2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/filesys.h"
24 #include "lib/util/server_id.h"
26 #include "smbd/smbd.h"
27 #include "smbd/globals.h"
28 #include "fake_file.h"
29 #include "../libcli/security/security.h"
30 #include "../librpc/gen_ndr/ndr_security.h"
31 #include "../librpc/gen_ndr/open_files.h"
32 #include "../librpc/gen_ndr/idmap.h"
33 #include "../librpc/gen_ndr/ioctl.h"
34 #include "passdb/lookup_sid.h"
38 #include "source3/lib/dbwrap/dbwrap_watch.h"
39 #include "locking/leases_db.h"
40 #include "librpc/gen_ndr/ndr_leases_db.h"
42 extern const struct generic_mapping file_generic_mapping;
44 struct deferred_open_record {
45 bool delayed_for_oplocks;
50 /****************************************************************************
51 If the requester wanted DELETE_ACCESS and was rejected because
52 the file ACL didn't include DELETE_ACCESS, see if the parent ACL
54 ****************************************************************************/
56 static bool parent_override_delete(connection_struct *conn,
57 const struct smb_filename *smb_fname,
59 uint32_t rejected_mask)
61 if ((access_mask & DELETE_ACCESS) &&
62 (rejected_mask & DELETE_ACCESS) &&
63 can_delete_file_in_directory(conn, smb_fname)) {
69 /****************************************************************************
70 Check if we have open rights.
71 ****************************************************************************/
73 NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
74 const struct smb_filename *smb_fname,
78 /* Check if we have rights to open. */
80 struct security_descriptor *sd = NULL;
81 uint32_t rejected_share_access;
82 uint32_t rejected_mask = access_mask;
83 uint32_t do_not_check_mask = 0;
85 rejected_share_access = access_mask & ~(conn->share_access);
87 if (rejected_share_access) {
88 DEBUG(10, ("smbd_check_access_rights: rejected share access 0x%x "
90 (unsigned int)access_mask,
91 smb_fname_str_dbg(smb_fname),
92 (unsigned int)rejected_share_access ));
93 return NT_STATUS_ACCESS_DENIED;
96 if (!use_privs && get_current_uid(conn) == (uid_t)0) {
97 /* I'm sorry sir, I didn't know you were root... */
98 DEBUG(10,("smbd_check_access_rights: root override "
99 "on %s. Granting 0x%x\n",
100 smb_fname_str_dbg(smb_fname),
101 (unsigned int)access_mask ));
105 if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
106 DEBUG(10,("smbd_check_access_rights: not checking ACL "
107 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
108 smb_fname_str_dbg(smb_fname),
109 (unsigned int)access_mask ));
113 if (access_mask == DELETE_ACCESS &&
114 VALID_STAT(smb_fname->st) &&
115 S_ISLNK(smb_fname->st.st_ex_mode)) {
116 /* We can always delete a symlink. */
117 DEBUG(10,("smbd_check_access_rights: not checking ACL "
118 "on DELETE_ACCESS on symlink %s.\n",
119 smb_fname_str_dbg(smb_fname) ));
123 status = SMB_VFS_GET_NT_ACL(conn, smb_fname,
126 SECINFO_DACL), talloc_tos(), &sd);
128 if (!NT_STATUS_IS_OK(status)) {
129 DEBUG(10, ("smbd_check_access_rights: Could not get acl "
131 smb_fname_str_dbg(smb_fname),
134 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
142 * If we can access the path to this file, by
143 * default we have FILE_READ_ATTRIBUTES from the
144 * containing directory. See the section:
145 * "Algorithm to Check Access to an Existing File"
148 * se_file_access_check() also takes care of
149 * owner WRITE_DAC and READ_CONTROL.
151 do_not_check_mask = FILE_READ_ATTRIBUTES;
154 * Samba 3.6 and earlier granted execute access even
155 * if the ACL did not contain execute rights.
156 * Samba 4.0 is more correct and checks it.
157 * The compatibilty mode allows one to skip this check
158 * to smoothen upgrades.
160 if (lp_acl_allow_execute_always(SNUM(conn))) {
161 do_not_check_mask |= FILE_EXECUTE;
164 status = se_file_access_check(sd,
165 get_current_nttok(conn),
167 (access_mask & ~do_not_check_mask),
170 DEBUG(10,("smbd_check_access_rights: file %s requesting "
171 "0x%x returning 0x%x (%s)\n",
172 smb_fname_str_dbg(smb_fname),
173 (unsigned int)access_mask,
174 (unsigned int)rejected_mask,
175 nt_errstr(status) ));
177 if (!NT_STATUS_IS_OK(status)) {
178 if (DEBUGLEVEL >= 10) {
179 DEBUG(10,("smbd_check_access_rights: acl for %s is:\n",
180 smb_fname_str_dbg(smb_fname) ));
181 NDR_PRINT_DEBUG(security_descriptor, sd);
187 if (NT_STATUS_IS_OK(status) ||
188 !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
192 /* Here we know status == NT_STATUS_ACCESS_DENIED. */
196 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
197 (rejected_mask & FILE_WRITE_ATTRIBUTES) &&
198 !lp_store_dos_attributes(SNUM(conn)) &&
199 (lp_map_readonly(SNUM(conn)) ||
200 lp_map_archive(SNUM(conn)) ||
201 lp_map_hidden(SNUM(conn)) ||
202 lp_map_system(SNUM(conn)))) {
203 rejected_mask &= ~FILE_WRITE_ATTRIBUTES;
205 DEBUG(10,("smbd_check_access_rights: "
207 "FILE_WRITE_ATTRIBUTES "
209 smb_fname_str_dbg(smb_fname)));
212 if (parent_override_delete(conn,
216 /* Were we trying to do an open
217 * for delete and didn't get DELETE
218 * access (only) ? Check if the
219 * directory allows DELETE_CHILD.
221 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
224 rejected_mask &= ~DELETE_ACCESS;
226 DEBUG(10,("smbd_check_access_rights: "
230 smb_fname_str_dbg(smb_fname)));
233 if (rejected_mask != 0) {
234 return NT_STATUS_ACCESS_DENIED;
239 NTSTATUS check_parent_access(struct connection_struct *conn,
240 struct smb_filename *smb_fname,
241 uint32_t access_mask)
244 char *parent_dir = NULL;
245 struct security_descriptor *parent_sd = NULL;
246 uint32_t access_granted = 0;
247 struct smb_filename *parent_smb_fname = NULL;
249 if (!parent_dirname(talloc_tos(),
250 smb_fname->base_name,
253 return NT_STATUS_NO_MEMORY;
256 parent_smb_fname = synthetic_smb_fname(talloc_tos(),
261 if (parent_smb_fname == NULL) {
262 return NT_STATUS_NO_MEMORY;
265 if (get_current_uid(conn) == (uid_t)0) {
266 /* I'm sorry sir, I didn't know you were root... */
267 DEBUG(10,("check_parent_access: root override "
268 "on %s. Granting 0x%x\n",
269 smb_fname_str_dbg(smb_fname),
270 (unsigned int)access_mask ));
274 status = SMB_VFS_GET_NT_ACL(conn,
280 if (!NT_STATUS_IS_OK(status)) {
281 DEBUG(5,("check_parent_access: SMB_VFS_GET_NT_ACL failed for "
282 "%s with error %s\n",
289 * If we can access the path to this file, by
290 * default we have FILE_READ_ATTRIBUTES from the
291 * containing directory. See the section:
292 * "Algorithm to Check Access to an Existing File"
295 * se_file_access_check() also takes care of
296 * owner WRITE_DAC and READ_CONTROL.
298 status = se_file_access_check(parent_sd,
299 get_current_nttok(conn),
301 (access_mask & ~FILE_READ_ATTRIBUTES),
303 if(!NT_STATUS_IS_OK(status)) {
304 DEBUG(5,("check_parent_access: access check "
305 "on directory %s for "
306 "path %s for mask 0x%x returned (0x%x) %s\n",
308 smb_fname->base_name,
311 nt_errstr(status) ));
318 /****************************************************************************
319 Ensure when opening a base file for a stream open that we have permissions
320 to do so given the access mask on the base file.
321 ****************************************************************************/
323 static NTSTATUS check_base_file_access(struct connection_struct *conn,
324 struct smb_filename *smb_fname,
325 uint32_t access_mask)
329 status = smbd_calculate_access_mask(conn, smb_fname,
333 if (!NT_STATUS_IS_OK(status)) {
334 DEBUG(10, ("smbd_calculate_access_mask "
335 "on file %s returned %s\n",
336 smb_fname_str_dbg(smb_fname),
341 if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) {
343 if (!CAN_WRITE(conn)) {
344 return NT_STATUS_ACCESS_DENIED;
346 dosattrs = dos_mode(conn, smb_fname);
347 if (IS_DOS_READONLY(dosattrs)) {
348 return NT_STATUS_ACCESS_DENIED;
352 return smbd_check_access_rights(conn,
358 /****************************************************************************
359 fd support routines - attempt to do a dos_open.
360 ****************************************************************************/
362 NTSTATUS fd_open(struct connection_struct *conn,
367 struct smb_filename *smb_fname = fsp->fsp_name;
368 NTSTATUS status = NT_STATUS_OK;
372 * Never follow symlinks on a POSIX client. The
373 * client should be doing this.
376 if ((fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) || !lp_follow_symlinks(SNUM(conn))) {
381 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
382 if (fsp->fh->fd == -1) {
383 int posix_errno = errno;
385 #if defined(ENOTSUP) && defined(OSF1)
386 /* handle special Tru64 errno */
387 if (errno == ENOTSUP) {
392 /* fix broken NetBSD errno */
393 if (errno == EFTYPE) {
397 /* fix broken FreeBSD errno */
398 if (errno == EMLINK) {
401 #endif /* O_NOFOLLOW */
402 status = map_nt_error_from_unix(posix_errno);
403 if (errno == EMFILE) {
404 static time_t last_warned = 0L;
406 if (time((time_t *) NULL) > last_warned) {
407 DEBUG(0,("Too many open files, unable "
408 "to open more! smbd's max "
410 lp_max_open_files()));
411 last_warned = time((time_t *) NULL);
417 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
418 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
419 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
424 /****************************************************************************
425 Close the file associated with a fsp.
426 ****************************************************************************/
428 NTSTATUS fd_close(files_struct *fsp)
435 if (fsp->fh->fd == -1) {
436 return NT_STATUS_OK; /* What we used to call a stat open. */
438 if (fsp->fh->ref_count > 1) {
439 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
442 ret = SMB_VFS_CLOSE(fsp);
445 return map_nt_error_from_unix(errno);
450 /****************************************************************************
451 Change the ownership of a file to that of the parent directory.
452 Do this by fd if possible.
453 ****************************************************************************/
455 void change_file_owner_to_parent(connection_struct *conn,
456 const char *inherit_from_dir,
459 struct smb_filename *smb_fname_parent;
462 smb_fname_parent = synthetic_smb_fname(talloc_tos(),
467 if (smb_fname_parent == NULL) {
471 ret = SMB_VFS_STAT(conn, smb_fname_parent);
473 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
474 "directory %s. Error was %s\n",
475 smb_fname_str_dbg(smb_fname_parent),
477 TALLOC_FREE(smb_fname_parent);
481 if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
482 /* Already this uid - no need to change. */
483 DEBUG(10,("change_file_owner_to_parent: file %s "
484 "is already owned by uid %d\n",
486 (int)fsp->fsp_name->st.st_ex_uid ));
487 TALLOC_FREE(smb_fname_parent);
492 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
495 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
496 "file %s to parent directory uid %u. Error "
497 "was %s\n", fsp_str_dbg(fsp),
498 (unsigned int)smb_fname_parent->st.st_ex_uid,
501 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
502 "parent directory uid %u.\n", fsp_str_dbg(fsp),
503 (unsigned int)smb_fname_parent->st.st_ex_uid));
504 /* Ensure the uid entry is updated. */
505 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
508 TALLOC_FREE(smb_fname_parent);
511 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
512 const char *inherit_from_dir,
514 SMB_STRUCT_STAT *psbuf)
516 struct smb_filename *smb_fname_parent;
517 struct smb_filename *smb_fname_cwd = NULL;
518 char *saved_dir = NULL;
519 TALLOC_CTX *ctx = talloc_tos();
520 NTSTATUS status = NT_STATUS_OK;
523 smb_fname_parent = synthetic_smb_fname(ctx,
528 if (smb_fname_parent == NULL) {
529 return NT_STATUS_NO_MEMORY;
532 ret = SMB_VFS_STAT(conn, smb_fname_parent);
534 status = map_nt_error_from_unix(errno);
535 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
536 "directory %s. Error was %s\n",
537 smb_fname_str_dbg(smb_fname_parent),
542 /* We've already done an lstat into psbuf, and we know it's a
543 directory. If we can cd into the directory and the dev/ino
544 are the same then we can safely chown without races as
545 we're locking the directory in place by being in it. This
546 should work on any UNIX (thanks tridge :-). JRA.
549 saved_dir = vfs_GetWd(ctx,conn);
551 status = map_nt_error_from_unix(errno);
552 DEBUG(0,("change_dir_owner_to_parent: failed to get "
553 "current working directory. Error was %s\n",
558 /* Chdir into the new path. */
559 if (vfs_ChDir(conn, fname) == -1) {
560 status = map_nt_error_from_unix(errno);
561 DEBUG(0,("change_dir_owner_to_parent: failed to change "
562 "current working directory to %s. Error "
563 "was %s\n", fname, strerror(errno) ));
567 smb_fname_cwd = synthetic_smb_fname(ctx, ".", NULL, NULL, 0);
568 if (smb_fname_cwd == NULL) {
569 status = NT_STATUS_NO_MEMORY;
573 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
575 status = map_nt_error_from_unix(errno);
576 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
577 "directory '.' (%s) Error was %s\n",
578 fname, strerror(errno)));
582 /* Ensure we're pointing at the same place. */
583 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
584 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
585 DEBUG(0,("change_dir_owner_to_parent: "
586 "device/inode on directory %s changed. "
587 "Refusing to chown !\n", fname ));
588 status = NT_STATUS_ACCESS_DENIED;
592 if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
593 /* Already this uid - no need to change. */
594 DEBUG(10,("change_dir_owner_to_parent: directory %s "
595 "is already owned by uid %d\n",
597 (int)smb_fname_cwd->st.st_ex_uid ));
598 status = NT_STATUS_OK;
603 ret = SMB_VFS_LCHOWN(conn,
605 smb_fname_parent->st.st_ex_uid,
609 status = map_nt_error_from_unix(errno);
610 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
611 "directory %s to parent directory uid %u. "
612 "Error was %s\n", fname,
613 (unsigned int)smb_fname_parent->st.st_ex_uid,
616 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
617 "directory %s to parent directory uid %u.\n",
618 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
619 /* Ensure the uid entry is updated. */
620 psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid;
624 vfs_ChDir(conn,saved_dir);
626 TALLOC_FREE(smb_fname_parent);
627 TALLOC_FREE(smb_fname_cwd);
631 /****************************************************************************
632 Open a file - returning a guaranteed ATOMIC indication of if the
633 file was created or not.
634 ****************************************************************************/
636 static NTSTATUS fd_open_atomic(struct connection_struct *conn,
642 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
643 bool file_existed = VALID_STAT(fsp->fsp_name->st);
645 *file_created = false;
647 if (!(flags & O_CREAT)) {
649 * We're not creating the file, just pass through.
651 return fd_open(conn, fsp, flags, mode);
654 if (flags & O_EXCL) {
656 * Fail if already exists, just pass through.
658 status = fd_open(conn, fsp, flags, mode);
661 * Here we've opened with O_CREAT|O_EXCL. If that went
662 * NT_STATUS_OK, we *know* we created this file.
664 *file_created = NT_STATUS_IS_OK(status);
670 * Now it gets tricky. We have O_CREAT, but not O_EXCL.
671 * To know absolutely if we created the file or not,
672 * we can never call O_CREAT without O_EXCL. So if
673 * we think the file existed, try without O_CREAT|O_EXCL.
674 * If we think the file didn't exist, try with
675 * O_CREAT|O_EXCL. Keep bouncing between these two
676 * requests until either the file is created, or
677 * opened. Either way, we keep going until we get
678 * a returnable result (error, or open/create).
682 int curr_flags = flags;
685 /* Just try open, do not create. */
686 curr_flags &= ~(O_CREAT);
687 status = fd_open(conn, fsp, curr_flags, mode);
688 if (NT_STATUS_EQUAL(status,
689 NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
691 * Someone deleted it in the meantime.
694 file_existed = false;
695 DEBUG(10,("fd_open_atomic: file %s existed. "
697 smb_fname_str_dbg(fsp->fsp_name)));
701 /* Try create exclusively, fail if it exists. */
702 curr_flags |= O_EXCL;
703 status = fd_open(conn, fsp, curr_flags, mode);
704 if (NT_STATUS_EQUAL(status,
705 NT_STATUS_OBJECT_NAME_COLLISION)) {
707 * Someone created it in the meantime.
708 * Retry without O_CREAT.
711 DEBUG(10,("fd_open_atomic: file %s "
712 "did not exist. Retry.\n",
713 smb_fname_str_dbg(fsp->fsp_name)));
716 if (NT_STATUS_IS_OK(status)) {
718 * Here we've opened with O_CREAT|O_EXCL
719 * and got success. We *know* we created
722 *file_created = true;
725 /* Create is done, or failed. */
731 /****************************************************************************
733 ****************************************************************************/
735 static NTSTATUS open_file(files_struct *fsp,
736 connection_struct *conn,
737 struct smb_request *req,
738 const char *parent_dir,
741 uint32_t access_mask, /* client requested access mask. */
742 uint32_t open_access_mask, /* what we're actually using in the open. */
743 bool *p_file_created)
745 struct smb_filename *smb_fname = fsp->fsp_name;
746 NTSTATUS status = NT_STATUS_OK;
747 int accmode = (flags & O_ACCMODE);
748 int local_flags = flags;
749 bool file_existed = VALID_STAT(fsp->fsp_name->st);
754 /* Check permissions */
757 * This code was changed after seeing a client open request
758 * containing the open mode of (DENY_WRITE/read-only) with
759 * the 'create if not exist' bit set. The previous code
760 * would fail to open the file read only on a read-only share
761 * as it was checking the flags parameter directly against O_RDONLY,
762 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
766 if (!CAN_WRITE(conn)) {
767 /* It's a read-only share - fail if we wanted to write. */
768 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
769 DEBUG(3,("Permission denied opening %s\n",
770 smb_fname_str_dbg(smb_fname)));
771 return NT_STATUS_ACCESS_DENIED;
773 if (flags & O_CREAT) {
774 /* We don't want to write - but we must make sure that
775 O_CREAT doesn't create the file if we have write
776 access into the directory.
778 flags &= ~(O_CREAT|O_EXCL);
779 local_flags &= ~(O_CREAT|O_EXCL);
784 * This little piece of insanity is inspired by the
785 * fact that an NT client can open a file for O_RDONLY,
786 * but set the create disposition to FILE_EXISTS_TRUNCATE.
787 * If the client *can* write to the file, then it expects to
788 * truncate the file, even though it is opening for readonly.
789 * Quicken uses this stupid trick in backup file creation...
790 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
791 * for helping track this one down. It didn't bite us in 2.0.x
792 * as we always opened files read-write in that release. JRA.
795 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
796 DEBUG(10,("open_file: truncate requested on read-only open "
797 "for file %s\n", smb_fname_str_dbg(smb_fname)));
798 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
801 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
802 (!file_existed && (local_flags & O_CREAT)) ||
803 ((local_flags & O_TRUNC) == O_TRUNC) ) {
807 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
809 * We would block on opening a FIFO with no one else on the
810 * other end. Do what we used to do and add O_NONBLOCK to the
814 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
815 local_flags &= ~O_TRUNC; /* Can't truncate a FIFO. */
816 local_flags |= O_NONBLOCK;
820 /* Don't create files with Microsoft wildcard characters. */
823 * wildcard characters are allowed in stream names
824 * only test the basefilename
826 wild = fsp->base_fsp->fsp_name->base_name;
828 wild = smb_fname->base_name;
830 if ((local_flags & O_CREAT) && !file_existed &&
831 !(fsp->posix_flags & FSP_POSIX_FLAGS_PATHNAMES) &&
833 return NT_STATUS_OBJECT_NAME_INVALID;
836 /* Can we access this file ? */
837 if (!fsp->base_fsp) {
838 /* Only do this check on non-stream open. */
840 status = smbd_check_access_rights(conn,
845 if (!NT_STATUS_IS_OK(status)) {
846 DEBUG(10, ("open_file: "
847 "smbd_check_access_rights "
848 "on file %s returned %s\n",
849 smb_fname_str_dbg(smb_fname),
853 if (!NT_STATUS_IS_OK(status) &&
854 !NT_STATUS_EQUAL(status,
855 NT_STATUS_OBJECT_NAME_NOT_FOUND))
860 if (NT_STATUS_EQUAL(status,
861 NT_STATUS_OBJECT_NAME_NOT_FOUND))
863 DEBUG(10, ("open_file: "
864 "file %s vanished since we "
865 "checked for existence.\n",
866 smb_fname_str_dbg(smb_fname)));
867 file_existed = false;
868 SET_STAT_INVALID(fsp->fsp_name->st);
873 if (!(local_flags & O_CREAT)) {
874 /* File didn't exist and no O_CREAT. */
875 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
878 status = check_parent_access(conn,
881 if (!NT_STATUS_IS_OK(status)) {
882 DEBUG(10, ("open_file: "
883 "check_parent_access on "
884 "file %s returned %s\n",
885 smb_fname_str_dbg(smb_fname),
886 nt_errstr(status) ));
893 * Actually do the open - if O_TRUNC is needed handle it
894 * below under the share mode lock.
896 status = fd_open_atomic(conn, fsp, local_flags & ~O_TRUNC,
897 unx_mode, p_file_created);
898 if (!NT_STATUS_IS_OK(status)) {
899 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
900 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
901 nt_errstr(status),local_flags,flags));
905 if (local_flags & O_NONBLOCK) {
907 * GPFS can return ETIMEDOUT for pread on
908 * nonblocking file descriptors when files
909 * migrated to tape need to be recalled. I
910 * could imagine this happens elsehwere
911 * too. With blocking file descriptors this
914 ret = set_blocking(fsp->fh->fd, true);
916 status = map_nt_error_from_unix(errno);
917 DBG_WARNING("Could not set fd to blocking: "
918 "%s\n", strerror(errno));
924 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
926 /* If we have an fd, this stat should succeed. */
927 DEBUG(0,("Error doing fstat on open file %s "
929 smb_fname_str_dbg(smb_fname),
931 status = map_nt_error_from_unix(errno);
936 if (*p_file_created) {
937 /* We created this file. */
939 bool need_re_stat = false;
940 /* Do all inheritance work after we've
941 done a successful fstat call and filled
942 in the stat struct in fsp->fsp_name. */
944 /* Inherit the ACL if required */
945 if (lp_inherit_permissions(SNUM(conn))) {
946 inherit_access_posix_acl(conn, parent_dir,
947 smb_fname->base_name,
952 /* Change the owner if required. */
953 if (lp_inherit_owner(SNUM(conn)) != INHERIT_OWNER_NO) {
954 change_file_owner_to_parent(conn, parent_dir,
960 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
961 /* If we have an fd, this stat should succeed. */
963 DEBUG(0,("Error doing fstat on open file %s "
965 smb_fname_str_dbg(smb_fname),
970 notify_fname(conn, NOTIFY_ACTION_ADDED,
971 FILE_NOTIFY_CHANGE_FILE_NAME,
972 smb_fname->base_name);
975 fsp->fh->fd = -1; /* What we used to call a stat open. */
977 /* File must exist for a stat open. */
978 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
981 status = smbd_check_access_rights(conn,
986 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
987 (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) &&
988 S_ISLNK(smb_fname->st.st_ex_mode)) {
989 /* This is a POSIX stat open for delete
990 * or rename on a symlink that points
992 DEBUG(10,("open_file: allowing POSIX "
993 "open on bad symlink %s\n",
994 smb_fname_str_dbg(smb_fname)));
995 status = NT_STATUS_OK;
998 if (!NT_STATUS_IS_OK(status)) {
999 DEBUG(10,("open_file: "
1000 "smbd_check_access_rights on file "
1002 smb_fname_str_dbg(smb_fname),
1003 nt_errstr(status) ));
1009 * POSIX allows read-only opens of directories. We don't
1010 * want to do this (we use a different code path for this)
1011 * so catch a directory open and return an EISDIR. JRA.
1014 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
1017 return NT_STATUS_FILE_IS_A_DIRECTORY;
1020 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1021 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
1022 fsp->file_pid = req ? req->smbpid : 0;
1023 fsp->can_lock = True;
1024 fsp->can_read = ((access_mask & FILE_READ_DATA) != 0);
1027 ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) != 0);
1028 fsp->print_file = NULL;
1029 fsp->modified = False;
1030 fsp->sent_oplock_break = NO_BREAK_SENT;
1031 fsp->is_directory = False;
1032 if (conn->aio_write_behind_list &&
1033 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
1034 conn->case_sensitive)) {
1035 fsp->aio_write_behind = True;
1038 fsp->wcp = NULL; /* Write cache pointer. */
1040 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
1041 conn->session_info->unix_info->unix_name,
1042 smb_fname_str_dbg(smb_fname),
1043 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
1044 conn->num_files_open));
1047 return NT_STATUS_OK;
1050 /****************************************************************************
1051 Check if we can open a file with a share mode.
1052 Returns True if conflict, False if not.
1053 ****************************************************************************/
1055 static bool share_conflict(struct share_mode_entry *entry,
1056 uint32_t access_mask,
1057 uint32_t share_access)
1059 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
1060 "entry->share_access = 0x%x, "
1061 "entry->private_options = 0x%x\n",
1062 (unsigned int)entry->access_mask,
1063 (unsigned int)entry->share_access,
1064 (unsigned int)entry->private_options));
1066 if (server_id_is_disconnected(&entry->pid)) {
1068 * note: cleanup should have been done by
1069 * delay_for_batch_oplocks()
1074 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
1075 (unsigned int)access_mask, (unsigned int)share_access));
1077 if ((entry->access_mask & (FILE_WRITE_DATA|
1081 DELETE_ACCESS)) == 0) {
1082 DEBUG(10,("share_conflict: No conflict due to "
1083 "entry->access_mask = 0x%x\n",
1084 (unsigned int)entry->access_mask ));
1088 if ((access_mask & (FILE_WRITE_DATA|
1092 DELETE_ACCESS)) == 0) {
1093 DEBUG(10,("share_conflict: No conflict due to "
1094 "access_mask = 0x%x\n",
1095 (unsigned int)access_mask ));
1099 #if 1 /* JRA TEST - Superdebug. */
1100 #define CHECK_MASK(num, am, right, sa, share) \
1101 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
1102 (unsigned int)(num), (unsigned int)(am), \
1103 (unsigned int)(right), (unsigned int)(am)&(right) )); \
1104 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
1105 (unsigned int)(num), (unsigned int)(sa), \
1106 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
1107 if (((am) & (right)) && !((sa) & (share))) { \
1108 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
1109 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
1110 (unsigned int)(share) )); \
1114 #define CHECK_MASK(num, am, right, sa, share) \
1115 if (((am) & (right)) && !((sa) & (share))) { \
1116 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
1117 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
1118 (unsigned int)(share) )); \
1123 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
1124 share_access, FILE_SHARE_WRITE);
1125 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
1126 entry->share_access, FILE_SHARE_WRITE);
1128 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
1129 share_access, FILE_SHARE_READ);
1130 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
1131 entry->share_access, FILE_SHARE_READ);
1133 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
1134 share_access, FILE_SHARE_DELETE);
1135 CHECK_MASK(6, access_mask, DELETE_ACCESS,
1136 entry->share_access, FILE_SHARE_DELETE);
1138 DEBUG(10,("share_conflict: No conflict.\n"));
1142 #if defined(DEVELOPER)
1143 static void validate_my_share_entries(struct smbd_server_connection *sconn,
1145 struct share_mode_entry *share_entry)
1147 struct server_id self = messaging_server_id(sconn->msg_ctx);
1150 if (!serverid_equal(&self, &share_entry->pid)) {
1154 if (share_entry->op_mid == 0) {
1155 /* INTERNAL_OPEN_ONLY */
1159 if (!is_valid_share_mode_entry(share_entry)) {
1163 fsp = file_find_dif(sconn, share_entry->id,
1164 share_entry->share_file_id);
1166 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
1167 share_mode_str(talloc_tos(), num, share_entry) ));
1168 smb_panic("validate_my_share_entries: Cannot match a "
1169 "share entry with an open file\n");
1172 if (((uint16_t)fsp->oplock_type) != share_entry->op_type) {
1181 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
1182 share_mode_str(talloc_tos(), num, share_entry) ));
1183 str = talloc_asprintf(talloc_tos(),
1184 "validate_my_share_entries: "
1185 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
1186 fsp->fsp_name->base_name,
1187 (unsigned int)fsp->oplock_type,
1188 (unsigned int)share_entry->op_type );
1194 bool is_stat_open(uint32_t access_mask)
1196 const uint32_t stat_open_bits =
1197 (SYNCHRONIZE_ACCESS|
1198 FILE_READ_ATTRIBUTES|
1199 FILE_WRITE_ATTRIBUTES);
1201 return (((access_mask & stat_open_bits) != 0) &&
1202 ((access_mask & ~stat_open_bits) == 0));
1205 static bool has_delete_on_close(struct share_mode_lock *lck,
1208 struct share_mode_data *d = lck->data;
1211 if (d->num_share_modes == 0) {
1214 if (!is_delete_on_close_set(lck, name_hash)) {
1217 for (i=0; i<d->num_share_modes; i++) {
1218 if (!share_mode_stale_pid(d, i)) {
1225 /****************************************************************************
1226 Deal with share modes
1227 Invariant: Share mode must be locked on entry and exit.
1228 Returns -1 on error, or number of share modes on success (may be zero).
1229 ****************************************************************************/
1231 static NTSTATUS open_mode_check(connection_struct *conn,
1232 struct share_mode_lock *lck,
1233 uint32_t access_mask,
1234 uint32_t share_access)
1238 if(lck->data->num_share_modes == 0) {
1239 return NT_STATUS_OK;
1242 if (is_stat_open(access_mask)) {
1243 /* Stat open that doesn't trigger oplock breaks or share mode
1244 * checks... ! JRA. */
1245 return NT_STATUS_OK;
1249 * Check if the share modes will give us access.
1252 #if defined(DEVELOPER)
1253 for(i = 0; i < lck->data->num_share_modes; i++) {
1254 validate_my_share_entries(conn->sconn, i,
1255 &lck->data->share_modes[i]);
1259 /* Now we check the share modes, after any oplock breaks. */
1260 for(i = 0; i < lck->data->num_share_modes; i++) {
1262 if (!is_valid_share_mode_entry(&lck->data->share_modes[i])) {
1266 /* someone else has a share lock on it, check to see if we can
1268 if (share_conflict(&lck->data->share_modes[i],
1269 access_mask, share_access)) {
1271 if (share_mode_stale_pid(lck->data, i)) {
1275 return NT_STATUS_SHARING_VIOLATION;
1279 return NT_STATUS_OK;
1283 * Send a break message to the oplock holder and delay the open for
1287 NTSTATUS send_break_message(struct messaging_context *msg_ctx,
1288 const struct share_mode_entry *exclusive,
1292 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
1293 struct server_id_buf tmp;
1295 DEBUG(10, ("Sending break request to PID %s\n",
1296 server_id_str_buf(exclusive->pid, &tmp)));
1298 /* Create the message. */
1299 share_mode_entry_to_message(msg, exclusive);
1301 /* Overload entry->op_type */
1303 * This is a cut from uint32_t to uint16_t, but so far only the lower 3
1304 * bits (LEASE_WRITE/HANDLE/READ are used anyway.
1306 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET, break_to);
1308 status = messaging_send_buf(msg_ctx, exclusive->pid,
1309 MSG_SMB_BREAK_REQUEST,
1310 (uint8_t *)msg, sizeof(msg));
1311 if (!NT_STATUS_IS_OK(status)) {
1312 DEBUG(3, ("Could not send oplock break message: %s\n",
1313 nt_errstr(status)));
1320 * Do internal consistency checks on the share mode for a file.
1323 static bool validate_oplock_types(struct share_mode_lock *lck)
1325 struct share_mode_data *d = lck->data;
1327 bool ex_or_batch = false;
1328 bool level2 = false;
1329 bool no_oplock = false;
1330 uint32_t num_non_stat_opens = 0;
1333 for (i=0; i<d->num_share_modes; i++) {
1334 struct share_mode_entry *e = &d->share_modes[i];
1336 if (!is_valid_share_mode_entry(e)) {
1340 if (e->op_mid == 0) {
1341 /* INTERNAL_OPEN_ONLY */
1345 if (e->op_type == NO_OPLOCK && is_stat_open(e->access_mask)) {
1346 /* We ignore stat opens in the table - they
1347 always have NO_OPLOCK and never get or
1348 cause breaks. JRA. */
1352 num_non_stat_opens += 1;
1354 if (BATCH_OPLOCK_TYPE(e->op_type)) {
1355 /* batch - can only be one. */
1356 if (share_mode_stale_pid(d, i)) {
1357 DEBUG(10, ("Found stale batch oplock\n"));
1360 if (ex_or_batch || batch || level2 || no_oplock) {
1361 DEBUG(0, ("Bad batch oplock entry %u.",
1368 if (EXCLUSIVE_OPLOCK_TYPE(e->op_type)) {
1369 if (share_mode_stale_pid(d, i)) {
1370 DEBUG(10, ("Found stale duplicate oplock\n"));
1373 /* Exclusive or batch - can only be one. */
1374 if (ex_or_batch || level2 || no_oplock) {
1375 DEBUG(0, ("Bad exclusive or batch oplock "
1376 "entry %u.", (unsigned)i));
1382 if (LEVEL_II_OPLOCK_TYPE(e->op_type)) {
1383 if (batch || ex_or_batch) {
1384 if (share_mode_stale_pid(d, i)) {
1385 DEBUG(10, ("Found stale LevelII "
1389 DEBUG(0, ("Bad levelII oplock entry %u.",
1396 if (e->op_type == NO_OPLOCK) {
1397 if (batch || ex_or_batch) {
1398 if (share_mode_stale_pid(d, i)) {
1399 DEBUG(10, ("Found stale NO_OPLOCK "
1403 DEBUG(0, ("Bad no oplock entry %u.",
1411 remove_stale_share_mode_entries(d);
1413 if ((batch || ex_or_batch) && (num_non_stat_opens != 1)) {
1414 DEBUG(1, ("got batch (%d) or ex (%d) non-exclusively (%d)\n",
1415 (int)batch, (int)ex_or_batch,
1416 (int)d->num_share_modes));
1423 static bool delay_for_oplock(files_struct *fsp,
1425 const struct smb2_lease *lease,
1426 struct share_mode_lock *lck,
1427 bool have_sharing_violation,
1428 uint32_t create_disposition,
1429 bool first_open_attempt)
1431 struct share_mode_data *d = lck->data;
1434 bool will_overwrite;
1436 if ((oplock_request & INTERNAL_OPEN_ONLY) ||
1437 is_stat_open(fsp->access_mask)) {
1441 switch (create_disposition) {
1442 case FILE_SUPERSEDE:
1443 case FILE_OVERWRITE:
1444 case FILE_OVERWRITE_IF:
1445 will_overwrite = true;
1448 will_overwrite = false;
1452 for (i=0; i<d->num_share_modes; i++) {
1453 struct share_mode_entry *e = &d->share_modes[i];
1454 struct share_mode_lease *l = NULL;
1455 uint32_t e_lease_type = get_lease_type(d, e);
1457 uint32_t delay_mask = 0;
1459 if (e->op_type == LEASE_OPLOCK) {
1460 l = &d->leases[e->lease_idx];
1463 if (have_sharing_violation) {
1464 delay_mask = SMB2_LEASE_HANDLE;
1466 delay_mask = SMB2_LEASE_WRITE;
1469 break_to = e_lease_type & ~delay_mask;
1471 if (will_overwrite) {
1473 * we'll decide about SMB2_LEASE_READ later.
1475 * Maybe the break will be defered
1477 break_to &= ~SMB2_LEASE_HANDLE;
1480 DEBUG(10, ("entry %u: e_lease_type %u, will_overwrite: %u\n",
1481 (unsigned)i, (unsigned)e_lease_type,
1482 (unsigned)will_overwrite));
1484 if (lease != NULL && l != NULL) {
1487 ign = smb2_lease_equal(fsp_client_guid(fsp),
1496 if ((e_lease_type & ~break_to) == 0) {
1497 if (l != NULL && l->breaking) {
1503 if (share_mode_stale_pid(d, i)) {
1507 if (will_overwrite) {
1509 * If we break anyway break to NONE directly.
1510 * Otherwise vfs_set_filelen() will trigger the
1513 break_to &= ~(SMB2_LEASE_READ|SMB2_LEASE_WRITE);
1516 if (e->op_type != LEASE_OPLOCK) {
1518 * Oplocks only support breaking to R or NONE.
1520 break_to &= ~(SMB2_LEASE_HANDLE|SMB2_LEASE_WRITE);
1523 DEBUG(10, ("breaking from %d to %d\n",
1524 (int)e_lease_type, (int)break_to));
1525 send_break_message(fsp->conn->sconn->msg_ctx, e,
1527 if (e_lease_type & delay_mask) {
1530 if (l != NULL && l->breaking && !first_open_attempt) {
1539 static bool file_has_brlocks(files_struct *fsp)
1541 struct byte_range_lock *br_lck;
1543 br_lck = brl_get_locks_readonly(fsp);
1547 return (brl_num_locks(br_lck) > 0);
1550 int find_share_mode_lease(struct share_mode_data *d,
1551 const struct GUID *client_guid,
1552 const struct smb2_lease_key *key)
1556 for (i=0; i<d->num_leases; i++) {
1557 struct share_mode_lease *l = &d->leases[i];
1559 if (smb2_lease_equal(client_guid,
1570 struct fsp_lease *find_fsp_lease(struct files_struct *new_fsp,
1571 const struct smb2_lease_key *key,
1572 const struct share_mode_lease *l)
1574 struct files_struct *fsp;
1577 * TODO: Measure how expensive this loop is with thousands of open
1581 for (fsp = file_find_di_first(new_fsp->conn->sconn, new_fsp->file_id);
1583 fsp = file_find_di_next(fsp)) {
1585 if (fsp == new_fsp) {
1588 if (fsp->oplock_type != LEASE_OPLOCK) {
1591 if (smb2_lease_key_equal(&fsp->lease->lease.lease_key, key)) {
1592 fsp->lease->ref_count += 1;
1597 /* Not found - must be leased in another smbd. */
1598 new_fsp->lease = talloc_zero(new_fsp->conn->sconn, struct fsp_lease);
1599 if (new_fsp->lease == NULL) {
1602 new_fsp->lease->ref_count = 1;
1603 new_fsp->lease->sconn = new_fsp->conn->sconn;
1604 new_fsp->lease->lease.lease_key = *key;
1605 new_fsp->lease->lease.lease_state = l->current_state;
1607 * We internally treat all leases as V2 and update
1608 * the epoch, but when sending breaks it matters if
1609 * the requesting lease was v1 or v2.
1611 new_fsp->lease->lease.lease_version = l->lease_version;
1612 new_fsp->lease->lease.lease_epoch = l->epoch;
1613 return new_fsp->lease;
1616 static NTSTATUS grant_fsp_lease(struct files_struct *fsp,
1617 struct share_mode_lock *lck,
1618 const struct smb2_lease *lease,
1619 uint32_t *p_lease_idx,
1622 struct share_mode_data *d = lck->data;
1623 const struct GUID *client_guid = fsp_client_guid(fsp);
1624 struct share_mode_lease *tmp;
1628 idx = find_share_mode_lease(d, client_guid, &lease->lease_key);
1631 struct share_mode_lease *l = &d->leases[idx];
1633 uint32_t existing, requested;
1635 fsp->lease = find_fsp_lease(fsp, &lease->lease_key, l);
1636 if (fsp->lease == NULL) {
1637 DEBUG(1, ("Did not find existing lease for file %s\n",
1639 return NT_STATUS_NO_MEMORY;
1645 * Upgrade only if the requested lease is a strict upgrade.
1647 existing = l->current_state;
1648 requested = lease->lease_state;
1651 * Tricky: This test makes sure that "requested" is a
1652 * strict bitwise superset of "existing".
1654 do_upgrade = ((existing & requested) == existing);
1657 * Upgrade only if there's a change.
1659 do_upgrade &= (granted != existing);
1662 * Upgrade only if other leases don't prevent what was asked
1665 do_upgrade &= (granted == requested);
1668 * only upgrade if we are not in breaking state
1670 do_upgrade &= !l->breaking;
1672 DEBUG(10, ("existing=%"PRIu32", requested=%"PRIu32", "
1673 "granted=%"PRIu32", do_upgrade=%d\n",
1674 existing, requested, granted, (int)do_upgrade));
1677 l->current_state = granted;
1681 /* Ensure we're in sync with current lease state. */
1682 fsp_lease_update(lck, fsp_client_guid(fsp), fsp->lease);
1683 return NT_STATUS_OK;
1690 tmp = talloc_realloc(d, d->leases, struct share_mode_lease,
1696 return NT_STATUS_INSUFFICIENT_RESOURCES;
1700 fsp->lease = talloc_zero(fsp->conn->sconn, struct fsp_lease);
1701 if (fsp->lease == NULL) {
1702 return NT_STATUS_INSUFFICIENT_RESOURCES;
1704 fsp->lease->ref_count = 1;
1705 fsp->lease->sconn = fsp->conn->sconn;
1706 fsp->lease->lease.lease_version = lease->lease_version;
1707 fsp->lease->lease.lease_key = lease->lease_key;
1708 fsp->lease->lease.lease_state = granted;
1709 fsp->lease->lease.lease_epoch = lease->lease_epoch + 1;
1711 *p_lease_idx = d->num_leases;
1713 d->leases[d->num_leases] = (struct share_mode_lease) {
1714 .client_guid = *client_guid,
1715 .lease_key = fsp->lease->lease.lease_key,
1716 .current_state = fsp->lease->lease.lease_state,
1717 .lease_version = fsp->lease->lease.lease_version,
1718 .epoch = fsp->lease->lease.lease_epoch,
1721 status = leases_db_add(client_guid,
1724 fsp->conn->connectpath,
1725 fsp->fsp_name->base_name,
1726 fsp->fsp_name->stream_name);
1727 if (!NT_STATUS_IS_OK(status)) {
1728 DEBUG(10, ("%s: leases_db_add failed: %s\n", __func__,
1729 nt_errstr(status)));
1730 TALLOC_FREE(fsp->lease);
1731 return NT_STATUS_INSUFFICIENT_RESOURCES;
1737 return NT_STATUS_OK;
1740 static bool is_same_lease(const files_struct *fsp,
1741 const struct share_mode_data *d,
1742 const struct share_mode_entry *e,
1743 const struct smb2_lease *lease)
1745 if (e->op_type != LEASE_OPLOCK) {
1748 if (lease == NULL) {
1752 return smb2_lease_equal(fsp_client_guid(fsp),
1754 &d->leases[e->lease_idx].client_guid,
1755 &d->leases[e->lease_idx].lease_key);
1758 static NTSTATUS grant_fsp_oplock_type(struct smb_request *req,
1759 struct files_struct *fsp,
1760 struct share_mode_lock *lck,
1762 struct smb2_lease *lease)
1764 struct share_mode_data *d = lck->data;
1765 bool got_handle_lease = false;
1766 bool got_oplock = false;
1769 uint32_t lease_idx = UINT32_MAX;
1773 if (oplock_request & INTERNAL_OPEN_ONLY) {
1774 /* No oplocks on internal open. */
1775 oplock_request = NO_OPLOCK;
1776 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1777 fsp->oplock_type, fsp_str_dbg(fsp)));
1780 if (oplock_request == LEASE_OPLOCK) {
1781 if (lease == NULL) {
1783 * The SMB2 layer should have checked this
1785 return NT_STATUS_INTERNAL_ERROR;
1788 granted = lease->lease_state;
1790 if (lp_kernel_oplocks(SNUM(fsp->conn))) {
1791 DEBUG(10, ("No lease granted because kernel oplocks are enabled\n"));
1792 granted = SMB2_LEASE_NONE;
1794 if ((granted & (SMB2_LEASE_READ|SMB2_LEASE_WRITE)) == 0) {
1795 DEBUG(10, ("No read or write lease requested\n"));
1796 granted = SMB2_LEASE_NONE;
1798 if (granted == SMB2_LEASE_WRITE) {
1799 DEBUG(10, ("pure write lease requested\n"));
1800 granted = SMB2_LEASE_NONE;
1802 if (granted == (SMB2_LEASE_WRITE|SMB2_LEASE_HANDLE)) {
1803 DEBUG(10, ("write and handle lease requested\n"));
1804 granted = SMB2_LEASE_NONE;
1807 granted = map_oplock_to_lease_type(
1808 oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1811 if (lp_locking(fsp->conn->params) && file_has_brlocks(fsp)) {
1812 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
1814 granted &= ~SMB2_LEASE_READ;
1817 for (i=0; i<d->num_share_modes; i++) {
1818 struct share_mode_entry *e = &d->share_modes[i];
1819 uint32_t e_lease_type;
1821 e_lease_type = get_lease_type(d, e);
1823 if ((granted & SMB2_LEASE_WRITE) &&
1824 !is_same_lease(fsp, d, e, lease) &&
1825 !share_mode_stale_pid(d, i)) {
1827 * Can grant only one writer
1829 granted &= ~SMB2_LEASE_WRITE;
1832 if ((e_lease_type & SMB2_LEASE_HANDLE) && !got_handle_lease &&
1833 !share_mode_stale_pid(d, i)) {
1834 got_handle_lease = true;
1837 if ((e->op_type != LEASE_OPLOCK) && !got_oplock &&
1838 !share_mode_stale_pid(d, i)) {
1843 if ((granted & SMB2_LEASE_READ) && !(granted & SMB2_LEASE_WRITE)) {
1845 (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
1846 lp_level2_oplocks(SNUM(fsp->conn));
1848 if (!allow_level2) {
1849 granted = SMB2_LEASE_NONE;
1853 if (oplock_request == LEASE_OPLOCK) {
1855 granted &= ~SMB2_LEASE_HANDLE;
1858 fsp->oplock_type = LEASE_OPLOCK;
1860 status = grant_fsp_lease(fsp, lck, lease, &lease_idx,
1862 if (!NT_STATUS_IS_OK(status)) {
1866 *lease = fsp->lease->lease;
1867 DEBUG(10, ("lease_state=%d\n", lease->lease_state));
1869 if (got_handle_lease) {
1870 granted = SMB2_LEASE_NONE;
1874 case SMB2_LEASE_READ|SMB2_LEASE_WRITE|SMB2_LEASE_HANDLE:
1875 fsp->oplock_type = BATCH_OPLOCK|EXCLUSIVE_OPLOCK;
1877 case SMB2_LEASE_READ|SMB2_LEASE_WRITE:
1878 fsp->oplock_type = EXCLUSIVE_OPLOCK;
1880 case SMB2_LEASE_READ|SMB2_LEASE_HANDLE:
1881 case SMB2_LEASE_READ:
1882 fsp->oplock_type = LEVEL_II_OPLOCK;
1885 fsp->oplock_type = NO_OPLOCK;
1889 status = set_file_oplock(fsp);
1890 if (!NT_STATUS_IS_OK(status)) {
1892 * Could not get the kernel oplock
1894 fsp->oplock_type = NO_OPLOCK;
1898 ok = set_share_mode(lck, fsp, get_current_uid(fsp->conn),
1903 return NT_STATUS_NO_MEMORY;
1906 ok = update_num_read_oplocks(fsp, lck);
1908 del_share_mode(lck, fsp);
1909 return NT_STATUS_INTERNAL_ERROR;
1912 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1913 fsp->oplock_type, fsp_str_dbg(fsp)));
1915 return NT_STATUS_OK;
1918 static bool request_timed_out(struct timeval request_time,
1919 struct timeval timeout)
1921 struct timeval now, end_time;
1923 end_time = timeval_sum(&request_time, &timeout);
1924 return (timeval_compare(&end_time, &now) < 0);
1927 struct defer_open_state {
1928 struct smbXsrv_connection *xconn;
1932 static void defer_open_done(struct tevent_req *req);
1934 /****************************************************************************
1935 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1936 ****************************************************************************/
1938 static void defer_open(struct share_mode_lock *lck,
1939 struct timeval request_time,
1940 struct timeval timeout,
1941 struct smb_request *req,
1942 struct deferred_open_record *state)
1944 struct deferred_open_record *open_rec;
1946 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1947 "open entry for mid %llu\n",
1948 (unsigned int)request_time.tv_sec,
1949 (unsigned int)request_time.tv_usec,
1950 (unsigned long long)req->mid));
1952 open_rec = talloc(NULL, struct deferred_open_record);
1953 if (open_rec == NULL) {
1955 exit_server("talloc failed");
1961 struct defer_open_state *watch_state;
1962 struct tevent_req *watch_req;
1965 watch_state = talloc(open_rec, struct defer_open_state);
1966 if (watch_state == NULL) {
1967 exit_server("talloc failed");
1969 watch_state->xconn = req->xconn;
1970 watch_state->mid = req->mid;
1972 DEBUG(10, ("defering mid %llu\n",
1973 (unsigned long long)req->mid));
1975 watch_req = dbwrap_watched_watch_send(
1976 watch_state, req->sconn->ev_ctx, lck->data->record,
1977 (struct server_id){0});
1978 if (watch_req == NULL) {
1979 exit_server("Could not watch share mode record");
1981 tevent_req_set_callback(watch_req, defer_open_done,
1984 ret = tevent_req_set_endtime(
1985 watch_req, req->sconn->ev_ctx,
1986 timeval_sum(&request_time, &timeout));
1990 if (!push_deferred_open_message_smb(req, request_time, timeout,
1991 state->id, open_rec)) {
1993 exit_server("push_deferred_open_message_smb failed");
1997 static void defer_open_done(struct tevent_req *req)
1999 struct defer_open_state *state = tevent_req_callback_data(
2000 req, struct defer_open_state);
2004 status = dbwrap_watched_watch_recv(req, talloc_tos(), NULL, NULL,
2007 if (!NT_STATUS_IS_OK(status)) {
2008 DEBUG(5, ("dbwrap_watched_watch_recv returned %s\n",
2009 nt_errstr(status)));
2011 * Even if it failed, retry anyway. TODO: We need a way to
2012 * tell a re-scheduled open about that error.
2016 DEBUG(10, ("scheduling mid %llu\n", (unsigned long long)state->mid));
2018 ret = schedule_deferred_open_message_smb(state->xconn, state->mid);
2024 /****************************************************************************
2025 On overwrite open ensure that the attributes match.
2026 ****************************************************************************/
2028 static bool open_match_attributes(connection_struct *conn,
2029 uint32_t old_dos_attr,
2030 uint32_t new_dos_attr,
2031 mode_t existing_unx_mode,
2032 mode_t new_unx_mode,
2033 mode_t *returned_unx_mode)
2035 uint32_t noarch_old_dos_attr, noarch_new_dos_attr;
2037 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
2038 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
2040 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
2041 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
2042 *returned_unx_mode = new_unx_mode;
2044 *returned_unx_mode = (mode_t)0;
2047 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
2048 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
2049 "returned_unx_mode = 0%o\n",
2050 (unsigned int)old_dos_attr,
2051 (unsigned int)existing_unx_mode,
2052 (unsigned int)new_dos_attr,
2053 (unsigned int)*returned_unx_mode ));
2055 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
2056 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
2057 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
2058 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
2062 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
2063 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
2064 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
2071 /****************************************************************************
2072 Special FCB or DOS processing in the case of a sharing violation.
2073 Try and find a duplicated file handle.
2074 ****************************************************************************/
2076 static NTSTATUS fcb_or_dos_open(struct smb_request *req,
2077 connection_struct *conn,
2078 files_struct *fsp_to_dup_into,
2079 const struct smb_filename *smb_fname,
2083 uint32_t access_mask,
2084 uint32_t share_access,
2085 uint32_t create_options)
2089 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
2090 "file %s.\n", smb_fname_str_dbg(smb_fname)));
2092 for(fsp = file_find_di_first(conn->sconn, id); fsp;
2093 fsp = file_find_di_next(fsp)) {
2095 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
2096 "vuid = %llu, file_pid = %u, private_options = 0x%x "
2097 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
2098 fsp->fh->fd, (unsigned long long)fsp->vuid,
2099 (unsigned int)fsp->file_pid,
2100 (unsigned int)fsp->fh->private_options,
2101 (unsigned int)fsp->access_mask ));
2103 if (fsp != fsp_to_dup_into &&
2104 fsp->fh->fd != -1 &&
2105 fsp->vuid == vuid &&
2106 fsp->file_pid == file_pid &&
2107 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
2108 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
2109 (fsp->access_mask & FILE_WRITE_DATA) &&
2110 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
2111 strequal(fsp->fsp_name->stream_name,
2112 smb_fname->stream_name)) {
2113 DEBUG(10,("fcb_or_dos_open: file match\n"));
2119 return NT_STATUS_NOT_FOUND;
2122 /* quite an insane set of semantics ... */
2123 if (is_executable(smb_fname->base_name) &&
2124 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
2125 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
2126 return NT_STATUS_INVALID_PARAMETER;
2129 /* We need to duplicate this fsp. */
2130 return dup_file_fsp(req, fsp, access_mask, share_access,
2131 create_options, fsp_to_dup_into);
2134 static void schedule_defer_open(struct share_mode_lock *lck,
2136 struct timeval request_time,
2137 struct smb_request *req)
2139 struct deferred_open_record state;
2141 /* This is a relative time, added to the absolute
2142 request_time value to get the absolute timeout time.
2143 Note that if this is the second or greater time we enter
2144 this codepath for this particular request mid then
2145 request_time is left as the absolute time of the *first*
2146 time this request mid was processed. This is what allows
2147 the request to eventually time out. */
2149 struct timeval timeout;
2151 /* Normally the smbd we asked should respond within
2152 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
2153 * the client did, give twice the timeout as a safety
2154 * measure here in case the other smbd is stuck
2155 * somewhere else. */
2157 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
2159 /* Nothing actually uses state.delayed_for_oplocks
2160 but it's handy to differentiate in debug messages
2161 between a 30 second delay due to oplock break, and
2162 a 1 second delay for share mode conflicts. */
2164 state.delayed_for_oplocks = True;
2165 state.async_open = false;
2168 if (!request_timed_out(request_time, timeout)) {
2169 defer_open(lck, request_time, timeout, req, &state);
2173 /****************************************************************************
2174 Reschedule an open call that went asynchronous.
2175 ****************************************************************************/
2177 static void schedule_async_open(struct timeval request_time,
2178 struct smb_request *req)
2180 struct deferred_open_record state;
2181 struct timeval timeout;
2183 timeout = timeval_set(20, 0);
2186 state.delayed_for_oplocks = false;
2187 state.async_open = true;
2189 if (!request_timed_out(request_time, timeout)) {
2190 defer_open(NULL, request_time, timeout, req, &state);
2194 /****************************************************************************
2195 Work out what access_mask to use from what the client sent us.
2196 ****************************************************************************/
2198 static NTSTATUS smbd_calculate_maximum_allowed_access(
2199 connection_struct *conn,
2200 const struct smb_filename *smb_fname,
2202 uint32_t *p_access_mask)
2204 struct security_descriptor *sd;
2205 uint32_t access_granted;
2208 if (!use_privs && (get_current_uid(conn) == (uid_t)0)) {
2209 *p_access_mask |= FILE_GENERIC_ALL;
2210 return NT_STATUS_OK;
2213 status = SMB_VFS_GET_NT_ACL(conn, smb_fname,
2219 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2221 * File did not exist
2223 *p_access_mask = FILE_GENERIC_ALL;
2224 return NT_STATUS_OK;
2226 if (!NT_STATUS_IS_OK(status)) {
2227 DEBUG(10,("Could not get acl on file %s: %s\n",
2228 smb_fname_str_dbg(smb_fname),
2229 nt_errstr(status)));
2230 return NT_STATUS_ACCESS_DENIED;
2234 * If we can access the path to this file, by
2235 * default we have FILE_READ_ATTRIBUTES from the
2236 * containing directory. See the section:
2237 * "Algorithm to Check Access to an Existing File"
2240 * se_file_access_check()
2241 * also takes care of owner WRITE_DAC and READ_CONTROL.
2243 status = se_file_access_check(sd,
2244 get_current_nttok(conn),
2246 (*p_access_mask & ~FILE_READ_ATTRIBUTES),
2251 if (!NT_STATUS_IS_OK(status)) {
2252 DEBUG(10, ("Access denied on file %s: "
2253 "when calculating maximum access\n",
2254 smb_fname_str_dbg(smb_fname)));
2255 return NT_STATUS_ACCESS_DENIED;
2257 *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
2259 if (!(access_granted & DELETE_ACCESS)) {
2260 if (can_delete_file_in_directory(conn, smb_fname)) {
2261 *p_access_mask |= DELETE_ACCESS;
2265 return NT_STATUS_OK;
2268 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
2269 const struct smb_filename *smb_fname,
2271 uint32_t access_mask,
2272 uint32_t *access_mask_out)
2275 uint32_t orig_access_mask = access_mask;
2276 uint32_t rejected_share_access;
2278 if (access_mask & SEC_MASK_INVALID) {
2279 DBG_DEBUG("access_mask [%8x] contains invalid bits\n",
2281 return NT_STATUS_ACCESS_DENIED;
2285 * Convert GENERIC bits to specific bits.
2288 se_map_generic(&access_mask, &file_generic_mapping);
2290 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
2291 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
2293 status = smbd_calculate_maximum_allowed_access(
2294 conn, smb_fname, use_privs, &access_mask);
2296 if (!NT_STATUS_IS_OK(status)) {
2300 access_mask &= conn->share_access;
2303 rejected_share_access = access_mask & ~(conn->share_access);
2305 if (rejected_share_access) {
2306 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
2307 "file %s: rejected by share access mask[0x%08X] "
2308 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
2309 smb_fname_str_dbg(smb_fname),
2311 orig_access_mask, access_mask,
2312 rejected_share_access));
2313 return NT_STATUS_ACCESS_DENIED;
2316 *access_mask_out = access_mask;
2317 return NT_STATUS_OK;
2320 /****************************************************************************
2321 Remove the deferred open entry under lock.
2322 ****************************************************************************/
2324 /****************************************************************************
2325 Return true if this is a state pointer to an asynchronous create.
2326 ****************************************************************************/
2328 bool is_deferred_open_async(const struct deferred_open_record *rec)
2330 return rec->async_open;
2333 static bool clear_ads(uint32_t create_disposition)
2337 switch (create_disposition) {
2338 case FILE_SUPERSEDE:
2339 case FILE_OVERWRITE_IF:
2340 case FILE_OVERWRITE:
2349 static int disposition_to_open_flags(uint32_t create_disposition)
2354 * Currently we're using FILE_SUPERSEDE as the same as
2355 * FILE_OVERWRITE_IF but they really are
2356 * different. FILE_SUPERSEDE deletes an existing file
2357 * (requiring delete access) then recreates it.
2360 switch (create_disposition) {
2361 case FILE_SUPERSEDE:
2362 case FILE_OVERWRITE_IF:
2364 * If file exists replace/overwrite. If file doesn't
2367 ret = O_CREAT|O_TRUNC;
2372 * If file exists open. If file doesn't exist error.
2377 case FILE_OVERWRITE:
2379 * If file exists overwrite. If file doesn't exist
2387 * If file exists error. If file doesn't exist create.
2389 ret = O_CREAT|O_EXCL;
2394 * If file exists open. If file doesn't exist create.
2402 static int calculate_open_access_flags(uint32_t access_mask,
2403 uint32_t private_flags)
2405 bool need_write, need_read;
2408 * Note that we ignore the append flag as append does not
2409 * mean the same thing under DOS and Unix.
2412 need_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA));
2417 /* DENY_DOS opens are always underlying read-write on the
2418 file handle, no matter what the requested access mask
2422 ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
2423 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|
2424 FILE_READ_EA|FILE_EXECUTE));
2432 /****************************************************************************
2433 Open a file with a share mode. Passed in an already created files_struct *.
2434 ****************************************************************************/
2436 static NTSTATUS open_file_ntcreate(connection_struct *conn,
2437 struct smb_request *req,
2438 uint32_t access_mask, /* access bits (FILE_READ_DATA etc.) */
2439 uint32_t share_access, /* share constants (FILE_SHARE_READ etc) */
2440 uint32_t create_disposition, /* FILE_OPEN_IF etc. */
2441 uint32_t create_options, /* options such as delete on close. */
2442 uint32_t new_dos_attributes, /* attributes used for new file. */
2443 int oplock_request, /* internal Samba oplock codes. */
2444 struct smb2_lease *lease,
2445 /* Information (FILE_EXISTS etc.) */
2446 uint32_t private_flags, /* Samba specific flags. */
2450 struct smb_filename *smb_fname = fsp->fsp_name;
2453 bool file_existed = VALID_STAT(smb_fname->st);
2454 bool def_acl = False;
2455 bool posix_open = False;
2456 bool new_file_created = False;
2457 bool first_open_attempt = true;
2458 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
2459 mode_t new_unx_mode = (mode_t)0;
2460 mode_t unx_mode = (mode_t)0;
2462 uint32_t existing_dos_attributes = 0;
2463 struct timeval request_time = timeval_zero();
2464 struct share_mode_lock *lck = NULL;
2465 uint32_t open_access_mask = access_mask;
2468 SMB_STRUCT_STAT saved_stat = smb_fname->st;
2469 struct timespec old_write_time;
2472 if (conn->printer) {
2474 * Printers are handled completely differently.
2475 * Most of the passed parameters are ignored.
2479 *pinfo = FILE_WAS_CREATED;
2482 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
2483 smb_fname_str_dbg(smb_fname)));
2486 DEBUG(0,("open_file_ntcreate: printer open without "
2487 "an SMB request!\n"));
2488 return NT_STATUS_INTERNAL_ERROR;
2491 return print_spool_open(fsp, smb_fname->base_name,
2495 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
2497 return NT_STATUS_NO_MEMORY;
2500 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2502 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2503 new_dos_attributes = 0;
2505 /* Windows allows a new file to be created and
2506 silently removes a FILE_ATTRIBUTE_DIRECTORY
2507 sent by the client. Do the same. */
2509 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
2511 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
2513 unx_mode = unix_mode(conn, new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
2514 smb_fname, parent_dir);
2517 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
2518 "access_mask=0x%x share_access=0x%x "
2519 "create_disposition = 0x%x create_options=0x%x "
2520 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
2521 smb_fname_str_dbg(smb_fname), new_dos_attributes,
2522 access_mask, share_access, create_disposition,
2523 create_options, (unsigned int)unx_mode, oplock_request,
2524 (unsigned int)private_flags));
2527 /* Ensure req == NULL means INTERNAL_OPEN_ONLY */
2528 SMB_ASSERT(((oplock_request & INTERNAL_OPEN_ONLY) != 0));
2530 /* And req != NULL means no INTERNAL_OPEN_ONLY */
2531 SMB_ASSERT(((oplock_request & INTERNAL_OPEN_ONLY) == 0));
2535 * Only non-internal opens can be deferred at all
2539 struct deferred_open_record *open_rec;
2540 if (get_deferred_open_message_state(req,
2543 /* Remember the absolute time of the original
2544 request with this mid. We'll use it later to
2545 see if this has timed out. */
2547 /* If it was an async create retry, the file
2550 if (is_deferred_open_async(open_rec)) {
2551 SET_STAT_INVALID(smb_fname->st);
2552 file_existed = false;
2555 /* Ensure we don't reprocess this message. */
2556 remove_deferred_open_message_smb(req->xconn, req->mid);
2558 first_open_attempt = false;
2563 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
2566 * Only use strored DOS attributes for checks
2567 * against requested attributes (below via
2568 * open_match_attributes()), cf bug #11992
2569 * for details. -slow
2573 status = SMB_VFS_GET_DOS_ATTRIBUTES(conn, smb_fname, &attr);
2574 if (NT_STATUS_IS_OK(status)) {
2575 existing_dos_attributes = attr;
2580 /* ignore any oplock requests if oplocks are disabled */
2581 if (!lp_oplocks(SNUM(conn)) ||
2582 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
2583 /* Mask off everything except the private Samba bits. */
2584 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
2587 /* this is for OS/2 long file names - say we don't support them */
2588 if (req != NULL && !req->posix_pathnames &&
2589 strstr(smb_fname->base_name,".+,;=[].")) {
2590 /* OS/2 Workplace shell fix may be main code stream in a later
2592 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
2594 if (use_nt_status()) {
2595 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2597 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
2600 switch( create_disposition ) {
2602 /* If file exists open. If file doesn't exist error. */
2603 if (!file_existed) {
2604 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
2605 "requested for file %s and file "
2607 smb_fname_str_dbg(smb_fname)));
2609 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2613 case FILE_OVERWRITE:
2614 /* If file exists overwrite. If file doesn't exist
2616 if (!file_existed) {
2617 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
2618 "requested for file %s and file "
2620 smb_fname_str_dbg(smb_fname) ));
2622 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2627 /* If file exists error. If file doesn't exist
2630 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
2631 "requested for file %s and file "
2632 "already exists.\n",
2633 smb_fname_str_dbg(smb_fname)));
2634 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
2639 return map_nt_error_from_unix(errno);
2643 case FILE_SUPERSEDE:
2644 case FILE_OVERWRITE_IF:
2648 return NT_STATUS_INVALID_PARAMETER;
2651 flags2 = disposition_to_open_flags(create_disposition);
2653 /* We only care about matching attributes on file exists and
2656 if (!posix_open && file_existed &&
2657 ((create_disposition == FILE_OVERWRITE) ||
2658 (create_disposition == FILE_OVERWRITE_IF))) {
2659 if (!open_match_attributes(conn, existing_dos_attributes,
2661 smb_fname->st.st_ex_mode,
2662 unx_mode, &new_unx_mode)) {
2663 DEBUG(5,("open_file_ntcreate: attributes missmatch "
2664 "for file %s (%x %x) (0%o, 0%o)\n",
2665 smb_fname_str_dbg(smb_fname),
2666 existing_dos_attributes,
2668 (unsigned int)smb_fname->st.st_ex_mode,
2669 (unsigned int)unx_mode ));
2671 return NT_STATUS_ACCESS_DENIED;
2675 status = smbd_calculate_access_mask(conn, smb_fname,
2679 if (!NT_STATUS_IS_OK(status)) {
2680 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
2681 "on file %s returned %s\n",
2682 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
2686 open_access_mask = access_mask;
2688 if (flags2 & O_TRUNC) {
2689 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
2692 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
2693 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
2697 * Note that we ignore the append flag as append does not
2698 * mean the same thing under DOS and Unix.
2701 flags = calculate_open_access_flags(access_mask, private_flags);
2704 * Currently we only look at FILE_WRITE_THROUGH for create options.
2708 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
2713 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
2717 if (!posix_open && !CAN_WRITE(conn)) {
2719 * We should really return a permission denied error if either
2720 * O_CREAT or O_TRUNC are set, but for compatibility with
2721 * older versions of Samba we just AND them out.
2723 flags2 &= ~(O_CREAT|O_TRUNC);
2726 if (first_open_attempt && lp_kernel_oplocks(SNUM(conn))) {
2728 * With kernel oplocks the open breaking an oplock
2729 * blocks until the oplock holder has given up the
2730 * oplock or closed the file. We prevent this by first
2731 * trying to open the file with O_NONBLOCK (see "man
2732 * fcntl" on Linux). For the second try, triggered by
2733 * an oplock break response, we do not need this
2736 * This is true under the assumption that only Samba
2737 * requests kernel oplocks. Once someone else like
2738 * NFSv4 starts to use that API, we will have to
2739 * modify this by communicating with the NFSv4 server.
2741 flags2 |= O_NONBLOCK;
2745 * Ensure we can't write on a read-only share or file.
2748 if (flags != O_RDONLY && file_existed &&
2749 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
2750 DEBUG(5,("open_file_ntcreate: write access requested for "
2751 "file %s on read only %s\n",
2752 smb_fname_str_dbg(smb_fname),
2753 !CAN_WRITE(conn) ? "share" : "file" ));
2755 return NT_STATUS_ACCESS_DENIED;
2758 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
2759 fsp->share_access = share_access;
2760 fsp->fh->private_options = private_flags;
2761 fsp->access_mask = open_access_mask; /* We change this to the
2762 * requested access_mask after
2763 * the open is done. */
2765 fsp->posix_flags |= FSP_POSIX_FLAGS_ALL;
2768 if (timeval_is_zero(&request_time)) {
2769 request_time = fsp->open_time;
2773 * Ensure we pay attention to default ACLs on directories if required.
2776 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
2777 (def_acl = directory_has_default_acl(conn, parent_dir))) {
2778 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
2781 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2782 "access_mask = 0x%x, open_access_mask = 0x%x\n",
2783 (unsigned int)flags, (unsigned int)flags2,
2784 (unsigned int)unx_mode, (unsigned int)access_mask,
2785 (unsigned int)open_access_mask));
2787 fsp_open = open_file(fsp, conn, req, parent_dir,
2788 flags|flags2, unx_mode, access_mask,
2789 open_access_mask, &new_file_created);
2791 if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_NETWORK_BUSY)) {
2792 struct deferred_open_record state;
2795 * EWOULDBLOCK/EAGAIN maps to NETWORK_BUSY.
2797 if (file_existed && S_ISFIFO(fsp->fsp_name->st.st_ex_mode)) {
2798 DEBUG(10, ("FIFO busy\n"));
2799 return NT_STATUS_NETWORK_BUSY;
2802 DEBUG(10, ("Internal open busy\n"));
2803 return NT_STATUS_NETWORK_BUSY;
2807 * From here on we assume this is an oplock break triggered
2810 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
2812 state.delayed_for_oplocks = false;
2813 state.async_open = false;
2814 state.id = fsp->file_id;
2815 defer_open(NULL, request_time, timeval_set(0, 0),
2817 DEBUG(10, ("No share mode lock found after "
2818 "EWOULDBLOCK, retrying sync\n"));
2819 return NT_STATUS_SHARING_VIOLATION;
2822 if (!validate_oplock_types(lck)) {
2823 smb_panic("validate_oplock_types failed");
2826 if (delay_for_oplock(fsp, 0, lease, lck, false,
2827 create_disposition, first_open_attempt)) {
2828 schedule_defer_open(lck, fsp->file_id, request_time,
2831 DEBUG(10, ("Sent oplock break request to kernel "
2832 "oplock holder\n"));
2833 return NT_STATUS_SHARING_VIOLATION;
2837 * No oplock from Samba around. Immediately retry with
2840 state.delayed_for_oplocks = false;
2841 state.async_open = false;
2842 state.id = fsp->file_id;
2843 defer_open(lck, request_time, timeval_set(0, 0), req, &state);
2845 DEBUG(10, ("No Samba oplock around after EWOULDBLOCK. "
2846 "Retrying sync\n"));
2847 return NT_STATUS_SHARING_VIOLATION;
2850 if (!NT_STATUS_IS_OK(fsp_open)) {
2851 if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_RETRY)) {
2852 schedule_async_open(request_time, req);
2857 if (new_file_created) {
2859 * As we atomically create using O_CREAT|O_EXCL,
2860 * then if new_file_created is true, then
2861 * file_existed *MUST* have been false (even
2862 * if the file was previously detected as being
2865 file_existed = false;
2868 if (file_existed && !check_same_dev_ino(&saved_stat, &smb_fname->st)) {
2870 * The file did exist, but some other (local or NFS)
2871 * process either renamed/unlinked and re-created the
2872 * file with different dev/ino after we walked the path,
2873 * but before we did the open. We could retry the
2874 * open but it's a rare enough case it's easier to
2875 * just fail the open to prevent creating any problems
2876 * in the open file db having the wrong dev/ino key.
2879 DEBUG(1,("open_file_ntcreate: file %s - dev/ino mismatch. "
2880 "Old (dev=0x%llu, ino =0x%llu). "
2881 "New (dev=0x%llu, ino=0x%llu). Failing open "
2882 " with NT_STATUS_ACCESS_DENIED.\n",
2883 smb_fname_str_dbg(smb_fname),
2884 (unsigned long long)saved_stat.st_ex_dev,
2885 (unsigned long long)saved_stat.st_ex_ino,
2886 (unsigned long long)smb_fname->st.st_ex_dev,
2887 (unsigned long long)smb_fname->st.st_ex_ino));
2888 return NT_STATUS_ACCESS_DENIED;
2891 old_write_time = smb_fname->st.st_ex_mtime;
2894 * Deal with the race condition where two smbd's detect the
2895 * file doesn't exist and do the create at the same time. One
2896 * of them will win and set a share mode, the other (ie. this
2897 * one) should check if the requested share mode for this
2898 * create is allowed.
2902 * Now the file exists and fsp is successfully opened,
2903 * fsp->dev and fsp->inode are valid and should replace the
2904 * dev=0,inode=0 from a non existent file. Spotted by
2905 * Nadav Danieli <nadavd@exanet.com>. JRA.
2910 lck = get_share_mode_lock(talloc_tos(), id,
2912 smb_fname, &old_write_time);
2915 DEBUG(0, ("open_file_ntcreate: Could not get share "
2916 "mode lock for %s\n",
2917 smb_fname_str_dbg(smb_fname)));
2919 return NT_STATUS_SHARING_VIOLATION;
2922 /* Get the types we need to examine. */
2923 if (!validate_oplock_types(lck)) {
2924 smb_panic("validate_oplock_types failed");
2927 if (has_delete_on_close(lck, fsp->name_hash)) {
2930 return NT_STATUS_DELETE_PENDING;
2933 status = open_mode_check(conn, lck,
2934 access_mask, share_access);
2936 if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
2937 (lck->data->num_share_modes > 0)) {
2939 * This comes from ancient times out of open_mode_check. I
2940 * have no clue whether this is still necessary. I can't think
2941 * of a case where this would actually matter further down in
2942 * this function. I leave it here for further investigation
2945 file_existed = true;
2948 if ((req != NULL) &&
2950 fsp, oplock_request, lease, lck,
2951 NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION),
2952 create_disposition, first_open_attempt)) {
2953 schedule_defer_open(lck, fsp->file_id, request_time, req);
2956 return NT_STATUS_SHARING_VIOLATION;
2959 if (!NT_STATUS_IS_OK(status)) {
2960 uint32_t can_access_mask;
2961 bool can_access = True;
2963 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
2965 /* Check if this can be done with the deny_dos and fcb
2968 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
2969 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
2971 DEBUG(0, ("DOS open without an SMB "
2975 return NT_STATUS_INTERNAL_ERROR;
2978 /* Use the client requested access mask here,
2979 * not the one we open with. */
2980 status = fcb_or_dos_open(req,
2991 if (NT_STATUS_IS_OK(status)) {
2994 *pinfo = FILE_WAS_OPENED;
2996 return NT_STATUS_OK;
3001 * This next line is a subtlety we need for
3002 * MS-Access. If a file open will fail due to share
3003 * permissions and also for security (access) reasons,
3004 * we need to return the access failed error, not the
3005 * share error. We can't open the file due to kernel
3006 * oplock deadlock (it's possible we failed above on
3007 * the open_mode_check()) so use a userspace check.
3010 if (flags & O_RDWR) {
3011 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
3012 } else if (flags & O_WRONLY) {
3013 can_access_mask = FILE_WRITE_DATA;
3015 can_access_mask = FILE_READ_DATA;
3018 if (((can_access_mask & FILE_WRITE_DATA) &&
3019 !CAN_WRITE(conn)) ||
3020 !NT_STATUS_IS_OK(smbd_check_access_rights(conn,
3023 can_access_mask))) {
3028 * If we're returning a share violation, ensure we
3029 * cope with the braindead 1 second delay (SMB1 only).
3032 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
3033 !conn->sconn->using_smb2 &&
3034 lp_defer_sharing_violations()) {
3035 struct timeval timeout;
3036 struct deferred_open_record state;
3039 /* this is a hack to speed up torture tests
3041 timeout_usecs = lp_parm_int(SNUM(conn),
3042 "smbd","sharedelay",
3043 SHARING_VIOLATION_USEC_WAIT);
3045 /* This is a relative time, added to the absolute
3046 request_time value to get the absolute timeout time.
3047 Note that if this is the second or greater time we enter
3048 this codepath for this particular request mid then
3049 request_time is left as the absolute time of the *first*
3050 time this request mid was processed. This is what allows
3051 the request to eventually time out. */
3053 timeout = timeval_set(0, timeout_usecs);
3055 /* Nothing actually uses state.delayed_for_oplocks
3056 but it's handy to differentiate in debug messages
3057 between a 30 second delay due to oplock break, and
3058 a 1 second delay for share mode conflicts. */
3060 state.delayed_for_oplocks = False;
3061 state.async_open = false;
3065 && !request_timed_out(request_time,
3067 defer_open(lck, request_time, timeout,
3076 * We have detected a sharing violation here
3077 * so return the correct error code
3079 status = NT_STATUS_SHARING_VIOLATION;
3081 status = NT_STATUS_ACCESS_DENIED;
3086 /* Should we atomically (to the client at least) truncate ? */
3087 if ((!new_file_created) &&
3088 (flags2 & O_TRUNC) &&
3089 (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode))) {
3092 ret = vfs_set_filelen(fsp, 0);
3094 status = map_nt_error_from_unix(errno);
3102 * We have the share entry *locked*.....
3105 /* Delete streams if create_disposition requires it */
3106 if (!new_file_created && clear_ads(create_disposition) &&
3107 !is_ntfs_stream_smb_fname(smb_fname)) {
3108 status = delete_all_streams(conn, smb_fname);
3109 if (!NT_STATUS_IS_OK(status)) {
3116 /* note that we ignore failure for the following. It is
3117 basically a hack for NFS, and NFS will never set one of
3118 these only read them. Nobody but Samba can ever set a deny
3119 mode and we have already checked our more authoritative
3120 locking database for permission to set this deny mode. If
3121 the kernel refuses the operations then the kernel is wrong.
3122 note that GPFS supports it as well - jmcd */
3124 if (fsp->fh->fd != -1 && lp_kernel_share_modes(SNUM(conn))) {
3127 * Beware: streams implementing VFS modules may
3128 * implement streams in a way that fsp will have the
3129 * basefile open in the fsp fd, so lacking a distinct
3130 * fd for the stream kernel_flock will apply on the
3131 * basefile which is wrong. The actual check is
3132 * deffered to the VFS module implementing the
3133 * kernel_flock call.
3135 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
3136 if(ret_flock == -1 ){
3141 return NT_STATUS_SHARING_VIOLATION;
3144 fsp->kernel_share_modes_taken = true;
3148 * At this point onwards, we can guarantee that the share entry
3149 * is locked, whether we created the file or not, and that the
3150 * deny mode is compatible with all current opens.
3154 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
3155 * but we don't have to store this - just ignore it on access check.
3157 if (conn->sconn->using_smb2) {
3159 * SMB2 doesn't return it (according to Microsoft tests).
3160 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
3161 * File created with access = 0x7 (Read, Write, Delete)
3162 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
3164 fsp->access_mask = access_mask;
3166 /* But SMB1 does. */
3167 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
3172 * stat opens on existing files don't get oplocks.
3173 * They can get leases.
3175 * Note that we check for stat open on the *open_access_mask*,
3176 * i.e. the access mask we actually used to do the open,
3177 * not the one the client asked for (which is in
3178 * fsp->access_mask). This is due to the fact that
3179 * FILE_OVERWRITE and FILE_OVERWRITE_IF add in O_TRUNC,
3180 * which adds FILE_WRITE_DATA to open_access_mask.
3182 if (is_stat_open(open_access_mask) && lease == NULL) {
3183 oplock_request = NO_OPLOCK;
3187 if (new_file_created) {
3188 info = FILE_WAS_CREATED;
3190 if (flags2 & O_TRUNC) {
3191 info = FILE_WAS_OVERWRITTEN;
3193 info = FILE_WAS_OPENED;
3202 * Setup the oplock info in both the shared memory and
3205 status = grant_fsp_oplock_type(req, fsp, lck, oplock_request, lease);
3206 if (!NT_STATUS_IS_OK(status)) {
3212 /* Handle strange delete on close create semantics. */
3213 if (create_options & FILE_DELETE_ON_CLOSE) {
3215 status = can_set_delete_on_close(fsp, new_dos_attributes);
3217 if (!NT_STATUS_IS_OK(status)) {
3218 /* Remember to delete the mode we just added. */
3219 del_share_mode(lck, fsp);
3224 /* Note that here we set the *inital* delete on close flag,
3225 not the regular one. The magic gets handled in close. */
3226 fsp->initial_delete_on_close = True;
3229 if (info != FILE_WAS_OPENED) {
3230 /* Overwritten files should be initially set as archive */
3231 if ((info == FILE_WAS_OVERWRITTEN && lp_map_archive(SNUM(conn))) ||
3232 lp_store_dos_attributes(SNUM(conn))) {
3234 if (file_set_dosmode(conn, smb_fname,
3235 new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
3236 parent_dir, true) == 0) {
3237 unx_mode = smb_fname->st.st_ex_mode;
3243 /* Determine sparse flag. */
3245 /* POSIX opens are sparse by default. */
3246 fsp->is_sparse = true;
3248 fsp->is_sparse = (file_existed &&
3249 (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE));
3253 * Take care of inherited ACLs on created files - if default ACL not
3257 if (!posix_open && new_file_created && !def_acl) {
3259 int saved_errno = errno; /* We might get ENOSYS in the next
3262 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
3264 errno = saved_errno; /* Ignore ENOSYS */
3267 } else if (new_unx_mode) {
3271 /* Attributes need changing. File already existed. */
3274 int saved_errno = errno; /* We might get ENOSYS in the
3276 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
3278 if (ret == -1 && errno == ENOSYS) {
3279 errno = saved_errno; /* Ignore ENOSYS */
3281 DEBUG(5, ("open_file_ntcreate: reset "
3282 "attributes of file %s to 0%o\n",
3283 smb_fname_str_dbg(smb_fname),
3284 (unsigned int)new_unx_mode));
3285 ret = 0; /* Don't do the fchmod below. */
3290 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
3291 DEBUG(5, ("open_file_ntcreate: failed to reset "
3292 "attributes of file %s to 0%o\n",
3293 smb_fname_str_dbg(smb_fname),
3294 (unsigned int)new_unx_mode));
3299 * Deal with other opens having a modified write time.
3301 struct timespec write_time = get_share_mode_write_time(lck);
3303 if (!null_timespec(write_time)) {
3304 update_stat_ex_mtime(&fsp->fsp_name->st, write_time);
3310 return NT_STATUS_OK;
3313 static NTSTATUS mkdir_internal(connection_struct *conn,
3314 struct smb_filename *smb_dname,
3315 uint32_t file_attributes)
3318 char *parent_dir = NULL;
3320 bool posix_open = false;
3321 bool need_re_stat = false;
3322 uint32_t access_mask = SEC_DIR_ADD_SUBDIR;
3324 if (!CAN_WRITE(conn) || (access_mask & ~(conn->share_access))) {
3325 DEBUG(5,("mkdir_internal: failing share access "
3326 "%s\n", lp_servicename(talloc_tos(), SNUM(conn))));
3327 return NT_STATUS_ACCESS_DENIED;
3330 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
3332 return NT_STATUS_NO_MEMORY;
3335 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3337 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
3339 mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, smb_dname, parent_dir);
3342 status = check_parent_access(conn,
3345 if(!NT_STATUS_IS_OK(status)) {
3346 DEBUG(5,("mkdir_internal: check_parent_access "
3347 "on directory %s for path %s returned %s\n",
3349 smb_dname->base_name,
3350 nt_errstr(status) ));
3354 if (SMB_VFS_MKDIR(conn, smb_dname, mode) != 0) {
3355 return map_nt_error_from_unix(errno);
3358 /* Ensure we're checking for a symlink here.... */
3359 /* We don't want to get caught by a symlink racer. */
3361 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
3362 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
3363 smb_fname_str_dbg(smb_dname), strerror(errno)));
3364 return map_nt_error_from_unix(errno);
3367 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
3368 DEBUG(0, ("Directory '%s' just created is not a directory !\n",
3369 smb_fname_str_dbg(smb_dname)));
3370 return NT_STATUS_NOT_A_DIRECTORY;
3373 if (lp_store_dos_attributes(SNUM(conn))) {
3375 file_set_dosmode(conn, smb_dname,
3376 file_attributes | FILE_ATTRIBUTE_DIRECTORY,
3381 if (lp_inherit_permissions(SNUM(conn))) {
3382 inherit_access_posix_acl(conn, parent_dir,
3383 smb_dname->base_name, mode);
3384 need_re_stat = true;
3389 * Check if high bits should have been set,
3390 * then (if bits are missing): add them.
3391 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
3394 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
3395 (mode & ~smb_dname->st.st_ex_mode)) {
3396 SMB_VFS_CHMOD(conn, smb_dname,
3397 (smb_dname->st.st_ex_mode |
3398 (mode & ~smb_dname->st.st_ex_mode)));
3399 need_re_stat = true;
3403 /* Change the owner if required. */
3404 if (lp_inherit_owner(SNUM(conn)) != INHERIT_OWNER_NO) {
3405 change_dir_owner_to_parent(conn, parent_dir,
3406 smb_dname->base_name,
3408 need_re_stat = true;
3412 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
3413 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
3414 smb_fname_str_dbg(smb_dname), strerror(errno)));
3415 return map_nt_error_from_unix(errno);
3419 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
3420 smb_dname->base_name);
3422 return NT_STATUS_OK;
3425 /****************************************************************************
3426 Open a directory from an NT SMB call.
3427 ****************************************************************************/
3429 static NTSTATUS open_directory(connection_struct *conn,
3430 struct smb_request *req,
3431 struct smb_filename *smb_dname,
3432 uint32_t access_mask,
3433 uint32_t share_access,
3434 uint32_t create_disposition,
3435 uint32_t create_options,
3436 uint32_t file_attributes,
3438 files_struct **result)
3440 files_struct *fsp = NULL;
3441 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
3442 struct share_mode_lock *lck = NULL;
3444 struct timespec mtimespec;
3448 if (is_ntfs_stream_smb_fname(smb_dname)) {
3449 DEBUG(2, ("open_directory: %s is a stream name!\n",
3450 smb_fname_str_dbg(smb_dname)));
3451 return NT_STATUS_NOT_A_DIRECTORY;
3454 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
3455 /* Ensure we have a directory attribute. */
3456 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
3459 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
3460 "share_access = 0x%x create_options = 0x%x, "
3461 "create_disposition = 0x%x, file_attributes = 0x%x\n",
3462 smb_fname_str_dbg(smb_dname),
3463 (unsigned int)access_mask,
3464 (unsigned int)share_access,
3465 (unsigned int)create_options,
3466 (unsigned int)create_disposition,
3467 (unsigned int)file_attributes));
3469 status = smbd_calculate_access_mask(conn, smb_dname, false,
3470 access_mask, &access_mask);
3471 if (!NT_STATUS_IS_OK(status)) {
3472 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
3473 "on file %s returned %s\n",
3474 smb_fname_str_dbg(smb_dname),
3475 nt_errstr(status)));
3479 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
3480 !security_token_has_privilege(get_current_nttok(conn),
3481 SEC_PRIV_SECURITY)) {
3482 DEBUG(10, ("open_directory: open on %s "
3483 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3484 smb_fname_str_dbg(smb_dname)));
3485 return NT_STATUS_PRIVILEGE_NOT_HELD;
3488 switch( create_disposition ) {
3492 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3495 info = FILE_WAS_OPENED;
3500 /* If directory exists error. If directory doesn't
3504 status = NT_STATUS_OBJECT_NAME_COLLISION;
3505 DEBUG(2, ("open_directory: unable to create "
3506 "%s. Error was %s\n",
3507 smb_fname_str_dbg(smb_dname),
3508 nt_errstr(status)));
3512 status = mkdir_internal(conn, smb_dname,
3515 if (!NT_STATUS_IS_OK(status)) {
3516 DEBUG(2, ("open_directory: unable to create "
3517 "%s. Error was %s\n",
3518 smb_fname_str_dbg(smb_dname),
3519 nt_errstr(status)));
3523 info = FILE_WAS_CREATED;
3528 * If directory exists open. If directory doesn't
3533 status = NT_STATUS_OK;
3534 info = FILE_WAS_OPENED;
3536 status = mkdir_internal(conn, smb_dname,
3539 if (NT_STATUS_IS_OK(status)) {
3540 info = FILE_WAS_CREATED;
3542 /* Cope with create race. */
3543 if (!NT_STATUS_EQUAL(status,
3544 NT_STATUS_OBJECT_NAME_COLLISION)) {
3545 DEBUG(2, ("open_directory: unable to create "
3546 "%s. Error was %s\n",
3547 smb_fname_str_dbg(smb_dname),
3548 nt_errstr(status)));
3553 * If mkdir_internal() returned
3554 * NT_STATUS_OBJECT_NAME_COLLISION
3555 * we still must lstat the path.
3558 if (SMB_VFS_LSTAT(conn, smb_dname)
3560 DEBUG(2, ("Could not stat "
3561 "directory '%s' just "
3566 return map_nt_error_from_unix(
3570 info = FILE_WAS_OPENED;
3576 case FILE_SUPERSEDE:
3577 case FILE_OVERWRITE:
3578 case FILE_OVERWRITE_IF:
3580 DEBUG(5,("open_directory: invalid create_disposition "
3581 "0x%x for directory %s\n",
3582 (unsigned int)create_disposition,
3583 smb_fname_str_dbg(smb_dname)));
3584 return NT_STATUS_INVALID_PARAMETER;
3587 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
3588 DEBUG(5,("open_directory: %s is not a directory !\n",
3589 smb_fname_str_dbg(smb_dname)));
3590 return NT_STATUS_NOT_A_DIRECTORY;
3593 if (info == FILE_WAS_OPENED) {
3594 status = smbd_check_access_rights(conn,
3598 if (!NT_STATUS_IS_OK(status)) {
3599 DEBUG(10, ("open_directory: smbd_check_access_rights on "
3600 "file %s failed with %s\n",
3601 smb_fname_str_dbg(smb_dname),
3602 nt_errstr(status)));
3607 status = file_new(req, conn, &fsp);
3608 if(!NT_STATUS_IS_OK(status)) {
3613 * Setup the files_struct for it.
3616 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
3617 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
3618 fsp->file_pid = req ? req->smbpid : 0;
3619 fsp->can_lock = False;
3620 fsp->can_read = False;
3621 fsp->can_write = False;
3623 fsp->share_access = share_access;
3624 fsp->fh->private_options = 0;
3626 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
3628 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
3629 fsp->print_file = NULL;
3630 fsp->modified = False;
3631 fsp->oplock_type = NO_OPLOCK;
3632 fsp->sent_oplock_break = NO_BREAK_SENT;
3633 fsp->is_directory = True;
3634 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3635 fsp->posix_flags |= FSP_POSIX_FLAGS_ALL;
3637 status = fsp_set_smb_fname(fsp, smb_dname);
3638 if (!NT_STATUS_IS_OK(status)) {
3639 file_free(req, fsp);
3643 /* Don't store old timestamps for directory
3644 handles in the internal database. We don't
3645 update them in there if new objects
3646 are creaded in the directory. Currently
3647 we only update timestamps on file writes.
3650 ZERO_STRUCT(mtimespec);
3652 if (access_mask & (FILE_LIST_DIRECTORY|
3654 FILE_ADD_SUBDIRECTORY|
3657 FILE_DELETE_CHILD)) {
3659 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
3661 /* POSIX allows us to open a directory with O_RDONLY. */
3662 status = fd_open(conn, fsp, O_RDONLY, 0);
3664 if (!NT_STATUS_IS_OK(status)) {
3665 DEBUG(5, ("open_directory: Could not open fd for "
3667 smb_fname_str_dbg(smb_dname),
3668 nt_errstr(status)));
3669 file_free(req, fsp);
3674 DEBUG(10, ("Not opening Directory %s\n",
3675 smb_fname_str_dbg(smb_dname)));
3678 status = vfs_stat_fsp(fsp);
3679 if (!NT_STATUS_IS_OK(status)) {
3681 file_free(req, fsp);
3685 if(!S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
3686 DEBUG(5,("open_directory: %s is not a directory !\n",
3687 smb_fname_str_dbg(smb_dname)));
3689 file_free(req, fsp);
3690 return NT_STATUS_NOT_A_DIRECTORY;
3693 /* Ensure there was no race condition. We need to check
3694 * dev/inode but not permissions, as these can change
3696 if (!check_same_dev_ino(&smb_dname->st, &fsp->fsp_name->st)) {
3697 DEBUG(5,("open_directory: stat struct differs for "
3699 smb_fname_str_dbg(smb_dname)));
3701 file_free(req, fsp);
3702 return NT_STATUS_ACCESS_DENIED;
3705 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
3706 conn->connectpath, smb_dname,
3710 DEBUG(0, ("open_directory: Could not get share mode lock for "
3711 "%s\n", smb_fname_str_dbg(smb_dname)));
3713 file_free(req, fsp);
3714 return NT_STATUS_SHARING_VIOLATION;
3717 if (has_delete_on_close(lck, fsp->name_hash)) {
3720 file_free(req, fsp);
3721 return NT_STATUS_DELETE_PENDING;
3724 status = open_mode_check(conn, lck,
3725 access_mask, share_access);
3727 if (!NT_STATUS_IS_OK(status)) {
3730 file_free(req, fsp);
3734 ok = set_share_mode(lck, fsp, get_current_uid(conn),
3735 req ? req->mid : 0, NO_OPLOCK,
3740 file_free(req, fsp);
3741 return NT_STATUS_NO_MEMORY;
3744 /* For directories the delete on close bit at open time seems
3745 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
3746 if (create_options & FILE_DELETE_ON_CLOSE) {
3747 status = can_set_delete_on_close(fsp, 0);
3748 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
3749 del_share_mode(lck, fsp);
3752 file_free(req, fsp);
3756 if (NT_STATUS_IS_OK(status)) {
3757 /* Note that here we set the *inital* delete on close flag,
3758 not the regular one. The magic gets handled in close. */
3759 fsp->initial_delete_on_close = True;
3765 * Deal with other opens having a modified write time. Is this
3766 * possible for directories?
3768 struct timespec write_time = get_share_mode_write_time(lck);
3770 if (!null_timespec(write_time)) {
3771 update_stat_ex_mtime(&fsp->fsp_name->st, write_time);
3782 return NT_STATUS_OK;
3785 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
3786 struct smb_filename *smb_dname)
3791 status = SMB_VFS_CREATE_FILE(
3794 0, /* root_dir_fid */
3795 smb_dname, /* fname */
3796 FILE_READ_ATTRIBUTES, /* access_mask */
3797 FILE_SHARE_NONE, /* share_access */
3798 FILE_CREATE, /* create_disposition*/
3799 FILE_DIRECTORY_FILE, /* create_options */
3800 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
3801 0, /* oplock_request */
3803 0, /* allocation_size */
3804 0, /* private_flags */
3809 NULL, NULL); /* create context */
3811 if (NT_STATUS_IS_OK(status)) {
3812 close_file(req, fsp, NORMAL_CLOSE);
3818 /****************************************************************************
3819 Receive notification that one of our open files has been renamed by another
3821 ****************************************************************************/
3823 void msg_file_was_renamed(struct messaging_context *msg,
3826 struct server_id server_id,
3830 char *frm = (char *)data->data;
3832 const char *sharepath;
3833 const char *base_name;
3834 const char *stream_name;
3835 struct smb_filename *smb_fname = NULL;
3836 size_t sp_len, bn_len;
3838 struct smbd_server_connection *sconn =
3839 talloc_get_type_abort(private_data,
3840 struct smbd_server_connection);
3842 if (data->data == NULL
3843 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
3844 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
3845 (int)data->length));
3849 /* Unpack the message. */
3850 pull_file_id_24(frm, &id);
3851 sharepath = &frm[24];
3852 sp_len = strlen(sharepath);
3853 base_name = sharepath + sp_len + 1;
3854 bn_len = strlen(base_name);
3855 stream_name = sharepath + sp_len + 1 + bn_len + 1;
3857 /* stream_name must always be NULL if there is no stream. */
3858 if (stream_name[0] == '\0') {
3862 smb_fname = synthetic_smb_fname(talloc_tos(),
3867 if (smb_fname == NULL) {
3871 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
3873 sharepath, smb_fname_str_dbg(smb_fname),
3874 file_id_string_tos(&id)));
3876 for(fsp = file_find_di_first(sconn, id); fsp;
3877 fsp = file_find_di_next(fsp)) {
3878 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
3880 DEBUG(10,("msg_file_was_renamed: renaming file %s from %s -> %s\n",
3881 fsp_fnum_dbg(fsp), fsp_str_dbg(fsp),
3882 smb_fname_str_dbg(smb_fname)));
3883 status = fsp_set_smb_fname(fsp, smb_fname);
3884 if (!NT_STATUS_IS_OK(status)) {
3889 /* Now we have the complete path we can work out if this is
3890 actually within this share and adjust newname accordingly. */
3891 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
3892 "not sharepath %s) "
3893 "%s from %s -> %s\n",
3894 fsp->conn->connectpath,
3898 smb_fname_str_dbg(smb_fname)));
3902 TALLOC_FREE(smb_fname);
3907 * If a main file is opened for delete, all streams need to be checked for
3908 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
3909 * If that works, delete them all by setting the delete on close and close.
3912 static NTSTATUS open_streams_for_delete(connection_struct *conn,
3913 const struct smb_filename *smb_fname)
3915 struct stream_struct *stream_info = NULL;
3916 files_struct **streams = NULL;
3918 unsigned int num_streams = 0;
3919 TALLOC_CTX *frame = talloc_stackframe();
3922 status = vfs_streaminfo(conn, NULL, smb_fname, talloc_tos(),
3923 &num_streams, &stream_info);
3925 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
3926 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
3927 DEBUG(10, ("no streams around\n"));
3929 return NT_STATUS_OK;
3932 if (!NT_STATUS_IS_OK(status)) {
3933 DEBUG(10, ("vfs_streaminfo failed: %s\n",
3934 nt_errstr(status)));
3938 DEBUG(10, ("open_streams_for_delete found %d streams\n",
3941 if (num_streams == 0) {
3943 return NT_STATUS_OK;
3946 streams = talloc_array(talloc_tos(), files_struct *, num_streams);
3947 if (streams == NULL) {
3948 DEBUG(0, ("talloc failed\n"));
3949 status = NT_STATUS_NO_MEMORY;
3953 for (i=0; i<num_streams; i++) {
3954 struct smb_filename *smb_fname_cp;
3956 if (strequal(stream_info[i].name, "::$DATA")) {
3961 smb_fname_cp = synthetic_smb_fname(talloc_tos(),
3962 smb_fname->base_name,
3963 stream_info[i].name,
3966 ~SMB_FILENAME_POSIX_PATH));
3967 if (smb_fname_cp == NULL) {
3968 status = NT_STATUS_NO_MEMORY;
3972 if (SMB_VFS_STAT(conn, smb_fname_cp) == -1) {
3973 DEBUG(10, ("Unable to stat stream: %s\n",
3974 smb_fname_str_dbg(smb_fname_cp)));
3977 status = SMB_VFS_CREATE_FILE(
3980 0, /* root_dir_fid */
3981 smb_fname_cp, /* fname */
3982 DELETE_ACCESS, /* access_mask */
3983 (FILE_SHARE_READ | /* share_access */
3984 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
3985 FILE_OPEN, /* create_disposition*/
3986 0, /* create_options */
3987 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
3988 0, /* oplock_request */
3990 0, /* allocation_size */
3991 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
3994 &streams[i], /* result */
3996 NULL, NULL); /* create context */
3998 if (!NT_STATUS_IS_OK(status)) {
3999 DEBUG(10, ("Could not open stream %s: %s\n",
4000 smb_fname_str_dbg(smb_fname_cp),
4001 nt_errstr(status)));
4003 TALLOC_FREE(smb_fname_cp);
4006 TALLOC_FREE(smb_fname_cp);
4010 * don't touch the variable "status" beyond this point :-)
4013 for (i -= 1 ; i >= 0; i--) {
4014 if (streams[i] == NULL) {
4018 DEBUG(10, ("Closing stream # %d, %s\n", i,
4019 fsp_str_dbg(streams[i])));
4020 close_file(NULL, streams[i], NORMAL_CLOSE);
4028 /*********************************************************************
4029 Create a default ACL by inheriting from the parent. If no inheritance
4030 from the parent available, don't set anything. This will leave the actual
4031 permissions the new file or directory already got from the filesystem
4032 as the NT ACL when read.
4033 *********************************************************************/
4035 static NTSTATUS inherit_new_acl(files_struct *fsp)
4037 TALLOC_CTX *frame = talloc_stackframe();
4038 char *parent_name = NULL;
4039 struct security_descriptor *parent_desc = NULL;
4040 NTSTATUS status = NT_STATUS_OK;
4041 struct security_descriptor *psd = NULL;
4042 const struct dom_sid *owner_sid = NULL;
4043 const struct dom_sid *group_sid = NULL;
4044 uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
4045 struct security_token *token = fsp->conn->session_info->security_token;
4046 bool inherit_owner =
4047 (lp_inherit_owner(SNUM(fsp->conn)) == INHERIT_OWNER_WINDOWS_AND_UNIX);
4048 bool inheritable_components = false;
4049 bool try_builtin_administrators = false;
4050 const struct dom_sid *BA_U_sid = NULL;
4051 const struct dom_sid *BA_G_sid = NULL;
4052 bool try_system = false;
4053 const struct dom_sid *SY_U_sid = NULL;
4054 const struct dom_sid *SY_G_sid = NULL;
4056 struct smb_filename *parent_smb_fname = NULL;
4058 if (!parent_dirname(frame, fsp->fsp_name->base_name, &parent_name, NULL)) {
4060 return NT_STATUS_NO_MEMORY;
4062 parent_smb_fname = synthetic_smb_fname(talloc_tos(),
4066 fsp->fsp_name->flags);
4068 if (parent_smb_fname == NULL) {
4070 return NT_STATUS_NO_MEMORY;
4073 status = SMB_VFS_GET_NT_ACL(fsp->conn,
4075 (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
4078 if (!NT_STATUS_IS_OK(status)) {
4083 inheritable_components = sd_has_inheritable_components(parent_desc,
4086 if (!inheritable_components && !inherit_owner) {
4088 /* Nothing to inherit and not setting owner. */
4089 return NT_STATUS_OK;
4092 /* Create an inherited descriptor from the parent. */
4094 if (DEBUGLEVEL >= 10) {
4095 DEBUG(10,("inherit_new_acl: parent acl for %s is:\n",
4096 fsp_str_dbg(fsp) ));
4097 NDR_PRINT_DEBUG(security_descriptor, parent_desc);
4100 /* Inherit from parent descriptor if "inherit owner" set. */
4101 if (inherit_owner) {
4102 owner_sid = parent_desc->owner_sid;
4103 group_sid = parent_desc->group_sid;
4106 if (owner_sid == NULL) {
4107 if (security_token_has_builtin_administrators(token)) {
4108 try_builtin_administrators = true;
4109 } else if (security_token_is_system(token)) {
4110 try_builtin_administrators = true;
4115 if (group_sid == NULL &&
4116 token->num_sids == PRIMARY_GROUP_SID_INDEX)
4118 if (security_token_is_system(token)) {
4119 try_builtin_administrators = true;
4124 if (try_builtin_administrators) {
4129 ok = sids_to_unixids(&global_sid_Builtin_Administrators, 1, &ids);
4133 BA_U_sid = &global_sid_Builtin_Administrators;
4134 BA_G_sid = &global_sid_Builtin_Administrators;
4137 BA_U_sid = &global_sid_Builtin_Administrators;
4140 BA_G_sid = &global_sid_Builtin_Administrators;
4153 ok = sids_to_unixids(&global_sid_System, 1, &ids);
4157 SY_U_sid = &global_sid_System;
4158 SY_G_sid = &global_sid_System;
4161 SY_U_sid = &global_sid_System;
4164 SY_G_sid = &global_sid_System;
4172 if (owner_sid == NULL) {
4173 owner_sid = BA_U_sid;
4176 if (owner_sid == NULL) {
4177 owner_sid = SY_U_sid;
4180 if (group_sid == NULL) {
4181 group_sid = SY_G_sid;
4184 if (try_system && group_sid == NULL) {
4185 group_sid = BA_G_sid;
4188 if (owner_sid == NULL) {
4189 owner_sid = &token->sids[PRIMARY_USER_SID_INDEX];
4191 if (group_sid == NULL) {
4192 if (token->num_sids == PRIMARY_GROUP_SID_INDEX) {
4193 group_sid = &token->sids[PRIMARY_USER_SID_INDEX];
4195 group_sid = &token->sids[PRIMARY_GROUP_SID_INDEX];
4199 status = se_create_child_secdesc(frame,
4206 if (!NT_STATUS_IS_OK(status)) {
4211 /* If inheritable_components == false,
4212 se_create_child_secdesc()
4213 creates a security desriptor with a NULL dacl
4214 entry, but with SEC_DESC_DACL_PRESENT. We need
4215 to remove that flag. */
4217 if (!inheritable_components) {
4218 security_info_sent &= ~SECINFO_DACL;
4219 psd->type &= ~SEC_DESC_DACL_PRESENT;
4222 if (DEBUGLEVEL >= 10) {
4223 DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
4224 fsp_str_dbg(fsp) ));
4225 NDR_PRINT_DEBUG(security_descriptor, psd);
4228 if (inherit_owner) {
4229 /* We need to be root to force this. */
4232 status = SMB_VFS_FSET_NT_ACL(fsp,
4235 if (inherit_owner) {
4243 * If we already have a lease, it must match the new file id. [MS-SMB2]
4244 * 3.3.5.9.8 speaks about INVALID_PARAMETER if an already used lease key is
4245 * used for a different file name.
4248 struct lease_match_state {
4249 /* Input parameters. */
4250 TALLOC_CTX *mem_ctx;
4251 const char *servicepath;
4252 const struct smb_filename *fname;
4255 /* Return parameters. */
4256 uint32_t num_file_ids;
4257 struct file_id *ids;
4258 NTSTATUS match_status;
4261 /*************************************************************
4262 File doesn't exist but this lease key+guid is already in use.
4264 This is only allowable in the dynamic share case where the
4265 service path must be different.
4267 There is a small race condition here in the multi-connection
4268 case where a client sends two create calls on different connections,
4269 where the file doesn't exist and one smbd creates the leases_db
4270 entry first, but this will get fixed by the multichannel cleanup
4271 when all identical client_guids get handled by a single smbd.
4272 **************************************************************/
4274 static void lease_match_parser_new_file(
4276 const struct leases_db_file *files,
4277 struct lease_match_state *state)
4281 for (i = 0; i < num_files; i++) {
4282 const struct leases_db_file *f = &files[i];
4283 if (strequal(state->servicepath, f->servicepath)) {
4284 state->match_status = NT_STATUS_INVALID_PARAMETER;
4289 /* Dynamic share case. Break leases on all other files. */
4290 state->match_status = leases_db_copy_file_ids(state->mem_ctx,
4294 if (!NT_STATUS_IS_OK(state->match_status)) {
4298 state->num_file_ids = num_files;
4299 state->match_status = NT_STATUS_OPLOCK_NOT_GRANTED;
4303 static void lease_match_parser(
4305 const struct leases_db_file *files,
4308 struct lease_match_state *state =
4309 (struct lease_match_state *)private_data;
4312 if (!state->file_existed) {
4314 * Deal with name mismatch or
4315 * possible dynamic share case separately
4316 * to make code clearer.
4318 lease_match_parser_new_file(num_files,
4325 state->match_status = NT_STATUS_OK;
4327 for (i = 0; i < num_files; i++) {
4328 const struct leases_db_file *f = &files[i];
4330 /* Everything should be the same. */
4331 if (!file_id_equal(&state->id, &f->id)) {
4332 /* This should catch all dynamic share cases. */
4333 state->match_status = NT_STATUS_OPLOCK_NOT_GRANTED;
4336 if (!strequal(f->servicepath, state->servicepath)) {
4337 state->match_status = NT_STATUS_INVALID_PARAMETER;
4340 if (!strequal(f->base_name, state->fname->base_name)) {
4341 state->match_status = NT_STATUS_INVALID_PARAMETER;
4344 if (!strequal(f->stream_name, state->fname->stream_name)) {
4345 state->match_status = NT_STATUS_INVALID_PARAMETER;
4350 if (NT_STATUS_IS_OK(state->match_status)) {
4352 * Common case - just opening another handle on a
4353 * file on a non-dynamic share.
4358 if (NT_STATUS_EQUAL(state->match_status, NT_STATUS_INVALID_PARAMETER)) {
4359 /* Mismatched path. Error back to client. */
4364 * File id mismatch. Dynamic share case NT_STATUS_OPLOCK_NOT_GRANTED.
4365 * Don't allow leases.
4368 state->match_status = leases_db_copy_file_ids(state->mem_ctx,
4372 if (!NT_STATUS_IS_OK(state->match_status)) {
4376 state->num_file_ids = num_files;
4377 state->match_status = NT_STATUS_OPLOCK_NOT_GRANTED;
4381 static NTSTATUS lease_match(connection_struct *conn,
4382 struct smb_request *req,
4383 struct smb2_lease_key *lease_key,
4384 const char *servicepath,
4385 const struct smb_filename *fname,
4386 uint16_t *p_version,
4389 struct smbd_server_connection *sconn = req->sconn;
4390 TALLOC_CTX *tos = talloc_tos();
4391 struct lease_match_state state = {
4393 .servicepath = servicepath,
4395 .match_status = NT_STATUS_OK
4400 state.file_existed = VALID_STAT(fname->st);
4401 if (state.file_existed) {
4402 state.id = vfs_file_id_from_sbuf(conn, &fname->st);
4404 memset(&state.id, '\0', sizeof(state.id));
4407 status = leases_db_parse(&sconn->client->connections->smb2.client.guid,
4408 lease_key, lease_match_parser, &state);
4409 if (!NT_STATUS_IS_OK(status)) {
4411 * Not found or error means okay: We can make the lease pass
4413 return NT_STATUS_OK;
4415 if (!NT_STATUS_EQUAL(state.match_status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
4417 * Anything but NT_STATUS_OPLOCK_NOT_GRANTED, let the caller
4420 return state.match_status;
4423 /* We have to break all existing leases. */
4424 for (i = 0; i < state.num_file_ids; i++) {
4425 struct share_mode_lock *lck;
4426 struct share_mode_data *d;
4429 if (file_id_equal(&state.ids[i], &state.id)) {
4430 /* Don't need to break our own file. */
4434 lck = get_existing_share_mode_lock(talloc_tos(), state.ids[i]);
4436 /* Race condition - file already closed. */
4440 for (j=0; j<d->num_share_modes; j++) {
4441 struct share_mode_entry *e = &d->share_modes[j];
4442 uint32_t e_lease_type = get_lease_type(d, e);
4443 struct share_mode_lease *l = NULL;
4445 if (share_mode_stale_pid(d, j)) {
4449 if (e->op_type == LEASE_OPLOCK) {
4450 l = &lck->data->leases[e->lease_idx];
4451 if (!smb2_lease_key_equal(&l->lease_key,
4455 *p_epoch = l->epoch;
4456 *p_version = l->lease_version;
4459 if (e_lease_type == SMB2_LEASE_NONE) {
4463 send_break_message(conn->sconn->msg_ctx, e,
4467 * Windows 7 and 8 lease clients
4468 * are broken in that they will not
4469 * respond to lease break requests
4470 * whilst waiting for an outstanding
4471 * open request on that lease handle
4472 * on the same TCP connection, due
4473 * to holding an internal inode lock.
4475 * This means we can't reschedule
4476 * ourselves here, but must return
4481 * Send the breaks and then return
4482 * SMB2_LEASE_NONE in the lease handle
4483 * to cause them to acknowledge the
4484 * lease break. Consulatation with
4485 * Microsoft engineering confirmed
4486 * this approach is safe.
4493 * Ensure we don't grant anything more so we
4496 return NT_STATUS_OPLOCK_NOT_GRANTED;
4500 * Wrapper around open_file_ntcreate and open_directory
4503 static NTSTATUS create_file_unixpath(connection_struct *conn,
4504 struct smb_request *req,
4505 struct smb_filename *smb_fname,
4506 uint32_t access_mask,
4507 uint32_t share_access,
4508 uint32_t create_disposition,
4509 uint32_t create_options,
4510 uint32_t file_attributes,
4511 uint32_t oplock_request,
4512 struct smb2_lease *lease,
4513 uint64_t allocation_size,
4514 uint32_t private_flags,
4515 struct security_descriptor *sd,
4516 struct ea_list *ea_list,
4518 files_struct **result,
4521 int info = FILE_WAS_OPENED;
4522 files_struct *base_fsp = NULL;
4523 files_struct *fsp = NULL;
4526 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
4527 "file_attributes = 0x%x, share_access = 0x%x, "
4528 "create_disposition = 0x%x create_options = 0x%x "
4529 "oplock_request = 0x%x private_flags = 0x%x "
4530 "ea_list = 0x%p, sd = 0x%p, "
4532 (unsigned int)access_mask,
4533 (unsigned int)file_attributes,
4534 (unsigned int)share_access,
4535 (unsigned int)create_disposition,
4536 (unsigned int)create_options,
4537 (unsigned int)oplock_request,
4538 (unsigned int)private_flags,
4539 ea_list, sd, smb_fname_str_dbg(smb_fname)));
4541 if (create_options & FILE_OPEN_BY_FILE_ID) {
4542 status = NT_STATUS_NOT_SUPPORTED;
4546 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
4547 status = NT_STATUS_INVALID_PARAMETER;
4552 oplock_request |= INTERNAL_OPEN_ONLY;
4555 if (lease != NULL) {
4556 uint16_t epoch = lease->lease_epoch;
4557 uint16_t version = lease->lease_version;
4558 status = lease_match(conn,
4565 if (NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
4566 /* Dynamic share file. No leases and update epoch... */
4567 lease->lease_state = SMB2_LEASE_NONE;
4568 lease->lease_epoch = epoch;
4569 lease->lease_version = version;
4570 } else if (!NT_STATUS_IS_OK(status)) {
4575 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
4576 && (access_mask & DELETE_ACCESS)
4577 && !is_ntfs_stream_smb_fname(smb_fname)) {
4579 * We can't open a file with DELETE access if any of the
4580 * streams is open without FILE_SHARE_DELETE
4582 status = open_streams_for_delete(conn, smb_fname);
4584 if (!NT_STATUS_IS_OK(status)) {
4589 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
4590 !security_token_has_privilege(get_current_nttok(conn),
4591 SEC_PRIV_SECURITY)) {
4592 DEBUG(10, ("create_file_unixpath: open on %s "
4593 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
4594 smb_fname_str_dbg(smb_fname)));
4595 status = NT_STATUS_PRIVILEGE_NOT_HELD;
4599 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
4600 && is_ntfs_stream_smb_fname(smb_fname)
4601 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
4602 uint32_t base_create_disposition;
4603 struct smb_filename *smb_fname_base = NULL;
4605 if (create_options & FILE_DIRECTORY_FILE) {
4606 status = NT_STATUS_NOT_A_DIRECTORY;
4610 switch (create_disposition) {
4612 base_create_disposition = FILE_OPEN;
4615 base_create_disposition = FILE_OPEN_IF;
4619 /* Create an smb_filename with stream_name == NULL. */
4620 smb_fname_base = synthetic_smb_fname(talloc_tos(),
4621 smb_fname->base_name,
4625 if (smb_fname_base == NULL) {
4626 status = NT_STATUS_NO_MEMORY;
4630 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
4631 DEBUG(10, ("Unable to stat stream: %s\n",
4632 smb_fname_str_dbg(smb_fname_base)));
4635 * https://bugzilla.samba.org/show_bug.cgi?id=10229
4636 * We need to check if the requested access mask
4637 * could be used to open the underlying file (if
4638 * it existed), as we're passing in zero for the
4639 * access mask to the base filename.
4641 status = check_base_file_access(conn,
4645 if (!NT_STATUS_IS_OK(status)) {
4646 DEBUG(10, ("Permission check "
4647 "for base %s failed: "
4648 "%s\n", smb_fname->base_name,
4649 nt_errstr(status)));
4654 /* Open the base file. */
4655 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
4658 | FILE_SHARE_DELETE,
4659 base_create_disposition,
4660 0, 0, 0, NULL, 0, 0, NULL, NULL,
4662 TALLOC_FREE(smb_fname_base);
4664 if (!NT_STATUS_IS_OK(status)) {
4665 DEBUG(10, ("create_file_unixpath for base %s failed: "
4666 "%s\n", smb_fname->base_name,
4667 nt_errstr(status)));
4670 /* we don't need the low level fd */
4675 * If it's a request for a directory open, deal with it separately.
4678 if (create_options & FILE_DIRECTORY_FILE) {
4680 if (create_options & FILE_NON_DIRECTORY_FILE) {
4681 status = NT_STATUS_INVALID_PARAMETER;
4685 /* Can't open a temp directory. IFS kit test. */
4686 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
4687 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
4688 status = NT_STATUS_INVALID_PARAMETER;
4693 * We will get a create directory here if the Win32
4694 * app specified a security descriptor in the
4695 * CreateDirectory() call.
4699 status = open_directory(
4700 conn, req, smb_fname, access_mask, share_access,
4701 create_disposition, create_options, file_attributes,
4706 * Ordinary file case.
4709 status = file_new(req, conn, &fsp);
4710 if(!NT_STATUS_IS_OK(status)) {
4714 status = fsp_set_smb_fname(fsp, smb_fname);
4715 if (!NT_STATUS_IS_OK(status)) {
4721 * We're opening the stream element of a
4722 * base_fsp we already opened. Set up the
4725 fsp->base_fsp = base_fsp;
4728 if (allocation_size) {
4729 fsp->initial_allocation_size = smb_roundup(fsp->conn,
4733 status = open_file_ntcreate(conn,
4746 if(!NT_STATUS_IS_OK(status)) {
4747 file_free(req, fsp);
4751 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
4753 /* A stream open never opens a directory */
4756 status = NT_STATUS_FILE_IS_A_DIRECTORY;
4761 * Fail the open if it was explicitly a non-directory
4765 if (create_options & FILE_NON_DIRECTORY_FILE) {
4766 status = NT_STATUS_FILE_IS_A_DIRECTORY;
4771 status = open_directory(
4772 conn, req, smb_fname, access_mask,
4773 share_access, create_disposition,
4774 create_options, file_attributes,
4779 if (!NT_STATUS_IS_OK(status)) {
4783 fsp->base_fsp = base_fsp;
4785 if ((ea_list != NULL) &&
4786 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
4787 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
4788 if (!NT_STATUS_IS_OK(status)) {
4793 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
4794 status = NT_STATUS_ACCESS_DENIED;
4798 /* Save the requested allocation size. */
4799 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
4800 if ((allocation_size > fsp->fsp_name->st.st_ex_size)
4801 && !(fsp->is_directory))
4803 fsp->initial_allocation_size = smb_roundup(
4804 fsp->conn, allocation_size);
4805 if (vfs_allocate_file_space(
4806 fsp, fsp->initial_allocation_size) == -1) {
4807 status = NT_STATUS_DISK_FULL;
4811 fsp->initial_allocation_size = smb_roundup(
4812 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
4815 fsp->initial_allocation_size = 0;
4818 if ((info == FILE_WAS_CREATED) && lp_nt_acl_support(SNUM(conn)) &&
4819 fsp->base_fsp == NULL) {
4822 * According to the MS documentation, the only time the security
4823 * descriptor is applied to the opened file is iff we *created* the
4824 * file; an existing file stays the same.
4826 * Also, it seems (from observation) that you can open the file with
4827 * any access mask but you can still write the sd. We need to override
4828 * the granted access before we call set_sd
4829 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
4832 uint32_t sec_info_sent;
4833 uint32_t saved_access_mask = fsp->access_mask;
4835 sec_info_sent = get_sec_info(sd);
4837 fsp->access_mask = FILE_GENERIC_ALL;
4839 if (sec_info_sent & (SECINFO_OWNER|
4843 status = set_sd(fsp, sd, sec_info_sent);
4846 fsp->access_mask = saved_access_mask;
4848 if (!NT_STATUS_IS_OK(status)) {
4851 } else if (lp_inherit_acls(SNUM(conn))) {
4852 /* Inherit from parent. Errors here are not fatal. */
4853 status = inherit_new_acl(fsp);
4854 if (!NT_STATUS_IS_OK(status)) {
4855 DEBUG(10,("inherit_new_acl: failed for %s with %s\n",
4857 nt_errstr(status) ));
4862 if ((conn->fs_capabilities & FILE_FILE_COMPRESSION)
4863 && (create_options & FILE_NO_COMPRESSION)
4864 && (info == FILE_WAS_CREATED)) {
4865 status = SMB_VFS_SET_COMPRESSION(conn, fsp, fsp,
4866 COMPRESSION_FORMAT_NONE);
4867 if (!NT_STATUS_IS_OK(status)) {
4868 DEBUG(1, ("failed to disable compression: %s\n",
4869 nt_errstr(status)));
4873 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
4876 if (pinfo != NULL) {
4880 smb_fname->st = fsp->fsp_name->st;
4882 return NT_STATUS_OK;
4885 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
4888 if (base_fsp && fsp->base_fsp == base_fsp) {
4890 * The close_file below will close
4895 close_file(req, fsp, ERROR_CLOSE);
4898 if (base_fsp != NULL) {
4899 close_file(req, base_fsp, ERROR_CLOSE);
4906 * Calculate the full path name given a relative fid.
4908 NTSTATUS get_relative_fid_filename(connection_struct *conn,
4909 struct smb_request *req,
4910 uint16_t root_dir_fid,
4911 const struct smb_filename *smb_fname,
4912 struct smb_filename **smb_fname_out)
4914 files_struct *dir_fsp;
4915 char *parent_fname = NULL;
4916 char *new_base_name = NULL;
4917 uint32_t ucf_flags = ((req != NULL && req->posix_pathnames) ?
4918 UCF_POSIX_PATHNAMES : 0);
4921 if (root_dir_fid == 0 || !smb_fname) {
4922 status = NT_STATUS_INTERNAL_ERROR;
4926 dir_fsp = file_fsp(req, root_dir_fid);
4928 if (dir_fsp == NULL) {
4929 status = NT_STATUS_INVALID_HANDLE;
4933 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
4934 status = NT_STATUS_INVALID_HANDLE;
4938 if (!dir_fsp->is_directory) {
4941 * Check to see if this is a mac fork of some kind.
4944 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
4945 is_ntfs_stream_smb_fname(smb_fname)) {
4946 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
4951 we need to handle the case when we get a
4952 relative open relative to a file and the
4953 pathname is blank - this is a reopen!
4954 (hint from demyn plantenberg)
4957 status = NT_STATUS_INVALID_HANDLE;
4961 if (ISDOT(dir_fsp->fsp_name->base_name)) {
4963 * We're at the toplevel dir, the final file name
4964 * must not contain ./, as this is filtered out
4965 * normally by srvstr_get_path and unix_convert
4966 * explicitly rejects paths containing ./.
4968 parent_fname = talloc_strdup(talloc_tos(), "");
4969 if (parent_fname == NULL) {
4970 status = NT_STATUS_NO_MEMORY;
4974 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
4977 * Copy in the base directory name.
4980 parent_fname = talloc_array(talloc_tos(), char,
4982 if (parent_fname == NULL) {
4983 status = NT_STATUS_NO_MEMORY;
4986 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
4990 * Ensure it ends in a '/'.
4991 * We used TALLOC_SIZE +2 to add space for the '/'.
4995 && (parent_fname[dir_name_len-1] != '\\')
4996 && (parent_fname[dir_name_len-1] != '/')) {
4997 parent_fname[dir_name_len] = '/';
4998 parent_fname[dir_name_len+1] = '\0';
5002 new_base_name = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
5003 smb_fname->base_name);
5004 if (new_base_name == NULL) {
5005 status = NT_STATUS_NO_MEMORY;
5009 status = filename_convert(req,
5011 req->flags2 & FLAGS2_DFS_PATHNAMES,
5016 if (!NT_STATUS_IS_OK(status)) {
5021 TALLOC_FREE(parent_fname);
5022 TALLOC_FREE(new_base_name);
5026 NTSTATUS create_file_default(connection_struct *conn,
5027 struct smb_request *req,
5028 uint16_t root_dir_fid,
5029 struct smb_filename *smb_fname,
5030 uint32_t access_mask,
5031 uint32_t share_access,
5032 uint32_t create_disposition,
5033 uint32_t create_options,
5034 uint32_t file_attributes,
5035 uint32_t oplock_request,
5036 struct smb2_lease *lease,
5037 uint64_t allocation_size,
5038 uint32_t private_flags,
5039 struct security_descriptor *sd,
5040 struct ea_list *ea_list,
5041 files_struct **result,
5043 const struct smb2_create_blobs *in_context_blobs,
5044 struct smb2_create_blobs *out_context_blobs)
5046 int info = FILE_WAS_OPENED;
5047 files_struct *fsp = NULL;
5049 bool stream_name = false;
5051 DEBUG(10,("create_file: access_mask = 0x%x "
5052 "file_attributes = 0x%x, share_access = 0x%x, "
5053 "create_disposition = 0x%x create_options = 0x%x "
5054 "oplock_request = 0x%x "
5055 "private_flags = 0x%x "
5056 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
5058 (unsigned int)access_mask,
5059 (unsigned int)file_attributes,
5060 (unsigned int)share_access,
5061 (unsigned int)create_disposition,
5062 (unsigned int)create_options,
5063 (unsigned int)oplock_request,
5064 (unsigned int)private_flags,
5065 (unsigned int)root_dir_fid,
5066 ea_list, sd, smb_fname_str_dbg(smb_fname)));
5069 * Calculate the filename from the root_dir_if if necessary.
5072 if (root_dir_fid != 0) {
5073 struct smb_filename *smb_fname_out = NULL;
5074 status = get_relative_fid_filename(conn, req, root_dir_fid,
5075 smb_fname, &smb_fname_out);
5076 if (!NT_STATUS_IS_OK(status)) {
5079 smb_fname = smb_fname_out;
5083 * Check to see if this is a mac fork of some kind.
5086 stream_name = is_ntfs_stream_smb_fname(smb_fname);
5088 enum FAKE_FILE_TYPE fake_file_type;
5090 fake_file_type = is_fake_file(smb_fname);
5092 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
5095 * Here we go! support for changing the disk quotas
5098 * We need to fake up to open this MAGIC QUOTA file
5099 * and return a valid FID.
5101 * w2k close this file directly after openening xp
5102 * also tries a QUERY_FILE_INFO on the file and then
5105 status = open_fake_file(req, conn, req->vuid,
5106 fake_file_type, smb_fname,
5108 if (!NT_STATUS_IS_OK(status)) {
5112 ZERO_STRUCT(smb_fname->st);
5116 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
5117 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5122 if (is_ntfs_default_stream_smb_fname(smb_fname)) {
5124 smb_fname->stream_name = NULL;
5125 /* We have to handle this error here. */
5126 if (create_options & FILE_DIRECTORY_FILE) {
5127 status = NT_STATUS_NOT_A_DIRECTORY;
5130 if (req != NULL && req->posix_pathnames) {
5131 ret = SMB_VFS_LSTAT(conn, smb_fname);
5133 ret = SMB_VFS_STAT(conn, smb_fname);
5136 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) {
5137 status = NT_STATUS_FILE_IS_A_DIRECTORY;
5142 status = create_file_unixpath(
5143 conn, req, smb_fname, access_mask, share_access,
5144 create_disposition, create_options, file_attributes,
5145 oplock_request, lease, allocation_size, private_flags,
5149 if (!NT_STATUS_IS_OK(status)) {
5154 DEBUG(10, ("create_file: info=%d\n", info));
5157 if (pinfo != NULL) {
5160 return NT_STATUS_OK;
5163 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
5166 close_file(req, fsp, ERROR_CLOSE);