#include "includes.h"
#include "system/filesys.h"
#include "librpc/gen_ndr/ndr_xattr.h"
+#include "librpc/gen_ndr/ioctl.h"
#include "../libcli/security/security.h"
#include "smbd/smbd.h"
#include "lib/param/loadparm.h"
+static NTSTATUS get_file_handle_for_metadata(connection_struct *conn,
+ const struct smb_filename *smb_fname,
+ files_struct **ret_fsp,
+ bool *need_close);
+
+static void dos_mode_debug_print(const char *func, uint32_t mode)
+{
+ fstring modestr;
+
+ if (DEBUGLEVEL < DBGLVL_INFO) {
+ return;
+ }
+
+ modestr[0] = '\0';
+
+ if (mode & FILE_ATTRIBUTE_HIDDEN) {
+ fstrcat(modestr, "h");
+ }
+ if (mode & FILE_ATTRIBUTE_READONLY) {
+ fstrcat(modestr, "r");
+ }
+ if (mode & FILE_ATTRIBUTE_SYSTEM) {
+ fstrcat(modestr, "s");
+ }
+ if (mode & FILE_ATTRIBUTE_DIRECTORY) {
+ fstrcat(modestr, "d");
+ }
+ if (mode & FILE_ATTRIBUTE_ARCHIVE) {
+ fstrcat(modestr, "a");
+ }
+ if (mode & FILE_ATTRIBUTE_SPARSE) {
+ fstrcat(modestr, "[sparse]");
+ }
+ if (mode & FILE_ATTRIBUTE_OFFLINE) {
+ fstrcat(modestr, "[offline]");
+ }
+ if (mode & FILE_ATTRIBUTE_COMPRESSED) {
+ fstrcat(modestr, "[compressed]");
+ }
+
+ DBG_INFO("%s returning (0x%x): \"%s\"\n", func, (unsigned)mode,
+ modestr);
+}
+
static uint32_t filter_mode_by_protocol(uint32_t mode)
{
if (get_Protocol() <= PROTOCOL_LANMAN2) {
result &= ~(S_IWUSR | S_IWGRP | S_IWOTH);
}
- if ((inherit_from_dir != NULL) && lp_inherit_perms(SNUM(conn))) {
+ if ((inherit_from_dir != NULL) && lp_inherit_permissions(SNUM(conn))) {
struct smb_filename *smb_fname_parent;
DEBUG(2, ("unix_mode(%s) inheriting from %s\n",
smb_fname_str_dbg(smb_fname),
inherit_from_dir));
- smb_fname_parent = synthetic_smb_fname(
- talloc_tos(), inherit_from_dir, NULL, NULL);
+ smb_fname_parent = synthetic_smb_fname(talloc_tos(),
+ inherit_from_dir,
+ NULL,
+ NULL,
+ smb_fname->flags);
if (smb_fname_parent == NULL) {
DEBUG(1,("unix_mode(%s) failed, [dir %s]: No memory\n",
smb_fname_str_dbg(smb_fname),
result |= (S_IXUSR | S_IXGRP | S_IXOTH);
/* Apply directory mask */
- result &= lp_dir_mask(SNUM(conn));
+ result &= lp_directory_mask(SNUM(conn));
/* Add in force bits */
- result |= lp_force_dir_mode(SNUM(conn));
+ result |= lp_force_directory_mode(SNUM(conn));
}
} else {
if (lp_map_archive(SNUM(conn)) && IS_DOS_ARCHIVE(dosmode))
}
}
- DEBUG(3,("unix_mode(%s) returning 0%o\n", smb_fname_str_dbg(smb_fname),
- (int)result));
+ DBG_INFO("unix_mode(%s) returning 0%o\n",
+ smb_fname_str_dbg(smb_fname), (int)result);
+
return(result);
}
Change a unix mode to a dos mode.
****************************************************************************/
-static uint32 dos_mode_from_sbuf(connection_struct *conn,
+static uint32_t dos_mode_from_sbuf(connection_struct *conn,
const struct smb_filename *smb_fname)
{
int result = 0;
result |= set_link_read_only_flag(&smb_fname->st);
- DEBUG(8,("dos_mode_from_sbuf returning "));
+ dos_mode_debug_print(__func__, result);
- if (result & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
- if (result & FILE_ATTRIBUTE_READONLY ) DEBUG(8, ("r"));
- if (result & FILE_ATTRIBUTE_SYSTEM) DEBUG(8, ("s"));
- if (result & FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, ("d"));
- if (result & FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, ("a"));
-
- DEBUG(8,("\n"));
return result;
}
This can also pull the create time into the stat struct inside smb_fname.
****************************************************************************/
-static bool get_ea_dos_attribute(connection_struct *conn,
- struct smb_filename *smb_fname,
- uint32 *pattr)
+NTSTATUS parse_dos_attribute_blob(struct smb_filename *smb_fname,
+ DATA_BLOB blob,
+ uint32_t *pattr)
{
struct xattr_DOSATTRIB dosattrib;
enum ndr_err_code ndr_err;
+ uint32_t dosattr;
+
+ ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &dosattrib,
+ (ndr_pull_flags_fn_t)ndr_pull_xattr_DOSATTRIB);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DBG_WARNING("bad ndr decode "
+ "from EA on file %s: Error = %s\n",
+ smb_fname_str_dbg(smb_fname),
+ ndr_errstr(ndr_err));
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ DBG_DEBUG("%s attr = %s\n",
+ smb_fname_str_dbg(smb_fname), dosattrib.attrib_hex);
+
+ switch (dosattrib.version) {
+ case 0xFFFF:
+ dosattr = dosattrib.info.compatinfoFFFF.attrib;
+ break;
+ case 1:
+ dosattr = dosattrib.info.info1.attrib;
+ if (!null_nttime(dosattrib.info.info1.create_time)) {
+ struct timespec create_time =
+ nt_time_to_unix_timespec(
+ dosattrib.info.info1.create_time);
+
+ update_stat_ex_create_time(&smb_fname->st,
+ create_time);
+
+ DBG_DEBUG("file %s case 1 set btime %s\n",
+ smb_fname_str_dbg(smb_fname),
+ time_to_asc(convert_timespec_to_time_t(
+ create_time)));
+ }
+ break;
+ case 2:
+ dosattr = dosattrib.info.oldinfo2.attrib;
+ /* Don't know what flags to check for this case. */
+ break;
+ case 3:
+ dosattr = dosattrib.info.info3.attrib;
+ if ((dosattrib.info.info3.valid_flags & XATTR_DOSINFO_CREATE_TIME) &&
+ !null_nttime(dosattrib.info.info3.create_time)) {
+ struct timespec create_time =
+ nt_time_to_unix_timespec(
+ dosattrib.info.info3.create_time);
+
+ update_stat_ex_create_time(&smb_fname->st,
+ create_time);
+
+ DBG_DEBUG("file %s case 3 set btime %s\n",
+ smb_fname_str_dbg(smb_fname),
+ time_to_asc(convert_timespec_to_time_t(
+ create_time)));
+ }
+ break;
+ default:
+ DBG_WARNING("Badly formed DOSATTRIB on file %s - %s\n",
+ smb_fname_str_dbg(smb_fname), blob.data);
+ /* Should this be INTERNAL_ERROR? */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (S_ISDIR(smb_fname->st.st_ex_mode)) {
+ dosattr |= FILE_ATTRIBUTE_DIRECTORY;
+ }
+
+ /* FILE_ATTRIBUTE_SPARSE is valid on get but not on set. */
+ *pattr |= (uint32_t)(dosattr & (SAMBA_ATTRIBUTES_MASK|FILE_ATTRIBUTE_SPARSE));
+
+ dos_mode_debug_print(__func__, *pattr);
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS get_ea_dos_attribute(connection_struct *conn,
+ struct smb_filename *smb_fname,
+ uint32_t *pattr)
+{
DATA_BLOB blob;
ssize_t sizeret;
fstring attrstr;
- uint32_t dosattr;
+ NTSTATUS status;
if (!lp_store_dos_attributes(SNUM(conn))) {
- return False;
+ return NT_STATUS_NOT_IMPLEMENTED;
}
/* Don't reset pattr to zero as we may already have filename-based attributes we
need to preserve. */
- sizeret = SMB_VFS_GETXATTR(conn, smb_fname->base_name,
+ sizeret = SMB_VFS_GETXATTR(conn, smb_fname,
SAMBA_XATTR_DOS_ATTRIB, attrstr,
sizeof(attrstr));
- if (sizeret == -1) {
- if (errno == ENOSYS
-#if defined(ENOTSUP)
- || errno == ENOTSUP) {
-#else
- ) {
-#endif
- DEBUG(1,("get_ea_dos_attribute: Cannot get attribute "
- "from EA on file %s: Error = %s\n",
- smb_fname_str_dbg(smb_fname),
- strerror(errno)));
- set_store_dos_attributes(SNUM(conn), False);
- }
- return False;
- }
-
- blob.data = (uint8_t *)attrstr;
- blob.length = sizeret;
+ if (sizeret == -1 && errno == EACCES) {
+ int saved_errno = 0;
- ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &dosattrib,
- (ndr_pull_flags_fn_t)ndr_pull_xattr_DOSATTRIB);
+ /*
+ * According to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to
+ * an Existing File" FILE_LIST_DIRECTORY on a directory implies
+ * FILE_READ_ATTRIBUTES for directory entries. Being able to
+ * stat() a file implies FILE_LIST_DIRECTORY for the directory
+ * containing the file.
+ */
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DEBUG(1,("get_ea_dos_attribute: bad ndr decode "
- "from EA on file %s: Error = %s\n",
- smb_fname_str_dbg(smb_fname),
- ndr_errstr(ndr_err)));
- return false;
- }
+ if (!VALID_STAT(smb_fname->st)) {
+ /*
+ * Safety net: dos_mode() already checks this, but as we
+ * become root based on this, add an additional layer of
+ * defense.
+ */
+ DBG_ERR("Rejecting root override, invalid stat [%s]\n",
+ smb_fname_str_dbg(smb_fname));
+ return NT_STATUS_ACCESS_DENIED;
+ }
- DEBUG(10,("get_ea_dos_attribute: %s attr = %s\n",
- smb_fname_str_dbg(smb_fname), dosattrib.attrib_hex));
+ become_root();
+ sizeret = SMB_VFS_GETXATTR(conn, smb_fname,
+ SAMBA_XATTR_DOS_ATTRIB,
+ attrstr,
+ sizeof(attrstr));
+ if (sizeret == -1) {
+ saved_errno = errno;
+ }
+ unbecome_root();
- switch (dosattrib.version) {
- case 0xFFFF:
- dosattr = dosattrib.info.compatinfoFFFF.attrib;
- break;
- case 1:
- dosattr = dosattrib.info.info1.attrib;
- if (!null_nttime(dosattrib.info.info1.create_time)) {
- struct timespec create_time =
- nt_time_to_unix_timespec(
- &dosattrib.info.info1.create_time);
-
- update_stat_ex_create_time(&smb_fname->st,
- create_time);
-
- DEBUG(10,("get_ea_dos_attribute: file %s case 1 "
- "set btime %s\n",
- smb_fname_str_dbg(smb_fname),
- time_to_asc(convert_timespec_to_time_t(
- create_time)) ));
- }
- break;
- case 2:
- dosattr = dosattrib.info.oldinfo2.attrib;
- /* Don't know what flags to check for this case. */
- break;
- case 3:
- dosattr = dosattrib.info.info3.attrib;
- if ((dosattrib.info.info3.valid_flags & XATTR_DOSINFO_CREATE_TIME) &&
- !null_nttime(dosattrib.info.info3.create_time)) {
- struct timespec create_time =
- nt_time_to_unix_timespec(
- &dosattrib.info.info3.create_time);
-
- update_stat_ex_create_time(&smb_fname->st,
- create_time);
-
- DEBUG(10,("get_ea_dos_attribute: file %s case 3 "
- "set btime %s\n",
- smb_fname_str_dbg(smb_fname),
- time_to_asc(convert_timespec_to_time_t(
- create_time)) ));
- }
- break;
- default:
- DEBUG(1,("get_ea_dos_attribute: Badly formed DOSATTRIB on "
- "file %s - %s\n", smb_fname_str_dbg(smb_fname),
- attrstr));
- return false;
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
}
-
- if (S_ISDIR(smb_fname->st.st_ex_mode)) {
- dosattr |= FILE_ATTRIBUTE_DIRECTORY;
+ if (sizeret == -1) {
+ DBG_INFO("Cannot get attribute "
+ "from EA on file %s: Error = %s\n",
+ smb_fname_str_dbg(smb_fname), strerror(errno));
+ return map_nt_error_from_unix(errno);
}
- /* FILE_ATTRIBUTE_SPARSE is valid on get but not on set. */
- *pattr = (uint32)(dosattr & (SAMBA_ATTRIBUTES_MASK|FILE_ATTRIBUTE_SPARSE));
- DEBUG(8,("get_ea_dos_attribute returning (0x%x)", dosattr));
-
- if (dosattr & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
- if (dosattr & FILE_ATTRIBUTE_READONLY ) DEBUG(8, ("r"));
- if (dosattr & FILE_ATTRIBUTE_SYSTEM) DEBUG(8, ("s"));
- if (dosattr & FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, ("d"));
- if (dosattr & FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, ("a"));
+ blob.data = (uint8_t *)attrstr;
+ blob.length = sizeret;
- DEBUG(8,("\n"));
+ status = parse_dos_attribute_blob(smb_fname, blob, pattr);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- return True;
+ return NT_STATUS_OK;
}
/****************************************************************************
Also sets the create time.
****************************************************************************/
-static bool set_ea_dos_attribute(connection_struct *conn,
- struct smb_filename *smb_fname,
- uint32 dosmode)
+NTSTATUS set_ea_dos_attribute(connection_struct *conn,
+ const struct smb_filename *smb_fname,
+ uint32_t dosmode)
{
struct xattr_DOSATTRIB dosattrib;
enum ndr_err_code ndr_err;
DATA_BLOB blob;
+ int ret;
+
+ if (!lp_store_dos_attributes(SNUM(conn))) {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ /*
+ * Don't store FILE_ATTRIBUTE_OFFLINE, it's dealt with in
+ * vfs_default via DMAPI if that is enabled.
+ */
+ dosmode &= ~FILE_ATTRIBUTE_OFFLINE;
ZERO_STRUCT(dosattrib);
ZERO_STRUCT(blob);
dosattrib.info.info3.valid_flags = XATTR_DOSINFO_ATTRIB|
XATTR_DOSINFO_CREATE_TIME;
dosattrib.info.info3.attrib = dosmode;
- unix_timespec_to_nt_time(&dosattrib.info.info3.create_time,
+ dosattrib.info.info3.create_time = unix_timespec_to_nt_time(
smb_fname->st.st_ex_btime);
DEBUG(10,("set_ea_dos_attributes: set attribute 0x%x, btime = %s on file %s\n",
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(5, ("create_acl_blob: ndr_push_xattr_DOSATTRIB failed: %s\n",
ndr_errstr(ndr_err)));
- return false;
+ return ndr_map_error2ntstatus(ndr_err);
}
if (blob.data == NULL || blob.length == 0) {
- return false;
+ /* Should this be INTERNAL_ERROR? */
+ return NT_STATUS_INVALID_PARAMETER;
}
- if (SMB_VFS_SETXATTR(conn, smb_fname->base_name,
- SAMBA_XATTR_DOS_ATTRIB, blob.data, blob.length,
- 0) == -1) {
- bool ret = false;
+ ret = SMB_VFS_SETXATTR(conn, smb_fname,
+ SAMBA_XATTR_DOS_ATTRIB,
+ blob.data, blob.length, 0);
+ if (ret != 0) {
+ NTSTATUS status = NT_STATUS_OK;
+ bool need_close = false;
files_struct *fsp = NULL;
+ bool set_dosmode_ok = false;
- if((errno != EPERM) && (errno != EACCES)) {
- if (errno == ENOSYS
-#if defined(ENOTSUP)
- || errno == ENOTSUP) {
-#else
- ) {
-#endif
- DEBUG(1,("set_ea_dos_attributes: Cannot set "
- "attribute EA on file %s: Error = %s\n",
- smb_fname_str_dbg(smb_fname),
- strerror(errno) ));
- set_store_dos_attributes(SNUM(conn), False);
- }
- return false;
+ if ((errno != EPERM) && (errno != EACCES)) {
+ DBG_INFO("Cannot set "
+ "attribute EA on file %s: Error = %s\n",
+ smb_fname_str_dbg(smb_fname), strerror(errno));
+ return map_nt_error_from_unix(errno);
}
/* We want DOS semantics, ie allow non owner with write permission to change the
*/
/* Check if we have write access. */
- if(!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn)))
- return false;
+ if (!CAN_WRITE(conn)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
- if (!can_write_to_file(conn, smb_fname)) {
- return false;
+ status = smbd_check_access_rights(conn, smb_fname, false,
+ FILE_WRITE_ATTRIBUTES);
+ if (NT_STATUS_IS_OK(status)) {
+ set_dosmode_ok = true;
+ }
+
+ if (!set_dosmode_ok && lp_dos_filemode(SNUM(conn))) {
+ set_dosmode_ok = can_write_to_file(conn, smb_fname);
+ }
+
+ if (!set_dosmode_ok) {
+ return NT_STATUS_ACCESS_DENIED;
}
/*
- * We need to open the file with write access whilst
- * still in our current user context. This ensures we
- * are not violating security in doing the setxattr.
+ * We need to get an open file handle to do the
+ * metadata operation under root.
*/
- if (!NT_STATUS_IS_OK(open_file_fchmod(conn, smb_fname,
- &fsp)))
- return false;
+ status = get_file_handle_for_metadata(conn,
+ smb_fname,
+ &fsp,
+ &need_close);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
become_root();
- if (SMB_VFS_FSETXATTR(fsp,
- SAMBA_XATTR_DOS_ATTRIB, blob.data,
- blob.length, 0) == 0) {
- ret = true;
+ ret = SMB_VFS_FSETXATTR(fsp,
+ SAMBA_XATTR_DOS_ATTRIB,
+ blob.data, blob.length, 0);
+ if (ret == 0) {
+ status = NT_STATUS_OK;
}
unbecome_root();
- close_file(NULL, fsp, NORMAL_CLOSE);
- return ret;
+ if (need_close) {
+ close_file(NULL, fsp, NORMAL_CLOSE);
+ }
+ return status;
}
DEBUG(10,("set_ea_dos_attribute: set EA 0x%x on file %s\n",
(unsigned int)dosmode,
smb_fname_str_dbg(smb_fname)));
- return true;
+ return NT_STATUS_OK;
}
/****************************************************************************
Change a unix mode to a dos mode for an ms dfs link.
****************************************************************************/
-uint32 dos_mode_msdfs(connection_struct *conn,
+uint32_t dos_mode_msdfs(connection_struct *conn,
const struct smb_filename *smb_fname)
{
- uint32 result = 0;
+ uint32_t result = 0;
DEBUG(8,("dos_mode_msdfs: %s\n", smb_fname_str_dbg(smb_fname)));
result = filter_mode_by_protocol(result);
- DEBUG(8,("dos_mode_msdfs returning "));
-
- if (result & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
- if (result & FILE_ATTRIBUTE_READONLY ) DEBUG(8, ("r"));
- if (result & FILE_ATTRIBUTE_SYSTEM) DEBUG(8, ("s"));
- if (result & FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, ("d"));
- if (result & FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, ("a"));
- if (result & FILE_ATTRIBUTE_SPARSE ) DEBUG(8, ("[sparse]"));
+ /*
+ * Add in that it is a reparse point
+ */
+ result |= FILE_ATTRIBUTE_REPARSE_POINT;
- DEBUG(8,("\n"));
+ dos_mode_debug_print(__func__, result);
return(result);
}
-#ifdef HAVE_STAT_DOS_FLAGS
-/****************************************************************************
- Convert dos attributes (FILE_ATTRIBUTE_*) to dos stat flags (UF_*)
-****************************************************************************/
-
-int dos_attributes_to_stat_dos_flags(uint32_t dosmode)
+/*
+ * check whether a file or directory is flagged as compressed.
+ */
+static NTSTATUS dos_mode_check_compressed(connection_struct *conn,
+ struct smb_filename *smb_fname,
+ bool *is_compressed)
{
- uint32_t dos_stat_flags = 0;
-
- if (dosmode & FILE_ATTRIBUTE_ARCHIVE)
- dos_stat_flags |= UF_DOS_ARCHIVE;
- if (dosmode & FILE_ATTRIBUTE_HIDDEN)
- dos_stat_flags |= UF_DOS_HIDDEN;
- if (dosmode & FILE_ATTRIBUTE_READONLY)
- dos_stat_flags |= UF_DOS_RO;
- if (dosmode & FILE_ATTRIBUTE_SYSTEM)
- dos_stat_flags |= UF_DOS_SYSTEM;
- if (dosmode & FILE_ATTRIBUTE_NONINDEXED)
- dos_stat_flags |= UF_DOS_NOINDEX;
-
- return dos_stat_flags;
-}
-
-/****************************************************************************
- Gets DOS attributes, accessed via st_ex_flags in the stat struct.
-****************************************************************************/
-
-static bool get_stat_dos_flags(connection_struct *conn,
- const struct smb_filename *smb_fname,
- uint32_t *dosmode)
-{
- SMB_ASSERT(VALID_STAT(smb_fname->st));
- SMB_ASSERT(dosmode);
-
- if (!lp_store_dos_attributes(SNUM(conn))) {
- return false;
+ NTSTATUS status;
+ uint16_t compression_fmt;
+ TALLOC_CTX *tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto err_out;
}
- DEBUG(5, ("Getting stat dos attributes for %s.\n",
- smb_fname_str_dbg(smb_fname)));
-
- if (smb_fname->st.st_ex_flags & UF_DOS_ARCHIVE)
- *dosmode |= FILE_ATTRIBUTE_ARCHIVE;
- if (smb_fname->st.st_ex_flags & UF_DOS_HIDDEN)
- *dosmode |= FILE_ATTRIBUTE_HIDDEN;
- if (smb_fname->st.st_ex_flags & UF_DOS_RO)
- *dosmode |= FILE_ATTRIBUTE_READONLY;
- if (smb_fname->st.st_ex_flags & UF_DOS_SYSTEM)
- *dosmode |= FILE_ATTRIBUTE_SYSTEM;
- if (smb_fname->st.st_ex_flags & UF_DOS_NOINDEX)
- *dosmode |= FILE_ATTRIBUTE_NONINDEXED;
- if (smb_fname->st.st_ex_flags & FILE_ATTRIBUTE_SPARSE)
- *dosmode |= FILE_ATTRIBUTE_SPARSE;
- if (S_ISDIR(smb_fname->st.st_ex_mode))
- *dosmode |= FILE_ATTRIBUTE_DIRECTORY;
+ status = SMB_VFS_GET_COMPRESSION(conn, tmp_ctx, NULL, smb_fname,
+ &compression_fmt);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto err_ctx_free;
+ }
- *dosmode |= set_link_read_only_flag(&smb_fname->st);
+ if (compression_fmt == COMPRESSION_FORMAT_LZNT1) {
+ *is_compressed = true;
+ } else {
+ *is_compressed = false;
+ }
+ status = NT_STATUS_OK;
- return true;
+err_ctx_free:
+ talloc_free(tmp_ctx);
+err_out:
+ return status;
}
-/****************************************************************************
- Sets DOS attributes, stored in st_ex_flags of the inode.
-****************************************************************************/
-
-static bool set_stat_dos_flags(connection_struct *conn,
- const struct smb_filename *smb_fname,
- uint32_t dosmode,
- bool *attributes_changed)
+static uint32_t dos_mode_from_name(connection_struct *conn,
+ const struct smb_filename *smb_fname,
+ uint32_t dosmode)
{
- uint32_t new_flags = 0;
- int error = 0;
+ const char *p = NULL;
+ uint32_t result = dosmode;
- SMB_ASSERT(VALID_STAT(smb_fname->st));
- SMB_ASSERT(attributes_changed);
-
- *attributes_changed = false;
+ if (!(result & FILE_ATTRIBUTE_HIDDEN) &&
+ lp_hide_dot_files(SNUM(conn)))
+ {
+ p = strrchr_m(smb_fname->base_name, '/');
+ if (p) {
+ p++;
+ } else {
+ p = smb_fname->base_name;
+ }
- if (!lp_store_dos_attributes(SNUM(conn))) {
- return false;
+ /* Only . and .. are not hidden. */
+ if ((p[0] == '.') &&
+ !((p[1] == '\0') || (p[1] == '.' && p[2] == '\0')))
+ {
+ result |= FILE_ATTRIBUTE_HIDDEN;
+ }
}
- DEBUG(5, ("Setting stat dos attributes for %s.\n",
- smb_fname_str_dbg(smb_fname)));
-
- new_flags = (smb_fname->st.st_ex_flags & ~UF_DOS_FLAGS) |
- dos_attributes_to_stat_dos_flags(dosmode);
-
- /* Return early if no flags changed. */
- if (new_flags == smb_fname->st.st_ex_flags)
- return true;
-
- DEBUG(5, ("Setting stat dos attributes=0x%x, prev=0x%x\n", new_flags,
- smb_fname->st.st_ex_flags));
-
- /* Set new flags with chflags. */
- error = SMB_VFS_CHFLAGS(conn, smb_fname->base_name, new_flags);
- if (error) {
- DEBUG(0, ("Failed setting new stat dos attributes (0x%x) on "
- "file %s! errno=%d\n", new_flags,
- smb_fname_str_dbg(smb_fname), errno));
- return false;
+ if (!(result & FILE_ATTRIBUTE_HIDDEN) &&
+ IS_HIDDEN_PATH(conn, smb_fname->base_name))
+ {
+ result |= FILE_ATTRIBUTE_HIDDEN;
}
- *attributes_changed = true;
- return true;
+ return result;
}
-#endif /* HAVE_STAT_DOS_FLAGS */
/****************************************************************************
Change a unix mode to a dos mode.
if "store dos attributes" is true.
****************************************************************************/
-uint32 dos_mode(connection_struct *conn, struct smb_filename *smb_fname)
+uint32_t dos_mode(connection_struct *conn, struct smb_filename *smb_fname)
{
- uint32 result = 0;
- bool offline, used_stat_dos_flags = false;
+ uint32_t result = 0;
+ NTSTATUS status = NT_STATUS_OK;
DEBUG(8,("dos_mode: %s\n", smb_fname_str_dbg(smb_fname)));
return 0;
}
- /* First do any modifications that depend on the path name. */
- /* hide files with a name starting with a . */
- if (lp_hide_dot_files(SNUM(conn))) {
- const char *p = strrchr_m(smb_fname->base_name,'/');
- if (p) {
- p++;
- } else {
- p = smb_fname->base_name;
- }
-
- /* Only . and .. are not hidden. */
- if (p[0] == '.' && !((p[1] == '\0') ||
- (p[1] == '.' && p[2] == '\0'))) {
- result |= FILE_ATTRIBUTE_HIDDEN;
+ /* Get the DOS attributes via the VFS if we can */
+ status = SMB_VFS_GET_DOS_ATTRIBUTES(conn, smb_fname, &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ /*
+ * Only fall back to using UNIX modes if we get NOT_IMPLEMENTED.
+ */
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+ result |= dos_mode_from_sbuf(conn, smb_fname);
}
}
-#ifdef HAVE_STAT_DOS_FLAGS
- used_stat_dos_flags = get_stat_dos_flags(conn, smb_fname, &result);
-#endif
- if (!used_stat_dos_flags) {
- /* Get the DOS attributes from an EA by preference. */
- if (!get_ea_dos_attribute(conn, smb_fname, &result)) {
- result |= dos_mode_from_sbuf(conn, smb_fname);
+ /*
+ * According to MS-FSA a stream name does not have
+ * separate DOS attribute metadata, so we must return
+ * the DOS attribute from the base filename. With one caveat,
+ * a non-default stream name can never be a directory.
+ *
+ * As this is common to all streams data stores, we handle
+ * it here instead of inside all stream VFS modules.
+ *
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380
+ */
+
+ if (is_ntfs_stream_smb_fname(smb_fname)) {
+ /* is_ntfs_stream_smb_fname() returns false for a POSIX path. */
+ if (!is_ntfs_default_stream_smb_fname(smb_fname)) {
+ /*
+ * Non-default stream name, not a posix path.
+ */
+ result &= ~(FILE_ATTRIBUTE_DIRECTORY);
}
}
- offline = SMB_VFS_IS_OFFLINE(conn, smb_fname, &smb_fname->st);
- if (S_ISREG(smb_fname->st.st_ex_mode) && offline) {
- result |= FILE_ATTRIBUTE_OFFLINE;
+ if (conn->fs_capabilities & FILE_FILE_COMPRESSION) {
+ bool compressed = false;
+ status = dos_mode_check_compressed(conn, smb_fname,
+ &compressed);
+ if (NT_STATUS_IS_OK(status) && compressed) {
+ result |= FILE_ATTRIBUTE_COMPRESSED;
+ }
}
- /* Optimization : Only call is_hidden_path if it's not already
- hidden. */
- if (!(result & FILE_ATTRIBUTE_HIDDEN) &&
- IS_HIDDEN_PATH(conn, smb_fname->base_name)) {
- result |= FILE_ATTRIBUTE_HIDDEN;
- }
+ result |= dos_mode_from_name(conn, smb_fname, result);
- if (result == 0) {
+ if (S_ISDIR(smb_fname->st.st_ex_mode)) {
+ result |= FILE_ATTRIBUTE_DIRECTORY;
+ } else if (result == 0) {
result = FILE_ATTRIBUTE_NORMAL;
}
result = filter_mode_by_protocol(result);
- DEBUG(8,("dos_mode returning "));
-
- if (result & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
- if (result & FILE_ATTRIBUTE_READONLY ) DEBUG(8, ("r"));
- if (result & FILE_ATTRIBUTE_SYSTEM) DEBUG(8, ("s"));
- if (result & FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, ("d"));
- if (result & FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, ("a"));
- if (result & FILE_ATTRIBUTE_SPARSE ) DEBUG(8, ("[sparse]"));
- if (result & FILE_ATTRIBUTE_OFFLINE ) DEBUG(8, ("[offline]"));
+ dos_mode_debug_print(__func__, result);
- DEBUG(8,("\n"));
-
- return(result);
+ return result;
}
/*******************************************************************
********************************************************************/
int file_set_dosmode(connection_struct *conn, struct smb_filename *smb_fname,
- uint32 dosmode, const char *parent_dir, bool newfile)
+ uint32_t dosmode, const char *parent_dir, bool newfile)
{
int mask=0;
mode_t tmp;
mode_t unixmode;
int ret = -1, lret = -1;
- uint32_t old_mode;
- struct timespec new_create_timespec;
files_struct *fsp = NULL;
+ bool need_close = false;
+ NTSTATUS status;
if (!CAN_WRITE(conn)) {
errno = EROFS;
return -1;
}
- /* We only allow READONLY|HIDDEN|SYSTEM|DIRECTORY|ARCHIVE here. */
- dosmode &= (SAMBA_ATTRIBUTES_MASK | FILE_ATTRIBUTE_OFFLINE);
+ dosmode &= SAMBA_ATTRIBUTES_MASK;
DEBUG(10,("file_set_dosmode: setting dos mode 0x%x on file %s\n",
dosmode, smb_fname_str_dbg(smb_fname)));
unixmode = smb_fname->st.st_ex_mode;
- get_acl_group_bits(conn, smb_fname->base_name,
- &smb_fname->st.st_ex_mode);
+ get_acl_group_bits(conn, smb_fname,
+ &smb_fname->st.st_ex_mode);
if (S_ISDIR(smb_fname->st.st_ex_mode))
dosmode |= FILE_ATTRIBUTE_DIRECTORY;
else
dosmode &= ~FILE_ATTRIBUTE_DIRECTORY;
- new_create_timespec = smb_fname->st.st_ex_btime;
-
- old_mode = dos_mode(conn, smb_fname);
-
- if (dosmode & FILE_ATTRIBUTE_OFFLINE) {
- if (!(old_mode & FILE_ATTRIBUTE_OFFLINE)) {
- lret = SMB_VFS_SET_OFFLINE(conn, smb_fname);
- if (lret == -1) {
- DEBUG(0, ("set_dos_mode: client has asked to "
- "set FILE_ATTRIBUTE_OFFLINE to "
- "%s/%s but there was an error while "
- "setting it or it is not "
- "supported.\n", parent_dir,
- smb_fname_str_dbg(smb_fname)));
- }
- }
- }
-
- dosmode &= ~FILE_ATTRIBUTE_OFFLINE;
- old_mode &= ~FILE_ATTRIBUTE_OFFLINE;
-
- smb_fname->st.st_ex_btime = new_create_timespec;
-
-#ifdef HAVE_STAT_DOS_FLAGS
- {
- bool attributes_changed;
-
- if (set_stat_dos_flags(conn, smb_fname, dosmode,
- &attributes_changed))
- {
- if (!newfile && attributes_changed) {
- notify_fname(conn, NOTIFY_ACTION_MODIFIED,
- FILE_NOTIFY_CHANGE_ATTRIBUTES,
- smb_fname->base_name);
- }
- smb_fname->st.st_ex_mode = unixmode;
- return 0;
- }
- }
-#endif
/* Store the DOS attributes in an EA by preference. */
- if (lp_store_dos_attributes(SNUM(conn))) {
- /*
- * Don't fall back to using UNIX modes. Finally
- * follow the smb.conf manpage.
- */
- if (!set_ea_dos_attribute(conn, smb_fname, dosmode)) {
- return -1;
- }
+ status = SMB_VFS_SET_DOS_ATTRIBUTES(conn, smb_fname, dosmode);
+ if (NT_STATUS_IS_OK(status)) {
if (!newfile) {
notify_fname(conn, NOTIFY_ACTION_MODIFIED,
- FILE_NOTIFY_CHANGE_ATTRIBUTES,
- smb_fname->base_name);
+ FILE_NOTIFY_CHANGE_ATTRIBUTES,
+ smb_fname->base_name);
}
smb_fname->st.st_ex_mode = unixmode;
return 0;
+ } else {
+ /*
+ * Only fall back to using UNIX modes if
+ * we get NOT_IMPLEMENTED.
+ */
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+ errno = map_errno_from_nt_status(status);
+ return -1;
+ }
}
+ /* Fall back to UNIX modes. */
unixmode = unix_mode(conn, dosmode, smb_fname, parent_dir);
/* preserve the file type bits */
return -1;
}
- ret = SMB_VFS_CHMOD(conn, smb_fname->base_name, unixmode);
+ ret = SMB_VFS_CHMOD(conn, smb_fname, unixmode);
if (ret == 0) {
if(!newfile || (lret != -1)) {
notify_fname(conn, NOTIFY_ACTION_MODIFIED,
}
/*
- * We need to open the file with write access whilst
- * still in our current user context. This ensures we
- * are not violating security in doing the fchmod.
+ * We need to get an open file handle to do the
+ * metadata operation under root.
*/
- if (!NT_STATUS_IS_OK(open_file_fchmod(conn, smb_fname,
- &fsp)))
+
+ status = get_file_handle_for_metadata(conn,
+ smb_fname,
+ &fsp,
+ &need_close);
+ if (!NT_STATUS_IS_OK(status)) {
+ errno = map_errno_from_nt_status(status);
return -1;
+ }
+
become_root();
ret = SMB_VFS_FCHMOD(fsp, unixmode);
unbecome_root();
- close_file(NULL, fsp, NORMAL_CLOSE);
+ if (need_close) {
+ close_file(NULL, fsp, NORMAL_CLOSE);
+ }
if (!newfile) {
notify_fname(conn, NOTIFY_ACTION_MODIFIED,
FILE_NOTIFY_CHANGE_ATTRIBUTES,
return NT_STATUS_MEDIA_WRITE_PROTECTED;
}
- if (!(fsp->access_mask & FILE_WRITE_DATA) &&
- !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ /*
+ * Windows Server 2008 & 2012 permit FSCTL_SET_SPARSE if any of the
+ * following access flags are granted.
+ */
+ if ((fsp->access_mask & (FILE_WRITE_DATA
+ | FILE_WRITE_ATTRIBUTES
+ | SEC_FILE_APPEND_DATA)) == 0) {
DEBUG(9,("file_set_sparse: fname[%s] set[%u] "
"access_mask[0x%08X] - access denied\n",
smb_fname_str_dbg(fsp->fsp_name),
return NT_STATUS_ACCESS_DENIED;
}
+ if (fsp->is_directory) {
+ DEBUG(9, ("invalid attempt to %s sparse flag on dir %s\n",
+ (sparse ? "set" : "clear"),
+ smb_fname_str_dbg(fsp->fsp_name)));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (IS_IPC(conn) || IS_PRINT(conn)) {
+ DEBUG(9, ("attempt to %s sparse flag over invalid conn\n",
+ (sparse ? "set" : "clear")));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
DEBUG(10,("file_set_sparse: setting sparse bit %u on file %s\n",
sparse, smb_fname_str_dbg(fsp->fsp_name)));
}
/* Store the DOS attributes in an EA. */
- if (!set_ea_dos_attribute(conn, fsp->fsp_name,
- new_dosmode)) {
- if (errno == 0) {
- errno = EIO;
- }
- return map_nt_error_from_unix(errno);
+ status = SMB_VFS_FSET_DOS_ATTRIBUTES(conn, fsp, new_dosmode);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
notify_fname(conn, NOTIFY_ACTION_MODIFIED,
return NT_STATUS_OK;
}
- smb_fname = synthetic_smb_fname(talloc_tos(), psmb_fname->base_name,
- NULL, &psmb_fname->st);
+ smb_fname = synthetic_smb_fname(talloc_tos(),
+ psmb_fname->base_name,
+ NULL,
+ &psmb_fname->st,
+ psmb_fname->flags);
if (smb_fname == NULL) {
return NT_STATUS_NO_MEMORY;
ret = file_set_dosmode(conn, smb_fname, dosmode, NULL, false);
if (ret == -1) {
- map_nt_error_from_unix(errno);
+ return map_nt_error_from_unix(errno);
}
DEBUG(10,("set_create_timespec_ea: wrote create time EA for file %s\n",
{
return smb_fname->st.st_ex_mtime;
}
+
+/****************************************************************************
+ Get a real open file handle we can do meta-data operations on. As it's
+ going to be used under root access only on meta-data we should look for
+ any existing open file handle first, and use that in preference (also to
+ avoid kernel self-oplock breaks). If not use an INTERNAL_OPEN_ONLY handle.
+****************************************************************************/
+
+static NTSTATUS get_file_handle_for_metadata(connection_struct *conn,
+ const struct smb_filename *smb_fname,
+ files_struct **ret_fsp,
+ bool *need_close)
+{
+ NTSTATUS status;
+ files_struct *fsp;
+ struct file_id file_id;
+ struct smb_filename *smb_fname_cp = NULL;
+
+ *need_close = false;
+
+ if (!VALID_STAT(smb_fname->st)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
+
+ for(fsp = file_find_di_first(conn->sconn, file_id);
+ fsp;
+ fsp = file_find_di_next(fsp)) {
+ if (fsp->fh->fd != -1) {
+ *ret_fsp = fsp;
+ return NT_STATUS_OK;
+ }
+ }
+
+ smb_fname_cp = cp_smb_filename(talloc_tos(),
+ smb_fname);
+ if (smb_fname_cp == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* Opens an INTERNAL_OPEN_ONLY write handle. */
+ status = SMB_VFS_CREATE_FILE(
+ conn, /* conn */
+ NULL, /* req */
+ 0, /* root_dir_fid */
+ smb_fname_cp, /* fname */
+ FILE_WRITE_ATTRIBUTES, /* access_mask */
+ (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
+ FILE_SHARE_DELETE),
+ FILE_OPEN, /* create_disposition*/
+ 0, /* create_options */
+ 0, /* file_attributes */
+ INTERNAL_OPEN_ONLY, /* oplock_request */
+ NULL, /* lease */
+ 0, /* allocation_size */
+ 0, /* private_flags */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ ret_fsp, /* result */
+ NULL, /* pinfo */
+ NULL, NULL); /* create context */
+
+ TALLOC_FREE(smb_fname_cp);
+
+ if (NT_STATUS_IS_OK(status)) {
+ *need_close = true;
+ }
+ return status;
+}
git.samba.org / kai / samba-autobuild / .git / blobdiff