2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
7 Copyright (C) Ralph Boehme 2017
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "system/filesys.h"
25 #include "lib/util/server_id.h"
27 #include "smbd/smbd.h"
28 #include "smbd/globals.h"
29 #include "fake_file.h"
30 #include "../libcli/security/security.h"
31 #include "../librpc/gen_ndr/ndr_security.h"
32 #include "../librpc/gen_ndr/open_files.h"
33 #include "../librpc/gen_ndr/idmap.h"
34 #include "../librpc/gen_ndr/ioctl.h"
35 #include "passdb/lookup_sid.h"
39 #include "source3/lib/dbwrap/dbwrap_watch.h"
40 #include "locking/leases_db.h"
41 #include "librpc/gen_ndr/ndr_leases_db.h"
43 extern const struct generic_mapping file_generic_mapping;
45 struct deferred_open_record {
46 bool delayed_for_oplocks;
51 * Timer for async opens, needed because they don't use a watch on
52 * a locking.tdb record. This is currently only used for real async
53 * opens and just terminates smbd if the async open times out.
55 struct tevent_timer *te;
58 /****************************************************************************
59 If the requester wanted DELETE_ACCESS and was rejected because
60 the file ACL didn't include DELETE_ACCESS, see if the parent ACL
62 ****************************************************************************/
64 static bool parent_override_delete(connection_struct *conn,
65 const struct smb_filename *smb_fname,
67 uint32_t rejected_mask)
69 if ((access_mask & DELETE_ACCESS) &&
70 (rejected_mask & DELETE_ACCESS) &&
71 can_delete_file_in_directory(conn, smb_fname)) {
77 /****************************************************************************
78 Check if we have open rights.
79 ****************************************************************************/
81 NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
82 const struct smb_filename *smb_fname,
86 /* Check if we have rights to open. */
88 struct security_descriptor *sd = NULL;
89 uint32_t rejected_share_access;
90 uint32_t rejected_mask = access_mask;
91 uint32_t do_not_check_mask = 0;
93 rejected_share_access = access_mask & ~(conn->share_access);
95 if (rejected_share_access) {
96 DEBUG(10, ("smbd_check_access_rights: rejected share access 0x%x "
98 (unsigned int)access_mask,
99 smb_fname_str_dbg(smb_fname),
100 (unsigned int)rejected_share_access ));
101 return NT_STATUS_ACCESS_DENIED;
104 if (!use_privs && get_current_uid(conn) == (uid_t)0) {
105 /* I'm sorry sir, I didn't know you were root... */
106 DEBUG(10,("smbd_check_access_rights: root override "
107 "on %s. Granting 0x%x\n",
108 smb_fname_str_dbg(smb_fname),
109 (unsigned int)access_mask ));
113 if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
114 DEBUG(10,("smbd_check_access_rights: not checking ACL "
115 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
116 smb_fname_str_dbg(smb_fname),
117 (unsigned int)access_mask ));
121 if (access_mask == DELETE_ACCESS &&
122 VALID_STAT(smb_fname->st) &&
123 S_ISLNK(smb_fname->st.st_ex_mode)) {
124 /* We can always delete a symlink. */
125 DEBUG(10,("smbd_check_access_rights: not checking ACL "
126 "on DELETE_ACCESS on symlink %s.\n",
127 smb_fname_str_dbg(smb_fname) ));
131 status = SMB_VFS_GET_NT_ACL(conn, smb_fname,
134 SECINFO_DACL), talloc_tos(), &sd);
136 if (!NT_STATUS_IS_OK(status)) {
137 DEBUG(10, ("smbd_check_access_rights: Could not get acl "
139 smb_fname_str_dbg(smb_fname),
142 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
150 * If we can access the path to this file, by
151 * default we have FILE_READ_ATTRIBUTES from the
152 * containing directory. See the section:
153 * "Algorithm to Check Access to an Existing File"
156 * se_file_access_check() also takes care of
157 * owner WRITE_DAC and READ_CONTROL.
159 do_not_check_mask = FILE_READ_ATTRIBUTES;
162 * Samba 3.6 and earlier granted execute access even
163 * if the ACL did not contain execute rights.
164 * Samba 4.0 is more correct and checks it.
165 * The compatibilty mode allows one to skip this check
166 * to smoothen upgrades.
168 if (lp_acl_allow_execute_always(SNUM(conn))) {
169 do_not_check_mask |= FILE_EXECUTE;
172 status = se_file_access_check(sd,
173 get_current_nttok(conn),
175 (access_mask & ~do_not_check_mask),
178 DEBUG(10,("smbd_check_access_rights: file %s requesting "
179 "0x%x returning 0x%x (%s)\n",
180 smb_fname_str_dbg(smb_fname),
181 (unsigned int)access_mask,
182 (unsigned int)rejected_mask,
183 nt_errstr(status) ));
185 if (!NT_STATUS_IS_OK(status)) {
186 if (DEBUGLEVEL >= 10) {
187 DEBUG(10,("smbd_check_access_rights: acl for %s is:\n",
188 smb_fname_str_dbg(smb_fname) ));
189 NDR_PRINT_DEBUG(security_descriptor, sd);
195 if (NT_STATUS_IS_OK(status) ||
196 !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
200 /* Here we know status == NT_STATUS_ACCESS_DENIED. */
204 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
205 (rejected_mask & FILE_WRITE_ATTRIBUTES) &&
206 !lp_store_dos_attributes(SNUM(conn)) &&
207 (lp_map_readonly(SNUM(conn)) ||
208 lp_map_archive(SNUM(conn)) ||
209 lp_map_hidden(SNUM(conn)) ||
210 lp_map_system(SNUM(conn)))) {
211 rejected_mask &= ~FILE_WRITE_ATTRIBUTES;
213 DEBUG(10,("smbd_check_access_rights: "
215 "FILE_WRITE_ATTRIBUTES "
217 smb_fname_str_dbg(smb_fname)));
220 if (parent_override_delete(conn,
224 /* Were we trying to do an open
225 * for delete and didn't get DELETE
226 * access (only) ? Check if the
227 * directory allows DELETE_CHILD.
229 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
232 rejected_mask &= ~DELETE_ACCESS;
234 DEBUG(10,("smbd_check_access_rights: "
238 smb_fname_str_dbg(smb_fname)));
241 if (rejected_mask != 0) {
242 return NT_STATUS_ACCESS_DENIED;
247 NTSTATUS check_parent_access(struct connection_struct *conn,
248 struct smb_filename *smb_fname,
249 uint32_t access_mask)
252 char *parent_dir = NULL;
253 struct security_descriptor *parent_sd = NULL;
254 uint32_t access_granted = 0;
255 struct smb_filename *parent_smb_fname = NULL;
256 struct share_mode_lock *lck = NULL;
257 struct file_id id = {0};
259 bool delete_on_close_set;
262 if (!parent_dirname(talloc_tos(),
263 smb_fname->base_name,
266 return NT_STATUS_NO_MEMORY;
269 parent_smb_fname = synthetic_smb_fname(talloc_tos(),
274 if (parent_smb_fname == NULL) {
275 return NT_STATUS_NO_MEMORY;
278 if (get_current_uid(conn) == (uid_t)0) {
279 /* I'm sorry sir, I didn't know you were root... */
280 DEBUG(10,("check_parent_access: root override "
281 "on %s. Granting 0x%x\n",
282 smb_fname_str_dbg(smb_fname),
283 (unsigned int)access_mask ));
287 status = SMB_VFS_GET_NT_ACL(conn,
293 if (!NT_STATUS_IS_OK(status)) {
294 DEBUG(5,("check_parent_access: SMB_VFS_GET_NT_ACL failed for "
295 "%s with error %s\n",
302 * If we can access the path to this file, by
303 * default we have FILE_READ_ATTRIBUTES from the
304 * containing directory. See the section:
305 * "Algorithm to Check Access to an Existing File"
308 * se_file_access_check() also takes care of
309 * owner WRITE_DAC and READ_CONTROL.
311 status = se_file_access_check(parent_sd,
312 get_current_nttok(conn),
314 (access_mask & ~FILE_READ_ATTRIBUTES),
316 if(!NT_STATUS_IS_OK(status)) {
317 DEBUG(5,("check_parent_access: access check "
318 "on directory %s for "
319 "path %s for mask 0x%x returned (0x%x) %s\n",
321 smb_fname->base_name,
324 nt_errstr(status) ));
328 if (!(access_mask & (SEC_DIR_ADD_FILE | SEC_DIR_ADD_SUBDIR))) {
331 if (!lp_check_parent_directory_delete_on_close(SNUM(conn))) {
335 /* Check if the directory has delete-on-close set */
336 ret = SMB_VFS_STAT(conn, parent_smb_fname);
338 status = map_nt_error_from_unix(errno);
342 id = SMB_VFS_FILE_ID_CREATE(conn, &parent_smb_fname->st);
344 status = file_name_hash(conn, parent_smb_fname->base_name, &name_hash);
345 if (!NT_STATUS_IS_OK(status)) {
349 lck = get_existing_share_mode_lock(talloc_tos(), id);
351 status = NT_STATUS_OK;
355 delete_on_close_set = is_delete_on_close_set(lck, name_hash);
356 if (delete_on_close_set) {
357 status = NT_STATUS_DELETE_PENDING;
361 status = NT_STATUS_OK;
365 TALLOC_FREE(parent_smb_fname);
369 /****************************************************************************
370 Ensure when opening a base file for a stream open that we have permissions
371 to do so given the access mask on the base file.
372 ****************************************************************************/
374 static NTSTATUS check_base_file_access(struct connection_struct *conn,
375 struct smb_filename *smb_fname,
376 uint32_t access_mask)
380 status = smbd_calculate_access_mask(conn, smb_fname,
384 if (!NT_STATUS_IS_OK(status)) {
385 DEBUG(10, ("smbd_calculate_access_mask "
386 "on file %s returned %s\n",
387 smb_fname_str_dbg(smb_fname),
392 if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) {
394 if (!CAN_WRITE(conn)) {
395 return NT_STATUS_ACCESS_DENIED;
397 dosattrs = dos_mode(conn, smb_fname);
398 if (IS_DOS_READONLY(dosattrs)) {
399 return NT_STATUS_ACCESS_DENIED;
403 return smbd_check_access_rights(conn,
409 /****************************************************************************
410 Handle differing symlink errno's
411 ****************************************************************************/
413 static int link_errno_convert(int err)
415 #if defined(ENOTSUP) && defined(OSF1)
416 /* handle special Tru64 errno */
417 if (err == ENOTSUP) {
422 /* fix broken NetBSD errno */
427 /* fix broken FreeBSD errno */
434 static int non_widelink_open(struct connection_struct *conn,
435 const struct smb_filename *conn_rootdir_fname,
437 struct smb_filename *smb_fname,
440 unsigned int link_depth);
442 /****************************************************************************
443 Follow a symlink in userspace.
444 ****************************************************************************/
446 static int process_symlink_open(struct connection_struct *conn,
447 const struct smb_filename *conn_rootdir_fname,
449 struct smb_filename *smb_fname,
452 unsigned int link_depth)
455 char *link_target = NULL;
456 struct smb_filename target_fname = {0};
458 struct smb_filename *oldwd_fname = NULL;
459 size_t rootdir_len = 0;
460 struct smb_filename *resolved_fname = NULL;
461 char *resolved_name = NULL;
462 bool matched = false;
466 * Ensure we don't get stuck in a symlink loop.
469 if (link_depth >= 20) {
474 /* Allocate space for the link target. */
475 link_target = talloc_array(talloc_tos(), char, PATH_MAX);
476 if (link_target == NULL) {
481 /* Read the link target. */
482 link_len = SMB_VFS_READLINK(conn,
486 if (link_len == -1) {
490 /* Ensure it's at least null terminated. */
491 link_target[link_len] = '\0';
492 target_fname = (struct smb_filename){ .base_name = link_target };
494 /* Convert to an absolute path. */
495 resolved_fname = SMB_VFS_REALPATH(conn, talloc_tos(), &target_fname);
496 if (resolved_fname == NULL) {
499 resolved_name = resolved_fname->base_name;
502 * We know conn_rootdir starts with '/' and
503 * does not end in '/'. FIXME ! Should we
506 rootdir_len = strlen(conn_rootdir_fname->base_name);
508 matched = (strncmp(conn_rootdir_fname->base_name,
517 * Turn into a path relative to the share root.
519 if (resolved_name[rootdir_len] == '\0') {
520 /* Link to the root of the share. */
521 TALLOC_FREE(smb_fname->base_name);
522 smb_fname->base_name = talloc_strdup(smb_fname, ".");
523 } else if (resolved_name[rootdir_len] == '/') {
524 TALLOC_FREE(smb_fname->base_name);
525 smb_fname->base_name = talloc_strdup(smb_fname,
526 &resolved_name[rootdir_len+1]);
532 if (smb_fname->base_name == NULL) {
537 oldwd_fname = vfs_GetWd(talloc_tos(), conn);
538 if (oldwd_fname == NULL) {
542 /* Ensure we operate from the root of the share. */
543 if (vfs_ChDir(conn, conn_rootdir_fname) == -1) {
547 /* And do it all again.. */
548 fd = non_widelink_open(conn,
561 TALLOC_FREE(resolved_fname);
562 TALLOC_FREE(link_target);
563 if (oldwd_fname != NULL) {
564 int ret = vfs_ChDir(conn, oldwd_fname);
566 smb_panic("unable to get back to old directory\n");
568 TALLOC_FREE(oldwd_fname);
570 if (saved_errno != 0) {
576 /****************************************************************************
578 ****************************************************************************/
580 static int non_widelink_open(struct connection_struct *conn,
581 const struct smb_filename *conn_rootdir_fname,
583 struct smb_filename *smb_fname,
586 unsigned int link_depth)
590 struct smb_filename *smb_fname_rel = NULL;
592 struct smb_filename *oldwd_fname = NULL;
593 char *parent_dir = NULL;
594 struct smb_filename parent_dir_fname = {0};
595 const char *final_component = NULL;
596 bool is_directory = false;
600 if (flags & O_DIRECTORY) {
606 parent_dir = talloc_strdup(talloc_tos(), smb_fname->base_name);
607 if (parent_dir == NULL) {
612 final_component = ".";
614 ok = parent_dirname(talloc_tos(),
615 smb_fname->base_name,
624 parent_dir_fname = (struct smb_filename) { .base_name = parent_dir };
626 oldwd_fname = vfs_GetWd(talloc_tos(), conn);
627 if (oldwd_fname == NULL) {
631 /* Pin parent directory in place. */
632 if (vfs_ChDir(conn, &parent_dir_fname) == -1) {
636 smb_fname_rel = synthetic_smb_fname(talloc_tos(),
638 smb_fname->stream_name,
641 if (smb_fname_rel == NULL) {
642 saved_errno = ENOMEM;
646 /* Ensure the relative path is below the share. */
647 status = check_reduced_name(conn, &parent_dir_fname, smb_fname_rel);
648 if (!NT_STATUS_IS_OK(status)) {
649 saved_errno = map_errno_from_nt_status(status);
656 struct smb_filename *tmp_name = fsp->fsp_name;
657 fsp->fsp_name = smb_fname_rel;
658 fd = SMB_VFS_OPEN(conn, smb_fname_rel, fsp, flags, mode);
659 fsp->fsp_name = tmp_name;
663 saved_errno = link_errno_convert(errno);
665 * Trying to open a symlink to a directory with O_NOFOLLOW and
666 * O_DIRECTORY can return either of ELOOP and ENOTDIR. So
667 * ENOTDIR really means: might be a symlink, but we're not sure.
668 * In this case, we just assume there's a symlink. If we were
669 * wrong, process_symlink_open() will return EINVAL. We check
670 * this below, and fall back to returning the initial
673 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
675 if (saved_errno == ELOOP || saved_errno == ENOTDIR) {
676 if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
677 /* Never follow symlinks on posix open. */
680 if (!lp_follow_symlinks(SNUM(conn))) {
681 /* Explicitly no symlinks. */
685 * We may have a symlink. Follow in userspace
686 * to ensure it's under the share definition.
688 fd = process_symlink_open(conn,
696 if (saved_errno == ENOTDIR &&
699 * O_DIRECTORY on neither a directory,
700 * nor a symlink. Just return
701 * saved_errno from initial open()
706 link_errno_convert(errno);
713 TALLOC_FREE(parent_dir);
714 TALLOC_FREE(smb_fname_rel);
716 if (oldwd_fname != NULL) {
717 int ret = vfs_ChDir(conn, oldwd_fname);
719 smb_panic("unable to get back to old directory\n");
721 TALLOC_FREE(oldwd_fname);
723 if (saved_errno != 0) {
729 /****************************************************************************
730 fd support routines - attempt to do a dos_open.
731 ****************************************************************************/
733 NTSTATUS fd_open(struct connection_struct *conn,
738 struct smb_filename *smb_fname = fsp->fsp_name;
739 NTSTATUS status = NT_STATUS_OK;
742 * Never follow symlinks on a POSIX client. The
743 * client should be doing this.
746 if ((fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) || !lp_follow_symlinks(SNUM(conn))) {
750 /* Ensure path is below share definition. */
751 if (!lp_widelinks(SNUM(conn))) {
752 struct smb_filename *conn_rootdir_fname = NULL;
753 const char *conn_rootdir = SMB_VFS_CONNECTPATH(conn,
757 if (conn_rootdir == NULL) {
758 return NT_STATUS_NO_MEMORY;
760 conn_rootdir_fname = synthetic_smb_fname(talloc_tos(),
765 if (conn_rootdir_fname == NULL) {
766 return NT_STATUS_NO_MEMORY;
770 * Only follow symlinks within a share
773 fsp->fh->fd = non_widelink_open(conn,
780 if (fsp->fh->fd == -1) {
783 TALLOC_FREE(conn_rootdir_fname);
784 if (saved_errno != 0) {
788 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
791 if (fsp->fh->fd == -1) {
792 int posix_errno = link_errno_convert(errno);
793 status = map_nt_error_from_unix(posix_errno);
794 if (errno == EMFILE) {
795 static time_t last_warned = 0L;
797 if (time((time_t *) NULL) > last_warned) {
798 DEBUG(0,("Too many open files, unable "
799 "to open more! smbd's max "
801 lp_max_open_files()));
802 last_warned = time((time_t *) NULL);
808 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
809 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
810 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
815 /****************************************************************************
816 Close the file associated with a fsp.
817 ****************************************************************************/
819 NTSTATUS fd_close(files_struct *fsp)
826 if (fsp->fh->fd == -1) {
827 return NT_STATUS_OK; /* What we used to call a stat open. */
829 if (fsp->fh->ref_count > 1) {
830 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
833 ret = SMB_VFS_CLOSE(fsp);
836 return map_nt_error_from_unix(errno);
841 /****************************************************************************
842 Change the ownership of a file to that of the parent directory.
843 Do this by fd if possible.
844 ****************************************************************************/
846 void change_file_owner_to_parent(connection_struct *conn,
847 const char *inherit_from_dir,
850 struct smb_filename *smb_fname_parent;
853 smb_fname_parent = synthetic_smb_fname(talloc_tos(),
858 if (smb_fname_parent == NULL) {
862 ret = SMB_VFS_STAT(conn, smb_fname_parent);
864 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
865 "directory %s. Error was %s\n",
866 smb_fname_str_dbg(smb_fname_parent),
868 TALLOC_FREE(smb_fname_parent);
872 if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
873 /* Already this uid - no need to change. */
874 DEBUG(10,("change_file_owner_to_parent: file %s "
875 "is already owned by uid %d\n",
877 (int)fsp->fsp_name->st.st_ex_uid ));
878 TALLOC_FREE(smb_fname_parent);
883 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
886 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
887 "file %s to parent directory uid %u. Error "
888 "was %s\n", fsp_str_dbg(fsp),
889 (unsigned int)smb_fname_parent->st.st_ex_uid,
892 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
893 "parent directory uid %u.\n", fsp_str_dbg(fsp),
894 (unsigned int)smb_fname_parent->st.st_ex_uid));
895 /* Ensure the uid entry is updated. */
896 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
899 TALLOC_FREE(smb_fname_parent);
902 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
903 const char *inherit_from_dir,
904 struct smb_filename *smb_dname,
905 SMB_STRUCT_STAT *psbuf)
907 struct smb_filename *smb_fname_parent;
908 struct smb_filename *smb_fname_cwd = NULL;
909 struct smb_filename *saved_dir_fname = NULL;
910 TALLOC_CTX *ctx = talloc_tos();
911 NTSTATUS status = NT_STATUS_OK;
914 smb_fname_parent = synthetic_smb_fname(ctx,
919 if (smb_fname_parent == NULL) {
920 return NT_STATUS_NO_MEMORY;
923 ret = SMB_VFS_STAT(conn, smb_fname_parent);
925 status = map_nt_error_from_unix(errno);
926 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
927 "directory %s. Error was %s\n",
928 smb_fname_str_dbg(smb_fname_parent),
933 /* We've already done an lstat into psbuf, and we know it's a
934 directory. If we can cd into the directory and the dev/ino
935 are the same then we can safely chown without races as
936 we're locking the directory in place by being in it. This
937 should work on any UNIX (thanks tridge :-). JRA.
940 saved_dir_fname = vfs_GetWd(ctx,conn);
941 if (!saved_dir_fname) {
942 status = map_nt_error_from_unix(errno);
943 DEBUG(0,("change_dir_owner_to_parent: failed to get "
944 "current working directory. Error was %s\n",
949 /* Chdir into the new path. */
950 if (vfs_ChDir(conn, smb_dname) == -1) {
951 status = map_nt_error_from_unix(errno);
952 DEBUG(0,("change_dir_owner_to_parent: failed to change "
953 "current working directory to %s. Error "
954 "was %s\n", smb_dname->base_name, strerror(errno) ));
958 smb_fname_cwd = synthetic_smb_fname(ctx, ".", NULL, NULL, 0);
959 if (smb_fname_cwd == NULL) {
960 status = NT_STATUS_NO_MEMORY;
964 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
966 status = map_nt_error_from_unix(errno);
967 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
968 "directory '.' (%s) Error was %s\n",
969 smb_dname->base_name, strerror(errno)));
973 /* Ensure we're pointing at the same place. */
974 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
975 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
976 DEBUG(0,("change_dir_owner_to_parent: "
977 "device/inode on directory %s changed. "
978 "Refusing to chown !\n",
979 smb_dname->base_name ));
980 status = NT_STATUS_ACCESS_DENIED;
984 if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
985 /* Already this uid - no need to change. */
986 DEBUG(10,("change_dir_owner_to_parent: directory %s "
987 "is already owned by uid %d\n",
988 smb_dname->base_name,
989 (int)smb_fname_cwd->st.st_ex_uid ));
990 status = NT_STATUS_OK;
995 ret = SMB_VFS_LCHOWN(conn,
997 smb_fname_parent->st.st_ex_uid,
1001 status = map_nt_error_from_unix(errno);
1002 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
1003 "directory %s to parent directory uid %u. "
1005 smb_dname->base_name,
1006 (unsigned int)smb_fname_parent->st.st_ex_uid,
1009 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
1010 "directory %s to parent directory uid %u.\n",
1011 smb_dname->base_name,
1012 (unsigned int)smb_fname_parent->st.st_ex_uid ));
1013 /* Ensure the uid entry is updated. */
1014 psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid;
1018 vfs_ChDir(conn, saved_dir_fname);
1020 TALLOC_FREE(saved_dir_fname);
1021 TALLOC_FREE(smb_fname_parent);
1022 TALLOC_FREE(smb_fname_cwd);
1026 /****************************************************************************
1027 Open a file - returning a guaranteed ATOMIC indication of if the
1028 file was created or not.
1029 ****************************************************************************/
1031 static NTSTATUS fd_open_atomic(struct connection_struct *conn,
1037 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
1038 NTSTATUS retry_status;
1039 bool file_existed = VALID_STAT(fsp->fsp_name->st);
1042 *file_created = false;
1044 if (!(flags & O_CREAT)) {
1046 * We're not creating the file, just pass through.
1048 return fd_open(conn, fsp, flags, mode);
1051 if (flags & O_EXCL) {
1053 * Fail if already exists, just pass through.
1055 status = fd_open(conn, fsp, flags, mode);
1058 * Here we've opened with O_CREAT|O_EXCL. If that went
1059 * NT_STATUS_OK, we *know* we created this file.
1061 *file_created = NT_STATUS_IS_OK(status);
1067 * Now it gets tricky. We have O_CREAT, but not O_EXCL.
1068 * To know absolutely if we created the file or not,
1069 * we can never call O_CREAT without O_EXCL. So if
1070 * we think the file existed, try without O_CREAT|O_EXCL.
1071 * If we think the file didn't exist, try with
1074 * The big problem here is dangling symlinks. Opening
1075 * without O_NOFOLLOW means both bad symlink
1076 * and missing path return -1, ENOENT from open(). As POSIX
1077 * is pathname based it's not possible to tell
1078 * the difference between these two cases in a
1079 * non-racy way, so change to try only two attempts before
1082 * We don't have this problem for the O_NOFOLLOW
1083 * case as it just returns NT_STATUS_OBJECT_PATH_NOT_FOUND
1084 * mapped from the ELOOP POSIX error.
1090 curr_flags &= ~(O_CREAT);
1091 retry_status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
1093 curr_flags |= O_EXCL;
1094 retry_status = NT_STATUS_OBJECT_NAME_COLLISION;
1097 status = fd_open(conn, fsp, curr_flags, mode);
1098 if (NT_STATUS_IS_OK(status)) {
1099 if (!file_existed) {
1100 *file_created = true;
1102 return NT_STATUS_OK;
1104 if (!NT_STATUS_EQUAL(status, retry_status)) {
1111 * Keep file_existed up to date for clarity.
1113 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1114 file_existed = false;
1115 curr_flags |= O_EXCL;
1116 DBG_DEBUG("file %s did not exist. Retry.\n",
1117 smb_fname_str_dbg(fsp->fsp_name));
1119 file_existed = true;
1120 curr_flags &= ~(O_CREAT);
1121 DBG_DEBUG("file %s existed. Retry.\n",
1122 smb_fname_str_dbg(fsp->fsp_name));
1125 status = fd_open(conn, fsp, curr_flags, mode);
1127 if (NT_STATUS_IS_OK(status) && (!file_existed)) {
1128 *file_created = true;
1134 /****************************************************************************
1136 ****************************************************************************/
1138 static NTSTATUS open_file(files_struct *fsp,
1139 connection_struct *conn,
1140 struct smb_request *req,
1141 const char *parent_dir,
1144 uint32_t access_mask, /* client requested access mask. */
1145 uint32_t open_access_mask, /* what we're actually using in the open. */
1146 bool *p_file_created)
1148 struct smb_filename *smb_fname = fsp->fsp_name;
1149 NTSTATUS status = NT_STATUS_OK;
1150 int accmode = (flags & O_ACCMODE);
1151 int local_flags = flags;
1152 bool file_existed = VALID_STAT(fsp->fsp_name->st);
1157 /* Check permissions */
1160 * This code was changed after seeing a client open request
1161 * containing the open mode of (DENY_WRITE/read-only) with
1162 * the 'create if not exist' bit set. The previous code
1163 * would fail to open the file read only on a read-only share
1164 * as it was checking the flags parameter directly against O_RDONLY,
1165 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
1169 if (!CAN_WRITE(conn)) {
1170 /* It's a read-only share - fail if we wanted to write. */
1171 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
1172 DEBUG(3,("Permission denied opening %s\n",
1173 smb_fname_str_dbg(smb_fname)));
1174 return NT_STATUS_ACCESS_DENIED;
1176 if (flags & O_CREAT) {
1177 /* We don't want to write - but we must make sure that
1178 O_CREAT doesn't create the file if we have write
1179 access into the directory.
1181 flags &= ~(O_CREAT|O_EXCL);
1182 local_flags &= ~(O_CREAT|O_EXCL);
1187 * This little piece of insanity is inspired by the
1188 * fact that an NT client can open a file for O_RDONLY,
1189 * but set the create disposition to FILE_EXISTS_TRUNCATE.
1190 * If the client *can* write to the file, then it expects to
1191 * truncate the file, even though it is opening for readonly.
1192 * Quicken uses this stupid trick in backup file creation...
1193 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
1194 * for helping track this one down. It didn't bite us in 2.0.x
1195 * as we always opened files read-write in that release. JRA.
1198 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
1199 DEBUG(10,("open_file: truncate requested on read-only open "
1200 "for file %s\n", smb_fname_str_dbg(smb_fname)));
1201 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
1204 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
1205 (!file_existed && (local_flags & O_CREAT)) ||
1206 ((local_flags & O_TRUNC) == O_TRUNC) ) {
1210 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
1212 * We would block on opening a FIFO with no one else on the
1213 * other end. Do what we used to do and add O_NONBLOCK to the
1217 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
1218 local_flags &= ~O_TRUNC; /* Can't truncate a FIFO. */
1219 local_flags |= O_NONBLOCK;
1223 /* Don't create files with Microsoft wildcard characters. */
1224 if (fsp->base_fsp) {
1226 * wildcard characters are allowed in stream names
1227 * only test the basefilename
1229 wild = fsp->base_fsp->fsp_name->base_name;
1231 wild = smb_fname->base_name;
1233 if ((local_flags & O_CREAT) && !file_existed &&
1234 !(fsp->posix_flags & FSP_POSIX_FLAGS_PATHNAMES) &&
1235 ms_has_wild(wild)) {
1236 return NT_STATUS_OBJECT_NAME_INVALID;
1239 /* Can we access this file ? */
1240 if (!fsp->base_fsp) {
1241 /* Only do this check on non-stream open. */
1243 status = smbd_check_access_rights(conn,
1248 if (!NT_STATUS_IS_OK(status)) {
1249 DEBUG(10, ("open_file: "
1250 "smbd_check_access_rights "
1251 "on file %s returned %s\n",
1252 smb_fname_str_dbg(smb_fname),
1253 nt_errstr(status)));
1256 if (!NT_STATUS_IS_OK(status) &&
1257 !NT_STATUS_EQUAL(status,
1258 NT_STATUS_OBJECT_NAME_NOT_FOUND))
1263 if (NT_STATUS_EQUAL(status,
1264 NT_STATUS_OBJECT_NAME_NOT_FOUND))
1266 DEBUG(10, ("open_file: "
1267 "file %s vanished since we "
1268 "checked for existence.\n",
1269 smb_fname_str_dbg(smb_fname)));
1270 file_existed = false;
1271 SET_STAT_INVALID(fsp->fsp_name->st);
1275 if (!file_existed) {
1276 if (!(local_flags & O_CREAT)) {
1277 /* File didn't exist and no O_CREAT. */
1278 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1281 status = check_parent_access(conn,
1284 if (!NT_STATUS_IS_OK(status)) {
1285 DEBUG(10, ("open_file: "
1286 "check_parent_access on "
1287 "file %s returned %s\n",
1288 smb_fname_str_dbg(smb_fname),
1289 nt_errstr(status) ));
1296 * Actually do the open - if O_TRUNC is needed handle it
1297 * below under the share mode lock.
1299 status = fd_open_atomic(conn, fsp, local_flags & ~O_TRUNC,
1300 unx_mode, p_file_created);
1301 if (!NT_STATUS_IS_OK(status)) {
1302 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
1303 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
1304 nt_errstr(status),local_flags,flags));
1308 if (local_flags & O_NONBLOCK) {
1310 * GPFS can return ETIMEDOUT for pread on
1311 * nonblocking file descriptors when files
1312 * migrated to tape need to be recalled. I
1313 * could imagine this happens elsehwere
1314 * too. With blocking file descriptors this
1317 ret = set_blocking(fsp->fh->fd, true);
1319 status = map_nt_error_from_unix(errno);
1320 DBG_WARNING("Could not set fd to blocking: "
1321 "%s\n", strerror(errno));
1327 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
1329 /* If we have an fd, this stat should succeed. */
1330 DEBUG(0,("Error doing fstat on open file %s "
1332 smb_fname_str_dbg(smb_fname),
1334 status = map_nt_error_from_unix(errno);
1339 if (*p_file_created) {
1340 /* We created this file. */
1342 bool need_re_stat = false;
1343 /* Do all inheritance work after we've
1344 done a successful fstat call and filled
1345 in the stat struct in fsp->fsp_name. */
1347 /* Inherit the ACL if required */
1348 if (lp_inherit_permissions(SNUM(conn))) {
1349 inherit_access_posix_acl(conn, parent_dir,
1352 need_re_stat = true;
1355 /* Change the owner if required. */
1356 if (lp_inherit_owner(SNUM(conn)) != INHERIT_OWNER_NO) {
1357 change_file_owner_to_parent(conn, parent_dir,
1359 need_re_stat = true;
1363 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
1364 /* If we have an fd, this stat should succeed. */
1366 DEBUG(0,("Error doing fstat on open file %s "
1368 smb_fname_str_dbg(smb_fname),
1373 notify_fname(conn, NOTIFY_ACTION_ADDED,
1374 FILE_NOTIFY_CHANGE_FILE_NAME,
1375 smb_fname->base_name);
1378 fsp->fh->fd = -1; /* What we used to call a stat open. */
1379 if (!file_existed) {
1380 /* File must exist for a stat open. */
1381 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1384 status = smbd_check_access_rights(conn,
1389 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
1390 (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) &&
1391 S_ISLNK(smb_fname->st.st_ex_mode)) {
1392 /* This is a POSIX stat open for delete
1393 * or rename on a symlink that points
1394 * nowhere. Allow. */
1395 DEBUG(10,("open_file: allowing POSIX "
1396 "open on bad symlink %s\n",
1397 smb_fname_str_dbg(smb_fname)));
1398 status = NT_STATUS_OK;
1401 if (!NT_STATUS_IS_OK(status)) {
1402 DEBUG(10,("open_file: "
1403 "smbd_check_access_rights on file "
1405 smb_fname_str_dbg(smb_fname),
1406 nt_errstr(status) ));
1412 * POSIX allows read-only opens of directories. We don't
1413 * want to do this (we use a different code path for this)
1414 * so catch a directory open and return an EISDIR. JRA.
1417 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
1420 return NT_STATUS_FILE_IS_A_DIRECTORY;
1423 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1424 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
1425 fsp->file_pid = req ? req->smbpid : 0;
1426 fsp->can_lock = True;
1427 fsp->can_read = ((access_mask & FILE_READ_DATA) != 0);
1430 ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) != 0);
1431 fsp->print_file = NULL;
1432 fsp->modified = False;
1433 fsp->sent_oplock_break = NO_BREAK_SENT;
1434 fsp->is_directory = False;
1435 if (conn->aio_write_behind_list &&
1436 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
1437 conn->case_sensitive)) {
1438 fsp->aio_write_behind = True;
1441 fsp->wcp = NULL; /* Write cache pointer. */
1443 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
1444 conn->session_info->unix_info->unix_name,
1445 smb_fname_str_dbg(smb_fname),
1446 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
1447 conn->num_files_open));
1450 return NT_STATUS_OK;
1453 /****************************************************************************
1454 Check if we can open a file with a share mode.
1455 Returns True if conflict, False if not.
1456 ****************************************************************************/
1458 static bool share_conflict(struct share_mode_entry *entry,
1459 uint32_t access_mask,
1460 uint32_t share_access)
1462 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
1463 "entry->share_access = 0x%x, "
1464 "entry->private_options = 0x%x\n",
1465 (unsigned int)entry->access_mask,
1466 (unsigned int)entry->share_access,
1467 (unsigned int)entry->private_options));
1469 if (server_id_is_disconnected(&entry->pid)) {
1471 * note: cleanup should have been done by
1472 * delay_for_batch_oplocks()
1477 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
1478 (unsigned int)access_mask, (unsigned int)share_access));
1480 if ((entry->access_mask & (FILE_WRITE_DATA|
1484 DELETE_ACCESS)) == 0) {
1485 DEBUG(10,("share_conflict: No conflict due to "
1486 "entry->access_mask = 0x%x\n",
1487 (unsigned int)entry->access_mask ));
1491 if ((access_mask & (FILE_WRITE_DATA|
1495 DELETE_ACCESS)) == 0) {
1496 DEBUG(10,("share_conflict: No conflict due to "
1497 "access_mask = 0x%x\n",
1498 (unsigned int)access_mask ));
1502 #if 1 /* JRA TEST - Superdebug. */
1503 #define CHECK_MASK(num, am, right, sa, share) \
1504 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
1505 (unsigned int)(num), (unsigned int)(am), \
1506 (unsigned int)(right), (unsigned int)(am)&(right) )); \
1507 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
1508 (unsigned int)(num), (unsigned int)(sa), \
1509 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
1510 if (((am) & (right)) && !((sa) & (share))) { \
1511 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
1512 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
1513 (unsigned int)(share) )); \
1517 #define CHECK_MASK(num, am, right, sa, share) \
1518 if (((am) & (right)) && !((sa) & (share))) { \
1519 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
1520 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
1521 (unsigned int)(share) )); \
1526 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
1527 share_access, FILE_SHARE_WRITE);
1528 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
1529 entry->share_access, FILE_SHARE_WRITE);
1531 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
1532 share_access, FILE_SHARE_READ);
1533 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
1534 entry->share_access, FILE_SHARE_READ);
1536 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
1537 share_access, FILE_SHARE_DELETE);
1538 CHECK_MASK(6, access_mask, DELETE_ACCESS,
1539 entry->share_access, FILE_SHARE_DELETE);
1541 DEBUG(10,("share_conflict: No conflict.\n"));
1545 #if defined(DEVELOPER)
1546 static void validate_my_share_entries(struct smbd_server_connection *sconn,
1548 struct share_mode_entry *share_entry)
1550 struct server_id self = messaging_server_id(sconn->msg_ctx);
1553 if (!serverid_equal(&self, &share_entry->pid)) {
1557 if (share_entry->op_mid == 0) {
1558 /* INTERNAL_OPEN_ONLY */
1562 if (!is_valid_share_mode_entry(share_entry)) {
1566 fsp = file_find_dif(sconn, share_entry->id,
1567 share_entry->share_file_id);
1569 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
1570 share_mode_str(talloc_tos(), num, share_entry) ));
1571 smb_panic("validate_my_share_entries: Cannot match a "
1572 "share entry with an open file\n");
1575 if (((uint16_t)fsp->oplock_type) != share_entry->op_type) {
1584 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
1585 share_mode_str(talloc_tos(), num, share_entry) ));
1586 str = talloc_asprintf(talloc_tos(),
1587 "validate_my_share_entries: "
1588 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
1589 fsp->fsp_name->base_name,
1590 (unsigned int)fsp->oplock_type,
1591 (unsigned int)share_entry->op_type );
1597 bool is_stat_open(uint32_t access_mask)
1599 const uint32_t stat_open_bits =
1600 (SYNCHRONIZE_ACCESS|
1601 FILE_READ_ATTRIBUTES|
1602 FILE_WRITE_ATTRIBUTES);
1604 return (((access_mask & stat_open_bits) != 0) &&
1605 ((access_mask & ~stat_open_bits) == 0));
1608 static bool has_delete_on_close(struct share_mode_lock *lck,
1611 struct share_mode_data *d = lck->data;
1614 if (d->num_share_modes == 0) {
1617 if (!is_delete_on_close_set(lck, name_hash)) {
1620 for (i=0; i<d->num_share_modes; i++) {
1621 if (!share_mode_stale_pid(d, i)) {
1628 /****************************************************************************
1629 Deal with share modes
1630 Invariant: Share mode must be locked on entry and exit.
1631 Returns -1 on error, or number of share modes on success (may be zero).
1632 ****************************************************************************/
1634 static NTSTATUS open_mode_check(connection_struct *conn,
1635 struct share_mode_lock *lck,
1636 uint32_t access_mask,
1637 uint32_t share_access)
1641 if(lck->data->num_share_modes == 0) {
1642 return NT_STATUS_OK;
1645 if (is_stat_open(access_mask)) {
1646 /* Stat open that doesn't trigger oplock breaks or share mode
1647 * checks... ! JRA. */
1648 return NT_STATUS_OK;
1652 * Check if the share modes will give us access.
1655 #if defined(DEVELOPER)
1656 for(i = 0; i < lck->data->num_share_modes; i++) {
1657 validate_my_share_entries(conn->sconn, i,
1658 &lck->data->share_modes[i]);
1662 /* Now we check the share modes, after any oplock breaks. */
1663 for(i = 0; i < lck->data->num_share_modes; i++) {
1665 if (!is_valid_share_mode_entry(&lck->data->share_modes[i])) {
1669 /* someone else has a share lock on it, check to see if we can
1671 if (share_conflict(&lck->data->share_modes[i],
1672 access_mask, share_access)) {
1674 if (share_mode_stale_pid(lck->data, i)) {
1678 return NT_STATUS_SHARING_VIOLATION;
1682 return NT_STATUS_OK;
1686 * Send a break message to the oplock holder and delay the open for
1690 NTSTATUS send_break_message(struct messaging_context *msg_ctx,
1691 const struct share_mode_entry *exclusive,
1695 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
1696 struct server_id_buf tmp;
1698 DEBUG(10, ("Sending break request to PID %s\n",
1699 server_id_str_buf(exclusive->pid, &tmp)));
1701 /* Create the message. */
1702 share_mode_entry_to_message(msg, exclusive);
1704 /* Overload entry->op_type */
1706 * This is a cut from uint32_t to uint16_t, but so far only the lower 3
1707 * bits (LEASE_WRITE/HANDLE/READ are used anyway.
1709 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET, break_to);
1711 status = messaging_send_buf(msg_ctx, exclusive->pid,
1712 MSG_SMB_BREAK_REQUEST,
1713 (uint8_t *)msg, sizeof(msg));
1714 if (!NT_STATUS_IS_OK(status)) {
1715 DEBUG(3, ("Could not send oplock break message: %s\n",
1716 nt_errstr(status)));
1723 * Do internal consistency checks on the share mode for a file.
1726 static bool validate_oplock_types(struct share_mode_lock *lck)
1728 struct share_mode_data *d = lck->data;
1730 bool ex_or_batch = false;
1731 bool level2 = false;
1732 bool no_oplock = false;
1733 uint32_t num_non_stat_opens = 0;
1736 for (i=0; i<d->num_share_modes; i++) {
1737 struct share_mode_entry *e = &d->share_modes[i];
1739 if (!is_valid_share_mode_entry(e)) {
1743 if (e->op_mid == 0) {
1744 /* INTERNAL_OPEN_ONLY */
1748 if (e->op_type == NO_OPLOCK && is_stat_open(e->access_mask)) {
1749 /* We ignore stat opens in the table - they
1750 always have NO_OPLOCK and never get or
1751 cause breaks. JRA. */
1755 num_non_stat_opens += 1;
1757 if (BATCH_OPLOCK_TYPE(e->op_type)) {
1758 /* batch - can only be one. */
1759 if (share_mode_stale_pid(d, i)) {
1760 DEBUG(10, ("Found stale batch oplock\n"));
1763 if (ex_or_batch || batch || level2 || no_oplock) {
1764 DEBUG(0, ("Bad batch oplock entry %u.",
1771 if (EXCLUSIVE_OPLOCK_TYPE(e->op_type)) {
1772 if (share_mode_stale_pid(d, i)) {
1773 DEBUG(10, ("Found stale duplicate oplock\n"));
1776 /* Exclusive or batch - can only be one. */
1777 if (ex_or_batch || level2 || no_oplock) {
1778 DEBUG(0, ("Bad exclusive or batch oplock "
1779 "entry %u.", (unsigned)i));
1785 if (LEVEL_II_OPLOCK_TYPE(e->op_type)) {
1786 if (batch || ex_or_batch) {
1787 if (share_mode_stale_pid(d, i)) {
1788 DEBUG(10, ("Found stale LevelII "
1792 DEBUG(0, ("Bad levelII oplock entry %u.",
1799 if (e->op_type == NO_OPLOCK) {
1800 if (batch || ex_or_batch) {
1801 if (share_mode_stale_pid(d, i)) {
1802 DEBUG(10, ("Found stale NO_OPLOCK "
1806 DEBUG(0, ("Bad no oplock entry %u.",
1814 remove_stale_share_mode_entries(d);
1816 if ((batch || ex_or_batch) && (num_non_stat_opens != 1)) {
1817 DEBUG(1, ("got batch (%d) or ex (%d) non-exclusively (%d)\n",
1818 (int)batch, (int)ex_or_batch,
1819 (int)d->num_share_modes));
1826 static bool delay_for_oplock(files_struct *fsp,
1828 const struct smb2_lease *lease,
1829 struct share_mode_lock *lck,
1830 bool have_sharing_violation,
1831 uint32_t create_disposition,
1832 bool first_open_attempt)
1834 struct share_mode_data *d = lck->data;
1837 bool will_overwrite;
1839 if ((oplock_request & INTERNAL_OPEN_ONLY) ||
1840 is_stat_open(fsp->access_mask)) {
1844 switch (create_disposition) {
1845 case FILE_SUPERSEDE:
1846 case FILE_OVERWRITE:
1847 case FILE_OVERWRITE_IF:
1848 will_overwrite = true;
1851 will_overwrite = false;
1855 for (i=0; i<d->num_share_modes; i++) {
1856 struct share_mode_entry *e = &d->share_modes[i];
1857 struct share_mode_lease *l = NULL;
1858 uint32_t e_lease_type = get_lease_type(d, e);
1860 uint32_t delay_mask = 0;
1862 if (e->op_type == LEASE_OPLOCK) {
1863 l = &d->leases[e->lease_idx];
1866 if (have_sharing_violation) {
1867 delay_mask = SMB2_LEASE_HANDLE;
1869 delay_mask = SMB2_LEASE_WRITE;
1872 break_to = e_lease_type & ~delay_mask;
1874 if (will_overwrite) {
1876 * we'll decide about SMB2_LEASE_READ later.
1878 * Maybe the break will be deferred
1880 break_to &= ~SMB2_LEASE_HANDLE;
1883 DEBUG(10, ("entry %u: e_lease_type %u, will_overwrite: %u\n",
1884 (unsigned)i, (unsigned)e_lease_type,
1885 (unsigned)will_overwrite));
1887 if (lease != NULL && l != NULL) {
1890 ign = smb2_lease_equal(fsp_client_guid(fsp),
1899 if ((e_lease_type & ~break_to) == 0) {
1900 if (l != NULL && l->breaking) {
1906 if (share_mode_stale_pid(d, i)) {
1910 if (will_overwrite) {
1912 * If we break anyway break to NONE directly.
1913 * Otherwise vfs_set_filelen() will trigger the
1916 break_to &= ~(SMB2_LEASE_READ|SMB2_LEASE_WRITE);
1919 if (e->op_type != LEASE_OPLOCK) {
1921 * Oplocks only support breaking to R or NONE.
1923 break_to &= ~(SMB2_LEASE_HANDLE|SMB2_LEASE_WRITE);
1926 DEBUG(10, ("breaking from %d to %d\n",
1927 (int)e_lease_type, (int)break_to));
1928 send_break_message(fsp->conn->sconn->msg_ctx, e,
1930 if (e_lease_type & delay_mask) {
1933 if (l != NULL && l->breaking && !first_open_attempt) {
1942 static bool file_has_brlocks(files_struct *fsp)
1944 struct byte_range_lock *br_lck;
1946 br_lck = brl_get_locks_readonly(fsp);
1950 return (brl_num_locks(br_lck) > 0);
1953 int find_share_mode_lease(struct share_mode_data *d,
1954 const struct GUID *client_guid,
1955 const struct smb2_lease_key *key)
1959 for (i=0; i<d->num_leases; i++) {
1960 struct share_mode_lease *l = &d->leases[i];
1962 if (smb2_lease_equal(client_guid,
1973 struct fsp_lease *find_fsp_lease(struct files_struct *new_fsp,
1974 const struct smb2_lease_key *key,
1975 const struct share_mode_lease *l)
1977 struct files_struct *fsp;
1980 * TODO: Measure how expensive this loop is with thousands of open
1984 for (fsp = file_find_di_first(new_fsp->conn->sconn, new_fsp->file_id);
1986 fsp = file_find_di_next(fsp)) {
1988 if (fsp == new_fsp) {
1991 if (fsp->oplock_type != LEASE_OPLOCK) {
1994 if (smb2_lease_key_equal(&fsp->lease->lease.lease_key, key)) {
1995 fsp->lease->ref_count += 1;
2000 /* Not found - must be leased in another smbd. */
2001 new_fsp->lease = talloc_zero(new_fsp->conn->sconn, struct fsp_lease);
2002 if (new_fsp->lease == NULL) {
2005 new_fsp->lease->ref_count = 1;
2006 new_fsp->lease->sconn = new_fsp->conn->sconn;
2007 new_fsp->lease->lease.lease_key = *key;
2008 new_fsp->lease->lease.lease_state = l->current_state;
2010 * We internally treat all leases as V2 and update
2011 * the epoch, but when sending breaks it matters if
2012 * the requesting lease was v1 or v2.
2014 new_fsp->lease->lease.lease_version = l->lease_version;
2015 new_fsp->lease->lease.lease_epoch = l->epoch;
2016 return new_fsp->lease;
2019 static NTSTATUS grant_fsp_lease(struct files_struct *fsp,
2020 struct share_mode_lock *lck,
2021 const struct smb2_lease *lease,
2022 uint32_t *p_lease_idx,
2025 struct share_mode_data *d = lck->data;
2026 const struct GUID *client_guid = fsp_client_guid(fsp);
2027 struct share_mode_lease *tmp;
2031 idx = find_share_mode_lease(d, client_guid, &lease->lease_key);
2034 struct share_mode_lease *l = &d->leases[idx];
2036 uint32_t existing, requested;
2038 fsp->lease = find_fsp_lease(fsp, &lease->lease_key, l);
2039 if (fsp->lease == NULL) {
2040 DEBUG(1, ("Did not find existing lease for file %s\n",
2042 return NT_STATUS_NO_MEMORY;
2048 * Upgrade only if the requested lease is a strict upgrade.
2050 existing = l->current_state;
2051 requested = lease->lease_state;
2054 * Tricky: This test makes sure that "requested" is a
2055 * strict bitwise superset of "existing".
2057 do_upgrade = ((existing & requested) == existing);
2060 * Upgrade only if there's a change.
2062 do_upgrade &= (granted != existing);
2065 * Upgrade only if other leases don't prevent what was asked
2068 do_upgrade &= (granted == requested);
2071 * only upgrade if we are not in breaking state
2073 do_upgrade &= !l->breaking;
2075 DEBUG(10, ("existing=%"PRIu32", requested=%"PRIu32", "
2076 "granted=%"PRIu32", do_upgrade=%d\n",
2077 existing, requested, granted, (int)do_upgrade));
2080 l->current_state = granted;
2084 /* Ensure we're in sync with current lease state. */
2085 fsp_lease_update(lck, fsp_client_guid(fsp), fsp->lease);
2086 return NT_STATUS_OK;
2093 tmp = talloc_realloc(d, d->leases, struct share_mode_lease,
2099 return NT_STATUS_INSUFFICIENT_RESOURCES;
2103 fsp->lease = talloc_zero(fsp->conn->sconn, struct fsp_lease);
2104 if (fsp->lease == NULL) {
2105 return NT_STATUS_INSUFFICIENT_RESOURCES;
2107 fsp->lease->ref_count = 1;
2108 fsp->lease->sconn = fsp->conn->sconn;
2109 fsp->lease->lease.lease_version = lease->lease_version;
2110 fsp->lease->lease.lease_key = lease->lease_key;
2111 fsp->lease->lease.lease_state = granted;
2112 fsp->lease->lease.lease_epoch = lease->lease_epoch + 1;
2114 *p_lease_idx = d->num_leases;
2116 d->leases[d->num_leases] = (struct share_mode_lease) {
2117 .client_guid = *client_guid,
2118 .lease_key = fsp->lease->lease.lease_key,
2119 .current_state = fsp->lease->lease.lease_state,
2120 .lease_version = fsp->lease->lease.lease_version,
2121 .epoch = fsp->lease->lease.lease_epoch,
2124 status = leases_db_add(client_guid,
2127 fsp->conn->connectpath,
2128 fsp->fsp_name->base_name,
2129 fsp->fsp_name->stream_name);
2130 if (!NT_STATUS_IS_OK(status)) {
2131 DEBUG(10, ("%s: leases_db_add failed: %s\n", __func__,
2132 nt_errstr(status)));
2133 TALLOC_FREE(fsp->lease);
2134 return NT_STATUS_INSUFFICIENT_RESOURCES;
2140 return NT_STATUS_OK;
2143 static bool is_same_lease(const files_struct *fsp,
2144 const struct share_mode_data *d,
2145 const struct share_mode_entry *e,
2146 const struct smb2_lease *lease)
2148 if (e->op_type != LEASE_OPLOCK) {
2151 if (lease == NULL) {
2155 return smb2_lease_equal(fsp_client_guid(fsp),
2157 &d->leases[e->lease_idx].client_guid,
2158 &d->leases[e->lease_idx].lease_key);
2161 static NTSTATUS grant_fsp_oplock_type(struct smb_request *req,
2162 struct files_struct *fsp,
2163 struct share_mode_lock *lck,
2165 struct smb2_lease *lease)
2167 struct share_mode_data *d = lck->data;
2168 bool got_handle_lease = false;
2169 bool got_oplock = false;
2172 uint32_t lease_idx = UINT32_MAX;
2176 if (oplock_request & INTERNAL_OPEN_ONLY) {
2177 /* No oplocks on internal open. */
2178 oplock_request = NO_OPLOCK;
2179 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
2180 fsp->oplock_type, fsp_str_dbg(fsp)));
2183 if (oplock_request == LEASE_OPLOCK) {
2184 if (lease == NULL) {
2186 * The SMB2 layer should have checked this
2188 return NT_STATUS_INTERNAL_ERROR;
2191 granted = lease->lease_state;
2193 if (lp_kernel_oplocks(SNUM(fsp->conn))) {
2194 DEBUG(10, ("No lease granted because kernel oplocks are enabled\n"));
2195 granted = SMB2_LEASE_NONE;
2197 if ((granted & (SMB2_LEASE_READ|SMB2_LEASE_WRITE)) == 0) {
2198 DEBUG(10, ("No read or write lease requested\n"));
2199 granted = SMB2_LEASE_NONE;
2201 if (granted == SMB2_LEASE_WRITE) {
2202 DEBUG(10, ("pure write lease requested\n"));
2203 granted = SMB2_LEASE_NONE;
2205 if (granted == (SMB2_LEASE_WRITE|SMB2_LEASE_HANDLE)) {
2206 DEBUG(10, ("write and handle lease requested\n"));
2207 granted = SMB2_LEASE_NONE;
2210 granted = map_oplock_to_lease_type(
2211 oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
2214 if (lp_locking(fsp->conn->params) && file_has_brlocks(fsp)) {
2215 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
2217 granted &= ~SMB2_LEASE_READ;
2220 for (i=0; i<d->num_share_modes; i++) {
2221 struct share_mode_entry *e = &d->share_modes[i];
2222 uint32_t e_lease_type;
2224 e_lease_type = get_lease_type(d, e);
2226 if ((granted & SMB2_LEASE_WRITE) &&
2227 !is_same_lease(fsp, d, e, lease) &&
2228 !share_mode_stale_pid(d, i)) {
2230 * Can grant only one writer
2232 granted &= ~SMB2_LEASE_WRITE;
2235 if ((e_lease_type & SMB2_LEASE_HANDLE) && !got_handle_lease &&
2236 !share_mode_stale_pid(d, i)) {
2237 got_handle_lease = true;
2240 if ((e->op_type != LEASE_OPLOCK) && !got_oplock &&
2241 !share_mode_stale_pid(d, i)) {
2246 if ((granted & SMB2_LEASE_READ) && !(granted & SMB2_LEASE_WRITE)) {
2248 (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
2249 lp_level2_oplocks(SNUM(fsp->conn));
2251 if (!allow_level2) {
2252 granted = SMB2_LEASE_NONE;
2256 if (oplock_request == LEASE_OPLOCK) {
2258 granted &= ~SMB2_LEASE_HANDLE;
2261 fsp->oplock_type = LEASE_OPLOCK;
2263 status = grant_fsp_lease(fsp, lck, lease, &lease_idx,
2265 if (!NT_STATUS_IS_OK(status)) {
2269 *lease = fsp->lease->lease;
2270 DEBUG(10, ("lease_state=%d\n", lease->lease_state));
2272 if (got_handle_lease) {
2273 granted = SMB2_LEASE_NONE;
2277 case SMB2_LEASE_READ|SMB2_LEASE_WRITE|SMB2_LEASE_HANDLE:
2278 fsp->oplock_type = BATCH_OPLOCK|EXCLUSIVE_OPLOCK;
2280 case SMB2_LEASE_READ|SMB2_LEASE_WRITE:
2281 fsp->oplock_type = EXCLUSIVE_OPLOCK;
2283 case SMB2_LEASE_READ|SMB2_LEASE_HANDLE:
2284 case SMB2_LEASE_READ:
2285 fsp->oplock_type = LEVEL_II_OPLOCK;
2288 fsp->oplock_type = NO_OPLOCK;
2292 status = set_file_oplock(fsp);
2293 if (!NT_STATUS_IS_OK(status)) {
2295 * Could not get the kernel oplock
2297 fsp->oplock_type = NO_OPLOCK;
2301 ok = set_share_mode(lck, fsp, get_current_uid(fsp->conn),
2306 return NT_STATUS_NO_MEMORY;
2309 ok = update_num_read_oplocks(fsp, lck);
2311 del_share_mode(lck, fsp);
2312 return NT_STATUS_INTERNAL_ERROR;
2315 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
2316 fsp->oplock_type, fsp_str_dbg(fsp)));
2318 return NT_STATUS_OK;
2321 static bool request_timed_out(struct timeval request_time,
2322 struct timeval timeout)
2324 struct timeval now, end_time;
2326 end_time = timeval_sum(&request_time, &timeout);
2327 return (timeval_compare(&end_time, &now) < 0);
2330 static struct deferred_open_record *deferred_open_record_create(
2331 bool delayed_for_oplocks,
2335 struct deferred_open_record *record = NULL;
2337 record = talloc(NULL, struct deferred_open_record);
2338 if (record == NULL) {
2342 *record = (struct deferred_open_record) {
2343 .delayed_for_oplocks = delayed_for_oplocks,
2344 .async_open = async_open,
2351 struct defer_open_state {
2352 struct smbXsrv_connection *xconn;
2356 static void defer_open_done(struct tevent_req *req);
2359 * Defer an open and watch a locking.tdb record
2361 * This defers an open that gets rescheduled once the locking.tdb record watch
2362 * is triggered by a change to the record.
2364 * It is used to defer opens that triggered an oplock break and for the SMB1
2365 * sharing violation delay.
2367 static void defer_open(struct share_mode_lock *lck,
2368 struct timeval request_time,
2369 struct timeval timeout,
2370 struct smb_request *req,
2371 bool delayed_for_oplocks,
2374 struct deferred_open_record *open_rec = NULL;
2375 struct timeval abs_timeout;
2376 struct defer_open_state *watch_state;
2377 struct tevent_req *watch_req;
2380 abs_timeout = timeval_sum(&request_time, &timeout);
2382 DBG_DEBUG("request time [%s] timeout [%s] mid [%" PRIu64 "] "
2383 "delayed_for_oplocks [%s] file_id [%s]\n",
2384 timeval_string(talloc_tos(), &request_time, false),
2385 timeval_string(talloc_tos(), &abs_timeout, false),
2387 delayed_for_oplocks ? "yes" : "no",
2388 file_id_string_tos(&id));
2390 open_rec = deferred_open_record_create(delayed_for_oplocks,
2393 if (open_rec == NULL) {
2395 exit_server("talloc failed");
2398 watch_state = talloc(open_rec, struct defer_open_state);
2399 if (watch_state == NULL) {
2400 exit_server("talloc failed");
2402 watch_state->xconn = req->xconn;
2403 watch_state->mid = req->mid;
2405 DBG_DEBUG("defering mid %" PRIu64 "\n", req->mid);
2407 watch_req = dbwrap_watched_watch_send(watch_state,
2410 (struct server_id){0});
2411 if (watch_req == NULL) {
2412 exit_server("Could not watch share mode record");
2414 tevent_req_set_callback(watch_req, defer_open_done, watch_state);
2416 ok = tevent_req_set_endtime(watch_req, req->sconn->ev_ctx, abs_timeout);
2418 exit_server("tevent_req_set_endtime failed");
2421 ok = push_deferred_open_message_smb(req, request_time, timeout,
2422 open_rec->id, open_rec);
2425 exit_server("push_deferred_open_message_smb failed");
2429 static void defer_open_done(struct tevent_req *req)
2431 struct defer_open_state *state = tevent_req_callback_data(
2432 req, struct defer_open_state);
2436 status = dbwrap_watched_watch_recv(req, NULL, NULL);
2438 if (!NT_STATUS_IS_OK(status)) {
2439 DEBUG(5, ("dbwrap_watched_watch_recv returned %s\n",
2440 nt_errstr(status)));
2442 * Even if it failed, retry anyway. TODO: We need a way to
2443 * tell a re-scheduled open about that error.
2447 DEBUG(10, ("scheduling mid %llu\n", (unsigned long long)state->mid));
2449 ret = schedule_deferred_open_message_smb(state->xconn, state->mid);
2455 * Actually attempt the kernel oplock polling open.
2458 static void kernel_oplock_poll_open_timer(struct tevent_context *ev,
2459 struct tevent_timer *te,
2460 struct timeval current_time,
2464 struct smb_request *req = (struct smb_request *)private_data;
2466 ok = schedule_deferred_open_message_smb(req->xconn, req->mid);
2468 exit_server("schedule_deferred_open_message_smb failed");
2470 DBG_DEBUG("kernel_oplock_poll_open_timer fired. Retying open !\n");
2474 * Reschedule an open for 1 second from now, if not timed out.
2476 static void setup_kernel_oplock_poll_open(struct timeval request_time,
2477 struct smb_request *req,
2482 struct deferred_open_record *open_rec = NULL;
2483 /* Maximum wait time. */
2484 struct timeval timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
2486 if (request_timed_out(request_time, timeout)) {
2490 open_rec = deferred_open_record_create(false, false, id);
2491 if (open_rec == NULL) {
2492 exit_server("talloc failed");
2495 ok = push_deferred_open_message_smb(req,
2501 exit_server("push_deferred_open_message_smb failed");
2505 * As this timer event is owned by req, it will
2506 * disappear if req it talloc_freed.
2508 open_rec->te = tevent_add_timer(req->sconn->ev_ctx,
2510 timeval_current_ofs(1, 0),
2511 kernel_oplock_poll_open_timer,
2513 if (open_rec->te == NULL) {
2514 exit_server("tevent_add_timer failed");
2517 DBG_DEBUG("poll request time [%s] mid [%" PRIu64 "] file_id [%s]\n",
2518 timeval_string(talloc_tos(), &request_time, false),
2520 file_id_string_tos(&id));
2523 /****************************************************************************
2524 On overwrite open ensure that the attributes match.
2525 ****************************************************************************/
2527 static bool open_match_attributes(connection_struct *conn,
2528 uint32_t old_dos_attr,
2529 uint32_t new_dos_attr,
2530 mode_t existing_unx_mode,
2531 mode_t new_unx_mode,
2532 mode_t *returned_unx_mode)
2534 uint32_t noarch_old_dos_attr, noarch_new_dos_attr;
2536 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
2537 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
2539 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
2540 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
2541 *returned_unx_mode = new_unx_mode;
2543 *returned_unx_mode = (mode_t)0;
2546 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
2547 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
2548 "returned_unx_mode = 0%o\n",
2549 (unsigned int)old_dos_attr,
2550 (unsigned int)existing_unx_mode,
2551 (unsigned int)new_dos_attr,
2552 (unsigned int)*returned_unx_mode ));
2554 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
2555 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
2556 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
2557 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
2561 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
2562 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
2563 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
2570 /****************************************************************************
2571 Special FCB or DOS processing in the case of a sharing violation.
2572 Try and find a duplicated file handle.
2573 ****************************************************************************/
2575 static NTSTATUS fcb_or_dos_open(struct smb_request *req,
2576 connection_struct *conn,
2577 files_struct *fsp_to_dup_into,
2578 const struct smb_filename *smb_fname,
2582 uint32_t access_mask,
2583 uint32_t share_access,
2584 uint32_t create_options)
2588 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
2589 "file %s.\n", smb_fname_str_dbg(smb_fname)));
2591 for(fsp = file_find_di_first(conn->sconn, id); fsp;
2592 fsp = file_find_di_next(fsp)) {
2594 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
2595 "vuid = %llu, file_pid = %u, private_options = 0x%x "
2596 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
2597 fsp->fh->fd, (unsigned long long)fsp->vuid,
2598 (unsigned int)fsp->file_pid,
2599 (unsigned int)fsp->fh->private_options,
2600 (unsigned int)fsp->access_mask ));
2602 if (fsp != fsp_to_dup_into &&
2603 fsp->fh->fd != -1 &&
2604 fsp->vuid == vuid &&
2605 fsp->file_pid == file_pid &&
2606 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
2607 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
2608 (fsp->access_mask & FILE_WRITE_DATA) &&
2609 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
2610 strequal(fsp->fsp_name->stream_name,
2611 smb_fname->stream_name)) {
2612 DEBUG(10,("fcb_or_dos_open: file match\n"));
2618 return NT_STATUS_NOT_FOUND;
2621 /* quite an insane set of semantics ... */
2622 if (is_executable(smb_fname->base_name) &&
2623 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
2624 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
2625 return NT_STATUS_INVALID_PARAMETER;
2628 /* We need to duplicate this fsp. */
2629 return dup_file_fsp(req, fsp, access_mask, share_access,
2630 create_options, fsp_to_dup_into);
2633 static void schedule_defer_open(struct share_mode_lock *lck,
2635 struct timeval request_time,
2636 struct smb_request *req)
2638 /* This is a relative time, added to the absolute
2639 request_time value to get the absolute timeout time.
2640 Note that if this is the second or greater time we enter
2641 this codepath for this particular request mid then
2642 request_time is left as the absolute time of the *first*
2643 time this request mid was processed. This is what allows
2644 the request to eventually time out. */
2646 struct timeval timeout;
2648 /* Normally the smbd we asked should respond within
2649 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
2650 * the client did, give twice the timeout as a safety
2651 * measure here in case the other smbd is stuck
2652 * somewhere else. */
2654 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
2656 if (request_timed_out(request_time, timeout)) {
2660 defer_open(lck, request_time, timeout, req, true, id);
2663 /****************************************************************************
2664 Reschedule an open call that went asynchronous.
2665 ****************************************************************************/
2667 static void schedule_async_open_timer(struct tevent_context *ev,
2668 struct tevent_timer *te,
2669 struct timeval current_time,
2672 exit_server("async open timeout");
2675 static void schedule_async_open(struct timeval request_time,
2676 struct smb_request *req)
2678 struct deferred_open_record *open_rec = NULL;
2679 struct timeval timeout = timeval_set(20, 0);
2682 if (request_timed_out(request_time, timeout)) {
2686 open_rec = deferred_open_record_create(false, true, (struct file_id){0});
2687 if (open_rec == NULL) {
2688 exit_server("deferred_open_record_create failed");
2691 ok = push_deferred_open_message_smb(req, request_time, timeout,
2692 (struct file_id){0}, open_rec);
2694 exit_server("push_deferred_open_message_smb failed");
2697 open_rec->te = tevent_add_timer(req->sconn->ev_ctx,
2699 timeval_current_ofs(20, 0),
2700 schedule_async_open_timer,
2702 if (open_rec->te == NULL) {
2703 exit_server("tevent_add_timer failed");
2707 /****************************************************************************
2708 Work out what access_mask to use from what the client sent us.
2709 ****************************************************************************/
2711 static NTSTATUS smbd_calculate_maximum_allowed_access(
2712 connection_struct *conn,
2713 const struct smb_filename *smb_fname,
2715 uint32_t *p_access_mask)
2717 struct security_descriptor *sd;
2718 uint32_t access_granted;
2721 if (!use_privs && (get_current_uid(conn) == (uid_t)0)) {
2722 *p_access_mask |= FILE_GENERIC_ALL;
2723 return NT_STATUS_OK;
2726 status = SMB_VFS_GET_NT_ACL(conn, smb_fname,
2732 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2734 * File did not exist
2736 *p_access_mask = FILE_GENERIC_ALL;
2737 return NT_STATUS_OK;
2739 if (!NT_STATUS_IS_OK(status)) {
2740 DEBUG(10,("Could not get acl on file %s: %s\n",
2741 smb_fname_str_dbg(smb_fname),
2742 nt_errstr(status)));
2743 return NT_STATUS_ACCESS_DENIED;
2747 * If we can access the path to this file, by
2748 * default we have FILE_READ_ATTRIBUTES from the
2749 * containing directory. See the section:
2750 * "Algorithm to Check Access to an Existing File"
2753 * se_file_access_check()
2754 * also takes care of owner WRITE_DAC and READ_CONTROL.
2756 status = se_file_access_check(sd,
2757 get_current_nttok(conn),
2759 (*p_access_mask & ~FILE_READ_ATTRIBUTES),
2764 if (!NT_STATUS_IS_OK(status)) {
2765 DEBUG(10, ("Access denied on file %s: "
2766 "when calculating maximum access\n",
2767 smb_fname_str_dbg(smb_fname)));
2768 return NT_STATUS_ACCESS_DENIED;
2770 *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
2772 if (!(access_granted & DELETE_ACCESS)) {
2773 if (can_delete_file_in_directory(conn, smb_fname)) {
2774 *p_access_mask |= DELETE_ACCESS;
2778 return NT_STATUS_OK;
2781 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
2782 const struct smb_filename *smb_fname,
2784 uint32_t access_mask,
2785 uint32_t *access_mask_out)
2788 uint32_t orig_access_mask = access_mask;
2789 uint32_t rejected_share_access;
2791 if (access_mask & SEC_MASK_INVALID) {
2792 DBG_DEBUG("access_mask [%8x] contains invalid bits\n",
2794 return NT_STATUS_ACCESS_DENIED;
2798 * Convert GENERIC bits to specific bits.
2801 se_map_generic(&access_mask, &file_generic_mapping);
2803 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
2804 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
2806 status = smbd_calculate_maximum_allowed_access(
2807 conn, smb_fname, use_privs, &access_mask);
2809 if (!NT_STATUS_IS_OK(status)) {
2813 access_mask &= conn->share_access;
2816 rejected_share_access = access_mask & ~(conn->share_access);
2818 if (rejected_share_access) {
2819 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
2820 "file %s: rejected by share access mask[0x%08X] "
2821 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
2822 smb_fname_str_dbg(smb_fname),
2824 orig_access_mask, access_mask,
2825 rejected_share_access));
2826 return NT_STATUS_ACCESS_DENIED;
2829 *access_mask_out = access_mask;
2830 return NT_STATUS_OK;
2833 /****************************************************************************
2834 Remove the deferred open entry under lock.
2835 ****************************************************************************/
2837 /****************************************************************************
2838 Return true if this is a state pointer to an asynchronous create.
2839 ****************************************************************************/
2841 bool is_deferred_open_async(const struct deferred_open_record *rec)
2843 return rec->async_open;
2846 static bool clear_ads(uint32_t create_disposition)
2850 switch (create_disposition) {
2851 case FILE_SUPERSEDE:
2852 case FILE_OVERWRITE_IF:
2853 case FILE_OVERWRITE:
2862 static int disposition_to_open_flags(uint32_t create_disposition)
2867 * Currently we're using FILE_SUPERSEDE as the same as
2868 * FILE_OVERWRITE_IF but they really are
2869 * different. FILE_SUPERSEDE deletes an existing file
2870 * (requiring delete access) then recreates it.
2873 switch (create_disposition) {
2874 case FILE_SUPERSEDE:
2875 case FILE_OVERWRITE_IF:
2877 * If file exists replace/overwrite. If file doesn't
2880 ret = O_CREAT|O_TRUNC;
2885 * If file exists open. If file doesn't exist error.
2890 case FILE_OVERWRITE:
2892 * If file exists overwrite. If file doesn't exist
2900 * If file exists error. If file doesn't exist create.
2902 ret = O_CREAT|O_EXCL;
2907 * If file exists open. If file doesn't exist create.
2915 static int calculate_open_access_flags(uint32_t access_mask,
2916 uint32_t private_flags)
2918 bool need_write, need_read;
2921 * Note that we ignore the append flag as append does not
2922 * mean the same thing under DOS and Unix.
2925 need_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA));
2930 /* DENY_DOS opens are always underlying read-write on the
2931 file handle, no matter what the requested access mask
2935 ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
2936 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|
2937 FILE_READ_EA|FILE_EXECUTE));
2945 /****************************************************************************
2946 Open a file with a share mode. Passed in an already created files_struct *.
2947 ****************************************************************************/
2949 static NTSTATUS open_file_ntcreate(connection_struct *conn,
2950 struct smb_request *req,
2951 uint32_t access_mask, /* access bits (FILE_READ_DATA etc.) */
2952 uint32_t share_access, /* share constants (FILE_SHARE_READ etc) */
2953 uint32_t create_disposition, /* FILE_OPEN_IF etc. */
2954 uint32_t create_options, /* options such as delete on close. */
2955 uint32_t new_dos_attributes, /* attributes used for new file. */
2956 int oplock_request, /* internal Samba oplock codes. */
2957 struct smb2_lease *lease,
2958 /* Information (FILE_EXISTS etc.) */
2959 uint32_t private_flags, /* Samba specific flags. */
2963 struct smb_filename *smb_fname = fsp->fsp_name;
2966 bool file_existed = VALID_STAT(smb_fname->st);
2967 bool def_acl = False;
2968 bool posix_open = False;
2969 bool new_file_created = False;
2970 bool first_open_attempt = true;
2971 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
2972 mode_t new_unx_mode = (mode_t)0;
2973 mode_t unx_mode = (mode_t)0;
2975 uint32_t existing_dos_attributes = 0;
2976 struct timeval request_time = timeval_zero();
2977 struct share_mode_lock *lck = NULL;
2978 uint32_t open_access_mask = access_mask;
2981 SMB_STRUCT_STAT saved_stat = smb_fname->st;
2982 struct timespec old_write_time;
2985 if (conn->printer) {
2987 * Printers are handled completely differently.
2988 * Most of the passed parameters are ignored.
2992 *pinfo = FILE_WAS_CREATED;
2995 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
2996 smb_fname_str_dbg(smb_fname)));
2999 DEBUG(0,("open_file_ntcreate: printer open without "
3000 "an SMB request!\n"));
3001 return NT_STATUS_INTERNAL_ERROR;
3004 return print_spool_open(fsp, smb_fname->base_name,
3008 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
3010 return NT_STATUS_NO_MEMORY;
3013 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3015 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
3016 new_dos_attributes = 0;
3018 /* Windows allows a new file to be created and
3019 silently removes a FILE_ATTRIBUTE_DIRECTORY
3020 sent by the client. Do the same. */
3022 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
3024 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
3026 unx_mode = unix_mode(conn, new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
3027 smb_fname, parent_dir);
3030 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
3031 "access_mask=0x%x share_access=0x%x "
3032 "create_disposition = 0x%x create_options=0x%x "
3033 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
3034 smb_fname_str_dbg(smb_fname), new_dos_attributes,
3035 access_mask, share_access, create_disposition,
3036 create_options, (unsigned int)unx_mode, oplock_request,
3037 (unsigned int)private_flags));
3040 /* Ensure req == NULL means INTERNAL_OPEN_ONLY */
3041 SMB_ASSERT(((oplock_request & INTERNAL_OPEN_ONLY) != 0));
3043 /* And req != NULL means no INTERNAL_OPEN_ONLY */
3044 SMB_ASSERT(((oplock_request & INTERNAL_OPEN_ONLY) == 0));
3048 * Only non-internal opens can be deferred at all
3052 struct deferred_open_record *open_rec;
3053 if (get_deferred_open_message_state(req,
3056 /* Remember the absolute time of the original
3057 request with this mid. We'll use it later to
3058 see if this has timed out. */
3060 /* If it was an async create retry, the file
3063 if (is_deferred_open_async(open_rec)) {
3064 SET_STAT_INVALID(smb_fname->st);
3065 file_existed = false;
3068 /* Ensure we don't reprocess this message. */
3069 remove_deferred_open_message_smb(req->xconn, req->mid);
3071 first_open_attempt = false;
3076 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
3079 * Only use strored DOS attributes for checks
3080 * against requested attributes (below via
3081 * open_match_attributes()), cf bug #11992
3082 * for details. -slow
3086 status = SMB_VFS_GET_DOS_ATTRIBUTES(conn, smb_fname, &attr);
3087 if (NT_STATUS_IS_OK(status)) {
3088 existing_dos_attributes = attr;
3093 /* ignore any oplock requests if oplocks are disabled */
3094 if (!lp_oplocks(SNUM(conn)) ||
3095 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
3096 /* Mask off everything except the private Samba bits. */
3097 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
3100 /* this is for OS/2 long file names - say we don't support them */
3101 if (req != NULL && !req->posix_pathnames &&
3102 strstr(smb_fname->base_name,".+,;=[].")) {
3103 /* OS/2 Workplace shell fix may be main code stream in a later
3105 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
3107 if (use_nt_status()) {
3108 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3110 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
3113 switch( create_disposition ) {
3115 /* If file exists open. If file doesn't exist error. */
3116 if (!file_existed) {
3117 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
3118 "requested for file %s and file "
3120 smb_fname_str_dbg(smb_fname)));
3122 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3126 case FILE_OVERWRITE:
3127 /* If file exists overwrite. If file doesn't exist
3129 if (!file_existed) {
3130 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
3131 "requested for file %s and file "
3133 smb_fname_str_dbg(smb_fname) ));
3135 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3140 /* If file exists error. If file doesn't exist
3143 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
3144 "requested for file %s and file "
3145 "already exists.\n",
3146 smb_fname_str_dbg(smb_fname)));
3147 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
3152 return map_nt_error_from_unix(errno);
3156 case FILE_SUPERSEDE:
3157 case FILE_OVERWRITE_IF:
3161 return NT_STATUS_INVALID_PARAMETER;
3164 flags2 = disposition_to_open_flags(create_disposition);
3166 /* We only care about matching attributes on file exists and
3169 if (!posix_open && file_existed &&
3170 ((create_disposition == FILE_OVERWRITE) ||
3171 (create_disposition == FILE_OVERWRITE_IF))) {
3172 if (!open_match_attributes(conn, existing_dos_attributes,
3174 smb_fname->st.st_ex_mode,
3175 unx_mode, &new_unx_mode)) {
3176 DEBUG(5,("open_file_ntcreate: attributes missmatch "
3177 "for file %s (%x %x) (0%o, 0%o)\n",
3178 smb_fname_str_dbg(smb_fname),
3179 existing_dos_attributes,
3181 (unsigned int)smb_fname->st.st_ex_mode,
3182 (unsigned int)unx_mode ));
3184 return NT_STATUS_ACCESS_DENIED;
3188 status = smbd_calculate_access_mask(conn, smb_fname,
3192 if (!NT_STATUS_IS_OK(status)) {
3193 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
3194 "on file %s returned %s\n",
3195 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
3199 open_access_mask = access_mask;
3201 if (flags2 & O_TRUNC) {
3202 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
3205 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
3206 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
3210 * Note that we ignore the append flag as append does not
3211 * mean the same thing under DOS and Unix.
3214 flags = calculate_open_access_flags(access_mask, private_flags);
3217 * Currently we only look at FILE_WRITE_THROUGH for create options.
3221 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
3226 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
3230 if (!posix_open && !CAN_WRITE(conn)) {
3232 * We should really return a permission denied error if either
3233 * O_CREAT or O_TRUNC are set, but for compatibility with
3234 * older versions of Samba we just AND them out.
3236 flags2 &= ~(O_CREAT|O_TRUNC);
3239 if (lp_kernel_oplocks(SNUM(conn))) {
3241 * With kernel oplocks the open breaking an oplock
3242 * blocks until the oplock holder has given up the
3243 * oplock or closed the file. We prevent this by always
3244 * trying to open the file with O_NONBLOCK (see "man
3247 * If a process that doesn't use the smbd open files
3248 * database or communication methods holds a kernel
3249 * oplock we must periodically poll for available open
3252 flags2 |= O_NONBLOCK;
3256 * Ensure we can't write on a read-only share or file.
3259 if (flags != O_RDONLY && file_existed &&
3260 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
3261 DEBUG(5,("open_file_ntcreate: write access requested for "
3262 "file %s on read only %s\n",
3263 smb_fname_str_dbg(smb_fname),
3264 !CAN_WRITE(conn) ? "share" : "file" ));
3266 return NT_STATUS_ACCESS_DENIED;
3269 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
3270 fsp->share_access = share_access;
3271 fsp->fh->private_options = private_flags;
3272 fsp->access_mask = open_access_mask; /* We change this to the
3273 * requested access_mask after
3274 * the open is done. */
3276 fsp->posix_flags |= FSP_POSIX_FLAGS_ALL;
3279 if (timeval_is_zero(&request_time)) {
3280 request_time = fsp->open_time;
3284 * Ensure we pay attention to default ACLs on directories if required.
3287 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
3288 (def_acl = directory_has_default_acl(conn, parent_dir))) {
3289 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
3292 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
3293 "access_mask = 0x%x, open_access_mask = 0x%x\n",
3294 (unsigned int)flags, (unsigned int)flags2,
3295 (unsigned int)unx_mode, (unsigned int)access_mask,
3296 (unsigned int)open_access_mask));
3298 fsp_open = open_file(fsp, conn, req, parent_dir,
3299 flags|flags2, unx_mode, access_mask,
3300 open_access_mask, &new_file_created);
3302 if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_NETWORK_BUSY)) {
3306 * This handles the kernel oplock case:
3308 * the file has an active kernel oplock and the open() returned
3309 * EWOULDBLOCK/EAGAIN which maps to NETWORK_BUSY.
3311 * "Samba locking.tdb oplocks" are handled below after acquiring
3312 * the sharemode lock with get_share_mode_lock().
3314 if (file_existed && S_ISFIFO(fsp->fsp_name->st.st_ex_mode)) {
3315 DEBUG(10, ("FIFO busy\n"));
3316 return NT_STATUS_NETWORK_BUSY;
3319 DEBUG(10, ("Internal open busy\n"));
3320 return NT_STATUS_NETWORK_BUSY;
3324 * From here on we assume this is an oplock break triggered
3327 lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
3330 * No oplock from Samba around. Set up a poll every 1
3331 * second to retry a non-blocking open until the time
3334 setup_kernel_oplock_poll_open(request_time,
3337 DBG_DEBUG("No Samba oplock around after EWOULDBLOCK. "
3338 "Retrying with poll\n");
3339 return NT_STATUS_SHARING_VIOLATION;
3342 if (!validate_oplock_types(lck)) {
3343 smb_panic("validate_oplock_types failed");
3346 delay = delay_for_oplock(fsp, 0, lease, lck, false,
3348 first_open_attempt);
3350 schedule_defer_open(lck, fsp->file_id, request_time,
3353 DEBUG(10, ("Sent oplock break request to kernel "
3354 "oplock holder\n"));
3355 return NT_STATUS_SHARING_VIOLATION;
3359 * No oplock from Samba around. Set up a poll every 1
3360 * second to retry a non-blocking open until the time
3363 setup_kernel_oplock_poll_open(request_time, req, fsp->file_id);
3366 DBG_DEBUG("No Samba oplock around after EWOULDBLOCK. "
3367 "Retrying with poll\n");
3368 return NT_STATUS_SHARING_VIOLATION;
3371 if (!NT_STATUS_IS_OK(fsp_open)) {
3372 if (NT_STATUS_EQUAL(fsp_open, NT_STATUS_RETRY)) {
3373 schedule_async_open(request_time, req);
3378 if (new_file_created) {
3380 * As we atomically create using O_CREAT|O_EXCL,
3381 * then if new_file_created is true, then
3382 * file_existed *MUST* have been false (even
3383 * if the file was previously detected as being
3386 file_existed = false;
3389 if (file_existed && !check_same_dev_ino(&saved_stat, &smb_fname->st)) {
3391 * The file did exist, but some other (local or NFS)
3392 * process either renamed/unlinked and re-created the
3393 * file with different dev/ino after we walked the path,
3394 * but before we did the open. We could retry the
3395 * open but it's a rare enough case it's easier to
3396 * just fail the open to prevent creating any problems
3397 * in the open file db having the wrong dev/ino key.
3400 DEBUG(1,("open_file_ntcreate: file %s - dev/ino mismatch. "
3401 "Old (dev=0x%llu, ino =0x%llu). "
3402 "New (dev=0x%llu, ino=0x%llu). Failing open "
3403 " with NT_STATUS_ACCESS_DENIED.\n",
3404 smb_fname_str_dbg(smb_fname),
3405 (unsigned long long)saved_stat.st_ex_dev,
3406 (unsigned long long)saved_stat.st_ex_ino,
3407 (unsigned long long)smb_fname->st.st_ex_dev,
3408 (unsigned long long)smb_fname->st.st_ex_ino));
3409 return NT_STATUS_ACCESS_DENIED;
3412 old_write_time = smb_fname->st.st_ex_mtime;
3415 * Deal with the race condition where two smbd's detect the
3416 * file doesn't exist and do the create at the same time. One
3417 * of them will win and set a share mode, the other (ie. this
3418 * one) should check if the requested share mode for this
3419 * create is allowed.
3423 * Now the file exists and fsp is successfully opened,
3424 * fsp->dev and fsp->inode are valid and should replace the
3425 * dev=0,inode=0 from a non existent file. Spotted by
3426 * Nadav Danieli <nadavd@exanet.com>. JRA.
3431 lck = get_share_mode_lock(talloc_tos(), id,
3433 smb_fname, &old_write_time);
3436 DEBUG(0, ("open_file_ntcreate: Could not get share "
3437 "mode lock for %s\n",
3438 smb_fname_str_dbg(smb_fname)));
3440 return NT_STATUS_SHARING_VIOLATION;
3443 /* Get the types we need to examine. */
3444 if (!validate_oplock_types(lck)) {
3445 smb_panic("validate_oplock_types failed");
3448 if (has_delete_on_close(lck, fsp->name_hash)) {
3451 return NT_STATUS_DELETE_PENDING;
3454 status = open_mode_check(conn, lck,
3455 access_mask, share_access);
3457 if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION) ||
3458 (lck->data->num_share_modes > 0)) {
3460 * This comes from ancient times out of open_mode_check. I
3461 * have no clue whether this is still necessary. I can't think
3462 * of a case where this would actually matter further down in
3463 * this function. I leave it here for further investigation
3466 file_existed = true;
3471 * Handle oplocks, deferring the request if delay_for_oplock()
3472 * triggered a break message and we have to wait for the break
3476 bool sharing_violation = NT_STATUS_EQUAL(
3477 status, NT_STATUS_SHARING_VIOLATION);
3479 delay = delay_for_oplock(fsp, oplock_request, lease, lck,
3482 first_open_attempt);
3484 schedule_defer_open(lck, fsp->file_id,
3488 return NT_STATUS_SHARING_VIOLATION;
3492 if (!NT_STATUS_IS_OK(status)) {
3493 uint32_t can_access_mask;
3494 bool can_access = True;
3496 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
3498 /* Check if this can be done with the deny_dos and fcb
3501 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
3502 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
3504 DEBUG(0, ("DOS open without an SMB "
3508 return NT_STATUS_INTERNAL_ERROR;
3511 /* Use the client requested access mask here,
3512 * not the one we open with. */
3513 status = fcb_or_dos_open(req,
3524 if (NT_STATUS_IS_OK(status)) {
3527 *pinfo = FILE_WAS_OPENED;
3529 return NT_STATUS_OK;
3534 * This next line is a subtlety we need for
3535 * MS-Access. If a file open will fail due to share
3536 * permissions and also for security (access) reasons,
3537 * we need to return the access failed error, not the
3538 * share error. We can't open the file due to kernel
3539 * oplock deadlock (it's possible we failed above on
3540 * the open_mode_check()) so use a userspace check.
3543 if (flags & O_RDWR) {
3544 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
3545 } else if (flags & O_WRONLY) {
3546 can_access_mask = FILE_WRITE_DATA;
3548 can_access_mask = FILE_READ_DATA;
3551 if (((can_access_mask & FILE_WRITE_DATA) &&
3552 !CAN_WRITE(conn)) ||
3553 !NT_STATUS_IS_OK(smbd_check_access_rights(conn,
3556 can_access_mask))) {
3561 * If we're returning a share violation, ensure we
3562 * cope with the braindead 1 second delay (SMB1 only).
3565 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
3566 !conn->sconn->using_smb2 &&
3567 lp_defer_sharing_violations()) {
3568 struct timeval timeout;
3571 /* this is a hack to speed up torture tests
3573 timeout_usecs = lp_parm_int(SNUM(conn),
3574 "smbd","sharedelay",
3575 SHARING_VIOLATION_USEC_WAIT);
3577 /* This is a relative time, added to the absolute
3578 request_time value to get the absolute timeout time.
3579 Note that if this is the second or greater time we enter
3580 this codepath for this particular request mid then
3581 request_time is left as the absolute time of the *first*
3582 time this request mid was processed. This is what allows
3583 the request to eventually time out. */
3585 timeout = timeval_set(0, timeout_usecs);
3587 if (!request_timed_out(request_time, timeout)) {
3588 defer_open(lck, request_time, timeout, req,
3597 * We have detected a sharing violation here
3598 * so return the correct error code
3600 status = NT_STATUS_SHARING_VIOLATION;
3602 status = NT_STATUS_ACCESS_DENIED;
3607 /* Should we atomically (to the client at least) truncate ? */
3608 if ((!new_file_created) &&
3609 (flags2 & O_TRUNC) &&
3610 (!S_ISFIFO(fsp->fsp_name->st.st_ex_mode))) {
3613 ret = vfs_set_filelen(fsp, 0);
3615 status = map_nt_error_from_unix(errno);
3623 * We have the share entry *locked*.....
3626 /* Delete streams if create_disposition requires it */
3627 if (!new_file_created && clear_ads(create_disposition) &&
3628 !is_ntfs_stream_smb_fname(smb_fname)) {
3629 status = delete_all_streams(conn, smb_fname);
3630 if (!NT_STATUS_IS_OK(status)) {
3637 /* note that we ignore failure for the following. It is
3638 basically a hack for NFS, and NFS will never set one of
3639 these only read them. Nobody but Samba can ever set a deny
3640 mode and we have already checked our more authoritative
3641 locking database for permission to set this deny mode. If
3642 the kernel refuses the operations then the kernel is wrong.
3643 note that GPFS supports it as well - jmcd */
3645 if (fsp->fh->fd != -1 && lp_kernel_share_modes(SNUM(conn))) {
3648 * Beware: streams implementing VFS modules may
3649 * implement streams in a way that fsp will have the
3650 * basefile open in the fsp fd, so lacking a distinct
3651 * fd for the stream kernel_flock will apply on the
3652 * basefile which is wrong. The actual check is
3653 * deffered to the VFS module implementing the
3654 * kernel_flock call.
3656 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
3657 if(ret_flock == -1 ){
3662 return NT_STATUS_SHARING_VIOLATION;
3665 fsp->kernel_share_modes_taken = true;
3669 * At this point onwards, we can guarantee that the share entry
3670 * is locked, whether we created the file or not, and that the
3671 * deny mode is compatible with all current opens.
3675 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
3676 * but we don't have to store this - just ignore it on access check.
3678 if (conn->sconn->using_smb2) {
3680 * SMB2 doesn't return it (according to Microsoft tests).
3681 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
3682 * File created with access = 0x7 (Read, Write, Delete)
3683 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
3685 fsp->access_mask = access_mask;
3687 /* But SMB1 does. */
3688 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
3693 * stat opens on existing files don't get oplocks.
3694 * They can get leases.
3696 * Note that we check for stat open on the *open_access_mask*,
3697 * i.e. the access mask we actually used to do the open,
3698 * not the one the client asked for (which is in
3699 * fsp->access_mask). This is due to the fact that
3700 * FILE_OVERWRITE and FILE_OVERWRITE_IF add in O_TRUNC,
3701 * which adds FILE_WRITE_DATA to open_access_mask.
3703 if (is_stat_open(open_access_mask) && lease == NULL) {
3704 oplock_request = NO_OPLOCK;
3708 if (new_file_created) {
3709 info = FILE_WAS_CREATED;
3711 if (flags2 & O_TRUNC) {
3712 info = FILE_WAS_OVERWRITTEN;
3714 info = FILE_WAS_OPENED;
3723 * Setup the oplock info in both the shared memory and
3726 status = grant_fsp_oplock_type(req, fsp, lck, oplock_request, lease);
3727 if (!NT_STATUS_IS_OK(status)) {
3733 /* Handle strange delete on close create semantics. */
3734 if (create_options & FILE_DELETE_ON_CLOSE) {
3736 status = can_set_delete_on_close(fsp, new_dos_attributes);
3738 if (!NT_STATUS_IS_OK(status)) {
3739 /* Remember to delete the mode we just added. */
3740 del_share_mode(lck, fsp);
3745 /* Note that here we set the *inital* delete on close flag,
3746 not the regular one. The magic gets handled in close. */
3747 fsp->initial_delete_on_close = True;
3750 if (info != FILE_WAS_OPENED) {
3751 /* Overwritten files should be initially set as archive */
3752 if ((info == FILE_WAS_OVERWRITTEN && lp_map_archive(SNUM(conn))) ||
3753 lp_store_dos_attributes(SNUM(conn))) {
3755 if (file_set_dosmode(conn, smb_fname,
3756 new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
3757 parent_dir, true) == 0) {
3758 unx_mode = smb_fname->st.st_ex_mode;
3764 /* Determine sparse flag. */
3766 /* POSIX opens are sparse by default. */
3767 fsp->is_sparse = true;
3769 fsp->is_sparse = (file_existed &&
3770 (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE));
3774 * Take care of inherited ACLs on created files - if default ACL not
3778 if (!posix_open && new_file_created && !def_acl) {
3780 int saved_errno = errno; /* We might get ENOSYS in the next
3783 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
3785 errno = saved_errno; /* Ignore ENOSYS */
3788 } else if (new_unx_mode) {
3792 /* Attributes need changing. File already existed. */
3795 int saved_errno = errno; /* We might get ENOSYS in the
3797 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
3799 if (ret == -1 && errno == ENOSYS) {
3800 errno = saved_errno; /* Ignore ENOSYS */
3802 DEBUG(5, ("open_file_ntcreate: reset "
3803 "attributes of file %s to 0%o\n",
3804 smb_fname_str_dbg(smb_fname),
3805 (unsigned int)new_unx_mode));
3806 ret = 0; /* Don't do the fchmod below. */
3811 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
3812 DEBUG(5, ("open_file_ntcreate: failed to reset "
3813 "attributes of file %s to 0%o\n",
3814 smb_fname_str_dbg(smb_fname),
3815 (unsigned int)new_unx_mode));
3820 * Deal with other opens having a modified write time.
3822 struct timespec write_time = get_share_mode_write_time(lck);
3824 if (!null_timespec(write_time)) {
3825 update_stat_ex_mtime(&fsp->fsp_name->st, write_time);
3831 return NT_STATUS_OK;
3834 static NTSTATUS mkdir_internal(connection_struct *conn,
3835 struct smb_filename *smb_dname,
3836 uint32_t file_attributes)
3839 char *parent_dir = NULL;
3841 bool posix_open = false;
3842 bool need_re_stat = false;
3843 uint32_t access_mask = SEC_DIR_ADD_SUBDIR;
3845 if (!CAN_WRITE(conn) || (access_mask & ~(conn->share_access))) {
3846 DEBUG(5,("mkdir_internal: failing share access "
3847 "%s\n", lp_servicename(talloc_tos(), SNUM(conn))));
3848 return NT_STATUS_ACCESS_DENIED;
3851 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
3853 return NT_STATUS_NO_MEMORY;
3856 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3858 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
3860 mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, smb_dname, parent_dir);
3863 status = check_parent_access(conn,
3866 if(!NT_STATUS_IS_OK(status)) {
3867 DEBUG(5,("mkdir_internal: check_parent_access "
3868 "on directory %s for path %s returned %s\n",
3870 smb_dname->base_name,
3871 nt_errstr(status) ));
3875 if (SMB_VFS_MKDIR(conn, smb_dname, mode) != 0) {
3876 return map_nt_error_from_unix(errno);
3879 /* Ensure we're checking for a symlink here.... */
3880 /* We don't want to get caught by a symlink racer. */
3882 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
3883 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
3884 smb_fname_str_dbg(smb_dname), strerror(errno)));
3885 return map_nt_error_from_unix(errno);
3888 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
3889 DEBUG(0, ("Directory '%s' just created is not a directory !\n",
3890 smb_fname_str_dbg(smb_dname)));
3891 return NT_STATUS_NOT_A_DIRECTORY;
3894 if (lp_store_dos_attributes(SNUM(conn))) {
3896 file_set_dosmode(conn, smb_dname,
3897 file_attributes | FILE_ATTRIBUTE_DIRECTORY,
3902 if (lp_inherit_permissions(SNUM(conn))) {
3903 inherit_access_posix_acl(conn, parent_dir,
3905 need_re_stat = true;
3910 * Check if high bits should have been set,
3911 * then (if bits are missing): add them.
3912 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
3915 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
3916 (mode & ~smb_dname->st.st_ex_mode)) {
3917 SMB_VFS_CHMOD(conn, smb_dname,
3918 (smb_dname->st.st_ex_mode |
3919 (mode & ~smb_dname->st.st_ex_mode)));
3920 need_re_stat = true;
3924 /* Change the owner if required. */
3925 if (lp_inherit_owner(SNUM(conn)) != INHERIT_OWNER_NO) {
3926 change_dir_owner_to_parent(conn, parent_dir,
3929 need_re_stat = true;
3933 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
3934 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
3935 smb_fname_str_dbg(smb_dname), strerror(errno)));
3936 return map_nt_error_from_unix(errno);
3940 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
3941 smb_dname->base_name);
3943 return NT_STATUS_OK;
3946 /****************************************************************************
3947 Open a directory from an NT SMB call.
3948 ****************************************************************************/
3950 static NTSTATUS open_directory(connection_struct *conn,
3951 struct smb_request *req,
3952 struct smb_filename *smb_dname,
3953 uint32_t access_mask,
3954 uint32_t share_access,
3955 uint32_t create_disposition,
3956 uint32_t create_options,
3957 uint32_t file_attributes,
3959 files_struct **result)
3961 files_struct *fsp = NULL;
3962 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
3963 struct share_mode_lock *lck = NULL;
3965 struct timespec mtimespec;
3969 if (is_ntfs_stream_smb_fname(smb_dname)) {
3970 DEBUG(2, ("open_directory: %s is a stream name!\n",
3971 smb_fname_str_dbg(smb_dname)));
3972 return NT_STATUS_NOT_A_DIRECTORY;
3975 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
3976 /* Ensure we have a directory attribute. */
3977 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
3980 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
3981 "share_access = 0x%x create_options = 0x%x, "
3982 "create_disposition = 0x%x, file_attributes = 0x%x\n",
3983 smb_fname_str_dbg(smb_dname),
3984 (unsigned int)access_mask,
3985 (unsigned int)share_access,
3986 (unsigned int)create_options,
3987 (unsigned int)create_disposition,
3988 (unsigned int)file_attributes));
3990 status = smbd_calculate_access_mask(conn, smb_dname, false,
3991 access_mask, &access_mask);
3992 if (!NT_STATUS_IS_OK(status)) {
3993 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
3994 "on file %s returned %s\n",
3995 smb_fname_str_dbg(smb_dname),
3996 nt_errstr(status)));
4000 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
4001 !security_token_has_privilege(get_current_nttok(conn),
4002 SEC_PRIV_SECURITY)) {
4003 DEBUG(10, ("open_directory: open on %s "
4004 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
4005 smb_fname_str_dbg(smb_dname)));
4006 return NT_STATUS_PRIVILEGE_NOT_HELD;
4009 switch( create_disposition ) {
4013 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
4016 info = FILE_WAS_OPENED;
4021 /* If directory exists error. If directory doesn't
4025 status = NT_STATUS_OBJECT_NAME_COLLISION;
4026 DEBUG(2, ("open_directory: unable to create "
4027 "%s. Error was %s\n",
4028 smb_fname_str_dbg(smb_dname),
4029 nt_errstr(status)));
4033 status = mkdir_internal(conn, smb_dname,
4036 if (!NT_STATUS_IS_OK(status)) {
4037 DEBUG(2, ("open_directory: unable to create "
4038 "%s. Error was %s\n",
4039 smb_fname_str_dbg(smb_dname),
4040 nt_errstr(status)));
4044 info = FILE_WAS_CREATED;
4049 * If directory exists open. If directory doesn't
4054 status = NT_STATUS_OK;
4055 info = FILE_WAS_OPENED;
4057 status = mkdir_internal(conn, smb_dname,
4060 if (NT_STATUS_IS_OK(status)) {
4061 info = FILE_WAS_CREATED;
4063 /* Cope with create race. */
4064 if (!NT_STATUS_EQUAL(status,
4065 NT_STATUS_OBJECT_NAME_COLLISION)) {
4066 DEBUG(2, ("open_directory: unable to create "
4067 "%s. Error was %s\n",
4068 smb_fname_str_dbg(smb_dname),
4069 nt_errstr(status)));
4074 * If mkdir_internal() returned
4075 * NT_STATUS_OBJECT_NAME_COLLISION
4076 * we still must lstat the path.
4079 if (SMB_VFS_LSTAT(conn, smb_dname)
4081 DEBUG(2, ("Could not stat "
4082 "directory '%s' just "
4087 return map_nt_error_from_unix(
4091 info = FILE_WAS_OPENED;
4097 case FILE_SUPERSEDE:
4098 case FILE_OVERWRITE:
4099 case FILE_OVERWRITE_IF:
4101 DEBUG(5,("open_directory: invalid create_disposition "
4102 "0x%x for directory %s\n",
4103 (unsigned int)create_disposition,
4104 smb_fname_str_dbg(smb_dname)));
4105 return NT_STATUS_INVALID_PARAMETER;
4108 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
4109 DEBUG(5,("open_directory: %s is not a directory !\n",
4110 smb_fname_str_dbg(smb_dname)));
4111 return NT_STATUS_NOT_A_DIRECTORY;
4114 if (info == FILE_WAS_OPENED) {
4115 status = smbd_check_access_rights(conn,
4119 if (!NT_STATUS_IS_OK(status)) {
4120 DEBUG(10, ("open_directory: smbd_check_access_rights on "
4121 "file %s failed with %s\n",
4122 smb_fname_str_dbg(smb_dname),
4123 nt_errstr(status)));
4128 status = file_new(req, conn, &fsp);
4129 if(!NT_STATUS_IS_OK(status)) {
4134 * Setup the files_struct for it.
4137 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
4138 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
4139 fsp->file_pid = req ? req->smbpid : 0;
4140 fsp->can_lock = False;
4141 fsp->can_read = False;
4142 fsp->can_write = False;
4144 fsp->share_access = share_access;
4145 fsp->fh->private_options = 0;
4147 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
4149 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
4150 fsp->print_file = NULL;
4151 fsp->modified = False;
4152 fsp->oplock_type = NO_OPLOCK;
4153 fsp->sent_oplock_break = NO_BREAK_SENT;
4154 fsp->is_directory = True;
4155 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
4156 fsp->posix_flags |= FSP_POSIX_FLAGS_ALL;
4158 status = fsp_set_smb_fname(fsp, smb_dname);
4159 if (!NT_STATUS_IS_OK(status)) {
4160 file_free(req, fsp);
4164 /* Don't store old timestamps for directory
4165 handles in the internal database. We don't
4166 update them in there if new objects
4167 are creaded in the directory. Currently
4168 we only update timestamps on file writes.
4171 ZERO_STRUCT(mtimespec);
4173 if (access_mask & (FILE_LIST_DIRECTORY|
4175 FILE_ADD_SUBDIRECTORY|
4178 FILE_DELETE_CHILD)) {
4180 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
4182 /* POSIX allows us to open a directory with O_RDONLY. */
4183 status = fd_open(conn, fsp, O_RDONLY, 0);
4185 if (!NT_STATUS_IS_OK(status)) {
4186 DEBUG(5, ("open_directory: Could not open fd for "
4188 smb_fname_str_dbg(smb_dname),
4189 nt_errstr(status)));
4190 file_free(req, fsp);
4195 DEBUG(10, ("Not opening Directory %s\n",
4196 smb_fname_str_dbg(smb_dname)));
4199 status = vfs_stat_fsp(fsp);
4200 if (!NT_STATUS_IS_OK(status)) {
4202 file_free(req, fsp);
4206 if(!S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
4207 DEBUG(5,("open_directory: %s is not a directory !\n",
4208 smb_fname_str_dbg(smb_dname)));
4210 file_free(req, fsp);
4211 return NT_STATUS_NOT_A_DIRECTORY;
4214 /* Ensure there was no race condition. We need to check
4215 * dev/inode but not permissions, as these can change
4217 if (!check_same_dev_ino(&smb_dname->st, &fsp->fsp_name->st)) {
4218 DEBUG(5,("open_directory: stat struct differs for "
4220 smb_fname_str_dbg(smb_dname)));
4222 file_free(req, fsp);
4223 return NT_STATUS_ACCESS_DENIED;
4226 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
4227 conn->connectpath, smb_dname,
4231 DEBUG(0, ("open_directory: Could not get share mode lock for "
4232 "%s\n", smb_fname_str_dbg(smb_dname)));
4234 file_free(req, fsp);
4235 return NT_STATUS_SHARING_VIOLATION;
4238 if (has_delete_on_close(lck, fsp->name_hash)) {
4241 file_free(req, fsp);
4242 return NT_STATUS_DELETE_PENDING;
4245 status = open_mode_check(conn, lck,
4246 access_mask, share_access);
4248 if (!NT_STATUS_IS_OK(status)) {
4251 file_free(req, fsp);
4255 ok = set_share_mode(lck, fsp, get_current_uid(conn),
4256 req ? req->mid : 0, NO_OPLOCK,
4261 file_free(req, fsp);
4262 return NT_STATUS_NO_MEMORY;
4265 /* For directories the delete on close bit at open time seems
4266 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
4267 if (create_options & FILE_DELETE_ON_CLOSE) {
4268 status = can_set_delete_on_close(fsp, 0);
4269 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
4270 del_share_mode(lck, fsp);
4273 file_free(req, fsp);
4277 if (NT_STATUS_IS_OK(status)) {
4278 /* Note that here we set the *inital* delete on close flag,
4279 not the regular one. The magic gets handled in close. */
4280 fsp->initial_delete_on_close = True;
4286 * Deal with other opens having a modified write time. Is this
4287 * possible for directories?
4289 struct timespec write_time = get_share_mode_write_time(lck);
4291 if (!null_timespec(write_time)) {
4292 update_stat_ex_mtime(&fsp->fsp_name->st, write_time);
4303 return NT_STATUS_OK;
4306 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
4307 struct smb_filename *smb_dname)
4312 status = SMB_VFS_CREATE_FILE(
4315 0, /* root_dir_fid */
4316 smb_dname, /* fname */
4317 FILE_READ_ATTRIBUTES, /* access_mask */
4318 FILE_SHARE_NONE, /* share_access */
4319 FILE_CREATE, /* create_disposition*/
4320 FILE_DIRECTORY_FILE, /* create_options */
4321 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
4322 0, /* oplock_request */
4324 0, /* allocation_size */
4325 0, /* private_flags */
4330 NULL, NULL); /* create context */
4332 if (NT_STATUS_IS_OK(status)) {
4333 close_file(req, fsp, NORMAL_CLOSE);
4339 /****************************************************************************
4340 Receive notification that one of our open files has been renamed by another
4342 ****************************************************************************/
4344 void msg_file_was_renamed(struct messaging_context *msg,
4347 struct server_id server_id,
4351 char *frm = (char *)data->data;
4353 const char *sharepath;
4354 const char *base_name;
4355 const char *stream_name;
4356 struct smb_filename *smb_fname = NULL;
4357 size_t sp_len, bn_len;
4359 struct smbd_server_connection *sconn =
4360 talloc_get_type_abort(private_data,
4361 struct smbd_server_connection);
4363 if (data->data == NULL
4364 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
4365 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
4366 (int)data->length));
4370 /* Unpack the message. */
4371 pull_file_id_24(frm, &id);
4372 sharepath = &frm[24];
4373 sp_len = strlen(sharepath);
4374 base_name = sharepath + sp_len + 1;
4375 bn_len = strlen(base_name);
4376 stream_name = sharepath + sp_len + 1 + bn_len + 1;
4378 /* stream_name must always be NULL if there is no stream. */
4379 if (stream_name[0] == '\0') {
4383 smb_fname = synthetic_smb_fname(talloc_tos(),
4388 if (smb_fname == NULL) {
4392 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
4394 sharepath, smb_fname_str_dbg(smb_fname),
4395 file_id_string_tos(&id)));
4397 for(fsp = file_find_di_first(sconn, id); fsp;
4398 fsp = file_find_di_next(fsp)) {
4399 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
4401 DEBUG(10,("msg_file_was_renamed: renaming file %s from %s -> %s\n",
4402 fsp_fnum_dbg(fsp), fsp_str_dbg(fsp),
4403 smb_fname_str_dbg(smb_fname)));
4404 status = fsp_set_smb_fname(fsp, smb_fname);
4405 if (!NT_STATUS_IS_OK(status)) {
4410 /* Now we have the complete path we can work out if this is
4411 actually within this share and adjust newname accordingly. */
4412 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
4413 "not sharepath %s) "
4414 "%s from %s -> %s\n",
4415 fsp->conn->connectpath,
4419 smb_fname_str_dbg(smb_fname)));
4423 TALLOC_FREE(smb_fname);
4428 * If a main file is opened for delete, all streams need to be checked for
4429 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
4430 * If that works, delete them all by setting the delete on close and close.
4433 static NTSTATUS open_streams_for_delete(connection_struct *conn,
4434 const struct smb_filename *smb_fname)
4436 struct stream_struct *stream_info = NULL;
4437 files_struct **streams = NULL;
4439 unsigned int num_streams = 0;
4440 TALLOC_CTX *frame = talloc_stackframe();
4443 status = vfs_streaminfo(conn, NULL, smb_fname, talloc_tos(),
4444 &num_streams, &stream_info);
4446 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
4447 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
4448 DEBUG(10, ("no streams around\n"));
4450 return NT_STATUS_OK;
4453 if (!NT_STATUS_IS_OK(status)) {
4454 DEBUG(10, ("vfs_streaminfo failed: %s\n",
4455 nt_errstr(status)));
4459 DEBUG(10, ("open_streams_for_delete found %d streams\n",
4462 if (num_streams == 0) {
4464 return NT_STATUS_OK;
4467 streams = talloc_array(talloc_tos(), files_struct *, num_streams);
4468 if (streams == NULL) {
4469 DEBUG(0, ("talloc failed\n"));
4470 status = NT_STATUS_NO_MEMORY;
4474 for (i=0; i<num_streams; i++) {
4475 struct smb_filename *smb_fname_cp;
4477 if (strequal(stream_info[i].name, "::$DATA")) {
4482 smb_fname_cp = synthetic_smb_fname(talloc_tos(),
4483 smb_fname->base_name,
4484 stream_info[i].name,
4487 ~SMB_FILENAME_POSIX_PATH));
4488 if (smb_fname_cp == NULL) {
4489 status = NT_STATUS_NO_MEMORY;
4493 if (SMB_VFS_STAT(conn, smb_fname_cp) == -1) {
4494 DEBUG(10, ("Unable to stat stream: %s\n",
4495 smb_fname_str_dbg(smb_fname_cp)));
4498 status = SMB_VFS_CREATE_FILE(
4501 0, /* root_dir_fid */
4502 smb_fname_cp, /* fname */
4503 DELETE_ACCESS, /* access_mask */
4504 (FILE_SHARE_READ | /* share_access */
4505 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
4506 FILE_OPEN, /* create_disposition*/
4507 0, /* create_options */
4508 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
4509 0, /* oplock_request */
4511 0, /* allocation_size */
4512 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
4515 &streams[i], /* result */
4517 NULL, NULL); /* create context */
4519 if (!NT_STATUS_IS_OK(status)) {
4520 DEBUG(10, ("Could not open stream %s: %s\n",
4521 smb_fname_str_dbg(smb_fname_cp),
4522 nt_errstr(status)));
4524 TALLOC_FREE(smb_fname_cp);
4527 TALLOC_FREE(smb_fname_cp);
4531 * don't touch the variable "status" beyond this point :-)
4534 for (i -= 1 ; i >= 0; i--) {
4535 if (streams[i] == NULL) {
4539 DEBUG(10, ("Closing stream # %d, %s\n", i,
4540 fsp_str_dbg(streams[i])));
4541 close_file(NULL, streams[i], NORMAL_CLOSE);
4549 /*********************************************************************
4550 Create a default ACL by inheriting from the parent. If no inheritance
4551 from the parent available, don't set anything. This will leave the actual
4552 permissions the new file or directory already got from the filesystem
4553 as the NT ACL when read.
4554 *********************************************************************/
4556 static NTSTATUS inherit_new_acl(files_struct *fsp)
4558 TALLOC_CTX *frame = talloc_stackframe();
4559 char *parent_name = NULL;
4560 struct security_descriptor *parent_desc = NULL;
4561 NTSTATUS status = NT_STATUS_OK;
4562 struct security_descriptor *psd = NULL;
4563 const struct dom_sid *owner_sid = NULL;
4564 const struct dom_sid *group_sid = NULL;
4565 uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
4566 struct security_token *token = fsp->conn->session_info->security_token;
4567 bool inherit_owner =
4568 (lp_inherit_owner(SNUM(fsp->conn)) == INHERIT_OWNER_WINDOWS_AND_UNIX);
4569 bool inheritable_components = false;
4570 bool try_builtin_administrators = false;
4571 const struct dom_sid *BA_U_sid = NULL;
4572 const struct dom_sid *BA_G_sid = NULL;
4573 bool try_system = false;
4574 const struct dom_sid *SY_U_sid = NULL;
4575 const struct dom_sid *SY_G_sid = NULL;
4577 struct smb_filename *parent_smb_fname = NULL;
4579 if (!parent_dirname(frame, fsp->fsp_name->base_name, &parent_name, NULL)) {
4581 return NT_STATUS_NO_MEMORY;
4583 parent_smb_fname = synthetic_smb_fname(talloc_tos(),
4587 fsp->fsp_name->flags);
4589 if (parent_smb_fname == NULL) {
4591 return NT_STATUS_NO_MEMORY;
4594 status = SMB_VFS_GET_NT_ACL(fsp->conn,
4596 (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
4599 if (!NT_STATUS_IS_OK(status)) {
4604 inheritable_components = sd_has_inheritable_components(parent_desc,
4607 if (!inheritable_components && !inherit_owner) {
4609 /* Nothing to inherit and not setting owner. */
4610 return NT_STATUS_OK;
4613 /* Create an inherited descriptor from the parent. */
4615 if (DEBUGLEVEL >= 10) {
4616 DEBUG(10,("inherit_new_acl: parent acl for %s is:\n",
4617 fsp_str_dbg(fsp) ));
4618 NDR_PRINT_DEBUG(security_descriptor, parent_desc);
4621 /* Inherit from parent descriptor if "inherit owner" set. */
4622 if (inherit_owner) {
4623 owner_sid = parent_desc->owner_sid;
4624 group_sid = parent_desc->group_sid;
4627 if (owner_sid == NULL) {
4628 if (security_token_has_builtin_administrators(token)) {
4629 try_builtin_administrators = true;
4630 } else if (security_token_is_system(token)) {
4631 try_builtin_administrators = true;
4636 if (group_sid == NULL &&
4637 token->num_sids == PRIMARY_GROUP_SID_INDEX)
4639 if (security_token_is_system(token)) {
4640 try_builtin_administrators = true;
4645 if (try_builtin_administrators) {
4650 ok = sids_to_unixids(&global_sid_Builtin_Administrators, 1, &ids);
4654 BA_U_sid = &global_sid_Builtin_Administrators;
4655 BA_G_sid = &global_sid_Builtin_Administrators;
4658 BA_U_sid = &global_sid_Builtin_Administrators;
4661 BA_G_sid = &global_sid_Builtin_Administrators;
4674 ok = sids_to_unixids(&global_sid_System, 1, &ids);
4678 SY_U_sid = &global_sid_System;
4679 SY_G_sid = &global_sid_System;
4682 SY_U_sid = &global_sid_System;
4685 SY_G_sid = &global_sid_System;
4693 if (owner_sid == NULL) {
4694 owner_sid = BA_U_sid;
4697 if (owner_sid == NULL) {
4698 owner_sid = SY_U_sid;
4701 if (group_sid == NULL) {
4702 group_sid = SY_G_sid;
4705 if (try_system && group_sid == NULL) {
4706 group_sid = BA_G_sid;
4709 if (owner_sid == NULL) {
4710 owner_sid = &token->sids[PRIMARY_USER_SID_INDEX];
4712 if (group_sid == NULL) {
4713 if (token->num_sids == PRIMARY_GROUP_SID_INDEX) {
4714 group_sid = &token->sids[PRIMARY_USER_SID_INDEX];
4716 group_sid = &token->sids[PRIMARY_GROUP_SID_INDEX];
4720 status = se_create_child_secdesc(frame,
4727 if (!NT_STATUS_IS_OK(status)) {
4732 /* If inheritable_components == false,
4733 se_create_child_secdesc()
4734 creates a security desriptor with a NULL dacl
4735 entry, but with SEC_DESC_DACL_PRESENT. We need
4736 to remove that flag. */
4738 if (!inheritable_components) {
4739 security_info_sent &= ~SECINFO_DACL;
4740 psd->type &= ~SEC_DESC_DACL_PRESENT;
4743 if (DEBUGLEVEL >= 10) {
4744 DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
4745 fsp_str_dbg(fsp) ));
4746 NDR_PRINT_DEBUG(security_descriptor, psd);
4749 if (inherit_owner) {
4750 /* We need to be root to force this. */
4753 status = SMB_VFS_FSET_NT_ACL(fsp,
4756 if (inherit_owner) {
4764 * If we already have a lease, it must match the new file id. [MS-SMB2]
4765 * 3.3.5.9.8 speaks about INVALID_PARAMETER if an already used lease key is
4766 * used for a different file name.
4769 struct lease_match_state {
4770 /* Input parameters. */
4771 TALLOC_CTX *mem_ctx;
4772 const char *servicepath;
4773 const struct smb_filename *fname;
4776 /* Return parameters. */
4777 uint32_t num_file_ids;
4778 struct file_id *ids;
4779 NTSTATUS match_status;
4782 /*************************************************************
4783 File doesn't exist but this lease key+guid is already in use.
4785 This is only allowable in the dynamic share case where the
4786 service path must be different.
4788 There is a small race condition here in the multi-connection
4789 case where a client sends two create calls on different connections,
4790 where the file doesn't exist and one smbd creates the leases_db
4791 entry first, but this will get fixed by the multichannel cleanup
4792 when all identical client_guids get handled by a single smbd.
4793 **************************************************************/
4795 static void lease_match_parser_new_file(
4797 const struct leases_db_file *files,
4798 struct lease_match_state *state)
4802 for (i = 0; i < num_files; i++) {
4803 const struct leases_db_file *f = &files[i];
4804 if (strequal(state->servicepath, f->servicepath)) {
4805 state->match_status = NT_STATUS_INVALID_PARAMETER;
4810 /* Dynamic share case. Break leases on all other files. */
4811 state->match_status = leases_db_copy_file_ids(state->mem_ctx,
4815 if (!NT_STATUS_IS_OK(state->match_status)) {
4819 state->num_file_ids = num_files;
4820 state->match_status = NT_STATUS_OPLOCK_NOT_GRANTED;
4824 static void lease_match_parser(
4826 const struct leases_db_file *files,
4829 struct lease_match_state *state =
4830 (struct lease_match_state *)private_data;
4833 if (!state->file_existed) {
4835 * Deal with name mismatch or
4836 * possible dynamic share case separately
4837 * to make code clearer.
4839 lease_match_parser_new_file(num_files,
4846 state->match_status = NT_STATUS_OK;
4848 for (i = 0; i < num_files; i++) {
4849 const struct leases_db_file *f = &files[i];
4851 /* Everything should be the same. */
4852 if (!file_id_equal(&state->id, &f->id)) {
4853 /* This should catch all dynamic share cases. */
4854 state->match_status = NT_STATUS_OPLOCK_NOT_GRANTED;
4857 if (!strequal(f->servicepath, state->servicepath)) {
4858 state->match_status = NT_STATUS_INVALID_PARAMETER;
4861 if (!strequal(f->base_name, state->fname->base_name)) {
4862 state->match_status = NT_STATUS_INVALID_PARAMETER;
4865 if (!strequal(f->stream_name, state->fname->stream_name)) {
4866 state->match_status = NT_STATUS_INVALID_PARAMETER;
4871 if (NT_STATUS_IS_OK(state->match_status)) {
4873 * Common case - just opening another handle on a
4874 * file on a non-dynamic share.
4879 if (NT_STATUS_EQUAL(state->match_status, NT_STATUS_INVALID_PARAMETER)) {
4880 /* Mismatched path. Error back to client. */
4885 * File id mismatch. Dynamic share case NT_STATUS_OPLOCK_NOT_GRANTED.
4886 * Don't allow leases.
4889 state->match_status = leases_db_copy_file_ids(state->mem_ctx,
4893 if (!NT_STATUS_IS_OK(state->match_status)) {
4897 state->num_file_ids = num_files;
4898 state->match_status = NT_STATUS_OPLOCK_NOT_GRANTED;
4902 static NTSTATUS lease_match(connection_struct *conn,
4903 struct smb_request *req,
4904 struct smb2_lease_key *lease_key,
4905 const char *servicepath,
4906 const struct smb_filename *fname,
4907 uint16_t *p_version,
4910 struct smbd_server_connection *sconn = req->sconn;
4911 TALLOC_CTX *tos = talloc_tos();
4912 struct lease_match_state state = {
4914 .servicepath = servicepath,
4916 .match_status = NT_STATUS_OK
4921 state.file_existed = VALID_STAT(fname->st);
4922 if (state.file_existed) {
4923 state.id = vfs_file_id_from_sbuf(conn, &fname->st);
4925 memset(&state.id, '\0', sizeof(state.id));
4928 status = leases_db_parse(&sconn->client->connections->smb2.client.guid,
4929 lease_key, lease_match_parser, &state);
4930 if (!NT_STATUS_IS_OK(status)) {
4932 * Not found or error means okay: We can make the lease pass
4934 return NT_STATUS_OK;
4936 if (!NT_STATUS_EQUAL(state.match_status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
4938 * Anything but NT_STATUS_OPLOCK_NOT_GRANTED, let the caller
4941 return state.match_status;
4944 /* We have to break all existing leases. */
4945 for (i = 0; i < state.num_file_ids; i++) {
4946 struct share_mode_lock *lck;
4947 struct share_mode_data *d;
4950 if (file_id_equal(&state.ids[i], &state.id)) {
4951 /* Don't need to break our own file. */
4955 lck = get_existing_share_mode_lock(talloc_tos(), state.ids[i]);
4957 /* Race condition - file already closed. */
4961 for (j=0; j<d->num_share_modes; j++) {
4962 struct share_mode_entry *e = &d->share_modes[j];
4963 uint32_t e_lease_type = get_lease_type(d, e);
4964 struct share_mode_lease *l = NULL;
4966 if (share_mode_stale_pid(d, j)) {
4970 if (e->op_type == LEASE_OPLOCK) {
4971 l = &lck->data->leases[e->lease_idx];
4972 if (!smb2_lease_key_equal(&l->lease_key,
4976 *p_epoch = l->epoch;
4977 *p_version = l->lease_version;
4980 if (e_lease_type == SMB2_LEASE_NONE) {
4984 send_break_message(conn->sconn->msg_ctx, e,
4988 * Windows 7 and 8 lease clients
4989 * are broken in that they will not
4990 * respond to lease break requests
4991 * whilst waiting for an outstanding
4992 * open request on that lease handle
4993 * on the same TCP connection, due
4994 * to holding an internal inode lock.
4996 * This means we can't reschedule
4997 * ourselves here, but must return
5002 * Send the breaks and then return
5003 * SMB2_LEASE_NONE in the lease handle
5004 * to cause them to acknowledge the
5005 * lease break. Consulatation with
5006 * Microsoft engineering confirmed
5007 * this approach is safe.
5014 * Ensure we don't grant anything more so we
5017 return NT_STATUS_OPLOCK_NOT_GRANTED;
5021 * Wrapper around open_file_ntcreate and open_directory
5024 static NTSTATUS create_file_unixpath(connection_struct *conn,
5025 struct smb_request *req,
5026 struct smb_filename *smb_fname,
5027 uint32_t access_mask,
5028 uint32_t share_access,
5029 uint32_t create_disposition,
5030 uint32_t create_options,
5031 uint32_t file_attributes,
5032 uint32_t oplock_request,
5033 struct smb2_lease *lease,
5034 uint64_t allocation_size,
5035 uint32_t private_flags,
5036 struct security_descriptor *sd,
5037 struct ea_list *ea_list,
5039 files_struct **result,
5042 int info = FILE_WAS_OPENED;
5043 files_struct *base_fsp = NULL;
5044 files_struct *fsp = NULL;
5047 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
5048 "file_attributes = 0x%x, share_access = 0x%x, "
5049 "create_disposition = 0x%x create_options = 0x%x "
5050 "oplock_request = 0x%x private_flags = 0x%x "
5051 "ea_list = 0x%p, sd = 0x%p, "
5053 (unsigned int)access_mask,
5054 (unsigned int)file_attributes,
5055 (unsigned int)share_access,
5056 (unsigned int)create_disposition,
5057 (unsigned int)create_options,
5058 (unsigned int)oplock_request,
5059 (unsigned int)private_flags,
5060 ea_list, sd, smb_fname_str_dbg(smb_fname)));
5062 if (create_options & FILE_OPEN_BY_FILE_ID) {
5063 status = NT_STATUS_NOT_SUPPORTED;
5067 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
5068 status = NT_STATUS_INVALID_PARAMETER;
5073 oplock_request |= INTERNAL_OPEN_ONLY;
5076 if (lease != NULL) {
5077 uint16_t epoch = lease->lease_epoch;
5078 uint16_t version = lease->lease_version;
5079 status = lease_match(conn,
5086 if (NT_STATUS_EQUAL(status, NT_STATUS_OPLOCK_NOT_GRANTED)) {
5087 /* Dynamic share file. No leases and update epoch... */
5088 lease->lease_state = SMB2_LEASE_NONE;
5089 lease->lease_epoch = epoch;
5090 lease->lease_version = version;
5091 } else if (!NT_STATUS_IS_OK(status)) {
5096 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
5097 && (access_mask & DELETE_ACCESS)
5098 && !is_ntfs_stream_smb_fname(smb_fname)) {
5100 * We can't open a file with DELETE access if any of the
5101 * streams is open without FILE_SHARE_DELETE
5103 status = open_streams_for_delete(conn, smb_fname);
5105 if (!NT_STATUS_IS_OK(status)) {
5110 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
5111 !security_token_has_privilege(get_current_nttok(conn),
5112 SEC_PRIV_SECURITY)) {
5113 DEBUG(10, ("create_file_unixpath: open on %s "
5114 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
5115 smb_fname_str_dbg(smb_fname)));
5116 status = NT_STATUS_PRIVILEGE_NOT_HELD;
5120 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
5121 && is_ntfs_stream_smb_fname(smb_fname)
5122 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
5123 uint32_t base_create_disposition;
5124 struct smb_filename *smb_fname_base = NULL;
5126 if (create_options & FILE_DIRECTORY_FILE) {
5127 status = NT_STATUS_NOT_A_DIRECTORY;
5131 switch (create_disposition) {
5133 base_create_disposition = FILE_OPEN;
5136 base_create_disposition = FILE_OPEN_IF;
5140 /* Create an smb_filename with stream_name == NULL. */
5141 smb_fname_base = synthetic_smb_fname(talloc_tos(),
5142 smb_fname->base_name,
5146 if (smb_fname_base == NULL) {
5147 status = NT_STATUS_NO_MEMORY;
5151 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
5152 DEBUG(10, ("Unable to stat stream: %s\n",
5153 smb_fname_str_dbg(smb_fname_base)));
5156 * https://bugzilla.samba.org/show_bug.cgi?id=10229
5157 * We need to check if the requested access mask
5158 * could be used to open the underlying file (if
5159 * it existed), as we're passing in zero for the
5160 * access mask to the base filename.
5162 status = check_base_file_access(conn,
5166 if (!NT_STATUS_IS_OK(status)) {
5167 DEBUG(10, ("Permission check "
5168 "for base %s failed: "
5169 "%s\n", smb_fname->base_name,
5170 nt_errstr(status)));
5175 /* Open the base file. */
5176 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
5179 | FILE_SHARE_DELETE,
5180 base_create_disposition,
5181 0, 0, 0, NULL, 0, 0, NULL, NULL,
5183 TALLOC_FREE(smb_fname_base);
5185 if (!NT_STATUS_IS_OK(status)) {
5186 DEBUG(10, ("create_file_unixpath for base %s failed: "
5187 "%s\n", smb_fname->base_name,
5188 nt_errstr(status)));
5191 /* we don't need the low level fd */
5196 * If it's a request for a directory open, deal with it separately.
5199 if (create_options & FILE_DIRECTORY_FILE) {
5201 if (create_options & FILE_NON_DIRECTORY_FILE) {
5202 status = NT_STATUS_INVALID_PARAMETER;
5206 /* Can't open a temp directory. IFS kit test. */
5207 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
5208 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
5209 status = NT_STATUS_INVALID_PARAMETER;
5214 * We will get a create directory here if the Win32
5215 * app specified a security descriptor in the
5216 * CreateDirectory() call.
5220 status = open_directory(
5221 conn, req, smb_fname, access_mask, share_access,
5222 create_disposition, create_options, file_attributes,
5227 * Ordinary file case.
5230 status = file_new(req, conn, &fsp);
5231 if(!NT_STATUS_IS_OK(status)) {
5235 status = fsp_set_smb_fname(fsp, smb_fname);
5236 if (!NT_STATUS_IS_OK(status)) {
5242 * We're opening the stream element of a
5243 * base_fsp we already opened. Set up the
5246 fsp->base_fsp = base_fsp;
5249 if (allocation_size) {
5250 fsp->initial_allocation_size = smb_roundup(fsp->conn,
5254 status = open_file_ntcreate(conn,
5267 if(!NT_STATUS_IS_OK(status)) {
5268 file_free(req, fsp);
5272 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
5274 /* A stream open never opens a directory */
5277 status = NT_STATUS_FILE_IS_A_DIRECTORY;
5282 * Fail the open if it was explicitly a non-directory
5286 if (create_options & FILE_NON_DIRECTORY_FILE) {
5287 status = NT_STATUS_FILE_IS_A_DIRECTORY;
5292 status = open_directory(
5293 conn, req, smb_fname, access_mask,
5294 share_access, create_disposition,
5295 create_options, file_attributes,
5300 if (!NT_STATUS_IS_OK(status)) {
5304 fsp->base_fsp = base_fsp;
5306 if ((ea_list != NULL) &&
5307 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
5308 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
5309 if (!NT_STATUS_IS_OK(status)) {
5314 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
5315 status = NT_STATUS_ACCESS_DENIED;
5319 /* Save the requested allocation size. */
5320 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
5321 if ((allocation_size > fsp->fsp_name->st.st_ex_size)
5322 && !(fsp->is_directory))
5324 fsp->initial_allocation_size = smb_roundup(
5325 fsp->conn, allocation_size);
5326 if (vfs_allocate_file_space(
5327 fsp, fsp->initial_allocation_size) == -1) {
5328 status = NT_STATUS_DISK_FULL;
5332 fsp->initial_allocation_size = smb_roundup(
5333 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
5336 fsp->initial_allocation_size = 0;
5339 if ((info == FILE_WAS_CREATED) && lp_nt_acl_support(SNUM(conn)) &&
5340 fsp->base_fsp == NULL) {
5343 * According to the MS documentation, the only time the security
5344 * descriptor is applied to the opened file is iff we *created* the
5345 * file; an existing file stays the same.
5347 * Also, it seems (from observation) that you can open the file with
5348 * any access mask but you can still write the sd. We need to override
5349 * the granted access before we call set_sd
5350 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
5353 uint32_t sec_info_sent;
5354 uint32_t saved_access_mask = fsp->access_mask;
5356 sec_info_sent = get_sec_info(sd);
5358 fsp->access_mask = FILE_GENERIC_ALL;
5360 if (sec_info_sent & (SECINFO_OWNER|
5364 status = set_sd(fsp, sd, sec_info_sent);
5367 fsp->access_mask = saved_access_mask;
5369 if (!NT_STATUS_IS_OK(status)) {
5372 } else if (lp_inherit_acls(SNUM(conn))) {
5373 /* Inherit from parent. Errors here are not fatal. */
5374 status = inherit_new_acl(fsp);
5375 if (!NT_STATUS_IS_OK(status)) {
5376 DEBUG(10,("inherit_new_acl: failed for %s with %s\n",
5378 nt_errstr(status) ));
5383 if ((conn->fs_capabilities & FILE_FILE_COMPRESSION)
5384 && (create_options & FILE_NO_COMPRESSION)
5385 && (info == FILE_WAS_CREATED)) {
5386 status = SMB_VFS_SET_COMPRESSION(conn, fsp, fsp,
5387 COMPRESSION_FORMAT_NONE);
5388 if (!NT_STATUS_IS_OK(status)) {
5389 DEBUG(1, ("failed to disable compression: %s\n",
5390 nt_errstr(status)));
5394 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
5397 if (pinfo != NULL) {
5401 smb_fname->st = fsp->fsp_name->st;
5403 return NT_STATUS_OK;
5406 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
5409 if (base_fsp && fsp->base_fsp == base_fsp) {
5411 * The close_file below will close
5416 close_file(req, fsp, ERROR_CLOSE);
5419 if (base_fsp != NULL) {
5420 close_file(req, base_fsp, ERROR_CLOSE);
5427 * Calculate the full path name given a relative fid.
5429 NTSTATUS get_relative_fid_filename(connection_struct *conn,
5430 struct smb_request *req,
5431 uint16_t root_dir_fid,
5432 const struct smb_filename *smb_fname,
5433 struct smb_filename **smb_fname_out)
5435 files_struct *dir_fsp;
5436 char *parent_fname = NULL;
5437 char *new_base_name = NULL;
5438 uint32_t ucf_flags = ucf_flags_from_smb_request(req);
5441 if (root_dir_fid == 0 || !smb_fname) {
5442 status = NT_STATUS_INTERNAL_ERROR;
5446 dir_fsp = file_fsp(req, root_dir_fid);
5448 if (dir_fsp == NULL) {
5449 status = NT_STATUS_INVALID_HANDLE;
5453 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
5454 status = NT_STATUS_INVALID_HANDLE;
5458 if (!dir_fsp->is_directory) {
5461 * Check to see if this is a mac fork of some kind.
5464 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
5465 is_ntfs_stream_smb_fname(smb_fname)) {
5466 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
5471 we need to handle the case when we get a
5472 relative open relative to a file and the
5473 pathname is blank - this is a reopen!
5474 (hint from demyn plantenberg)
5477 status = NT_STATUS_INVALID_HANDLE;
5481 if (ISDOT(dir_fsp->fsp_name->base_name)) {
5483 * We're at the toplevel dir, the final file name
5484 * must not contain ./, as this is filtered out
5485 * normally by srvstr_get_path and unix_convert
5486 * explicitly rejects paths containing ./.
5488 parent_fname = talloc_strdup(talloc_tos(), "");
5489 if (parent_fname == NULL) {
5490 status = NT_STATUS_NO_MEMORY;
5494 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
5497 * Copy in the base directory name.
5500 parent_fname = talloc_array(talloc_tos(), char,
5502 if (parent_fname == NULL) {
5503 status = NT_STATUS_NO_MEMORY;
5506 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
5510 * Ensure it ends in a '/'.
5511 * We used TALLOC_SIZE +2 to add space for the '/'.
5515 && (parent_fname[dir_name_len-1] != '\\')
5516 && (parent_fname[dir_name_len-1] != '/')) {
5517 parent_fname[dir_name_len] = '/';
5518 parent_fname[dir_name_len+1] = '\0';
5522 new_base_name = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
5523 smb_fname->base_name);
5524 if (new_base_name == NULL) {
5525 status = NT_STATUS_NO_MEMORY;
5529 status = filename_convert(req,
5535 if (!NT_STATUS_IS_OK(status)) {
5540 TALLOC_FREE(parent_fname);
5541 TALLOC_FREE(new_base_name);
5545 NTSTATUS create_file_default(connection_struct *conn,
5546 struct smb_request *req,
5547 uint16_t root_dir_fid,
5548 struct smb_filename *smb_fname,
5549 uint32_t access_mask,
5550 uint32_t share_access,
5551 uint32_t create_disposition,
5552 uint32_t create_options,
5553 uint32_t file_attributes,
5554 uint32_t oplock_request,
5555 struct smb2_lease *lease,
5556 uint64_t allocation_size,
5557 uint32_t private_flags,
5558 struct security_descriptor *sd,
5559 struct ea_list *ea_list,
5560 files_struct **result,
5562 const struct smb2_create_blobs *in_context_blobs,
5563 struct smb2_create_blobs *out_context_blobs)
5565 int info = FILE_WAS_OPENED;
5566 files_struct *fsp = NULL;
5568 bool stream_name = false;
5570 DEBUG(10,("create_file: access_mask = 0x%x "
5571 "file_attributes = 0x%x, share_access = 0x%x, "
5572 "create_disposition = 0x%x create_options = 0x%x "
5573 "oplock_request = 0x%x "
5574 "private_flags = 0x%x "
5575 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
5577 (unsigned int)access_mask,
5578 (unsigned int)file_attributes,
5579 (unsigned int)share_access,
5580 (unsigned int)create_disposition,
5581 (unsigned int)create_options,
5582 (unsigned int)oplock_request,
5583 (unsigned int)private_flags,
5584 (unsigned int)root_dir_fid,
5585 ea_list, sd, smb_fname_str_dbg(smb_fname)));
5588 * Calculate the filename from the root_dir_if if necessary.
5591 if (root_dir_fid != 0) {
5592 struct smb_filename *smb_fname_out = NULL;
5593 status = get_relative_fid_filename(conn, req, root_dir_fid,
5594 smb_fname, &smb_fname_out);
5595 if (!NT_STATUS_IS_OK(status)) {
5598 smb_fname = smb_fname_out;
5602 * Check to see if this is a mac fork of some kind.
5605 stream_name = is_ntfs_stream_smb_fname(smb_fname);
5607 enum FAKE_FILE_TYPE fake_file_type;
5609 fake_file_type = is_fake_file(smb_fname);
5611 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
5614 * Here we go! support for changing the disk quotas
5617 * We need to fake up to open this MAGIC QUOTA file
5618 * and return a valid FID.
5620 * w2k close this file directly after openening xp
5621 * also tries a QUERY_FILE_INFO on the file and then
5624 status = open_fake_file(req, conn, req->vuid,
5625 fake_file_type, smb_fname,
5627 if (!NT_STATUS_IS_OK(status)) {
5631 ZERO_STRUCT(smb_fname->st);
5635 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
5636 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
5641 if (is_ntfs_default_stream_smb_fname(smb_fname)) {
5643 smb_fname->stream_name = NULL;
5644 /* We have to handle this error here. */
5645 if (create_options & FILE_DIRECTORY_FILE) {
5646 status = NT_STATUS_NOT_A_DIRECTORY;
5649 if (req != NULL && req->posix_pathnames) {
5650 ret = SMB_VFS_LSTAT(conn, smb_fname);
5652 ret = SMB_VFS_STAT(conn, smb_fname);
5655 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) {
5656 status = NT_STATUS_FILE_IS_A_DIRECTORY;
5661 status = create_file_unixpath(
5662 conn, req, smb_fname, access_mask, share_access,
5663 create_disposition, create_options, file_attributes,
5664 oplock_request, lease, allocation_size, private_flags,
5668 if (!NT_STATUS_IS_OK(status)) {
5673 DEBUG(10, ("create_file: info=%d\n", info));
5676 if (pinfo != NULL) {
5679 return NT_STATUS_OK;
5682 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
5685 close_file(req, fsp, ERROR_CLOSE);