2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 extern const struct generic_mapping file_generic_mapping;
25 extern bool global_client_failed_oplock_break;
27 struct deferred_open_record {
28 bool delayed_for_oplocks;
32 /****************************************************************************
33 fd support routines - attempt to do a dos_open.
34 ****************************************************************************/
36 static NTSTATUS fd_open(struct connection_struct *conn,
42 NTSTATUS status = NT_STATUS_OK;
46 * Never follow symlinks on a POSIX client. The
47 * client should be doing this.
50 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
55 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
56 if (fsp->fh->fd == -1) {
57 status = map_nt_error_from_unix(errno);
60 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
61 fname, flags, (int)mode, fsp->fh->fd,
62 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
67 /****************************************************************************
68 Close the file associated with a fsp.
69 ****************************************************************************/
71 NTSTATUS fd_close(files_struct *fsp)
75 if (fsp->fh->fd == -1) {
76 return NT_STATUS_OK; /* What we used to call a stat open. */
78 if (fsp->fh->ref_count > 1) {
79 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
82 ret = SMB_VFS_CLOSE(fsp);
85 return map_nt_error_from_unix(errno);
90 /****************************************************************************
91 Change the ownership of a file to that of the parent directory.
92 Do this by fd if possible.
93 ****************************************************************************/
95 static void change_file_owner_to_parent(connection_struct *conn,
96 const char *inherit_from_dir,
99 SMB_STRUCT_STAT parent_st;
102 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
104 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
105 "directory %s. Error was %s\n",
106 inherit_from_dir, strerror(errno) ));
111 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
114 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
115 "file %s to parent directory uid %u. Error "
116 "was %s\n", fsp->fsp_name,
117 (unsigned int)parent_st.st_uid,
121 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
122 "parent directory uid %u.\n", fsp->fsp_name,
123 (unsigned int)parent_st.st_uid ));
126 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
127 const char *inherit_from_dir,
129 SMB_STRUCT_STAT *psbuf)
131 char *saved_dir = NULL;
132 SMB_STRUCT_STAT sbuf;
133 SMB_STRUCT_STAT parent_st;
134 TALLOC_CTX *ctx = talloc_tos();
135 NTSTATUS status = NT_STATUS_OK;
138 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
140 status = map_nt_error_from_unix(errno);
141 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
142 "directory %s. Error was %s\n",
143 inherit_from_dir, strerror(errno) ));
147 /* We've already done an lstat into psbuf, and we know it's a
148 directory. If we can cd into the directory and the dev/ino
149 are the same then we can safely chown without races as
150 we're locking the directory in place by being in it. This
151 should work on any UNIX (thanks tridge :-). JRA.
154 saved_dir = vfs_GetWd(ctx,conn);
156 status = map_nt_error_from_unix(errno);
157 DEBUG(0,("change_dir_owner_to_parent: failed to get "
158 "current working directory. Error was %s\n",
163 /* Chdir into the new path. */
164 if (vfs_ChDir(conn, fname) == -1) {
165 status = map_nt_error_from_unix(errno);
166 DEBUG(0,("change_dir_owner_to_parent: failed to change "
167 "current working directory to %s. Error "
168 "was %s\n", fname, strerror(errno) ));
172 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
173 status = map_nt_error_from_unix(errno);
174 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
175 "directory '.' (%s) Error was %s\n",
176 fname, strerror(errno)));
180 /* Ensure we're pointing at the same place. */
181 if (sbuf.st_dev != psbuf->st_dev ||
182 sbuf.st_ino != psbuf->st_ino ||
183 sbuf.st_mode != psbuf->st_mode ) {
184 DEBUG(0,("change_dir_owner_to_parent: "
185 "device/inode/mode on directory %s changed. "
186 "Refusing to chown !\n", fname ));
187 status = NT_STATUS_ACCESS_DENIED;
192 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
195 status = map_nt_error_from_unix(errno);
196 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
197 "directory %s to parent directory uid %u. "
198 "Error was %s\n", fname,
199 (unsigned int)parent_st.st_uid, strerror(errno) ));
203 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
204 "directory %s to parent directory uid %u.\n",
205 fname, (unsigned int)parent_st.st_uid ));
209 vfs_ChDir(conn,saved_dir);
213 /****************************************************************************
215 ****************************************************************************/
217 static NTSTATUS open_file(files_struct *fsp,
218 connection_struct *conn,
219 struct smb_request *req,
220 const char *parent_dir,
223 SMB_STRUCT_STAT *psbuf,
226 uint32 access_mask, /* client requested access mask. */
227 uint32 open_access_mask) /* what we're actually using in the open. */
229 NTSTATUS status = NT_STATUS_OK;
230 int accmode = (flags & O_ACCMODE);
231 int local_flags = flags;
232 bool file_existed = VALID_STAT(*psbuf);
237 /* Check permissions */
240 * This code was changed after seeing a client open request
241 * containing the open mode of (DENY_WRITE/read-only) with
242 * the 'create if not exist' bit set. The previous code
243 * would fail to open the file read only on a read-only share
244 * as it was checking the flags parameter directly against O_RDONLY,
245 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
249 if (!CAN_WRITE(conn)) {
250 /* It's a read-only share - fail if we wanted to write. */
251 if(accmode != O_RDONLY) {
252 DEBUG(3,("Permission denied opening %s\n", path));
253 return NT_STATUS_ACCESS_DENIED;
254 } else if(flags & O_CREAT) {
255 /* We don't want to write - but we must make sure that
256 O_CREAT doesn't create the file if we have write
257 access into the directory.
260 local_flags &= ~O_CREAT;
265 * This little piece of insanity is inspired by the
266 * fact that an NT client can open a file for O_RDONLY,
267 * but set the create disposition to FILE_EXISTS_TRUNCATE.
268 * If the client *can* write to the file, then it expects to
269 * truncate the file, even though it is opening for readonly.
270 * Quicken uses this stupid trick in backup file creation...
271 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
272 * for helping track this one down. It didn't bite us in 2.0.x
273 * as we always opened files read-write in that release. JRA.
276 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
277 DEBUG(10,("open_file: truncate requested on read-only open "
278 "for file %s\n", path));
279 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
282 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
283 (!file_existed && (local_flags & O_CREAT)) ||
284 ((local_flags & O_TRUNC) == O_TRUNC) ) {
287 * We can't actually truncate here as the file may be locked.
288 * open_file_ntcreate will take care of the truncate later. JRA.
291 local_flags &= ~O_TRUNC;
293 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
295 * We would block on opening a FIFO with no one else on the
296 * other end. Do what we used to do and add O_NONBLOCK to the
300 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
301 local_flags |= O_NONBLOCK;
305 /* Don't create files with Microsoft wildcard characters. */
306 if ((local_flags & O_CREAT) && !file_existed &&
308 return NT_STATUS_OBJECT_NAME_INVALID;
311 /* Actually do the open */
312 status = fd_open(conn, path, fsp, local_flags, unx_mode);
313 if (!NT_STATUS_IS_OK(status)) {
314 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
316 path,nt_errstr(status),local_flags,flags));
320 if ((local_flags & O_CREAT) && !file_existed) {
322 /* Inherit the ACL if required */
323 if (lp_inherit_perms(SNUM(conn))) {
324 inherit_access_posix_acl(conn, parent_dir, path,
328 /* Change the owner if required. */
329 if (lp_inherit_owner(SNUM(conn))) {
330 change_file_owner_to_parent(conn, parent_dir,
334 notify_fname(conn, NOTIFY_ACTION_ADDED,
335 FILE_NOTIFY_CHANGE_FILE_NAME, path);
339 fsp->fh->fd = -1; /* What we used to call a stat open. */
345 if (fsp->fh->fd == -1) {
346 ret = SMB_VFS_STAT(conn, path, psbuf);
348 ret = SMB_VFS_FSTAT(fsp, psbuf);
349 /* If we have an fd, this stat should succeed. */
351 DEBUG(0,("Error doing fstat on open file %s "
352 "(%s)\n", path,strerror(errno) ));
356 /* For a non-io open, this stat failing means file not found. JRA */
358 status = map_nt_error_from_unix(errno);
365 * POSIX allows read-only opens of directories. We don't
366 * want to do this (we use a different code path for this)
367 * so catch a directory open and return an EISDIR. JRA.
370 if(S_ISDIR(psbuf->st_mode)) {
373 return NT_STATUS_FILE_IS_A_DIRECTORY;
376 fsp->mode = psbuf->st_mode;
377 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
378 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
379 fsp->file_pid = req ? req->smbpid : 0;
380 fsp->can_lock = True;
381 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
382 if (!CAN_WRITE(conn)) {
383 fsp->can_write = False;
385 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
388 fsp->print_file = False;
389 fsp->modified = False;
390 fsp->sent_oplock_break = NO_BREAK_SENT;
391 fsp->is_directory = False;
392 if (conn->aio_write_behind_list &&
393 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
394 fsp->aio_write_behind = True;
397 string_set(&fsp->fsp_name, path);
398 fsp->wcp = NULL; /* Write cache pointer. */
400 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
401 conn->server_info->unix_name,
403 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
404 conn->num_files_open + 1));
410 /*******************************************************************
411 Return True if the filename is one of the special executable types.
412 ********************************************************************/
414 static bool is_executable(const char *fname)
416 if ((fname = strrchr_m(fname,'.'))) {
417 if (strequal(fname,".com") ||
418 strequal(fname,".dll") ||
419 strequal(fname,".exe") ||
420 strequal(fname,".sym")) {
427 /****************************************************************************
428 Check if we can open a file with a share mode.
429 Returns True if conflict, False if not.
430 ****************************************************************************/
432 static bool share_conflict(struct share_mode_entry *entry,
436 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
437 "entry->share_access = 0x%x, "
438 "entry->private_options = 0x%x\n",
439 (unsigned int)entry->access_mask,
440 (unsigned int)entry->share_access,
441 (unsigned int)entry->private_options));
443 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
444 (unsigned int)access_mask, (unsigned int)share_access));
446 if ((entry->access_mask & (FILE_WRITE_DATA|
450 DELETE_ACCESS)) == 0) {
451 DEBUG(10,("share_conflict: No conflict due to "
452 "entry->access_mask = 0x%x\n",
453 (unsigned int)entry->access_mask ));
457 if ((access_mask & (FILE_WRITE_DATA|
461 DELETE_ACCESS)) == 0) {
462 DEBUG(10,("share_conflict: No conflict due to "
463 "access_mask = 0x%x\n",
464 (unsigned int)access_mask ));
468 #if 1 /* JRA TEST - Superdebug. */
469 #define CHECK_MASK(num, am, right, sa, share) \
470 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
471 (unsigned int)(num), (unsigned int)(am), \
472 (unsigned int)(right), (unsigned int)(am)&(right) )); \
473 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
474 (unsigned int)(num), (unsigned int)(sa), \
475 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
476 if (((am) & (right)) && !((sa) & (share))) { \
477 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
478 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
479 (unsigned int)(share) )); \
483 #define CHECK_MASK(num, am, right, sa, share) \
484 if (((am) & (right)) && !((sa) & (share))) { \
485 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
486 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
487 (unsigned int)(share) )); \
492 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
493 share_access, FILE_SHARE_WRITE);
494 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
495 entry->share_access, FILE_SHARE_WRITE);
497 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
498 share_access, FILE_SHARE_READ);
499 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
500 entry->share_access, FILE_SHARE_READ);
502 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
503 share_access, FILE_SHARE_DELETE);
504 CHECK_MASK(6, access_mask, DELETE_ACCESS,
505 entry->share_access, FILE_SHARE_DELETE);
507 DEBUG(10,("share_conflict: No conflict.\n"));
511 #if defined(DEVELOPER)
512 static void validate_my_share_entries(int num,
513 struct share_mode_entry *share_entry)
517 if (!procid_is_me(&share_entry->pid)) {
521 if (is_deferred_open_entry(share_entry) &&
522 !open_was_deferred(share_entry->op_mid)) {
523 char *str = talloc_asprintf(talloc_tos(),
524 "Got a deferred entry without a request: "
526 share_mode_str(talloc_tos(), num, share_entry));
530 if (!is_valid_share_mode_entry(share_entry)) {
534 fsp = file_find_dif(share_entry->id,
535 share_entry->share_file_id);
537 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
538 share_mode_str(talloc_tos(), num, share_entry) ));
539 smb_panic("validate_my_share_entries: Cannot match a "
540 "share entry with an open file\n");
543 if (is_deferred_open_entry(share_entry) ||
544 is_unused_share_mode_entry(share_entry)) {
548 if ((share_entry->op_type == NO_OPLOCK) &&
549 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
550 /* Someone has already written to it, but I haven't yet
555 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
564 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
565 share_mode_str(talloc_tos(), num, share_entry) ));
566 str = talloc_asprintf(talloc_tos(),
567 "validate_my_share_entries: "
568 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
569 fsp->fsp_name, (unsigned int)fsp->oplock_type,
570 (unsigned int)share_entry->op_type );
576 static bool is_stat_open(uint32 access_mask)
578 return (access_mask &&
579 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
580 FILE_WRITE_ATTRIBUTES))==0) &&
581 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
582 FILE_WRITE_ATTRIBUTES)) != 0));
585 /****************************************************************************
586 Deal with share modes
587 Invarient: Share mode must be locked on entry and exit.
588 Returns -1 on error, or number of share modes on success (may be zero).
589 ****************************************************************************/
591 static NTSTATUS open_mode_check(connection_struct *conn,
593 struct share_mode_lock *lck,
596 uint32 create_options,
601 if(lck->num_share_modes == 0) {
605 *file_existed = True;
607 /* A delete on close prohibits everything */
609 if (lck->delete_on_close) {
610 return NT_STATUS_DELETE_PENDING;
613 if (is_stat_open(access_mask)) {
614 /* Stat open that doesn't trigger oplock breaks or share mode
615 * checks... ! JRA. */
620 * Check if the share modes will give us access.
623 #if defined(DEVELOPER)
624 for(i = 0; i < lck->num_share_modes; i++) {
625 validate_my_share_entries(i, &lck->share_modes[i]);
629 if (!lp_share_modes(SNUM(conn))) {
633 /* Now we check the share modes, after any oplock breaks. */
634 for(i = 0; i < lck->num_share_modes; i++) {
636 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
640 /* someone else has a share lock on it, check to see if we can
642 if (share_conflict(&lck->share_modes[i],
643 access_mask, share_access)) {
644 return NT_STATUS_SHARING_VIOLATION;
651 static bool is_delete_request(files_struct *fsp) {
652 return ((fsp->access_mask == DELETE_ACCESS) &&
653 (fsp->oplock_type == NO_OPLOCK));
657 * 1) No files open at all or internal open: Grant whatever the client wants.
659 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
660 * request, break if the oplock around is a batch oplock. If it's another
661 * requested access type, break.
663 * 3) Only level2 around: Grant level2 and do nothing else.
666 static bool delay_for_oplocks(struct share_mode_lock *lck,
673 struct share_mode_entry *exclusive = NULL;
674 bool valid_entry = False;
675 bool delay_it = False;
676 bool have_level2 = False;
678 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
680 if (oplock_request & INTERNAL_OPEN_ONLY) {
681 fsp->oplock_type = NO_OPLOCK;
684 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
688 for (i=0; i<lck->num_share_modes; i++) {
690 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
694 /* At least one entry is not an invalid or deferred entry. */
697 if (pass_number == 1) {
698 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
699 SMB_ASSERT(exclusive == NULL);
700 exclusive = &lck->share_modes[i];
703 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
704 SMB_ASSERT(exclusive == NULL);
705 exclusive = &lck->share_modes[i];
709 if (lck->share_modes[i].op_type == LEVEL_II_OPLOCK) {
710 SMB_ASSERT(exclusive == NULL);
716 /* All entries are placeholders or deferred.
717 * Directly grant whatever the client wants. */
718 if (fsp->oplock_type == NO_OPLOCK) {
719 /* Store a level2 oplock, but don't tell the client */
720 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
725 if (exclusive != NULL) { /* Found an exclusive oplock */
726 SMB_ASSERT(!have_level2);
727 delay_it = is_delete_request(fsp) ?
728 BATCH_OPLOCK_TYPE(exclusive->op_type) : True;
731 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
732 /* We can at most grant level2 as there are other
733 * level2 or NO_OPLOCK entries. */
734 fsp->oplock_type = LEVEL_II_OPLOCK;
737 if ((fsp->oplock_type == NO_OPLOCK) && have_level2) {
738 /* Store a level2 oplock, but don't tell the client */
739 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
747 * Send a break message to the oplock holder and delay the open for
751 DEBUG(10, ("Sending break request to PID %s\n",
752 procid_str_static(&exclusive->pid)));
753 exclusive->op_mid = mid;
755 /* Create the message. */
756 share_mode_entry_to_message(msg, exclusive);
758 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
759 don't want this set in the share mode struct pointed to by lck. */
761 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
762 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
765 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
766 MSG_SMB_BREAK_REQUEST,
768 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
769 if (!NT_STATUS_IS_OK(status)) {
770 DEBUG(3, ("Could not send oplock break message: %s\n",
777 static bool request_timed_out(struct timeval request_time,
778 struct timeval timeout)
780 struct timeval now, end_time;
782 end_time = timeval_sum(&request_time, &timeout);
783 return (timeval_compare(&end_time, &now) < 0);
786 /****************************************************************************
787 Handle the 1 second delay in returning a SHARING_VIOLATION error.
788 ****************************************************************************/
790 static void defer_open(struct share_mode_lock *lck,
791 struct timeval request_time,
792 struct timeval timeout,
793 struct smb_request *req,
794 struct deferred_open_record *state)
800 for (i=0; i<lck->num_share_modes; i++) {
801 struct share_mode_entry *e = &lck->share_modes[i];
803 if (!is_deferred_open_entry(e)) {
807 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
808 DEBUG(0, ("Trying to defer an already deferred "
809 "request: mid=%d, exiting\n", req->mid));
810 exit_server("attempt to defer a deferred request");
814 /* End paranoia check */
816 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
817 "open entry for mid %u\n",
818 (unsigned int)request_time.tv_sec,
819 (unsigned int)request_time.tv_usec,
820 (unsigned int)req->mid));
822 if (!push_deferred_smb_message(req, request_time, timeout,
823 (char *)state, sizeof(*state))) {
824 exit_server("push_deferred_smb_message failed");
826 add_deferred_open(lck, req->mid, request_time, state->id);
829 * Push the MID of this packet on the signing queue.
830 * We only do this once, the first time we push the packet
831 * onto the deferred open queue, as this has a side effect
832 * of incrementing the response sequence number.
835 srv_defer_sign_response(req->mid);
839 /****************************************************************************
840 On overwrite open ensure that the attributes match.
841 ****************************************************************************/
843 static bool open_match_attributes(connection_struct *conn,
847 mode_t existing_unx_mode,
849 mode_t *returned_unx_mode)
851 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
853 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
854 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
856 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
857 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
858 *returned_unx_mode = new_unx_mode;
860 *returned_unx_mode = (mode_t)0;
863 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
864 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
865 "returned_unx_mode = 0%o\n",
867 (unsigned int)old_dos_attr,
868 (unsigned int)existing_unx_mode,
869 (unsigned int)new_dos_attr,
870 (unsigned int)*returned_unx_mode ));
872 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
873 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
874 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
875 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
879 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
880 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
881 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
888 /****************************************************************************
889 Special FCB or DOS processing in the case of a sharing violation.
890 Try and find a duplicated file handle.
891 ****************************************************************************/
893 static files_struct *fcb_or_dos_open(struct smb_request *req,
894 connection_struct *conn,
901 uint32 create_options)
904 files_struct *dup_fsp;
906 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
907 "file %s.\n", fname ));
909 for(fsp = file_find_di_first(id); fsp;
910 fsp = file_find_di_next(fsp)) {
912 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
913 "vuid = %u, file_pid = %u, private_options = 0x%x "
914 "access_mask = 0x%x\n", fsp->fsp_name,
915 fsp->fh->fd, (unsigned int)fsp->vuid,
916 (unsigned int)fsp->file_pid,
917 (unsigned int)fsp->fh->private_options,
918 (unsigned int)fsp->access_mask ));
920 if (fsp->fh->fd != -1 &&
922 fsp->file_pid == file_pid &&
923 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
924 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
925 (fsp->access_mask & FILE_WRITE_DATA) &&
926 strequal(fsp->fsp_name, fname)) {
927 DEBUG(10,("fcb_or_dos_open: file match\n"));
936 /* quite an insane set of semantics ... */
937 if (is_executable(fname) &&
938 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
939 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
943 /* We need to duplicate this fsp. */
944 if (!NT_STATUS_IS_OK(dup_file_fsp(req, fsp, access_mask, share_access,
945 create_options, &dup_fsp))) {
952 /****************************************************************************
953 Open a file with a share mode - old openX method - map into NTCreate.
954 ****************************************************************************/
956 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
957 uint32 *paccess_mask,
959 uint32 *pcreate_disposition,
960 uint32 *pcreate_options)
964 uint32 create_disposition;
965 uint32 create_options = 0;
967 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
968 "open_func = 0x%x\n",
969 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
971 /* Create the NT compatible access_mask. */
972 switch (GET_OPENX_MODE(deny_mode)) {
973 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
974 case DOS_OPEN_RDONLY:
975 access_mask = FILE_GENERIC_READ;
977 case DOS_OPEN_WRONLY:
978 access_mask = FILE_GENERIC_WRITE;
982 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
985 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
986 (unsigned int)GET_OPENX_MODE(deny_mode)));
990 /* Create the NT compatible create_disposition. */
992 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
993 create_disposition = FILE_CREATE;
996 case OPENX_FILE_EXISTS_OPEN:
997 create_disposition = FILE_OPEN;
1000 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1001 create_disposition = FILE_OPEN_IF;
1004 case OPENX_FILE_EXISTS_TRUNCATE:
1005 create_disposition = FILE_OVERWRITE;
1008 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1009 create_disposition = FILE_OVERWRITE_IF;
1013 /* From samba4 - to be confirmed. */
1014 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1015 create_disposition = FILE_CREATE;
1018 DEBUG(10,("map_open_params_to_ntcreate: bad "
1019 "open_func 0x%x\n", (unsigned int)open_func));
1023 /* Create the NT compatible share modes. */
1024 switch (GET_DENY_MODE(deny_mode)) {
1026 share_mode = FILE_SHARE_NONE;
1030 share_mode = FILE_SHARE_READ;
1034 share_mode = FILE_SHARE_WRITE;
1038 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1042 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1043 if (is_executable(fname)) {
1044 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1046 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1047 share_mode = FILE_SHARE_READ;
1049 share_mode = FILE_SHARE_NONE;
1055 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1056 share_mode = FILE_SHARE_NONE;
1060 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1061 (unsigned int)GET_DENY_MODE(deny_mode) ));
1065 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1066 "share_mode = 0x%x, create_disposition = 0x%x, "
1067 "create_options = 0x%x\n",
1069 (unsigned int)access_mask,
1070 (unsigned int)share_mode,
1071 (unsigned int)create_disposition,
1072 (unsigned int)create_options ));
1075 *paccess_mask = access_mask;
1078 *pshare_mode = share_mode;
1080 if (pcreate_disposition) {
1081 *pcreate_disposition = create_disposition;
1083 if (pcreate_options) {
1084 *pcreate_options = create_options;
1091 static void schedule_defer_open(struct share_mode_lock *lck,
1092 struct timeval request_time,
1093 struct smb_request *req)
1095 struct deferred_open_record state;
1097 /* This is a relative time, added to the absolute
1098 request_time value to get the absolute timeout time.
1099 Note that if this is the second or greater time we enter
1100 this codepath for this particular request mid then
1101 request_time is left as the absolute time of the *first*
1102 time this request mid was processed. This is what allows
1103 the request to eventually time out. */
1105 struct timeval timeout;
1107 /* Normally the smbd we asked should respond within
1108 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1109 * the client did, give twice the timeout as a safety
1110 * measure here in case the other smbd is stuck
1111 * somewhere else. */
1113 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1115 /* Nothing actually uses state.delayed_for_oplocks
1116 but it's handy to differentiate in debug messages
1117 between a 30 second delay due to oplock break, and
1118 a 1 second delay for share mode conflicts. */
1120 state.delayed_for_oplocks = True;
1123 if (!request_timed_out(request_time, timeout)) {
1124 defer_open(lck, request_time, timeout, req, &state);
1128 /****************************************************************************
1129 Open a file with a share mode.
1130 ****************************************************************************/
1132 NTSTATUS open_file_ntcreate(connection_struct *conn,
1133 struct smb_request *req,
1135 SMB_STRUCT_STAT *psbuf,
1136 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1137 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1138 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1139 uint32 create_options, /* options such as delete on close. */
1140 uint32 new_dos_attributes, /* attributes used for new file. */
1141 int oplock_request, /* internal Samba oplock codes. */
1142 /* Information (FILE_EXISTS etc.) */
1144 files_struct **result)
1148 bool file_existed = VALID_STAT(*psbuf);
1149 bool def_acl = False;
1150 bool posix_open = False;
1151 bool new_file_created = False;
1153 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1154 files_struct *fsp = NULL;
1155 mode_t new_unx_mode = (mode_t)0;
1156 mode_t unx_mode = (mode_t)0;
1158 uint32 existing_dos_attributes = 0;
1159 struct pending_message_list *pml = NULL;
1160 struct timeval request_time = timeval_zero();
1161 struct share_mode_lock *lck = NULL;
1162 uint32 open_access_mask = access_mask;
1166 const char *newname;
1170 if (conn->printer) {
1172 * Printers are handled completely differently.
1173 * Most of the passed parameters are ignored.
1177 *pinfo = FILE_WAS_CREATED;
1180 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1182 return print_fsp_open(req, conn, fname, req->vuid, result);
1185 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1187 return NT_STATUS_NO_MEMORY;
1190 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1192 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1193 new_dos_attributes = 0;
1195 /* We add aARCH to this as this mode is only used if the file is
1197 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1201 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1202 "access_mask=0x%x share_access=0x%x "
1203 "create_disposition = 0x%x create_options=0x%x "
1204 "unix mode=0%o oplock_request=%d\n",
1205 fname, new_dos_attributes, access_mask, share_access,
1206 create_disposition, create_options, unx_mode,
1209 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1210 DEBUG(0, ("No smb request but not an internal only open!\n"));
1211 return NT_STATUS_INTERNAL_ERROR;
1215 * Only non-internal opens can be deferred at all
1219 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1220 struct deferred_open_record *state =
1221 (struct deferred_open_record *)pml->private_data.data;
1223 /* Remember the absolute time of the original
1224 request with this mid. We'll use it later to
1225 see if this has timed out. */
1227 request_time = pml->request_time;
1229 /* Remove the deferred open entry under lock. */
1230 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1233 DEBUG(0, ("could not get share mode lock\n"));
1235 del_deferred_open_entry(lck, req->mid);
1239 /* Ensure we don't reprocess this message. */
1240 remove_deferred_open_smb_message(req->mid);
1243 status = check_name(conn, fname);
1244 if (!NT_STATUS_IS_OK(status)) {
1249 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1251 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1255 /* ignore any oplock requests if oplocks are disabled */
1256 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1257 IS_VETO_OPLOCK_PATH(conn, fname)) {
1258 /* Mask off everything except the private Samba bits. */
1259 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1262 /* this is for OS/2 long file names - say we don't support them */
1263 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1264 /* OS/2 Workplace shell fix may be main code stream in a later
1266 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1268 if (use_nt_status()) {
1269 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1271 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1274 switch( create_disposition ) {
1276 * Currently we're using FILE_SUPERSEDE as the same as
1277 * FILE_OVERWRITE_IF but they really are
1278 * different. FILE_SUPERSEDE deletes an existing file
1279 * (requiring delete access) then recreates it.
1281 case FILE_SUPERSEDE:
1282 /* If file exists replace/overwrite. If file doesn't
1284 flags2 |= (O_CREAT | O_TRUNC);
1287 case FILE_OVERWRITE_IF:
1288 /* If file exists replace/overwrite. If file doesn't
1290 flags2 |= (O_CREAT | O_TRUNC);
1294 /* If file exists open. If file doesn't exist error. */
1295 if (!file_existed) {
1296 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1297 "requested for file %s and file "
1298 "doesn't exist.\n", fname ));
1300 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1304 case FILE_OVERWRITE:
1305 /* If file exists overwrite. If file doesn't exist
1307 if (!file_existed) {
1308 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1309 "requested for file %s and file "
1310 "doesn't exist.\n", fname ));
1312 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1318 /* If file exists error. If file doesn't exist
1321 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1322 "requested for file %s and file "
1323 "already exists.\n", fname ));
1324 if (S_ISDIR(psbuf->st_mode)) {
1329 return map_nt_error_from_unix(errno);
1331 flags2 |= (O_CREAT|O_EXCL);
1335 /* If file exists open. If file doesn't exist
1341 return NT_STATUS_INVALID_PARAMETER;
1344 /* We only care about matching attributes on file exists and
1347 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1348 (create_disposition == FILE_OVERWRITE_IF))) {
1349 if (!open_match_attributes(conn, fname,
1350 existing_dos_attributes,
1351 new_dos_attributes, psbuf->st_mode,
1352 unx_mode, &new_unx_mode)) {
1353 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1354 "for file %s (%x %x) (0%o, 0%o)\n",
1355 fname, existing_dos_attributes,
1357 (unsigned int)psbuf->st_mode,
1358 (unsigned int)unx_mode ));
1360 return NT_STATUS_ACCESS_DENIED;
1364 /* This is a nasty hack - must fix... JRA. */
1365 if (access_mask == MAXIMUM_ALLOWED_ACCESS) {
1366 open_access_mask = access_mask = FILE_GENERIC_ALL;
1370 * Convert GENERIC bits to specific bits.
1373 se_map_generic(&access_mask, &file_generic_mapping);
1374 open_access_mask = access_mask;
1376 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1377 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1380 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1381 "access_mask=0x%x\n", fname, access_mask ));
1384 * Note that we ignore the append flag as append does not
1385 * mean the same thing under DOS and Unix.
1388 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1389 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1390 /* DENY_DOS opens are always underlying read-write on the
1391 file handle, no matter what the requested access mask
1393 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1394 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1404 * Currently we only look at FILE_WRITE_THROUGH for create options.
1408 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1413 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1417 if (!posix_open && !CAN_WRITE(conn)) {
1419 * We should really return a permission denied error if either
1420 * O_CREAT or O_TRUNC are set, but for compatibility with
1421 * older versions of Samba we just AND them out.
1423 flags2 &= ~(O_CREAT|O_TRUNC);
1427 * Ensure we can't write on a read-only share or file.
1430 if (flags != O_RDONLY && file_existed &&
1431 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1432 DEBUG(5,("open_file_ntcreate: write access requested for "
1433 "file %s on read only %s\n",
1434 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1436 return NT_STATUS_ACCESS_DENIED;
1439 status = file_new(req, conn, &fsp);
1440 if(!NT_STATUS_IS_OK(status)) {
1444 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1445 fsp->share_access = share_access;
1446 fsp->fh->private_options = create_options;
1447 fsp->access_mask = open_access_mask; /* We change this to the
1448 * requested access_mask after
1449 * the open is done. */
1450 fsp->posix_open = posix_open;
1452 /* Ensure no SAMBA_PRIVATE bits can be set. */
1453 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1455 if (timeval_is_zero(&request_time)) {
1456 request_time = fsp->open_time;
1460 struct timespec old_write_time = get_mtimespec(psbuf);
1461 id = vfs_file_id_from_sbuf(conn, psbuf);
1463 lck = get_share_mode_lock(talloc_tos(), id,
1465 fname, &old_write_time);
1468 file_free(req, fsp);
1469 DEBUG(0, ("Could not get share mode lock\n"));
1470 return NT_STATUS_SHARING_VIOLATION;
1473 /* First pass - send break only on batch oplocks. */
1475 && delay_for_oplocks(lck, fsp, req->mid, 1,
1477 schedule_defer_open(lck, request_time, req);
1479 file_free(req, fsp);
1480 return NT_STATUS_SHARING_VIOLATION;
1483 /* Use the client requested access mask here, not the one we
1485 status = open_mode_check(conn, fname, lck,
1486 access_mask, share_access,
1487 create_options, &file_existed);
1489 if (NT_STATUS_IS_OK(status)) {
1490 /* We might be going to allow this open. Check oplock
1492 /* Second pass - send break for both batch or
1493 * exclusive oplocks. */
1495 && delay_for_oplocks(lck, fsp, req->mid, 2,
1497 schedule_defer_open(lck, request_time, req);
1499 file_free(req, fsp);
1500 return NT_STATUS_SHARING_VIOLATION;
1504 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1505 /* DELETE_PENDING is not deferred for a second */
1507 file_free(req, fsp);
1511 if (!NT_STATUS_IS_OK(status)) {
1512 uint32 can_access_mask;
1513 bool can_access = True;
1515 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1517 /* Check if this can be done with the deny_dos and fcb
1519 if (create_options &
1520 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1521 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1522 files_struct *fsp_dup;
1525 DEBUG(0, ("DOS open without an SMB "
1528 file_free(req, fsp);
1529 return NT_STATUS_INTERNAL_ERROR;
1532 /* Use the client requested access mask here,
1533 * not the one we open with. */
1534 fsp_dup = fcb_or_dos_open(req, conn, fname, id,
1543 file_free(req, fsp);
1545 *pinfo = FILE_WAS_OPENED;
1547 conn->num_files_open++;
1549 return NT_STATUS_OK;
1554 * This next line is a subtlety we need for
1555 * MS-Access. If a file open will fail due to share
1556 * permissions and also for security (access) reasons,
1557 * we need to return the access failed error, not the
1558 * share error. We can't open the file due to kernel
1559 * oplock deadlock (it's possible we failed above on
1560 * the open_mode_check()) so use a userspace check.
1563 if (flags & O_RDWR) {
1564 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1565 } else if (flags & O_WRONLY) {
1566 can_access_mask = FILE_WRITE_DATA;
1568 can_access_mask = FILE_READ_DATA;
1571 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1572 !can_access_file_data(conn,fname,psbuf,can_access_mask)) {
1577 * If we're returning a share violation, ensure we
1578 * cope with the braindead 1 second delay.
1581 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1582 lp_defer_sharing_violations()) {
1583 struct timeval timeout;
1584 struct deferred_open_record state;
1587 /* this is a hack to speed up torture tests
1589 timeout_usecs = lp_parm_int(SNUM(conn),
1590 "smbd","sharedelay",
1591 SHARING_VIOLATION_USEC_WAIT);
1593 /* This is a relative time, added to the absolute
1594 request_time value to get the absolute timeout time.
1595 Note that if this is the second or greater time we enter
1596 this codepath for this particular request mid then
1597 request_time is left as the absolute time of the *first*
1598 time this request mid was processed. This is what allows
1599 the request to eventually time out. */
1601 timeout = timeval_set(0, timeout_usecs);
1603 /* Nothing actually uses state.delayed_for_oplocks
1604 but it's handy to differentiate in debug messages
1605 between a 30 second delay due to oplock break, and
1606 a 1 second delay for share mode conflicts. */
1608 state.delayed_for_oplocks = False;
1612 && !request_timed_out(request_time,
1614 defer_open(lck, request_time, timeout,
1622 * We have detected a sharing violation here
1623 * so return the correct error code
1625 status = NT_STATUS_SHARING_VIOLATION;
1627 status = NT_STATUS_ACCESS_DENIED;
1629 file_free(req, fsp);
1634 * We exit this block with the share entry *locked*.....
1638 SMB_ASSERT(!file_existed || (lck != NULL));
1641 * Ensure we pay attention to default ACLs on directories if required.
1644 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1645 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1649 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1650 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1651 (unsigned int)flags, (unsigned int)flags2,
1652 (unsigned int)unx_mode, (unsigned int)access_mask,
1653 (unsigned int)open_access_mask));
1656 * open_file strips any O_TRUNC flags itself.
1659 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1660 flags|flags2, unx_mode, access_mask,
1663 if (!NT_STATUS_IS_OK(fsp_open)) {
1667 file_free(req, fsp);
1671 if (!file_existed) {
1672 struct timespec old_write_time = get_mtimespec(psbuf);
1674 * Deal with the race condition where two smbd's detect the
1675 * file doesn't exist and do the create at the same time. One
1676 * of them will win and set a share mode, the other (ie. this
1677 * one) should check if the requested share mode for this
1678 * create is allowed.
1682 * Now the file exists and fsp is successfully opened,
1683 * fsp->dev and fsp->inode are valid and should replace the
1684 * dev=0,inode=0 from a non existent file. Spotted by
1685 * Nadav Danieli <nadavd@exanet.com>. JRA.
1690 lck = get_share_mode_lock(talloc_tos(), id,
1692 fname, &old_write_time);
1695 DEBUG(0, ("open_file_ntcreate: Could not get share "
1696 "mode lock for %s\n", fname));
1698 file_free(req, fsp);
1699 return NT_STATUS_SHARING_VIOLATION;
1702 /* First pass - send break only on batch oplocks. */
1704 && delay_for_oplocks(lck, fsp, req->mid, 1,
1706 schedule_defer_open(lck, request_time, req);
1709 file_free(req, fsp);
1710 return NT_STATUS_SHARING_VIOLATION;
1713 status = open_mode_check(conn, fname, lck,
1714 access_mask, share_access,
1715 create_options, &file_existed);
1717 if (NT_STATUS_IS_OK(status)) {
1718 /* We might be going to allow this open. Check oplock
1720 /* Second pass - send break for both batch or
1721 * exclusive oplocks. */
1723 && delay_for_oplocks(lck, fsp, req->mid, 2,
1725 schedule_defer_open(lck, request_time, req);
1728 file_free(req, fsp);
1729 return NT_STATUS_SHARING_VIOLATION;
1733 if (!NT_STATUS_IS_OK(status)) {
1734 struct deferred_open_record state;
1737 file_free(req, fsp);
1739 state.delayed_for_oplocks = False;
1742 /* Do it all over again immediately. In the second
1743 * round we will find that the file existed and handle
1744 * the DELETE_PENDING and FCB cases correctly. No need
1745 * to duplicate the code here. Essentially this is a
1746 * "goto top of this function", but don't tell
1750 defer_open(lck, request_time, timeval_zero(),
1758 * We exit this block with the share entry *locked*.....
1763 SMB_ASSERT(lck != NULL);
1765 /* note that we ignore failure for the following. It is
1766 basically a hack for NFS, and NFS will never set one of
1767 these only read them. Nobody but Samba can ever set a deny
1768 mode and we have already checked our more authoritative
1769 locking database for permission to set this deny mode. If
1770 the kernel refuses the operations then the kernel is wrong.
1771 note that GPFS supports it as well - jmcd */
1773 if (fsp->fh->fd != -1) {
1774 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
1775 if(ret_flock == -1 ){
1779 file_free(req, fsp);
1781 return NT_STATUS_SHARING_VIOLATION;
1786 * At this point onwards, we can guarentee that the share entry
1787 * is locked, whether we created the file or not, and that the
1788 * deny mode is compatible with all current opens.
1792 * If requested, truncate the file.
1795 if (flags2&O_TRUNC) {
1797 * We are modifing the file after open - update the stat
1800 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
1801 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
1802 status = map_nt_error_from_unix(errno);
1805 file_free(req, fsp);
1810 /* Record the options we were opened with. */
1811 fsp->share_access = share_access;
1812 fsp->fh->private_options = create_options;
1813 fsp->access_mask = access_mask;
1816 /* stat opens on existing files don't get oplocks. */
1817 if (is_stat_open(open_access_mask)) {
1818 fsp->oplock_type = NO_OPLOCK;
1821 if (!(flags2 & O_TRUNC)) {
1822 info = FILE_WAS_OPENED;
1824 info = FILE_WAS_OVERWRITTEN;
1827 info = FILE_WAS_CREATED;
1835 * Setup the oplock info in both the shared memory and
1839 if ((fsp->oplock_type != NO_OPLOCK) &&
1840 (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) {
1841 if (!set_file_oplock(fsp, fsp->oplock_type)) {
1842 /* Could not get the kernel oplock */
1843 fsp->oplock_type = NO_OPLOCK;
1847 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
1848 new_file_created = True;
1851 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
1852 fsp->oplock_type, new_file_created);
1854 /* Handle strange delete on close create semantics. */
1855 if ((create_options & FILE_DELETE_ON_CLOSE)
1856 && (((conn->fs_capabilities & FILE_NAMED_STREAMS)
1857 && is_ntfs_stream_name(fname))
1858 || can_set_initial_delete_on_close(lck))) {
1859 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
1861 if (!NT_STATUS_IS_OK(status)) {
1862 /* Remember to delete the mode we just added. */
1863 del_share_mode(lck, fsp);
1866 file_free(req, fsp);
1869 /* Note that here we set the *inital* delete on close flag,
1870 not the regular one. The magic gets handled in close. */
1871 fsp->initial_delete_on_close = True;
1874 if (new_file_created) {
1875 /* Files should be initially set as archive */
1876 if (lp_map_archive(SNUM(conn)) ||
1877 lp_store_dos_attributes(SNUM(conn))) {
1879 SMB_STRUCT_STAT tmp_sbuf;
1880 SET_STAT_INVALID(tmp_sbuf);
1881 if (file_set_dosmode(
1883 new_dos_attributes | aARCH,
1884 &tmp_sbuf, parent_dir,
1886 unx_mode = tmp_sbuf.st_mode;
1893 * Take care of inherited ACLs on created files - if default ACL not
1897 if (!posix_open && !file_existed && !def_acl) {
1899 int saved_errno = errno; /* We might get ENOSYS in the next
1902 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
1904 errno = saved_errno; /* Ignore ENOSYS */
1907 } else if (new_unx_mode) {
1911 /* Attributes need changing. File already existed. */
1914 int saved_errno = errno; /* We might get ENOSYS in the
1916 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
1918 if (ret == -1 && errno == ENOSYS) {
1919 errno = saved_errno; /* Ignore ENOSYS */
1921 DEBUG(5, ("open_file_ntcreate: reset "
1922 "attributes of file %s to 0%o\n",
1923 fname, (unsigned int)new_unx_mode));
1924 ret = 0; /* Don't do the fchmod below. */
1929 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
1930 DEBUG(5, ("open_file_ntcreate: failed to reset "
1931 "attributes of file %s to 0%o\n",
1932 fname, (unsigned int)new_unx_mode));
1935 /* If this is a successful open, we must remove any deferred open
1938 del_deferred_open_entry(lck, req->mid);
1942 conn->num_files_open++;
1945 return NT_STATUS_OK;
1948 /****************************************************************************
1949 Open a file for for write to ensure that we can fchmod it.
1950 ****************************************************************************/
1952 NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn,
1954 SMB_STRUCT_STAT *psbuf, files_struct **result)
1956 files_struct *fsp = NULL;
1959 if (!VALID_STAT(*psbuf)) {
1960 return NT_STATUS_INVALID_PARAMETER;
1963 status = file_new(req, conn, &fsp);
1964 if(!NT_STATUS_IS_OK(status)) {
1968 /* note! we must use a non-zero desired access or we don't get
1969 a real file descriptor. Oh what a twisted web we weave. */
1970 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
1971 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
1974 * This is not a user visible file open.
1975 * Don't set a share mode and don't increment
1976 * the conn->num_files_open.
1979 if (!NT_STATUS_IS_OK(status)) {
1980 file_free(req, fsp);
1985 return NT_STATUS_OK;
1988 /****************************************************************************
1989 Close the fchmod file fd - ensure no locks are lost.
1990 ****************************************************************************/
1992 NTSTATUS close_file_fchmod(struct smb_request *req, files_struct *fsp)
1994 NTSTATUS status = fd_close(fsp);
1995 file_free(req, fsp);
1999 static NTSTATUS mkdir_internal(connection_struct *conn,
2001 uint32 file_attributes,
2002 SMB_STRUCT_STAT *psbuf)
2006 const char *dirname;
2008 bool posix_open = false;
2010 if(!CAN_WRITE(conn)) {
2011 DEBUG(5,("mkdir_internal: failing create on read-only share "
2012 "%s\n", lp_servicename(SNUM(conn))));
2013 return NT_STATUS_ACCESS_DENIED;
2016 status = check_name(conn, name);
2017 if (!NT_STATUS_IS_OK(status)) {
2021 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2023 return NT_STATUS_NO_MEMORY;
2026 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2028 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2030 mode = unix_mode(conn, aDIR, name, parent_dir);
2033 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2034 return map_nt_error_from_unix(errno);
2037 /* Ensure we're checking for a symlink here.... */
2038 /* We don't want to get caught by a symlink racer. */
2040 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2041 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2042 name, strerror(errno)));
2043 return map_nt_error_from_unix(errno);
2046 if (!S_ISDIR(psbuf->st_mode)) {
2047 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2049 return NT_STATUS_ACCESS_DENIED;
2052 if (lp_store_dos_attributes(SNUM(conn))) {
2054 file_set_dosmode(conn, name,
2055 file_attributes | aDIR, NULL,
2061 if (lp_inherit_perms(SNUM(conn))) {
2062 inherit_access_posix_acl(conn, parent_dir, name, mode);
2065 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2067 * Check if high bits should have been set,
2068 * then (if bits are missing): add them.
2069 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2072 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2073 SMB_VFS_CHMOD(conn, name,
2074 psbuf->st_mode | (mode & ~psbuf->st_mode));
2078 /* Change the owner if required. */
2079 if (lp_inherit_owner(SNUM(conn))) {
2080 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2083 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2086 return NT_STATUS_OK;
2089 /****************************************************************************
2090 Open a directory from an NT SMB call.
2091 ****************************************************************************/
2093 NTSTATUS open_directory(connection_struct *conn,
2094 struct smb_request *req,
2096 SMB_STRUCT_STAT *psbuf,
2098 uint32 share_access,
2099 uint32 create_disposition,
2100 uint32 create_options,
2101 uint32 file_attributes,
2103 files_struct **result)
2105 files_struct *fsp = NULL;
2106 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2107 struct share_mode_lock *lck = NULL;
2109 struct timespec mtimespec;
2112 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2113 "share_access = 0x%x create_options = 0x%x, "
2114 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2116 (unsigned int)access_mask,
2117 (unsigned int)share_access,
2118 (unsigned int)create_options,
2119 (unsigned int)create_disposition,
2120 (unsigned int)file_attributes));
2122 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2123 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2124 is_ntfs_stream_name(fname)) {
2125 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2126 return NT_STATUS_NOT_A_DIRECTORY;
2129 switch( create_disposition ) {
2132 info = FILE_WAS_OPENED;
2135 * We want to follow symlinks here.
2138 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2139 return map_nt_error_from_unix(errno);
2146 /* If directory exists error. If directory doesn't
2149 status = mkdir_internal(conn,
2154 if (!NT_STATUS_IS_OK(status)) {
2155 DEBUG(2, ("open_directory: unable to create "
2156 "%s. Error was %s\n", fname,
2157 nt_errstr(status)));
2161 info = FILE_WAS_CREATED;
2166 * If directory exists open. If directory doesn't
2170 status = mkdir_internal(conn,
2175 if (NT_STATUS_IS_OK(status)) {
2176 info = FILE_WAS_CREATED;
2179 if (NT_STATUS_EQUAL(status,
2180 NT_STATUS_OBJECT_NAME_COLLISION)) {
2181 info = FILE_WAS_OPENED;
2182 status = NT_STATUS_OK;
2187 case FILE_SUPERSEDE:
2188 case FILE_OVERWRITE:
2189 case FILE_OVERWRITE_IF:
2191 DEBUG(5,("open_directory: invalid create_disposition "
2192 "0x%x for directory %s\n",
2193 (unsigned int)create_disposition, fname));
2194 return NT_STATUS_INVALID_PARAMETER;
2197 if(!S_ISDIR(psbuf->st_mode)) {
2198 DEBUG(5,("open_directory: %s is not a directory !\n",
2200 return NT_STATUS_NOT_A_DIRECTORY;
2203 status = file_new(req, conn, &fsp);
2204 if(!NT_STATUS_IS_OK(status)) {
2209 * Setup the files_struct for it.
2212 fsp->mode = psbuf->st_mode;
2213 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2214 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2215 fsp->file_pid = req ? req->smbpid : 0;
2216 fsp->can_lock = False;
2217 fsp->can_read = False;
2218 fsp->can_write = False;
2220 fsp->share_access = share_access;
2221 fsp->fh->private_options = create_options;
2222 fsp->access_mask = access_mask;
2224 fsp->print_file = False;
2225 fsp->modified = False;
2226 fsp->oplock_type = NO_OPLOCK;
2227 fsp->sent_oplock_break = NO_BREAK_SENT;
2228 fsp->is_directory = True;
2229 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2231 string_set(&fsp->fsp_name,fname);
2233 mtimespec = get_mtimespec(psbuf);
2235 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2240 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2241 file_free(req, fsp);
2242 return NT_STATUS_SHARING_VIOLATION;
2245 status = open_mode_check(conn, fname, lck,
2246 access_mask, share_access,
2247 create_options, &dir_existed);
2249 if (!NT_STATUS_IS_OK(status)) {
2251 file_free(req, fsp);
2255 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK,
2258 /* For directories the delete on close bit at open time seems
2259 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2260 if (create_options & FILE_DELETE_ON_CLOSE) {
2261 status = can_set_delete_on_close(fsp, True, 0);
2262 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2264 file_free(req, fsp);
2268 if (NT_STATUS_IS_OK(status)) {
2269 /* Note that here we set the *inital* delete on close flag,
2270 not the regular one. The magic gets handled in close. */
2271 fsp->initial_delete_on_close = True;
2281 conn->num_files_open++;
2284 return NT_STATUS_OK;
2287 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2290 SMB_STRUCT_STAT sbuf;
2293 SET_STAT_INVALID(sbuf);
2295 status = open_directory(conn, req, directory, &sbuf,
2296 FILE_READ_ATTRIBUTES, /* Just a stat open */
2297 FILE_SHARE_NONE, /* Ignored for stat opens */
2300 FILE_ATTRIBUTE_DIRECTORY,
2304 if (NT_STATUS_IS_OK(status)) {
2305 close_file(req, fsp, NORMAL_CLOSE);
2311 /****************************************************************************
2312 Receive notification that one of our open files has been renamed by another
2314 ****************************************************************************/
2316 void msg_file_was_renamed(struct messaging_context *msg,
2319 struct server_id server_id,
2323 char *frm = (char *)data->data;
2325 const char *sharepath;
2326 const char *newname;
2329 if (data->data == NULL
2330 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2331 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2332 (int)data->length));
2336 /* Unpack the message. */
2337 pull_file_id_16(frm, &id);
2338 sharepath = &frm[16];
2339 newname = sharepath + strlen(sharepath) + 1;
2340 sp_len = strlen(sharepath);
2342 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2344 sharepath, newname, file_id_string_tos(&id)));
2346 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2347 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2348 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2349 fsp->fnum, fsp->fsp_name, newname ));
2350 string_set(&fsp->fsp_name, newname);
2353 /* Now we have the complete path we can work out if this is
2354 actually within this share and adjust newname accordingly. */
2355 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2356 "not sharepath %s) "
2357 "fnum %d from %s -> %s\n",
2358 fsp->conn->connectpath,
2367 struct case_semantics_state {
2368 connection_struct *conn;
2369 bool case_sensitive;
2371 bool short_case_preserve;
2374 /****************************************************************************
2375 Restore case semantics.
2376 ****************************************************************************/
2377 static int restore_case_semantics(struct case_semantics_state *state)
2379 state->conn->case_sensitive = state->case_sensitive;
2380 state->conn->case_preserve = state->case_preserve;
2381 state->conn->short_case_preserve = state->short_case_preserve;
2385 /****************************************************************************
2386 Save case semantics.
2387 ****************************************************************************/
2388 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2389 connection_struct *conn)
2391 struct case_semantics_state *result;
2393 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2394 DEBUG(0, ("talloc failed\n"));
2398 result->conn = conn;
2399 result->case_sensitive = conn->case_sensitive;
2400 result->case_preserve = conn->case_preserve;
2401 result->short_case_preserve = conn->short_case_preserve;
2404 conn->case_sensitive = True;
2405 conn->case_preserve = True;
2406 conn->short_case_preserve = True;
2408 talloc_set_destructor(result, restore_case_semantics);
2414 * If a main file is opened for delete, all streams need to be checked for
2415 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2416 * If that works, delete them all by setting the delete on close and close.
2419 static NTSTATUS open_streams_for_delete(connection_struct *conn,
2422 struct stream_struct *stream_info;
2423 files_struct **streams;
2425 unsigned int num_streams;
2426 TALLOC_CTX *frame = talloc_stackframe();
2429 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2430 &num_streams, &stream_info);
2432 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2433 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2434 DEBUG(10, ("no streams around\n"));
2436 return NT_STATUS_OK;
2439 if (!NT_STATUS_IS_OK(status)) {
2440 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2441 nt_errstr(status)));
2445 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2448 if (num_streams == 0) {
2450 return NT_STATUS_OK;
2453 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2454 if (streams == NULL) {
2455 DEBUG(0, ("talloc failed\n"));
2456 status = NT_STATUS_NO_MEMORY;
2460 for (i=0; i<num_streams; i++) {
2463 if (strequal(stream_info[i].name, "::$DATA")) {
2468 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2469 stream_info[i].name);
2471 if (streamname == NULL) {
2472 DEBUG(0, ("talloc_aprintf failed\n"));
2473 status = NT_STATUS_NO_MEMORY;
2477 status = create_file_unixpath
2480 streamname, /* fname */
2481 DELETE_ACCESS, /* access_mask */
2482 FILE_SHARE_READ | FILE_SHARE_WRITE
2483 | FILE_SHARE_DELETE, /* share_access */
2484 FILE_OPEN, /* create_disposition*/
2485 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2486 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2487 0, /* oplock_request */
2488 0, /* allocation_size */
2491 &streams[i], /* result */
2495 TALLOC_FREE(streamname);
2497 if (!NT_STATUS_IS_OK(status)) {
2498 DEBUG(10, ("Could not open stream %s: %s\n",
2499 streamname, nt_errstr(status)));
2505 * don't touch the variable "status" beyond this point :-)
2508 for (i -= 1 ; i >= 0; i--) {
2509 if (streams[i] == NULL) {
2513 DEBUG(10, ("Closing stream # %d, %s\n", i,
2514 streams[i]->fsp_name));
2515 close_file(NULL, streams[i], NORMAL_CLOSE);
2524 * Wrapper around open_file_ntcreate and open_directory
2527 NTSTATUS create_file_unixpath(connection_struct *conn,
2528 struct smb_request *req,
2530 uint32_t access_mask,
2531 uint32_t share_access,
2532 uint32_t create_disposition,
2533 uint32_t create_options,
2534 uint32_t file_attributes,
2535 uint32_t oplock_request,
2536 uint64_t allocation_size,
2537 struct security_descriptor *sd,
2538 struct ea_list *ea_list,
2540 files_struct **result,
2542 SMB_STRUCT_STAT *psbuf)
2544 SMB_STRUCT_STAT sbuf;
2545 int info = FILE_WAS_OPENED;
2546 files_struct *base_fsp = NULL;
2547 files_struct *fsp = NULL;
2550 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2551 "file_attributes = 0x%x, share_access = 0x%x, "
2552 "create_disposition = 0x%x create_options = 0x%x "
2553 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2555 (unsigned int)access_mask,
2556 (unsigned int)file_attributes,
2557 (unsigned int)share_access,
2558 (unsigned int)create_disposition,
2559 (unsigned int)create_options,
2560 (unsigned int)oplock_request,
2561 ea_list, sd, fname));
2563 if (create_options & FILE_OPEN_BY_FILE_ID) {
2564 status = NT_STATUS_NOT_SUPPORTED;
2568 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2569 status = NT_STATUS_INVALID_PARAMETER;
2574 oplock_request |= INTERNAL_OPEN_ONLY;
2577 if (psbuf != NULL) {
2581 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2582 SET_STAT_INVALID(sbuf);
2586 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2587 && (access_mask & DELETE_ACCESS)
2588 && !is_ntfs_stream_name(fname)) {
2590 * We can't open a file with DELETE access if any of the
2591 * streams is open without FILE_SHARE_DELETE
2593 status = open_streams_for_delete(conn, fname);
2595 if (!NT_STATUS_IS_OK(status)) {
2600 /* This is the correct thing to do (check every time) but can_delete
2601 * is expensive (it may have to read the parent directory
2602 * permissions). So for now we're not doing it unless we have a strong
2603 * hint the client is really going to delete this file. If the client
2604 * is forcing FILE_CREATE let the filesystem take care of the
2607 /* Setting FILE_SHARE_DELETE is the hint. */
2609 if (lp_acl_check_permissions(SNUM(conn))
2610 && (create_disposition != FILE_CREATE)
2611 && (share_access & FILE_SHARE_DELETE)
2612 && (access_mask & DELETE_ACCESS)
2613 && (!can_delete_file_in_directory(conn, fname))) {
2614 status = NT_STATUS_ACCESS_DENIED;
2619 /* We need to support SeSecurityPrivilege for this. */
2620 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2621 !user_has_privileges(current_user.nt_user_token,
2623 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2628 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2629 && is_ntfs_stream_name(fname)
2630 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2632 uint32 base_create_disposition;
2634 if (create_options & FILE_DIRECTORY_FILE) {
2635 status = NT_STATUS_NOT_A_DIRECTORY;
2639 status = split_ntfs_stream_name(talloc_tos(), fname,
2641 if (!NT_STATUS_IS_OK(status)) {
2642 DEBUG(10, ("create_file_unixpath: "
2643 "split_ntfs_stream_name failed: %s\n",
2644 nt_errstr(status)));
2648 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2650 switch (create_disposition) {
2652 base_create_disposition = FILE_OPEN;
2655 base_create_disposition = FILE_OPEN_IF;
2659 status = create_file_unixpath(conn, NULL, base, 0,
2662 | FILE_SHARE_DELETE,
2663 base_create_disposition,
2664 0, 0, 0, 0, NULL, NULL,
2665 &base_fsp, NULL, NULL);
2666 if (!NT_STATUS_IS_OK(status)) {
2667 DEBUG(10, ("create_file_unixpath for base %s failed: "
2668 "%s\n", base, nt_errstr(status)));
2674 * If it's a request for a directory open, deal with it separately.
2677 if (create_options & FILE_DIRECTORY_FILE) {
2679 if (create_options & FILE_NON_DIRECTORY_FILE) {
2680 status = NT_STATUS_INVALID_PARAMETER;
2684 /* Can't open a temp directory. IFS kit test. */
2685 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2686 status = NT_STATUS_INVALID_PARAMETER;
2691 * We will get a create directory here if the Win32
2692 * app specified a security descriptor in the
2693 * CreateDirectory() call.
2697 status = open_directory(
2698 conn, req, fname, &sbuf, access_mask, share_access,
2699 create_disposition, create_options, file_attributes,
2704 * Ordinary file case.
2707 status = open_file_ntcreate(
2708 conn, req, fname, &sbuf, access_mask, share_access,
2709 create_disposition, create_options, file_attributes,
2710 oplock_request, &info, &fsp);
2712 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2715 * Fail the open if it was explicitly a non-directory
2719 if (create_options & FILE_NON_DIRECTORY_FILE) {
2720 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2725 status = open_directory(
2726 conn, req, fname, &sbuf, access_mask,
2727 share_access, create_disposition,
2728 create_options, file_attributes,
2733 if (!NT_STATUS_IS_OK(status)) {
2738 * According to the MS documentation, the only time the security
2739 * descriptor is applied to the opened file is iff we *created* the
2740 * file; an existing file stays the same.
2742 * Also, it seems (from observation) that you can open the file with
2743 * any access mask but you can still write the sd. We need to override
2744 * the granted access before we call set_sd
2745 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
2748 if ((sd != NULL) && (info == FILE_WAS_CREATED)
2749 && lp_nt_acl_support(SNUM(conn))) {
2751 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
2752 uint32_t saved_access_mask = fsp->access_mask;
2754 if (sd->owner_sid == NULL) {
2755 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
2757 if (sd->group_sid == NULL) {
2758 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
2760 if (sd->sacl == NULL) {
2761 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
2763 if (sd->dacl == NULL) {
2764 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
2767 fsp->access_mask = FILE_GENERIC_ALL;
2769 /* Convert all the generic bits. */
2770 security_acl_map_generic(sd->dacl, &file_generic_mapping);
2771 security_acl_map_generic(sd->sacl, &file_generic_mapping);
2773 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
2775 fsp->access_mask = saved_access_mask;
2777 if (!NT_STATUS_IS_OK(status)) {
2782 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
2783 status = set_ea(conn, fsp, fname, ea_list);
2784 if (!NT_STATUS_IS_OK(status)) {
2789 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
2790 status = NT_STATUS_ACCESS_DENIED;
2794 /* Save the requested allocation size. */
2795 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
2797 && (allocation_size > sbuf.st_size)) {
2798 fsp->initial_allocation_size = smb_roundup(
2799 fsp->conn, allocation_size);
2800 if (fsp->is_directory) {
2801 /* Can't set allocation size on a directory. */
2802 status = NT_STATUS_ACCESS_DENIED;
2805 if (vfs_allocate_file_space(
2806 fsp, fsp->initial_allocation_size) == -1) {
2807 status = NT_STATUS_DISK_FULL;
2811 fsp->initial_allocation_size = smb_roundup(
2812 fsp->conn, (uint64_t)sbuf.st_size);
2816 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
2819 * Set fsp->base_fsp late enough that we can't "goto fail" anymore. In
2820 * the fail: branch we call close_file(fsp, ERROR_CLOSE) which would
2821 * also close fsp->base_fsp which we have to also do explicitly in
2822 * this routine here, as not in all "goto fail:" we have the fsp set
2823 * up already to be initialized with the base_fsp.
2826 fsp->base_fsp = base_fsp;
2829 if (pinfo != NULL) {
2832 if (psbuf != NULL) {
2833 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
2837 SMB_VFS_FSTAT(fsp, psbuf);
2840 return NT_STATUS_OK;
2843 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
2846 close_file(req, fsp, ERROR_CLOSE);
2849 if (base_fsp != NULL) {
2850 close_file(req, base_fsp, ERROR_CLOSE);
2856 NTSTATUS create_file(connection_struct *conn,
2857 struct smb_request *req,
2858 uint16_t root_dir_fid,
2860 uint32_t access_mask,
2861 uint32_t share_access,
2862 uint32_t create_disposition,
2863 uint32_t create_options,
2864 uint32_t file_attributes,
2865 uint32_t oplock_request,
2866 uint64_t allocation_size,
2867 struct security_descriptor *sd,
2868 struct ea_list *ea_list,
2870 files_struct **result,
2872 SMB_STRUCT_STAT *psbuf)
2874 struct case_semantics_state *case_state = NULL;
2875 SMB_STRUCT_STAT sbuf;
2876 int info = FILE_WAS_OPENED;
2877 files_struct *fsp = NULL;
2880 DEBUG(10,("create_file: access_mask = 0x%x "
2881 "file_attributes = 0x%x, share_access = 0x%x, "
2882 "create_disposition = 0x%x create_options = 0x%x "
2883 "oplock_request = 0x%x "
2884 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
2886 (unsigned int)access_mask,
2887 (unsigned int)file_attributes,
2888 (unsigned int)share_access,
2889 (unsigned int)create_disposition,
2890 (unsigned int)create_options,
2891 (unsigned int)oplock_request,
2892 (unsigned int)root_dir_fid,
2893 ea_list, sd, fname));
2896 * Get the file name.
2899 if (root_dir_fid != 0) {
2901 * This filename is relative to a directory fid.
2903 char *parent_fname = NULL;
2904 files_struct *dir_fsp = file_fsp(req, root_dir_fid);
2906 if (dir_fsp == NULL) {
2907 status = NT_STATUS_INVALID_HANDLE;
2911 if (!dir_fsp->is_directory) {
2914 * Check to see if this is a mac fork of some kind.
2917 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2918 is_ntfs_stream_name(fname)) {
2919 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
2924 we need to handle the case when we get a
2925 relative open relative to a file and the
2926 pathname is blank - this is a reopen!
2927 (hint from demyn plantenberg)
2930 status = NT_STATUS_INVALID_HANDLE;
2934 if (ISDOT(dir_fsp->fsp_name)) {
2936 * We're at the toplevel dir, the final file name
2937 * must not contain ./, as this is filtered out
2938 * normally by srvstr_get_path and unix_convert
2939 * explicitly rejects paths containing ./.
2941 parent_fname = talloc_strdup(talloc_tos(), "");
2942 if (parent_fname == NULL) {
2943 status = NT_STATUS_NO_MEMORY;
2947 size_t dir_name_len = strlen(dir_fsp->fsp_name);
2950 * Copy in the base directory name.
2953 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
2955 if (parent_fname == NULL) {
2956 status = NT_STATUS_NO_MEMORY;
2959 memcpy(parent_fname, dir_fsp->fsp_name,
2963 * Ensure it ends in a '/'.
2964 * We used TALLOC_SIZE +2 to add space for the '/'.
2968 && (parent_fname[dir_name_len-1] != '\\')
2969 && (parent_fname[dir_name_len-1] != '/')) {
2970 parent_fname[dir_name_len] = '/';
2971 parent_fname[dir_name_len+1] = '\0';
2975 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
2977 if (fname == NULL) {
2978 status = NT_STATUS_NO_MEMORY;
2984 * Check to see if this is a mac fork of some kind.
2987 if (is_ntfs_stream_name(fname)) {
2988 enum FAKE_FILE_TYPE fake_file_type;
2990 fake_file_type = is_fake_file(fname);
2992 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
2995 * Here we go! support for changing the disk quotas
2998 * We need to fake up to open this MAGIC QUOTA file
2999 * and return a valid FID.
3001 * w2k close this file directly after openening xp
3002 * also tries a QUERY_FILE_INFO on the file and then
3005 status = open_fake_file(req, conn, req->vuid,
3006 fake_file_type, fname,
3008 if (!NT_STATUS_IS_OK(status)) {
3016 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3017 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3022 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3023 char *resolved_fname;
3025 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3028 if (!NT_STATUS_IS_OK(status)) {
3030 * For PATH_NOT_COVERED we had
3031 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3032 * ERRSRV, ERRbadpath);
3033 * Need to fix in callers
3037 fname = resolved_fname;
3041 * Check if POSIX semantics are wanted.
3044 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3045 case_state = set_posix_case_semantics(talloc_tos(), conn);
3046 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
3050 char *converted_fname;
3052 SET_STAT_INVALID(sbuf);
3054 status = unix_convert(talloc_tos(), conn, fname, False,
3055 &converted_fname, NULL, &sbuf);
3056 if (!NT_STATUS_IS_OK(status)) {
3059 fname = converted_fname;
3062 TALLOC_FREE(case_state);
3064 /* All file access must go through check_name() */
3066 status = check_name(conn, fname);
3067 if (!NT_STATUS_IS_OK(status)) {
3071 status = create_file_unixpath(
3072 conn, req, fname, access_mask, share_access,
3073 create_disposition, create_options, file_attributes,
3074 oplock_request, allocation_size, sd, ea_list,
3075 &fsp, &info, &sbuf);
3077 if (!NT_STATUS_IS_OK(status)) {
3082 DEBUG(10, ("create_file: info=%d\n", info));
3085 if (pinfo != NULL) {
3088 if (psbuf != NULL) {
3091 return NT_STATUS_OK;
3094 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3097 close_file(req, fsp, ERROR_CLOSE);
git.samba.org / kai / samba.git / blob