Fix bug #6186 - map readonly does not work
[ira/wip.git] / source3 / smbd / open.c
1 /* 
2    Unix SMB/CIFS implementation.
3    file opening and share modes
4    Copyright (C) Andrew Tridgell 1992-1998
5    Copyright (C) Jeremy Allison 2001-2004
6    Copyright (C) Volker Lendecke 2005
7    
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 3 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "smbd/globals.h"
24
25 extern const struct generic_mapping file_generic_mapping;
26
27 struct deferred_open_record {
28         bool delayed_for_oplocks;
29         struct file_id id;
30 };
31
32 static NTSTATUS create_file_unixpath(connection_struct *conn,
33                                      struct smb_request *req,
34                                      const char *fname,
35                                      uint32_t access_mask,
36                                      uint32_t share_access,
37                                      uint32_t create_disposition,
38                                      uint32_t create_options,
39                                      uint32_t file_attributes,
40                                      uint32_t oplock_request,
41                                      uint64_t allocation_size,
42                                      struct security_descriptor *sd,
43                                      struct ea_list *ea_list,
44
45                                      files_struct **result,
46                                      int *pinfo,
47                                      SMB_STRUCT_STAT *psbuf);
48
49 /****************************************************************************
50  SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
51 ****************************************************************************/
52
53 NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
54                           const NT_USER_TOKEN *token,
55                           uint32_t access_desired,
56                           uint32_t *access_granted)
57 {
58         return se_access_check(sd,
59                                 token,
60                                 (access_desired & ~FILE_READ_ATTRIBUTES),
61                                 access_granted);
62 }
63
64 /****************************************************************************
65  Check if we have open rights.
66 ****************************************************************************/
67
68 static NTSTATUS check_open_rights(struct connection_struct *conn,
69                                 const char *fname,
70                                 uint32_t access_mask,
71                                 uint32_t *access_granted)
72 {
73         /* Check if we have rights to open. */
74         NTSTATUS status;
75         struct security_descriptor *sd;
76
77         *access_granted = 0;
78
79         if (conn->server_info->utok.uid == 0 || conn->admin_user) {
80                 /* I'm sorry sir, I didn't know you were root... */
81                 *access_granted = access_mask;
82                 if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
83                         *access_granted |= FILE_GENERIC_ALL;
84                 }
85                 return NT_STATUS_OK;
86         }
87
88         status = SMB_VFS_GET_NT_ACL(conn, fname,
89                         (OWNER_SECURITY_INFORMATION |
90                         GROUP_SECURITY_INFORMATION |
91                         DACL_SECURITY_INFORMATION),&sd);
92
93         if (!NT_STATUS_IS_OK(status)) {
94                 DEBUG(10, ("check_open_rights: Could not get acl "
95                         "on %s: %s\n",
96                         fname,
97                         nt_errstr(status)));
98                 return status;
99         }
100
101         status = smb1_file_se_access_check(sd,
102                                 conn->server_info->ptok,
103                                 access_mask,
104                                 access_granted);
105
106         TALLOC_FREE(sd);
107
108         DEBUG(10,("check_open_rights: file %s requesting "
109                 "0x%x returning 0x%x (%s)\n",
110                 fname,
111                 (unsigned int)access_mask,
112                 (unsigned int)*access_granted,
113                 nt_errstr(status) ));
114
115         return status;
116 }
117
118 /****************************************************************************
119  fd support routines - attempt to do a dos_open.
120 ****************************************************************************/
121
122 static NTSTATUS fd_open(struct connection_struct *conn,
123                     const char *fname, 
124                     files_struct *fsp,
125                     int flags,
126                     mode_t mode)
127 {
128         NTSTATUS status = NT_STATUS_OK;
129
130 #ifdef O_NOFOLLOW
131         /* 
132          * Never follow symlinks on a POSIX client. The
133          * client should be doing this.
134          */
135
136         if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
137                 flags |= O_NOFOLLOW;
138         }
139 #endif
140
141         fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
142         if (fsp->fh->fd == -1) {
143                 status = map_nt_error_from_unix(errno);
144                 if (errno == EMFILE) {
145                         static time_t last_warned = 0L;
146
147                         if (time((time_t *) NULL) > last_warned) {
148                                 DEBUG(0,("Too many open files, unable "
149                                         "to open more!  smbd's max "
150                                         "open files = %d\n",
151                                         lp_max_open_files()));
152                                 last_warned = time((time_t *) NULL);
153                         }
154                 }
155
156         }
157
158         DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
159                     fname, flags, (int)mode, fsp->fh->fd,
160                 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
161
162         return status;
163 }
164
165 /****************************************************************************
166  Close the file associated with a fsp.
167 ****************************************************************************/
168
169 NTSTATUS fd_close(files_struct *fsp)
170 {
171         int ret;
172
173         if (fsp->fh->fd == -1) {
174                 return NT_STATUS_OK; /* What we used to call a stat open. */
175         }
176         if (fsp->fh->ref_count > 1) {
177                 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
178         }
179
180         ret = SMB_VFS_CLOSE(fsp);
181         fsp->fh->fd = -1;
182         if (ret == -1) {
183                 return map_nt_error_from_unix(errno);
184         }
185         return NT_STATUS_OK;
186 }
187
188 /****************************************************************************
189  Change the ownership of a file to that of the parent directory.
190  Do this by fd if possible.
191 ****************************************************************************/
192
193 void change_file_owner_to_parent(connection_struct *conn,
194                                         const char *inherit_from_dir,
195                                         files_struct *fsp)
196 {
197         SMB_STRUCT_STAT parent_st;
198         int ret;
199
200         ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
201         if (ret == -1) {
202                 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
203                          "directory %s. Error was %s\n",
204                          inherit_from_dir, strerror(errno) ));
205                 return;
206         }
207
208         become_root();
209         ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
210         unbecome_root();
211         if (ret == -1) {
212                 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
213                          "file %s to parent directory uid %u. Error "
214                          "was %s\n", fsp->fsp_name,
215                          (unsigned int)parent_st.st_uid,
216                          strerror(errno) ));
217         }
218
219         DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
220                   "parent directory uid %u.\n", fsp->fsp_name,
221                   (unsigned int)parent_st.st_uid ));
222 }
223
224 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
225                                        const char *inherit_from_dir,
226                                        const char *fname,
227                                        SMB_STRUCT_STAT *psbuf)
228 {
229         char *saved_dir = NULL;
230         SMB_STRUCT_STAT sbuf;
231         SMB_STRUCT_STAT parent_st;
232         TALLOC_CTX *ctx = talloc_tos();
233         NTSTATUS status = NT_STATUS_OK;
234         int ret;
235
236         ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
237         if (ret == -1) {
238                 status = map_nt_error_from_unix(errno);
239                 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
240                          "directory %s. Error was %s\n",
241                          inherit_from_dir, strerror(errno) ));
242                 return status;
243         }
244
245         /* We've already done an lstat into psbuf, and we know it's a
246            directory. If we can cd into the directory and the dev/ino
247            are the same then we can safely chown without races as
248            we're locking the directory in place by being in it.  This
249            should work on any UNIX (thanks tridge :-). JRA.
250         */
251
252         saved_dir = vfs_GetWd(ctx,conn);
253         if (!saved_dir) {
254                 status = map_nt_error_from_unix(errno);
255                 DEBUG(0,("change_dir_owner_to_parent: failed to get "
256                          "current working directory. Error was %s\n",
257                          strerror(errno)));
258                 return status;
259         }
260
261         /* Chdir into the new path. */
262         if (vfs_ChDir(conn, fname) == -1) {
263                 status = map_nt_error_from_unix(errno);
264                 DEBUG(0,("change_dir_owner_to_parent: failed to change "
265                          "current working directory to %s. Error "
266                          "was %s\n", fname, strerror(errno) ));
267                 goto out;
268         }
269
270         if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
271                 status = map_nt_error_from_unix(errno);
272                 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
273                          "directory '.' (%s) Error was %s\n",
274                          fname, strerror(errno)));
275                 goto out;
276         }
277
278         /* Ensure we're pointing at the same place. */
279         if (sbuf.st_dev != psbuf->st_dev ||
280             sbuf.st_ino != psbuf->st_ino ||
281             sbuf.st_mode != psbuf->st_mode ) {
282                 DEBUG(0,("change_dir_owner_to_parent: "
283                          "device/inode/mode on directory %s changed. "
284                          "Refusing to chown !\n", fname ));
285                 status = NT_STATUS_ACCESS_DENIED;
286                 goto out;
287         }
288
289         become_root();
290         ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
291         unbecome_root();
292         if (ret == -1) {
293                 status = map_nt_error_from_unix(errno);
294                 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
295                           "directory %s to parent directory uid %u. "
296                           "Error was %s\n", fname,
297                           (unsigned int)parent_st.st_uid, strerror(errno) ));
298                 goto out;
299         }
300
301         DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
302                   "directory %s to parent directory uid %u.\n",
303                   fname, (unsigned int)parent_st.st_uid ));
304
305  out:
306
307         vfs_ChDir(conn,saved_dir);
308         return status;
309 }
310
311 /****************************************************************************
312  Open a file.
313 ****************************************************************************/
314
315 static NTSTATUS open_file(files_struct *fsp,
316                           connection_struct *conn,
317                           struct smb_request *req,
318                           const char *parent_dir,
319                           const char *name,
320                           const char *path,
321                           SMB_STRUCT_STAT *psbuf,
322                           int flags,
323                           mode_t unx_mode,
324                           uint32 access_mask, /* client requested access mask. */
325                           uint32 open_access_mask) /* what we're actually using in the open. */
326 {
327         NTSTATUS status = NT_STATUS_OK;
328         int accmode = (flags & O_ACCMODE);
329         int local_flags = flags;
330         bool file_existed = VALID_STAT(*psbuf);
331
332         fsp->fh->fd = -1;
333         errno = EPERM;
334
335         /* Check permissions */
336
337         /*
338          * This code was changed after seeing a client open request 
339          * containing the open mode of (DENY_WRITE/read-only) with
340          * the 'create if not exist' bit set. The previous code
341          * would fail to open the file read only on a read-only share
342          * as it was checking the flags parameter  directly against O_RDONLY,
343          * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
344          * JRA.
345          */
346
347         if (!CAN_WRITE(conn)) {
348                 /* It's a read-only share - fail if we wanted to write. */
349                 if(accmode != O_RDONLY) {
350                         DEBUG(3,("Permission denied opening %s\n", path));
351                         return NT_STATUS_ACCESS_DENIED;
352                 } else if(flags & O_CREAT) {
353                         /* We don't want to write - but we must make sure that
354                            O_CREAT doesn't create the file if we have write
355                            access into the directory.
356                         */
357                         flags &= ~O_CREAT;
358                         local_flags &= ~O_CREAT;
359                 }
360         }
361
362         /*
363          * This little piece of insanity is inspired by the
364          * fact that an NT client can open a file for O_RDONLY,
365          * but set the create disposition to FILE_EXISTS_TRUNCATE.
366          * If the client *can* write to the file, then it expects to
367          * truncate the file, even though it is opening for readonly.
368          * Quicken uses this stupid trick in backup file creation...
369          * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
370          * for helping track this one down. It didn't bite us in 2.0.x
371          * as we always opened files read-write in that release. JRA.
372          */
373
374         if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
375                 DEBUG(10,("open_file: truncate requested on read-only open "
376                           "for file %s\n", path));
377                 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
378         }
379
380         if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
381             (!file_existed && (local_flags & O_CREAT)) ||
382             ((local_flags & O_TRUNC) == O_TRUNC) ) {
383                 const char *wild;
384
385                 /*
386                  * We can't actually truncate here as the file may be locked.
387                  * open_file_ntcreate will take care of the truncate later. JRA.
388                  */
389
390                 local_flags &= ~O_TRUNC;
391
392 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
393                 /*
394                  * We would block on opening a FIFO with no one else on the
395                  * other end. Do what we used to do and add O_NONBLOCK to the
396                  * open flags. JRA.
397                  */
398
399                 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
400                         local_flags |= O_NONBLOCK;
401                 }
402 #endif
403
404                 /* Don't create files with Microsoft wildcard characters. */
405                 if (fsp->base_fsp) {
406                         /*
407                          * wildcard characters are allowed in stream names
408                          * only test the basefilename
409                          */
410                         wild = fsp->base_fsp->fsp_name;
411                 } else {
412                         wild = path;
413                 }
414                 if ((local_flags & O_CREAT) && !file_existed &&
415                     ms_has_wild(wild))  {
416                         return NT_STATUS_OBJECT_NAME_INVALID;
417                 }
418
419                 /* Actually do the open */
420                 status = fd_open(conn, path, fsp, local_flags, unx_mode);
421                 if (!NT_STATUS_IS_OK(status)) {
422                         DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
423                                  "(flags=%d)\n",
424                                  path,nt_errstr(status),local_flags,flags));
425                         return status;
426                 }
427
428                 if ((local_flags & O_CREAT) && !file_existed) {
429
430                         /* Inherit the ACL if required */
431                         if (lp_inherit_perms(SNUM(conn))) {
432                                 inherit_access_posix_acl(conn, parent_dir, path,
433                                                    unx_mode);
434                         }
435
436                         /* Change the owner if required. */
437                         if (lp_inherit_owner(SNUM(conn))) {
438                                 change_file_owner_to_parent(conn, parent_dir,
439                                                             fsp);
440                         }
441
442                         notify_fname(conn, NOTIFY_ACTION_ADDED,
443                                      FILE_NOTIFY_CHANGE_FILE_NAME, path);
444                 }
445
446         } else {
447                 fsp->fh->fd = -1; /* What we used to call a stat open. */
448                 if (file_existed) {
449                         uint32_t access_granted = 0;
450
451                         status = check_open_rights(conn,
452                                         path,
453                                         access_mask,
454                                         &access_granted);
455                         if (!NT_STATUS_IS_OK(status)) {
456                                 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
457                                         /*
458                                          * On NT_STATUS_ACCESS_DENIED, access_granted
459                                          * contains the denied bits.
460                                          */
461
462                                         if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
463                                                         (access_granted & FILE_WRITE_ATTRIBUTES) &&
464                                                         (lp_map_readonly(SNUM(conn)) ||
465                                                          lp_map_archive(SNUM(conn)) ||
466                                                          lp_map_hidden(SNUM(conn)) ||
467                                                          lp_map_system(SNUM(conn)))) {
468                                                 access_granted &= ~FILE_WRITE_ATTRIBUTES;
469
470                                                 DEBUG(10,("open_file: overrode FILE_WRITE_ATTRIBUTES "
471                                                         "on file %s\n",
472                                                         path ));
473                                         }
474
475                                         if ((access_mask & DELETE_ACCESS) &&
476                                                         (access_granted & DELETE_ACCESS) &&
477                                                         can_delete_file_in_directory(conn, path)) {
478                                                 /* Were we trying to do a stat open
479                                                  * for delete and didn't get DELETE
480                                                  * access (only) ? Check if the
481                                                  * directory allows DELETE_CHILD.
482                                                  * See here:
483                                                  * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
484                                                  * for details. */
485
486                                                 access_granted &= ~DELETE_ACCESS;
487
488                                                 DEBUG(10,("open_file: overrode DELETE_ACCESS "
489                                                         "on file %s\n",
490                                                         path ));
491                                         }
492
493                                         if (access_granted != 0) {
494                                                 DEBUG(10, ("open_file: Access denied on "
495                                                         "file %s\n",
496                                                         path));
497                                                 return status;
498                                         }
499                                 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
500                                                         fsp->posix_open &&
501                                                         S_ISLNK(psbuf->st_mode)) {
502                                         /* This is a POSIX stat open for delete
503                                          * or rename on a symlink that points
504                                          * nowhere. Allow. */
505                                         DEBUG(10, ("open_file: allowing POSIX open "
506                                                 "on bad symlink %s\n",
507                                                 path ));
508                                 } else {
509                                         DEBUG(10, ("open_file: check_open_rights "
510                                                 "on file %s returned %s\n",
511                                                 path, nt_errstr(status) ));
512                                         return status;
513                                 }
514                         }
515                 }
516         }
517
518         if (!file_existed) {
519                 int ret;
520
521                 if (fsp->fh->fd == -1) {
522                         ret = SMB_VFS_STAT(conn, path, psbuf);
523                 } else {
524                         ret = SMB_VFS_FSTAT(fsp, psbuf);
525                         /* If we have an fd, this stat should succeed. */
526                         if (ret == -1) {
527                                 DEBUG(0,("Error doing fstat on open file %s "
528                                          "(%s)\n", path,strerror(errno) ));
529                         }
530                 }
531
532                 /* For a non-io open, this stat failing means file not found. JRA */
533                 if (ret == -1) {
534                         status = map_nt_error_from_unix(errno);
535                         fd_close(fsp);
536                         return status;
537                 }
538         }
539
540         /*
541          * POSIX allows read-only opens of directories. We don't
542          * want to do this (we use a different code path for this)
543          * so catch a directory open and return an EISDIR. JRA.
544          */
545
546         if(S_ISDIR(psbuf->st_mode)) {
547                 fd_close(fsp);
548                 errno = EISDIR;
549                 return NT_STATUS_FILE_IS_A_DIRECTORY;
550         }
551
552         fsp->mode = psbuf->st_mode;
553         fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
554         fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
555         fsp->file_pid = req ? req->smbpid : 0;
556         fsp->can_lock = True;
557         fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
558         if (!CAN_WRITE(conn)) {
559                 fsp->can_write = False;
560         } else {
561                 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
562                         True : False;
563         }
564         fsp->print_file = False;
565         fsp->modified = False;
566         fsp->sent_oplock_break = NO_BREAK_SENT;
567         fsp->is_directory = False;
568         if (conn->aio_write_behind_list &&
569             is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
570                 fsp->aio_write_behind = True;
571         }
572
573         string_set(&fsp->fsp_name, path);
574         fsp->wcp = NULL; /* Write cache pointer. */
575
576         DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
577                  conn->server_info->unix_name,
578                  fsp->fsp_name,
579                  BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
580                  conn->num_files_open));
581
582         errno = 0;
583         return NT_STATUS_OK;
584 }
585
586 /*******************************************************************
587  Return True if the filename is one of the special executable types.
588 ********************************************************************/
589
590 bool is_executable(const char *fname)
591 {
592         if ((fname = strrchr_m(fname,'.'))) {
593                 if (strequal(fname,".com") ||
594                     strequal(fname,".dll") ||
595                     strequal(fname,".exe") ||
596                     strequal(fname,".sym")) {
597                         return True;
598                 }
599         }
600         return False;
601 }
602
603 /****************************************************************************
604  Check if we can open a file with a share mode.
605  Returns True if conflict, False if not.
606 ****************************************************************************/
607
608 static bool share_conflict(struct share_mode_entry *entry,
609                            uint32 access_mask,
610                            uint32 share_access)
611 {
612         DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
613                   "entry->share_access = 0x%x, "
614                   "entry->private_options = 0x%x\n",
615                   (unsigned int)entry->access_mask,
616                   (unsigned int)entry->share_access,
617                   (unsigned int)entry->private_options));
618
619         DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
620                   (unsigned int)access_mask, (unsigned int)share_access));
621
622         if ((entry->access_mask & (FILE_WRITE_DATA|
623                                    FILE_APPEND_DATA|
624                                    FILE_READ_DATA|
625                                    FILE_EXECUTE|
626                                    DELETE_ACCESS)) == 0) {
627                 DEBUG(10,("share_conflict: No conflict due to "
628                           "entry->access_mask = 0x%x\n",
629                           (unsigned int)entry->access_mask ));
630                 return False;
631         }
632
633         if ((access_mask & (FILE_WRITE_DATA|
634                             FILE_APPEND_DATA|
635                             FILE_READ_DATA|
636                             FILE_EXECUTE|
637                             DELETE_ACCESS)) == 0) {
638                 DEBUG(10,("share_conflict: No conflict due to "
639                           "access_mask = 0x%x\n",
640                           (unsigned int)access_mask ));
641                 return False;
642         }
643
644 #if 1 /* JRA TEST - Superdebug. */
645 #define CHECK_MASK(num, am, right, sa, share) \
646         DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
647                 (unsigned int)(num), (unsigned int)(am), \
648                 (unsigned int)(right), (unsigned int)(am)&(right) )); \
649         DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
650                 (unsigned int)(num), (unsigned int)(sa), \
651                 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
652         if (((am) & (right)) && !((sa) & (share))) { \
653                 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
654 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
655                         (unsigned int)(share) )); \
656                 return True; \
657         }
658 #else
659 #define CHECK_MASK(num, am, right, sa, share) \
660         if (((am) & (right)) && !((sa) & (share))) { \
661                 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
662 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
663                         (unsigned int)(share) )); \
664                 return True; \
665         }
666 #endif
667
668         CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
669                    share_access, FILE_SHARE_WRITE);
670         CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
671                    entry->share_access, FILE_SHARE_WRITE);
672         
673         CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
674                    share_access, FILE_SHARE_READ);
675         CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
676                    entry->share_access, FILE_SHARE_READ);
677
678         CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
679                    share_access, FILE_SHARE_DELETE);
680         CHECK_MASK(6, access_mask, DELETE_ACCESS,
681                    entry->share_access, FILE_SHARE_DELETE);
682
683         DEBUG(10,("share_conflict: No conflict.\n"));
684         return False;
685 }
686
687 #if defined(DEVELOPER)
688 static void validate_my_share_entries(int num,
689                                       struct share_mode_entry *share_entry)
690 {
691         files_struct *fsp;
692
693         if (!procid_is_me(&share_entry->pid)) {
694                 return;
695         }
696
697         if (is_deferred_open_entry(share_entry) &&
698             !open_was_deferred(share_entry->op_mid)) {
699                 char *str = talloc_asprintf(talloc_tos(),
700                         "Got a deferred entry without a request: "
701                         "PANIC: %s\n",
702                         share_mode_str(talloc_tos(), num, share_entry));
703                 smb_panic(str);
704         }
705
706         if (!is_valid_share_mode_entry(share_entry)) {
707                 return;
708         }
709
710         fsp = file_find_dif(share_entry->id,
711                             share_entry->share_file_id);
712         if (!fsp) {
713                 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
714                          share_mode_str(talloc_tos(), num, share_entry) ));
715                 smb_panic("validate_my_share_entries: Cannot match a "
716                           "share entry with an open file\n");
717         }
718
719         if (is_deferred_open_entry(share_entry) ||
720             is_unused_share_mode_entry(share_entry)) {
721                 goto panic;
722         }
723
724         if ((share_entry->op_type == NO_OPLOCK) &&
725             (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
726                 /* Someone has already written to it, but I haven't yet
727                  * noticed */
728                 return;
729         }
730
731         if (((uint16)fsp->oplock_type) != share_entry->op_type) {
732                 goto panic;
733         }
734
735         return;
736
737  panic:
738         {
739                 char *str;
740                 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
741                          share_mode_str(talloc_tos(), num, share_entry) ));
742                 str = talloc_asprintf(talloc_tos(),
743                         "validate_my_share_entries: "
744                         "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
745                          fsp->fsp_name, (unsigned int)fsp->oplock_type,
746                          (unsigned int)share_entry->op_type );
747                 smb_panic(str);
748         }
749 }
750 #endif
751
752 bool is_stat_open(uint32 access_mask)
753 {
754         return (access_mask &&
755                 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
756                                   FILE_WRITE_ATTRIBUTES))==0) &&
757                 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
758                                  FILE_WRITE_ATTRIBUTES)) != 0));
759 }
760
761 /****************************************************************************
762  Deal with share modes
763  Invarient: Share mode must be locked on entry and exit.
764  Returns -1 on error, or number of share modes on success (may be zero).
765 ****************************************************************************/
766
767 static NTSTATUS open_mode_check(connection_struct *conn,
768                                 const char *fname,
769                                 struct share_mode_lock *lck,
770                                 uint32 access_mask,
771                                 uint32 share_access,
772                                 uint32 create_options,
773                                 bool *file_existed)
774 {
775         int i;
776
777         if(lck->num_share_modes == 0) {
778                 return NT_STATUS_OK;
779         }
780
781         *file_existed = True;
782
783         /* A delete on close prohibits everything */
784
785         if (lck->delete_on_close) {
786                 return NT_STATUS_DELETE_PENDING;
787         }
788
789         if (is_stat_open(access_mask)) {
790                 /* Stat open that doesn't trigger oplock breaks or share mode
791                  * checks... ! JRA. */
792                 return NT_STATUS_OK;
793         }
794
795         /*
796          * Check if the share modes will give us access.
797          */
798         
799 #if defined(DEVELOPER)
800         for(i = 0; i < lck->num_share_modes; i++) {
801                 validate_my_share_entries(i, &lck->share_modes[i]);
802         }
803 #endif
804
805         if (!lp_share_modes(SNUM(conn))) {
806                 return NT_STATUS_OK;
807         }
808
809         /* Now we check the share modes, after any oplock breaks. */
810         for(i = 0; i < lck->num_share_modes; i++) {
811
812                 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
813                         continue;
814                 }
815
816                 /* someone else has a share lock on it, check to see if we can
817                  * too */
818                 if (share_conflict(&lck->share_modes[i],
819                                    access_mask, share_access)) {
820                         return NT_STATUS_SHARING_VIOLATION;
821                 }
822         }
823         
824         return NT_STATUS_OK;
825 }
826
827 static bool is_delete_request(files_struct *fsp) {
828         return ((fsp->access_mask == DELETE_ACCESS) &&
829                 (fsp->oplock_type == NO_OPLOCK));
830 }
831
832 /*
833  * Send a break message to the oplock holder and delay the open for
834  * our client.
835  */
836
837 static NTSTATUS send_break_message(files_struct *fsp,
838                                         struct share_mode_entry *exclusive,
839                                         uint16 mid,
840                                         int oplock_request)
841 {
842         NTSTATUS status;
843         char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
844
845         DEBUG(10, ("Sending break request to PID %s\n",
846                    procid_str_static(&exclusive->pid)));
847         exclusive->op_mid = mid;
848
849         /* Create the message. */
850         share_mode_entry_to_message(msg, exclusive);
851
852         /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
853            don't want this set in the share mode struct pointed to by lck. */
854
855         if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
856                 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
857         }
858
859         status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
860                                     MSG_SMB_BREAK_REQUEST,
861                                     (uint8 *)msg,
862                                     MSG_SMB_SHARE_MODE_ENTRY_SIZE);
863         if (!NT_STATUS_IS_OK(status)) {
864                 DEBUG(3, ("Could not send oplock break message: %s\n",
865                           nt_errstr(status)));
866         }
867
868         return status;
869 }
870
871 /*
872  * 1) No files open at all or internal open: Grant whatever the client wants.
873  *
874  * 2) Exclusive (or batch) oplock around: If the requested access is a delete
875  *    request, break if the oplock around is a batch oplock. If it's another
876  *    requested access type, break.
877  *
878  * 3) Only level2 around: Grant level2 and do nothing else.
879  */
880
881 static bool delay_for_oplocks(struct share_mode_lock *lck,
882                               files_struct *fsp,
883                               uint16 mid,
884                               int pass_number,
885                               int oplock_request)
886 {
887         int i;
888         struct share_mode_entry *exclusive = NULL;
889         bool valid_entry = false;
890         bool have_level2 = false;
891         bool have_a_none_oplock = false;
892         bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
893                             lp_level2_oplocks(SNUM(fsp->conn));
894
895         if (oplock_request & INTERNAL_OPEN_ONLY) {
896                 fsp->oplock_type = NO_OPLOCK;
897         }
898
899         if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
900                 return false;
901         }
902
903         for (i=0; i<lck->num_share_modes; i++) {
904
905                 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
906                         continue;
907                 }
908
909                 /* At least one entry is not an invalid or deferred entry. */
910                 valid_entry = true;
911
912                 if (pass_number == 1) {
913                         if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
914                                 SMB_ASSERT(exclusive == NULL);
915                                 exclusive = &lck->share_modes[i];
916                         }
917                 } else {
918                         if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
919                                 SMB_ASSERT(exclusive == NULL);
920                                 exclusive = &lck->share_modes[i];
921                         }
922                 }
923
924                 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
925                         SMB_ASSERT(exclusive == NULL);
926                         have_level2 = true;
927                 }
928
929                 if (lck->share_modes[i].op_type == NO_OPLOCK) {
930                         have_a_none_oplock = true;
931                 }
932         }
933
934         if (exclusive != NULL) { /* Found an exclusive oplock */
935                 bool delay_it = is_delete_request(fsp) ?
936                                 BATCH_OPLOCK_TYPE(exclusive->op_type) : true;
937                 SMB_ASSERT(!have_level2);
938                 if (delay_it) {
939                         send_break_message(fsp, exclusive, mid, oplock_request);
940                         return true;
941                 }
942         }
943
944         /*
945          * Match what was requested (fsp->oplock_type) with
946          * what was found in the existing share modes.
947          */
948
949         if (!valid_entry) {
950                 /* All entries are placeholders or deferred.
951                  * Directly grant whatever the client wants. */
952                 if (fsp->oplock_type == NO_OPLOCK) {
953                         /* Store a level2 oplock, but don't tell the client */
954                         fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
955                 }
956         } else if (have_a_none_oplock) {
957                 fsp->oplock_type = NO_OPLOCK;
958         } else if (have_level2) {
959                 if (fsp->oplock_type == NO_OPLOCK ||
960                                 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
961                         /* Store a level2 oplock, but don't tell the client */
962                         fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
963                 } else {
964                         fsp->oplock_type = LEVEL_II_OPLOCK;
965                 }
966         } else {
967                 /* This case can never happen. */
968                 SMB_ASSERT(1);
969         }
970
971         /*
972          * Don't grant level2 to clients that don't want them
973          * or if we've turned them off.
974          */
975         if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
976                 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
977         }
978
979         DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n",
980                 fsp->oplock_type, fsp->fsp_name));
981
982         /* No delay. */
983         return false;
984 }
985
986 bool request_timed_out(struct timeval request_time,
987                        struct timeval timeout)
988 {
989         struct timeval now, end_time;
990         GetTimeOfDay(&now);
991         end_time = timeval_sum(&request_time, &timeout);
992         return (timeval_compare(&end_time, &now) < 0);
993 }
994
995 /****************************************************************************
996  Handle the 1 second delay in returning a SHARING_VIOLATION error.
997 ****************************************************************************/
998
999 static void defer_open(struct share_mode_lock *lck,
1000                        struct timeval request_time,
1001                        struct timeval timeout,
1002                        struct smb_request *req,
1003                        struct deferred_open_record *state)
1004 {
1005         int i;
1006
1007         /* Paranoia check */
1008
1009         for (i=0; i<lck->num_share_modes; i++) {
1010                 struct share_mode_entry *e = &lck->share_modes[i];
1011
1012                 if (!is_deferred_open_entry(e)) {
1013                         continue;
1014                 }
1015
1016                 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
1017                         DEBUG(0, ("Trying to defer an already deferred "
1018                                   "request: mid=%d, exiting\n", req->mid));
1019                         exit_server("attempt to defer a deferred request");
1020                 }
1021         }
1022
1023         /* End paranoia check */
1024
1025         DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1026                   "open entry for mid %u\n",
1027                   (unsigned int)request_time.tv_sec,
1028                   (unsigned int)request_time.tv_usec,
1029                   (unsigned int)req->mid));
1030
1031         if (!push_deferred_smb_message(req, request_time, timeout,
1032                                        (char *)state, sizeof(*state))) {
1033                 exit_server("push_deferred_smb_message failed");
1034         }
1035         add_deferred_open(lck, req->mid, request_time, state->id);
1036
1037         /*
1038          * Push the MID of this packet on the signing queue.
1039          * We only do this once, the first time we push the packet
1040          * onto the deferred open queue, as this has a side effect
1041          * of incrementing the response sequence number.
1042          */
1043
1044         srv_defer_sign_response(req->mid);
1045 }
1046
1047
1048 /****************************************************************************
1049  On overwrite open ensure that the attributes match.
1050 ****************************************************************************/
1051
1052 bool open_match_attributes(connection_struct *conn,
1053                            const char *path,
1054                            uint32 old_dos_attr,
1055                            uint32 new_dos_attr,
1056                            mode_t existing_unx_mode,
1057                            mode_t new_unx_mode,
1058                            mode_t *returned_unx_mode)
1059 {
1060         uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1061
1062         noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1063         noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1064
1065         if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) || 
1066            (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1067                 *returned_unx_mode = new_unx_mode;
1068         } else {
1069                 *returned_unx_mode = (mode_t)0;
1070         }
1071
1072         DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
1073                   "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1074                   "returned_unx_mode = 0%o\n",
1075                   path,
1076                   (unsigned int)old_dos_attr,
1077                   (unsigned int)existing_unx_mode,
1078                   (unsigned int)new_dos_attr,
1079                   (unsigned int)*returned_unx_mode ));
1080
1081         /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1082         if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1083                 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1084                     !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1085                         return False;
1086                 }
1087         }
1088         if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1089                 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1090                     !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1091                         return False;
1092                 }
1093         }
1094         return True;
1095 }
1096
1097 /****************************************************************************
1098  Special FCB or DOS processing in the case of a sharing violation.
1099  Try and find a duplicated file handle.
1100 ****************************************************************************/
1101
1102 NTSTATUS fcb_or_dos_open(struct smb_request *req,
1103                                      connection_struct *conn,
1104                                      files_struct *fsp_to_dup_into,
1105                                      const char *fname,
1106                                      struct file_id id,
1107                                      uint16 file_pid,
1108                                      uint16 vuid,
1109                                      uint32 access_mask,
1110                                      uint32 share_access,
1111                                      uint32 create_options)
1112 {
1113         files_struct *fsp;
1114
1115         DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1116                  "file %s.\n", fname ));
1117
1118         for(fsp = file_find_di_first(id); fsp;
1119             fsp = file_find_di_next(fsp)) {
1120
1121                 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1122                           "vuid = %u, file_pid = %u, private_options = 0x%x "
1123                           "access_mask = 0x%x\n", fsp->fsp_name,
1124                           fsp->fh->fd, (unsigned int)fsp->vuid,
1125                           (unsigned int)fsp->file_pid,
1126                           (unsigned int)fsp->fh->private_options,
1127                           (unsigned int)fsp->access_mask ));
1128
1129                 if (fsp->fh->fd != -1 &&
1130                     fsp->vuid == vuid &&
1131                     fsp->file_pid == file_pid &&
1132                     (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1133                                                  NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1134                     (fsp->access_mask & FILE_WRITE_DATA) &&
1135                     strequal(fsp->fsp_name, fname)) {
1136                         DEBUG(10,("fcb_or_dos_open: file match\n"));
1137                         break;
1138                 }
1139         }
1140
1141         if (!fsp) {
1142                 return NT_STATUS_NOT_FOUND;
1143         }
1144
1145         /* quite an insane set of semantics ... */
1146         if (is_executable(fname) &&
1147             (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1148                 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1149                 return NT_STATUS_INVALID_PARAMETER;
1150         }
1151
1152         /* We need to duplicate this fsp. */
1153         dup_file_fsp(req, fsp, access_mask, share_access,
1154                         create_options, fsp_to_dup_into);
1155
1156         return NT_STATUS_OK;
1157 }
1158
1159 /****************************************************************************
1160  Open a file with a share mode - old openX method - map into NTCreate.
1161 ****************************************************************************/
1162
1163 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
1164                                  uint32 *paccess_mask,
1165                                  uint32 *pshare_mode,
1166                                  uint32 *pcreate_disposition,
1167                                  uint32 *pcreate_options)
1168 {
1169         uint32 access_mask;
1170         uint32 share_mode;
1171         uint32 create_disposition;
1172         uint32 create_options = FILE_NON_DIRECTORY_FILE;
1173
1174         DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1175                   "open_func = 0x%x\n",
1176                   fname, (unsigned int)deny_mode, (unsigned int)open_func ));
1177
1178         /* Create the NT compatible access_mask. */
1179         switch (GET_OPENX_MODE(deny_mode)) {
1180                 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1181                 case DOS_OPEN_RDONLY:
1182                         access_mask = FILE_GENERIC_READ;
1183                         break;
1184                 case DOS_OPEN_WRONLY:
1185                         access_mask = FILE_GENERIC_WRITE;
1186                         break;
1187                 case DOS_OPEN_RDWR:
1188                 case DOS_OPEN_FCB:
1189                         access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1190                         break;
1191                 default:
1192                         DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1193                                   (unsigned int)GET_OPENX_MODE(deny_mode)));
1194                         return False;
1195         }
1196
1197         /* Create the NT compatible create_disposition. */
1198         switch (open_func) {
1199                 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1200                         create_disposition = FILE_CREATE;
1201                         break;
1202
1203                 case OPENX_FILE_EXISTS_OPEN:
1204                         create_disposition = FILE_OPEN;
1205                         break;
1206
1207                 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1208                         create_disposition = FILE_OPEN_IF;
1209                         break;
1210        
1211                 case OPENX_FILE_EXISTS_TRUNCATE:
1212                         create_disposition = FILE_OVERWRITE;
1213                         break;
1214
1215                 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1216                         create_disposition = FILE_OVERWRITE_IF;
1217                         break;
1218
1219                 default:
1220                         /* From samba4 - to be confirmed. */
1221                         if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1222                                 create_disposition = FILE_CREATE;
1223                                 break;
1224                         }
1225                         DEBUG(10,("map_open_params_to_ntcreate: bad "
1226                                   "open_func 0x%x\n", (unsigned int)open_func));
1227                         return False;
1228         }
1229  
1230         /* Create the NT compatible share modes. */
1231         switch (GET_DENY_MODE(deny_mode)) {
1232                 case DENY_ALL:
1233                         share_mode = FILE_SHARE_NONE;
1234                         break;
1235
1236                 case DENY_WRITE:
1237                         share_mode = FILE_SHARE_READ;
1238                         break;
1239
1240                 case DENY_READ:
1241                         share_mode = FILE_SHARE_WRITE;
1242                         break;
1243
1244                 case DENY_NONE:
1245                         share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1246                         break;
1247
1248                 case DENY_DOS:
1249                         create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1250                         if (is_executable(fname)) {
1251                                 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1252                         } else {
1253                                 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1254                                         share_mode = FILE_SHARE_READ;
1255                                 } else {
1256                                         share_mode = FILE_SHARE_NONE;
1257                                 }
1258                         }
1259                         break;
1260
1261                 case DENY_FCB:
1262                         create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1263                         share_mode = FILE_SHARE_NONE;
1264                         break;
1265
1266                 default:
1267                         DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1268                                 (unsigned int)GET_DENY_MODE(deny_mode) ));
1269                         return False;
1270         }
1271
1272         DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1273                   "share_mode = 0x%x, create_disposition = 0x%x, "
1274                   "create_options = 0x%x\n",
1275                   fname,
1276                   (unsigned int)access_mask,
1277                   (unsigned int)share_mode,
1278                   (unsigned int)create_disposition,
1279                   (unsigned int)create_options ));
1280
1281         if (paccess_mask) {
1282                 *paccess_mask = access_mask;
1283         }
1284         if (pshare_mode) {
1285                 *pshare_mode = share_mode;
1286         }
1287         if (pcreate_disposition) {
1288                 *pcreate_disposition = create_disposition;
1289         }
1290         if (pcreate_options) {
1291                 *pcreate_options = create_options;
1292         }
1293
1294         return True;
1295
1296 }
1297
1298 static void schedule_defer_open(struct share_mode_lock *lck,
1299                                 struct timeval request_time,
1300                                 struct smb_request *req)
1301 {
1302         struct deferred_open_record state;
1303
1304         /* This is a relative time, added to the absolute
1305            request_time value to get the absolute timeout time.
1306            Note that if this is the second or greater time we enter
1307            this codepath for this particular request mid then
1308            request_time is left as the absolute time of the *first*
1309            time this request mid was processed. This is what allows
1310            the request to eventually time out. */
1311
1312         struct timeval timeout;
1313
1314         /* Normally the smbd we asked should respond within
1315          * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1316          * the client did, give twice the timeout as a safety
1317          * measure here in case the other smbd is stuck
1318          * somewhere else. */
1319
1320         timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1321
1322         /* Nothing actually uses state.delayed_for_oplocks
1323            but it's handy to differentiate in debug messages
1324            between a 30 second delay due to oplock break, and
1325            a 1 second delay for share mode conflicts. */
1326
1327         state.delayed_for_oplocks = True;
1328         state.id = lck->id;
1329
1330         if (!request_timed_out(request_time, timeout)) {
1331                 defer_open(lck, request_time, timeout, req, &state);
1332         }
1333 }
1334
1335 /****************************************************************************
1336  Work out what access_mask to use from what the client sent us.
1337 ****************************************************************************/
1338
1339 static NTSTATUS calculate_access_mask(connection_struct *conn,
1340                                         const char *fname,
1341                                         bool file_existed,
1342                                         uint32_t access_mask,
1343                                         uint32_t *access_mask_out)
1344 {
1345         NTSTATUS status;
1346
1347         /*
1348          * Convert GENERIC bits to specific bits.
1349          */
1350
1351         se_map_generic(&access_mask, &file_generic_mapping);
1352
1353         /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1354         if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1355                 if (file_existed) {
1356
1357                         struct security_descriptor *sd;
1358                         uint32_t access_granted = 0;
1359
1360                         status = SMB_VFS_GET_NT_ACL(conn, fname,
1361                                         (OWNER_SECURITY_INFORMATION |
1362                                         GROUP_SECURITY_INFORMATION |
1363                                         DACL_SECURITY_INFORMATION),&sd);
1364
1365                         if (!NT_STATUS_IS_OK(status)) {
1366                                 DEBUG(10, ("calculate_access_mask: Could not get acl "
1367                                         "on file %s: %s\n",
1368                                         fname,
1369                                         nt_errstr(status)));
1370                                 return NT_STATUS_ACCESS_DENIED;
1371                         }
1372
1373                         status = smb1_file_se_access_check(sd,
1374                                         conn->server_info->ptok,
1375                                         access_mask,
1376                                         &access_granted);
1377
1378                         TALLOC_FREE(sd);
1379
1380                         if (!NT_STATUS_IS_OK(status)) {
1381                                 DEBUG(10, ("calculate_access_mask: Access denied on "
1382                                         "file %s: when calculating maximum access\n",
1383                                         fname));
1384                                 return NT_STATUS_ACCESS_DENIED;
1385                         }
1386
1387                         access_mask = access_granted;
1388                 } else {
1389                         access_mask = FILE_GENERIC_ALL;
1390                 }
1391         }
1392
1393         *access_mask_out = access_mask;
1394         return NT_STATUS_OK;
1395 }
1396
1397 /****************************************************************************
1398  Open a file with a share mode. Passed in an already created files_struct *.
1399 ****************************************************************************/
1400
1401 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1402                             struct smb_request *req,
1403                             const char *fname,
1404                             SMB_STRUCT_STAT *psbuf,
1405                             uint32 access_mask,         /* access bits (FILE_READ_DATA etc.) */
1406                             uint32 share_access,        /* share constants (FILE_SHARE_READ etc) */
1407                             uint32 create_disposition,  /* FILE_OPEN_IF etc. */
1408                             uint32 create_options,      /* options such as delete on close. */
1409                             uint32 new_dos_attributes,  /* attributes used for new file. */
1410                             int oplock_request,         /* internal Samba oplock codes. */
1411                                                         /* Information (FILE_EXISTS etc.) */
1412                             int *pinfo,
1413                             files_struct *fsp)
1414 {
1415         int flags=0;
1416         int flags2=0;
1417         bool file_existed = VALID_STAT(*psbuf);
1418         bool def_acl = False;
1419         bool posix_open = False;
1420         bool new_file_created = False;
1421         bool clear_ads = false;
1422         struct file_id id;
1423         NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1424         mode_t new_unx_mode = (mode_t)0;
1425         mode_t unx_mode = (mode_t)0;
1426         int info;
1427         uint32 existing_dos_attributes = 0;
1428         struct pending_message_list *pml = NULL;
1429         struct timeval request_time = timeval_zero();
1430         struct share_mode_lock *lck = NULL;
1431         uint32 open_access_mask = access_mask;
1432         NTSTATUS status;
1433         int ret_flock;
1434         char *parent_dir;
1435         const char *newname;
1436
1437         ZERO_STRUCT(id);
1438
1439         if (conn->printer) {
1440                 /*
1441                  * Printers are handled completely differently.
1442                  * Most of the passed parameters are ignored.
1443                  */
1444
1445                 if (pinfo) {
1446                         *pinfo = FILE_WAS_CREATED;
1447                 }
1448
1449                 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1450
1451                 return print_fsp_open(req, conn, fname, req->vuid, fsp, psbuf);
1452         }
1453
1454         if (!parent_dirname(talloc_tos(), fname, &parent_dir, &newname)) {
1455                 return NT_STATUS_NO_MEMORY;
1456         }
1457
1458         if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1459                 posix_open = True;
1460                 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1461                 new_dos_attributes = 0;
1462         } else {
1463                 /* We add aARCH to this as this mode is only used if the file is
1464                  * created new. */
1465                 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1466                                      parent_dir);
1467         }
1468
1469         DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1470                    "access_mask=0x%x share_access=0x%x "
1471                    "create_disposition = 0x%x create_options=0x%x "
1472                    "unix mode=0%o oplock_request=%d\n",
1473                    fname, new_dos_attributes, access_mask, share_access,
1474                    create_disposition, create_options, (unsigned int)unx_mode,
1475                    oplock_request));
1476
1477         if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1478                 DEBUG(0, ("No smb request but not an internal only open!\n"));
1479                 return NT_STATUS_INTERNAL_ERROR;
1480         }
1481
1482         /*
1483          * Only non-internal opens can be deferred at all
1484          */
1485
1486         if ((req != NULL)
1487             && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1488                 struct deferred_open_record *state =
1489                         (struct deferred_open_record *)pml->private_data.data;
1490
1491                 /* Remember the absolute time of the original
1492                    request with this mid. We'll use it later to
1493                    see if this has timed out. */
1494
1495                 request_time = pml->request_time;
1496
1497                 /* Remove the deferred open entry under lock. */
1498                 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1499                                           NULL);
1500                 if (lck == NULL) {
1501                         DEBUG(0, ("could not get share mode lock\n"));
1502                 } else {
1503                         del_deferred_open_entry(lck, req->mid);
1504                         TALLOC_FREE(lck);
1505                 }
1506
1507                 /* Ensure we don't reprocess this message. */
1508                 remove_deferred_open_smb_message(req->mid);
1509         }
1510
1511         status = check_name(conn, fname);
1512         if (!NT_STATUS_IS_OK(status)) {
1513                 return status;
1514         }
1515
1516         if (!posix_open) {
1517                 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1518                 if (file_existed) {
1519                         existing_dos_attributes = dos_mode(conn, fname, psbuf);
1520                 }
1521         }
1522
1523         /* ignore any oplock requests if oplocks are disabled */
1524         if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1525             IS_VETO_OPLOCK_PATH(conn, fname)) {
1526                 /* Mask off everything except the private Samba bits. */
1527                 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1528         }
1529
1530         /* this is for OS/2 long file names - say we don't support them */
1531         if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1532                 /* OS/2 Workplace shell fix may be main code stream in a later
1533                  * release. */
1534                 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1535                          "supported.\n"));
1536                 if (use_nt_status()) {
1537                         return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1538                 }
1539                 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1540         }
1541
1542         switch( create_disposition ) {
1543                 /*
1544                  * Currently we're using FILE_SUPERSEDE as the same as
1545                  * FILE_OVERWRITE_IF but they really are
1546                  * different. FILE_SUPERSEDE deletes an existing file
1547                  * (requiring delete access) then recreates it.
1548                  */
1549                 case FILE_SUPERSEDE:
1550                         /* If file exists replace/overwrite. If file doesn't
1551                          * exist create. */
1552                         flags2 |= (O_CREAT | O_TRUNC);
1553                         clear_ads = true;
1554                         break;
1555
1556                 case FILE_OVERWRITE_IF:
1557                         /* If file exists replace/overwrite. If file doesn't
1558                          * exist create. */
1559                         flags2 |= (O_CREAT | O_TRUNC);
1560                         clear_ads = true;
1561                         break;
1562
1563                 case FILE_OPEN:
1564                         /* If file exists open. If file doesn't exist error. */
1565                         if (!file_existed) {
1566                                 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1567                                          "requested for file %s and file "
1568                                          "doesn't exist.\n", fname ));
1569                                 errno = ENOENT;
1570                                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1571                         }
1572                         break;
1573
1574                 case FILE_OVERWRITE:
1575                         /* If file exists overwrite. If file doesn't exist
1576                          * error. */
1577                         if (!file_existed) {
1578                                 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1579                                          "requested for file %s and file "
1580                                          "doesn't exist.\n", fname ));
1581                                 errno = ENOENT;
1582                                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1583                         }
1584                         flags2 |= O_TRUNC;
1585                         clear_ads = true;
1586                         break;
1587
1588                 case FILE_CREATE:
1589                         /* If file exists error. If file doesn't exist
1590                          * create. */
1591                         if (file_existed) {
1592                                 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1593                                          "requested for file %s and file "
1594                                          "already exists.\n", fname ));
1595                                 if (S_ISDIR(psbuf->st_mode)) {
1596                                         errno = EISDIR;
1597                                 } else {
1598                                         errno = EEXIST;
1599                                 }
1600                                 return map_nt_error_from_unix(errno);
1601                         }
1602                         flags2 |= (O_CREAT|O_EXCL);
1603                         break;
1604
1605                 case FILE_OPEN_IF:
1606                         /* If file exists open. If file doesn't exist
1607                          * create. */
1608                         flags2 |= O_CREAT;
1609                         break;
1610
1611                 default:
1612                         return NT_STATUS_INVALID_PARAMETER;
1613         }
1614
1615         /* We only care about matching attributes on file exists and
1616          * overwrite. */
1617
1618         if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1619                              (create_disposition == FILE_OVERWRITE_IF))) {
1620                 if (!open_match_attributes(conn, fname,
1621                                            existing_dos_attributes,
1622                                            new_dos_attributes, psbuf->st_mode,
1623                                            unx_mode, &new_unx_mode)) {
1624                         DEBUG(5,("open_file_ntcreate: attributes missmatch "
1625                                  "for file %s (%x %x) (0%o, 0%o)\n",
1626                                  fname, existing_dos_attributes,
1627                                  new_dos_attributes,
1628                                  (unsigned int)psbuf->st_mode,
1629                                  (unsigned int)unx_mode ));
1630                         errno = EACCES;
1631                         return NT_STATUS_ACCESS_DENIED;
1632                 }
1633         }
1634
1635         status = calculate_access_mask(conn, fname, file_existed,
1636                                         access_mask,
1637                                         &access_mask); 
1638         if (!NT_STATUS_IS_OK(status)) {
1639                 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1640                         "on file %s returned %s\n",
1641                         fname,
1642                         nt_errstr(status)));
1643                 return status;
1644         }
1645
1646         open_access_mask = access_mask;
1647
1648         if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1649                 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1650         }
1651
1652         DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1653                    "access_mask=0x%x\n", fname, access_mask ));
1654
1655         /*
1656          * Note that we ignore the append flag as append does not
1657          * mean the same thing under DOS and Unix.
1658          */
1659
1660         if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1661                         (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1662                 /* DENY_DOS opens are always underlying read-write on the
1663                    file handle, no matter what the requested access mask
1664                     says. */
1665                 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1666                         access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1667                         flags = O_RDWR;
1668                 } else {
1669                         flags = O_WRONLY;
1670                 }
1671         } else {
1672                 flags = O_RDONLY;
1673         }
1674
1675         /*
1676          * Currently we only look at FILE_WRITE_THROUGH for create options.
1677          */
1678
1679 #if defined(O_SYNC)
1680         if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1681                 flags2 |= O_SYNC;
1682         }
1683 #endif /* O_SYNC */
1684
1685         if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1686                 flags2 |= O_APPEND;
1687         }
1688
1689         if (!posix_open && !CAN_WRITE(conn)) {
1690                 /*
1691                  * We should really return a permission denied error if either
1692                  * O_CREAT or O_TRUNC are set, but for compatibility with
1693                  * older versions of Samba we just AND them out.
1694                  */
1695                 flags2 &= ~(O_CREAT|O_TRUNC);
1696         }
1697
1698         /*
1699          * Ensure we can't write on a read-only share or file.
1700          */
1701
1702         if (flags != O_RDONLY && file_existed &&
1703             (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1704                 DEBUG(5,("open_file_ntcreate: write access requested for "
1705                          "file %s on read only %s\n",
1706                          fname, !CAN_WRITE(conn) ? "share" : "file" ));
1707                 errno = EACCES;
1708                 return NT_STATUS_ACCESS_DENIED;
1709         }
1710
1711         fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1712         fsp->share_access = share_access;
1713         fsp->fh->private_options = create_options;
1714         fsp->access_mask = open_access_mask; /* We change this to the
1715                                               * requested access_mask after
1716                                               * the open is done. */
1717         fsp->posix_open = posix_open;
1718
1719         /* Ensure no SAMBA_PRIVATE bits can be set. */
1720         fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1721
1722         if (timeval_is_zero(&request_time)) {
1723                 request_time = fsp->open_time;
1724         }
1725
1726         if (file_existed) {
1727                 struct timespec old_write_time = get_mtimespec(psbuf);
1728                 id = vfs_file_id_from_sbuf(conn, psbuf);
1729
1730                 lck = get_share_mode_lock(talloc_tos(), id,
1731                                           conn->connectpath,
1732                                           fname, &old_write_time);
1733
1734                 if (lck == NULL) {
1735                         DEBUG(0, ("Could not get share mode lock\n"));
1736                         return NT_STATUS_SHARING_VIOLATION;
1737                 }
1738
1739                 /* First pass - send break only on batch oplocks. */
1740                 if ((req != NULL)
1741                     && delay_for_oplocks(lck, fsp, req->mid, 1,
1742                                          oplock_request)) {
1743                         schedule_defer_open(lck, request_time, req);
1744                         TALLOC_FREE(lck);
1745                         return NT_STATUS_SHARING_VIOLATION;
1746                 }
1747
1748                 /* Use the client requested access mask here, not the one we
1749                  * open with. */
1750                 status = open_mode_check(conn, fname, lck,
1751                                          access_mask, share_access,
1752                                          create_options, &file_existed);
1753
1754                 if (NT_STATUS_IS_OK(status)) {
1755                         /* We might be going to allow this open. Check oplock
1756                          * status again. */
1757                         /* Second pass - send break for both batch or
1758                          * exclusive oplocks. */
1759                         if ((req != NULL)
1760                              && delay_for_oplocks(lck, fsp, req->mid, 2,
1761                                                   oplock_request)) {
1762                                 schedule_defer_open(lck, request_time, req);
1763                                 TALLOC_FREE(lck);
1764                                 return NT_STATUS_SHARING_VIOLATION;
1765                         }
1766                 }
1767
1768                 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1769                         /* DELETE_PENDING is not deferred for a second */
1770                         TALLOC_FREE(lck);
1771                         return status;
1772                 }
1773
1774                 if (!NT_STATUS_IS_OK(status)) {
1775                         uint32 can_access_mask;
1776                         bool can_access = True;
1777
1778                         SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1779
1780                         /* Check if this can be done with the deny_dos and fcb
1781                          * calls. */
1782                         if (create_options &
1783                             (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1784                              NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1785                                 if (req == NULL) {
1786                                         DEBUG(0, ("DOS open without an SMB "
1787                                                   "request!\n"));
1788                                         TALLOC_FREE(lck);
1789                                         return NT_STATUS_INTERNAL_ERROR;
1790                                 }
1791
1792                                 /* Use the client requested access mask here,
1793                                  * not the one we open with. */
1794                                 status = fcb_or_dos_open(req,
1795                                                         conn,
1796                                                         fsp,
1797                                                         fname,
1798                                                         id,
1799                                                         req->smbpid,
1800                                                         req->vuid,
1801                                                         access_mask,
1802                                                         share_access,
1803                                                         create_options);
1804
1805                                 if (NT_STATUS_IS_OK(status)) {
1806                                         TALLOC_FREE(lck);
1807                                         if (pinfo) {
1808                                                 *pinfo = FILE_WAS_OPENED;
1809                                         }
1810                                         return NT_STATUS_OK;
1811                                 }
1812                         }
1813
1814                         /*
1815                          * This next line is a subtlety we need for
1816                          * MS-Access. If a file open will fail due to share
1817                          * permissions and also for security (access) reasons,
1818                          * we need to return the access failed error, not the
1819                          * share error. We can't open the file due to kernel
1820                          * oplock deadlock (it's possible we failed above on
1821                          * the open_mode_check()) so use a userspace check.
1822                          */
1823
1824                         if (flags & O_RDWR) {
1825                                 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1826                         } else if (flags & O_WRONLY) {
1827                                 can_access_mask = FILE_WRITE_DATA;
1828                         } else {
1829                                 can_access_mask = FILE_READ_DATA;
1830                         }
1831
1832                         if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1833                             !can_access_file_data(conn,fname,psbuf,can_access_mask)) {
1834                                 can_access = False;
1835                         }
1836
1837                         /*
1838                          * If we're returning a share violation, ensure we
1839                          * cope with the braindead 1 second delay.
1840                          */
1841
1842                         if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1843                             lp_defer_sharing_violations()) {
1844                                 struct timeval timeout;
1845                                 struct deferred_open_record state;
1846                                 int timeout_usecs;
1847
1848                                 /* this is a hack to speed up torture tests
1849                                    in 'make test' */
1850                                 timeout_usecs = lp_parm_int(SNUM(conn),
1851                                                             "smbd","sharedelay",
1852                                                             SHARING_VIOLATION_USEC_WAIT);
1853
1854                                 /* This is a relative time, added to the absolute
1855                                    request_time value to get the absolute timeout time.
1856                                    Note that if this is the second or greater time we enter
1857                                    this codepath for this particular request mid then
1858                                    request_time is left as the absolute time of the *first*
1859                                    time this request mid was processed. This is what allows
1860                                    the request to eventually time out. */
1861
1862                                 timeout = timeval_set(0, timeout_usecs);
1863
1864                                 /* Nothing actually uses state.delayed_for_oplocks
1865                                    but it's handy to differentiate in debug messages
1866                                    between a 30 second delay due to oplock break, and
1867                                    a 1 second delay for share mode conflicts. */
1868
1869                                 state.delayed_for_oplocks = False;
1870                                 state.id = id;
1871
1872                                 if ((req != NULL)
1873                                     && !request_timed_out(request_time,
1874                                                           timeout)) {
1875                                         defer_open(lck, request_time, timeout,
1876                                                    req, &state);
1877                                 }
1878                         }
1879
1880                         TALLOC_FREE(lck);
1881                         if (can_access) {
1882                                 /*
1883                                  * We have detected a sharing violation here
1884                                  * so return the correct error code
1885                                  */
1886                                 status = NT_STATUS_SHARING_VIOLATION;
1887                         } else {
1888                                 status = NT_STATUS_ACCESS_DENIED;
1889                         }
1890                         return status;
1891                 }
1892
1893                 /*
1894                  * We exit this block with the share entry *locked*.....
1895                  */
1896         }
1897
1898         SMB_ASSERT(!file_existed || (lck != NULL));
1899
1900         /*
1901          * Ensure we pay attention to default ACLs on directories if required.
1902          */
1903
1904         if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1905             (def_acl = directory_has_default_acl(conn, parent_dir))) {
1906                 unx_mode = 0777;
1907         }
1908
1909         DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1910                 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1911                  (unsigned int)flags, (unsigned int)flags2,
1912                  (unsigned int)unx_mode, (unsigned int)access_mask,
1913                  (unsigned int)open_access_mask));
1914
1915         /*
1916          * open_file strips any O_TRUNC flags itself.
1917          */
1918
1919         fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1920                              flags|flags2, unx_mode, access_mask,
1921                              open_access_mask);
1922
1923         if (!NT_STATUS_IS_OK(fsp_open)) {
1924                 if (lck != NULL) {
1925                         TALLOC_FREE(lck);
1926                 }
1927                 return fsp_open;
1928         }
1929
1930         if (!file_existed) {
1931                 struct timespec old_write_time = get_mtimespec(psbuf);
1932                 /*
1933                  * Deal with the race condition where two smbd's detect the
1934                  * file doesn't exist and do the create at the same time. One
1935                  * of them will win and set a share mode, the other (ie. this
1936                  * one) should check if the requested share mode for this
1937                  * create is allowed.
1938                  */
1939
1940                 /*
1941                  * Now the file exists and fsp is successfully opened,
1942                  * fsp->dev and fsp->inode are valid and should replace the
1943                  * dev=0,inode=0 from a non existent file. Spotted by
1944                  * Nadav Danieli <nadavd@exanet.com>. JRA.
1945                  */
1946
1947                 id = fsp->file_id;
1948
1949                 lck = get_share_mode_lock(talloc_tos(), id,
1950                                           conn->connectpath,
1951                                           fname, &old_write_time);
1952
1953                 if (lck == NULL) {
1954                         DEBUG(0, ("open_file_ntcreate: Could not get share "
1955                                   "mode lock for %s\n", fname));
1956                         fd_close(fsp);
1957                         return NT_STATUS_SHARING_VIOLATION;
1958                 }
1959
1960                 /* First pass - send break only on batch oplocks. */
1961                 if ((req != NULL)
1962                     && delay_for_oplocks(lck, fsp, req->mid, 1,
1963                                          oplock_request)) {
1964                         schedule_defer_open(lck, request_time, req);
1965                         TALLOC_FREE(lck);
1966                         fd_close(fsp);
1967                         return NT_STATUS_SHARING_VIOLATION;
1968                 }
1969
1970                 status = open_mode_check(conn, fname, lck,
1971                                          access_mask, share_access,
1972                                          create_options, &file_existed);
1973
1974                 if (NT_STATUS_IS_OK(status)) {
1975                         /* We might be going to allow this open. Check oplock
1976                          * status again. */
1977                         /* Second pass - send break for both batch or
1978                          * exclusive oplocks. */
1979                         if ((req != NULL)
1980                             && delay_for_oplocks(lck, fsp, req->mid, 2,
1981                                                  oplock_request)) {
1982                                 schedule_defer_open(lck, request_time, req);
1983                                 TALLOC_FREE(lck);
1984                                 fd_close(fsp);
1985                                 return NT_STATUS_SHARING_VIOLATION;
1986                         }
1987                 }
1988
1989                 if (!NT_STATUS_IS_OK(status)) {
1990                         struct deferred_open_record state;
1991
1992                         fd_close(fsp);
1993
1994                         state.delayed_for_oplocks = False;
1995                         state.id = id;
1996
1997                         /* Do it all over again immediately. In the second
1998                          * round we will find that the file existed and handle
1999                          * the DELETE_PENDING and FCB cases correctly. No need
2000                          * to duplicate the code here. Essentially this is a
2001                          * "goto top of this function", but don't tell
2002                          * anybody... */
2003
2004                         if (req != NULL) {
2005                                 defer_open(lck, request_time, timeval_zero(),
2006                                            req, &state);
2007                         }
2008                         TALLOC_FREE(lck);
2009                         return status;
2010                 }
2011
2012                 /*
2013                  * We exit this block with the share entry *locked*.....
2014                  */
2015
2016         }
2017
2018         SMB_ASSERT(lck != NULL);
2019
2020         /* Delete streams if create_disposition requires it */
2021         if (file_existed && clear_ads && !is_ntfs_stream_name(fname)) {
2022                 status = delete_all_streams(conn, fname);
2023                 if (!NT_STATUS_IS_OK(status)) {
2024                         TALLOC_FREE(lck);
2025                         fd_close(fsp);
2026                         return status;
2027                 }
2028         }
2029
2030         /* note that we ignore failure for the following. It is
2031            basically a hack for NFS, and NFS will never set one of
2032            these only read them. Nobody but Samba can ever set a deny
2033            mode and we have already checked our more authoritative
2034            locking database for permission to set this deny mode. If
2035            the kernel refuses the operations then the kernel is wrong.
2036            note that GPFS supports it as well - jmcd */
2037
2038         if (fsp->fh->fd != -1) {
2039                 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
2040                 if(ret_flock == -1 ){
2041
2042                         TALLOC_FREE(lck);
2043                         fd_close(fsp);
2044
2045                         return NT_STATUS_SHARING_VIOLATION;
2046                 }
2047         }
2048
2049         /*
2050          * At this point onwards, we can guarentee that the share entry
2051          * is locked, whether we created the file or not, and that the
2052          * deny mode is compatible with all current opens.
2053          */
2054
2055         /*
2056          * If requested, truncate the file.
2057          */
2058
2059         if (flags2&O_TRUNC) {
2060                 /*
2061                  * We are modifing the file after open - update the stat
2062                  * struct..
2063                  */
2064                 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2065                     (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
2066                         status = map_nt_error_from_unix(errno);
2067                         TALLOC_FREE(lck);
2068                         fd_close(fsp);
2069                         return status;
2070                 }
2071         }
2072
2073         /* Record the options we were opened with. */
2074         fsp->share_access = share_access;
2075         fsp->fh->private_options = create_options;
2076         /*
2077          * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2078          */
2079         fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2080
2081         if (file_existed) {
2082                 /* stat opens on existing files don't get oplocks. */
2083                 if (is_stat_open(open_access_mask)) {
2084                         fsp->oplock_type = NO_OPLOCK;
2085                 }
2086
2087                 if (!(flags2 & O_TRUNC)) {
2088                         info = FILE_WAS_OPENED;
2089                 } else {
2090                         info = FILE_WAS_OVERWRITTEN;
2091                 }
2092         } else {
2093                 info = FILE_WAS_CREATED;
2094         }
2095
2096         if (pinfo) {
2097                 *pinfo = info;
2098         }
2099
2100         /*
2101          * Setup the oplock info in both the shared memory and
2102          * file structs.
2103          */
2104
2105         if (!set_file_oplock(fsp, fsp->oplock_type)) {
2106                 /* Could not get the kernel oplock */
2107                 fsp->oplock_type = NO_OPLOCK;
2108         }
2109
2110         if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2111                 new_file_created = True;
2112         }
2113
2114         set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
2115                        fsp->oplock_type);
2116
2117         /* Handle strange delete on close create semantics. */
2118         if (create_options & FILE_DELETE_ON_CLOSE) {
2119
2120                 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
2121
2122                 if (!NT_STATUS_IS_OK(status)) {
2123                         /* Remember to delete the mode we just added. */
2124                         del_share_mode(lck, fsp);
2125                         TALLOC_FREE(lck);
2126                         fd_close(fsp);
2127                         return status;
2128                 }
2129                 /* Note that here we set the *inital* delete on close flag,
2130                    not the regular one. The magic gets handled in close. */
2131                 fsp->initial_delete_on_close = True;
2132         }
2133
2134         if (new_file_created) {
2135                 /* Files should be initially set as archive */
2136                 if (lp_map_archive(SNUM(conn)) ||
2137                     lp_store_dos_attributes(SNUM(conn))) {
2138                         if (!posix_open) {
2139                                 SMB_STRUCT_STAT tmp_sbuf;
2140                                 SET_STAT_INVALID(tmp_sbuf);
2141                                 if (file_set_dosmode(
2142                                             conn, fname,
2143                                             new_dos_attributes | aARCH,
2144                                             &tmp_sbuf, parent_dir,
2145                                             true) == 0) {
2146                                         unx_mode = tmp_sbuf.st_mode;
2147                                 }
2148                         }
2149                 }
2150         }
2151
2152         /*
2153          * Take care of inherited ACLs on created files - if default ACL not
2154          * selected.
2155          */
2156
2157         if (!posix_open && !file_existed && !def_acl) {
2158
2159                 int saved_errno = errno; /* We might get ENOSYS in the next
2160                                           * call.. */
2161
2162                 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2163                     errno == ENOSYS) {
2164                         errno = saved_errno; /* Ignore ENOSYS */
2165                 }
2166
2167         } else if (new_unx_mode) {
2168
2169                 int ret = -1;
2170
2171                 /* Attributes need changing. File already existed. */
2172
2173                 {
2174                         int saved_errno = errno; /* We might get ENOSYS in the
2175                                                   * next call.. */
2176                         ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2177
2178                         if (ret == -1 && errno == ENOSYS) {
2179                                 errno = saved_errno; /* Ignore ENOSYS */
2180                         } else {
2181                                 DEBUG(5, ("open_file_ntcreate: reset "
2182                                           "attributes of file %s to 0%o\n",
2183                                           fname, (unsigned int)new_unx_mode));
2184                                 ret = 0; /* Don't do the fchmod below. */
2185                         }
2186                 }
2187
2188                 if ((ret == -1) &&
2189                     (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2190                         DEBUG(5, ("open_file_ntcreate: failed to reset "
2191                                   "attributes of file %s to 0%o\n",
2192                                   fname, (unsigned int)new_unx_mode));
2193         }
2194
2195         /* If this is a successful open, we must remove any deferred open
2196          * records. */
2197         if (req != NULL) {
2198                 del_deferred_open_entry(lck, req->mid);
2199         }
2200         TALLOC_FREE(lck);
2201
2202         return NT_STATUS_OK;
2203 }
2204
2205
2206 /****************************************************************************
2207  Open a file for for write to ensure that we can fchmod it.
2208 ****************************************************************************/
2209
2210 NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn,
2211                           const char *fname,
2212                           SMB_STRUCT_STAT *psbuf, files_struct **result)
2213 {
2214         files_struct *fsp = NULL;
2215         NTSTATUS status;
2216
2217         if (!VALID_STAT(*psbuf)) {
2218                 return NT_STATUS_INVALID_PARAMETER;
2219         }
2220
2221         status = file_new(req, conn, &fsp);
2222         if(!NT_STATUS_IS_OK(status)) {
2223                 return status;
2224         }
2225
2226         status = SMB_VFS_CREATE_FILE(
2227                 conn,                                   /* conn */
2228                 NULL,                                   /* req */
2229                 0,                                      /* root_dir_fid */
2230                 fname,                                  /* fname */
2231                 0,                                      /* create_file_flags */
2232                 FILE_WRITE_DATA,                        /* access_mask */
2233                 (FILE_SHARE_READ | FILE_SHARE_WRITE |   /* share_access */
2234                     FILE_SHARE_DELETE),
2235                 FILE_OPEN,                              /* create_disposition*/
2236                 0,                                      /* create_options */
2237                 0,                                      /* file_attributes */
2238                 0,                                      /* oplock_request */
2239                 0,                                      /* allocation_size */
2240                 NULL,                                   /* sd */
2241                 NULL,                                   /* ea_list */
2242                 &fsp,                                   /* result */
2243                 NULL,                                   /* pinfo */
2244                 psbuf);                                 /* psbuf */
2245
2246         /*
2247          * This is not a user visible file open.
2248          * Don't set a share mode.
2249          */
2250
2251         if (!NT_STATUS_IS_OK(status)) {
2252                 file_free(req, fsp);
2253                 return status;
2254         }
2255
2256         *result = fsp;
2257         return NT_STATUS_OK;
2258 }
2259
2260 /****************************************************************************
2261  Close the fchmod file fd - ensure no locks are lost.
2262 ****************************************************************************/
2263
2264 NTSTATUS close_file_fchmod(struct smb_request *req, files_struct *fsp)
2265 {
2266         NTSTATUS status = fd_close(fsp);
2267         file_free(req, fsp);
2268         return status;
2269 }
2270
2271 static NTSTATUS mkdir_internal(connection_struct *conn,
2272                                 const char *name,
2273                                 uint32 file_attributes,
2274                                 SMB_STRUCT_STAT *psbuf)
2275 {
2276         mode_t mode;
2277         char *parent_dir;
2278         const char *dirname;
2279         NTSTATUS status;
2280         bool posix_open = false;
2281
2282         if(!CAN_WRITE(conn)) {
2283                 DEBUG(5,("mkdir_internal: failing create on read-only share "
2284                          "%s\n", lp_servicename(SNUM(conn))));
2285                 return NT_STATUS_ACCESS_DENIED;
2286         }
2287
2288         status = check_name(conn, name);
2289         if (!NT_STATUS_IS_OK(status)) {
2290                 return status;
2291         }
2292
2293         if (!parent_dirname(talloc_tos(), name, &parent_dir, &dirname)) {
2294                 return NT_STATUS_NO_MEMORY;
2295         }
2296
2297         if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2298                 posix_open = true;
2299                 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2300         } else {
2301                 mode = unix_mode(conn, aDIR, name, parent_dir);
2302         }
2303
2304         if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2305                 return map_nt_error_from_unix(errno);
2306         }
2307
2308         /* Ensure we're checking for a symlink here.... */
2309         /* We don't want to get caught by a symlink racer. */
2310
2311         if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2312                 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2313                           name, strerror(errno)));
2314                 return map_nt_error_from_unix(errno);
2315         }
2316
2317         if (!S_ISDIR(psbuf->st_mode)) {
2318                 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2319                           name));
2320                 return NT_STATUS_ACCESS_DENIED;
2321         }
2322
2323         if (lp_store_dos_attributes(SNUM(conn))) {
2324                 if (!posix_open) {
2325                         file_set_dosmode(conn, name,
2326                                  file_attributes | aDIR, NULL,
2327                                  parent_dir,
2328                                  true);
2329                 }
2330         }
2331
2332         if (lp_inherit_perms(SNUM(conn))) {
2333                 inherit_access_posix_acl(conn, parent_dir, name, mode);
2334         }
2335
2336         if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2337                 /*
2338                  * Check if high bits should have been set,
2339                  * then (if bits are missing): add them.
2340                  * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2341                  * dir.
2342                  */
2343                 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2344                         SMB_VFS_CHMOD(conn, name,
2345                                       psbuf->st_mode | (mode & ~psbuf->st_mode));
2346                 }
2347         }
2348
2349         /* Change the owner if required. */
2350         if (lp_inherit_owner(SNUM(conn))) {
2351                 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2352         }
2353
2354         notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2355                      name);
2356
2357         return NT_STATUS_OK;
2358 }
2359
2360 /****************************************************************************
2361  Open a directory from an NT SMB call.
2362 ****************************************************************************/
2363
2364 static NTSTATUS open_directory(connection_struct *conn,
2365                                struct smb_request *req,
2366                                const char *fname,
2367                                SMB_STRUCT_STAT *psbuf,
2368                                uint32 access_mask,
2369                                uint32 share_access,
2370                                uint32 create_disposition,
2371                                uint32 create_options,
2372                                uint32 file_attributes,
2373                                int *pinfo,
2374                                files_struct **result)
2375 {
2376         files_struct *fsp = NULL;
2377         bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2378         struct share_mode_lock *lck = NULL;
2379         NTSTATUS status;
2380         struct timespec mtimespec;
2381         int info = 0;
2382
2383         DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2384                  "share_access = 0x%x create_options = 0x%x, "
2385                  "create_disposition = 0x%x, file_attributes = 0x%x\n",
2386                  fname,
2387                  (unsigned int)access_mask,
2388                  (unsigned int)share_access,
2389                  (unsigned int)create_options,
2390                  (unsigned int)create_disposition,
2391                  (unsigned int)file_attributes));
2392
2393         if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2394                         (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2395                         is_ntfs_stream_name(fname)) {
2396                 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2397                 return NT_STATUS_NOT_A_DIRECTORY;
2398         }
2399
2400         status = calculate_access_mask(conn, fname, dir_existed,
2401                                         access_mask,
2402                                         &access_mask); 
2403         if (!NT_STATUS_IS_OK(status)) {
2404                 DEBUG(10, ("open_directory: calculate_access_mask "
2405                         "on file %s returned %s\n",
2406                         fname,
2407                         nt_errstr(status)));
2408                 return status;
2409         }
2410
2411         /* We need to support SeSecurityPrivilege for this. */
2412         if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
2413                 DEBUG(10, ("open_directory: open on %s "
2414                         "failed - SEC_RIGHT_SYSTEM_SECURITY denied.\n",
2415                         fname));
2416                 return NT_STATUS_PRIVILEGE_NOT_HELD;
2417         }
2418
2419         switch( create_disposition ) {
2420                 case FILE_OPEN:
2421
2422                         info = FILE_WAS_OPENED;
2423
2424                         /*
2425                          * We want to follow symlinks here.
2426                          */
2427
2428                         if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2429                                 return map_nt_error_from_unix(errno);
2430                         }
2431                                 
2432                         break;
2433
2434                 case FILE_CREATE:
2435
2436                         /* If directory exists error. If directory doesn't
2437                          * exist create. */
2438
2439                         status = mkdir_internal(conn,
2440                                                 fname,
2441                                                 file_attributes,
2442                                                 psbuf);
2443
2444                         if (!NT_STATUS_IS_OK(status)) {
2445                                 DEBUG(2, ("open_directory: unable to create "
2446                                           "%s. Error was %s\n", fname,
2447                                           nt_errstr(status)));
2448                                 return status;
2449                         }
2450
2451                         info = FILE_WAS_CREATED;
2452                         break;
2453
2454                 case FILE_OPEN_IF:
2455                         /*
2456                          * If directory exists open. If directory doesn't
2457                          * exist create.
2458                          */
2459
2460                         status = mkdir_internal(conn,
2461                                                 fname,
2462                                                 file_attributes,
2463                                                 psbuf);
2464
2465                         if (NT_STATUS_IS_OK(status)) {
2466                                 info = FILE_WAS_CREATED;
2467                         }
2468
2469                         if (NT_STATUS_EQUAL(status,
2470                                             NT_STATUS_OBJECT_NAME_COLLISION)) {
2471                                 info = FILE_WAS_OPENED;
2472                                 status = NT_STATUS_OK;
2473                         }
2474                                 
2475                         break;
2476
2477                 case FILE_SUPERSEDE:
2478                 case FILE_OVERWRITE:
2479                 case FILE_OVERWRITE_IF:
2480                 default:
2481                         DEBUG(5,("open_directory: invalid create_disposition "
2482                                  "0x%x for directory %s\n",
2483                                  (unsigned int)create_disposition, fname));
2484                         return NT_STATUS_INVALID_PARAMETER;
2485         }
2486
2487         if(!S_ISDIR(psbuf->st_mode)) {
2488                 DEBUG(5,("open_directory: %s is not a directory !\n",
2489                          fname ));
2490                 return NT_STATUS_NOT_A_DIRECTORY;
2491         }
2492
2493         if (info == FILE_WAS_OPENED) {
2494                 uint32_t access_granted = 0;
2495                 status = check_open_rights(conn,
2496                                         fname,
2497                                         access_mask,
2498                                         &access_granted);
2499
2500                 /* Were we trying to do a directory open
2501                  * for delete and didn't get DELETE
2502                  * access (only) ? Check if the
2503                  * directory allows DELETE_CHILD.
2504                  * See here:
2505                  * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
2506                  * for details. */
2507
2508                 if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
2509                                 (access_mask & DELETE_ACCESS) &&
2510                                 (access_granted == DELETE_ACCESS) &&
2511                                 can_delete_file_in_directory(conn, fname))) {
2512                         DEBUG(10,("open_directory: overrode ACCESS_DENIED "
2513                                 "on directory %s\n",
2514                                 fname ));
2515                         status = NT_STATUS_OK;
2516                 }
2517
2518                 if (!NT_STATUS_IS_OK(status)) {
2519                         DEBUG(10, ("open_directory: check_open_rights on "
2520                                 "file %s failed with %s\n",
2521                                 fname,
2522                                 nt_errstr(status)));
2523                         return status;
2524                 }
2525         }
2526
2527         status = file_new(req, conn, &fsp);
2528         if(!NT_STATUS_IS_OK(status)) {
2529                 return status;
2530         }
2531
2532         /*
2533          * Setup the files_struct for it.
2534          */
2535         
2536         fsp->mode = psbuf->st_mode;
2537         fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2538         fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2539         fsp->file_pid = req ? req->smbpid : 0;
2540         fsp->can_lock = False;
2541         fsp->can_read = False;
2542         fsp->can_write = False;
2543
2544         fsp->share_access = share_access;
2545         fsp->fh->private_options = create_options;
2546         /*
2547          * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2548          */
2549         fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2550         fsp->print_file = False;
2551         fsp->modified = False;
2552         fsp->oplock_type = NO_OPLOCK;
2553         fsp->sent_oplock_break = NO_BREAK_SENT;
2554         fsp->is_directory = True;
2555         fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2556
2557         string_set(&fsp->fsp_name,fname);
2558
2559         mtimespec = get_mtimespec(psbuf);
2560
2561         lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2562                                   conn->connectpath,
2563                                   fname, &mtimespec);
2564
2565         if (lck == NULL) {
2566                 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2567                 file_free(req, fsp);
2568                 return NT_STATUS_SHARING_VIOLATION;
2569         }
2570
2571         status = open_mode_check(conn, fname, lck,
2572                                 access_mask, share_access,
2573                                 create_options, &dir_existed);
2574
2575         if (!NT_STATUS_IS_OK(status)) {
2576                 TALLOC_FREE(lck);
2577                 file_free(req, fsp);
2578                 return status;
2579         }
2580
2581         set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
2582
2583         /* For directories the delete on close bit at open time seems
2584            always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2585         if (create_options & FILE_DELETE_ON_CLOSE) {
2586                 status = can_set_delete_on_close(fsp, True, 0);
2587                 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2588                         TALLOC_FREE(lck);
2589                         file_free(req, fsp);
2590                         return status;
2591                 }
2592
2593                 if (NT_STATUS_IS_OK(status)) {
2594                         /* Note that here we set the *inital* delete on close flag,
2595                            not the regular one. The magic gets handled in close. */
2596                         fsp->initial_delete_on_close = True;
2597                 }
2598         }
2599
2600         TALLOC_FREE(lck);
2601
2602         if (pinfo) {
2603                 *pinfo = info;
2604         }
2605
2606         *result = fsp;
2607         return NT_STATUS_OK;
2608 }
2609
2610 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2611 {
2612         NTSTATUS status;
2613         SMB_STRUCT_STAT sbuf;
2614         files_struct *fsp;
2615
2616         SET_STAT_INVALID(sbuf);
2617         
2618         status = SMB_VFS_CREATE_FILE(
2619                 conn,                                   /* conn */
2620                 req,                                    /* req */
2621                 0,                                      /* root_dir_fid */
2622                 directory,                              /* fname */
2623                 0,                                      /* create_file_flags */
2624                 FILE_READ_ATTRIBUTES,                   /* access_mask */
2625                 FILE_SHARE_NONE,                        /* share_access */
2626                 FILE_CREATE,                            /* create_disposition*/
2627                 FILE_DIRECTORY_FILE,                    /* create_options */
2628                 FILE_ATTRIBUTE_DIRECTORY,               /* file_attributes */
2629                 0,                                      /* oplock_request */
2630                 0,                                      /* allocation_size */
2631                 NULL,                                   /* sd */
2632                 NULL,                                   /* ea_list */
2633                 &fsp,                                   /* result */
2634                 NULL,                                   /* pinfo */
2635                 &sbuf);                                 /* psbuf */
2636
2637         if (NT_STATUS_IS_OK(status)) {
2638                 close_file(req, fsp, NORMAL_CLOSE);
2639         }
2640
2641         return status;
2642 }
2643
2644 /****************************************************************************
2645  Receive notification that one of our open files has been renamed by another
2646  smbd process.
2647 ****************************************************************************/
2648
2649 void msg_file_was_renamed(struct messaging_context *msg,
2650                           void *private_data,
2651                           uint32_t msg_type,
2652                           struct server_id server_id,
2653                           DATA_BLOB *data)
2654 {
2655         files_struct *fsp;
2656         char *frm = (char *)data->data;
2657         struct file_id id;
2658         const char *sharepath;
2659         const char *newname;
2660         size_t sp_len;
2661
2662         if (data->data == NULL
2663             || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2664                 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2665                           (int)data->length));
2666                 return;
2667         }
2668
2669         /* Unpack the message. */
2670         pull_file_id_24(frm, &id);
2671         sharepath = &frm[24];
2672         newname = sharepath + strlen(sharepath) + 1;
2673         sp_len = strlen(sharepath);
2674
2675         DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2676                 "file_id %s\n",
2677                   sharepath, newname, file_id_string_tos(&id)));
2678
2679         for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2680                 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2681                         DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2682                                 fsp->fnum, fsp->fsp_name, newname ));
2683                         string_set(&fsp->fsp_name, newname);
2684                 } else {
2685                         /* TODO. JRA. */
2686                         /* Now we have the complete path we can work out if this is
2687                            actually within this share and adjust newname accordingly. */
2688                         DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2689                                 "not sharepath %s) "
2690                                 "fnum %d from %s -> %s\n",
2691                                 fsp->conn->connectpath,
2692                                 sharepath,
2693                                 fsp->fnum,
2694                                 fsp->fsp_name,
2695                                 newname ));
2696                 }
2697         }
2698 }
2699
2700 struct case_semantics_state {
2701         connection_struct *conn;
2702         bool case_sensitive;
2703         bool case_preserve;
2704         bool short_case_preserve;
2705 };
2706
2707 /****************************************************************************
2708  Restore case semantics.
2709 ****************************************************************************/
2710 static int restore_case_semantics(struct case_semantics_state *state)
2711 {
2712         state->conn->case_sensitive = state->case_sensitive;
2713         state->conn->case_preserve = state->case_preserve;
2714         state->conn->short_case_preserve = state->short_case_preserve;
2715         return 0;
2716 }
2717
2718 /****************************************************************************
2719  Save case semantics.
2720 ****************************************************************************/
2721 struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2722                                                       connection_struct *conn)
2723 {
2724         struct case_semantics_state *result;
2725
2726         if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2727                 DEBUG(0, ("talloc failed\n"));
2728                 return NULL;
2729         }
2730
2731         result->conn = conn;
2732         result->case_sensitive = conn->case_sensitive;
2733         result->case_preserve = conn->case_preserve;
2734         result->short_case_preserve = conn->short_case_preserve;
2735
2736         /* Set to POSIX. */
2737         conn->case_sensitive = True;
2738         conn->case_preserve = True;
2739         conn->short_case_preserve = True;
2740
2741         talloc_set_destructor(result, restore_case_semantics);
2742
2743         return result;
2744 }
2745
2746 /*
2747  * If a main file is opened for delete, all streams need to be checked for
2748  * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2749  * If that works, delete them all by setting the delete on close and close.
2750  */
2751
2752 NTSTATUS open_streams_for_delete(connection_struct *conn,
2753                                         const char *fname)
2754 {
2755         struct stream_struct *stream_info;
2756         files_struct **streams;
2757         int i;
2758         unsigned int num_streams;
2759         TALLOC_CTX *frame = talloc_stackframe();
2760         NTSTATUS status;
2761
2762         status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2763                                     &num_streams, &stream_info);
2764
2765         if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2766             || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2767                 DEBUG(10, ("no streams around\n"));
2768                 TALLOC_FREE(frame);
2769                 return NT_STATUS_OK;
2770         }
2771
2772         if (!NT_STATUS_IS_OK(status)) {
2773                 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2774                            nt_errstr(status)));
2775                 goto fail;
2776         }
2777
2778         DEBUG(10, ("open_streams_for_delete found %d streams\n",
2779                    num_streams));
2780
2781         if (num_streams == 0) {
2782                 TALLOC_FREE(frame);
2783                 return NT_STATUS_OK;
2784         }
2785
2786         streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2787         if (streams == NULL) {
2788                 DEBUG(0, ("talloc failed\n"));
2789                 status = NT_STATUS_NO_MEMORY;
2790                 goto fail;
2791         }
2792
2793         for (i=0; i<num_streams; i++) {
2794                 char *streamname;
2795
2796                 if (strequal(stream_info[i].name, "::$DATA")) {
2797                         streams[i] = NULL;
2798                         continue;
2799                 }
2800
2801                 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2802                                              stream_info[i].name);
2803
2804                 if (streamname == NULL) {
2805                         DEBUG(0, ("talloc_aprintf failed\n"));
2806                         status = NT_STATUS_NO_MEMORY;
2807                         goto fail;
2808                 }
2809
2810                 status = SMB_VFS_CREATE_FILE(
2811                          conn,                  /* conn */
2812                          NULL,                  /* req */
2813                          0,                     /* root_dir_fid */
2814                          streamname,            /* fname */
2815                          0,                     /* create_file_flags */
2816                          DELETE_ACCESS,         /* access_mask */
2817                          (FILE_SHARE_READ |     /* share_access */
2818                              FILE_SHARE_WRITE | FILE_SHARE_DELETE),
2819                          FILE_OPEN,             /* create_disposition*/
2820                          NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2821                          FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2822                          0,                     /* oplock_request */
2823                          0,                     /* allocation_size */
2824                          NULL,                  /* sd */
2825                          NULL,                  /* ea_list */
2826                          &streams[i],           /* result */
2827                          NULL,                  /* pinfo */
2828                          NULL);                 /* psbuf */
2829
2830                 TALLOC_FREE(streamname);
2831
2832                 if (!NT_STATUS_IS_OK(status)) {
2833                         DEBUG(10, ("Could not open stream %s: %s\n",
2834                                    streamname, nt_errstr(status)));
2835                         break;
2836                 }
2837         }
2838
2839         /*
2840          * don't touch the variable "status" beyond this point :-)
2841          */
2842
2843         for (i -= 1 ; i >= 0; i--) {
2844                 if (streams[i] == NULL) {
2845                         continue;
2846                 }
2847
2848                 DEBUG(10, ("Closing stream # %d, %s\n", i,
2849                            streams[i]->fsp_name));
2850                 close_file(NULL, streams[i], NORMAL_CLOSE);
2851         }
2852
2853  fail:
2854         TALLOC_FREE(frame);
2855         return status;
2856 }
2857
2858 /*
2859  * Wrapper around open_file_ntcreate and open_directory
2860  */
2861
2862 static NTSTATUS create_file_unixpath(connection_struct *conn,
2863                                      struct smb_request *req,
2864                                      const char *fname,
2865                                      uint32_t access_mask,
2866                                      uint32_t share_access,
2867                                      uint32_t create_disposition,
2868                                      uint32_t create_options,
2869                                      uint32_t file_attributes,
2870                                      uint32_t oplock_request,
2871                                      uint64_t allocation_size,
2872                                      struct security_descriptor *sd,
2873                                      struct ea_list *ea_list,
2874
2875                                      files_struct **result,
2876                                      int *pinfo,
2877                                      SMB_STRUCT_STAT *psbuf)
2878 {
2879         SMB_STRUCT_STAT sbuf;
2880         int info = FILE_WAS_OPENED;
2881         files_struct *base_fsp = NULL;
2882         files_struct *fsp = NULL;
2883         NTSTATUS status;
2884
2885         DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2886                   "file_attributes = 0x%x, share_access = 0x%x, "
2887                   "create_disposition = 0x%x create_options = 0x%x "
2888                   "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2889                   "fname = %s\n",
2890                   (unsigned int)access_mask,
2891                   (unsigned int)file_attributes,
2892                   (unsigned int)share_access,
2893                   (unsigned int)create_disposition,
2894                   (unsigned int)create_options,
2895                   (unsigned int)oplock_request,
2896                   ea_list, sd, fname));
2897
2898         if (create_options & FILE_OPEN_BY_FILE_ID) {
2899                 status = NT_STATUS_NOT_SUPPORTED;
2900                 goto fail;
2901         }
2902
2903         if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2904                 status = NT_STATUS_INVALID_PARAMETER;
2905                 goto fail;
2906         }
2907
2908         if (req == NULL) {
2909                 oplock_request |= INTERNAL_OPEN_ONLY;
2910         }
2911
2912         if (psbuf != NULL) {
2913                 sbuf = *psbuf;
2914         }
2915         else {
2916                 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2917                         SET_STAT_INVALID(sbuf);
2918                 }
2919         }
2920
2921         if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2922             && (access_mask & DELETE_ACCESS)
2923             && !is_ntfs_stream_name(fname)) {
2924                 /*
2925                  * We can't open a file with DELETE access if any of the
2926                  * streams is open without FILE_SHARE_DELETE
2927                  */
2928                 status = open_streams_for_delete(conn, fname);
2929
2930                 if (!NT_STATUS_IS_OK(status)) {
2931                         goto fail;
2932                 }
2933         }
2934
2935         /* This is the correct thing to do (check every time) but can_delete
2936          * is expensive (it may have to read the parent directory
2937          * permissions). So for now we're not doing it unless we have a strong
2938          * hint the client is really going to delete this file. If the client
2939          * is forcing FILE_CREATE let the filesystem take care of the
2940          * permissions. */
2941
2942         /* Setting FILE_SHARE_DELETE is the hint. */
2943
2944         if (lp_acl_check_permissions(SNUM(conn))
2945             && (create_disposition != FILE_CREATE)
2946             && (share_access & FILE_SHARE_DELETE)
2947             && (access_mask & DELETE_ACCESS)
2948             && (!(can_delete_file_in_directory(conn, fname) ||
2949                  can_access_file_acl(conn, fname, DELETE_ACCESS)))) {
2950                 status = NT_STATUS_ACCESS_DENIED;
2951                 DEBUG(10,("create_file_unixpath: open file %s "
2952                         "for delete ACCESS_DENIED\n", fname ));
2953                 goto fail;
2954         }
2955
2956 #if 0
2957         /* We need to support SeSecurityPrivilege for this. */
2958         if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2959             !user_has_privileges(current_user.nt_user_token,
2960                                  &se_security)) {
2961                 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2962                 goto fail;
2963         }
2964 #else
2965         /* We need to support SeSecurityPrivilege for this. */
2966         if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
2967                 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2968                 goto fail;
2969         }
2970         /* Don't allow a SACL set from an NTtrans create until we
2971          * support SeSecurityPrivilege. */
2972         if (!VALID_STAT(sbuf) &&
2973                         lp_nt_acl_support(SNUM(conn)) &&
2974                         sd && (sd->sacl != NULL)) {
2975                 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2976                 goto fail;
2977         }
2978 #endif
2979
2980         if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2981             && is_ntfs_stream_name(fname)
2982             && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2983                 char *base;
2984                 uint32 base_create_disposition;
2985
2986                 if (create_options & FILE_DIRECTORY_FILE) {
2987                         status = NT_STATUS_NOT_A_DIRECTORY;
2988                         goto fail;
2989                 }
2990
2991                 status = split_ntfs_stream_name(talloc_tos(), fname,
2992                                                 &base, NULL);
2993                 if (!NT_STATUS_IS_OK(status)) {
2994                         DEBUG(10, ("create_file_unixpath: "
2995                                 "split_ntfs_stream_name failed: %s\n",
2996                                 nt_errstr(status)));
2997                         goto fail;
2998                 }
2999
3000                 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
3001
3002                 switch (create_disposition) {
3003                 case FILE_OPEN:
3004                         base_create_disposition = FILE_OPEN;
3005                         break;
3006                 default:
3007                         base_create_disposition = FILE_OPEN_IF;
3008                         break;
3009                 }
3010
3011                 status = create_file_unixpath(conn, NULL, base, 0,
3012                                               FILE_SHARE_READ
3013                                               | FILE_SHARE_WRITE
3014                                               | FILE_SHARE_DELETE,
3015                                               base_create_disposition,
3016                                               0, 0, 0, 0, NULL, NULL,
3017                                               &base_fsp, NULL, NULL);
3018                 if (!NT_STATUS_IS_OK(status)) {
3019                         DEBUG(10, ("create_file_unixpath for base %s failed: "
3020                                    "%s\n", base, nt_errstr(status)));
3021                         goto fail;
3022                 }
3023                 /* we don't need to low level fd */
3024                 fd_close(base_fsp);
3025         }
3026
3027         /*
3028          * If it's a request for a directory open, deal with it separately.
3029