULL) {
3730 close_file(req, base_fsp, ERROR_CLOSE);
3737 * Calculate the full path name given a relative fid.
3739 NTSTATUS get_relative_fid_filename(connection_struct *conn,
3740 struct smb_request *req,
3741 uint16_t root_dir_fid,
3742 const struct smb_filename *smb_fname,
3743 struct smb_filename **smb_fname_out)
3745 files_struct *dir_fsp;
3746 char *parent_fname = NULL;
3747 char *new_base_name = NULL;
3750 if (root_dir_fid == 0 || !smb_fname) {
3751 status = NT_STATUS_INTERNAL_ERROR;
3755 dir_fsp = file_fsp(req, root_dir_fid);
3757 if (dir_fsp == NULL) {
3758 status = NT_STATUS_INVALID_HANDLE;
3762 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
3763 status = NT_STATUS_INVALID_HANDLE;
3767 if (!dir_fsp->is_directory) {
3770 * Check to see if this is a mac fork of some kind.
3773 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3774 is_ntfs_stream_smb_fname(smb_fname)) {
3775 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3780 we need to handle the case when we get a
3781 relative open relative to a file and the
3782 pathname is blank - this is a reopen!
3783 (hint from demyn plantenberg)
3786 status = NT_STATUS_INVALID_HANDLE;
3790 if (ISDOT(dir_fsp->fsp_name->base_name)) {
3792 * We're at the toplevel dir, the final file name
3793 * must not contain ./, as this is filtered out
3794 * normally by srvstr_get_path and unix_convert
3795 * explicitly rejects paths containing ./.
3797 parent_fname = talloc_strdup(talloc_tos(), "");
3798 if (parent_fname == NULL) {
3799 status = NT_STATUS_NO_MEMORY;
3803 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
3806 * Copy in the base directory name.
3809 parent_fname = talloc_array(talloc_tos(), char,
3811 if (parent_fname == NULL) {
3812 status = NT_STATUS_NO_MEMORY;
3815 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
3819 * Ensure it ends in a '/'.
3820 * We used TALLOC_SIZE +2 to add space for the '/'.
3824 && (parent_fname[dir_name_len-1] != '\\')
3825 && (parent_fname[dir_name_len-1] != '/')) {
3826 parent_fname[dir_name_len] = '/';
3827 parent_fname[dir_name_len+1] = '\0';
3831 new_base_name = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3832 smb_fname->base_name);
3833 if (new_base_name == NULL) {
3834 status = NT_STATUS_NO_MEMORY;
3838 status = filename_convert(req,
3840 req->flags2 & FLAGS2_DFS_PATHNAMES,
3845 if (!NT_STATUS_IS_OK(status)) {
3850 TALLOC_FREE(parent_fname);
3851 TALLOC_FREE(new_base_name);
3855 NTSTATUS create_file_default(connection_struct *conn,
3856 struct smb_request *req,
3857 uint16_t root_dir_fid,
3858 struct smb_filename *smb_fname,
3859 uint32_t access_mask,
3860 uint32_t share_access,
3861 uint32_t create_disposition,
3862 uint32_t create_options,
3863 uint32_t file_attributes,
3864 uint32_t oplock_request,
3865 uint64_t allocation_size,
3866 uint32_t private_flags,
3867 struct security_descriptor *sd,
3868 struct ea_list *ea_list,
3869 files_struct **result,
3872 int info = FILE_WAS_OPENED;
3873 files_struct *fsp = NULL;
3875 bool stream_name = false;
3877 DEBUG(10,("create_file: access_mask = 0x%x "
3878 "file_attributes = 0x%x, share_access = 0x%x, "
3879 "create_disposition = 0x%x create_options = 0x%x "
3880 "oplock_request = 0x%x "
3881 "private_flags = 0x%x "
3882 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3884 (unsigned int)access_mask,
3885 (unsigned int)file_attributes,
3886 (unsigned int)share_access,
3887 (unsigned int)create_disposition,
3888 (unsigned int)create_options,
3889 (unsigned int)oplock_request,
3890 (unsigned int)private_flags,
3891 (unsigned int)root_dir_fid,
3892 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3895 * Calculate the filename from the root_dir_if if necessary.
3898 if (root_dir_fid != 0) {
3899 struct smb_filename *smb_fname_out = NULL;
3900 status = get_relative_fid_filename(conn, req, root_dir_fid,
3901 smb_fname, &smb_fname_out);
3902 if (!NT_STATUS_IS_OK(status)) {
3905 smb_fname = smb_fname_out;
3909 * Check to see if this is a mac fork of some kind.
3912 stream_name = is_ntfs_stream_smb_fname(smb_fname);
3914 enum FAKE_FILE_TYPE fake_file_type;
3916 fake_file_type = is_fake_file(smb_fname);
3918 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3921 * Here we go! support for changing the disk quotas
3924 * We need to fake up to open this MAGIC QUOTA file
3925 * and return a valid FID.
3927 * w2k close this file directly after openening xp
3928 * also tries a QUERY_FILE_INFO on the file and then
3931 status = open_fake_file(req, conn, req->vuid,
3932 fake_file_type, smb_fname,
3934 if (!NT_STATUS_IS_OK(status)) {
3938 ZERO_STRUCT(smb_fname->st);
3942 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3943 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3948 if (is_ntfs_default_stream_smb_fname(smb_fname)) {
3950 smb_fname->stream_name = NULL;
3951 /* We have to handle this error here. */
3952 if (create_options & FILE_DIRECTORY_FILE) {
3953 status = NT_STATUS_NOT_A_DIRECTORY;
3956 if (lp_posix_pathnames()) {
3957 ret = SMB_VFS_LSTAT(conn, smb_fname);
3959 ret = SMB_VFS_STAT(conn, smb_fname);
3962 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) {
3963 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3968 status = create_file_unixpath(
3969 conn, req, smb_fname, access_mask, share_access,
3970 create_disposition, create_options, file_attributes,
3971 oplock_request, allocation_size, private_flags,
3975 if (!NT_STATUS_IS_OK(status)) {
3980 DEBUG(10, ("create_file: info=%d\n", info));
3983 if (pinfo != NULL) {
3986 return NT_STATUS_OK;
3989 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3992 close_file(req, fsp, ERROR_CLOSE);