2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "smbd/globals.h"
25 extern const struct generic_mapping file_generic_mapping;
27 struct deferred_open_record {
28 bool delayed_for_oplocks;
32 static NTSTATUS create_file_unixpath(connection_struct *conn,
33 struct smb_request *req,
34 struct smb_filename *smb_fname,
36 uint32_t share_access,
37 uint32_t create_disposition,
38 uint32_t create_options,
39 uint32_t file_attributes,
40 uint32_t oplock_request,
41 uint64_t allocation_size,
42 struct security_descriptor *sd,
43 struct ea_list *ea_list,
45 files_struct **result,
48 /****************************************************************************
49 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
50 ****************************************************************************/
52 NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
53 const NT_USER_TOKEN *token,
54 uint32_t access_desired,
55 uint32_t *access_granted)
57 return se_access_check(sd,
59 (access_desired & ~FILE_READ_ATTRIBUTES),
63 /****************************************************************************
64 Check if we have open rights.
65 ****************************************************************************/
67 NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
68 const struct smb_filename *smb_fname,
70 uint32_t *access_granted)
72 /* Check if we have rights to open. */
74 struct security_descriptor *sd = NULL;
78 if (conn->server_info->utok.uid == 0 || conn->admin_user) {
79 /* I'm sorry sir, I didn't know you were root... */
80 *access_granted = access_mask;
81 if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
82 *access_granted |= FILE_GENERIC_ALL;
87 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
88 (OWNER_SECURITY_INFORMATION |
89 GROUP_SECURITY_INFORMATION |
90 DACL_SECURITY_INFORMATION),&sd);
92 if (!NT_STATUS_IS_OK(status)) {
93 DEBUG(10, ("smbd_check_open_rights: Could not get acl "
95 smb_fname_str_dbg(smb_fname),
100 status = smb1_file_se_access_check(sd,
101 conn->server_info->ptok,
105 DEBUG(10,("smbd_check_open_rights: file %s requesting "
106 "0x%x returning 0x%x (%s)\n",
107 smb_fname_str_dbg(smb_fname),
108 (unsigned int)access_mask,
109 (unsigned int)*access_granted,
110 nt_errstr(status) ));
112 if (!NT_STATUS_IS_OK(status)) {
113 if (DEBUGLEVEL >= 10) {
114 DEBUG(10,("smbd_check_open_rights: acl for %s is:\n",
115 smb_fname_str_dbg(smb_fname) ));
116 NDR_PRINT_DEBUG(security_descriptor, sd);
125 /****************************************************************************
126 fd support routines - attempt to do a dos_open.
127 ****************************************************************************/
129 static NTSTATUS fd_open(struct connection_struct *conn,
134 struct smb_filename *smb_fname = fsp->fsp_name;
135 NTSTATUS status = NT_STATUS_OK;
139 * Never follow symlinks on a POSIX client. The
140 * client should be doing this.
143 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
148 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
149 if (fsp->fh->fd == -1) {
150 status = map_nt_error_from_unix(errno);
151 if (errno == EMFILE) {
152 static time_t last_warned = 0L;
154 if (time((time_t *) NULL) > last_warned) {
155 DEBUG(0,("Too many open files, unable "
156 "to open more! smbd's max "
158 lp_max_open_files()));
159 last_warned = time((time_t *) NULL);
165 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
166 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
167 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
172 /****************************************************************************
173 Close the file associated with a fsp.
174 ****************************************************************************/
176 NTSTATUS fd_close(files_struct *fsp)
180 if (fsp->fh->fd == -1) {
181 return NT_STATUS_OK; /* What we used to call a stat open. */
183 if (fsp->fh->ref_count > 1) {
184 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
187 ret = SMB_VFS_CLOSE(fsp);
190 return map_nt_error_from_unix(errno);
195 /****************************************************************************
196 Change the ownership of a file to that of the parent directory.
197 Do this by fd if possible.
198 ****************************************************************************/
200 void change_file_owner_to_parent(connection_struct *conn,
201 const char *inherit_from_dir,
204 struct smb_filename *smb_fname_parent = NULL;
208 status = create_synthetic_smb_fname(talloc_tos(), inherit_from_dir,
209 NULL, NULL, &smb_fname_parent);
210 if (!NT_STATUS_IS_OK(status)) {
214 ret = SMB_VFS_STAT(conn, smb_fname_parent);
216 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
217 "directory %s. Error was %s\n",
218 smb_fname_str_dbg(smb_fname_parent),
224 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
227 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
228 "file %s to parent directory uid %u. Error "
229 "was %s\n", fsp_str_dbg(fsp),
230 (unsigned int)smb_fname_parent->st.st_ex_uid,
234 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
235 "parent directory uid %u.\n", fsp_str_dbg(fsp),
236 (unsigned int)smb_fname_parent->st.st_ex_uid));
238 TALLOC_FREE(smb_fname_parent);
241 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
242 const char *inherit_from_dir,
244 SMB_STRUCT_STAT *psbuf)
246 struct smb_filename *smb_fname_parent = NULL;
247 struct smb_filename *smb_fname_cwd = NULL;
248 char *saved_dir = NULL;
249 TALLOC_CTX *ctx = talloc_tos();
250 NTSTATUS status = NT_STATUS_OK;
253 status = create_synthetic_smb_fname(ctx, inherit_from_dir, NULL, NULL,
255 if (!NT_STATUS_IS_OK(status)) {
259 ret = SMB_VFS_STAT(conn, smb_fname_parent);
261 status = map_nt_error_from_unix(errno);
262 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
263 "directory %s. Error was %s\n",
264 smb_fname_str_dbg(smb_fname_parent),
269 /* We've already done an lstat into psbuf, and we know it's a
270 directory. If we can cd into the directory and the dev/ino
271 are the same then we can safely chown without races as
272 we're locking the directory in place by being in it. This
273 should work on any UNIX (thanks tridge :-). JRA.
276 saved_dir = vfs_GetWd(ctx,conn);
278 status = map_nt_error_from_unix(errno);
279 DEBUG(0,("change_dir_owner_to_parent: failed to get "
280 "current working directory. Error was %s\n",
285 /* Chdir into the new path. */
286 if (vfs_ChDir(conn, fname) == -1) {
287 status = map_nt_error_from_unix(errno);
288 DEBUG(0,("change_dir_owner_to_parent: failed to change "
289 "current working directory to %s. Error "
290 "was %s\n", fname, strerror(errno) ));
294 status = create_synthetic_smb_fname(ctx, ".", NULL, NULL,
296 if (!NT_STATUS_IS_OK(status)) {
300 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
302 status = map_nt_error_from_unix(errno);
303 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
304 "directory '.' (%s) Error was %s\n",
305 fname, strerror(errno)));
309 /* Ensure we're pointing at the same place. */
310 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
311 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino ||
312 smb_fname_cwd->st.st_ex_mode != psbuf->st_ex_mode ) {
313 DEBUG(0,("change_dir_owner_to_parent: "
314 "device/inode/mode on directory %s changed. "
315 "Refusing to chown !\n", fname ));
316 status = NT_STATUS_ACCESS_DENIED;
321 ret = SMB_VFS_CHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
325 status = map_nt_error_from_unix(errno);
326 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
327 "directory %s to parent directory uid %u. "
328 "Error was %s\n", fname,
329 (unsigned int)smb_fname_parent->st.st_ex_uid,
334 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
335 "directory %s to parent directory uid %u.\n",
336 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
339 vfs_ChDir(conn,saved_dir);
341 TALLOC_FREE(smb_fname_parent);
342 TALLOC_FREE(smb_fname_cwd);
346 /****************************************************************************
348 ****************************************************************************/
350 static NTSTATUS open_file(files_struct *fsp,
351 connection_struct *conn,
352 struct smb_request *req,
353 const char *parent_dir,
356 uint32 access_mask, /* client requested access mask. */
357 uint32 open_access_mask) /* what we're actually using in the open. */
359 struct smb_filename *smb_fname = fsp->fsp_name;
360 NTSTATUS status = NT_STATUS_OK;
361 int accmode = (flags & O_ACCMODE);
362 int local_flags = flags;
363 bool file_existed = VALID_STAT(fsp->fsp_name->st);
368 /* Check permissions */
371 * This code was changed after seeing a client open request
372 * containing the open mode of (DENY_WRITE/read-only) with
373 * the 'create if not exist' bit set. The previous code
374 * would fail to open the file read only on a read-only share
375 * as it was checking the flags parameter directly against O_RDONLY,
376 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
380 if (!CAN_WRITE(conn)) {
381 /* It's a read-only share - fail if we wanted to write. */
382 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
383 DEBUG(3,("Permission denied opening %s\n",
384 smb_fname_str_dbg(smb_fname)));
385 return NT_STATUS_ACCESS_DENIED;
386 } else if(flags & O_CREAT) {
387 /* We don't want to write - but we must make sure that
388 O_CREAT doesn't create the file if we have write
389 access into the directory.
391 flags &= ~(O_CREAT|O_EXCL);
392 local_flags &= ~(O_CREAT|O_EXCL);
397 * This little piece of insanity is inspired by the
398 * fact that an NT client can open a file for O_RDONLY,
399 * but set the create disposition to FILE_EXISTS_TRUNCATE.
400 * If the client *can* write to the file, then it expects to
401 * truncate the file, even though it is opening for readonly.
402 * Quicken uses this stupid trick in backup file creation...
403 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
404 * for helping track this one down. It didn't bite us in 2.0.x
405 * as we always opened files read-write in that release. JRA.
408 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
409 DEBUG(10,("open_file: truncate requested on read-only open "
410 "for file %s\n", smb_fname_str_dbg(smb_fname)));
411 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
414 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
415 (!file_existed && (local_flags & O_CREAT)) ||
416 ((local_flags & O_TRUNC) == O_TRUNC) ) {
420 * We can't actually truncate here as the file may be locked.
421 * open_file_ntcreate will take care of the truncate later. JRA.
424 local_flags &= ~O_TRUNC;
426 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
428 * We would block on opening a FIFO with no one else on the
429 * other end. Do what we used to do and add O_NONBLOCK to the
433 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
434 local_flags |= O_NONBLOCK;
438 /* Don't create files with Microsoft wildcard characters. */
441 * wildcard characters are allowed in stream names
442 * only test the basefilename
444 wild = fsp->base_fsp->fsp_name->base_name;
446 wild = smb_fname->base_name;
448 if ((local_flags & O_CREAT) && !file_existed &&
450 return NT_STATUS_OBJECT_NAME_INVALID;
453 /* Actually do the open */
454 status = fd_open(conn, fsp, local_flags, unx_mode);
455 if (!NT_STATUS_IS_OK(status)) {
456 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
457 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
458 nt_errstr(status),local_flags,flags));
462 if ((local_flags & O_CREAT) && !file_existed) {
464 /* Inherit the ACL if required */
465 if (lp_inherit_perms(SNUM(conn))) {
466 inherit_access_posix_acl(conn, parent_dir,
467 smb_fname->base_name,
471 /* Change the owner if required. */
472 if (lp_inherit_owner(SNUM(conn))) {
473 change_file_owner_to_parent(conn, parent_dir,
477 notify_fname(conn, NOTIFY_ACTION_ADDED,
478 FILE_NOTIFY_CHANGE_FILE_NAME,
479 smb_fname->base_name);
483 fsp->fh->fd = -1; /* What we used to call a stat open. */
485 uint32_t access_granted = 0;
487 status = smbd_check_open_rights(conn,
491 if (!NT_STATUS_IS_OK(status)) {
492 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
494 * On NT_STATUS_ACCESS_DENIED, access_granted
495 * contains the denied bits.
498 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
499 (access_granted & FILE_WRITE_ATTRIBUTES) &&
500 (lp_map_readonly(SNUM(conn)) ||
501 lp_map_archive(SNUM(conn)) ||
502 lp_map_hidden(SNUM(conn)) ||
503 lp_map_system(SNUM(conn)))) {
504 access_granted &= ~FILE_WRITE_ATTRIBUTES;
506 DEBUG(10,("open_file: "
515 if ((access_mask & DELETE_ACCESS) &&
516 (access_granted & DELETE_ACCESS) &&
517 can_delete_file_in_directory(conn,
519 /* Were we trying to do a stat open
520 * for delete and didn't get DELETE
521 * access (only) ? Check if the
522 * directory allows DELETE_CHILD.
524 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
527 access_granted &= ~DELETE_ACCESS;
529 DEBUG(10,("open_file: "
537 if (access_granted != 0) {
538 DEBUG(10,("open_file: Access "
545 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
547 S_ISLNK(smb_fname->st.st_ex_mode)) {
548 /* This is a POSIX stat open for delete
549 * or rename on a symlink that points
551 DEBUG(10,("open_file: allowing POSIX "
552 "open on bad symlink %s\n",
556 DEBUG(10,("open_file: "
557 "smbd_check_open_rights on file "
559 smb_fname_str_dbg(smb_fname),
560 nt_errstr(status) ));
570 if (fsp->fh->fd == -1) {
571 ret = SMB_VFS_STAT(conn, smb_fname);
573 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
574 /* If we have an fd, this stat should succeed. */
576 DEBUG(0,("Error doing fstat on open file %s "
578 smb_fname_str_dbg(smb_fname),
583 /* For a non-io open, this stat failing means file not found. JRA */
585 status = map_nt_error_from_unix(errno);
592 * POSIX allows read-only opens of directories. We don't
593 * want to do this (we use a different code path for this)
594 * so catch a directory open and return an EISDIR. JRA.
597 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
600 return NT_STATUS_FILE_IS_A_DIRECTORY;
603 fsp->mode = smb_fname->st.st_ex_mode;
604 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
605 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
606 fsp->file_pid = req ? req->smbpid : 0;
607 fsp->can_lock = True;
608 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
609 if (!CAN_WRITE(conn)) {
610 fsp->can_write = False;
612 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
615 fsp->print_file = False;
616 fsp->modified = False;
617 fsp->sent_oplock_break = NO_BREAK_SENT;
618 fsp->is_directory = False;
619 if (conn->aio_write_behind_list &&
620 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
621 conn->case_sensitive)) {
622 fsp->aio_write_behind = True;
625 fsp->wcp = NULL; /* Write cache pointer. */
627 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
628 conn->server_info->unix_name,
629 smb_fname_str_dbg(smb_fname),
630 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
631 conn->num_files_open));
637 /*******************************************************************
638 Return True if the filename is one of the special executable types.
639 ********************************************************************/
641 bool is_executable(const char *fname)
643 if ((fname = strrchr_m(fname,'.'))) {
644 if (strequal(fname,".com") ||
645 strequal(fname,".dll") ||
646 strequal(fname,".exe") ||
647 strequal(fname,".sym")) {
654 /****************************************************************************
655 Check if we can open a file with a share mode.
656 Returns True if conflict, False if not.
657 ****************************************************************************/
659 static bool share_conflict(struct share_mode_entry *entry,
663 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
664 "entry->share_access = 0x%x, "
665 "entry->private_options = 0x%x\n",
666 (unsigned int)entry->access_mask,
667 (unsigned int)entry->share_access,
668 (unsigned int)entry->private_options));
670 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
671 (unsigned int)access_mask, (unsigned int)share_access));
673 if ((entry->access_mask & (FILE_WRITE_DATA|
677 DELETE_ACCESS)) == 0) {
678 DEBUG(10,("share_conflict: No conflict due to "
679 "entry->access_mask = 0x%x\n",
680 (unsigned int)entry->access_mask ));
684 if ((access_mask & (FILE_WRITE_DATA|
688 DELETE_ACCESS)) == 0) {
689 DEBUG(10,("share_conflict: No conflict due to "
690 "access_mask = 0x%x\n",
691 (unsigned int)access_mask ));
695 #if 1 /* JRA TEST - Superdebug. */
696 #define CHECK_MASK(num, am, right, sa, share) \
697 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
698 (unsigned int)(num), (unsigned int)(am), \
699 (unsigned int)(right), (unsigned int)(am)&(right) )); \
700 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
701 (unsigned int)(num), (unsigned int)(sa), \
702 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
703 if (((am) & (right)) && !((sa) & (share))) { \
704 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
705 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
706 (unsigned int)(share) )); \
710 #define CHECK_MASK(num, am, right, sa, share) \
711 if (((am) & (right)) && !((sa) & (share))) { \
712 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
713 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
714 (unsigned int)(share) )); \
719 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
720 share_access, FILE_SHARE_WRITE);
721 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
722 entry->share_access, FILE_SHARE_WRITE);
724 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
725 share_access, FILE_SHARE_READ);
726 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
727 entry->share_access, FILE_SHARE_READ);
729 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
730 share_access, FILE_SHARE_DELETE);
731 CHECK_MASK(6, access_mask, DELETE_ACCESS,
732 entry->share_access, FILE_SHARE_DELETE);
734 DEBUG(10,("share_conflict: No conflict.\n"));
738 #if defined(DEVELOPER)
739 static void validate_my_share_entries(int num,
740 struct share_mode_entry *share_entry)
744 if (!procid_is_me(&share_entry->pid)) {
748 if (is_deferred_open_entry(share_entry) &&
749 !open_was_deferred(share_entry->op_mid)) {
750 char *str = talloc_asprintf(talloc_tos(),
751 "Got a deferred entry without a request: "
753 share_mode_str(talloc_tos(), num, share_entry));
757 if (!is_valid_share_mode_entry(share_entry)) {
761 fsp = file_find_dif(share_entry->id,
762 share_entry->share_file_id);
764 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
765 share_mode_str(talloc_tos(), num, share_entry) ));
766 smb_panic("validate_my_share_entries: Cannot match a "
767 "share entry with an open file\n");
770 if (is_deferred_open_entry(share_entry) ||
771 is_unused_share_mode_entry(share_entry)) {
775 if ((share_entry->op_type == NO_OPLOCK) &&
776 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
777 /* Someone has already written to it, but I haven't yet
782 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
791 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
792 share_mode_str(talloc_tos(), num, share_entry) ));
793 str = talloc_asprintf(talloc_tos(),
794 "validate_my_share_entries: "
795 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
796 fsp->fsp_name->base_name,
797 (unsigned int)fsp->oplock_type,
798 (unsigned int)share_entry->op_type );
804 bool is_stat_open(uint32 access_mask)
806 return (access_mask &&
807 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
808 FILE_WRITE_ATTRIBUTES))==0) &&
809 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
810 FILE_WRITE_ATTRIBUTES)) != 0));
813 /****************************************************************************
814 Deal with share modes
815 Invarient: Share mode must be locked on entry and exit.
816 Returns -1 on error, or number of share modes on success (may be zero).
817 ****************************************************************************/
819 static NTSTATUS open_mode_check(connection_struct *conn,
820 struct share_mode_lock *lck,
823 uint32 create_options,
828 if(lck->num_share_modes == 0) {
832 *file_existed = True;
834 /* A delete on close prohibits everything */
836 if (lck->delete_on_close) {
837 return NT_STATUS_DELETE_PENDING;
840 if (is_stat_open(access_mask)) {
841 /* Stat open that doesn't trigger oplock breaks or share mode
842 * checks... ! JRA. */
847 * Check if the share modes will give us access.
850 #if defined(DEVELOPER)
851 for(i = 0; i < lck->num_share_modes; i++) {
852 validate_my_share_entries(i, &lck->share_modes[i]);
856 if (!lp_share_modes(SNUM(conn))) {
860 /* Now we check the share modes, after any oplock breaks. */
861 for(i = 0; i < lck->num_share_modes; i++) {
863 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
867 /* someone else has a share lock on it, check to see if we can
869 if (share_conflict(&lck->share_modes[i],
870 access_mask, share_access)) {
871 return NT_STATUS_SHARING_VIOLATION;
878 static bool is_delete_request(files_struct *fsp) {
879 return ((fsp->access_mask == DELETE_ACCESS) &&
880 (fsp->oplock_type == NO_OPLOCK));
884 * Send a break message to the oplock holder and delay the open for
888 static NTSTATUS send_break_message(files_struct *fsp,
889 struct share_mode_entry *exclusive,
894 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
896 DEBUG(10, ("Sending break request to PID %s\n",
897 procid_str_static(&exclusive->pid)));
898 exclusive->op_mid = mid;
900 /* Create the message. */
901 share_mode_entry_to_message(msg, exclusive);
903 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
904 don't want this set in the share mode struct pointed to by lck. */
906 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
907 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
910 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
911 MSG_SMB_BREAK_REQUEST,
913 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
914 if (!NT_STATUS_IS_OK(status)) {
915 DEBUG(3, ("Could not send oplock break message: %s\n",
923 * 1) No files open at all or internal open: Grant whatever the client wants.
925 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
926 * request, break if the oplock around is a batch oplock. If it's another
927 * requested access type, break.
929 * 3) Only level2 around: Grant level2 and do nothing else.
932 static bool delay_for_oplocks(struct share_mode_lock *lck,
939 struct share_mode_entry *exclusive = NULL;
940 bool valid_entry = false;
941 bool have_level2 = false;
942 bool have_a_none_oplock = false;
943 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
944 lp_level2_oplocks(SNUM(fsp->conn));
946 if (oplock_request & INTERNAL_OPEN_ONLY) {
947 fsp->oplock_type = NO_OPLOCK;
950 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
954 for (i=0; i<lck->num_share_modes; i++) {
956 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
960 /* At least one entry is not an invalid or deferred entry. */
963 if (pass_number == 1) {
964 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
965 SMB_ASSERT(exclusive == NULL);
966 exclusive = &lck->share_modes[i];
969 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
970 SMB_ASSERT(exclusive == NULL);
971 exclusive = &lck->share_modes[i];
975 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
976 SMB_ASSERT(exclusive == NULL);
980 if (lck->share_modes[i].op_type == NO_OPLOCK) {
981 have_a_none_oplock = true;
985 if (exclusive != NULL) { /* Found an exclusive oplock */
986 bool delay_it = is_delete_request(fsp) ?
987 BATCH_OPLOCK_TYPE(exclusive->op_type) : true;
988 SMB_ASSERT(!have_level2);
990 send_break_message(fsp, exclusive, mid, oplock_request);
996 * Match what was requested (fsp->oplock_type) with
997 * what was found in the existing share modes.
1001 /* All entries are placeholders or deferred.
1002 * Directly grant whatever the client wants. */
1003 if (fsp->oplock_type == NO_OPLOCK) {
1004 /* Store a level2 oplock, but don't tell the client */
1005 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1007 } else if (have_a_none_oplock) {
1008 fsp->oplock_type = NO_OPLOCK;
1009 } else if (have_level2) {
1010 if (fsp->oplock_type == NO_OPLOCK ||
1011 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
1012 /* Store a level2 oplock, but don't tell the client */
1013 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1015 fsp->oplock_type = LEVEL_II_OPLOCK;
1018 /* This case can never happen. */
1023 * Don't grant level2 to clients that don't want them
1024 * or if we've turned them off.
1026 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1027 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1030 DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n",
1031 fsp->oplock_type, fsp_str_dbg(fsp)));
1037 bool request_timed_out(struct timeval request_time,
1038 struct timeval timeout)
1040 struct timeval now, end_time;
1042 end_time = timeval_sum(&request_time, &timeout);
1043 return (timeval_compare(&end_time, &now) < 0);
1046 /****************************************************************************
1047 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1048 ****************************************************************************/
1050 static void defer_open(struct share_mode_lock *lck,
1051 struct timeval request_time,
1052 struct timeval timeout,
1053 struct smb_request *req,
1054 struct deferred_open_record *state)
1058 /* Paranoia check */
1060 for (i=0; i<lck->num_share_modes; i++) {
1061 struct share_mode_entry *e = &lck->share_modes[i];
1063 if (!is_deferred_open_entry(e)) {
1067 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
1068 DEBUG(0, ("Trying to defer an already deferred "
1069 "request: mid=%d, exiting\n", req->mid));
1070 exit_server("attempt to defer a deferred request");
1074 /* End paranoia check */
1076 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1077 "open entry for mid %u\n",
1078 (unsigned int)request_time.tv_sec,
1079 (unsigned int)request_time.tv_usec,
1080 (unsigned int)req->mid));
1082 if (!push_deferred_smb_message(req, request_time, timeout,
1083 (char *)state, sizeof(*state))) {
1084 exit_server("push_deferred_smb_message failed");
1086 add_deferred_open(lck, req->mid, request_time, state->id);
1090 /****************************************************************************
1091 On overwrite open ensure that the attributes match.
1092 ****************************************************************************/
1094 bool open_match_attributes(connection_struct *conn,
1095 uint32 old_dos_attr,
1096 uint32 new_dos_attr,
1097 mode_t existing_unx_mode,
1098 mode_t new_unx_mode,
1099 mode_t *returned_unx_mode)
1101 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1103 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1104 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1106 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1107 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1108 *returned_unx_mode = new_unx_mode;
1110 *returned_unx_mode = (mode_t)0;
1113 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1114 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1115 "returned_unx_mode = 0%o\n",
1116 (unsigned int)old_dos_attr,
1117 (unsigned int)existing_unx_mode,
1118 (unsigned int)new_dos_attr,
1119 (unsigned int)*returned_unx_mode ));
1121 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1122 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1123 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1124 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1128 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1129 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1130 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1137 /****************************************************************************
1138 Special FCB or DOS processing in the case of a sharing violation.
1139 Try and find a duplicated file handle.
1140 ****************************************************************************/
1142 NTSTATUS fcb_or_dos_open(struct smb_request *req,
1143 connection_struct *conn,
1144 files_struct *fsp_to_dup_into,
1145 const struct smb_filename *smb_fname,
1150 uint32 share_access,
1151 uint32 create_options)
1155 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1156 "file %s.\n", smb_fname_str_dbg(smb_fname)));
1158 for(fsp = file_find_di_first(id); fsp;
1159 fsp = file_find_di_next(fsp)) {
1161 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1162 "vuid = %u, file_pid = %u, private_options = 0x%x "
1163 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1164 fsp->fh->fd, (unsigned int)fsp->vuid,
1165 (unsigned int)fsp->file_pid,
1166 (unsigned int)fsp->fh->private_options,
1167 (unsigned int)fsp->access_mask ));
1169 if (fsp->fh->fd != -1 &&
1170 fsp->vuid == vuid &&
1171 fsp->file_pid == file_pid &&
1172 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1173 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1174 (fsp->access_mask & FILE_WRITE_DATA) &&
1175 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1176 strequal(fsp->fsp_name->stream_name,
1177 smb_fname->stream_name)) {
1178 DEBUG(10,("fcb_or_dos_open: file match\n"));
1184 return NT_STATUS_NOT_FOUND;
1187 /* quite an insane set of semantics ... */
1188 if (is_executable(smb_fname->base_name) &&
1189 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1190 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1191 return NT_STATUS_INVALID_PARAMETER;
1194 /* We need to duplicate this fsp. */
1195 return dup_file_fsp(req, fsp, access_mask, share_access,
1196 create_options, fsp_to_dup_into);
1199 /****************************************************************************
1200 Open a file with a share mode - old openX method - map into NTCreate.
1201 ****************************************************************************/
1203 bool map_open_params_to_ntcreate(const struct smb_filename *smb_fname,
1204 int deny_mode, int open_func,
1205 uint32 *paccess_mask,
1206 uint32 *pshare_mode,
1207 uint32 *pcreate_disposition,
1208 uint32 *pcreate_options)
1212 uint32 create_disposition;
1213 uint32 create_options = FILE_NON_DIRECTORY_FILE;
1215 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1216 "open_func = 0x%x\n",
1217 smb_fname_str_dbg(smb_fname), (unsigned int)deny_mode,
1218 (unsigned int)open_func ));
1220 /* Create the NT compatible access_mask. */
1221 switch (GET_OPENX_MODE(deny_mode)) {
1222 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1223 case DOS_OPEN_RDONLY:
1224 access_mask = FILE_GENERIC_READ;
1226 case DOS_OPEN_WRONLY:
1227 access_mask = FILE_GENERIC_WRITE;
1231 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1234 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1235 (unsigned int)GET_OPENX_MODE(deny_mode)));
1239 /* Create the NT compatible create_disposition. */
1240 switch (open_func) {
1241 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1242 create_disposition = FILE_CREATE;
1245 case OPENX_FILE_EXISTS_OPEN:
1246 create_disposition = FILE_OPEN;
1249 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1250 create_disposition = FILE_OPEN_IF;
1253 case OPENX_FILE_EXISTS_TRUNCATE:
1254 create_disposition = FILE_OVERWRITE;
1257 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1258 create_disposition = FILE_OVERWRITE_IF;
1262 /* From samba4 - to be confirmed. */
1263 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1264 create_disposition = FILE_CREATE;
1267 DEBUG(10,("map_open_params_to_ntcreate: bad "
1268 "open_func 0x%x\n", (unsigned int)open_func));
1272 /* Create the NT compatible share modes. */
1273 switch (GET_DENY_MODE(deny_mode)) {
1275 share_mode = FILE_SHARE_NONE;
1279 share_mode = FILE_SHARE_READ;
1283 share_mode = FILE_SHARE_WRITE;
1287 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1291 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1292 if (is_executable(smb_fname->base_name)) {
1293 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1295 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1296 share_mode = FILE_SHARE_READ;
1298 share_mode = FILE_SHARE_NONE;
1304 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1305 share_mode = FILE_SHARE_NONE;
1309 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1310 (unsigned int)GET_DENY_MODE(deny_mode) ));
1314 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1315 "share_mode = 0x%x, create_disposition = 0x%x, "
1316 "create_options = 0x%x\n",
1317 smb_fname_str_dbg(smb_fname),
1318 (unsigned int)access_mask,
1319 (unsigned int)share_mode,
1320 (unsigned int)create_disposition,
1321 (unsigned int)create_options ));
1324 *paccess_mask = access_mask;
1327 *pshare_mode = share_mode;
1329 if (pcreate_disposition) {
1330 *pcreate_disposition = create_disposition;
1332 if (pcreate_options) {
1333 *pcreate_options = create_options;
1340 static void schedule_defer_open(struct share_mode_lock *lck,
1341 struct timeval request_time,
1342 struct smb_request *req)
1344 struct deferred_open_record state;
1346 /* This is a relative time, added to the absolute
1347 request_time value to get the absolute timeout time.
1348 Note that if this is the second or greater time we enter
1349 this codepath for this particular request mid then
1350 request_time is left as the absolute time of the *first*
1351 time this request mid was processed. This is what allows
1352 the request to eventually time out. */
1354 struct timeval timeout;
1356 /* Normally the smbd we asked should respond within
1357 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1358 * the client did, give twice the timeout as a safety
1359 * measure here in case the other smbd is stuck
1360 * somewhere else. */
1362 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1364 /* Nothing actually uses state.delayed_for_oplocks
1365 but it's handy to differentiate in debug messages
1366 between a 30 second delay due to oplock break, and
1367 a 1 second delay for share mode conflicts. */
1369 state.delayed_for_oplocks = True;
1372 if (!request_timed_out(request_time, timeout)) {
1373 defer_open(lck, request_time, timeout, req, &state);
1377 /****************************************************************************
1378 Work out what access_mask to use from what the client sent us.
1379 ****************************************************************************/
1381 static NTSTATUS calculate_access_mask(connection_struct *conn,
1382 const struct smb_filename *smb_fname,
1384 uint32_t access_mask,
1385 uint32_t *access_mask_out)
1390 * Convert GENERIC bits to specific bits.
1393 se_map_generic(&access_mask, &file_generic_mapping);
1395 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1396 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1399 struct security_descriptor *sd;
1400 uint32_t access_granted = 0;
1402 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1403 (OWNER_SECURITY_INFORMATION |
1404 GROUP_SECURITY_INFORMATION |
1405 DACL_SECURITY_INFORMATION),&sd);
1407 if (!NT_STATUS_IS_OK(status)) {
1408 DEBUG(10, ("calculate_access_mask: Could not get acl "
1410 smb_fname_str_dbg(smb_fname),
1411 nt_errstr(status)));
1412 return NT_STATUS_ACCESS_DENIED;
1415 status = smb1_file_se_access_check(sd,
1416 conn->server_info->ptok,
1422 if (!NT_STATUS_IS_OK(status)) {
1423 DEBUG(10, ("calculate_access_mask: Access denied on "
1424 "file %s: when calculating maximum access\n",
1425 smb_fname_str_dbg(smb_fname)));
1426 return NT_STATUS_ACCESS_DENIED;
1429 access_mask = access_granted;
1431 access_mask = FILE_GENERIC_ALL;
1435 *access_mask_out = access_mask;
1436 return NT_STATUS_OK;
1439 /****************************************************************************
1440 Open a file with a share mode. Passed in an already created files_struct *.
1441 ****************************************************************************/
1443 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1444 struct smb_request *req,
1445 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1446 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1447 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1448 uint32 create_options, /* options such as delete on close. */
1449 uint32 new_dos_attributes, /* attributes used for new file. */
1450 int oplock_request, /* internal Samba oplock codes. */
1451 /* Information (FILE_EXISTS etc.) */
1455 struct smb_filename *smb_fname = fsp->fsp_name;
1458 bool file_existed = VALID_STAT(smb_fname->st);
1459 bool def_acl = False;
1460 bool posix_open = False;
1461 bool new_file_created = False;
1462 bool clear_ads = false;
1464 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1465 mode_t new_unx_mode = (mode_t)0;
1466 mode_t unx_mode = (mode_t)0;
1468 uint32 existing_dos_attributes = 0;
1469 struct pending_message_list *pml = NULL;
1470 struct timeval request_time = timeval_zero();
1471 struct share_mode_lock *lck = NULL;
1472 uint32 open_access_mask = access_mask;
1478 if (conn->printer) {
1480 * Printers are handled completely differently.
1481 * Most of the passed parameters are ignored.
1485 *pinfo = FILE_WAS_CREATED;
1488 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1489 smb_fname_str_dbg(smb_fname)));
1492 DEBUG(0,("open_file_ntcreate: printer open without "
1493 "an SMB request!\n"));
1494 return NT_STATUS_INTERNAL_ERROR;
1497 return print_fsp_open(req, conn, smb_fname->base_name,
1501 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
1503 return NT_STATUS_NO_MEMORY;
1506 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1508 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1509 new_dos_attributes = 0;
1511 /* We add aARCH to this as this mode is only used if the file is
1513 unx_mode = unix_mode(conn, new_dos_attributes | aARCH,
1514 smb_fname, parent_dir);
1517 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1518 "access_mask=0x%x share_access=0x%x "
1519 "create_disposition = 0x%x create_options=0x%x "
1520 "unix mode=0%o oplock_request=%d\n",
1521 smb_fname_str_dbg(smb_fname), new_dos_attributes,
1522 access_mask, share_access, create_disposition,
1523 create_options, (unsigned int)unx_mode, oplock_request));
1525 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1526 DEBUG(0, ("No smb request but not an internal only open!\n"));
1527 return NT_STATUS_INTERNAL_ERROR;
1531 * Only non-internal opens can be deferred at all
1535 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1536 struct deferred_open_record *state =
1537 (struct deferred_open_record *)pml->private_data.data;
1539 /* Remember the absolute time of the original
1540 request with this mid. We'll use it later to
1541 see if this has timed out. */
1543 request_time = pml->request_time;
1545 /* Remove the deferred open entry under lock. */
1546 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1549 DEBUG(0, ("could not get share mode lock\n"));
1551 del_deferred_open_entry(lck, req->mid);
1555 /* Ensure we don't reprocess this message. */
1556 remove_deferred_open_smb_message(req->mid);
1559 status = check_name(conn, smb_fname->base_name);
1560 if (!NT_STATUS_IS_OK(status)) {
1565 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1567 existing_dos_attributes = dos_mode(conn, smb_fname);
1571 /* ignore any oplock requests if oplocks are disabled */
1572 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1573 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
1574 /* Mask off everything except the private Samba bits. */
1575 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1578 /* this is for OS/2 long file names - say we don't support them */
1579 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
1580 /* OS/2 Workplace shell fix may be main code stream in a later
1582 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1584 if (use_nt_status()) {
1585 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1587 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1590 switch( create_disposition ) {
1592 * Currently we're using FILE_SUPERSEDE as the same as
1593 * FILE_OVERWRITE_IF but they really are
1594 * different. FILE_SUPERSEDE deletes an existing file
1595 * (requiring delete access) then recreates it.
1597 case FILE_SUPERSEDE:
1598 /* If file exists replace/overwrite. If file doesn't
1600 flags2 |= (O_CREAT | O_TRUNC);
1604 case FILE_OVERWRITE_IF:
1605 /* If file exists replace/overwrite. If file doesn't
1607 flags2 |= (O_CREAT | O_TRUNC);
1612 /* If file exists open. If file doesn't exist error. */
1613 if (!file_existed) {
1614 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1615 "requested for file %s and file "
1617 smb_fname_str_dbg(smb_fname)));
1619 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1623 case FILE_OVERWRITE:
1624 /* If file exists overwrite. If file doesn't exist
1626 if (!file_existed) {
1627 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1628 "requested for file %s and file "
1630 smb_fname_str_dbg(smb_fname) ));
1632 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1639 /* If file exists error. If file doesn't exist
1642 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1643 "requested for file %s and file "
1644 "already exists.\n",
1645 smb_fname_str_dbg(smb_fname)));
1646 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
1651 return map_nt_error_from_unix(errno);
1653 flags2 |= (O_CREAT|O_EXCL);
1657 /* If file exists open. If file doesn't exist
1663 return NT_STATUS_INVALID_PARAMETER;
1666 /* We only care about matching attributes on file exists and
1669 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1670 (create_disposition == FILE_OVERWRITE_IF))) {
1671 if (!open_match_attributes(conn, existing_dos_attributes,
1673 smb_fname->st.st_ex_mode,
1674 unx_mode, &new_unx_mode)) {
1675 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1676 "for file %s (%x %x) (0%o, 0%o)\n",
1677 smb_fname_str_dbg(smb_fname),
1678 existing_dos_attributes,
1680 (unsigned int)smb_fname->st.st_ex_mode,
1681 (unsigned int)unx_mode ));
1683 return NT_STATUS_ACCESS_DENIED;
1687 status = calculate_access_mask(conn, smb_fname, file_existed,
1690 if (!NT_STATUS_IS_OK(status)) {
1691 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1692 "on file %s returned %s\n",
1693 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
1697 open_access_mask = access_mask;
1699 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1700 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1703 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1704 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
1708 * Note that we ignore the append flag as append does not
1709 * mean the same thing under DOS and Unix.
1712 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1713 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1714 /* DENY_DOS opens are always underlying read-write on the
1715 file handle, no matter what the requested access mask
1717 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1718 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1728 * Currently we only look at FILE_WRITE_THROUGH for create options.
1732 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1737 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1741 if (!posix_open && !CAN_WRITE(conn)) {
1743 * We should really return a permission denied error if either
1744 * O_CREAT or O_TRUNC are set, but for compatibility with
1745 * older versions of Samba we just AND them out.
1747 flags2 &= ~(O_CREAT|O_TRUNC);
1751 * Ensure we can't write on a read-only share or file.
1754 if (flags != O_RDONLY && file_existed &&
1755 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1756 DEBUG(5,("open_file_ntcreate: write access requested for "
1757 "file %s on read only %s\n",
1758 smb_fname_str_dbg(smb_fname),
1759 !CAN_WRITE(conn) ? "share" : "file" ));
1761 return NT_STATUS_ACCESS_DENIED;
1764 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1765 fsp->share_access = share_access;
1766 fsp->fh->private_options = create_options;
1767 fsp->access_mask = open_access_mask; /* We change this to the
1768 * requested access_mask after
1769 * the open is done. */
1770 fsp->posix_open = posix_open;
1772 /* Ensure no SAMBA_PRIVATE bits can be set. */
1773 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1775 if (timeval_is_zero(&request_time)) {
1776 request_time = fsp->open_time;
1780 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
1781 id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1783 lck = get_share_mode_lock(talloc_tos(), id,
1785 smb_fname, &old_write_time);
1788 DEBUG(0, ("Could not get share mode lock\n"));
1789 return NT_STATUS_SHARING_VIOLATION;
1792 /* First pass - send break only on batch oplocks. */
1794 && delay_for_oplocks(lck, fsp, req->mid, 1,
1796 schedule_defer_open(lck, request_time, req);
1798 return NT_STATUS_SHARING_VIOLATION;
1801 /* Use the client requested access mask here, not the one we
1803 status = open_mode_check(conn, lck, access_mask, share_access,
1804 create_options, &file_existed);
1806 if (NT_STATUS_IS_OK(status)) {
1807 /* We might be going to allow this open. Check oplock
1809 /* Second pass - send break for both batch or
1810 * exclusive oplocks. */
1812 && delay_for_oplocks(lck, fsp, req->mid, 2,
1814 schedule_defer_open(lck, request_time, req);
1816 return NT_STATUS_SHARING_VIOLATION;
1820 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1821 /* DELETE_PENDING is not deferred for a second */
1826 if (!NT_STATUS_IS_OK(status)) {
1827 uint32 can_access_mask;
1828 bool can_access = True;
1830 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1832 /* Check if this can be done with the deny_dos and fcb
1834 if (create_options &
1835 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1836 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1838 DEBUG(0, ("DOS open without an SMB "
1841 return NT_STATUS_INTERNAL_ERROR;
1844 /* Use the client requested access mask here,
1845 * not the one we open with. */
1846 status = fcb_or_dos_open(req,
1857 if (NT_STATUS_IS_OK(status)) {
1860 *pinfo = FILE_WAS_OPENED;
1862 return NT_STATUS_OK;
1867 * This next line is a subtlety we need for
1868 * MS-Access. If a file open will fail due to share
1869 * permissions and also for security (access) reasons,
1870 * we need to return the access failed error, not the
1871 * share error. We can't open the file due to kernel
1872 * oplock deadlock (it's possible we failed above on
1873 * the open_mode_check()) so use a userspace check.
1876 if (flags & O_RDWR) {
1877 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1878 } else if (flags & O_WRONLY) {
1879 can_access_mask = FILE_WRITE_DATA;
1881 can_access_mask = FILE_READ_DATA;
1884 if (((can_access_mask & FILE_WRITE_DATA) &&
1885 !CAN_WRITE(conn)) ||
1886 !can_access_file_data(conn, smb_fname,
1892 * If we're returning a share violation, ensure we
1893 * cope with the braindead 1 second delay.
1896 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1897 lp_defer_sharing_violations()) {
1898 struct timeval timeout;
1899 struct deferred_open_record state;
1902 /* this is a hack to speed up torture tests
1904 timeout_usecs = lp_parm_int(SNUM(conn),
1905 "smbd","sharedelay",
1906 SHARING_VIOLATION_USEC_WAIT);
1908 /* This is a relative time, added to the absolute
1909 request_time value to get the absolute timeout time.
1910 Note that if this is the second or greater time we enter
1911 this codepath for this particular request mid then
1912 request_time is left as the absolute time of the *first*
1913 time this request mid was processed. This is what allows
1914 the request to eventually time out. */
1916 timeout = timeval_set(0, timeout_usecs);
1918 /* Nothing actually uses state.delayed_for_oplocks
1919 but it's handy to differentiate in debug messages
1920 between a 30 second delay due to oplock break, and
1921 a 1 second delay for share mode conflicts. */
1923 state.delayed_for_oplocks = False;
1927 && !request_timed_out(request_time,
1929 defer_open(lck, request_time, timeout,
1937 * We have detected a sharing violation here
1938 * so return the correct error code
1940 status = NT_STATUS_SHARING_VIOLATION;
1942 status = NT_STATUS_ACCESS_DENIED;
1948 * We exit this block with the share entry *locked*.....
1952 SMB_ASSERT(!file_existed || (lck != NULL));
1955 * Ensure we pay attention to default ACLs on directories if required.
1958 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1959 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1963 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1964 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1965 (unsigned int)flags, (unsigned int)flags2,
1966 (unsigned int)unx_mode, (unsigned int)access_mask,
1967 (unsigned int)open_access_mask));
1970 * open_file strips any O_TRUNC flags itself.
1973 fsp_open = open_file(fsp, conn, req, parent_dir,
1974 flags|flags2, unx_mode, access_mask,
1977 if (!NT_STATUS_IS_OK(fsp_open)) {
1984 if (!file_existed) {
1985 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
1987 * Deal with the race condition where two smbd's detect the
1988 * file doesn't exist and do the create at the same time. One
1989 * of them will win and set a share mode, the other (ie. this
1990 * one) should check if the requested share mode for this
1991 * create is allowed.
1995 * Now the file exists and fsp is successfully opened,
1996 * fsp->dev and fsp->inode are valid and should replace the
1997 * dev=0,inode=0 from a non existent file. Spotted by
1998 * Nadav Danieli <nadavd@exanet.com>. JRA.
2003 lck = get_share_mode_lock(talloc_tos(), id,
2005 smb_fname, &old_write_time);
2008 DEBUG(0, ("open_file_ntcreate: Could not get share "
2009 "mode lock for %s\n",
2010 smb_fname_str_dbg(smb_fname)));
2012 return NT_STATUS_SHARING_VIOLATION;
2015 /* First pass - send break only on batch oplocks. */
2017 && delay_for_oplocks(lck, fsp, req->mid, 1,
2019 schedule_defer_open(lck, request_time, req);
2022 return NT_STATUS_SHARING_VIOLATION;
2025 status = open_mode_check(conn, lck, access_mask, share_access,
2026 create_options, &file_existed);
2028 if (NT_STATUS_IS_OK(status)) {
2029 /* We might be going to allow this open. Check oplock
2031 /* Second pass - send break for both batch or
2032 * exclusive oplocks. */
2034 && delay_for_oplocks(lck, fsp, req->mid, 2,
2036 schedule_defer_open(lck, request_time, req);
2039 return NT_STATUS_SHARING_VIOLATION;
2043 if (!NT_STATUS_IS_OK(status)) {
2044 struct deferred_open_record state;
2048 state.delayed_for_oplocks = False;
2051 /* Do it all over again immediately. In the second
2052 * round we will find that the file existed and handle
2053 * the DELETE_PENDING and FCB cases correctly. No need
2054 * to duplicate the code here. Essentially this is a
2055 * "goto top of this function", but don't tell
2059 defer_open(lck, request_time, timeval_zero(),
2067 * We exit this block with the share entry *locked*.....
2072 SMB_ASSERT(lck != NULL);
2074 /* Delete streams if create_disposition requires it */
2075 if (file_existed && clear_ads &&
2076 !is_ntfs_stream_smb_fname(smb_fname)) {
2077 status = delete_all_streams(conn, smb_fname->base_name);
2078 if (!NT_STATUS_IS_OK(status)) {
2085 /* note that we ignore failure for the following. It is
2086 basically a hack for NFS, and NFS will never set one of
2087 these only read them. Nobody but Samba can ever set a deny
2088 mode and we have already checked our more authoritative
2089 locking database for permission to set this deny mode. If
2090 the kernel refuses the operations then the kernel is wrong.
2091 note that GPFS supports it as well - jmcd */
2093 if (fsp->fh->fd != -1) {
2095 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
2096 if(ret_flock == -1 ){
2101 return NT_STATUS_SHARING_VIOLATION;
2106 * At this point onwards, we can guarentee that the share entry
2107 * is locked, whether we created the file or not, and that the
2108 * deny mode is compatible with all current opens.
2112 * If requested, truncate the file.
2115 if (flags2&O_TRUNC) {
2117 * We are modifing the file after open - update the stat
2120 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2121 (SMB_VFS_FSTAT(fsp, &smb_fname->st)==-1)) {
2122 status = map_nt_error_from_unix(errno);
2129 /* Record the options we were opened with. */
2130 fsp->share_access = share_access;
2131 fsp->fh->private_options = create_options;
2133 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2135 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2138 /* stat opens on existing files don't get oplocks. */
2139 if (is_stat_open(open_access_mask)) {
2140 fsp->oplock_type = NO_OPLOCK;
2143 if (!(flags2 & O_TRUNC)) {
2144 info = FILE_WAS_OPENED;
2146 info = FILE_WAS_OVERWRITTEN;
2149 info = FILE_WAS_CREATED;
2157 * Setup the oplock info in both the shared memory and
2161 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2162 /* Could not get the kernel oplock */
2163 fsp->oplock_type = NO_OPLOCK;
2166 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2167 new_file_created = True;
2170 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
2173 /* Handle strange delete on close create semantics. */
2174 if (create_options & FILE_DELETE_ON_CLOSE) {
2176 status = can_set_delete_on_close(fsp, new_dos_attributes);
2178 if (!NT_STATUS_IS_OK(status)) {
2179 /* Remember to delete the mode we just added. */
2180 del_share_mode(lck, fsp);
2185 /* Note that here we set the *inital* delete on close flag,
2186 not the regular one. The magic gets handled in close. */
2187 fsp->initial_delete_on_close = True;
2190 if (new_file_created) {
2191 /* Files should be initially set as archive */
2192 if (lp_map_archive(SNUM(conn)) ||
2193 lp_store_dos_attributes(SNUM(conn))) {
2195 if (file_set_dosmode(conn, smb_fname,
2196 new_dos_attributes | aARCH,
2197 parent_dir, true) == 0) {
2198 unx_mode = smb_fname->st.st_ex_mode;
2205 * Take care of inherited ACLs on created files - if default ACL not
2209 if (!posix_open && !file_existed && !def_acl) {
2211 int saved_errno = errno; /* We might get ENOSYS in the next
2214 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2216 errno = saved_errno; /* Ignore ENOSYS */
2219 } else if (new_unx_mode) {
2223 /* Attributes need changing. File already existed. */
2226 int saved_errno = errno; /* We might get ENOSYS in the
2228 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2230 if (ret == -1 && errno == ENOSYS) {
2231 errno = saved_errno; /* Ignore ENOSYS */
2233 DEBUG(5, ("open_file_ntcreate: reset "
2234 "attributes of file %s to 0%o\n",
2235 smb_fname_str_dbg(smb_fname),
2236 (unsigned int)new_unx_mode));
2237 ret = 0; /* Don't do the fchmod below. */
2242 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2243 DEBUG(5, ("open_file_ntcreate: failed to reset "
2244 "attributes of file %s to 0%o\n",
2245 smb_fname_str_dbg(smb_fname),
2246 (unsigned int)new_unx_mode));
2249 /* If this is a successful open, we must remove any deferred open
2252 del_deferred_open_entry(lck, req->mid);
2256 return NT_STATUS_OK;
2260 /****************************************************************************
2261 Open a file for for write to ensure that we can fchmod it.
2262 ****************************************************************************/
2264 NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn,
2265 struct smb_filename *smb_fname,
2266 files_struct **result)
2268 files_struct *fsp = NULL;
2271 if (!VALID_STAT(smb_fname->st)) {
2272 return NT_STATUS_INVALID_PARAMETER;
2275 status = file_new(req, conn, &fsp);
2276 if(!NT_STATUS_IS_OK(status)) {
2280 status = SMB_VFS_CREATE_FILE(
2283 0, /* root_dir_fid */
2284 smb_fname, /* fname */
2285 FILE_WRITE_DATA, /* access_mask */
2286 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2288 FILE_OPEN, /* create_disposition*/
2289 0, /* create_options */
2290 0, /* file_attributes */
2291 0, /* oplock_request */
2292 0, /* allocation_size */
2299 * This is not a user visible file open.
2300 * Don't set a share mode.
2303 if (!NT_STATUS_IS_OK(status)) {
2304 file_free(req, fsp);
2309 return NT_STATUS_OK;
2312 /****************************************************************************
2313 Close the fchmod file fd - ensure no locks are lost.
2314 ****************************************************************************/
2316 NTSTATUS close_file_fchmod(struct smb_request *req, files_struct *fsp)
2318 NTSTATUS status = fd_close(fsp);
2319 file_free(req, fsp);
2323 static NTSTATUS mkdir_internal(connection_struct *conn,
2324 struct smb_filename *smb_dname,
2325 uint32 file_attributes)
2330 bool posix_open = false;
2332 if(!CAN_WRITE(conn)) {
2333 DEBUG(5,("mkdir_internal: failing create on read-only share "
2334 "%s\n", lp_servicename(SNUM(conn))));
2335 return NT_STATUS_ACCESS_DENIED;
2338 status = check_name(conn, smb_dname->base_name);
2339 if (!NT_STATUS_IS_OK(status)) {
2343 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2345 return NT_STATUS_NO_MEMORY;
2348 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2350 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2352 mode = unix_mode(conn, aDIR, smb_dname, parent_dir);
2355 if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2356 return map_nt_error_from_unix(errno);
2359 /* Ensure we're checking for a symlink here.... */
2360 /* We don't want to get caught by a symlink racer. */
2362 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2363 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2364 smb_fname_str_dbg(smb_dname), strerror(errno)));
2365 return map_nt_error_from_unix(errno);
2368 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2369 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2370 smb_fname_str_dbg(smb_dname)));
2371 return NT_STATUS_ACCESS_DENIED;
2374 if (lp_store_dos_attributes(SNUM(conn))) {
2376 file_set_dosmode(conn, smb_dname,
2377 file_attributes | aDIR,
2382 if (lp_inherit_perms(SNUM(conn))) {
2383 inherit_access_posix_acl(conn, parent_dir,
2384 smb_dname->base_name, mode);
2389 * Check if high bits should have been set,
2390 * then (if bits are missing): add them.
2391 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2394 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2395 (mode & ~smb_dname->st.st_ex_mode)) {
2396 SMB_VFS_CHMOD(conn, smb_dname->base_name,
2397 (smb_dname->st.st_ex_mode |
2398 (mode & ~smb_dname->st.st_ex_mode)));
2402 /* Change the owner if required. */
2403 if (lp_inherit_owner(SNUM(conn))) {
2404 change_dir_owner_to_parent(conn, parent_dir,
2405 smb_dname->base_name,
2409 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2410 smb_dname->base_name);
2412 return NT_STATUS_OK;
2415 /****************************************************************************
2416 Open a directory from an NT SMB call.
2417 ****************************************************************************/
2419 static NTSTATUS open_directory(connection_struct *conn,
2420 struct smb_request *req,
2421 struct smb_filename *smb_dname,
2423 uint32 share_access,
2424 uint32 create_disposition,
2425 uint32 create_options,
2426 uint32 file_attributes,
2428 files_struct **result)
2430 files_struct *fsp = NULL;
2431 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
2432 struct share_mode_lock *lck = NULL;
2434 struct timespec mtimespec;
2437 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
2439 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2440 "share_access = 0x%x create_options = 0x%x, "
2441 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2442 smb_fname_str_dbg(smb_dname),
2443 (unsigned int)access_mask,
2444 (unsigned int)share_access,
2445 (unsigned int)create_options,
2446 (unsigned int)create_disposition,
2447 (unsigned int)file_attributes));
2449 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2450 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2451 is_ntfs_stream_smb_fname(smb_dname)) {
2452 DEBUG(2, ("open_directory: %s is a stream name!\n",
2453 smb_fname_str_dbg(smb_dname)));
2454 return NT_STATUS_NOT_A_DIRECTORY;
2457 status = calculate_access_mask(conn, smb_dname, dir_existed,
2458 access_mask, &access_mask);
2459 if (!NT_STATUS_IS_OK(status)) {
2460 DEBUG(10, ("open_directory: calculate_access_mask "
2461 "on file %s returned %s\n",
2462 smb_fname_str_dbg(smb_dname),
2463 nt_errstr(status)));
2467 /* We need to support SeSecurityPrivilege for this. */
2468 if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
2469 DEBUG(10, ("open_directory: open on %s "
2470 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2471 smb_fname_str_dbg(smb_dname)));
2472 return NT_STATUS_PRIVILEGE_NOT_HELD;
2475 switch( create_disposition ) {
2478 info = FILE_WAS_OPENED;
2481 * We want to follow symlinks here.
2484 if (SMB_VFS_STAT(conn, smb_dname) != 0) {
2485 return map_nt_error_from_unix(errno);
2492 /* If directory exists error. If directory doesn't
2495 status = mkdir_internal(conn, smb_dname,
2498 if (!NT_STATUS_IS_OK(status)) {
2499 DEBUG(2, ("open_directory: unable to create "
2500 "%s. Error was %s\n",
2501 smb_fname_str_dbg(smb_dname),
2502 nt_errstr(status)));
2506 info = FILE_WAS_CREATED;
2511 * If directory exists open. If directory doesn't
2515 status = mkdir_internal(conn, smb_dname,
2518 if (NT_STATUS_IS_OK(status)) {
2519 info = FILE_WAS_CREATED;
2522 if (NT_STATUS_EQUAL(status,
2523 NT_STATUS_OBJECT_NAME_COLLISION)) {
2524 info = FILE_WAS_OPENED;
2525 status = NT_STATUS_OK;
2530 case FILE_SUPERSEDE:
2531 case FILE_OVERWRITE:
2532 case FILE_OVERWRITE_IF:
2534 DEBUG(5,("open_directory: invalid create_disposition "
2535 "0x%x for directory %s\n",
2536 (unsigned int)create_disposition,
2537 smb_fname_str_dbg(smb_dname)));
2538 return NT_STATUS_INVALID_PARAMETER;
2541 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
2542 DEBUG(5,("open_directory: %s is not a directory !\n",
2543 smb_fname_str_dbg(smb_dname)));
2544 return NT_STATUS_NOT_A_DIRECTORY;
2547 if (info == FILE_WAS_OPENED) {
2548 uint32_t access_granted = 0;
2549 status = smbd_check_open_rights(conn, smb_dname, access_mask,
2552 /* Were we trying to do a directory open
2553 * for delete and didn't get DELETE
2554 * access (only) ? Check if the
2555 * directory allows DELETE_CHILD.
2557 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
2560 if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
2561 (access_mask & DELETE_ACCESS) &&
2562 (access_granted == DELETE_ACCESS) &&
2563 can_delete_file_in_directory(conn, smb_dname))) {
2564 DEBUG(10,("open_directory: overrode ACCESS_DENIED "
2565 "on directory %s\n",
2566 smb_fname_str_dbg(smb_dname)));
2567 status = NT_STATUS_OK;
2570 if (!NT_STATUS_IS_OK(status)) {
2571 DEBUG(10, ("open_directory: smbd_check_open_rights on "
2572 "file %s failed with %s\n",
2573 smb_fname_str_dbg(smb_dname),
2574 nt_errstr(status)));
2579 status = file_new(req, conn, &fsp);
2580 if(!NT_STATUS_IS_OK(status)) {
2585 * Setup the files_struct for it.
2588 fsp->mode = smb_dname->st.st_ex_mode;
2589 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
2590 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2591 fsp->file_pid = req ? req->smbpid : 0;
2592 fsp->can_lock = False;
2593 fsp->can_read = False;
2594 fsp->can_write = False;
2596 fsp->share_access = share_access;
2597 fsp->fh->private_options = create_options;
2599 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2601 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2602 fsp->print_file = False;
2603 fsp->modified = False;
2604 fsp->oplock_type = NO_OPLOCK;
2605 fsp->sent_oplock_break = NO_BREAK_SENT;
2606 fsp->is_directory = True;
2607 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2608 status = fsp_set_smb_fname(fsp, smb_dname);
2609 if (!NT_STATUS_IS_OK(status)) {
2613 mtimespec = smb_dname->st.st_ex_mtime;
2615 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2616 conn->connectpath, smb_dname, &mtimespec);
2619 DEBUG(0, ("open_directory: Could not get share mode lock for "
2620 "%s\n", smb_fname_str_dbg(smb_dname)));
2621 file_free(req, fsp);
2622 return NT_STATUS_SHARING_VIOLATION;
2625 status = open_mode_check(conn, lck, access_mask, share_access,
2626 create_options, &dir_existed);
2628 if (!NT_STATUS_IS_OK(status)) {
2630 file_free(req, fsp);
2634 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
2636 /* For directories the delete on close bit at open time seems
2637 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2638 if (create_options & FILE_DELETE_ON_CLOSE) {
2639 status = can_set_delete_on_close(fsp, 0);
2640 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2642 file_free(req, fsp);
2646 if (NT_STATUS_IS_OK(status)) {
2647 /* Note that here we set the *inital* delete on close flag,
2648 not the regular one. The magic gets handled in close. */
2649 fsp->initial_delete_on_close = True;
2660 return NT_STATUS_OK;
2663 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
2664 struct smb_filename *smb_dname)
2669 status = SMB_VFS_CREATE_FILE(
2672 0, /* root_dir_fid */
2673 smb_dname, /* fname */
2674 FILE_READ_ATTRIBUTES, /* access_mask */
2675 FILE_SHARE_NONE, /* share_access */
2676 FILE_CREATE, /* create_disposition*/
2677 FILE_DIRECTORY_FILE, /* create_options */
2678 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
2679 0, /* oplock_request */
2680 0, /* allocation_size */
2686 if (NT_STATUS_IS_OK(status)) {
2687 close_file(req, fsp, NORMAL_CLOSE);
2693 /****************************************************************************
2694 Receive notification that one of our open files has been renamed by another
2696 ****************************************************************************/
2698 void msg_file_was_renamed(struct messaging_context *msg,
2701 struct server_id server_id,
2705 char *frm = (char *)data->data;
2707 const char *sharepath;
2708 const char *base_name;
2709 const char *stream_name;
2710 struct smb_filename *smb_fname = NULL;
2711 size_t sp_len, bn_len;
2714 if (data->data == NULL
2715 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2716 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2717 (int)data->length));
2721 /* Unpack the message. */
2722 pull_file_id_24(frm, &id);
2723 sharepath = &frm[24];
2724 sp_len = strlen(sharepath);
2725 base_name = sharepath + sp_len + 1;
2726 bn_len = strlen(base_name);
2727 stream_name = sharepath + sp_len + 1 + bn_len + 1;
2729 /* stream_name must always be NULL if there is no stream. */
2730 if (stream_name[0] == '\0') {
2734 status = create_synthetic_smb_fname(talloc_tos(), base_name,
2735 stream_name, NULL, &smb_fname);
2736 if (!NT_STATUS_IS_OK(status)) {
2740 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2742 sharepath, smb_fname_str_dbg(smb_fname),
2743 file_id_string_tos(&id)));
2745 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2746 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2748 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2749 fsp->fnum, fsp_str_dbg(fsp),
2750 smb_fname_str_dbg(smb_fname)));
2751 status = fsp_set_smb_fname(fsp, smb_fname);
2752 if (!NT_STATUS_IS_OK(status)) {
2757 /* Now we have the complete path we can work out if this is
2758 actually within this share and adjust newname accordingly. */
2759 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2760 "not sharepath %s) "
2761 "fnum %d from %s -> %s\n",
2762 fsp->conn->connectpath,
2766 smb_fname_str_dbg(smb_fname)));
2770 TALLOC_FREE(smb_fname);
2775 * If a main file is opened for delete, all streams need to be checked for
2776 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2777 * If that works, delete them all by setting the delete on close and close.
2780 NTSTATUS open_streams_for_delete(connection_struct *conn,
2783 struct stream_struct *stream_info;
2784 files_struct **streams;
2786 unsigned int num_streams;
2787 TALLOC_CTX *frame = talloc_stackframe();
2790 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2791 &num_streams, &stream_info);
2793 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2794 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2795 DEBUG(10, ("no streams around\n"));
2797 return NT_STATUS_OK;
2800 if (!NT_STATUS_IS_OK(status)) {
2801 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2802 nt_errstr(status)));
2806 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2809 if (num_streams == 0) {
2811 return NT_STATUS_OK;
2814 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2815 if (streams == NULL) {
2816 DEBUG(0, ("talloc failed\n"));
2817 status = NT_STATUS_NO_MEMORY;
2821 for (i=0; i<num_streams; i++) {
2822 struct smb_filename *smb_fname = NULL;
2824 if (strequal(stream_info[i].name, "::$DATA")) {
2829 status = create_synthetic_smb_fname(talloc_tos(), fname,
2830 stream_info[i].name,
2832 if (!NT_STATUS_IS_OK(status)) {
2836 if (SMB_VFS_STAT(conn, smb_fname) == -1) {
2837 DEBUG(10, ("Unable to stat stream: %s\n",
2838 smb_fname_str_dbg(smb_fname)));
2841 status = SMB_VFS_CREATE_FILE(
2844 0, /* root_dir_fid */
2845 smb_fname, /* fname */
2846 DELETE_ACCESS, /* access_mask */
2847 (FILE_SHARE_READ | /* share_access */
2848 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
2849 FILE_OPEN, /* create_disposition*/
2850 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2851 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2852 0, /* oplock_request */
2853 0, /* allocation_size */
2856 &streams[i], /* result */
2859 if (!NT_STATUS_IS_OK(status)) {
2860 DEBUG(10, ("Could not open stream %s: %s\n",
2861 smb_fname_str_dbg(smb_fname),
2862 nt_errstr(status)));
2864 TALLOC_FREE(smb_fname);
2867 TALLOC_FREE(smb_fname);
2871 * don't touch the variable "status" beyond this point :-)
2874 for (i -= 1 ; i >= 0; i--) {
2875 if (streams[i] == NULL) {
2879 DEBUG(10, ("Closing stream # %d, %s\n", i,
2880 fsp_str_dbg(streams[i])));
2881 close_file(NULL, streams[i], NORMAL_CLOSE);
2890 * Wrapper around open_file_ntcreate and open_directory
2893 static NTSTATUS create_file_unixpath(connection_struct *conn,
2894 struct smb_request *req,
2895 struct smb_filename *smb_fname,
2896 uint32_t access_mask,
2897 uint32_t share_access,
2898 uint32_t create_disposition,
2899 uint32_t create_options,
2900 uint32_t file_attributes,
2901 uint32_t oplock_request,
2902 uint64_t allocation_size,
2903 struct security_descriptor *sd,
2904 struct ea_list *ea_list,
2906 files_struct **result,
2909 int info = FILE_WAS_OPENED;
2910 files_struct *base_fsp = NULL;
2911 files_struct *fsp = NULL;
2914 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2915 "file_attributes = 0x%x, share_access = 0x%x, "
2916 "create_disposition = 0x%x create_options = 0x%x "
2917 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2919 (unsigned int)access_mask,
2920 (unsigned int)file_attributes,
2921 (unsigned int)share_access,
2922 (unsigned int)create_disposition,
2923 (unsigned int)create_options,
2924 (unsigned int)oplock_request,
2925 ea_list, sd, smb_fname_str_dbg(smb_fname)));
2927 if (create_options & FILE_OPEN_BY_FILE_ID) {
2928 status = NT_STATUS_NOT_SUPPORTED;
2932 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2933 status = NT_STATUS_INVALID_PARAMETER;
2938 oplock_request |= INTERNAL_OPEN_ONLY;
2941 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2942 && (access_mask & DELETE_ACCESS)
2943 && !is_ntfs_stream_smb_fname(smb_fname)) {
2945 * We can't open a file with DELETE access if any of the
2946 * streams is open without FILE_SHARE_DELETE
2948 status = open_streams_for_delete(conn, smb_fname->base_name);
2950 if (!NT_STATUS_IS_OK(status)) {
2955 /* This is the correct thing to do (check every time) but can_delete
2956 * is expensive (it may have to read the parent directory
2957 * permissions). So for now we're not doing it unless we have a strong
2958 * hint the client is really going to delete this file. If the client
2959 * is forcing FILE_CREATE let the filesystem take care of the
2962 /* Setting FILE_SHARE_DELETE is the hint. */
2964 if (lp_acl_check_permissions(SNUM(conn))
2965 && (create_disposition != FILE_CREATE)
2966 && (share_access & FILE_SHARE_DELETE)
2967 && (access_mask & DELETE_ACCESS)
2968 && (!(can_delete_file_in_directory(conn, smb_fname) ||
2969 can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {
2970 status = NT_STATUS_ACCESS_DENIED;
2971 DEBUG(10,("create_file_unixpath: open file %s "
2972 "for delete ACCESS_DENIED\n",
2973 smb_fname_str_dbg(smb_fname)));
2978 /* We need to support SeSecurityPrivilege for this. */
2979 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2980 !user_has_privileges(current_user.nt_user_token,
2982 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2986 /* We need to support SeSecurityPrivilege for this. */
2987 if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
2988 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2991 /* Don't allow a SACL set from an NTtrans create until we
2992 * support SeSecurityPrivilege. */
2993 if (!VALID_STAT(smb_fname->st) &&
2994 lp_nt_acl_support(SNUM(conn)) &&
2995 sd && (sd->sacl != NULL)) {
2996 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3001 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3002 && is_ntfs_stream_smb_fname(smb_fname)
3003 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
3004 uint32 base_create_disposition;
3005 struct smb_filename *smb_fname_base = NULL;
3007 if (create_options & FILE_DIRECTORY_FILE) {
3008 status = NT_STATUS_NOT_A_DIRECTORY;
3012 switch (create_disposition) {
3014 base_create_disposition = FILE_OPEN;
3017 base_create_disposition = FILE_OPEN_IF;
3021 /* Create an smb_filename with stream_name == NULL. */
3022 status = create_synthetic_smb_fname(talloc_tos(),
3023 smb_fname->base_name,
3026 if (!NT_STATUS_IS_OK(status)) {
3030 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
3031 DEBUG(10, ("Unable to stat stream: %s\n",
3032 smb_fname_str_dbg(smb_fname_base)));
3035 /* Open the base file. */
3036 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
3039 | FILE_SHARE_DELETE,
3040 base_create_disposition,
3041 0, 0, 0, 0, NULL, NULL,
3043 TALLOC_FREE(smb_fname_base);
3045 if (!NT_STATUS_IS_OK(status)) {
3046 DEBUG(10, ("create_file_unixpath for base %s failed: "
3047 "%s\n", smb_fname->base_name,
3048 nt_errstr(status)));
3051 /* we don't need to low level fd */
3056 * If it's a request for a directory open, deal with it separately.
3059 if (create_options & FILE_DIRECTORY_FILE) {
3061 if (create_options & FILE_NON_DIRECTORY_FILE) {
3062 status = NT_STATUS_INVALID_PARAMETER;
3066 /* Can't open a temp directory. IFS kit test. */
3067 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
3068 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
3069 status = NT_STATUS_INVALID_PARAMETER;
3074 * We will get a create directory here if the Win32
3075 * app specified a security descriptor in the
3076 * CreateDirectory() call.
3080 status = open_directory(
3081 conn, req, smb_fname, access_mask, share_access,
3082 create_disposition, create_options, file_attributes,
3087 * Ordinary file case.
3090 status = file_new(req, conn, &fsp);
3091 if(!NT_STATUS_IS_OK(status)) {
3095 status = fsp_set_smb_fname(fsp, smb_fname);
3096 if (!NT_STATUS_IS_OK(status)) {
3101 * We're opening the stream element of a base_fsp
3102 * we already opened. Set up the base_fsp pointer.
3105 fsp->base_fsp = base_fsp;
3108 status = open_file_ntcreate(conn,
3119 if(!NT_STATUS_IS_OK(status)) {
3120 file_free(req, fsp);
3124 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3126 /* A stream open never opens a directory */
3129 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3134 * Fail the open if it was explicitly a non-directory
3138 if (create_options & FILE_NON_DIRECTORY_FILE) {
3139 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3144 status = open_directory(
3145 conn, req, smb_fname, access_mask,
3146 share_access, create_disposition,
3147 create_options, file_attributes,
3152 if (!NT_STATUS_IS_OK(status)) {
3156 fsp->base_fsp = base_fsp;
3159 * According to the MS documentation, the only time the security
3160 * descriptor is applied to the opened file is iff we *created* the
3161 * file; an existing file stays the same.
3163 * Also, it seems (from observation) that you can open the file with
3164 * any access mask but you can still write the sd. We need to override
3165 * the granted access before we call set_sd
3166 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3169 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3170 && lp_nt_acl_support(SNUM(conn))) {
3172 uint32_t sec_info_sent;
3173 uint32_t saved_access_mask = fsp->access_mask;
3175 sec_info_sent = get_sec_info(sd);
3177 fsp->access_mask = FILE_GENERIC_ALL;
3179 /* Convert all the generic bits. */
3180 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3181 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3183 if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
3184 GROUP_SECURITY_INFORMATION|
3185 DACL_SECURITY_INFORMATION|
3186 SACL_SECURITY_INFORMATION)) {
3187 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3190 fsp->access_mask = saved_access_mask;
3192 if (!NT_STATUS_IS_OK(status)) {
3197 if ((ea_list != NULL) &&
3198 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
3199 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
3200 if (!NT_STATUS_IS_OK(status)) {
3205 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
3206 status = NT_STATUS_ACCESS_DENIED;
3210 /* Save the requested allocation size. */
3211 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3213 && (allocation_size > fsp->fsp_name->st.st_ex_size)) {
3214 fsp->initial_allocation_size = smb_roundup(
3215 fsp->conn, allocation_size);
3216 if (fsp->is_directory) {
3217 /* Can't set allocation size on a directory. */
3218 status = NT_STATUS_ACCESS_DENIED;
3221 if (vfs_allocate_file_space(
3222 fsp, fsp->initial_allocation_size) == -1) {
3223 status = NT_STATUS_DISK_FULL;
3227 fsp->initial_allocation_size = smb_roundup(
3228 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
3232 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3235 if (pinfo != NULL) {
3239 smb_fname->st = fsp->fsp_name->st;
3241 return NT_STATUS_OK;
3244 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3247 if (base_fsp && fsp->base_fsp == base_fsp) {
3249 * The close_file below will close
3254 close_file(req, fsp, ERROR_CLOSE);
3257 if (base_fsp != NULL) {
3258 close_file(req, base_fsp, ERROR_CLOSE);
3265 * Calculate the full path name given a relative fid.
3267 NTSTATUS get_relative_fid_filename(connection_struct *conn,
3268 struct smb_request *req,
3269 uint16_t root_dir_fid,
3270 struct smb_filename *smb_fname)
3272 files_struct *dir_fsp;
3273 char *parent_fname = NULL;
3274 char *new_base_name = NULL;
3277 if (root_dir_fid == 0 || !smb_fname) {
3278 status = NT_STATUS_INTERNAL_ERROR;
3282 dir_fsp = file_fsp(req, root_dir_fid);
3284 if (dir_fsp == NULL) {
3285 status = NT_STATUS_INVALID_HANDLE;
3289 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
3290 status = NT_STATUS_INVALID_HANDLE;
3294 if (!dir_fsp->is_directory) {
3297 * Check to see if this is a mac fork of some kind.
3300 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3301 is_ntfs_stream_smb_fname(smb_fname)) {
3302 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3307 we need to handle the case when we get a
3308 relative open relative to a file and the
3309 pathname is blank - this is a reopen!
3310 (hint from demyn plantenberg)
3313 status = NT_STATUS_INVALID_HANDLE;
3317 if (ISDOT(dir_fsp->fsp_name->base_name)) {
3319 * We're at the toplevel dir, the final file name
3320 * must not contain ./, as this is filtered out
3321 * normally by srvstr_get_path and unix_convert
3322 * explicitly rejects paths containing ./.
3324 parent_fname = talloc_strdup(talloc_tos(), "");
3325 if (parent_fname == NULL) {
3326 status = NT_STATUS_NO_MEMORY;
3330 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
3333 * Copy in the base directory name.
3336 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3338 if (parent_fname == NULL) {
3339 status = NT_STATUS_NO_MEMORY;
3342 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
3346 * Ensure it ends in a '/'.
3347 * We used TALLOC_SIZE +2 to add space for the '/'.
3351 && (parent_fname[dir_name_len-1] != '\\')
3352 && (parent_fname[dir_name_len-1] != '/')) {
3353 parent_fname[dir_name_len] = '/';
3354 parent_fname[dir_name_len+1] = '\0';
3358 new_base_name = talloc_asprintf(smb_fname, "%s%s", parent_fname,
3359 smb_fname->base_name);
3360 if (new_base_name == NULL) {
3361 status = NT_STATUS_NO_MEMORY;
3365 TALLOC_FREE(smb_fname->base_name);
3366 smb_fname->base_name = new_base_name;
3367 status = NT_STATUS_OK;
3370 TALLOC_FREE(parent_fname);
3374 NTSTATUS create_file_default(connection_struct *conn,
3375 struct smb_request *req,
3376 uint16_t root_dir_fid,
3377 struct smb_filename *smb_fname,
3378 uint32_t access_mask,
3379 uint32_t share_access,
3380 uint32_t create_disposition,
3381 uint32_t create_options,
3382 uint32_t file_attributes,
3383 uint32_t oplock_request,
3384 uint64_t allocation_size,
3385 struct security_descriptor *sd,
3386 struct ea_list *ea_list,
3387 files_struct **result,
3390 int info = FILE_WAS_OPENED;
3391 files_struct *fsp = NULL;
3394 DEBUG(10,("create_file: access_mask = 0x%x "
3395 "file_attributes = 0x%x, share_access = 0x%x, "
3396 "create_disposition = 0x%x create_options = 0x%x "
3397 "oplock_request = 0x%x "
3398 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3400 (unsigned int)access_mask,
3401 (unsigned int)file_attributes,
3402 (unsigned int)share_access,
3403 (unsigned int)create_disposition,
3404 (unsigned int)create_options,
3405 (unsigned int)oplock_request,
3406 (unsigned int)root_dir_fid,
3407 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3410 * Calculate the filename from the root_dir_if if necessary.
3413 if (root_dir_fid != 0) {
3414 status = get_relative_fid_filename(conn, req, root_dir_fid,
3416 if (!NT_STATUS_IS_OK(status)) {
3422 * Check to see if this is a mac fork of some kind.
3425 if (is_ntfs_stream_smb_fname(smb_fname)) {
3426 enum FAKE_FILE_TYPE fake_file_type;
3428 fake_file_type = is_fake_file(smb_fname);
3430 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3433 * Here we go! support for changing the disk quotas
3436 * We need to fake up to open this MAGIC QUOTA file
3437 * and return a valid FID.
3439 * w2k close this file directly after openening xp
3440 * also tries a QUERY_FILE_INFO on the file and then
3443 status = open_fake_file(req, conn, req->vuid,
3444 fake_file_type, smb_fname,
3446 if (!NT_STATUS_IS_OK(status)) {
3450 ZERO_STRUCT(smb_fname->st);
3454 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3455 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3460 /* All file access must go through check_name() */
3462 status = check_name(conn, smb_fname->base_name);
3463 if (!NT_STATUS_IS_OK(status)) {
3467 status = create_file_unixpath(
3468 conn, req, smb_fname, access_mask, share_access,
3469 create_disposition, create_options, file_attributes,
3470 oplock_request, allocation_size, sd, ea_list,
3473 if (!NT_STATUS_IS_OK(status)) {
3478 DEBUG(10, ("create_file: info=%d\n", info));
3481 if (pinfo != NULL) {
3484 return NT_STATUS_OK;
3487 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3490 close_file(req, fsp, ERROR_CLOSE);
git.samba.org / ira / wip.git / blob