- status = resolve_dfspath(ctx, conn,
- req->flags2 & FLAGS2_DFS_PATHNAMES,
- fname,
- &fname);
- if (!NT_STATUS_IS_OK(status)) {
- if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
- reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
- ERRSRV, ERRbadpath);
- return;
- }
- reply_nterror(req, status);
- return;
- }
-
- /*
- * Check if POSIX semantics are wanted.
- */
-
- if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
- case_state = set_posix_case_semantics(NULL, conn);
- file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
- }
-
- status = unix_convert(ctx, conn, fname, False, &fname, NULL, &sbuf);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(case_state);
- reply_nterror(req, status);
- return;
- }
- /* All file access must go through check_name() */
- status = check_name(conn, fname);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(case_state);
- reply_nterror(req, status);
- return;
- }
-
- /* This is the correct thing to do (check every time) but can_delete
- * is expensive (it may have to read the parent directory
- * permissions). So for now we're not doing it unless we have a strong
- * hint the client is really going to delete this file. If the client
- * is forcing FILE_CREATE let the filesystem take care of the
- * permissions. */
-
- /* Setting FILE_SHARE_DELETE is the hint. */
-
- if (lp_acl_check_permissions(SNUM(conn))
- && (create_disposition != FILE_CREATE)
- && (share_access & FILE_SHARE_DELETE)
- && (access_mask & DELETE_ACCESS)) {
- if (((dos_mode(conn, fname, &sbuf) & FILE_ATTRIBUTE_READONLY)
- && !lp_delete_readonly(SNUM(conn))) ||
- !can_delete_file_in_directory(conn, fname)) {
- TALLOC_FREE(case_state);
- reply_nterror(req, NT_STATUS_ACCESS_DENIED);
- return;
- }
- }
-
-#if 0
- /* We need to support SeSecurityPrivilege for this. */
- if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
- !user_has_privileges(current_user.nt_user_token,
- &se_security)) {
- TALLOC_FREE(case_state);
- reply_nterror(req, NT_STATUS_PRIVILEGE_NOT_HELD);
- return;
- }
-#endif
-
- /*
- * If it's a request for a directory open, deal with it separately.
- */
-
- if(create_options & FILE_DIRECTORY_FILE) {
-
- /* Can't open a temp directory. IFS kit test. */
- if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
- TALLOC_FREE(case_state);
- reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
- return;
- }
-
- /*
- * We will get a create directory here if the Win32
- * app specified a security descriptor in the
- * CreateDirectory() call.
- */
-
- oplock_request = 0;
- status = open_directory(conn, req, fname, &sbuf,
- access_mask,
- share_access,
- create_disposition,
- create_options,
- file_attributes,
- &info, &fsp);
- } else {
-
- /*
- * Ordinary file case.
- */
-
- status = open_file_ntcreate(conn,req,fname,&sbuf,
- access_mask,
- share_access,
- create_disposition,
- create_options,
- file_attributes,
- oplock_request,
- &info, &fsp);
-
- if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
-
- /*
- * Fail the open if it was explicitly a non-directory
- * file.
- */
-
- if (create_options & FILE_NON_DIRECTORY_FILE) {
- TALLOC_FREE(case_state);
- reply_force_nterror(
- req,
- NT_STATUS_FILE_IS_A_DIRECTORY);
- return;
- }
-
- oplock_request = 0;
- status = open_directory(conn, req, fname,
- &sbuf,
- access_mask,
- share_access,
- create_disposition,
- create_options,
- file_attributes,
- &info, &fsp);
- }
- }
-
- TALLOC_FREE(case_state);