2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 extern const struct generic_mapping file_generic_mapping;
25 extern struct current_user current_user;
26 extern userdom_struct current_user_info;
27 extern bool global_client_failed_oplock_break;
29 struct deferred_open_record {
30 bool delayed_for_oplocks;
34 /****************************************************************************
35 fd support routines - attempt to do a dos_open.
36 ****************************************************************************/
38 static NTSTATUS fd_open(struct connection_struct *conn,
44 NTSTATUS status = NT_STATUS_OK;
48 * Never follow symlinks on a POSIX client. The
49 * client should be doing this.
52 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
57 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
58 if (fsp->fh->fd == -1) {
59 status = map_nt_error_from_unix(errno);
62 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
63 fname, flags, (int)mode, fsp->fh->fd,
64 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
69 /****************************************************************************
70 Close the file associated with a fsp.
71 ****************************************************************************/
73 NTSTATUS fd_close(files_struct *fsp)
75 if (fsp->fh->fd == -1) {
76 return NT_STATUS_OK; /* What we used to call a stat open. */
78 if (fsp->fh->ref_count > 1) {
79 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
81 return fd_close_posix(fsp);
84 /****************************************************************************
85 Change the ownership of a file to that of the parent directory.
86 Do this by fd if possible.
87 ****************************************************************************/
89 static void change_file_owner_to_parent(connection_struct *conn,
90 const char *inherit_from_dir,
93 SMB_STRUCT_STAT parent_st;
96 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
98 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
99 "directory %s. Error was %s\n",
100 inherit_from_dir, strerror(errno) ));
105 ret = SMB_VFS_FCHOWN(fsp, fsp->fh->fd, parent_st.st_uid, (gid_t)-1);
108 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
109 "file %s to parent directory uid %u. Error "
110 "was %s\n", fsp->fsp_name,
111 (unsigned int)parent_st.st_uid,
115 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
116 "parent directory uid %u.\n", fsp->fsp_name,
117 (unsigned int)parent_st.st_uid ));
120 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
121 const char *inherit_from_dir,
123 SMB_STRUCT_STAT *psbuf)
125 char *saved_dir = NULL;
126 SMB_STRUCT_STAT sbuf;
127 SMB_STRUCT_STAT parent_st;
128 TALLOC_CTX *ctx = talloc_stackframe();
129 NTSTATUS status = NT_STATUS_OK;
132 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
134 status = map_nt_error_from_unix(errno);
135 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
136 "directory %s. Error was %s\n",
137 inherit_from_dir, strerror(errno) ));
142 /* We've already done an lstat into psbuf, and we know it's a
143 directory. If we can cd into the directory and the dev/ino
144 are the same then we can safely chown without races as
145 we're locking the directory in place by being in it. This
146 should work on any UNIX (thanks tridge :-). JRA.
149 saved_dir = vfs_GetWd(ctx,conn);
151 status = map_nt_error_from_unix(errno);
152 DEBUG(0,("change_dir_owner_to_parent: failed to get "
153 "current working directory. Error was %s\n",
159 /* Chdir into the new path. */
160 if (vfs_ChDir(conn, fname) == -1) {
161 status = map_nt_error_from_unix(errno);
162 DEBUG(0,("change_dir_owner_to_parent: failed to change "
163 "current working directory to %s. Error "
164 "was %s\n", fname, strerror(errno) ));
168 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
169 status = map_nt_error_from_unix(errno);
170 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
171 "directory '.' (%s) Error was %s\n",
172 fname, strerror(errno)));
176 /* Ensure we're pointing at the same place. */
177 if (sbuf.st_dev != psbuf->st_dev ||
178 sbuf.st_ino != psbuf->st_ino ||
179 sbuf.st_mode != psbuf->st_mode ) {
180 DEBUG(0,("change_dir_owner_to_parent: "
181 "device/inode/mode on directory %s changed. "
182 "Refusing to chown !\n", fname ));
183 status = NT_STATUS_ACCESS_DENIED;
188 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
191 status = map_nt_error_from_unix(errno);
192 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
193 "directory %s to parent directory uid %u. "
194 "Error was %s\n", fname,
195 (unsigned int)parent_st.st_uid, strerror(errno) ));
199 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
200 "directory %s to parent directory uid %u.\n",
201 fname, (unsigned int)parent_st.st_uid ));
206 vfs_ChDir(conn,saved_dir);
210 /****************************************************************************
212 ****************************************************************************/
214 static NTSTATUS open_file(files_struct *fsp,
215 connection_struct *conn,
216 struct smb_request *req,
217 const char *parent_dir,
220 SMB_STRUCT_STAT *psbuf,
223 uint32 access_mask, /* client requested access mask. */
224 uint32 open_access_mask) /* what we're actually using in the open. */
226 NTSTATUS status = NT_STATUS_OK;
227 int accmode = (flags & O_ACCMODE);
228 int local_flags = flags;
229 bool file_existed = VALID_STAT(*psbuf);
234 /* Check permissions */
237 * This code was changed after seeing a client open request
238 * containing the open mode of (DENY_WRITE/read-only) with
239 * the 'create if not exist' bit set. The previous code
240 * would fail to open the file read only on a read-only share
241 * as it was checking the flags parameter directly against O_RDONLY,
242 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
246 if (!CAN_WRITE(conn)) {
247 /* It's a read-only share - fail if we wanted to write. */
248 if(accmode != O_RDONLY) {
249 DEBUG(3,("Permission denied opening %s\n", path));
250 return NT_STATUS_ACCESS_DENIED;
251 } else if(flags & O_CREAT) {
252 /* We don't want to write - but we must make sure that
253 O_CREAT doesn't create the file if we have write
254 access into the directory.
257 local_flags &= ~O_CREAT;
262 * This little piece of insanity is inspired by the
263 * fact that an NT client can open a file for O_RDONLY,
264 * but set the create disposition to FILE_EXISTS_TRUNCATE.
265 * If the client *can* write to the file, then it expects to
266 * truncate the file, even though it is opening for readonly.
267 * Quicken uses this stupid trick in backup file creation...
268 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
269 * for helping track this one down. It didn't bite us in 2.0.x
270 * as we always opened files read-write in that release. JRA.
273 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
274 DEBUG(10,("open_file: truncate requested on read-only open "
275 "for file %s\n", path));
276 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
279 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
280 (!file_existed && (local_flags & O_CREAT)) ||
281 ((local_flags & O_TRUNC) == O_TRUNC) ) {
284 * We can't actually truncate here as the file may be locked.
285 * open_file_ntcreate will take care of the truncate later. JRA.
288 local_flags &= ~O_TRUNC;
290 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
292 * We would block on opening a FIFO with no one else on the
293 * other end. Do what we used to do and add O_NONBLOCK to the
297 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
298 local_flags |= O_NONBLOCK;
302 /* Don't create files with Microsoft wildcard characters. */
303 if ((local_flags & O_CREAT) && !file_existed &&
305 return NT_STATUS_OBJECT_NAME_INVALID;
308 /* Actually do the open */
309 status = fd_open(conn, path, fsp, local_flags, unx_mode);
310 if (!NT_STATUS_IS_OK(status)) {
311 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
313 path,nt_errstr(status),local_flags,flags));
317 if ((local_flags & O_CREAT) && !file_existed) {
319 /* Inherit the ACL if required */
320 if (lp_inherit_perms(SNUM(conn))) {
321 inherit_access_acl(conn, parent_dir, path,
325 /* Change the owner if required. */
326 if (lp_inherit_owner(SNUM(conn))) {
327 change_file_owner_to_parent(conn, parent_dir,
331 notify_fname(conn, NOTIFY_ACTION_ADDED,
332 FILE_NOTIFY_CHANGE_FILE_NAME, path);
336 fsp->fh->fd = -1; /* What we used to call a stat open. */
342 if (fsp->fh->fd == -1) {
343 ret = SMB_VFS_STAT(conn, path, psbuf);
345 ret = SMB_VFS_FSTAT(fsp, psbuf);
346 /* If we have an fd, this stat should succeed. */
348 DEBUG(0,("Error doing fstat on open file %s "
349 "(%s)\n", path,strerror(errno) ));
353 /* For a non-io open, this stat failing means file not found. JRA */
355 status = map_nt_error_from_unix(errno);
362 * POSIX allows read-only opens of directories. We don't
363 * want to do this (we use a different code path for this)
364 * so catch a directory open and return an EISDIR. JRA.
367 if(S_ISDIR(psbuf->st_mode)) {
370 return NT_STATUS_FILE_IS_A_DIRECTORY;
373 fsp->mode = psbuf->st_mode;
374 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
375 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
376 fsp->file_pid = req ? req->smbpid : 0;
377 fsp->can_lock = True;
378 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
379 if (!CAN_WRITE(conn)) {
380 fsp->can_write = False;
382 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
385 fsp->print_file = False;
386 fsp->modified = False;
387 fsp->sent_oplock_break = NO_BREAK_SENT;
388 fsp->is_directory = False;
389 fsp->is_stat = False;
390 if (conn->aio_write_behind_list &&
391 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
392 fsp->aio_write_behind = True;
395 string_set(&fsp->fsp_name, path);
396 fsp->wcp = NULL; /* Write cache pointer. */
398 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
399 *current_user_info.smb_name ?
400 current_user_info.smb_name : conn->user,fsp->fsp_name,
401 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
402 conn->num_files_open + 1));
408 /*******************************************************************
409 Return True if the filename is one of the special executable types.
410 ********************************************************************/
412 static bool is_executable(const char *fname)
414 if ((fname = strrchr_m(fname,'.'))) {
415 if (strequal(fname,".com") ||
416 strequal(fname,".dll") ||
417 strequal(fname,".exe") ||
418 strequal(fname,".sym")) {
425 /****************************************************************************
426 Check if we can open a file with a share mode.
427 Returns True if conflict, False if not.
428 ****************************************************************************/
430 static bool share_conflict(struct share_mode_entry *entry,
434 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
435 "entry->share_access = 0x%x, "
436 "entry->private_options = 0x%x\n",
437 (unsigned int)entry->access_mask,
438 (unsigned int)entry->share_access,
439 (unsigned int)entry->private_options));
441 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
442 (unsigned int)access_mask, (unsigned int)share_access));
444 if ((entry->access_mask & (FILE_WRITE_DATA|
448 DELETE_ACCESS)) == 0) {
449 DEBUG(10,("share_conflict: No conflict due to "
450 "entry->access_mask = 0x%x\n",
451 (unsigned int)entry->access_mask ));
455 if ((access_mask & (FILE_WRITE_DATA|
459 DELETE_ACCESS)) == 0) {
460 DEBUG(10,("share_conflict: No conflict due to "
461 "access_mask = 0x%x\n",
462 (unsigned int)access_mask ));
466 #if 1 /* JRA TEST - Superdebug. */
467 #define CHECK_MASK(num, am, right, sa, share) \
468 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
469 (unsigned int)(num), (unsigned int)(am), \
470 (unsigned int)(right), (unsigned int)(am)&(right) )); \
471 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
472 (unsigned int)(num), (unsigned int)(sa), \
473 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
474 if (((am) & (right)) && !((sa) & (share))) { \
475 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
476 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
477 (unsigned int)(share) )); \
481 #define CHECK_MASK(num, am, right, sa, share) \
482 if (((am) & (right)) && !((sa) & (share))) { \
483 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
484 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
485 (unsigned int)(share) )); \
490 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
491 share_access, FILE_SHARE_WRITE);
492 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
493 entry->share_access, FILE_SHARE_WRITE);
495 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
496 share_access, FILE_SHARE_READ);
497 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
498 entry->share_access, FILE_SHARE_READ);
500 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
501 share_access, FILE_SHARE_DELETE);
502 CHECK_MASK(6, access_mask, DELETE_ACCESS,
503 entry->share_access, FILE_SHARE_DELETE);
505 DEBUG(10,("share_conflict: No conflict.\n"));
509 #if defined(DEVELOPER)
510 static void validate_my_share_entries(int num,
511 struct share_mode_entry *share_entry)
515 if (!procid_is_me(&share_entry->pid)) {
519 if (is_deferred_open_entry(share_entry) &&
520 !open_was_deferred(share_entry->op_mid)) {
521 char *str = talloc_asprintf(talloc_tos(),
522 "Got a deferred entry without a request: "
524 share_mode_str(talloc_tos(), num, share_entry));
528 if (!is_valid_share_mode_entry(share_entry)) {
532 fsp = file_find_dif(share_entry->id,
533 share_entry->share_file_id);
535 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
536 share_mode_str(talloc_tos(), num, share_entry) ));
537 smb_panic("validate_my_share_entries: Cannot match a "
538 "share entry with an open file\n");
541 if (is_deferred_open_entry(share_entry) ||
542 is_unused_share_mode_entry(share_entry)) {
546 if ((share_entry->op_type == NO_OPLOCK) &&
547 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
548 /* Someone has already written to it, but I haven't yet
553 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
562 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
563 share_mode_str(talloc_tos(), num, share_entry) ));
564 str = talloc_asprintf(talloc_tos(),
565 "validate_my_share_entries: "
566 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
567 fsp->fsp_name, (unsigned int)fsp->oplock_type,
568 (unsigned int)share_entry->op_type );
574 static bool is_stat_open(uint32 access_mask)
576 return (access_mask &&
577 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
578 FILE_WRITE_ATTRIBUTES))==0) &&
579 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
580 FILE_WRITE_ATTRIBUTES)) != 0));
583 /****************************************************************************
584 Deal with share modes
585 Invarient: Share mode must be locked on entry and exit.
586 Returns -1 on error, or number of share modes on success (may be zero).
587 ****************************************************************************/
589 static NTSTATUS open_mode_check(connection_struct *conn,
591 struct share_mode_lock *lck,
594 uint32 create_options,
599 if(lck->num_share_modes == 0) {
603 *file_existed = True;
605 if (is_stat_open(access_mask)) {
606 /* Stat open that doesn't trigger oplock breaks or share mode
607 * checks... ! JRA. */
611 /* A delete on close prohibits everything */
613 if (lck->delete_on_close) {
614 return NT_STATUS_DELETE_PENDING;
618 * Check if the share modes will give us access.
621 #if defined(DEVELOPER)
622 for(i = 0; i < lck->num_share_modes; i++) {
623 validate_my_share_entries(i, &lck->share_modes[i]);
627 if (!lp_share_modes(SNUM(conn))) {
631 /* Now we check the share modes, after any oplock breaks. */
632 for(i = 0; i < lck->num_share_modes; i++) {
634 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
638 /* someone else has a share lock on it, check to see if we can
640 if (share_conflict(&lck->share_modes[i],
641 access_mask, share_access)) {
642 return NT_STATUS_SHARING_VIOLATION;
649 static bool is_delete_request(files_struct *fsp) {
650 return ((fsp->access_mask == DELETE_ACCESS) &&
651 (fsp->oplock_type == NO_OPLOCK));
655 * 1) No files open at all or internal open: Grant whatever the client wants.
657 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
658 * request, break if the oplock around is a batch oplock. If it's another
659 * requested access type, break.
661 * 3) Only level2 around: Grant level2 and do nothing else.
664 static bool delay_for_oplocks(struct share_mode_lock *lck,
671 struct share_mode_entry *exclusive = NULL;
672 bool valid_entry = False;
673 bool delay_it = False;
674 bool have_level2 = False;
676 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
678 if (oplock_request & INTERNAL_OPEN_ONLY) {
679 fsp->oplock_type = NO_OPLOCK;
682 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
686 for (i=0; i<lck->num_share_modes; i++) {
688 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
692 /* At least one entry is not an invalid or deferred entry. */
695 if (pass_number == 1) {
696 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
697 SMB_ASSERT(exclusive == NULL);
698 exclusive = &lck->share_modes[i];
701 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
702 SMB_ASSERT(exclusive == NULL);
703 exclusive = &lck->share_modes[i];
707 if (lck->share_modes[i].op_type == LEVEL_II_OPLOCK) {
708 SMB_ASSERT(exclusive == NULL);
714 /* All entries are placeholders or deferred.
715 * Directly grant whatever the client wants. */
716 if (fsp->oplock_type == NO_OPLOCK) {
717 /* Store a level2 oplock, but don't tell the client */
718 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
723 if (exclusive != NULL) { /* Found an exclusive oplock */
724 SMB_ASSERT(!have_level2);
725 delay_it = is_delete_request(fsp) ?
726 BATCH_OPLOCK_TYPE(exclusive->op_type) : True;
729 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
730 /* We can at most grant level2 as there are other
731 * level2 or NO_OPLOCK entries. */
732 fsp->oplock_type = LEVEL_II_OPLOCK;
735 if ((fsp->oplock_type == NO_OPLOCK) && have_level2) {
736 /* Store a level2 oplock, but don't tell the client */
737 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
745 * Send a break message to the oplock holder and delay the open for
749 DEBUG(10, ("Sending break request to PID %s\n",
750 procid_str_static(&exclusive->pid)));
751 exclusive->op_mid = mid;
753 /* Create the message. */
754 share_mode_entry_to_message(msg, exclusive);
756 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
757 don't want this set in the share mode struct pointed to by lck. */
759 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
760 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
763 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
764 MSG_SMB_BREAK_REQUEST,
766 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
767 if (!NT_STATUS_IS_OK(status)) {
768 DEBUG(3, ("Could not send oplock break message: %s\n",
775 static bool request_timed_out(struct timeval request_time,
776 struct timeval timeout)
778 struct timeval now, end_time;
780 end_time = timeval_sum(&request_time, &timeout);
781 return (timeval_compare(&end_time, &now) < 0);
784 /****************************************************************************
785 Handle the 1 second delay in returning a SHARING_VIOLATION error.
786 ****************************************************************************/
788 static void defer_open(struct share_mode_lock *lck,
789 struct timeval request_time,
790 struct timeval timeout,
791 struct smb_request *req,
792 struct deferred_open_record *state)
798 for (i=0; i<lck->num_share_modes; i++) {
799 struct share_mode_entry *e = &lck->share_modes[i];
801 if (!is_deferred_open_entry(e)) {
805 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
806 DEBUG(0, ("Trying to defer an already deferred "
807 "request: mid=%d, exiting\n", req->mid));
808 exit_server("attempt to defer a deferred request");
812 /* End paranoia check */
814 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
815 "open entry for mid %u\n",
816 (unsigned int)request_time.tv_sec,
817 (unsigned int)request_time.tv_usec,
818 (unsigned int)req->mid));
820 if (!push_deferred_smb_message(req, request_time, timeout,
821 (char *)state, sizeof(*state))) {
822 exit_server("push_deferred_smb_message failed");
824 add_deferred_open(lck, req->mid, request_time, state->id);
827 * Push the MID of this packet on the signing queue.
828 * We only do this once, the first time we push the packet
829 * onto the deferred open queue, as this has a side effect
830 * of incrementing the response sequence number.
833 srv_defer_sign_response(req->mid);
837 /****************************************************************************
838 On overwrite open ensure that the attributes match.
839 ****************************************************************************/
841 static bool open_match_attributes(connection_struct *conn,
845 mode_t existing_unx_mode,
847 mode_t *returned_unx_mode)
849 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
851 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
852 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
854 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
855 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
856 *returned_unx_mode = new_unx_mode;
858 *returned_unx_mode = (mode_t)0;
861 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
862 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
863 "returned_unx_mode = 0%o\n",
865 (unsigned int)old_dos_attr,
866 (unsigned int)existing_unx_mode,
867 (unsigned int)new_dos_attr,
868 (unsigned int)*returned_unx_mode ));
870 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
871 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
872 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
873 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
877 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
878 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
879 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
886 /****************************************************************************
887 Special FCB or DOS processing in the case of a sharing violation.
888 Try and find a duplicated file handle.
889 ****************************************************************************/
891 static files_struct *fcb_or_dos_open(connection_struct *conn,
898 uint32 create_options)
901 files_struct *dup_fsp;
903 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
904 "file %s.\n", fname ));
906 for(fsp = file_find_di_first(id); fsp;
907 fsp = file_find_di_next(fsp)) {
909 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
910 "vuid = %u, file_pid = %u, private_options = 0x%x "
911 "access_mask = 0x%x\n", fsp->fsp_name,
912 fsp->fh->fd, (unsigned int)fsp->vuid,
913 (unsigned int)fsp->file_pid,
914 (unsigned int)fsp->fh->private_options,
915 (unsigned int)fsp->access_mask ));
917 if (fsp->fh->fd != -1 &&
919 fsp->file_pid == file_pid &&
920 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
921 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
922 (fsp->access_mask & FILE_WRITE_DATA) &&
923 strequal(fsp->fsp_name, fname)) {
924 DEBUG(10,("fcb_or_dos_open: file match\n"));
933 /* quite an insane set of semantics ... */
934 if (is_executable(fname) &&
935 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
936 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
940 /* We need to duplicate this fsp. */
941 if (!NT_STATUS_IS_OK(dup_file_fsp(fsp, access_mask, share_access,
942 create_options, &dup_fsp))) {
949 /****************************************************************************
950 Open a file with a share mode - old openX method - map into NTCreate.
951 ****************************************************************************/
953 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
954 uint32 *paccess_mask,
956 uint32 *pcreate_disposition,
957 uint32 *pcreate_options)
961 uint32 create_disposition;
962 uint32 create_options = 0;
964 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
965 "open_func = 0x%x\n",
966 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
968 /* Create the NT compatible access_mask. */
969 switch (GET_OPENX_MODE(deny_mode)) {
970 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
971 case DOS_OPEN_RDONLY:
972 access_mask = FILE_GENERIC_READ;
974 case DOS_OPEN_WRONLY:
975 access_mask = FILE_GENERIC_WRITE;
979 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
982 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
983 (unsigned int)GET_OPENX_MODE(deny_mode)));
987 /* Create the NT compatible create_disposition. */
989 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
990 create_disposition = FILE_CREATE;
993 case OPENX_FILE_EXISTS_OPEN:
994 create_disposition = FILE_OPEN;
997 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
998 create_disposition = FILE_OPEN_IF;
1001 case OPENX_FILE_EXISTS_TRUNCATE:
1002 create_disposition = FILE_OVERWRITE;
1005 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1006 create_disposition = FILE_OVERWRITE_IF;
1010 /* From samba4 - to be confirmed. */
1011 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1012 create_disposition = FILE_CREATE;
1015 DEBUG(10,("map_open_params_to_ntcreate: bad "
1016 "open_func 0x%x\n", (unsigned int)open_func));
1020 /* Create the NT compatible share modes. */
1021 switch (GET_DENY_MODE(deny_mode)) {
1023 share_mode = FILE_SHARE_NONE;
1027 share_mode = FILE_SHARE_READ;
1031 share_mode = FILE_SHARE_WRITE;
1035 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1039 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1040 if (is_executable(fname)) {
1041 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1043 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1044 share_mode = FILE_SHARE_READ;
1046 share_mode = FILE_SHARE_NONE;
1052 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1053 share_mode = FILE_SHARE_NONE;
1057 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1058 (unsigned int)GET_DENY_MODE(deny_mode) ));
1062 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1063 "share_mode = 0x%x, create_disposition = 0x%x, "
1064 "create_options = 0x%x\n",
1066 (unsigned int)access_mask,
1067 (unsigned int)share_mode,
1068 (unsigned int)create_disposition,
1069 (unsigned int)create_options ));
1072 *paccess_mask = access_mask;
1075 *pshare_mode = share_mode;
1077 if (pcreate_disposition) {
1078 *pcreate_disposition = create_disposition;
1080 if (pcreate_options) {
1081 *pcreate_options = create_options;
1088 static void schedule_defer_open(struct share_mode_lock *lck,
1089 struct timeval request_time,
1090 struct smb_request *req)
1092 struct deferred_open_record state;
1094 /* This is a relative time, added to the absolute
1095 request_time value to get the absolute timeout time.
1096 Note that if this is the second or greater time we enter
1097 this codepath for this particular request mid then
1098 request_time is left as the absolute time of the *first*
1099 time this request mid was processed. This is what allows
1100 the request to eventually time out. */
1102 struct timeval timeout;
1104 /* Normally the smbd we asked should respond within
1105 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1106 * the client did, give twice the timeout as a safety
1107 * measure here in case the other smbd is stuck
1108 * somewhere else. */
1110 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1112 /* Nothing actually uses state.delayed_for_oplocks
1113 but it's handy to differentiate in debug messages
1114 between a 30 second delay due to oplock break, and
1115 a 1 second delay for share mode conflicts. */
1117 state.delayed_for_oplocks = True;
1120 if (!request_timed_out(request_time, timeout)) {
1121 defer_open(lck, request_time, timeout, req, &state);
1125 /****************************************************************************
1126 Open a file with a share mode.
1127 ****************************************************************************/
1129 NTSTATUS open_file_ntcreate(connection_struct *conn,
1130 struct smb_request *req,
1132 SMB_STRUCT_STAT *psbuf,
1133 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1134 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1135 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1136 uint32 create_options, /* options such as delete on close. */
1137 uint32 new_dos_attributes, /* attributes used for new file. */
1138 int oplock_request, /* internal Samba oplock codes. */
1139 /* Information (FILE_EXISTS etc.) */
1141 files_struct **result)
1145 bool file_existed = VALID_STAT(*psbuf);
1146 bool def_acl = False;
1147 bool posix_open = False;
1148 bool new_file_created = False;
1150 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1151 files_struct *fsp = NULL;
1152 mode_t new_unx_mode = (mode_t)0;
1153 mode_t unx_mode = (mode_t)0;
1155 uint32 existing_dos_attributes = 0;
1156 struct pending_message_list *pml = NULL;
1157 struct timeval request_time = timeval_zero();
1158 struct share_mode_lock *lck = NULL;
1159 uint32 open_access_mask = access_mask;
1163 const char *newname;
1167 if (conn->printer) {
1169 * Printers are handled completely differently.
1170 * Most of the passed parameters are ignored.
1174 *pinfo = FILE_WAS_CREATED;
1177 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1179 return print_fsp_open(conn, fname, result);
1182 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1184 return NT_STATUS_NO_MEMORY;
1187 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1189 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1190 new_dos_attributes = 0;
1192 /* We add aARCH to this as this mode is only used if the file is
1194 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1198 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1199 "access_mask=0x%x share_access=0x%x "
1200 "create_disposition = 0x%x create_options=0x%x "
1201 "unix mode=0%o oplock_request=%d\n",
1202 fname, new_dos_attributes, access_mask, share_access,
1203 create_disposition, create_options, unx_mode,
1206 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1207 DEBUG(0, ("No smb request but not an internal only open!\n"));
1208 return NT_STATUS_INTERNAL_ERROR;
1212 * Only non-internal opens can be deferred at all
1216 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1217 struct deferred_open_record *state =
1218 (struct deferred_open_record *)pml->private_data.data;
1220 /* Remember the absolute time of the original
1221 request with this mid. We'll use it later to
1222 see if this has timed out. */
1224 request_time = pml->request_time;
1226 /* Remove the deferred open entry under lock. */
1227 lck = get_share_mode_lock(NULL, state->id, NULL, NULL);
1229 DEBUG(0, ("could not get share mode lock\n"));
1231 del_deferred_open_entry(lck, req->mid);
1235 /* Ensure we don't reprocess this message. */
1236 remove_deferred_open_smb_message(req->mid);
1239 status = check_name(conn, fname);
1240 if (!NT_STATUS_IS_OK(status)) {
1245 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1247 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1251 /* ignore any oplock requests if oplocks are disabled */
1252 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1253 IS_VETO_OPLOCK_PATH(conn, fname)) {
1254 /* Mask off everything except the private Samba bits. */
1255 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1258 /* this is for OS/2 long file names - say we don't support them */
1259 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1260 /* OS/2 Workplace shell fix may be main code stream in a later
1262 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1264 if (use_nt_status()) {
1265 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1267 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1270 switch( create_disposition ) {
1272 * Currently we're using FILE_SUPERSEDE as the same as
1273 * FILE_OVERWRITE_IF but they really are
1274 * different. FILE_SUPERSEDE deletes an existing file
1275 * (requiring delete access) then recreates it.
1277 case FILE_SUPERSEDE:
1278 /* If file exists replace/overwrite. If file doesn't
1280 flags2 |= (O_CREAT | O_TRUNC);
1283 case FILE_OVERWRITE_IF:
1284 /* If file exists replace/overwrite. If file doesn't
1286 flags2 |= (O_CREAT | O_TRUNC);
1290 /* If file exists open. If file doesn't exist error. */
1291 if (!file_existed) {
1292 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1293 "requested for file %s and file "
1294 "doesn't exist.\n", fname ));
1296 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1300 case FILE_OVERWRITE:
1301 /* If file exists overwrite. If file doesn't exist
1303 if (!file_existed) {
1304 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1305 "requested for file %s and file "
1306 "doesn't exist.\n", fname ));
1308 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1314 /* If file exists error. If file doesn't exist
1317 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1318 "requested for file %s and file "
1319 "already exists.\n", fname ));
1320 if (S_ISDIR(psbuf->st_mode)) {
1325 return map_nt_error_from_unix(errno);
1327 flags2 |= (O_CREAT|O_EXCL);
1331 /* If file exists open. If file doesn't exist
1337 return NT_STATUS_INVALID_PARAMETER;
1340 /* We only care about matching attributes on file exists and
1343 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1344 (create_disposition == FILE_OVERWRITE_IF))) {
1345 if (!open_match_attributes(conn, fname,
1346 existing_dos_attributes,
1347 new_dos_attributes, psbuf->st_mode,
1348 unx_mode, &new_unx_mode)) {
1349 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1350 "for file %s (%x %x) (0%o, 0%o)\n",
1351 fname, existing_dos_attributes,
1353 (unsigned int)psbuf->st_mode,
1354 (unsigned int)unx_mode ));
1356 return NT_STATUS_ACCESS_DENIED;
1360 /* This is a nasty hack - must fix... JRA. */
1361 if (access_mask == MAXIMUM_ALLOWED_ACCESS) {
1362 open_access_mask = access_mask = FILE_GENERIC_ALL;
1366 * Convert GENERIC bits to specific bits.
1369 se_map_generic(&access_mask, &file_generic_mapping);
1370 open_access_mask = access_mask;
1372 if (flags2 & O_TRUNC) {
1373 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1376 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1377 "access_mask=0x%x\n", fname, access_mask ));
1380 * Note that we ignore the append flag as append does not
1381 * mean the same thing under DOS and Unix.
1384 if (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) {
1385 /* DENY_DOS opens are always underlying read-write on the
1386 file handle, no matter what the requested access mask
1388 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1389 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1399 * Currently we only look at FILE_WRITE_THROUGH for create options.
1403 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1408 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1412 if (!posix_open && !CAN_WRITE(conn)) {
1414 * We should really return a permission denied error if either
1415 * O_CREAT or O_TRUNC are set, but for compatibility with
1416 * older versions of Samba we just AND them out.
1418 flags2 &= ~(O_CREAT|O_TRUNC);
1422 * Ensure we can't write on a read-only share or file.
1425 if (flags != O_RDONLY && file_existed &&
1426 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1427 DEBUG(5,("open_file_ntcreate: write access requested for "
1428 "file %s on read only %s\n",
1429 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1431 return NT_STATUS_ACCESS_DENIED;
1434 status = file_new(conn, &fsp);
1435 if(!NT_STATUS_IS_OK(status)) {
1439 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1440 fsp->share_access = share_access;
1441 fsp->fh->private_options = create_options;
1442 fsp->access_mask = open_access_mask; /* We change this to the
1443 * requested access_mask after
1444 * the open is done. */
1445 fsp->posix_open = posix_open;
1447 /* Ensure no SAMBA_PRIVATE bits can be set. */
1448 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1450 if (timeval_is_zero(&request_time)) {
1451 request_time = fsp->open_time;
1455 id = vfs_file_id_from_sbuf(conn, psbuf);
1457 lck = get_share_mode_lock(NULL, id,
1463 DEBUG(0, ("Could not get share mode lock\n"));
1464 return NT_STATUS_SHARING_VIOLATION;
1467 /* First pass - send break only on batch oplocks. */
1469 && delay_for_oplocks(lck, fsp, req->mid, 1,
1471 schedule_defer_open(lck, request_time, req);
1474 return NT_STATUS_SHARING_VIOLATION;
1477 /* Use the client requested access mask here, not the one we
1479 status = open_mode_check(conn, fname, lck,
1480 access_mask, share_access,
1481 create_options, &file_existed);
1483 if (NT_STATUS_IS_OK(status)) {
1484 /* We might be going to allow this open. Check oplock
1486 /* Second pass - send break for both batch or
1487 * exclusive oplocks. */
1489 && delay_for_oplocks(lck, fsp, req->mid, 2,
1491 schedule_defer_open(lck, request_time, req);
1494 return NT_STATUS_SHARING_VIOLATION;
1498 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1499 /* DELETE_PENDING is not deferred for a second */
1505 if (!NT_STATUS_IS_OK(status)) {
1506 uint32 can_access_mask;
1507 bool can_access = True;
1509 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1511 /* Check if this can be done with the deny_dos and fcb
1513 if (create_options &
1514 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1515 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1516 files_struct *fsp_dup;
1519 DEBUG(0, ("DOS open without an SMB "
1523 return NT_STATUS_INTERNAL_ERROR;
1526 /* Use the client requested access mask here,
1527 * not the one we open with. */
1528 fsp_dup = fcb_or_dos_open(conn, fname, id,
1539 *pinfo = FILE_WAS_OPENED;
1541 conn->num_files_open++;
1543 return NT_STATUS_OK;
1548 * This next line is a subtlety we need for
1549 * MS-Access. If a file open will fail due to share
1550 * permissions and also for security (access) reasons,
1551 * we need to return the access failed error, not the
1552 * share error. We can't open the file due to kernel
1553 * oplock deadlock (it's possible we failed above on
1554 * the open_mode_check()) so use a userspace check.
1557 if (flags & O_RDWR) {
1558 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1559 } else if (flags & O_WRONLY) {
1560 can_access_mask = FILE_WRITE_DATA;
1562 can_access_mask = FILE_READ_DATA;
1565 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1566 !can_access_file(conn,fname,psbuf,can_access_mask)) {
1571 * If we're returning a share violation, ensure we
1572 * cope with the braindead 1 second delay.
1575 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1576 lp_defer_sharing_violations()) {
1577 struct timeval timeout;
1578 struct deferred_open_record state;
1581 /* this is a hack to speed up torture tests
1583 timeout_usecs = lp_parm_int(SNUM(conn),
1584 "smbd","sharedelay",
1585 SHARING_VIOLATION_USEC_WAIT);
1587 /* This is a relative time, added to the absolute
1588 request_time value to get the absolute timeout time.
1589 Note that if this is the second or greater time we enter
1590 this codepath for this particular request mid then
1591 request_time is left as the absolute time of the *first*
1592 time this request mid was processed. This is what allows
1593 the request to eventually time out. */
1595 timeout = timeval_set(0, timeout_usecs);
1597 /* Nothing actually uses state.delayed_for_oplocks
1598 but it's handy to differentiate in debug messages
1599 between a 30 second delay due to oplock break, and
1600 a 1 second delay for share mode conflicts. */
1602 state.delayed_for_oplocks = False;
1606 && !request_timed_out(request_time,
1608 defer_open(lck, request_time, timeout,
1616 * We have detected a sharing violation here
1617 * so return the correct error code
1619 status = NT_STATUS_SHARING_VIOLATION;
1621 status = NT_STATUS_ACCESS_DENIED;
1628 * We exit this block with the share entry *locked*.....
1632 SMB_ASSERT(!file_existed || (lck != NULL));
1635 * Ensure we pay attention to default ACLs on directories if required.
1638 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1639 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1643 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1644 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1645 (unsigned int)flags, (unsigned int)flags2,
1646 (unsigned int)unx_mode, (unsigned int)access_mask,
1647 (unsigned int)open_access_mask));
1650 * open_file strips any O_TRUNC flags itself.
1653 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1654 flags|flags2, unx_mode, access_mask,
1657 if (!NT_STATUS_IS_OK(fsp_open)) {
1665 if (!file_existed) {
1668 * Deal with the race condition where two smbd's detect the
1669 * file doesn't exist and do the create at the same time. One
1670 * of them will win and set a share mode, the other (ie. this
1671 * one) should check if the requested share mode for this
1672 * create is allowed.
1676 * Now the file exists and fsp is successfully opened,
1677 * fsp->dev and fsp->inode are valid and should replace the
1678 * dev=0,inode=0 from a non existent file. Spotted by
1679 * Nadav Danieli <nadavd@exanet.com>. JRA.
1684 lck = get_share_mode_lock(NULL, id,
1689 DEBUG(0, ("open_file_ntcreate: Could not get share "
1690 "mode lock for %s\n", fname));
1693 return NT_STATUS_SHARING_VIOLATION;
1696 /* First pass - send break only on batch oplocks. */
1698 && delay_for_oplocks(lck, fsp, req->mid, 1,
1700 schedule_defer_open(lck, request_time, req);
1704 return NT_STATUS_SHARING_VIOLATION;
1707 status = open_mode_check(conn, fname, lck,
1708 access_mask, share_access,
1709 create_options, &file_existed);
1711 if (NT_STATUS_IS_OK(status)) {
1712 /* We might be going to allow this open. Check oplock
1714 /* Second pass - send break for both batch or
1715 * exclusive oplocks. */
1717 && delay_for_oplocks(lck, fsp, req->mid, 2,
1719 schedule_defer_open(lck, request_time, req);
1723 return NT_STATUS_SHARING_VIOLATION;
1727 if (!NT_STATUS_IS_OK(status)) {
1728 struct deferred_open_record state;
1733 state.delayed_for_oplocks = False;
1736 /* Do it all over again immediately. In the second
1737 * round we will find that the file existed and handle
1738 * the DELETE_PENDING and FCB cases correctly. No need
1739 * to duplicate the code here. Essentially this is a
1740 * "goto top of this function", but don't tell
1744 defer_open(lck, request_time, timeval_zero(),
1752 * We exit this block with the share entry *locked*.....
1757 SMB_ASSERT(lck != NULL);
1759 /* note that we ignore failure for the following. It is
1760 basically a hack for NFS, and NFS will never set one of
1761 these only read them. Nobody but Samba can ever set a deny
1762 mode and we have already checked our more authoritative
1763 locking database for permission to set this deny mode. If
1764 the kernel refuses the operations then the kernel is wrong.
1765 note that GPFS supports it as well - jmcd */
1767 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, fsp->fh->fd, share_access);
1768 if(ret_flock == -1 ){
1774 return NT_STATUS_SHARING_VIOLATION;
1778 * At this point onwards, we can guarentee that the share entry
1779 * is locked, whether we created the file or not, and that the
1780 * deny mode is compatible with all current opens.
1784 * If requested, truncate the file.
1787 if (flags2&O_TRUNC) {
1789 * We are modifing the file after open - update the stat
1792 if ((SMB_VFS_FTRUNCATE(fsp,fsp->fh->fd,0) == -1) ||
1793 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
1794 status = map_nt_error_from_unix(errno);
1802 /* Record the options we were opened with. */
1803 fsp->share_access = share_access;
1804 fsp->fh->private_options = create_options;
1805 fsp->access_mask = access_mask;
1808 /* stat opens on existing files don't get oplocks. */
1809 if (is_stat_open(open_access_mask)) {
1810 fsp->oplock_type = NO_OPLOCK;
1813 if (!(flags2 & O_TRUNC)) {
1814 info = FILE_WAS_OPENED;
1816 info = FILE_WAS_OVERWRITTEN;
1819 info = FILE_WAS_CREATED;
1827 * Setup the oplock info in both the shared memory and
1831 if ((fsp->oplock_type != NO_OPLOCK) &&
1832 (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) {
1833 if (!set_file_oplock(fsp, fsp->oplock_type)) {
1834 /* Could not get the kernel oplock */
1835 fsp->oplock_type = NO_OPLOCK;
1839 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
1840 new_file_created = True;
1843 set_share_mode(lck, fsp, current_user.ut.uid, 0, fsp->oplock_type, new_file_created);
1845 /* Handle strange delete on close create semantics. */
1846 if ((create_options & FILE_DELETE_ON_CLOSE) && can_set_initial_delete_on_close(lck)) {
1847 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
1849 if (!NT_STATUS_IS_OK(status)) {
1850 /* Remember to delete the mode we just added. */
1851 del_share_mode(lck, fsp);
1857 /* Note that here we set the *inital* delete on close flag,
1858 not the regular one. The magic gets handled in close. */
1859 fsp->initial_delete_on_close = True;
1862 if (new_file_created) {
1863 /* Files should be initially set as archive */
1864 if (lp_map_archive(SNUM(conn)) ||
1865 lp_store_dos_attributes(SNUM(conn))) {
1867 SMB_STRUCT_STAT tmp_sbuf;
1868 SET_STAT_INVALID(tmp_sbuf);
1869 if (file_set_dosmode(
1871 new_dos_attributes | aARCH,
1872 &tmp_sbuf, parent_dir,
1874 unx_mode = tmp_sbuf.st_mode;
1881 * Take care of inherited ACLs on created files - if default ACL not
1885 if (!posix_open && !file_existed && !def_acl) {
1887 int saved_errno = errno; /* We might get ENOSYS in the next
1890 if (SMB_VFS_FCHMOD_ACL(fsp, fsp->fh->fd, unx_mode) == -1 &&
1892 errno = saved_errno; /* Ignore ENOSYS */
1895 } else if (new_unx_mode) {
1899 /* Attributes need changing. File already existed. */
1902 int saved_errno = errno; /* We might get ENOSYS in the
1904 ret = SMB_VFS_FCHMOD_ACL(fsp, fsp->fh->fd,
1907 if (ret == -1 && errno == ENOSYS) {
1908 errno = saved_errno; /* Ignore ENOSYS */
1910 DEBUG(5, ("open_file_ntcreate: reset "
1911 "attributes of file %s to 0%o\n",
1912 fname, (unsigned int)new_unx_mode));
1913 ret = 0; /* Don't do the fchmod below. */
1918 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
1919 DEBUG(5, ("open_file_ntcreate: failed to reset "
1920 "attributes of file %s to 0%o\n",
1921 fname, (unsigned int)new_unx_mode));
1924 /* If this is a successful open, we must remove any deferred open
1927 del_deferred_open_entry(lck, req->mid);
1931 conn->num_files_open++;
1934 return NT_STATUS_OK;
1937 /****************************************************************************
1938 Open a file for for write to ensure that we can fchmod it.
1939 ****************************************************************************/
1941 NTSTATUS open_file_fchmod(connection_struct *conn, const char *fname,
1942 SMB_STRUCT_STAT *psbuf, files_struct **result)
1944 files_struct *fsp = NULL;
1947 if (!VALID_STAT(*psbuf)) {
1948 return NT_STATUS_INVALID_PARAMETER;
1951 status = file_new(conn, &fsp);
1952 if(!NT_STATUS_IS_OK(status)) {
1956 /* note! we must use a non-zero desired access or we don't get
1957 a real file descriptor. Oh what a twisted web we weave. */
1958 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
1959 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
1962 * This is not a user visible file open.
1963 * Don't set a share mode and don't increment
1964 * the conn->num_files_open.
1967 if (!NT_STATUS_IS_OK(status)) {
1973 return NT_STATUS_OK;
1976 /****************************************************************************
1977 Close the fchmod file fd - ensure no locks are lost.
1978 ****************************************************************************/
1980 NTSTATUS close_file_fchmod(files_struct *fsp)
1982 NTSTATUS status = fd_close(fsp);
1987 static NTSTATUS mkdir_internal(connection_struct *conn,
1989 uint32 file_attributes,
1990 SMB_STRUCT_STAT *psbuf)
1994 const char *dirname;
1996 bool posix_open = false;
1998 if(!CAN_WRITE(conn)) {
1999 DEBUG(5,("mkdir_internal: failing create on read-only share "
2000 "%s\n", lp_servicename(SNUM(conn))));
2001 return NT_STATUS_ACCESS_DENIED;
2004 status = check_name(conn, name);
2005 if (!NT_STATUS_IS_OK(status)) {
2009 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2011 return NT_STATUS_NO_MEMORY;
2014 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2016 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2018 mode = unix_mode(conn, aDIR, name, parent_dir);
2021 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2022 return map_nt_error_from_unix(errno);
2025 /* Ensure we're checking for a symlink here.... */
2026 /* We don't want to get caught by a symlink racer. */
2028 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2029 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2030 name, strerror(errno)));
2031 return map_nt_error_from_unix(errno);
2034 if (!S_ISDIR(psbuf->st_mode)) {
2035 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2037 return NT_STATUS_ACCESS_DENIED;
2040 if (lp_store_dos_attributes(SNUM(conn))) {
2042 file_set_dosmode(conn, name,
2043 file_attributes | aDIR, NULL,
2049 if (lp_inherit_perms(SNUM(conn))) {
2050 inherit_access_acl(conn, parent_dir, name, mode);
2053 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2055 * Check if high bits should have been set,
2056 * then (if bits are missing): add them.
2057 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2060 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2061 SMB_VFS_CHMOD(conn, name,
2062 psbuf->st_mode | (mode & ~psbuf->st_mode));
2066 /* Change the owner if required. */
2067 if (lp_inherit_owner(SNUM(conn))) {
2068 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2071 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2074 return NT_STATUS_OK;
2077 /****************************************************************************
2078 Open a directory from an NT SMB call.
2079 ****************************************************************************/
2081 NTSTATUS open_directory(connection_struct *conn,
2082 struct smb_request *req,
2084 SMB_STRUCT_STAT *psbuf,
2086 uint32 share_access,
2087 uint32 create_disposition,
2088 uint32 create_options,
2089 uint32 file_attributes,
2091 files_struct **result)
2093 files_struct *fsp = NULL;
2094 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2095 struct share_mode_lock *lck = NULL;
2099 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2100 "share_access = 0x%x create_options = 0x%x, "
2101 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2103 (unsigned int)access_mask,
2104 (unsigned int)share_access,
2105 (unsigned int)create_options,
2106 (unsigned int)create_disposition,
2107 (unsigned int)file_attributes));
2109 if (is_ntfs_stream_name(fname)) {
2110 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2111 return NT_STATUS_NOT_A_DIRECTORY;
2114 switch( create_disposition ) {
2117 info = FILE_WAS_OPENED;
2120 * We want to follow symlinks here.
2123 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2124 return map_nt_error_from_unix(errno);
2131 /* If directory exists error. If directory doesn't
2134 status = mkdir_internal(conn,
2139 if (!NT_STATUS_IS_OK(status)) {
2140 DEBUG(2, ("open_directory: unable to create "
2141 "%s. Error was %s\n", fname,
2142 nt_errstr(status)));
2146 info = FILE_WAS_CREATED;
2151 * If directory exists open. If directory doesn't
2155 status = mkdir_internal(conn,
2160 if (NT_STATUS_IS_OK(status)) {
2161 info = FILE_WAS_CREATED;
2164 if (NT_STATUS_EQUAL(status,
2165 NT_STATUS_OBJECT_NAME_COLLISION)) {
2166 info = FILE_WAS_OPENED;
2167 status = NT_STATUS_OK;
2172 case FILE_SUPERSEDE:
2173 case FILE_OVERWRITE:
2174 case FILE_OVERWRITE_IF:
2176 DEBUG(5,("open_directory: invalid create_disposition "
2177 "0x%x for directory %s\n",
2178 (unsigned int)create_disposition, fname));
2179 return NT_STATUS_INVALID_PARAMETER;
2182 if(!S_ISDIR(psbuf->st_mode)) {
2183 DEBUG(5,("open_directory: %s is not a directory !\n",
2185 return NT_STATUS_NOT_A_DIRECTORY;
2188 status = file_new(conn, &fsp);
2189 if(!NT_STATUS_IS_OK(status)) {
2194 * Setup the files_struct for it.
2197 fsp->mode = psbuf->st_mode;
2198 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2199 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2200 fsp->file_pid = req ? req->smbpid : 0;
2201 fsp->can_lock = False;
2202 fsp->can_read = False;
2203 fsp->can_write = False;
2205 fsp->share_access = share_access;
2206 fsp->fh->private_options = create_options;
2207 fsp->access_mask = access_mask;
2209 fsp->print_file = False;
2210 fsp->modified = False;
2211 fsp->oplock_type = NO_OPLOCK;
2212 fsp->sent_oplock_break = NO_BREAK_SENT;
2213 fsp->is_directory = True;
2214 fsp->is_stat = False;
2215 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2217 string_set(&fsp->fsp_name,fname);
2219 lck = get_share_mode_lock(NULL, fsp->file_id,
2224 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2226 return NT_STATUS_SHARING_VIOLATION;
2229 status = open_mode_check(conn, fname, lck,
2230 access_mask, share_access,
2231 create_options, &dir_existed);
2233 if (!NT_STATUS_IS_OK(status)) {
2239 set_share_mode(lck, fsp, current_user.ut.uid, 0, NO_OPLOCK, True);
2241 /* For directories the delete on close bit at open time seems
2242 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2243 if (create_options & FILE_DELETE_ON_CLOSE) {
2244 status = can_set_delete_on_close(fsp, True, 0);
2245 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2251 if (NT_STATUS_IS_OK(status)) {
2252 /* Note that here we set the *inital* delete on close flag,
2253 not the regular one. The magic gets handled in close. */
2254 fsp->initial_delete_on_close = True;
2264 conn->num_files_open++;
2267 return NT_STATUS_OK;
2270 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2273 SMB_STRUCT_STAT sbuf;
2276 SET_STAT_INVALID(sbuf);
2278 status = open_directory(conn, req, directory, &sbuf,
2279 FILE_READ_ATTRIBUTES, /* Just a stat open */
2280 FILE_SHARE_NONE, /* Ignored for stat opens */
2283 FILE_ATTRIBUTE_DIRECTORY,
2287 if (NT_STATUS_IS_OK(status)) {
2288 close_file(fsp, NORMAL_CLOSE);
2294 /****************************************************************************
2295 Open a pseudo-file (no locking checks - a 'stat' open).
2296 ****************************************************************************/
2298 NTSTATUS open_file_stat(connection_struct *conn, struct smb_request *req,
2299 const char *fname, SMB_STRUCT_STAT *psbuf,
2300 files_struct **result)
2302 files_struct *fsp = NULL;
2305 if (!VALID_STAT(*psbuf)) {
2306 return NT_STATUS_INVALID_PARAMETER;
2309 /* Can't 'stat' open directories. */
2310 if(S_ISDIR(psbuf->st_mode)) {
2311 return NT_STATUS_FILE_IS_A_DIRECTORY;
2314 status = file_new(conn, &fsp);
2315 if(!NT_STATUS_IS_OK(status)) {
2319 DEBUG(5,("open_file_stat: 'opening' file %s\n", fname));
2322 * Setup the files_struct for it.
2325 fsp->mode = psbuf->st_mode;
2326 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2327 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2328 fsp->file_pid = req ? req->smbpid : 0;
2329 fsp->can_lock = False;
2330 fsp->can_read = False;
2331 fsp->can_write = False;
2332 fsp->print_file = False;
2333 fsp->modified = False;
2334 fsp->oplock_type = NO_OPLOCK;
2335 fsp->sent_oplock_break = NO_BREAK_SENT;
2336 fsp->is_directory = False;
2337 fsp->is_stat = True;
2338 string_set(&fsp->fsp_name,fname);
2340 conn->num_files_open++;
2343 return NT_STATUS_OK;
2346 /****************************************************************************
2347 Receive notification that one of our open files has been renamed by another
2349 ****************************************************************************/
2351 void msg_file_was_renamed(struct messaging_context *msg,
2354 struct server_id server_id,
2358 char *frm = (char *)data->data;
2360 const char *sharepath;
2361 const char *newname;
2364 if (data->data == NULL
2365 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2366 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2367 (int)data->length));
2371 /* Unpack the message. */
2372 pull_file_id_16(frm, &id);
2373 sharepath = &frm[16];
2374 newname = sharepath + strlen(sharepath) + 1;
2375 sp_len = strlen(sharepath);
2377 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2379 sharepath, newname, file_id_string_tos(&id)));
2381 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2382 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2383 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2384 fsp->fnum, fsp->fsp_name, newname ));
2385 string_set(&fsp->fsp_name, newname);
2388 /* Now we have the complete path we can work out if this is
2389 actually within this share and adjust newname accordingly. */
2390 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2391 "not sharepath %s) "
2392 "fnum %d from %s -> %s\n",
2393 fsp->conn->connectpath,
2402 struct case_semantics_state {
2403 connection_struct *conn;
2404 bool case_sensitive;
2406 bool short_case_preserve;
2409 /****************************************************************************
2410 Restore case semantics.
2411 ****************************************************************************/
2412 static int restore_case_semantics(struct case_semantics_state *state)
2414 state->conn->case_sensitive = state->case_sensitive;
2415 state->conn->case_preserve = state->case_preserve;
2416 state->conn->short_case_preserve = state->short_case_preserve;
2420 /****************************************************************************
2421 Save case semantics.
2422 ****************************************************************************/
2423 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2424 connection_struct *conn)
2426 struct case_semantics_state *result;
2428 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2429 DEBUG(0, ("talloc failed\n"));
2433 result->conn = conn;
2434 result->case_sensitive = conn->case_sensitive;
2435 result->case_preserve = conn->case_preserve;
2436 result->short_case_preserve = conn->short_case_preserve;
2439 conn->case_sensitive = True;
2440 conn->case_preserve = True;
2441 conn->short_case_preserve = True;
2443 talloc_set_destructor(result, restore_case_semantics);
2449 * Wrapper around open_file_ntcreate and open_directory
2452 NTSTATUS create_file_unixpath(connection_struct *conn,
2453 struct smb_request *req,
2455 uint32_t access_mask,
2456 uint32_t share_access,
2457 uint32_t create_disposition,
2458 uint32_t create_options,
2459 uint32_t file_attributes,
2460 uint32_t oplock_request,
2461 SMB_BIG_UINT allocation_size,
2462 struct security_descriptor *sd,
2463 struct ea_list *ea_list,
2465 files_struct **result,
2467 SMB_STRUCT_STAT *psbuf)
2469 SMB_STRUCT_STAT sbuf;
2470 int info = FILE_WAS_OPENED;
2471 files_struct *fsp = NULL;
2474 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2475 "file_attributes = 0x%x, share_access = 0x%x, "
2476 "create_disposition = 0x%x create_options = 0x%x "
2477 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2479 (unsigned int)access_mask,
2480 (unsigned int)file_attributes,
2481 (unsigned int)share_access,
2482 (unsigned int)create_disposition,
2483 (unsigned int)create_options,
2484 (unsigned int)oplock_request,
2485 ea_list, sd, fname));
2487 if (create_options & FILE_OPEN_BY_FILE_ID) {
2488 status = NT_STATUS_NOT_SUPPORTED;
2493 oplock_request |= INTERNAL_OPEN_ONLY;
2496 if (psbuf != NULL) {
2500 SET_STAT_INVALID(sbuf);
2503 /* This is the correct thing to do (check every time) but can_delete
2504 * is expensive (it may have to read the parent directory
2505 * permissions). So for now we're not doing it unless we have a strong
2506 * hint the client is really going to delete this file. If the client
2507 * is forcing FILE_CREATE let the filesystem take care of the
2510 /* Setting FILE_SHARE_DELETE is the hint. */
2512 if (lp_acl_check_permissions(SNUM(conn))
2513 && (create_disposition != FILE_CREATE)
2514 && (share_access & FILE_SHARE_DELETE)
2515 && (access_mask & DELETE_ACCESS)
2516 && (((dos_mode(conn, fname, &sbuf) & FILE_ATTRIBUTE_READONLY)
2517 && !lp_delete_readonly(SNUM(conn)))
2518 || !can_delete_file_in_directory(conn, fname))) {
2519 status = NT_STATUS_ACCESS_DENIED;
2524 /* We need to support SeSecurityPrivilege for this. */
2525 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2526 !user_has_privileges(current_user.nt_user_token,
2528 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2534 * If it's a request for a directory open, deal with it separately.
2537 if (create_options & FILE_DIRECTORY_FILE) {
2539 /* Can't open a temp directory. IFS kit test. */
2540 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2541 status = NT_STATUS_INVALID_PARAMETER;
2546 * We will get a create directory here if the Win32
2547 * app specified a security descriptor in the
2548 * CreateDirectory() call.
2552 status = open_directory(
2553 conn, req, fname, &sbuf, access_mask, share_access,
2554 create_disposition, create_options, file_attributes,
2559 * Ordinary file case.
2562 status = open_file_ntcreate(
2563 conn, req, fname, &sbuf, access_mask, share_access,
2564 create_disposition, create_options, file_attributes,
2565 oplock_request, &info, &fsp);
2567 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2570 * Fail the open if it was explicitly a non-directory
2574 if (create_options & FILE_NON_DIRECTORY_FILE) {
2575 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2580 status = open_directory(
2581 conn, req, fname, &sbuf, access_mask,
2582 share_access, create_disposition,
2583 create_options, file_attributes,
2588 if (!NT_STATUS_IS_OK(status)) {
2593 * According to the MS documentation, the only time the security
2594 * descriptor is applied to the opened file is iff we *created* the
2595 * file; an existing file stays the same.
2597 * Also, it seems (from observation) that you can open the file with
2598 * any access mask but you can still write the sd. We need to override
2599 * the granted access before we call set_sd
2600 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
2603 if ((sd != NULL) && (info == FILE_WAS_CREATED)
2604 && lp_nt_acl_support(SNUM(conn))) {
2606 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
2607 uint32_t saved_access_mask = fsp->access_mask;
2609 if (sd->owner_sid == NULL) {
2610 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
2612 if (sd->group_sid == NULL) {
2613 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
2615 if (sd->sacl == NULL) {
2616 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
2618 if (sd->dacl == NULL) {
2619 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
2622 fsp->access_mask = FILE_GENERIC_ALL;
2624 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
2626 fsp->access_mask = saved_access_mask;
2628 if (!NT_STATUS_IS_OK(status)) {
2633 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
2634 status = set_ea(conn, fsp, fname, ea_list);
2635 if (!NT_STATUS_IS_OK(status)) {
2640 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
2641 status = NT_STATUS_ACCESS_DENIED;
2645 /* Save the requested allocation size. */
2646 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
2648 && (allocation_size > sbuf.st_size)) {
2649 fsp->initial_allocation_size = smb_roundup(
2650 fsp->conn, allocation_size);
2651 if (fsp->is_directory) {
2652 /* Can't set allocation size on a directory. */
2653 status = NT_STATUS_ACCESS_DENIED;
2656 if (vfs_allocate_file_space(
2657 fsp, fsp->initial_allocation_size) == -1) {
2658 status = NT_STATUS_DISK_FULL;
2662 fsp->initial_allocation_size = smb_roundup(
2663 fsp->conn, (SMB_BIG_UINT)sbuf.st_size);
2667 DEBUG(10, ("create_file: info=%d\n", info));
2670 if (pinfo != NULL) {
2673 if (psbuf != NULL) {
2674 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
2678 SMB_VFS_FSTAT(fsp, psbuf);
2681 return NT_STATUS_OK;
2684 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
2687 close_file(fsp, ERROR_CLOSE);
2693 NTSTATUS create_file(connection_struct *conn,
2694 struct smb_request *req,
2695 uint16_t root_dir_fid,
2697 uint32_t access_mask,
2698 uint32_t share_access,
2699 uint32_t create_disposition,
2700 uint32_t create_options,
2701 uint32_t file_attributes,
2702 uint32_t oplock_request,
2703 SMB_BIG_UINT allocation_size,
2704 struct security_descriptor *sd,
2705 struct ea_list *ea_list,
2707 files_struct **result,
2709 SMB_STRUCT_STAT *psbuf)
2711 TALLOC_CTX *frame = talloc_stackframe();
2712 struct case_semantics_state *case_state = NULL;
2713 SMB_STRUCT_STAT sbuf;
2714 int info = FILE_WAS_OPENED;
2715 files_struct *fsp = NULL;
2718 DEBUG(10,("create_file: access_mask = 0x%x "
2719 "file_attributes = 0x%x, share_access = 0x%x, "
2720 "create_disposition = 0x%x create_options = 0x%x "
2721 "oplock_request = 0x%x "
2722 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
2724 (unsigned int)access_mask,
2725 (unsigned int)file_attributes,
2726 (unsigned int)share_access,
2727 (unsigned int)create_disposition,
2728 (unsigned int)create_options,
2729 (unsigned int)oplock_request,
2730 (unsigned int)root_dir_fid,
2731 ea_list, sd, fname));
2734 * Get the file name.
2737 if (root_dir_fid != 0) {
2739 * This filename is relative to a directory fid.
2741 char *parent_fname = NULL;
2742 files_struct *dir_fsp = file_fsp(root_dir_fid);
2744 if (dir_fsp == NULL) {
2745 status = NT_STATUS_INVALID_HANDLE;
2749 if (!dir_fsp->is_directory) {
2752 * Check to see if this is a mac fork of some kind.
2755 if (is_ntfs_stream_name(fname)) {
2756 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
2761 we need to handle the case when we get a
2762 relative open relative to a file and the
2763 pathname is blank - this is a reopen!
2764 (hint from demyn plantenberg)
2767 status = NT_STATUS_INVALID_HANDLE;
2771 if (ISDOT(dir_fsp->fsp_name)) {
2773 * We're at the toplevel dir, the final file name
2774 * must not contain ./, as this is filtered out
2775 * normally by srvstr_get_path and unix_convert
2776 * explicitly rejects paths containing ./.
2778 parent_fname = talloc_strdup(talloc_tos(), "");
2779 if (parent_fname == NULL) {
2780 status = NT_STATUS_NO_MEMORY;
2784 size_t dir_name_len = strlen(dir_fsp->fsp_name);
2787 * Copy in the base directory name.
2790 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
2792 if (parent_fname == NULL) {
2793 status = NT_STATUS_NO_MEMORY;
2796 memcpy(parent_fname, dir_fsp->fsp_name,
2800 * Ensure it ends in a '/'.
2801 * We used TALLOC_SIZE +2 to add space for the '/'.
2805 && (parent_fname[dir_name_len-1] != '\\')
2806 && (parent_fname[dir_name_len-1] != '/')) {
2807 parent_fname[dir_name_len] = '/';
2808 parent_fname[dir_name_len+1] = '\0';
2812 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
2814 if (fname == NULL) {
2815 status = NT_STATUS_NO_MEMORY;
2820 * Check to see if this is a mac fork of some kind.
2823 if (is_ntfs_stream_name(fname)) {
2824 enum FAKE_FILE_TYPE fake_file_type;
2826 fake_file_type = is_fake_file(fname);
2828 if (fake_file_type == FAKE_FILE_TYPE_NONE) {
2829 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
2833 * Here we go! support for changing the disk quotas
2836 * We need to fake up to open this MAGIC QUOTA file
2837 * and return a valid FID.
2839 * w2k close this file directly after openening xp
2840 * also tries a QUERY_FILE_INFO on the file and then
2843 status = open_fake_file(conn, fake_file_type, fname,
2845 if (!NT_STATUS_IS_OK(status)) {
2853 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
2854 char *resolved_fname;
2856 status = resolve_dfspath(talloc_tos(), conn, true, fname,
2859 if (!NT_STATUS_IS_OK(status)) {
2861 * For PATH_NOT_COVERED we had
2862 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
2863 * ERRSRV, ERRbadpath);
2864 * Need to fix in callers
2868 fname = resolved_fname;
2872 * Check if POSIX semantics are wanted.
2875 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2876 case_state = set_posix_case_semantics(talloc_tos(), conn);
2877 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
2881 char *converted_fname;
2883 SET_STAT_INVALID(sbuf);
2885 status = unix_convert(talloc_tos(), conn, fname, False,
2886 &converted_fname, NULL, &sbuf);
2887 if (!NT_STATUS_IS_OK(status)) {
2890 fname = converted_fname;
2893 /* All file access must go through check_name() */
2895 status = check_name(conn, fname);
2896 if (!NT_STATUS_IS_OK(status)) {
2900 status = create_file_unixpath(
2901 conn, req, fname, access_mask, share_access,
2902 create_disposition, create_options, file_attributes,
2903 oplock_request, allocation_size, sd, ea_list,
2904 &fsp, &info, &sbuf);
2906 if (!NT_STATUS_IS_OK(status)) {
2911 DEBUG(10, ("create_file: info=%d\n", info));
2914 if (pinfo != NULL) {
2917 if (psbuf != NULL) {
2921 return NT_STATUS_OK;
2924 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
2927 close_file(fsp, ERROR_CLOSE);
git.samba.org / ira / wip.git / blob