2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "smbd/globals.h"
25 extern const struct generic_mapping file_generic_mapping;
27 struct deferred_open_record {
28 bool delayed_for_oplocks;
32 static NTSTATUS create_file_unixpath(connection_struct *conn,
33 struct smb_request *req,
36 uint32_t share_access,
37 uint32_t create_disposition,
38 uint32_t create_options,
39 uint32_t file_attributes,
40 uint32_t oplock_request,
41 uint64_t allocation_size,
42 struct security_descriptor *sd,
43 struct ea_list *ea_list,
45 files_struct **result,
47 SMB_STRUCT_STAT *psbuf);
49 /****************************************************************************
50 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
51 ****************************************************************************/
53 NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
54 const NT_USER_TOKEN *token,
55 uint32_t access_desired,
56 uint32_t *access_granted)
58 return se_access_check(sd,
60 (access_desired & ~FILE_READ_ATTRIBUTES),
64 /****************************************************************************
65 Check if we have open rights.
66 ****************************************************************************/
68 static NTSTATUS check_open_rights(struct connection_struct *conn,
71 uint32_t *access_granted)
73 /* Check if we have rights to open. */
75 struct security_descriptor *sd;
79 status = SMB_VFS_GET_NT_ACL(conn, fname,
80 (OWNER_SECURITY_INFORMATION |
81 GROUP_SECURITY_INFORMATION |
82 DACL_SECURITY_INFORMATION),&sd);
84 if (!NT_STATUS_IS_OK(status)) {
85 DEBUG(10, ("check_open_rights: Could not get acl "
92 status = smb1_file_se_access_check(sd,
93 conn->server_info->ptok,
99 DEBUG(10,("check_open_rights: file %s requesting "
100 "0x%x returning 0x%x (%s)\n",
102 (unsigned int)access_mask,
103 (unsigned int)*access_granted,
104 nt_errstr(status) ));
109 /****************************************************************************
110 fd support routines - attempt to do a dos_open.
111 ****************************************************************************/
113 static NTSTATUS fd_open(struct connection_struct *conn,
119 NTSTATUS status = NT_STATUS_OK;
123 * Never follow symlinks on a POSIX client. The
124 * client should be doing this.
127 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
132 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
133 if (fsp->fh->fd == -1) {
134 status = map_nt_error_from_unix(errno);
135 if (errno == EMFILE) {
136 static time_t last_warned = 0L;
138 if (time((time_t *) NULL) > last_warned) {
139 DEBUG(0,("Too many open files, unable "
140 "to open more! smbd's max "
142 lp_max_open_files()));
143 last_warned = time((time_t *) NULL);
149 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
150 fname, flags, (int)mode, fsp->fh->fd,
151 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
156 /****************************************************************************
157 Close the file associated with a fsp.
158 ****************************************************************************/
160 NTSTATUS fd_close(files_struct *fsp)
164 if (fsp->fh->fd == -1) {
165 return NT_STATUS_OK; /* What we used to call a stat open. */
167 if (fsp->fh->ref_count > 1) {
168 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
171 ret = SMB_VFS_CLOSE(fsp);
174 return map_nt_error_from_unix(errno);
179 /****************************************************************************
180 Change the ownership of a file to that of the parent directory.
181 Do this by fd if possible.
182 ****************************************************************************/
184 void change_file_owner_to_parent(connection_struct *conn,
185 const char *inherit_from_dir,
188 SMB_STRUCT_STAT parent_st;
191 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
193 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
194 "directory %s. Error was %s\n",
195 inherit_from_dir, strerror(errno) ));
200 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
203 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
204 "file %s to parent directory uid %u. Error "
205 "was %s\n", fsp->fsp_name,
206 (unsigned int)parent_st.st_uid,
210 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
211 "parent directory uid %u.\n", fsp->fsp_name,
212 (unsigned int)parent_st.st_uid ));
215 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
216 const char *inherit_from_dir,
218 SMB_STRUCT_STAT *psbuf)
220 char *saved_dir = NULL;
221 SMB_STRUCT_STAT sbuf;
222 SMB_STRUCT_STAT parent_st;
223 TALLOC_CTX *ctx = talloc_tos();
224 NTSTATUS status = NT_STATUS_OK;
227 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
229 status = map_nt_error_from_unix(errno);
230 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
231 "directory %s. Error was %s\n",
232 inherit_from_dir, strerror(errno) ));
236 /* We've already done an lstat into psbuf, and we know it's a
237 directory. If we can cd into the directory and the dev/ino
238 are the same then we can safely chown without races as
239 we're locking the directory in place by being in it. This
240 should work on any UNIX (thanks tridge :-). JRA.
243 saved_dir = vfs_GetWd(ctx,conn);
245 status = map_nt_error_from_unix(errno);
246 DEBUG(0,("change_dir_owner_to_parent: failed to get "
247 "current working directory. Error was %s\n",
252 /* Chdir into the new path. */
253 if (vfs_ChDir(conn, fname) == -1) {
254 status = map_nt_error_from_unix(errno);
255 DEBUG(0,("change_dir_owner_to_parent: failed to change "
256 "current working directory to %s. Error "
257 "was %s\n", fname, strerror(errno) ));
261 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
262 status = map_nt_error_from_unix(errno);
263 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
264 "directory '.' (%s) Error was %s\n",
265 fname, strerror(errno)));
269 /* Ensure we're pointing at the same place. */
270 if (sbuf.st_dev != psbuf->st_dev ||
271 sbuf.st_ino != psbuf->st_ino ||
272 sbuf.st_mode != psbuf->st_mode ) {
273 DEBUG(0,("change_dir_owner_to_parent: "
274 "device/inode/mode on directory %s changed. "
275 "Refusing to chown !\n", fname ));
276 status = NT_STATUS_ACCESS_DENIED;
281 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
284 status = map_nt_error_from_unix(errno);
285 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
286 "directory %s to parent directory uid %u. "
287 "Error was %s\n", fname,
288 (unsigned int)parent_st.st_uid, strerror(errno) ));
292 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
293 "directory %s to parent directory uid %u.\n",
294 fname, (unsigned int)parent_st.st_uid ));
298 vfs_ChDir(conn,saved_dir);
302 /****************************************************************************
304 ****************************************************************************/
306 static NTSTATUS open_file(files_struct *fsp,
307 connection_struct *conn,
308 struct smb_request *req,
309 const char *parent_dir,
312 SMB_STRUCT_STAT *psbuf,
315 uint32 access_mask, /* client requested access mask. */
316 uint32 open_access_mask) /* what we're actually using in the open. */
318 NTSTATUS status = NT_STATUS_OK;
319 int accmode = (flags & O_ACCMODE);
320 int local_flags = flags;
321 bool file_existed = VALID_STAT(*psbuf);
326 /* Check permissions */
329 * This code was changed after seeing a client open request
330 * containing the open mode of (DENY_WRITE/read-only) with
331 * the 'create if not exist' bit set. The previous code
332 * would fail to open the file read only on a read-only share
333 * as it was checking the flags parameter directly against O_RDONLY,
334 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
338 if (!CAN_WRITE(conn)) {
339 /* It's a read-only share - fail if we wanted to write. */
340 if(accmode != O_RDONLY) {
341 DEBUG(3,("Permission denied opening %s\n", path));
342 return NT_STATUS_ACCESS_DENIED;
343 } else if(flags & O_CREAT) {
344 /* We don't want to write - but we must make sure that
345 O_CREAT doesn't create the file if we have write
346 access into the directory.
349 local_flags &= ~O_CREAT;
354 * This little piece of insanity is inspired by the
355 * fact that an NT client can open a file for O_RDONLY,
356 * but set the create disposition to FILE_EXISTS_TRUNCATE.
357 * If the client *can* write to the file, then it expects to
358 * truncate the file, even though it is opening for readonly.
359 * Quicken uses this stupid trick in backup file creation...
360 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
361 * for helping track this one down. It didn't bite us in 2.0.x
362 * as we always opened files read-write in that release. JRA.
365 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
366 DEBUG(10,("open_file: truncate requested on read-only open "
367 "for file %s\n", path));
368 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
371 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
372 (!file_existed && (local_flags & O_CREAT)) ||
373 ((local_flags & O_TRUNC) == O_TRUNC) ) {
377 * We can't actually truncate here as the file may be locked.
378 * open_file_ntcreate will take care of the truncate later. JRA.
381 local_flags &= ~O_TRUNC;
383 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
385 * We would block on opening a FIFO with no one else on the
386 * other end. Do what we used to do and add O_NONBLOCK to the
390 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
391 local_flags |= O_NONBLOCK;
395 /* Don't create files with Microsoft wildcard characters. */
398 * wildcard characters are allowed in stream names
399 * only test the basefilename
401 wild = fsp->base_fsp->fsp_name;
405 if ((local_flags & O_CREAT) && !file_existed &&
407 return NT_STATUS_OBJECT_NAME_INVALID;
410 /* Actually do the open */
411 status = fd_open(conn, path, fsp, local_flags, unx_mode);
412 if (!NT_STATUS_IS_OK(status)) {
413 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
415 path,nt_errstr(status),local_flags,flags));
419 if ((local_flags & O_CREAT) && !file_existed) {
421 /* Inherit the ACL if required */
422 if (lp_inherit_perms(SNUM(conn))) {
423 inherit_access_posix_acl(conn, parent_dir, path,
427 /* Change the owner if required. */
428 if (lp_inherit_owner(SNUM(conn))) {
429 change_file_owner_to_parent(conn, parent_dir,
433 notify_fname(conn, NOTIFY_ACTION_ADDED,
434 FILE_NOTIFY_CHANGE_FILE_NAME, path);
438 fsp->fh->fd = -1; /* What we used to call a stat open. */
440 uint32_t access_granted = 0;
442 status = check_open_rights(conn,
446 if (!NT_STATUS_IS_OK(status)) {
447 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
448 if ((access_mask & DELETE_ACCESS) &&
449 (access_granted == DELETE_ACCESS) &&
450 can_delete_file_in_directory(conn, path)) {
451 /* Were we trying to do a stat open
452 * for delete and didn't get DELETE
453 * access (only) ? Check if the
454 * directory allows DELETE_CHILD.
456 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
459 DEBUG(10,("open_file: overrode ACCESS_DENIED "
463 DEBUG(10, ("open_file: Access denied on "
468 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
470 S_ISLNK(psbuf->st_mode)) {
471 /* This is a POSIX stat open for delete
472 * or rename on a symlink that points
474 DEBUG(10, ("open_file: allowing POSIX open "
475 "on bad symlink %s\n",
478 DEBUG(10, ("open_file: check_open_rights "
479 "on file %s returned %s\n",
480 path, nt_errstr(status) ));
490 if (fsp->fh->fd == -1) {
491 ret = SMB_VFS_STAT(conn, path, psbuf);
493 ret = SMB_VFS_FSTAT(fsp, psbuf);
494 /* If we have an fd, this stat should succeed. */
496 DEBUG(0,("Error doing fstat on open file %s "
497 "(%s)\n", path,strerror(errno) ));
501 /* For a non-io open, this stat failing means file not found. JRA */
503 status = map_nt_error_from_unix(errno);
510 * POSIX allows read-only opens of directories. We don't
511 * want to do this (we use a different code path for this)
512 * so catch a directory open and return an EISDIR. JRA.
515 if(S_ISDIR(psbuf->st_mode)) {
518 return NT_STATUS_FILE_IS_A_DIRECTORY;
521 fsp->mode = psbuf->st_mode;
522 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
523 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
524 fsp->file_pid = req ? req->smbpid : 0;
525 fsp->can_lock = True;
526 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
527 if (!CAN_WRITE(conn)) {
528 fsp->can_write = False;
530 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
533 fsp->print_file = False;
534 fsp->modified = False;
535 fsp->sent_oplock_break = NO_BREAK_SENT;
536 fsp->is_directory = False;
537 if (conn->aio_write_behind_list &&
538 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
539 fsp->aio_write_behind = True;
542 string_set(&fsp->fsp_name, path);
543 fsp->wcp = NULL; /* Write cache pointer. */
545 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
546 conn->server_info->unix_name,
548 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
549 conn->num_files_open));
555 /*******************************************************************
556 Return True if the filename is one of the special executable types.
557 ********************************************************************/
559 bool is_executable(const char *fname)
561 if ((fname = strrchr_m(fname,'.'))) {
562 if (strequal(fname,".com") ||
563 strequal(fname,".dll") ||
564 strequal(fname,".exe") ||
565 strequal(fname,".sym")) {
572 /****************************************************************************
573 Check if we can open a file with a share mode.
574 Returns True if conflict, False if not.
575 ****************************************************************************/
577 static bool share_conflict(struct share_mode_entry *entry,
581 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
582 "entry->share_access = 0x%x, "
583 "entry->private_options = 0x%x\n",
584 (unsigned int)entry->access_mask,
585 (unsigned int)entry->share_access,
586 (unsigned int)entry->private_options));
588 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
589 (unsigned int)access_mask, (unsigned int)share_access));
591 if ((entry->access_mask & (FILE_WRITE_DATA|
595 DELETE_ACCESS)) == 0) {
596 DEBUG(10,("share_conflict: No conflict due to "
597 "entry->access_mask = 0x%x\n",
598 (unsigned int)entry->access_mask ));
602 if ((access_mask & (FILE_WRITE_DATA|
606 DELETE_ACCESS)) == 0) {
607 DEBUG(10,("share_conflict: No conflict due to "
608 "access_mask = 0x%x\n",
609 (unsigned int)access_mask ));
613 #if 1 /* JRA TEST - Superdebug. */
614 #define CHECK_MASK(num, am, right, sa, share) \
615 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
616 (unsigned int)(num), (unsigned int)(am), \
617 (unsigned int)(right), (unsigned int)(am)&(right) )); \
618 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
619 (unsigned int)(num), (unsigned int)(sa), \
620 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
621 if (((am) & (right)) && !((sa) & (share))) { \
622 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
623 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
624 (unsigned int)(share) )); \
628 #define CHECK_MASK(num, am, right, sa, share) \
629 if (((am) & (right)) && !((sa) & (share))) { \
630 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
631 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
632 (unsigned int)(share) )); \
637 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
638 share_access, FILE_SHARE_WRITE);
639 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
640 entry->share_access, FILE_SHARE_WRITE);
642 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
643 share_access, FILE_SHARE_READ);
644 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
645 entry->share_access, FILE_SHARE_READ);
647 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
648 share_access, FILE_SHARE_DELETE);
649 CHECK_MASK(6, access_mask, DELETE_ACCESS,
650 entry->share_access, FILE_SHARE_DELETE);
652 DEBUG(10,("share_conflict: No conflict.\n"));
656 #if defined(DEVELOPER)
657 static void validate_my_share_entries(int num,
658 struct share_mode_entry *share_entry)
662 if (!procid_is_me(&share_entry->pid)) {
666 if (is_deferred_open_entry(share_entry) &&
667 !open_was_deferred(share_entry->op_mid)) {
668 char *str = talloc_asprintf(talloc_tos(),
669 "Got a deferred entry without a request: "
671 share_mode_str(talloc_tos(), num, share_entry));
675 if (!is_valid_share_mode_entry(share_entry)) {
679 fsp = file_find_dif(share_entry->id,
680 share_entry->share_file_id);
682 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
683 share_mode_str(talloc_tos(), num, share_entry) ));
684 smb_panic("validate_my_share_entries: Cannot match a "
685 "share entry with an open file\n");
688 if (is_deferred_open_entry(share_entry) ||
689 is_unused_share_mode_entry(share_entry)) {
693 if ((share_entry->op_type == NO_OPLOCK) &&
694 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
695 /* Someone has already written to it, but I haven't yet
700 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
709 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
710 share_mode_str(talloc_tos(), num, share_entry) ));
711 str = talloc_asprintf(talloc_tos(),
712 "validate_my_share_entries: "
713 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
714 fsp->fsp_name, (unsigned int)fsp->oplock_type,
715 (unsigned int)share_entry->op_type );
721 bool is_stat_open(uint32 access_mask)
723 return (access_mask &&
724 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
725 FILE_WRITE_ATTRIBUTES))==0) &&
726 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
727 FILE_WRITE_ATTRIBUTES)) != 0));
730 /****************************************************************************
731 Deal with share modes
732 Invarient: Share mode must be locked on entry and exit.
733 Returns -1 on error, or number of share modes on success (may be zero).
734 ****************************************************************************/
736 static NTSTATUS open_mode_check(connection_struct *conn,
738 struct share_mode_lock *lck,
741 uint32 create_options,
746 if(lck->num_share_modes == 0) {
750 *file_existed = True;
752 /* A delete on close prohibits everything */
754 if (lck->delete_on_close) {
755 return NT_STATUS_DELETE_PENDING;
758 if (is_stat_open(access_mask)) {
759 /* Stat open that doesn't trigger oplock breaks or share mode
760 * checks... ! JRA. */
765 * Check if the share modes will give us access.
768 #if defined(DEVELOPER)
769 for(i = 0; i < lck->num_share_modes; i++) {
770 validate_my_share_entries(i, &lck->share_modes[i]);
774 if (!lp_share_modes(SNUM(conn))) {
778 /* Now we check the share modes, after any oplock breaks. */
779 for(i = 0; i < lck->num_share_modes; i++) {
781 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
785 /* someone else has a share lock on it, check to see if we can
787 if (share_conflict(&lck->share_modes[i],
788 access_mask, share_access)) {
789 return NT_STATUS_SHARING_VIOLATION;
796 static bool is_delete_request(files_struct *fsp) {
797 return ((fsp->access_mask == DELETE_ACCESS) &&
798 (fsp->oplock_type == NO_OPLOCK));
802 * Send a break message to the oplock holder and delay the open for
806 static NTSTATUS send_break_message(files_struct *fsp,
807 struct share_mode_entry *exclusive,
812 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
814 DEBUG(10, ("Sending break request to PID %s\n",
815 procid_str_static(&exclusive->pid)));
816 exclusive->op_mid = mid;
818 /* Create the message. */
819 share_mode_entry_to_message(msg, exclusive);
821 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
822 don't want this set in the share mode struct pointed to by lck. */
824 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
825 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
828 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
829 MSG_SMB_BREAK_REQUEST,
831 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
832 if (!NT_STATUS_IS_OK(status)) {
833 DEBUG(3, ("Could not send oplock break message: %s\n",
841 * 1) No files open at all or internal open: Grant whatever the client wants.
843 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
844 * request, break if the oplock around is a batch oplock. If it's another
845 * requested access type, break.
847 * 3) Only level2 around: Grant level2 and do nothing else.
850 static bool delay_for_oplocks(struct share_mode_lock *lck,
857 struct share_mode_entry *exclusive = NULL;
858 bool valid_entry = false;
859 bool have_level2 = false;
860 bool have_a_none_oplock = false;
861 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
862 lp_level2_oplocks(SNUM(fsp->conn));
864 if (oplock_request & INTERNAL_OPEN_ONLY) {
865 fsp->oplock_type = NO_OPLOCK;
868 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
872 for (i=0; i<lck->num_share_modes; i++) {
874 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
878 /* At least one entry is not an invalid or deferred entry. */
881 if (pass_number == 1) {
882 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
883 SMB_ASSERT(exclusive == NULL);
884 exclusive = &lck->share_modes[i];
887 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
888 SMB_ASSERT(exclusive == NULL);
889 exclusive = &lck->share_modes[i];
893 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
894 SMB_ASSERT(exclusive == NULL);
898 if (lck->share_modes[i].op_type == NO_OPLOCK) {
899 have_a_none_oplock = true;
903 if (exclusive != NULL) { /* Found an exclusive oplock */
904 bool delay_it = is_delete_request(fsp) ?
905 BATCH_OPLOCK_TYPE(exclusive->op_type) : true;
906 SMB_ASSERT(!have_level2);
908 send_break_message(fsp, exclusive, mid, oplock_request);
914 * Match what was requested (fsp->oplock_type) with
915 * what was found in the existing share modes.
919 /* All entries are placeholders or deferred.
920 * Directly grant whatever the client wants. */
921 if (fsp->oplock_type == NO_OPLOCK) {
922 /* Store a level2 oplock, but don't tell the client */
923 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
925 } else if (have_a_none_oplock) {
926 fsp->oplock_type = NO_OPLOCK;
927 } else if (have_level2) {
928 if (fsp->oplock_type == NO_OPLOCK ||
929 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
930 /* Store a level2 oplock, but don't tell the client */
931 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
933 fsp->oplock_type = LEVEL_II_OPLOCK;
936 /* This case can never happen. */
941 * Don't grant level2 to clients that don't want them
942 * or if we've turned them off.
944 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
945 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
948 DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n",
949 fsp->oplock_type, fsp->fsp_name));
955 bool request_timed_out(struct timeval request_time,
956 struct timeval timeout)
958 struct timeval now, end_time;
960 end_time = timeval_sum(&request_time, &timeout);
961 return (timeval_compare(&end_time, &now) < 0);
964 /****************************************************************************
965 Handle the 1 second delay in returning a SHARING_VIOLATION error.
966 ****************************************************************************/
968 static void defer_open(struct share_mode_lock *lck,
969 struct timeval request_time,
970 struct timeval timeout,
971 struct smb_request *req,
972 struct deferred_open_record *state)
978 for (i=0; i<lck->num_share_modes; i++) {
979 struct share_mode_entry *e = &lck->share_modes[i];
981 if (!is_deferred_open_entry(e)) {
985 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
986 DEBUG(0, ("Trying to defer an already deferred "
987 "request: mid=%d, exiting\n", req->mid));
988 exit_server("attempt to defer a deferred request");
992 /* End paranoia check */
994 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
995 "open entry for mid %u\n",
996 (unsigned int)request_time.tv_sec,
997 (unsigned int)request_time.tv_usec,
998 (unsigned int)req->mid));
1000 if (!push_deferred_smb_message(req, request_time, timeout,
1001 (char *)state, sizeof(*state))) {
1002 exit_server("push_deferred_smb_message failed");
1004 add_deferred_open(lck, req->mid, request_time, state->id);
1007 * Push the MID of this packet on the signing queue.
1008 * We only do this once, the first time we push the packet
1009 * onto the deferred open queue, as this has a side effect
1010 * of incrementing the response sequence number.
1013 srv_defer_sign_response(req->mid);
1017 /****************************************************************************
1018 On overwrite open ensure that the attributes match.
1019 ****************************************************************************/
1021 bool open_match_attributes(connection_struct *conn,
1023 uint32 old_dos_attr,
1024 uint32 new_dos_attr,
1025 mode_t existing_unx_mode,
1026 mode_t new_unx_mode,
1027 mode_t *returned_unx_mode)
1029 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1031 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1032 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1034 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1035 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1036 *returned_unx_mode = new_unx_mode;
1038 *returned_unx_mode = (mode_t)0;
1041 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
1042 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1043 "returned_unx_mode = 0%o\n",
1045 (unsigned int)old_dos_attr,
1046 (unsigned int)existing_unx_mode,
1047 (unsigned int)new_dos_attr,
1048 (unsigned int)*returned_unx_mode ));
1050 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1051 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1052 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1053 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1057 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1058 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1059 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1066 /****************************************************************************
1067 Special FCB or DOS processing in the case of a sharing violation.
1068 Try and find a duplicated file handle.
1069 ****************************************************************************/
1071 NTSTATUS fcb_or_dos_open(struct smb_request *req,
1072 connection_struct *conn,
1073 files_struct *fsp_to_dup_into,
1079 uint32 share_access,
1080 uint32 create_options)
1084 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1085 "file %s.\n", fname ));
1087 for(fsp = file_find_di_first(id); fsp;
1088 fsp = file_find_di_next(fsp)) {
1090 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1091 "vuid = %u, file_pid = %u, private_options = 0x%x "
1092 "access_mask = 0x%x\n", fsp->fsp_name,
1093 fsp->fh->fd, (unsigned int)fsp->vuid,
1094 (unsigned int)fsp->file_pid,
1095 (unsigned int)fsp->fh->private_options,
1096 (unsigned int)fsp->access_mask ));
1098 if (fsp->fh->fd != -1 &&
1099 fsp->vuid == vuid &&
1100 fsp->file_pid == file_pid &&
1101 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1102 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1103 (fsp->access_mask & FILE_WRITE_DATA) &&
1104 strequal(fsp->fsp_name, fname)) {
1105 DEBUG(10,("fcb_or_dos_open: file match\n"));
1111 return NT_STATUS_NOT_FOUND;
1114 /* quite an insane set of semantics ... */
1115 if (is_executable(fname) &&
1116 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1117 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1118 return NT_STATUS_INVALID_PARAMETER;
1121 /* We need to duplicate this fsp. */
1122 dup_file_fsp(req, fsp, access_mask, share_access,
1123 create_options, fsp_to_dup_into);
1125 return NT_STATUS_OK;
1128 /****************************************************************************
1129 Open a file with a share mode - old openX method - map into NTCreate.
1130 ****************************************************************************/
1132 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
1133 uint32 *paccess_mask,
1134 uint32 *pshare_mode,
1135 uint32 *pcreate_disposition,
1136 uint32 *pcreate_options)
1140 uint32 create_disposition;
1141 uint32 create_options = FILE_NON_DIRECTORY_FILE;
1143 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1144 "open_func = 0x%x\n",
1145 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
1147 /* Create the NT compatible access_mask. */
1148 switch (GET_OPENX_MODE(deny_mode)) {
1149 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1150 case DOS_OPEN_RDONLY:
1151 access_mask = FILE_GENERIC_READ;
1153 case DOS_OPEN_WRONLY:
1154 access_mask = FILE_GENERIC_WRITE;
1158 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1161 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1162 (unsigned int)GET_OPENX_MODE(deny_mode)));
1166 /* Create the NT compatible create_disposition. */
1167 switch (open_func) {
1168 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1169 create_disposition = FILE_CREATE;
1172 case OPENX_FILE_EXISTS_OPEN:
1173 create_disposition = FILE_OPEN;
1176 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1177 create_disposition = FILE_OPEN_IF;
1180 case OPENX_FILE_EXISTS_TRUNCATE:
1181 create_disposition = FILE_OVERWRITE;
1184 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1185 create_disposition = FILE_OVERWRITE_IF;
1189 /* From samba4 - to be confirmed. */
1190 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1191 create_disposition = FILE_CREATE;
1194 DEBUG(10,("map_open_params_to_ntcreate: bad "
1195 "open_func 0x%x\n", (unsigned int)open_func));
1199 /* Create the NT compatible share modes. */
1200 switch (GET_DENY_MODE(deny_mode)) {
1202 share_mode = FILE_SHARE_NONE;
1206 share_mode = FILE_SHARE_READ;
1210 share_mode = FILE_SHARE_WRITE;
1214 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1218 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1219 if (is_executable(fname)) {
1220 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1222 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1223 share_mode = FILE_SHARE_READ;
1225 share_mode = FILE_SHARE_NONE;
1231 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1232 share_mode = FILE_SHARE_NONE;
1236 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1237 (unsigned int)GET_DENY_MODE(deny_mode) ));
1241 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1242 "share_mode = 0x%x, create_disposition = 0x%x, "
1243 "create_options = 0x%x\n",
1245 (unsigned int)access_mask,
1246 (unsigned int)share_mode,
1247 (unsigned int)create_disposition,
1248 (unsigned int)create_options ));
1251 *paccess_mask = access_mask;
1254 *pshare_mode = share_mode;
1256 if (pcreate_disposition) {
1257 *pcreate_disposition = create_disposition;
1259 if (pcreate_options) {
1260 *pcreate_options = create_options;
1267 static void schedule_defer_open(struct share_mode_lock *lck,
1268 struct timeval request_time,
1269 struct smb_request *req)
1271 struct deferred_open_record state;
1273 /* This is a relative time, added to the absolute
1274 request_time value to get the absolute timeout time.
1275 Note that if this is the second or greater time we enter
1276 this codepath for this particular request mid then
1277 request_time is left as the absolute time of the *first*
1278 time this request mid was processed. This is what allows
1279 the request to eventually time out. */
1281 struct timeval timeout;
1283 /* Normally the smbd we asked should respond within
1284 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1285 * the client did, give twice the timeout as a safety
1286 * measure here in case the other smbd is stuck
1287 * somewhere else. */
1289 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1291 /* Nothing actually uses state.delayed_for_oplocks
1292 but it's handy to differentiate in debug messages
1293 between a 30 second delay due to oplock break, and
1294 a 1 second delay for share mode conflicts. */
1296 state.delayed_for_oplocks = True;
1299 if (!request_timed_out(request_time, timeout)) {
1300 defer_open(lck, request_time, timeout, req, &state);
1304 /****************************************************************************
1305 Work out what access_mask to use from what the client sent us.
1306 ****************************************************************************/
1308 static NTSTATUS calculate_access_mask(connection_struct *conn,
1311 uint32_t access_mask,
1312 uint32_t *access_mask_out)
1317 * Convert GENERIC bits to specific bits.
1320 se_map_generic(&access_mask, &file_generic_mapping);
1322 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1323 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1326 struct security_descriptor *sd;
1327 uint32_t access_granted = 0;
1329 status = SMB_VFS_GET_NT_ACL(conn, fname,
1330 (OWNER_SECURITY_INFORMATION |
1331 GROUP_SECURITY_INFORMATION |
1332 DACL_SECURITY_INFORMATION),&sd);
1334 if (!NT_STATUS_IS_OK(status)) {
1335 DEBUG(10, ("calculate_access_mask: Could not get acl "
1338 nt_errstr(status)));
1339 return NT_STATUS_ACCESS_DENIED;
1342 status = smb1_file_se_access_check(sd,
1343 conn->server_info->ptok,
1349 if (!NT_STATUS_IS_OK(status)) {
1350 DEBUG(10, ("calculate_access_mask: Access denied on "
1351 "file %s: when calculating maximum access\n",
1353 return NT_STATUS_ACCESS_DENIED;
1356 access_mask = access_granted;
1358 access_mask = FILE_GENERIC_ALL;
1362 *access_mask_out = access_mask;
1363 return NT_STATUS_OK;
1366 /****************************************************************************
1367 Open a file with a share mode. Passed in an already created files_struct *.
1368 ****************************************************************************/
1370 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1371 struct smb_request *req,
1373 SMB_STRUCT_STAT *psbuf,
1374 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1375 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1376 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1377 uint32 create_options, /* options such as delete on close. */
1378 uint32 new_dos_attributes, /* attributes used for new file. */
1379 int oplock_request, /* internal Samba oplock codes. */
1380 /* Information (FILE_EXISTS etc.) */
1386 bool file_existed = VALID_STAT(*psbuf);
1387 bool def_acl = False;
1388 bool posix_open = False;
1389 bool new_file_created = False;
1390 bool clear_ads = false;
1392 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1393 mode_t new_unx_mode = (mode_t)0;
1394 mode_t unx_mode = (mode_t)0;
1396 uint32 existing_dos_attributes = 0;
1397 struct pending_message_list *pml = NULL;
1398 struct timeval request_time = timeval_zero();
1399 struct share_mode_lock *lck = NULL;
1400 uint32 open_access_mask = access_mask;
1404 const char *newname;
1408 if (conn->printer) {
1410 * Printers are handled completely differently.
1411 * Most of the passed parameters are ignored.
1415 *pinfo = FILE_WAS_CREATED;
1418 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1420 return print_fsp_open(req, conn, fname, req->vuid, fsp, psbuf);
1423 if (!parent_dirname(talloc_tos(), fname, &parent_dir, &newname)) {
1424 return NT_STATUS_NO_MEMORY;
1427 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1429 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1430 new_dos_attributes = 0;
1432 /* We add aARCH to this as this mode is only used if the file is
1434 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1438 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1439 "access_mask=0x%x share_access=0x%x "
1440 "create_disposition = 0x%x create_options=0x%x "
1441 "unix mode=0%o oplock_request=%d\n",
1442 fname, new_dos_attributes, access_mask, share_access,
1443 create_disposition, create_options, (unsigned int)unx_mode,
1446 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1447 DEBUG(0, ("No smb request but not an internal only open!\n"));
1448 return NT_STATUS_INTERNAL_ERROR;
1452 * Only non-internal opens can be deferred at all
1456 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1457 struct deferred_open_record *state =
1458 (struct deferred_open_record *)pml->private_data.data;
1460 /* Remember the absolute time of the original
1461 request with this mid. We'll use it later to
1462 see if this has timed out. */
1464 request_time = pml->request_time;
1466 /* Remove the deferred open entry under lock. */
1467 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1470 DEBUG(0, ("could not get share mode lock\n"));
1472 del_deferred_open_entry(lck, req->mid);
1476 /* Ensure we don't reprocess this message. */
1477 remove_deferred_open_smb_message(req->mid);
1480 status = check_name(conn, fname);
1481 if (!NT_STATUS_IS_OK(status)) {
1486 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1488 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1492 /* ignore any oplock requests if oplocks are disabled */
1493 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1494 IS_VETO_OPLOCK_PATH(conn, fname)) {
1495 /* Mask off everything except the private Samba bits. */
1496 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1499 /* this is for OS/2 long file names - say we don't support them */
1500 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1501 /* OS/2 Workplace shell fix may be main code stream in a later
1503 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1505 if (use_nt_status()) {
1506 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1508 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1511 switch( create_disposition ) {
1513 * Currently we're using FILE_SUPERSEDE as the same as
1514 * FILE_OVERWRITE_IF but they really are
1515 * different. FILE_SUPERSEDE deletes an existing file
1516 * (requiring delete access) then recreates it.
1518 case FILE_SUPERSEDE:
1519 /* If file exists replace/overwrite. If file doesn't
1521 flags2 |= (O_CREAT | O_TRUNC);
1525 case FILE_OVERWRITE_IF:
1526 /* If file exists replace/overwrite. If file doesn't
1528 flags2 |= (O_CREAT | O_TRUNC);
1533 /* If file exists open. If file doesn't exist error. */
1534 if (!file_existed) {
1535 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1536 "requested for file %s and file "
1537 "doesn't exist.\n", fname ));
1539 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1543 case FILE_OVERWRITE:
1544 /* If file exists overwrite. If file doesn't exist
1546 if (!file_existed) {
1547 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1548 "requested for file %s and file "
1549 "doesn't exist.\n", fname ));
1551 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1558 /* If file exists error. If file doesn't exist
1561 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1562 "requested for file %s and file "
1563 "already exists.\n", fname ));
1564 if (S_ISDIR(psbuf->st_mode)) {
1569 return map_nt_error_from_unix(errno);
1571 flags2 |= (O_CREAT|O_EXCL);
1575 /* If file exists open. If file doesn't exist
1581 return NT_STATUS_INVALID_PARAMETER;
1584 /* We only care about matching attributes on file exists and
1587 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1588 (create_disposition == FILE_OVERWRITE_IF))) {
1589 if (!open_match_attributes(conn, fname,
1590 existing_dos_attributes,
1591 new_dos_attributes, psbuf->st_mode,
1592 unx_mode, &new_unx_mode)) {
1593 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1594 "for file %s (%x %x) (0%o, 0%o)\n",
1595 fname, existing_dos_attributes,
1597 (unsigned int)psbuf->st_mode,
1598 (unsigned int)unx_mode ));
1600 return NT_STATUS_ACCESS_DENIED;
1604 status = calculate_access_mask(conn, fname, file_existed,
1607 if (!NT_STATUS_IS_OK(status)) {
1608 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1609 "on file %s returned %s\n",
1611 nt_errstr(status)));
1615 open_access_mask = access_mask;
1617 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1618 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1621 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1622 "access_mask=0x%x\n", fname, access_mask ));
1625 * Note that we ignore the append flag as append does not
1626 * mean the same thing under DOS and Unix.
1629 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1630 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1631 /* DENY_DOS opens are always underlying read-write on the
1632 file handle, no matter what the requested access mask
1634 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1635 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1645 * Currently we only look at FILE_WRITE_THROUGH for create options.
1649 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1654 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1658 if (!posix_open && !CAN_WRITE(conn)) {
1660 * We should really return a permission denied error if either
1661 * O_CREAT or O_TRUNC are set, but for compatibility with
1662 * older versions of Samba we just AND them out.
1664 flags2 &= ~(O_CREAT|O_TRUNC);
1668 * Ensure we can't write on a read-only share or file.
1671 if (flags != O_RDONLY && file_existed &&
1672 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1673 DEBUG(5,("open_file_ntcreate: write access requested for "
1674 "file %s on read only %s\n",
1675 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1677 return NT_STATUS_ACCESS_DENIED;
1680 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1681 fsp->share_access = share_access;
1682 fsp->fh->private_options = create_options;
1683 fsp->access_mask = open_access_mask; /* We change this to the
1684 * requested access_mask after
1685 * the open is done. */
1686 fsp->posix_open = posix_open;
1688 /* Ensure no SAMBA_PRIVATE bits can be set. */
1689 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1691 if (timeval_is_zero(&request_time)) {
1692 request_time = fsp->open_time;
1696 struct timespec old_write_time = get_mtimespec(psbuf);
1697 id = vfs_file_id_from_sbuf(conn, psbuf);
1699 lck = get_share_mode_lock(talloc_tos(), id,
1701 fname, &old_write_time);
1704 DEBUG(0, ("Could not get share mode lock\n"));
1705 return NT_STATUS_SHARING_VIOLATION;
1708 /* First pass - send break only on batch oplocks. */
1710 && delay_for_oplocks(lck, fsp, req->mid, 1,
1712 schedule_defer_open(lck, request_time, req);
1714 return NT_STATUS_SHARING_VIOLATION;
1717 /* Use the client requested access mask here, not the one we
1719 status = open_mode_check(conn, fname, lck,
1720 access_mask, share_access,
1721 create_options, &file_existed);
1723 if (NT_STATUS_IS_OK(status)) {
1724 /* We might be going to allow this open. Check oplock
1726 /* Second pass - send break for both batch or
1727 * exclusive oplocks. */
1729 && delay_for_oplocks(lck, fsp, req->mid, 2,
1731 schedule_defer_open(lck, request_time, req);
1733 return NT_STATUS_SHARING_VIOLATION;
1737 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1738 /* DELETE_PENDING is not deferred for a second */
1743 if (!NT_STATUS_IS_OK(status)) {
1744 uint32 can_access_mask;
1745 bool can_access = True;
1747 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1749 /* Check if this can be done with the deny_dos and fcb
1751 if (create_options &
1752 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1753 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1755 DEBUG(0, ("DOS open without an SMB "
1758 return NT_STATUS_INTERNAL_ERROR;
1761 /* Use the client requested access mask here,
1762 * not the one we open with. */
1763 status = fcb_or_dos_open(req,
1774 if (NT_STATUS_IS_OK(status)) {
1777 *pinfo = FILE_WAS_OPENED;
1779 return NT_STATUS_OK;
1784 * This next line is a subtlety we need for
1785 * MS-Access. If a file open will fail due to share
1786 * permissions and also for security (access) reasons,
1787 * we need to return the access failed error, not the
1788 * share error. We can't open the file due to kernel
1789 * oplock deadlock (it's possible we failed above on
1790 * the open_mode_check()) so use a userspace check.
1793 if (flags & O_RDWR) {
1794 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1795 } else if (flags & O_WRONLY) {
1796 can_access_mask = FILE_WRITE_DATA;
1798 can_access_mask = FILE_READ_DATA;
1801 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1802 !can_access_file_data(conn,fname,psbuf,can_access_mask)) {
1807 * If we're returning a share violation, ensure we
1808 * cope with the braindead 1 second delay.
1811 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1812 lp_defer_sharing_violations()) {
1813 struct timeval timeout;
1814 struct deferred_open_record state;
1817 /* this is a hack to speed up torture tests
1819 timeout_usecs = lp_parm_int(SNUM(conn),
1820 "smbd","sharedelay",
1821 SHARING_VIOLATION_USEC_WAIT);
1823 /* This is a relative time, added to the absolute
1824 request_time value to get the absolute timeout time.
1825 Note that if this is the second or greater time we enter
1826 this codepath for this particular request mid then
1827 request_time is left as the absolute time of the *first*
1828 time this request mid was processed. This is what allows
1829 the request to eventually time out. */
1831 timeout = timeval_set(0, timeout_usecs);
1833 /* Nothing actually uses state.delayed_for_oplocks
1834 but it's handy to differentiate in debug messages
1835 between a 30 second delay due to oplock break, and
1836 a 1 second delay for share mode conflicts. */
1838 state.delayed_for_oplocks = False;
1842 && !request_timed_out(request_time,
1844 defer_open(lck, request_time, timeout,
1852 * We have detected a sharing violation here
1853 * so return the correct error code
1855 status = NT_STATUS_SHARING_VIOLATION;
1857 status = NT_STATUS_ACCESS_DENIED;
1863 * We exit this block with the share entry *locked*.....
1867 SMB_ASSERT(!file_existed || (lck != NULL));
1870 * Ensure we pay attention to default ACLs on directories if required.
1873 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1874 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1878 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1879 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1880 (unsigned int)flags, (unsigned int)flags2,
1881 (unsigned int)unx_mode, (unsigned int)access_mask,
1882 (unsigned int)open_access_mask));
1885 * open_file strips any O_TRUNC flags itself.
1888 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1889 flags|flags2, unx_mode, access_mask,
1892 if (!NT_STATUS_IS_OK(fsp_open)) {
1899 if (!file_existed) {
1900 struct timespec old_write_time = get_mtimespec(psbuf);
1902 * Deal with the race condition where two smbd's detect the
1903 * file doesn't exist and do the create at the same time. One
1904 * of them will win and set a share mode, the other (ie. this
1905 * one) should check if the requested share mode for this
1906 * create is allowed.
1910 * Now the file exists and fsp is successfully opened,
1911 * fsp->dev and fsp->inode are valid and should replace the
1912 * dev=0,inode=0 from a non existent file. Spotted by
1913 * Nadav Danieli <nadavd@exanet.com>. JRA.
1918 lck = get_share_mode_lock(talloc_tos(), id,
1920 fname, &old_write_time);
1923 DEBUG(0, ("open_file_ntcreate: Could not get share "
1924 "mode lock for %s\n", fname));
1926 return NT_STATUS_SHARING_VIOLATION;
1929 /* First pass - send break only on batch oplocks. */
1931 && delay_for_oplocks(lck, fsp, req->mid, 1,
1933 schedule_defer_open(lck, request_time, req);
1936 return NT_STATUS_SHARING_VIOLATION;
1939 status = open_mode_check(conn, fname, lck,
1940 access_mask, share_access,
1941 create_options, &file_existed);
1943 if (NT_STATUS_IS_OK(status)) {
1944 /* We might be going to allow this open. Check oplock
1946 /* Second pass - send break for both batch or
1947 * exclusive oplocks. */
1949 && delay_for_oplocks(lck, fsp, req->mid, 2,
1951 schedule_defer_open(lck, request_time, req);
1954 return NT_STATUS_SHARING_VIOLATION;
1958 if (!NT_STATUS_IS_OK(status)) {
1959 struct deferred_open_record state;
1963 state.delayed_for_oplocks = False;
1966 /* Do it all over again immediately. In the second
1967 * round we will find that the file existed and handle
1968 * the DELETE_PENDING and FCB cases correctly. No need
1969 * to duplicate the code here. Essentially this is a
1970 * "goto top of this function", but don't tell
1974 defer_open(lck, request_time, timeval_zero(),
1982 * We exit this block with the share entry *locked*.....
1987 SMB_ASSERT(lck != NULL);
1989 /* Delete streams if create_disposition requires it */
1990 if (file_existed && clear_ads && !is_ntfs_stream_name(fname)) {
1991 status = delete_all_streams(conn, fname);
1992 if (!NT_STATUS_IS_OK(status)) {
1999 /* note that we ignore failure for the following. It is
2000 basically a hack for NFS, and NFS will never set one of
2001 these only read them. Nobody but Samba can ever set a deny
2002 mode and we have already checked our more authoritative
2003 locking database for permission to set this deny mode. If
2004 the kernel refuses the operations then the kernel is wrong.
2005 note that GPFS supports it as well - jmcd */
2007 if (fsp->fh->fd != -1) {
2008 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
2009 if(ret_flock == -1 ){
2014 return NT_STATUS_SHARING_VIOLATION;
2019 * At this point onwards, we can guarentee that the share entry
2020 * is locked, whether we created the file or not, and that the
2021 * deny mode is compatible with all current opens.
2025 * If requested, truncate the file.
2028 if (flags2&O_TRUNC) {
2030 * We are modifing the file after open - update the stat
2033 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2034 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
2035 status = map_nt_error_from_unix(errno);
2042 /* Record the options we were opened with. */
2043 fsp->share_access = share_access;
2044 fsp->fh->private_options = create_options;
2046 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2048 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2051 /* stat opens on existing files don't get oplocks. */
2052 if (is_stat_open(open_access_mask)) {
2053 fsp->oplock_type = NO_OPLOCK;
2056 if (!(flags2 & O_TRUNC)) {
2057 info = FILE_WAS_OPENED;
2059 info = FILE_WAS_OVERWRITTEN;
2062 info = FILE_WAS_CREATED;
2070 * Setup the oplock info in both the shared memory and
2074 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2075 /* Could not get the kernel oplock */
2076 fsp->oplock_type = NO_OPLOCK;
2079 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2080 new_file_created = True;
2083 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
2086 /* Handle strange delete on close create semantics. */
2087 if (create_options & FILE_DELETE_ON_CLOSE) {
2089 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
2091 if (!NT_STATUS_IS_OK(status)) {
2092 /* Remember to delete the mode we just added. */
2093 del_share_mode(lck, fsp);
2098 /* Note that here we set the *inital* delete on close flag,
2099 not the regular one. The magic gets handled in close. */
2100 fsp->initial_delete_on_close = True;
2103 if (new_file_created) {
2104 /* Files should be initially set as archive */
2105 if (lp_map_archive(SNUM(conn)) ||
2106 lp_store_dos_attributes(SNUM(conn))) {
2108 SMB_STRUCT_STAT tmp_sbuf;
2109 SET_STAT_INVALID(tmp_sbuf);
2110 if (file_set_dosmode(
2112 new_dos_attributes | aARCH,
2113 &tmp_sbuf, parent_dir,
2115 unx_mode = tmp_sbuf.st_mode;
2122 * Take care of inherited ACLs on created files - if default ACL not
2126 if (!posix_open && !file_existed && !def_acl) {
2128 int saved_errno = errno; /* We might get ENOSYS in the next
2131 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2133 errno = saved_errno; /* Ignore ENOSYS */
2136 } else if (new_unx_mode) {
2140 /* Attributes need changing. File already existed. */
2143 int saved_errno = errno; /* We might get ENOSYS in the
2145 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2147 if (ret == -1 && errno == ENOSYS) {
2148 errno = saved_errno; /* Ignore ENOSYS */
2150 DEBUG(5, ("open_file_ntcreate: reset "
2151 "attributes of file %s to 0%o\n",
2152 fname, (unsigned int)new_unx_mode));
2153 ret = 0; /* Don't do the fchmod below. */
2158 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2159 DEBUG(5, ("open_file_ntcreate: failed to reset "
2160 "attributes of file %s to 0%o\n",
2161 fname, (unsigned int)new_unx_mode));
2164 /* If this is a successful open, we must remove any deferred open
2167 del_deferred_open_entry(lck, req->mid);
2171 return NT_STATUS_OK;
2175 /****************************************************************************
2176 Open a file for for write to ensure that we can fchmod it.
2177 ****************************************************************************/
2179 NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn,
2181 SMB_STRUCT_STAT *psbuf, files_struct **result)
2183 files_struct *fsp = NULL;
2186 if (!VALID_STAT(*psbuf)) {
2187 return NT_STATUS_INVALID_PARAMETER;
2190 status = file_new(req, conn, &fsp);
2191 if(!NT_STATUS_IS_OK(status)) {
2195 status = SMB_VFS_CREATE_FILE(
2198 0, /* root_dir_fid */
2200 0, /* create_file_flags */
2201 FILE_WRITE_DATA, /* access_mask */
2202 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2204 FILE_OPEN, /* create_disposition*/
2205 0, /* create_options */
2206 0, /* file_attributes */
2207 0, /* oplock_request */
2208 0, /* allocation_size */
2216 * This is not a user visible file open.
2217 * Don't set a share mode.
2220 if (!NT_STATUS_IS_OK(status)) {
2221 file_free(req, fsp);
2226 return NT_STATUS_OK;
2229 /****************************************************************************
2230 Close the fchmod file fd - ensure no locks are lost.
2231 ****************************************************************************/
2233 NTSTATUS close_file_fchmod(struct smb_request *req, files_struct *fsp)
2235 NTSTATUS status = fd_close(fsp);
2236 file_free(req, fsp);
2240 static NTSTATUS mkdir_internal(connection_struct *conn,
2242 uint32 file_attributes,
2243 SMB_STRUCT_STAT *psbuf)
2247 const char *dirname;
2249 bool posix_open = false;
2251 if(!CAN_WRITE(conn)) {
2252 DEBUG(5,("mkdir_internal: failing create on read-only share "
2253 "%s\n", lp_servicename(SNUM(conn))));
2254 return NT_STATUS_ACCESS_DENIED;
2257 status = check_name(conn, name);
2258 if (!NT_STATUS_IS_OK(status)) {
2262 if (!parent_dirname(talloc_tos(), name, &parent_dir, &dirname)) {
2263 return NT_STATUS_NO_MEMORY;
2266 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2268 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2270 mode = unix_mode(conn, aDIR, name, parent_dir);
2273 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2274 return map_nt_error_from_unix(errno);
2277 /* Ensure we're checking for a symlink here.... */
2278 /* We don't want to get caught by a symlink racer. */
2280 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2281 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2282 name, strerror(errno)));
2283 return map_nt_error_from_unix(errno);
2286 if (!S_ISDIR(psbuf->st_mode)) {
2287 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2289 return NT_STATUS_ACCESS_DENIED;
2292 if (lp_store_dos_attributes(SNUM(conn))) {
2294 file_set_dosmode(conn, name,
2295 file_attributes | aDIR, NULL,
2301 if (lp_inherit_perms(SNUM(conn))) {
2302 inherit_access_posix_acl(conn, parent_dir, name, mode);
2305 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2307 * Check if high bits should have been set,
2308 * then (if bits are missing): add them.
2309 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2312 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2313 SMB_VFS_CHMOD(conn, name,
2314 psbuf->st_mode | (mode & ~psbuf->st_mode));
2318 /* Change the owner if required. */
2319 if (lp_inherit_owner(SNUM(conn))) {
2320 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2323 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2326 return NT_STATUS_OK;
2329 /****************************************************************************
2330 Open a directory from an NT SMB call.
2331 ****************************************************************************/
2333 static NTSTATUS open_directory(connection_struct *conn,
2334 struct smb_request *req,
2336 SMB_STRUCT_STAT *psbuf,
2338 uint32 share_access,
2339 uint32 create_disposition,
2340 uint32 create_options,
2341 uint32 file_attributes,
2343 files_struct **result)
2345 files_struct *fsp = NULL;
2346 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2347 struct share_mode_lock *lck = NULL;
2349 struct timespec mtimespec;
2352 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2353 "share_access = 0x%x create_options = 0x%x, "
2354 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2356 (unsigned int)access_mask,
2357 (unsigned int)share_access,
2358 (unsigned int)create_options,
2359 (unsigned int)create_disposition,
2360 (unsigned int)file_attributes));
2362 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2363 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2364 is_ntfs_stream_name(fname)) {
2365 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2366 return NT_STATUS_NOT_A_DIRECTORY;
2369 status = calculate_access_mask(conn, fname, dir_existed,
2372 if (!NT_STATUS_IS_OK(status)) {
2373 DEBUG(10, ("open_directory: calculate_access_mask "
2374 "on file %s returned %s\n",
2376 nt_errstr(status)));
2380 switch( create_disposition ) {
2383 info = FILE_WAS_OPENED;
2386 * We want to follow symlinks here.
2389 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2390 return map_nt_error_from_unix(errno);
2397 /* If directory exists error. If directory doesn't
2400 status = mkdir_internal(conn,
2405 if (!NT_STATUS_IS_OK(status)) {
2406 DEBUG(2, ("open_directory: unable to create "
2407 "%s. Error was %s\n", fname,
2408 nt_errstr(status)));
2412 info = FILE_WAS_CREATED;
2417 * If directory exists open. If directory doesn't
2421 status = mkdir_internal(conn,
2426 if (NT_STATUS_IS_OK(status)) {
2427 info = FILE_WAS_CREATED;
2430 if (NT_STATUS_EQUAL(status,
2431 NT_STATUS_OBJECT_NAME_COLLISION)) {
2432 info = FILE_WAS_OPENED;
2433 status = NT_STATUS_OK;
2438 case FILE_SUPERSEDE:
2439 case FILE_OVERWRITE:
2440 case FILE_OVERWRITE_IF:
2442 DEBUG(5,("open_directory: invalid create_disposition "
2443 "0x%x for directory %s\n",
2444 (unsigned int)create_disposition, fname));
2445 return NT_STATUS_INVALID_PARAMETER;
2448 if(!S_ISDIR(psbuf->st_mode)) {
2449 DEBUG(5,("open_directory: %s is not a directory !\n",
2451 return NT_STATUS_NOT_A_DIRECTORY;
2454 if (info == FILE_WAS_OPENED) {
2455 uint32_t access_granted = 0;
2456 status = check_open_rights(conn,
2461 /* Were we trying to do a directory open
2462 * for delete and didn't get DELETE
2463 * access (only) ? Check if the
2464 * directory allows DELETE_CHILD.
2466 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
2469 if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
2470 (access_mask & DELETE_ACCESS) &&
2471 (access_granted == DELETE_ACCESS) &&
2472 can_delete_file_in_directory(conn, fname))) {
2473 DEBUG(10,("open_directory: overrode ACCESS_DENIED "
2474 "on directory %s\n",
2476 status = NT_STATUS_OK;
2479 if (!NT_STATUS_IS_OK(status)) {
2480 DEBUG(10, ("open_directory: check_open_rights on "
2481 "file %s failed with %s\n",
2483 nt_errstr(status)));
2488 status = file_new(req, conn, &fsp);
2489 if(!NT_STATUS_IS_OK(status)) {
2494 * Setup the files_struct for it.
2497 fsp->mode = psbuf->st_mode;
2498 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2499 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2500 fsp->file_pid = req ? req->smbpid : 0;
2501 fsp->can_lock = False;
2502 fsp->can_read = False;
2503 fsp->can_write = False;
2505 fsp->share_access = share_access;
2506 fsp->fh->private_options = create_options;
2508 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2510 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2511 fsp->print_file = False;
2512 fsp->modified = False;
2513 fsp->oplock_type = NO_OPLOCK;
2514 fsp->sent_oplock_break = NO_BREAK_SENT;
2515 fsp->is_directory = True;
2516 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2518 string_set(&fsp->fsp_name,fname);
2520 mtimespec = get_mtimespec(psbuf);
2522 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2527 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2528 file_free(req, fsp);
2529 return NT_STATUS_SHARING_VIOLATION;
2532 status = open_mode_check(conn, fname, lck,
2533 access_mask, share_access,
2534 create_options, &dir_existed);
2536 if (!NT_STATUS_IS_OK(status)) {
2538 file_free(req, fsp);
2542 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
2544 /* For directories the delete on close bit at open time seems
2545 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2546 if (create_options & FILE_DELETE_ON_CLOSE) {
2547 status = can_set_delete_on_close(fsp, True, 0);
2548 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2550 file_free(req, fsp);
2554 if (NT_STATUS_IS_OK(status)) {
2555 /* Note that here we set the *inital* delete on close flag,
2556 not the regular one. The magic gets handled in close. */
2557 fsp->initial_delete_on_close = True;
2568 return NT_STATUS_OK;
2571 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2574 SMB_STRUCT_STAT sbuf;
2577 SET_STAT_INVALID(sbuf);
2579 status = SMB_VFS_CREATE_FILE(
2582 0, /* root_dir_fid */
2583 directory, /* fname */
2584 0, /* create_file_flags */
2585 FILE_READ_ATTRIBUTES, /* access_mask */
2586 FILE_SHARE_NONE, /* share_access */
2587 FILE_CREATE, /* create_disposition*/
2588 FILE_DIRECTORY_FILE, /* create_options */
2589 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
2590 0, /* oplock_request */
2591 0, /* allocation_size */
2598 if (NT_STATUS_IS_OK(status)) {
2599 close_file(req, fsp, NORMAL_CLOSE);
2605 /****************************************************************************
2606 Receive notification that one of our open files has been renamed by another
2608 ****************************************************************************/
2610 void msg_file_was_renamed(struct messaging_context *msg,
2613 struct server_id server_id,
2617 char *frm = (char *)data->data;
2619 const char *sharepath;
2620 const char *newname;
2623 if (data->data == NULL
2624 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2625 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2626 (int)data->length));
2630 /* Unpack the message. */
2631 pull_file_id_24(frm, &id);
2632 sharepath = &frm[24];
2633 newname = sharepath + strlen(sharepath) + 1;
2634 sp_len = strlen(sharepath);
2636 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2638 sharepath, newname, file_id_string_tos(&id)));
2640 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2641 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2642 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2643 fsp->fnum, fsp->fsp_name, newname ));
2644 string_set(&fsp->fsp_name, newname);
2647 /* Now we have the complete path we can work out if this is
2648 actually within this share and adjust newname accordingly. */
2649 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2650 "not sharepath %s) "
2651 "fnum %d from %s -> %s\n",
2652 fsp->conn->connectpath,
2661 struct case_semantics_state {
2662 connection_struct *conn;
2663 bool case_sensitive;
2665 bool short_case_preserve;
2668 /****************************************************************************
2669 Restore case semantics.
2670 ****************************************************************************/
2671 static int restore_case_semantics(struct case_semantics_state *state)
2673 state->conn->case_sensitive = state->case_sensitive;
2674 state->conn->case_preserve = state->case_preserve;
2675 state->conn->short_case_preserve = state->short_case_preserve;
2679 /****************************************************************************
2680 Save case semantics.
2681 ****************************************************************************/
2682 struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2683 connection_struct *conn)
2685 struct case_semantics_state *result;
2687 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2688 DEBUG(0, ("talloc failed\n"));
2692 result->conn = conn;
2693 result->case_sensitive = conn->case_sensitive;
2694 result->case_preserve = conn->case_preserve;
2695 result->short_case_preserve = conn->short_case_preserve;
2698 conn->case_sensitive = True;
2699 conn->case_preserve = True;
2700 conn->short_case_preserve = True;
2702 talloc_set_destructor(result, restore_case_semantics);
2708 * If a main file is opened for delete, all streams need to be checked for
2709 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2710 * If that works, delete them all by setting the delete on close and close.
2713 static NTSTATUS open_streams_for_delete(connection_struct *conn,
2716 struct stream_struct *stream_info;
2717 files_struct **streams;
2719 unsigned int num_streams;
2720 TALLOC_CTX *frame = talloc_stackframe();
2723 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2724 &num_streams, &stream_info);
2726 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2727 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2728 DEBUG(10, ("no streams around\n"));
2730 return NT_STATUS_OK;
2733 if (!NT_STATUS_IS_OK(status)) {
2734 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2735 nt_errstr(status)));
2739 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2742 if (num_streams == 0) {
2744 return NT_STATUS_OK;
2747 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2748 if (streams == NULL) {
2749 DEBUG(0, ("talloc failed\n"));
2750 status = NT_STATUS_NO_MEMORY;
2754 for (i=0; i<num_streams; i++) {
2757 if (strequal(stream_info[i].name, "::$DATA")) {
2762 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2763 stream_info[i].name);
2765 if (streamname == NULL) {
2766 DEBUG(0, ("talloc_aprintf failed\n"));
2767 status = NT_STATUS_NO_MEMORY;
2771 status = create_file_unixpath
2774 streamname, /* fname */
2775 DELETE_ACCESS, /* access_mask */
2776 FILE_SHARE_READ | FILE_SHARE_WRITE
2777 | FILE_SHARE_DELETE, /* share_access */
2778 FILE_OPEN, /* create_disposition*/
2779 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2780 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2781 0, /* oplock_request */
2782 0, /* allocation_size */
2785 &streams[i], /* result */
2789 TALLOC_FREE(streamname);
2791 if (!NT_STATUS_IS_OK(status)) {
2792 DEBUG(10, ("Could not open stream %s: %s\n",
2793 streamname, nt_errstr(status)));
2799 * don't touch the variable "status" beyond this point :-)
2802 for (i -= 1 ; i >= 0; i--) {
2803 if (streams[i] == NULL) {
2807 DEBUG(10, ("Closing stream # %d, %s\n", i,
2808 streams[i]->fsp_name));
2809 close_file(NULL, streams[i], NORMAL_CLOSE);
2818 * Wrapper around open_file_ntcreate and open_directory
2821 static NTSTATUS create_file_unixpath(connection_struct *conn,
2822 struct smb_request *req,
2824 uint32_t access_mask,
2825 uint32_t share_access,
2826 uint32_t create_disposition,
2827 uint32_t create_options,
2828 uint32_t file_attributes,
2829 uint32_t oplock_request,
2830 uint64_t allocation_size,
2831 struct security_descriptor *sd,
2832 struct ea_list *ea_list,
2834 files_struct **result,
2836 SMB_STRUCT_STAT *psbuf)
2838 SMB_STRUCT_STAT sbuf;
2839 int info = FILE_WAS_OPENED;
2840 files_struct *base_fsp = NULL;
2841 files_struct *fsp = NULL;
2844 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2845 "file_attributes = 0x%x, share_access = 0x%x, "
2846 "create_disposition = 0x%x create_options = 0x%x "
2847 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2849 (unsigned int)access_mask,
2850 (unsigned int)file_attributes,
2851 (unsigned int)share_access,
2852 (unsigned int)create_disposition,
2853 (unsigned int)create_options,
2854 (unsigned int)oplock_request,
2855 ea_list, sd, fname));
2857 if (create_options & FILE_OPEN_BY_FILE_ID) {
2858 status = NT_STATUS_NOT_SUPPORTED;
2862 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2863 status = NT_STATUS_INVALID_PARAMETER;
2868 oplock_request |= INTERNAL_OPEN_ONLY;
2871 if (psbuf != NULL) {
2875 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2876 SET_STAT_INVALID(sbuf);
2880 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2881 && (access_mask & DELETE_ACCESS)
2882 && !is_ntfs_stream_name(fname)) {
2884 * We can't open a file with DELETE access if any of the
2885 * streams is open without FILE_SHARE_DELETE
2887 status = open_streams_for_delete(conn, fname);
2889 if (!NT_STATUS_IS_OK(status)) {
2894 /* This is the correct thing to do (check every time) but can_delete
2895 * is expensive (it may have to read the parent directory
2896 * permissions). So for now we're not doing it unless we have a strong
2897 * hint the client is really going to delete this file. If the client
2898 * is forcing FILE_CREATE let the filesystem take care of the
2901 /* Setting FILE_SHARE_DELETE is the hint. */
2903 if (lp_acl_check_permissions(SNUM(conn))
2904 && (create_disposition != FILE_CREATE)
2905 && (share_access & FILE_SHARE_DELETE)
2906 && (access_mask & DELETE_ACCESS)
2907 && (!(can_delete_file_in_directory(conn, fname) ||
2908 can_access_file_acl(conn, fname, DELETE_ACCESS)))) {
2909 status = NT_STATUS_ACCESS_DENIED;
2910 DEBUG(10,("create_file_unixpath: open file %s "
2911 "for delete ACCESS_DENIED\n", fname ));
2916 /* We need to support SeSecurityPrivilege for this. */
2917 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2918 !user_has_privileges(current_user.nt_user_token,
2920 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2925 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2926 && is_ntfs_stream_name(fname)
2927 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2929 uint32 base_create_disposition;
2931 if (create_options & FILE_DIRECTORY_FILE) {
2932 status = NT_STATUS_NOT_A_DIRECTORY;
2936 status = split_ntfs_stream_name(talloc_tos(), fname,
2938 if (!NT_STATUS_IS_OK(status)) {
2939 DEBUG(10, ("create_file_unixpath: "
2940 "split_ntfs_stream_name failed: %s\n",
2941 nt_errstr(status)));
2945 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2947 switch (create_disposition) {
2949 base_create_disposition = FILE_OPEN;
2952 base_create_disposition = FILE_OPEN_IF;
2956 status = create_file_unixpath(conn, NULL, base, 0,
2959 | FILE_SHARE_DELETE,
2960 base_create_disposition,
2961 0, 0, 0, 0, NULL, NULL,
2962 &base_fsp, NULL, NULL);
2963 if (!NT_STATUS_IS_OK(status)) {
2964 DEBUG(10, ("create_file_unixpath for base %s failed: "
2965 "%s\n", base, nt_errstr(status)));
2968 /* we don't need to low level fd */
2973 * If it's a request for a directory open, deal with it separately.
2976 if (create_options & FILE_DIRECTORY_FILE) {
2978 if (create_options & FILE_NON_DIRECTORY_FILE) {
2979 status = NT_STATUS_INVALID_PARAMETER;
2983 /* Can't open a temp directory. IFS kit test. */
2984 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2985 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
2986 status = NT_STATUS_INVALID_PARAMETER;
2991 * We will get a create directory here if the Win32
2992 * app specified a security descriptor in the
2993 * CreateDirectory() call.
2997 status = open_directory(
2998 conn, req, fname, &sbuf, access_mask, share_access,
2999 create_disposition, create_options, file_attributes,
3004 * Ordinary file case.
3007 status = file_new(req, conn, &fsp);
3008 if(!NT_STATUS_IS_OK(status)) {
3013 * We're opening the stream element of a base_fsp
3014 * we already opened. Set up the base_fsp pointer.
3017 fsp->base_fsp = base_fsp;
3020 status = open_file_ntcreate(conn,
3033 if(!NT_STATUS_IS_OK(status)) {
3034 file_free(req, fsp);
3038 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3040 /* A stream open never opens a directory */
3043 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3048 * Fail the open if it was explicitly a non-directory
3052 if (create_options & FILE_NON_DIRECTORY_FILE) {
3053 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3058 status = open_directory(
3059 conn, req, fname, &sbuf, access_mask,
3060 share_access, create_disposition,
3061 create_options, file_attributes,
3066 if (!NT_STATUS_IS_OK(status)) {
3070 fsp->base_fsp = base_fsp;
3073 * According to the MS documentation, the only time the security
3074 * descriptor is applied to the opened file is iff we *created* the
3075 * file; an existing file stays the same.
3077 * Also, it seems (from observation) that you can open the file with
3078 * any access mask but you can still write the sd. We need to override
3079 * the granted access before we call set_sd
3080 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3083 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3084 && lp_nt_acl_support(SNUM(conn))) {
3086 uint32_t sec_info_sent;
3087 uint32_t saved_access_mask = fsp->access_mask;
3089 sec_info_sent = get_sec_info(sd);
3091 fsp->access_mask = FILE_GENERIC_ALL;
3093 /* Convert all the generic bits. */
3094 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3095 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3097 if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
3098 GROUP_SECURITY_INFORMATION|
3099 DACL_SECURITY_INFORMATION|
3100 SACL_SECURITY_INFORMATION)) {
3101 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3104 fsp->access_mask = saved_access_mask;
3106 if (!NT_STATUS_IS_OK(status)) {
3111 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
3112 status = set_ea(conn, fsp, fname, ea_list);
3113 if (!NT_STATUS_IS_OK(status)) {
3118 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
3119 status = NT_STATUS_ACCESS_DENIED;
3123 /* Save the requested allocation size. */
3124 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3126 && (allocation_size > sbuf.st_size)) {
3127 fsp->initial_allocation_size = smb_roundup(
3128 fsp->conn, allocation_size);
3129 if (fsp->is_directory) {
3130 /* Can't set allocation size on a directory. */
3131 status = NT_STATUS_ACCESS_DENIED;
3134 if (vfs_allocate_file_space(
3135 fsp, fsp->initial_allocation_size) == -1) {
3136 status = NT_STATUS_DISK_FULL;
3140 fsp->initial_allocation_size = smb_roundup(
3141 fsp->conn, (uint64_t)sbuf.st_size);
3145 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3148 if (pinfo != NULL) {
3151 if (psbuf != NULL) {
3152 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
3156 SMB_VFS_FSTAT(fsp, psbuf);
3159 return NT_STATUS_OK;
3162 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3165 if (base_fsp && fsp->base_fsp == base_fsp) {
3167 * The close_file below will close
3172 close_file(req, fsp, ERROR_CLOSE);
3175 if (base_fsp != NULL) {
3176 close_file(req, base_fsp, ERROR_CLOSE);
3183 * Calculate the full path name given a relative fid.
3185 NTSTATUS get_relative_fid_filename(connection_struct *conn,
3186 struct smb_request *req,
3187 uint16_t root_dir_fid,
3188 const char *fname, char **new_fname)
3190 files_struct *dir_fsp;
3191 char *parent_fname = NULL;
3193 if (root_dir_fid == 0 || !fname || !new_fname) {
3194 return NT_STATUS_INTERNAL_ERROR;
3197 dir_fsp = file_fsp(req, root_dir_fid);
3199 if (dir_fsp == NULL) {
3200 return NT_STATUS_INVALID_HANDLE;
3203 if (!dir_fsp->is_directory) {
3206 * Check to see if this is a mac fork of some kind.
3209 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3210 is_ntfs_stream_name(fname)) {
3211 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
3215 we need to handle the case when we get a
3216 relative open relative to a file and the
3217 pathname is blank - this is a reopen!
3218 (hint from demyn plantenberg)
3221 return NT_STATUS_INVALID_HANDLE;
3224 if (ISDOT(dir_fsp->fsp_name)) {
3226 * We're at the toplevel dir, the final file name
3227 * must not contain ./, as this is filtered out
3228 * normally by srvstr_get_path and unix_convert
3229 * explicitly rejects paths containing ./.
3231 parent_fname = talloc_strdup(talloc_tos(), "");
3232 if (parent_fname == NULL) {
3233 return NT_STATUS_NO_MEMORY;
3236 size_t dir_name_len = strlen(dir_fsp->fsp_name);
3239 * Copy in the base directory name.
3242 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3244 if (parent_fname == NULL) {
3245 return NT_STATUS_NO_MEMORY;
3247 memcpy(parent_fname, dir_fsp->fsp_name,
3251 * Ensure it ends in a '/'.
3252 * We used TALLOC_SIZE +2 to add space for the '/'.
3256 && (parent_fname[dir_name_len-1] != '\\')
3257 && (parent_fname[dir_name_len-1] != '/')) {
3258 parent_fname[dir_name_len] = '/';
3259 parent_fname[dir_name_len+1] = '\0';
3263 *new_fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3265 if (*new_fname == NULL) {
3266 return NT_STATUS_NO_MEMORY;
3269 return NT_STATUS_OK;
3272 NTSTATUS create_file_default(connection_struct *conn,
3273 struct smb_request *req,
3274 uint16_t root_dir_fid,
3276 uint32_t create_file_flags,
3277 uint32_t access_mask,
3278 uint32_t share_access,
3279 uint32_t create_disposition,
3280 uint32_t create_options,
3281 uint32_t file_attributes,
3282 uint32_t oplock_request,
3283 uint64_t allocation_size,
3284 struct security_descriptor *sd,
3285 struct ea_list *ea_list,
3287 files_struct **result,
3289 SMB_STRUCT_STAT *psbuf)
3291 struct case_semantics_state *case_state = NULL;
3292 SMB_STRUCT_STAT sbuf;
3293 int info = FILE_WAS_OPENED;
3294 files_struct *fsp = NULL;
3297 DEBUG(10,("create_file: access_mask = 0x%x "
3298 "file_attributes = 0x%x, share_access = 0x%x, "
3299 "create_disposition = 0x%x create_options = 0x%x "
3300 "oplock_request = 0x%x "
3301 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3302 "create_file_flags = 0x%x, fname = %s\n",
3303 (unsigned int)access_mask,
3304 (unsigned int)file_attributes,
3305 (unsigned int)share_access,
3306 (unsigned int)create_disposition,
3307 (unsigned int)create_options,
3308 (unsigned int)oplock_request,
3309 (unsigned int)root_dir_fid,
3310 ea_list, sd, create_file_flags, fname));
3313 * Calculate the filename from the root_dir_if if necessary.
3316 if (root_dir_fid != 0) {
3319 status = get_relative_fid_filename(conn, req, root_dir_fid,
3321 if (!NT_STATUS_IS_OK(status)) {
3329 * Check to see if this is a mac fork of some kind.
3332 if (is_ntfs_stream_name(fname)) {
3333 enum FAKE_FILE_TYPE fake_file_type;
3335 fake_file_type = is_fake_file(fname);
3337 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3340 * Here we go! support for changing the disk quotas
3343 * We need to fake up to open this MAGIC QUOTA file
3344 * and return a valid FID.
3346 * w2k close this file directly after openening xp
3347 * also tries a QUERY_FILE_INFO on the file and then
3350 status = open_fake_file(req, conn, req->vuid,
3351 fake_file_type, fname,
3353 if (!NT_STATUS_IS_OK(status)) {
3361 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3362 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3367 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3368 char *resolved_fname;
3370 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3373 if (!NT_STATUS_IS_OK(status)) {
3375 * For PATH_NOT_COVERED we had
3376 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3377 * ERRSRV, ERRbadpath);
3378 * Need to fix in callers
3382 fname = resolved_fname;
3386 * Check if POSIX semantics are wanted.
3389 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3390 case_state = set_posix_case_semantics(talloc_tos(), conn);
3393 if (create_file_flags & CFF_DOS_PATH) {
3394 char *converted_fname;
3396 SET_STAT_INVALID(sbuf);
3398 status = unix_convert(talloc_tos(), conn, fname, False,
3399 &converted_fname, NULL, &sbuf);
3400 if (!NT_STATUS_IS_OK(status)) {
3403 fname = converted_fname;
3405 if (psbuf != NULL) {
3408 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
3409 SET_STAT_INVALID(sbuf);
3415 TALLOC_FREE(case_state);
3417 /* All file access must go through check_name() */
3419 status = check_name(conn, fname);
3420 if (!NT_STATUS_IS_OK(status)) {
3424 status = create_file_unixpath(
3425 conn, req, fname, access_mask, share_access,
3426 create_disposition, create_options, file_attributes,
3427 oplock_request, allocation_size, sd, ea_list,
3428 &fsp, &info, &sbuf);
3430 if (!NT_STATUS_IS_OK(status)) {
3435 DEBUG(10, ("create_file: info=%d\n", info));
3438 if (pinfo != NULL) {
3441 if (psbuf != NULL) {
3444 return NT_STATUS_OK;
3447 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3450 close_file(req, fsp, ERROR_CLOSE);