search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
A brown paper bag bug fix for "net sam rights"
[Samba.git] / source / smbd / open.c
blob0d1dd31cd60fc7f3659a93c44b4e31137ccda3fd
1 /*
2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23
24 extern const struct generic_mapping file_generic_mapping;
25 extern struct current_user current_user;
26 extern userdom_struct current_user_info;
27 extern bool global_client_failed_oplock_break;
28
29 struct deferred_open_record {
30 bool delayed_for_oplocks;
31 struct file_id id;
32 };
33
34 /****************************************************************************
35 fd support routines - attempt to do a dos_open.
36 ****************************************************************************/
37
38 static NTSTATUS fd_open(struct connection_struct *conn,
39 const char *fname,
40 files_struct *fsp,
41 int flags,
42 mode_t mode)
43 {
44 NTSTATUS status = NT_STATUS_OK;
45
46 #ifdef O_NOFOLLOW
47 /*
48 * Never follow symlinks on a POSIX client. The
49 * client should be doing this.
50 */
51
52 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
53 flags |= O_NOFOLLOW;
54 }
55 #endif
56
57 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
58 if (fsp->fh->fd == -1) {
59 status = map_nt_error_from_unix(errno);
60 }
61
62 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
63 fname, flags, (int)mode, fsp->fh->fd,
64 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
65
66 return status;
67 }
68
69 /****************************************************************************
70 Close the file associated with a fsp.
71 ****************************************************************************/
72
73 NTSTATUS fd_close(files_struct *fsp)
74 {
75 int ret;
76
77 if (fsp->fh->fd == -1) {
78 return NT_STATUS_OK; /* What we used to call a stat open. */
79 }
80 if (fsp->fh->ref_count > 1) {
81 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
82 }
83
84 ret = SMB_VFS_CLOSE(fsp);
85 fsp->fh->fd = -1;
86 if (ret == -1) {
87 return map_nt_error_from_unix(errno);
88 }
89 return NT_STATUS_OK;
90 }
91
92 /****************************************************************************
93 Change the ownership of a file to that of the parent directory.
94 Do this by fd if possible.
95 ****************************************************************************/
96
97 static void change_file_owner_to_parent(connection_struct *conn,
98 const char *inherit_from_dir,
99 files_struct *fsp)
100 {
101 SMB_STRUCT_STAT parent_st;
102 int ret;
103
104 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
105 if (ret == -1) {
106 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
107 "directory %s. Error was %s\n",
108 inherit_from_dir, strerror(errno) ));
109 return;
110 }
111
112 become_root();
113 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
114 unbecome_root();
115 if (ret == -1) {
116 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
117 "file %s to parent directory uid %u. Error "
118 "was %s\n", fsp->fsp_name,
119 (unsigned int)parent_st.st_uid,
120 strerror(errno) ));
121 }
122
123 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
124 "parent directory uid %u.\n", fsp->fsp_name,
125 (unsigned int)parent_st.st_uid ));
126 }
127
128 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
129 const char *inherit_from_dir,
130 const char *fname,
131 SMB_STRUCT_STAT *psbuf)
132 {
133 char *saved_dir = NULL;
134 SMB_STRUCT_STAT sbuf;
135 SMB_STRUCT_STAT parent_st;
136 TALLOC_CTX *ctx = talloc_tos();
137 NTSTATUS status = NT_STATUS_OK;
138 int ret;
139
140 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
141 if (ret == -1) {
142 status = map_nt_error_from_unix(errno);
143 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
144 "directory %s. Error was %s\n",
145 inherit_from_dir, strerror(errno) ));
146 return status;
147 }
148
149 /* We've already done an lstat into psbuf, and we know it's a
150 directory. If we can cd into the directory and the dev/ino
151 are the same then we can safely chown without races as
152 we're locking the directory in place by being in it. This
153 should work on any UNIX (thanks tridge :-). JRA.
154 */
155
156 saved_dir = vfs_GetWd(ctx,conn);
157 if (!saved_dir) {
158 status = map_nt_error_from_unix(errno);
159 DEBUG(0,("change_dir_owner_to_parent: failed to get "
160 "current working directory. Error was %s\n",
161 strerror(errno)));
162 return status;
163 }
164
165 /* Chdir into the new path. */
166 if (vfs_ChDir(conn, fname) == -1) {
167 status = map_nt_error_from_unix(errno);
168 DEBUG(0,("change_dir_owner_to_parent: failed to change "
169 "current working directory to %s. Error "
170 "was %s\n", fname, strerror(errno) ));
171 goto out;
172 }
173
174 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
175 status = map_nt_error_from_unix(errno);
176 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
177 "directory '.' (%s) Error was %s\n",
178 fname, strerror(errno)));
179 goto out;
180 }
181
182 /* Ensure we're pointing at the same place. */
183 if (sbuf.st_dev != psbuf->st_dev ||
184 sbuf.st_ino != psbuf->st_ino ||
185 sbuf.st_mode != psbuf->st_mode ) {
186 DEBUG(0,("change_dir_owner_to_parent: "
187 "device/inode/mode on directory %s changed. "
188 "Refusing to chown !\n", fname ));
189 status = NT_STATUS_ACCESS_DENIED;
190 goto out;
191 }
192
193 become_root();
194 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
195 unbecome_root();
196 if (ret == -1) {
197 status = map_nt_error_from_unix(errno);
198 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
199 "directory %s to parent directory uid %u. "
200 "Error was %s\n", fname,
201 (unsigned int)parent_st.st_uid, strerror(errno) ));
202 goto out;
203 }
204
205 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
206 "directory %s to parent directory uid %u.\n",
207 fname, (unsigned int)parent_st.st_uid ));
208
209 out:
210
211 vfs_ChDir(conn,saved_dir);
212 return status;
213 }
214
215 /****************************************************************************
216 Open a file.
217 ****************************************************************************/
218
219 static NTSTATUS open_file(files_struct *fsp,
220 connection_struct *conn,
221 struct smb_request *req,
222 const char *parent_dir,
223 const char *name,
224 const char *path,
225 SMB_STRUCT_STAT *psbuf,
226 int flags,
227 mode_t unx_mode,
228 uint32 access_mask, /* client requested access mask. */
229 uint32 open_access_mask) /* what we're actually using in the open. */
230 {
231 NTSTATUS status = NT_STATUS_OK;
232 int accmode = (flags & O_ACCMODE);
233 int local_flags = flags;
234 bool file_existed = VALID_STAT(*psbuf);
235
236 fsp->fh->fd = -1;
237 errno = EPERM;
238
239 /* Check permissions */
240
241 /*
242 * This code was changed after seeing a client open request
243 * containing the open mode of (DENY_WRITE/read-only) with
244 * the 'create if not exist' bit set. The previous code
245 * would fail to open the file read only on a read-only share
246 * as it was checking the flags parameter directly against O_RDONLY,
247 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
248 * JRA.
249 */
250
251 if (!CAN_WRITE(conn)) {
252 /* It's a read-only share - fail if we wanted to write. */
253 if(accmode != O_RDONLY) {
254 DEBUG(3,("Permission denied opening %s\n", path));
255 return NT_STATUS_ACCESS_DENIED;
256 } else if(flags & O_CREAT) {
257 /* We don't want to write - but we must make sure that
258 O_CREAT doesn't create the file if we have write
259 access into the directory.
260 */
261 flags &= ~O_CREAT;
262 local_flags &= ~O_CREAT;
263 }
264 }
265
266 /*
267 * This little piece of insanity is inspired by the
268 * fact that an NT client can open a file for O_RDONLY,
269 * but set the create disposition to FILE_EXISTS_TRUNCATE.
270 * If the client *can* write to the file, then it expects to
271 * truncate the file, even though it is opening for readonly.
272 * Quicken uses this stupid trick in backup file creation...
273 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
274 * for helping track this one down. It didn't bite us in 2.0.x
275 * as we always opened files read-write in that release. JRA.
276 */
277
278 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
279 DEBUG(10,("open_file: truncate requested on read-only open "
280 "for file %s\n", path));
281 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
282 }
283
284 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
285 (!file_existed && (local_flags & O_CREAT)) ||
286 ((local_flags & O_TRUNC) == O_TRUNC) ) {
287
288 /*
289 * We can't actually truncate here as the file may be locked.
290 * open_file_ntcreate will take care of the truncate later. JRA.
291 */
292
293 local_flags &= ~O_TRUNC;
294
295 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
296 /*
297 * We would block on opening a FIFO with no one else on the
298 * other end. Do what we used to do and add O_NONBLOCK to the
299 * open flags. JRA.
300 */
301
302 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
303 local_flags |= O_NONBLOCK;
304 }
305 #endif
306
307 /* Don't create files with Microsoft wildcard characters. */
308 if ((local_flags & O_CREAT) && !file_existed &&
309 ms_has_wild(path)) {
310 return NT_STATUS_OBJECT_NAME_INVALID;
311 }
312
313 /* Actually do the open */
314 status = fd_open(conn, path, fsp, local_flags, unx_mode);
315 if (!NT_STATUS_IS_OK(status)) {
316 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
317 "(flags=%d)\n",
318 path,nt_errstr(status),local_flags,flags));
319 return status;
320 }
321
322 if ((local_flags & O_CREAT) && !file_existed) {
323
324 /* Inherit the ACL if required */
325 if (lp_inherit_perms(SNUM(conn))) {
326 inherit_access_acl(conn, parent_dir, path,
327 unx_mode);
328 }
329
330 /* Change the owner if required. */
331 if (lp_inherit_owner(SNUM(conn))) {
332 change_file_owner_to_parent(conn, parent_dir,
333 fsp);
334 }
335
336 notify_fname(conn, NOTIFY_ACTION_ADDED,
337 FILE_NOTIFY_CHANGE_FILE_NAME, path);
338 }
339
340 } else {
341 fsp->fh->fd = -1; /* What we used to call a stat open. */
342 }
343
344 if (!file_existed) {
345 int ret;
346
347 if (fsp->fh->fd == -1) {
348 ret = SMB_VFS_STAT(conn, path, psbuf);
349 } else {
350 ret = SMB_VFS_FSTAT(fsp, psbuf);
351 /* If we have an fd, this stat should succeed. */
352 if (ret == -1) {
353 DEBUG(0,("Error doing fstat on open file %s "
354 "(%s)\n", path,strerror(errno) ));
355 }
356 }
357
358 /* For a non-io open, this stat failing means file not found. JRA */
359 if (ret == -1) {
360 status = map_nt_error_from_unix(errno);
361 fd_close(fsp);
362 return status;
363 }
364 }
365
366 /*
367 * POSIX allows read-only opens of directories. We don't
368 * want to do this (we use a different code path for this)
369 * so catch a directory open and return an EISDIR. JRA.
370 */
371
372 if(S_ISDIR(psbuf->st_mode)) {
373 fd_close(fsp);
374 errno = EISDIR;
375 return NT_STATUS_FILE_IS_A_DIRECTORY;
376 }
377
378 fsp->mode = psbuf->st_mode;
379 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
380 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
381 fsp->file_pid = req ? req->smbpid : 0;
382 fsp->can_lock = True;
383 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
384 if (!CAN_WRITE(conn)) {
385 fsp->can_write = False;
386 } else {
387 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
388 True : False;
389 }
390 fsp->print_file = False;
391 fsp->modified = False;
392 fsp->sent_oplock_break = NO_BREAK_SENT;
393 fsp->is_directory = False;
394 fsp->is_stat = False;
395 if (conn->aio_write_behind_list &&
396 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
397 fsp->aio_write_behind = True;
398 }
399
400 string_set(&fsp->fsp_name, path);
401 fsp->wcp = NULL; /* Write cache pointer. */
402
403 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
404 *current_user_info.smb_name ?
405 current_user_info.smb_name : conn->user,fsp->fsp_name,
406 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
407 conn->num_files_open + 1));
408
409 errno = 0;
410 return NT_STATUS_OK;
411 }
412
413 /*******************************************************************
414 Return True if the filename is one of the special executable types.
415 ********************************************************************/
416
417 static bool is_executable(const char *fname)
418 {
419 if ((fname = strrchr_m(fname,'.'))) {
420 if (strequal(fname,".com") ||
421 strequal(fname,".dll") ||
422 strequal(fname,".exe") ||
423 strequal(fname,".sym")) {
424 return True;
425 }
426 }
427 return False;
428 }
429
430 /****************************************************************************
431 Check if we can open a file with a share mode.
432 Returns True if conflict, False if not.
433 ****************************************************************************/
434
435 static bool share_conflict(struct share_mode_entry *entry,
436 uint32 access_mask,
437 uint32 share_access)
438 {
439 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
440 "entry->share_access = 0x%x, "
441 "entry->private_options = 0x%x\n",
442 (unsigned int)entry->access_mask,
443 (unsigned int)entry->share_access,
444 (unsigned int)entry->private_options));
445
446 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
447 (unsigned int)access_mask, (unsigned int)share_access));
448
449 if ((entry->access_mask & (FILE_WRITE_DATA|
450 FILE_APPEND_DATA|
451 FILE_READ_DATA|
452 FILE_EXECUTE|
453 DELETE_ACCESS)) == 0) {
454 DEBUG(10,("share_conflict: No conflict due to "
455 "entry->access_mask = 0x%x\n",
456 (unsigned int)entry->access_mask ));
457 return False;
458 }
459
460 if ((access_mask & (FILE_WRITE_DATA|
461 FILE_APPEND_DATA|
462 FILE_READ_DATA|
463 FILE_EXECUTE|
464 DELETE_ACCESS)) == 0) {
465 DEBUG(10,("share_conflict: No conflict due to "
466 "access_mask = 0x%x\n",
467 (unsigned int)access_mask ));
468 return False;
469 }
470
471 #if 1 /* JRA TEST - Superdebug. */
472 #define CHECK_MASK(num, am, right, sa, share) \
473 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
474 (unsigned int)(num), (unsigned int)(am), \
475 (unsigned int)(right), (unsigned int)(am)&(right) )); \
476 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
477 (unsigned int)(num), (unsigned int)(sa), \
478 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
479 if (((am) & (right)) && !((sa) & (share))) { \
480 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
481 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
482 (unsigned int)(share) )); \
483 return True; \
484 }
485 #else
486 #define CHECK_MASK(num, am, right, sa, share) \
487 if (((am) & (right)) && !((sa) & (share))) { \
488 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
489 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
490 (unsigned int)(share) )); \
491 return True; \
492 }
493 #endif
494
495 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
496 share_access, FILE_SHARE_WRITE);
497 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
498 entry->share_access, FILE_SHARE_WRITE);
499
500 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
501 share_access, FILE_SHARE_READ);
502 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
503 entry->share_access, FILE_SHARE_READ);
504
505 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
506 share_access, FILE_SHARE_DELETE);
507 CHECK_MASK(6, access_mask, DELETE_ACCESS,
508 entry->share_access, FILE_SHARE_DELETE);
509
510 DEBUG(10,("share_conflict: No conflict.\n"));
511 return False;
512 }
513
514 #if defined(DEVELOPER)
515 static void validate_my_share_entries(int num,
516 struct share_mode_entry *share_entry)
517 {
518 files_struct *fsp;
519
520 if (!procid_is_me(&share_entry->pid)) {
521 return;
522 }
523
524 if (is_deferred_open_entry(share_entry) &&
525 !open_was_deferred(share_entry->op_mid)) {
526 char *str = talloc_asprintf(talloc_tos(),
527 "Got a deferred entry without a request: "
528 "PANIC: %s\n",
529 share_mode_str(talloc_tos(), num, share_entry));
530 smb_panic(str);
531 }
532
533 if (!is_valid_share_mode_entry(share_entry)) {
534 return;
535 }
536
537 fsp = file_find_dif(share_entry->id,
538 share_entry->share_file_id);
539 if (!fsp) {
540 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
541 share_mode_str(talloc_tos(), num, share_entry) ));
542 smb_panic("validate_my_share_entries: Cannot match a "
543 "share entry with an open file\n");
544 }
545
546 if (is_deferred_open_entry(share_entry) ||
547 is_unused_share_mode_entry(share_entry)) {
548 goto panic;
549 }
550
551 if ((share_entry->op_type == NO_OPLOCK) &&
552 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
553 /* Someone has already written to it, but I haven't yet
554 * noticed */
555 return;
556 }
557
558 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
559 goto panic;
560 }
561
562 return;
563
564 panic:
565 {
566 char *str;
567 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
568 share_mode_str(talloc_tos(), num, share_entry) ));
569 str = talloc_asprintf(talloc_tos(),
570 "validate_my_share_entries: "
571 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
572 fsp->fsp_name, (unsigned int)fsp->oplock_type,
573 (unsigned int)share_entry->op_type );
574 smb_panic(str);
575 }
576 }
577 #endif
578
579 static bool is_stat_open(uint32 access_mask)
580 {
581 return (access_mask &&
582 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
583 FILE_WRITE_ATTRIBUTES))==0) &&
584 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
585 FILE_WRITE_ATTRIBUTES)) != 0));
586 }
587
588 /****************************************************************************
589 Deal with share modes
590 Invarient: Share mode must be locked on entry and exit.
591 Returns -1 on error, or number of share modes on success (may be zero).
592 ****************************************************************************/
593
594 static NTSTATUS open_mode_check(connection_struct *conn,
595 const char *fname,
596 struct share_mode_lock *lck,
597 uint32 access_mask,
598 uint32 share_access,
599 uint32 create_options,
600 bool *file_existed)
601 {
602 int i;
603
604 if(lck->num_share_modes == 0) {
605 return NT_STATUS_OK;
606 }
607
608 *file_existed = True;
609
610 /* A delete on close prohibits everything */
611
612 if (lck->delete_on_close) {
613 return NT_STATUS_DELETE_PENDING;
614 }
615
616 if (is_stat_open(access_mask)) {
617 /* Stat open that doesn't trigger oplock breaks or share mode
618 * checks... ! JRA. */
619 return NT_STATUS_OK;
620 }
621
622 /*
623 * Check if the share modes will give us access.
624 */
625
626 #if defined(DEVELOPER)
627 for(i = 0; i < lck->num_share_modes; i++) {
628 validate_my_share_entries(i, &lck->share_modes[i]);
629 }
630 #endif
631
632 if (!lp_share_modes(SNUM(conn))) {
633 return NT_STATUS_OK;
634 }
635
636 /* Now we check the share modes, after any oplock breaks. */
637 for(i = 0; i < lck->num_share_modes; i++) {
638
639 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
640 continue;
641 }
642
643 /* someone else has a share lock on it, check to see if we can
644 * too */
645 if (share_conflict(&lck->share_modes[i],
646 access_mask, share_access)) {
647 return NT_STATUS_SHARING_VIOLATION;
648 }
649 }
650
651 return NT_STATUS_OK;
652 }
653
654 static bool is_delete_request(files_struct *fsp) {
655 return ((fsp->access_mask == DELETE_ACCESS) &&
656 (fsp->oplock_type == NO_OPLOCK));
657 }
658
659 /*
660 * 1) No files open at all or internal open: Grant whatever the client wants.
661 *
662 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
663 * request, break if the oplock around is a batch oplock. If it's another
664 * requested access type, break.
665 *
666 * 3) Only level2 around: Grant level2 and do nothing else.
667 */
668
669 static bool delay_for_oplocks(struct share_mode_lock *lck,
670 files_struct *fsp,
671 uint16 mid,
672 int pass_number,
673 int oplock_request)
674 {
675 int i;
676 struct share_mode_entry *exclusive = NULL;
677 bool valid_entry = False;
678 bool delay_it = False;
679 bool have_level2 = False;
680 NTSTATUS status;
681 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
682
683 if (oplock_request & INTERNAL_OPEN_ONLY) {
684 fsp->oplock_type = NO_OPLOCK;
685 }
686
687 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
688 return False;
689 }
690
691 for (i=0; i<lck->num_share_modes; i++) {
692
693 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
694 continue;
695 }
696
697 /* At least one entry is not an invalid or deferred entry. */
698 valid_entry = True;
699
700 if (pass_number == 1) {
701 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
702 SMB_ASSERT(exclusive == NULL);
703 exclusive = &lck->share_modes[i];
704 }
705 } else {
706 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
707 SMB_ASSERT(exclusive == NULL);
708 exclusive = &lck->share_modes[i];
709 }
710 }
711
712 if (lck->share_modes[i].op_type == LEVEL_II_OPLOCK) {
713 SMB_ASSERT(exclusive == NULL);
714 have_level2 = True;
715 }
716 }
717
718 if (!valid_entry) {
719 /* All entries are placeholders or deferred.
720 * Directly grant whatever the client wants. */
721 if (fsp->oplock_type == NO_OPLOCK) {
722 /* Store a level2 oplock, but don't tell the client */
723 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
724 }
725 return False;
726 }
727
728 if (exclusive != NULL) { /* Found an exclusive oplock */
729 SMB_ASSERT(!have_level2);
730 delay_it = is_delete_request(fsp) ?
731 BATCH_OPLOCK_TYPE(exclusive->op_type) : True;
732 }
733
734 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
735 /* We can at most grant level2 as there are other
736 * level2 or NO_OPLOCK entries. */
737 fsp->oplock_type = LEVEL_II_OPLOCK;
738 }
739
740 if ((fsp->oplock_type == NO_OPLOCK) && have_level2) {
741 /* Store a level2 oplock, but don't tell the client */
742 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
743 }
744
745 if (!delay_it) {
746 return False;
747 }
748
749 /*
750 * Send a break message to the oplock holder and delay the open for
751 * our client.
752 */
753
754 DEBUG(10, ("Sending break request to PID %s\n",
755 procid_str_static(&exclusive->pid)));
756 exclusive->op_mid = mid;
757
758 /* Create the message. */
759 share_mode_entry_to_message(msg, exclusive);
760
761 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
762 don't want this set in the share mode struct pointed to by lck. */
763
764 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
765 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
766 }
767
768 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
769 MSG_SMB_BREAK_REQUEST,
770 (uint8 *)msg,
771 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
772 if (!NT_STATUS_IS_OK(status)) {
773 DEBUG(3, ("Could not send oplock break message: %s\n",
774 nt_errstr(status)));
775 }
776
777 return True;
778 }
779
780 static bool request_timed_out(struct timeval request_time,
781 struct timeval timeout)
782 {
783 struct timeval now, end_time;
784 GetTimeOfDay(&now);
785 end_time = timeval_sum(&request_time, &timeout);
786 return (timeval_compare(&end_time, &now) < 0);
787 }
788
789 /****************************************************************************
790 Handle the 1 second delay in returning a SHARING_VIOLATION error.
791 ****************************************************************************/
792
793 static void defer_open(struct share_mode_lock *lck,
794 struct timeval request_time,
795 struct timeval timeout,
796 struct smb_request *req,
797 struct deferred_open_record *state)
798 {
799 int i;
800
801 /* Paranoia check */
802
803 for (i=0; i<lck->num_share_modes; i++) {
804 struct share_mode_entry *e = &lck->share_modes[i];
805
806 if (!is_deferred_open_entry(e)) {
807 continue;
808 }
809
810 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
811 DEBUG(0, ("Trying to defer an already deferred "
812 "request: mid=%d, exiting\n", req->mid));
813 exit_server("attempt to defer a deferred request");
814 }
815 }
816
817 /* End paranoia check */
818
819 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
820 "open entry for mid %u\n",
821 (unsigned int)request_time.tv_sec,
822 (unsigned int)request_time.tv_usec,
823 (unsigned int)req->mid));
824
825 if (!push_deferred_smb_message(req, request_time, timeout,
826 (char *)state, sizeof(*state))) {
827 exit_server("push_deferred_smb_message failed");
828 }
829 add_deferred_open(lck, req->mid, request_time, state->id);
830
831 /*
832 * Push the MID of this packet on the signing queue.
833 * We only do this once, the first time we push the packet
834 * onto the deferred open queue, as this has a side effect
835 * of incrementing the response sequence number.
836 */
837
838 srv_defer_sign_response(req->mid);
839 }
840
841
842 /****************************************************************************
843 On overwrite open ensure that the attributes match.
844 ****************************************************************************/
845
846 static bool open_match_attributes(connection_struct *conn,
847 const char *path,
848 uint32 old_dos_attr,
849 uint32 new_dos_attr,
850 mode_t existing_unx_mode,
851 mode_t new_unx_mode,
852 mode_t *returned_unx_mode)
853 {
854 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
855
856 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
857 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
858
859 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
860 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
861 *returned_unx_mode = new_unx_mode;
862 } else {
863 *returned_unx_mode = (mode_t)0;
864 }
865
866 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
867 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
868 "returned_unx_mode = 0%o\n",
869 path,
870 (unsigned int)old_dos_attr,
871 (unsigned int)existing_unx_mode,
872 (unsigned int)new_dos_attr,
873 (unsigned int)*returned_unx_mode ));
874
875 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
876 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
877 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
878 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
879 return False;
880 }
881 }
882 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
883 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
884 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
885 return False;
886 }
887 }
888 return True;
889 }
890
891 /****************************************************************************
892 Special FCB or DOS processing in the case of a sharing violation.
893 Try and find a duplicated file handle.
894 ****************************************************************************/
895
896 static files_struct *fcb_or_dos_open(connection_struct *conn,
897 const char *fname,
898 struct file_id id,
899 uint16 file_pid,
900 uint16 vuid,
901 uint32 access_mask,
902 uint32 share_access,
903 uint32 create_options)
904 {
905 files_struct *fsp;
906 files_struct *dup_fsp;
907
908 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
909 "file %s.\n", fname ));
910
911 for(fsp = file_find_di_first(id); fsp;
912 fsp = file_find_di_next(fsp)) {
913
914 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
915 "vuid = %u, file_pid = %u, private_options = 0x%x "
916 "access_mask = 0x%x\n", fsp->fsp_name,
917 fsp->fh->fd, (unsigned int)fsp->vuid,
918 (unsigned int)fsp->file_pid,
919 (unsigned int)fsp->fh->private_options,
920 (unsigned int)fsp->access_mask ));
921
922 if (fsp->fh->fd != -1 &&
923 fsp->vuid == vuid &&
924 fsp->file_pid == file_pid &&
925 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
926 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
927 (fsp->access_mask & FILE_WRITE_DATA) &&
928 strequal(fsp->fsp_name, fname)) {
929 DEBUG(10,("fcb_or_dos_open: file match\n"));
930 break;
931 }
932 }
933
934 if (!fsp) {
935 return NULL;
936 }
937
938 /* quite an insane set of semantics ... */
939 if (is_executable(fname) &&
940 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
941 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
942 return NULL;
943 }
944
945 /* We need to duplicate this fsp. */
946 if (!NT_STATUS_IS_OK(dup_file_fsp(fsp, access_mask, share_access,
947 create_options, &dup_fsp))) {
948 return NULL;
949 }
950
951 return dup_fsp;
952 }
953
954 /****************************************************************************
955 Open a file with a share mode - old openX method - map into NTCreate.
956 ****************************************************************************/
957
958 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
959 uint32 *paccess_mask,
960 uint32 *pshare_mode,
961 uint32 *pcreate_disposition,
962 uint32 *pcreate_options)
963 {
964 uint32 access_mask;
965 uint32 share_mode;
966 uint32 create_disposition;
967 uint32 create_options = 0;
968
969 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
970 "open_func = 0x%x\n",
971 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
972
973 /* Create the NT compatible access_mask. */
974 switch (GET_OPENX_MODE(deny_mode)) {
975 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
976 case DOS_OPEN_RDONLY:
977 access_mask = FILE_GENERIC_READ;
978 break;
979 case DOS_OPEN_WRONLY:
980 access_mask = FILE_GENERIC_WRITE;
981 break;
982 case DOS_OPEN_RDWR:
983 case DOS_OPEN_FCB:
984 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
985 break;
986 default:
987 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
988 (unsigned int)GET_OPENX_MODE(deny_mode)));
989 return False;
990 }
991
992 /* Create the NT compatible create_disposition. */
993 switch (open_func) {
994 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
995 create_disposition = FILE_CREATE;
996 break;
997
998 case OPENX_FILE_EXISTS_OPEN:
999 create_disposition = FILE_OPEN;
1000 break;
1001
1002 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1003 create_disposition = FILE_OPEN_IF;
1004 break;
1005
1006 case OPENX_FILE_EXISTS_TRUNCATE:
1007 create_disposition = FILE_OVERWRITE;
1008 break;
1009
1010 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1011 create_disposition = FILE_OVERWRITE_IF;
1012 break;
1013
1014 default:
1015 /* From samba4 - to be confirmed. */
1016 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1017 create_disposition = FILE_CREATE;
1018 break;
1019 }
1020 DEBUG(10,("map_open_params_to_ntcreate: bad "
1021 "open_func 0x%x\n", (unsigned int)open_func));
1022 return False;
1023 }
1024
1025 /* Create the NT compatible share modes. */
1026 switch (GET_DENY_MODE(deny_mode)) {
1027 case DENY_ALL:
1028 share_mode = FILE_SHARE_NONE;
1029 break;
1030
1031 case DENY_WRITE:
1032 share_mode = FILE_SHARE_READ;
1033 break;
1034
1035 case DENY_READ:
1036 share_mode = FILE_SHARE_WRITE;
1037 break;
1038
1039 case DENY_NONE:
1040 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1041 break;
1042
1043 case DENY_DOS:
1044 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1045 if (is_executable(fname)) {
1046 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1047 } else {
1048 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1049 share_mode = FILE_SHARE_READ;
1050 } else {
1051 share_mode = FILE_SHARE_NONE;
1052 }
1053 }
1054 break;
1055
1056 case DENY_FCB:
1057 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1058 share_mode = FILE_SHARE_NONE;
1059 break;
1060
1061 default:
1062 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1063 (unsigned int)GET_DENY_MODE(deny_mode) ));
1064 return False;
1065 }
1066
1067 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1068 "share_mode = 0x%x, create_disposition = 0x%x, "
1069 "create_options = 0x%x\n",
1070 fname,
1071 (unsigned int)access_mask,
1072 (unsigned int)share_mode,
1073 (unsigned int)create_disposition,
1074 (unsigned int)create_options ));
1075
1076 if (paccess_mask) {
1077 *paccess_mask = access_mask;
1078 }
1079 if (pshare_mode) {
1080 *pshare_mode = share_mode;
1081 }
1082 if (pcreate_disposition) {
1083 *pcreate_disposition = create_disposition;
1084 }
1085 if (pcreate_options) {
1086 *pcreate_options = create_options;
1087 }
1088
1089 return True;
1090
1091 }
1092
1093 static void schedule_defer_open(struct share_mode_lock *lck,
1094 struct timeval request_time,
1095 struct smb_request *req)
1096 {
1097 struct deferred_open_record state;
1098
1099 /* This is a relative time, added to the absolute
1100 request_time value to get the absolute timeout time.
1101 Note that if this is the second or greater time we enter
1102 this codepath for this particular request mid then
1103 request_time is left as the absolute time of the *first*
1104 time this request mid was processed. This is what allows
1105 the request to eventually time out. */
1106
1107 struct timeval timeout;
1108
1109 /* Normally the smbd we asked should respond within
1110 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1111 * the client did, give twice the timeout as a safety
1112 * measure here in case the other smbd is stuck
1113 * somewhere else. */
1114
1115 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1116
1117 /* Nothing actually uses state.delayed_for_oplocks
1118 but it's handy to differentiate in debug messages
1119 between a 30 second delay due to oplock break, and
1120 a 1 second delay for share mode conflicts. */
1121
1122 state.delayed_for_oplocks = True;
1123 state.id = lck->id;
1124
1125 if (!request_timed_out(request_time, timeout)) {
1126 defer_open(lck, request_time, timeout, req, &state);
1127 }
1128 }
1129
1130 /****************************************************************************
1131 Open a file with a share mode.
1132 ****************************************************************************/
1133
1134 NTSTATUS open_file_ntcreate(connection_struct *conn,
1135 struct smb_request *req,
1136 const char *fname,
1137 SMB_STRUCT_STAT *psbuf,
1138 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1139 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1140 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1141 uint32 create_options, /* options such as delete on close. */
1142 uint32 new_dos_attributes, /* attributes used for new file. */
1143 int oplock_request, /* internal Samba oplock codes. */
1144 /* Information (FILE_EXISTS etc.) */
1145 int *pinfo,
1146 files_struct **result)
1147 {
1148 int flags=0;
1149 int flags2=0;
1150 bool file_existed = VALID_STAT(*psbuf);
1151 bool def_acl = False;
1152 bool posix_open = False;
1153 bool new_file_created = False;
1154 struct file_id id;
1155 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1156 files_struct *fsp = NULL;
1157 mode_t new_unx_mode = (mode_t)0;
1158 mode_t unx_mode = (mode_t)0;
1159 int info;
1160 uint32 existing_dos_attributes = 0;
1161 struct pending_message_list *pml = NULL;
1162 struct timeval request_time = timeval_zero();
1163 struct share_mode_lock *lck = NULL;
1164 uint32 open_access_mask = access_mask;
1165 NTSTATUS status;
1166 int ret_flock;
1167 char *parent_dir;
1168 const char *newname;
1169
1170 ZERO_STRUCT(id);
1171
1172 if (conn->printer) {
1173 /*
1174 * Printers are handled completely differently.
1175 * Most of the passed parameters are ignored.
1176 */
1177
1178 if (pinfo) {
1179 *pinfo = FILE_WAS_CREATED;
1180 }
1181
1182 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1183
1184 return print_fsp_open(conn, fname, result);
1185 }
1186
1187 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1188 &newname)) {
1189 return NT_STATUS_NO_MEMORY;
1190 }
1191
1192 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1193 posix_open = True;
1194 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1195 new_dos_attributes = 0;
1196 } else {
1197 /* We add aARCH to this as this mode is only used if the file is
1198 * created new. */
1199 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1200 parent_dir);
1201 }
1202
1203 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1204 "access_mask=0x%x share_access=0x%x "
1205 "create_disposition = 0x%x create_options=0x%x "
1206 "unix mode=0%o oplock_request=%d\n",
1207 fname, new_dos_attributes, access_mask, share_access,
1208 create_disposition, create_options, unx_mode,
1209 oplock_request));
1210
1211 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1212 DEBUG(0, ("No smb request but not an internal only open!\n"));
1213 return NT_STATUS_INTERNAL_ERROR;
1214 }
1215
1216 /*
1217 * Only non-internal opens can be deferred at all
1218 */
1219
1220 if ((req != NULL)
1221 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1222 struct deferred_open_record *state =
1223 (struct deferred_open_record *)pml->private_data.data;
1224
1225 /* Remember the absolute time of the original
1226 request with this mid. We'll use it later to
1227 see if this has timed out. */
1228
1229 request_time = pml->request_time;
1230
1231 /* Remove the deferred open entry under lock. */
1232 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1233 NULL);
1234 if (lck == NULL) {
1235 DEBUG(0, ("could not get share mode lock\n"));
1236 } else {
1237 del_deferred_open_entry(lck, req->mid);
1238 TALLOC_FREE(lck);
1239 }
1240
1241 /* Ensure we don't reprocess this message. */
1242 remove_deferred_open_smb_message(req->mid);
1243 }
1244
1245 status = check_name(conn, fname);
1246 if (!NT_STATUS_IS_OK(status)) {
1247 return status;
1248 }
1249
1250 if (!posix_open) {
1251 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1252 if (file_existed) {
1253 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1254 }
1255 }
1256
1257 /* ignore any oplock requests if oplocks are disabled */
1258 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1259 IS_VETO_OPLOCK_PATH(conn, fname)) {
1260 /* Mask off everything except the private Samba bits. */
1261 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1262 }
1263
1264 /* this is for OS/2 long file names - say we don't support them */
1265 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1266 /* OS/2 Workplace shell fix may be main code stream in a later
1267 * release. */
1268 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1269 "supported.\n"));
1270 if (use_nt_status()) {
1271 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1272 }
1273 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1274 }
1275
1276 switch( create_disposition ) {
1277 /*
1278 * Currently we're using FILE_SUPERSEDE as the same as
1279 * FILE_OVERWRITE_IF but they really are
1280 * different. FILE_SUPERSEDE deletes an existing file
1281 * (requiring delete access) then recreates it.
1282 */
1283 case FILE_SUPERSEDE:
1284 /* If file exists replace/overwrite. If file doesn't
1285 * exist create. */
1286 flags2 |= (O_CREAT | O_TRUNC);
1287 break;
1288
1289 case FILE_OVERWRITE_IF:
1290 /* If file exists replace/overwrite. If file doesn't
1291 * exist create. */
1292 flags2 |= (O_CREAT | O_TRUNC);
1293 break;
1294
1295 case FILE_OPEN:
1296 /* If file exists open. If file doesn't exist error. */
1297 if (!file_existed) {
1298 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1299 "requested for file %s and file "
1300 "doesn't exist.\n", fname ));
1301 errno = ENOENT;
1302 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1303 }
1304 break;
1305
1306 case FILE_OVERWRITE:
1307 /* If file exists overwrite. If file doesn't exist
1308 * error. */
1309 if (!file_existed) {
1310 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1311 "requested for file %s and file "
1312 "doesn't exist.\n", fname ));
1313 errno = ENOENT;
1314 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1315 }
1316 flags2 |= O_TRUNC;
1317 break;
1318
1319 case FILE_CREATE:
1320 /* If file exists error. If file doesn't exist
1321 * create. */
1322 if (file_existed) {
1323 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1324 "requested for file %s and file "
1325 "already exists.\n", fname ));
1326 if (S_ISDIR(psbuf->st_mode)) {
1327 errno = EISDIR;
1328 } else {
1329 errno = EEXIST;
1330 }
1331 return map_nt_error_from_unix(errno);
1332 }
1333 flags2 |= (O_CREAT|O_EXCL);
1334 break;
1335
1336 case FILE_OPEN_IF:
1337 /* If file exists open. If file doesn't exist
1338 * create. */
1339 flags2 |= O_CREAT;
1340 break;
1341
1342 default:
1343 return NT_STATUS_INVALID_PARAMETER;
1344 }
1345
1346 /* We only care about matching attributes on file exists and
1347 * overwrite. */
1348
1349 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1350 (create_disposition == FILE_OVERWRITE_IF))) {
1351 if (!open_match_attributes(conn, fname,
1352 existing_dos_attributes,
1353 new_dos_attributes, psbuf->st_mode,
1354 unx_mode, &new_unx_mode)) {
1355 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1356 "for file %s (%x %x) (0%o, 0%o)\n",
1357 fname, existing_dos_attributes,
1358 new_dos_attributes,
1359 (unsigned int)psbuf->st_mode,
1360 (unsigned int)unx_mode ));
1361 errno = EACCES;
1362 return NT_STATUS_ACCESS_DENIED;
1363 }
1364 }
1365
1366 /* This is a nasty hack - must fix... JRA. */
1367 if (access_mask == MAXIMUM_ALLOWED_ACCESS) {
1368 open_access_mask = access_mask = FILE_GENERIC_ALL;
1369 }
1370
1371 /*
1372 * Convert GENERIC bits to specific bits.
1373 */
1374
1375 se_map_generic(&access_mask, &file_generic_mapping);
1376 open_access_mask = access_mask;
1377
1378 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1379 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1380 }
1381
1382 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1383 "access_mask=0x%x\n", fname, access_mask ));
1384
1385 /*
1386 * Note that we ignore the append flag as append does not
1387 * mean the same thing under DOS and Unix.
1388 */
1389
1390 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1391 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1392 /* DENY_DOS opens are always underlying read-write on the
1393 file handle, no matter what the requested access mask
1394 says. */
1395 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1396 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1397 flags = O_RDWR;
1398 } else {
1399 flags = O_WRONLY;
1400 }
1401 } else {
1402 flags = O_RDONLY;
1403 }
1404
1405 /*
1406 * Currently we only look at FILE_WRITE_THROUGH for create options.
1407 */
1408
1409 #if defined(O_SYNC)
1410 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1411 flags2 |= O_SYNC;
1412 }
1413 #endif /* O_SYNC */
1414
1415 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1416 flags2 |= O_APPEND;
1417 }
1418
1419 if (!posix_open && !CAN_WRITE(conn)) {
1420 /*
1421 * We should really return a permission denied error if either
1422 * O_CREAT or O_TRUNC are set, but for compatibility with
1423 * older versions of Samba we just AND them out.
1424 */
1425 flags2 &= ~(O_CREAT|O_TRUNC);
1426 }
1427
1428 /*
1429 * Ensure we can't write on a read-only share or file.
1430 */
1431
1432 if (flags != O_RDONLY && file_existed &&
1433 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1434 DEBUG(5,("open_file_ntcreate: write access requested for "
1435 "file %s on read only %s\n",
1436 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1437 errno = EACCES;
1438 return NT_STATUS_ACCESS_DENIED;
1439 }
1440
1441 status = file_new(conn, &fsp);
1442 if(!NT_STATUS_IS_OK(status)) {
1443 return status;
1444 }
1445
1446 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1447 fsp->share_access = share_access;
1448 fsp->fh->private_options = create_options;
1449 fsp->access_mask = open_access_mask; /* We change this to the
1450 * requested access_mask after
1451 * the open is done. */
1452 fsp->posix_open = posix_open;
1453
1454 /* Ensure no SAMBA_PRIVATE bits can be set. */
1455 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1456
1457 if (timeval_is_zero(&request_time)) {
1458 request_time = fsp->open_time;
1459 }
1460
1461 if (file_existed) {
1462 struct timespec old_write_time = get_mtimespec(psbuf);
1463 id = vfs_file_id_from_sbuf(conn, psbuf);
1464
1465 lck = get_share_mode_lock(talloc_tos(), id,
1466 conn->connectpath,
1467 fname, &old_write_time);
1468
1469 if (lck == NULL) {
1470 file_free(fsp);
1471 DEBUG(0, ("Could not get share mode lock\n"));
1472 return NT_STATUS_SHARING_VIOLATION;
1473 }
1474
1475 /* First pass - send break only on batch oplocks. */
1476 if ((req != NULL)
1477 && delay_for_oplocks(lck, fsp, req->mid, 1,
1478 oplock_request)) {
1479 schedule_defer_open(lck, request_time, req);
1480 TALLOC_FREE(lck);
1481 file_free(fsp);
1482 return NT_STATUS_SHARING_VIOLATION;
1483 }
1484
1485 /* Use the client requested access mask here, not the one we
1486 * open with. */
1487 status = open_mode_check(conn, fname, lck,
1488 access_mask, share_access,
1489 create_options, &file_existed);
1490
1491 if (NT_STATUS_IS_OK(status)) {
1492 /* We might be going to allow this open. Check oplock
1493 * status again. */
1494 /* Second pass - send break for both batch or
1495 * exclusive oplocks. */
1496 if ((req != NULL)
1497 && delay_for_oplocks(lck, fsp, req->mid, 2,
1498 oplock_request)) {
1499 schedule_defer_open(lck, request_time, req);
1500 TALLOC_FREE(lck);
1501 file_free(fsp);
1502 return NT_STATUS_SHARING_VIOLATION;
1503 }
1504 }
1505
1506 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1507 /* DELETE_PENDING is not deferred for a second */
1508 TALLOC_FREE(lck);
1509 file_free(fsp);
1510 return status;
1511 }
1512
1513 if (!NT_STATUS_IS_OK(status)) {
1514 uint32 can_access_mask;
1515 bool can_access = True;
1516
1517 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1518
1519 /* Check if this can be done with the deny_dos and fcb
1520 * calls. */
1521 if (create_options &
1522 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1523 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1524 files_struct *fsp_dup;
1525
1526 if (req == NULL) {
1527 DEBUG(0, ("DOS open without an SMB "
1528 "request!\n"));
1529 TALLOC_FREE(lck);
1530 file_free(fsp);
1531 return NT_STATUS_INTERNAL_ERROR;
1532 }
1533
1534 /* Use the client requested access mask here,
1535 * not the one we open with. */
1536 fsp_dup = fcb_or_dos_open(conn, fname, id,
1537 req->smbpid,
1538 req->vuid,
1539 access_mask,
1540 share_access,
1541 create_options);
1542
1543 if (fsp_dup) {
1544 TALLOC_FREE(lck);
1545 file_free(fsp);
1546 if (pinfo) {
1547 *pinfo = FILE_WAS_OPENED;
1548 }
1549 conn->num_files_open++;
1550 *result = fsp_dup;
1551 return NT_STATUS_OK;
1552 }
1553 }
1554
1555 /*
1556 * This next line is a subtlety we need for
1557 * MS-Access. If a file open will fail due to share
1558 * permissions and also for security (access) reasons,
1559 * we need to return the access failed error, not the
1560 * share error. We can't open the file due to kernel
1561 * oplock deadlock (it's possible we failed above on
1562 * the open_mode_check()) so use a userspace check.
1563 */
1564
1565 if (flags & O_RDWR) {
1566 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1567 } else if (flags & O_WRONLY) {
1568 can_access_mask = FILE_WRITE_DATA;
1569 } else {
1570 can_access_mask = FILE_READ_DATA;
1571 }
1572
1573 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1574 !can_access_file(conn,fname,psbuf,can_access_mask)) {
1575 can_access = False;
1576 }
1577
1578 /*
1579 * If we're returning a share violation, ensure we
1580 * cope with the braindead 1 second delay.
1581 */
1582
1583 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1584 lp_defer_sharing_violations()) {
1585 struct timeval timeout;
1586 struct deferred_open_record state;
1587 int timeout_usecs;
1588
1589 /* this is a hack to speed up torture tests
1590 in 'make test' */
1591 timeout_usecs = lp_parm_int(SNUM(conn),
1592 "smbd","sharedelay",
1593 SHARING_VIOLATION_USEC_WAIT);
1594
1595 /* This is a relative time, added to the absolute
1596 request_time value to get the absolute timeout time.
1597 Note that if this is the second or greater time we enter
1598 this codepath for this particular request mid then
1599 request_time is left as the absolute time of the *first*
1600 time this request mid was processed. This is what allows
1601 the request to eventually time out. */
1602
1603 timeout = timeval_set(0, timeout_usecs);
1604
1605 /* Nothing actually uses state.delayed_for_oplocks
1606 but it's handy to differentiate in debug messages
1607 between a 30 second delay due to oplock break, and
1608 a 1 second delay for share mode conflicts. */
1609
1610 state.delayed_for_oplocks = False;
1611 state.id = id;
1612
1613 if ((req != NULL)
1614 && !request_timed_out(request_time,
1615 timeout)) {
1616 defer_open(lck, request_time, timeout,
1617 req, &state);
1618 }
1619 }
1620
1621 TALLOC_FREE(lck);
1622 if (can_access) {
1623 /*
1624 * We have detected a sharing violation here
1625 * so return the correct error code
1626 */
1627 status = NT_STATUS_SHARING_VIOLATION;
1628 } else {
1629 status = NT_STATUS_ACCESS_DENIED;
1630 }
1631 file_free(fsp);
1632 return status;
1633 }
1634
1635 /*
1636 * We exit this block with the share entry *locked*.....
1637 */
1638 }
1639
1640 SMB_ASSERT(!file_existed || (lck != NULL));
1641
1642 /*
1643 * Ensure we pay attention to default ACLs on directories if required.
1644 */
1645
1646 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1647 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1648 unx_mode = 0777;
1649 }
1650
1651 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1652 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1653 (unsigned int)flags, (unsigned int)flags2,
1654 (unsigned int)unx_mode, (unsigned int)access_mask,
1655 (unsigned int)open_access_mask));
1656
1657 /*
1658 * open_file strips any O_TRUNC flags itself.
1659 */
1660
1661 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1662 flags|flags2, unx_mode, access_mask,
1663 open_access_mask);
1664
1665 if (!NT_STATUS_IS_OK(fsp_open)) {
1666 if (lck != NULL) {
1667 TALLOC_FREE(lck);
1668 }
1669 file_free(fsp);
1670 return fsp_open;
1671 }
1672
1673 if (!file_existed) {
1674 struct timespec old_write_time = get_mtimespec(psbuf);
1675 /*
1676 * Deal with the race condition where two smbd's detect the
1677 * file doesn't exist and do the create at the same time. One
1678 * of them will win and set a share mode, the other (ie. this
1679 * one) should check if the requested share mode for this
1680 * create is allowed.
1681 */
1682
1683 /*
1684 * Now the file exists and fsp is successfully opened,
1685 * fsp->dev and fsp->inode are valid and should replace the
1686 * dev=0,inode=0 from a non existent file. Spotted by
1687 * Nadav Danieli <nadavd@exanet.com>. JRA.
1688 */
1689
1690 id = fsp->file_id;
1691
1692 lck = get_share_mode_lock(talloc_tos(), id,
1693 conn->connectpath,
1694 fname, &old_write_time);
1695
1696 if (lck == NULL) {
1697 DEBUG(0, ("open_file_ntcreate: Could not get share "
1698 "mode lock for %s\n", fname));
1699 fd_close(fsp);
1700 file_free(fsp);
1701 return NT_STATUS_SHARING_VIOLATION;
1702 }
1703
1704 /* First pass - send break only on batch oplocks. */
1705 if ((req != NULL)
1706 && delay_for_oplocks(lck, fsp, req->mid, 1,
1707 oplock_request)) {
1708 schedule_defer_open(lck, request_time, req);
1709 TALLOC_FREE(lck);
1710 fd_close(fsp);
1711 file_free(fsp);
1712 return NT_STATUS_SHARING_VIOLATION;
1713 }
1714
1715 status = open_mode_check(conn, fname, lck,
1716 access_mask, share_access,
1717 create_options, &file_existed);
1718
1719 if (NT_STATUS_IS_OK(status)) {
1720 /* We might be going to allow this open. Check oplock
1721 * status again. */
1722 /* Second pass - send break for both batch or
1723 * exclusive oplocks. */
1724 if ((req != NULL)
1725 && delay_for_oplocks(lck, fsp, req->mid, 2,
1726 oplock_request)) {
1727 schedule_defer_open(lck, request_time, req);
1728 TALLOC_FREE(lck);
1729 fd_close(fsp);
1730 file_free(fsp);
1731 return NT_STATUS_SHARING_VIOLATION;
1732 }
1733 }
1734
1735 if (!NT_STATUS_IS_OK(status)) {
1736 struct deferred_open_record state;
1737
1738 fd_close(fsp);
1739 file_free(fsp);
1740
1741 state.delayed_for_oplocks = False;
1742 state.id = id;
1743
1744 /* Do it all over again immediately. In the second
1745 * round we will find that the file existed and handle
1746 * the DELETE_PENDING and FCB cases correctly. No need
1747 * to duplicate the code here. Essentially this is a
1748 * "goto top of this function", but don't tell
1749 * anybody... */
1750
1751 if (req != NULL) {
1752 defer_open(lck, request_time, timeval_zero(),
1753 req, &state);
1754 }
1755 TALLOC_FREE(lck);
1756 return status;
1757 }
1758
1759 /*
1760 * We exit this block with the share entry *locked*.....
1761 */
1762
1763 }
1764
1765 SMB_ASSERT(lck != NULL);
1766
1767 /* note that we ignore failure for the following. It is
1768 basically a hack for NFS, and NFS will never set one of
1769 these only read them. Nobody but Samba can ever set a deny
1770 mode and we have already checked our more authoritative
1771 locking database for permission to set this deny mode. If
1772 the kernel refuses the operations then the kernel is wrong.
1773 note that GPFS supports it as well - jmcd */
1774
1775 if (fsp->fh->fd != -1) {
1776 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
1777 if(ret_flock == -1 ){
1778
1779 TALLOC_FREE(lck);
1780 fd_close(fsp);
1781 file_free(fsp);
1782
1783 return NT_STATUS_SHARING_VIOLATION;
1784 }
1785 }
1786
1787 /*
1788 * At this point onwards, we can guarentee that the share entry
1789 * is locked, whether we created the file or not, and that the
1790 * deny mode is compatible with all current opens.
1791 */
1792
1793 /*
1794 * If requested, truncate the file.
1795 */
1796
1797 if (flags2&O_TRUNC) {
1798 /*
1799 * We are modifing the file after open - update the stat
1800 * struct..
1801 */
1802 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
1803 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
1804 status = map_nt_error_from_unix(errno);
1805 TALLOC_FREE(lck);
1806 fd_close(fsp);
1807 file_free(fsp);
1808 return status;
1809 }
1810 }
1811
1812 /* Record the options we were opened with. */
1813 fsp->share_access = share_access;
1814 fsp->fh->private_options = create_options;
1815 fsp->access_mask = access_mask;
1816
1817 if (file_existed) {
1818 /* stat opens on existing files don't get oplocks. */
1819 if (is_stat_open(open_access_mask)) {
1820 fsp->oplock_type = NO_OPLOCK;
1821 }
1822
1823 if (!(flags2 & O_TRUNC)) {
1824 info = FILE_WAS_OPENED;
1825 } else {
1826 info = FILE_WAS_OVERWRITTEN;
1827 }
1828 } else {
1829 info = FILE_WAS_CREATED;
1830 }
1831
1832 if (pinfo) {
1833 *pinfo = info;
1834 }
1835
1836 /*
1837 * Setup the oplock info in both the shared memory and
1838 * file structs.
1839 */
1840
1841 if ((fsp->oplock_type != NO_OPLOCK) &&
1842 (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) {
1843 if (!set_file_oplock(fsp, fsp->oplock_type)) {
1844 /* Could not get the kernel oplock */
1845 fsp->oplock_type = NO_OPLOCK;
1846 }
1847 }
1848
1849 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
1850 new_file_created = True;
1851 }
1852
1853 set_share_mode(lck, fsp, current_user.ut.uid, 0, fsp->oplock_type, new_file_created);
1854
1855 /* Handle strange delete on close create semantics. */
1856 if ((create_options & FILE_DELETE_ON_CLOSE)
1857 && (is_ntfs_stream_name(fname)
1858 || can_set_initial_delete_on_close(lck))) {
1859 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
1860
1861 if (!NT_STATUS_IS_OK(status)) {
1862 /* Remember to delete the mode we just added. */
1863 del_share_mode(lck, fsp);
1864 TALLOC_FREE(lck);
1865 fd_close(fsp);
1866 file_free(fsp);
1867 return status;
1868 }
1869 /* Note that here we set the *inital* delete on close flag,
1870 not the regular one. The magic gets handled in close. */
1871 fsp->initial_delete_on_close = True;
1872 }
1873
1874 if (new_file_created) {
1875 /* Files should be initially set as archive */
1876 if (lp_map_archive(SNUM(conn)) ||
1877 lp_store_dos_attributes(SNUM(conn))) {
1878 if (!posix_open) {
1879 SMB_STRUCT_STAT tmp_sbuf;
1880 SET_STAT_INVALID(tmp_sbuf);
1881 if (file_set_dosmode(
1882 conn, fname,
1883 new_dos_attributes | aARCH,
1884 &tmp_sbuf, parent_dir,
1885 true) == 0) {
1886 unx_mode = tmp_sbuf.st_mode;
1887 }
1888 }
1889 }
1890 }
1891
1892 /*
1893 * Take care of inherited ACLs on created files - if default ACL not
1894 * selected.
1895 */
1896
1897 if (!posix_open && !file_existed && !def_acl) {
1898
1899 int saved_errno = errno; /* We might get ENOSYS in the next
1900 * call.. */
1901
1902 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
1903 errno == ENOSYS) {
1904 errno = saved_errno; /* Ignore ENOSYS */
1905 }
1906
1907 } else if (new_unx_mode) {
1908
1909 int ret = -1;
1910
1911 /* Attributes need changing. File already existed. */
1912
1913 {
1914 int saved_errno = errno; /* We might get ENOSYS in the
1915 * next call.. */
1916 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
1917
1918 if (ret == -1 && errno == ENOSYS) {
1919 errno = saved_errno; /* Ignore ENOSYS */
1920 } else {
1921 DEBUG(5, ("open_file_ntcreate: reset "
1922 "attributes of file %s to 0%o\n",
1923 fname, (unsigned int)new_unx_mode));
1924 ret = 0; /* Don't do the fchmod below. */
1925 }
1926 }
1927
1928 if ((ret == -1) &&
1929 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
1930 DEBUG(5, ("open_file_ntcreate: failed to reset "
1931 "attributes of file %s to 0%o\n",
1932 fname, (unsigned int)new_unx_mode));
1933 }
1934
1935 /* If this is a successful open, we must remove any deferred open
1936 * records. */
1937 if (req != NULL) {
1938 del_deferred_open_entry(lck, req->mid);
1939 }
1940 TALLOC_FREE(lck);
1941
1942 conn->num_files_open++;
1943
1944 *result = fsp;
1945 return NT_STATUS_OK;
1946 }
1947
1948 /****************************************************************************
1949 Open a file for for write to ensure that we can fchmod it.
1950 ****************************************************************************/
1951
1952 NTSTATUS open_file_fchmod(connection_struct *conn, const char *fname,
1953 SMB_STRUCT_STAT *psbuf, files_struct **result)
1954 {
1955 files_struct *fsp = NULL;
1956 NTSTATUS status;
1957
1958 if (!VALID_STAT(*psbuf)) {
1959 return NT_STATUS_INVALID_PARAMETER;
1960 }
1961
1962 status = file_new(conn, &fsp);
1963 if(!NT_STATUS_IS_OK(status)) {
1964 return status;
1965 }
1966
1967 /* note! we must use a non-zero desired access or we don't get
1968 a real file descriptor. Oh what a twisted web we weave. */
1969 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
1970 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
1971
1972 /*
1973 * This is not a user visible file open.
1974 * Don't set a share mode and don't increment
1975 * the conn->num_files_open.
1976 */
1977
1978 if (!NT_STATUS_IS_OK(status)) {
1979 file_free(fsp);
1980 return status;
1981 }
1982
1983 *result = fsp;
1984 return NT_STATUS_OK;
1985 }
1986
1987 /****************************************************************************
1988 Close the fchmod file fd - ensure no locks are lost.
1989 ****************************************************************************/
1990
1991 NTSTATUS close_file_fchmod(files_struct *fsp)
1992 {
1993 NTSTATUS status = fd_close(fsp);
1994 file_free(fsp);
1995 return status;
1996 }
1997
1998 static NTSTATUS mkdir_internal(connection_struct *conn,
1999 const char *name,
2000 uint32 file_attributes,
2001 SMB_STRUCT_STAT *psbuf)
2002 {
2003 mode_t mode;
2004 char *parent_dir;
2005 const char *dirname;
2006 NTSTATUS status;
2007 bool posix_open = false;
2008
2009 if(!CAN_WRITE(conn)) {
2010 DEBUG(5,("mkdir_internal: failing create on read-only share "
2011 "%s\n", lp_servicename(SNUM(conn))));
2012 return NT_STATUS_ACCESS_DENIED;
2013 }
2014
2015 status = check_name(conn, name);
2016 if (!NT_STATUS_IS_OK(status)) {
2017 return status;
2018 }
2019
2020 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2021 &dirname)) {
2022 return NT_STATUS_NO_MEMORY;
2023 }
2024
2025 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2026 posix_open = true;
2027 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2028 } else {
2029 mode = unix_mode(conn, aDIR, name, parent_dir);
2030 }
2031
2032 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2033 return map_nt_error_from_unix(errno);
2034 }
2035
2036 /* Ensure we're checking for a symlink here.... */
2037 /* We don't want to get caught by a symlink racer. */
2038
2039 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2040 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2041 name, strerror(errno)));
2042 return map_nt_error_from_unix(errno);
2043 }
2044
2045 if (!S_ISDIR(psbuf->st_mode)) {
2046 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2047 name));
2048 return NT_STATUS_ACCESS_DENIED;
2049 }
2050
2051 if (lp_store_dos_attributes(SNUM(conn))) {
2052 if (!posix_open) {
2053 file_set_dosmode(conn, name,
2054 file_attributes | aDIR, NULL,
2055 parent_dir,
2056 true);
2057 }
2058 }
2059
2060 if (lp_inherit_perms(SNUM(conn))) {
2061 inherit_access_acl(conn, parent_dir, name, mode);
2062 }
2063
2064 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2065 /*
2066 * Check if high bits should have been set,
2067 * then (if bits are missing): add them.
2068 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2069 * dir.
2070 */
2071 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2072 SMB_VFS_CHMOD(conn, name,
2073 psbuf->st_mode | (mode & ~psbuf->st_mode));
2074 }
2075 }
2076
2077 /* Change the owner if required. */
2078 if (lp_inherit_owner(SNUM(conn))) {
2079 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2080 }
2081
2082 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2083 name);
2084
2085 return NT_STATUS_OK;
2086 }
2087
2088 /****************************************************************************
2089 Open a directory from an NT SMB call.
2090 ****************************************************************************/
2091
2092 NTSTATUS open_directory(connection_struct *conn,
2093 struct smb_request *req,
2094 const char *fname,
2095 SMB_STRUCT_STAT *psbuf,
2096 uint32 access_mask,
2097 uint32 share_access,
2098 uint32 create_disposition,
2099 uint32 create_options,
2100 uint32 file_attributes,
2101 int *pinfo,
2102 files_struct **result)
2103 {
2104 files_struct *fsp = NULL;
2105 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2106 struct share_mode_lock *lck = NULL;
2107 NTSTATUS status;
2108 struct timespec mtimespec;
2109 int info = 0;
2110
2111 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2112 "share_access = 0x%x create_options = 0x%x, "
2113 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2114 fname,
2115 (unsigned int)access_mask,
2116 (unsigned int)share_access,
2117 (unsigned int)create_options,
2118 (unsigned int)create_disposition,
2119 (unsigned int)file_attributes));
2120
2121 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) && is_ntfs_stream_name(fname)) {
2122 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2123 return NT_STATUS_NOT_A_DIRECTORY;
2124 }
2125
2126 switch( create_disposition ) {
2127 case FILE_OPEN:
2128
2129 info = FILE_WAS_OPENED;
2130
2131 /*
2132 * We want to follow symlinks here.
2133 */
2134
2135 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2136 return map_nt_error_from_unix(errno);
2137 }
2138
2139 break;
2140
2141 case FILE_CREATE:
2142
2143 /* If directory exists error. If directory doesn't
2144 * exist create. */
2145
2146 status = mkdir_internal(conn,
2147 fname,
2148 file_attributes,
2149 psbuf);
2150
2151 if (!NT_STATUS_IS_OK(status)) {
2152 DEBUG(2, ("open_directory: unable to create "
2153 "%s. Error was %s\n", fname,
2154 nt_errstr(status)));
2155 return status;
2156 }
2157
2158 info = FILE_WAS_CREATED;
2159 break;
2160
2161 case FILE_OPEN_IF:
2162 /*
2163 * If directory exists open. If directory doesn't
2164 * exist create.
2165 */
2166
2167 status = mkdir_internal(conn,
2168 fname,
2169 file_attributes,
2170 psbuf);
2171
2172 if (NT_STATUS_IS_OK(status)) {
2173 info = FILE_WAS_CREATED;
2174 }
2175
2176 if (NT_STATUS_EQUAL(status,
2177 NT_STATUS_OBJECT_NAME_COLLISION)) {
2178 info = FILE_WAS_OPENED;
2179 status = NT_STATUS_OK;
2180 }
2181
2182 break;
2183
2184 case FILE_SUPERSEDE:
2185 case FILE_OVERWRITE:
2186 case FILE_OVERWRITE_IF:
2187 default:
2188 DEBUG(5,("open_directory: invalid create_disposition "
2189 "0x%x for directory %s\n",
2190 (unsigned int)create_disposition, fname));
2191 return NT_STATUS_INVALID_PARAMETER;
2192 }
2193
2194 if(!S_ISDIR(psbuf->st_mode)) {
2195 DEBUG(5,("open_directory: %s is not a directory !\n",
2196 fname ));
2197 return NT_STATUS_NOT_A_DIRECTORY;
2198 }
2199
2200 status = file_new(conn, &fsp);
2201 if(!NT_STATUS_IS_OK(status)) {
2202 return status;
2203 }
2204
2205 /*
2206 * Setup the files_struct for it.
2207 */
2208
2209 fsp->mode = psbuf->st_mode;
2210 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2211 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2212 fsp->file_pid = req ? req->smbpid : 0;
2213 fsp->can_lock = False;
2214 fsp->can_read = False;
2215 fsp->can_write = False;
2216
2217 fsp->share_access = share_access;
2218 fsp->fh->private_options = create_options;
2219 fsp->access_mask = access_mask;
2220
2221 fsp->print_file = False;
2222 fsp->modified = False;
2223 fsp->oplock_type = NO_OPLOCK;
2224 fsp->sent_oplock_break = NO_BREAK_SENT;
2225 fsp->is_directory = True;
2226 fsp->is_stat = False;
2227 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2228
2229 string_set(&fsp->fsp_name,fname);
2230
2231 mtimespec = get_mtimespec(psbuf);
2232
2233 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2234 conn->connectpath,
2235 fname, &mtimespec);
2236
2237 if (lck == NULL) {
2238 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2239 file_free(fsp);
2240 return NT_STATUS_SHARING_VIOLATION;
2241 }
2242
2243 status = open_mode_check(conn, fname, lck,
2244 access_mask, share_access,
2245 create_options, &dir_existed);
2246
2247 if (!NT_STATUS_IS_OK(status)) {
2248 TALLOC_FREE(lck);
2249 file_free(fsp);
2250 return status;
2251 }
2252
2253 set_share_mode(lck, fsp, current_user.ut.uid, 0, NO_OPLOCK, True);
2254
2255 /* For directories the delete on close bit at open time seems
2256 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2257 if (create_options & FILE_DELETE_ON_CLOSE) {
2258 status = can_set_delete_on_close(fsp, True, 0);
2259 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2260 TALLOC_FREE(lck);
2261 file_free(fsp);
2262 return status;
2263 }
2264
2265 if (NT_STATUS_IS_OK(status)) {
2266 /* Note that here we set the *inital* delete on close flag,
2267 not the regular one. The magic gets handled in close. */
2268 fsp->initial_delete_on_close = True;
2269 }
2270 }
2271
2272 TALLOC_FREE(lck);
2273
2274 if (pinfo) {
2275 *pinfo = info;
2276 }
2277
2278 conn->num_files_open++;
2279
2280 *result = fsp;
2281 return NT_STATUS_OK;
2282 }
2283
2284 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2285 {
2286 NTSTATUS status;
2287 SMB_STRUCT_STAT sbuf;
2288 files_struct *fsp;
2289
2290 SET_STAT_INVALID(sbuf);
2291
2292 status = open_directory(conn, req, directory, &sbuf,
2293 FILE_READ_ATTRIBUTES, /* Just a stat open */
2294 FILE_SHARE_NONE, /* Ignored for stat opens */
2295 FILE_CREATE,
2296 0,
2297 FILE_ATTRIBUTE_DIRECTORY,
2298 NULL,
2299 &fsp);
2300
2301 if (NT_STATUS_IS_OK(status)) {
2302 close_file(fsp, NORMAL_CLOSE);
2303 }
2304
2305 return status;
2306 }
2307
2308 /****************************************************************************
2309 Open a pseudo-file (no locking checks - a 'stat' open).
2310 ****************************************************************************/
2311
2312 NTSTATUS open_file_stat(connection_struct *conn, struct smb_request *req,
2313 const char *fname, SMB_STRUCT_STAT *psbuf,
2314 files_struct **result)
2315 {
2316 files_struct *fsp = NULL;
2317 NTSTATUS status;
2318
2319 if (!VALID_STAT(*psbuf)) {
2320 return NT_STATUS_INVALID_PARAMETER;
2321 }
2322
2323 /* Can't 'stat' open directories. */
2324 if(S_ISDIR(psbuf->st_mode)) {
2325 return NT_STATUS_FILE_IS_A_DIRECTORY;
2326 }
2327
2328 status = file_new(conn, &fsp);
2329 if(!NT_STATUS_IS_OK(status)) {
2330 return status;
2331 }
2332
2333 DEBUG(5,("open_file_stat: 'opening' file %s\n", fname));
2334
2335 /*
2336 * Setup the files_struct for it.
2337 */
2338
2339 fsp->mode = psbuf->st_mode;
2340 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2341 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2342 fsp->file_pid = req ? req->smbpid : 0;
2343 fsp->can_lock = False;
2344 fsp->can_read = False;
2345 fsp->can_write = False;
2346 fsp->print_file = False;
2347 fsp->modified = False;
2348 fsp->oplock_type = NO_OPLOCK;
2349 fsp->sent_oplock_break = NO_BREAK_SENT;
2350 fsp->is_directory = False;
2351 fsp->is_stat = True;
2352 string_set(&fsp->fsp_name,fname);
2353
2354 conn->num_files_open++;
2355
2356 *result = fsp;
2357 return NT_STATUS_OK;
2358 }
2359
2360 /****************************************************************************
2361 Receive notification that one of our open files has been renamed by another
2362 smbd process.
2363 ****************************************************************************/
2364
2365 void msg_file_was_renamed(struct messaging_context *msg,
2366 void *private_data,
2367 uint32_t msg_type,
2368 struct server_id server_id,
2369 DATA_BLOB *data)
2370 {
2371 files_struct *fsp;
2372 char *frm = (char *)data->data;
2373 struct file_id id;
2374 const char *sharepath;
2375 const char *newname;
2376 size_t sp_len;
2377
2378 if (data->data == NULL
2379 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2380 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2381 (int)data->length));
2382 return;
2383 }
2384
2385 /* Unpack the message. */
2386 pull_file_id_16(frm, &id);
2387 sharepath = &frm[16];
2388 newname = sharepath + strlen(sharepath) + 1;
2389 sp_len = strlen(sharepath);
2390
2391 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2392 "file_id %s\n",
2393 sharepath, newname, file_id_string_tos(&id)));
2394
2395 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2396 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2397 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2398 fsp->fnum, fsp->fsp_name, newname ));
2399 string_set(&fsp->fsp_name, newname);
2400 } else {
2401 /* TODO. JRA. */
2402 /* Now we have the complete path we can work out if this is
2403 actually within this share and adjust newname accordingly. */
2404 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2405 "not sharepath %s) "
2406 "fnum %d from %s -> %s\n",
2407 fsp->conn->connectpath,
2408 sharepath,
2409 fsp->fnum,
2410 fsp->fsp_name,
2411 newname ));
2412 }
2413 }
2414 }
2415
2416 struct case_semantics_state {
2417 connection_struct *conn;
2418 bool case_sensitive;
2419 bool case_preserve;
2420 bool short_case_preserve;
2421 };
2422
2423 /****************************************************************************
2424 Restore case semantics.
2425 ****************************************************************************/
2426 static int restore_case_semantics(struct case_semantics_state *state)
2427 {
2428 state->conn->case_sensitive = state->case_sensitive;
2429 state->conn->case_preserve = state->case_preserve;
2430 state->conn->short_case_preserve = state->short_case_preserve;
2431 return 0;
2432 }
2433
2434 /****************************************************************************
2435 Save case semantics.
2436 ****************************************************************************/
2437 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2438 connection_struct *conn)
2439 {
2440 struct case_semantics_state *result;
2441
2442 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2443 DEBUG(0, ("talloc failed\n"));
2444 return NULL;
2445 }
2446
2447 result->conn = conn;
2448 result->case_sensitive = conn->case_sensitive;
2449 result->case_preserve = conn->case_preserve;
2450 result->short_case_preserve = conn->short_case_preserve;
2451
2452 /* Set to POSIX. */
2453 conn->case_sensitive = True;
2454 conn->case_preserve = True;
2455 conn->short_case_preserve = True;
2456
2457 talloc_set_destructor(result, restore_case_semantics);
2458
2459 return result;
2460 }
2461
2462 /*
2463 * If a main file is opened for delete, all streams need to be checked for
2464 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2465 * If that works, delete them all by setting the delete on close and close.
2466 */
2467
2468 static NTSTATUS open_streams_for_delete(connection_struct *conn,
2469 const char *fname)
2470 {
2471 struct stream_struct *stream_info;
2472 files_struct **streams;
2473 int i;
2474 unsigned int num_streams;
2475 TALLOC_CTX *frame = talloc_stackframe();
2476 NTSTATUS status;
2477
2478 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2479 &num_streams, &stream_info);
2480
2481 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2482 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2483 DEBUG(10, ("no streams around\n"));
2484 TALLOC_FREE(frame);
2485 return NT_STATUS_OK;
2486 }
2487
2488 if (!NT_STATUS_IS_OK(status)) {
2489 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2490 nt_errstr(status)));
2491 goto fail;
2492 }
2493
2494 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2495 num_streams));
2496
2497 if (num_streams == 0) {
2498 TALLOC_FREE(frame);
2499 return NT_STATUS_OK;
2500 }
2501
2502 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2503 if (streams == NULL) {
2504 DEBUG(0, ("talloc failed\n"));
2505 status = NT_STATUS_NO_MEMORY;
2506 goto fail;
2507 }
2508
2509 for (i=0; i<num_streams; i++) {
2510 char *streamname;
2511
2512 if (strequal(stream_info[i].name, "::$DATA")) {
2513 streams[i] = NULL;
2514 continue;
2515 }
2516
2517 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2518 stream_info[i].name);
2519
2520 if (streamname == NULL) {
2521 DEBUG(0, ("talloc_aprintf failed\n"));
2522 status = NT_STATUS_NO_MEMORY;
2523 goto fail;
2524 }
2525
2526 status = create_file_unixpath
2527 (conn, /* conn */
2528 NULL, /* req */
2529 streamname, /* fname */
2530 DELETE_ACCESS, /* access_mask */
2531 FILE_SHARE_READ | FILE_SHARE_WRITE
2532 | FILE_SHARE_DELETE, /* share_access */
2533 FILE_OPEN, /* create_disposition*/
2534 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2535 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2536 0, /* oplock_request */
2537 0, /* allocation_size */
2538 NULL, /* sd */
2539 NULL, /* ea_list */
2540 &streams[i], /* result */
2541 NULL, /* pinfo */
2542 NULL); /* psbuf */
2543
2544 TALLOC_FREE(streamname);
2545
2546 if (!NT_STATUS_IS_OK(status)) {
2547 DEBUG(10, ("Could not open stream %s: %s\n",
2548 streamname, nt_errstr(status)));
2549 break;
2550 }
2551 }
2552
2553 /*
2554 * don't touch the variable "status" beyond this point :-)
2555 */
2556
2557 for (i -= 1 ; i >= 0; i--) {
2558 if (streams[i] == NULL) {
2559 continue;
2560 }
2561
2562 DEBUG(10, ("Closing stream # %d, %s\n", i,
2563 streams[i]->fsp_name));
2564 close_file(streams[i], NORMAL_CLOSE);
2565 }
2566
2567 fail:
2568 TALLOC_FREE(frame);
2569 return status;
2570 }
2571
2572 /*
2573 * Wrapper around open_file_ntcreate and open_directory
2574 */
2575
2576 NTSTATUS create_file_unixpath(connection_struct *conn,
2577 struct smb_request *req,
2578 const char *fname,
2579 uint32_t access_mask,
2580 uint32_t share_access,
2581 uint32_t create_disposition,
2582 uint32_t create_options,
2583 uint32_t file_attributes,
2584 uint32_t oplock_request,
2585 SMB_BIG_UINT allocation_size,
2586 struct security_descriptor *sd,
2587 struct ea_list *ea_list,
2588
2589 files_struct **result,
2590 int *pinfo,
2591 SMB_STRUCT_STAT *psbuf)
2592 {
2593 SMB_STRUCT_STAT sbuf;
2594 int info = FILE_WAS_OPENED;
2595 files_struct *base_fsp = NULL;
2596 files_struct *fsp = NULL;
2597 NTSTATUS status;
2598
2599 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2600 "file_attributes = 0x%x, share_access = 0x%x, "
2601 "create_disposition = 0x%x create_options = 0x%x "
2602 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2603 "fname = %s\n",
2604 (unsigned int)access_mask,
2605 (unsigned int)file_attributes,
2606 (unsigned int)share_access,
2607 (unsigned int)create_disposition,
2608 (unsigned int)create_options,
2609 (unsigned int)oplock_request,
2610 ea_list, sd, fname));
2611
2612 if (create_options & FILE_OPEN_BY_FILE_ID) {
2613 status = NT_STATUS_NOT_SUPPORTED;
2614 goto fail;
2615 }
2616
2617 if (req == NULL) {
2618 oplock_request |= INTERNAL_OPEN_ONLY;
2619 }
2620
2621 if (psbuf != NULL) {
2622 sbuf = *psbuf;
2623 }
2624 else {
2625 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2626 SET_STAT_INVALID(sbuf);
2627 }
2628 }
2629
2630 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2631 && (access_mask & DELETE_ACCESS)
2632 && !is_ntfs_stream_name(fname)) {
2633 /*
2634 * We can't open a file with DELETE access if any of the
2635 * streams is open without FILE_SHARE_DELETE
2636 */
2637 status = open_streams_for_delete(conn, fname);
2638
2639 if (!NT_STATUS_IS_OK(status)) {
2640 goto fail;
2641 }
2642 }
2643
2644 /* This is the correct thing to do (check every time) but can_delete
2645 * is expensive (it may have to read the parent directory
2646 * permissions). So for now we're not doing it unless we have a strong
2647 * hint the client is really going to delete this file. If the client
2648 * is forcing FILE_CREATE let the filesystem take care of the
2649 * permissions. */
2650
2651 /* Setting FILE_SHARE_DELETE is the hint. */
2652
2653 if (lp_acl_check_permissions(SNUM(conn))
2654 && (create_disposition != FILE_CREATE)
2655 && (share_access & FILE_SHARE_DELETE)
2656 && (access_mask & DELETE_ACCESS)
2657 && (((dos_mode(conn, fname, &sbuf) & FILE_ATTRIBUTE_READONLY)
2658 && !lp_delete_readonly(SNUM(conn)))
2659 || !can_delete_file_in_directory(conn, fname))) {
2660 status = NT_STATUS_ACCESS_DENIED;
2661 goto fail;
2662 }
2663
2664 #if 0
2665 /* We need to support SeSecurityPrivilege for this. */
2666 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2667 !user_has_privileges(current_user.nt_user_token,
2668 &se_security)) {
2669 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2670 goto fail;
2671 }
2672 #endif
2673
2674 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2675 && is_ntfs_stream_name(fname)
2676 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2677 char *base;
2678 uint32 base_create_disposition;
2679
2680 if (create_options & FILE_DIRECTORY_FILE) {
2681 status = NT_STATUS_NOT_A_DIRECTORY;
2682 goto fail;
2683 }
2684
2685 status = split_ntfs_stream_name(talloc_tos(), fname,
2686 &base, NULL);
2687 if (!NT_STATUS_IS_OK(status)) {
2688 DEBUG(10, ("create_file_unixpath: "
2689 "split_ntfs_stream_name failed: %s\n",
2690 nt_errstr(status)));
2691 goto fail;
2692 }
2693
2694 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2695
2696 switch (create_disposition) {
2697 case FILE_OPEN:
2698 base_create_disposition = FILE_OPEN;
2699 break;
2700 default:
2701 base_create_disposition = FILE_OPEN_IF;
2702 break;
2703 }
2704
2705 status = create_file_unixpath(conn, NULL, base, 0,
2706 FILE_SHARE_READ
2707 | FILE_SHARE_WRITE
2708 | FILE_SHARE_DELETE,
2709 base_create_disposition,
2710 0, 0, 0, 0, NULL, NULL,
2711 &base_fsp, NULL, NULL);
2712 if (!NT_STATUS_IS_OK(status)) {
2713 DEBUG(10, ("create_file_unixpath for base %s failed: "
2714 "%s\n", base, nt_errstr(status)));
2715 goto fail;
2716 }
2717 }
2718
2719 /*
2720 * If it's a request for a directory open, deal with it separately.
2721 */
2722
2723 if (create_options & FILE_DIRECTORY_FILE) {
2724
2725 if (create_options & FILE_NON_DIRECTORY_FILE) {
2726 status = NT_STATUS_INVALID_PARAMETER;
2727 goto fail;
2728 }
2729
2730 /* Can't open a temp directory. IFS kit test. */
2731 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2732 status = NT_STATUS_INVALID_PARAMETER;
2733 goto fail;
2734 }
2735
2736 /*
2737 * We will get a create directory here if the Win32
2738 * app specified a security descriptor in the
2739 * CreateDirectory() call.
2740 */
2741
2742 oplock_request = 0;
2743 status = open_directory(
2744 conn, req, fname, &sbuf, access_mask, share_access,
2745 create_disposition, create_options, file_attributes,
2746 &info, &fsp);
2747 } else {
2748
2749 /*
2750 * Ordinary file case.
2751 */
2752
2753 status = open_file_ntcreate(
2754 conn, req, fname, &sbuf, access_mask, share_access,
2755 create_disposition, create_options, file_attributes,
2756 oplock_request, &info, &fsp);
2757
2758 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2759
2760 /*
2761 * Fail the open if it was explicitly a non-directory
2762 * file.
2763 */
2764
2765 if (create_options & FILE_NON_DIRECTORY_FILE) {
2766 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2767 goto fail;
2768 }
2769
2770 oplock_request = 0;
2771 status = open_directory(
2772 conn, req, fname, &sbuf, access_mask,
2773 share_access, create_disposition,
2774 create_options, file_attributes,
2775 &info, &fsp);
2776 }
2777 }
2778
2779 if (!NT_STATUS_IS_OK(status)) {
2780 goto fail;
2781 }
2782
2783 /*
2784 * According to the MS documentation, the only time the security
2785 * descriptor is applied to the opened file is iff we *created* the
2786 * file; an existing file stays the same.
2787 *
2788 * Also, it seems (from observation) that you can open the file with
2789 * any access mask but you can still write the sd. We need to override
2790 * the granted access before we call set_sd
2791 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
2792 */
2793
2794 if ((sd != NULL) && (info == FILE_WAS_CREATED)
2795 && lp_nt_acl_support(SNUM(conn))) {
2796
2797 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
2798 uint32_t saved_access_mask = fsp->access_mask;
2799
2800 if (sd->owner_sid == NULL) {
2801 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
2802 }
2803 if (sd->group_sid == NULL) {
2804 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
2805 }
2806 if (sd->sacl == NULL) {
2807 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
2808 }
2809 if (sd->dacl == NULL) {
2810 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
2811 }
2812
2813 fsp->access_mask = FILE_GENERIC_ALL;
2814
2815 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
2816
2817 fsp->access_mask = saved_access_mask;
2818
2819 if (!NT_STATUS_IS_OK(status)) {
2820 goto fail;
2821 }
2822 }
2823
2824 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
2825 status = set_ea(conn, fsp, fname, ea_list);
2826 if (!NT_STATUS_IS_OK(status)) {
2827 goto fail;
2828 }
2829 }
2830
2831 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
2832 status = NT_STATUS_ACCESS_DENIED;
2833 goto fail;
2834 }
2835
2836 /* Save the requested allocation size. */
2837 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
2838 if (allocation_size
2839 && (allocation_size > sbuf.st_size)) {
2840 fsp->initial_allocation_size = smb_roundup(
2841 fsp->conn, allocation_size);
2842 if (fsp->is_directory) {
2843 /* Can't set allocation size on a directory. */
2844 status = NT_STATUS_ACCESS_DENIED;
2845 goto fail;
2846 }
2847 if (vfs_allocate_file_space(
2848 fsp, fsp->initial_allocation_size) == -1) {
2849 status = NT_STATUS_DISK_FULL;
2850 goto fail;
2851 }
2852 } else {
2853 fsp->initial_allocation_size = smb_roundup(
2854 fsp->conn, (SMB_BIG_UINT)sbuf.st_size);
2855 }
2856 }
2857
2858 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
2859
2860 /*
2861 * Set fsp->base_fsp late enough that we can't "goto fail" anymore. In
2862 * the fail: branch we call close_file(fsp, ERROR_CLOSE) which would
2863 * also close fsp->base_fsp which we have to also do explicitly in
2864 * this routine here, as not in all "goto fail:" we have the fsp set
2865 * up already to be initialized with the base_fsp.
2866 */
2867
2868 fsp->base_fsp = base_fsp;
2869
2870 *result = fsp;
2871 if (pinfo != NULL) {
2872 *pinfo = info;
2873 }
2874 if (psbuf != NULL) {
2875 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
2876 *psbuf = sbuf;
2877 }
2878 else {
2879 SMB_VFS_FSTAT(fsp, psbuf);
2880 }
2881 }
2882 return NT_STATUS_OK;
2883
2884 fail:
2885 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
2886
2887 if (fsp != NULL) {
2888 close_file(fsp, ERROR_CLOSE);
2889 fsp = NULL;
2890 }
2891 if (base_fsp != NULL) {
2892 close_file(base_fsp, ERROR_CLOSE);
2893 base_fsp = NULL;
2894 }
2895 return status;
2896 }
2897
2898 NTSTATUS create_file(connection_struct *conn,
2899 struct smb_request *req,
2900 uint16_t root_dir_fid,
2901 const char *fname,
2902 uint32_t access_mask,
2903 uint32_t share_access,
2904 uint32_t create_disposition,
2905 uint32_t create_options,
2906 uint32_t file_attributes,
2907 uint32_t oplock_request,
2908 SMB_BIG_UINT allocation_size,
2909 struct security_descriptor *sd,
2910 struct ea_list *ea_list,
2911
2912 files_struct **result,
2913 int *pinfo,
2914 SMB_STRUCT_STAT *psbuf)
2915 {
2916 struct case_semantics_state *case_state = NULL;
2917 SMB_STRUCT_STAT sbuf;
2918 int info = FILE_WAS_OPENED;
2919 files_struct *fsp = NULL;
2920 NTSTATUS status;
2921
2922 DEBUG(10,("create_file: access_mask = 0x%x "
2923 "file_attributes = 0x%x, share_access = 0x%x, "
2924 "create_disposition = 0x%x create_options = 0x%x "
2925 "oplock_request = 0x%x "
2926 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
2927 "fname = %s\n",
2928 (unsigned int)access_mask,
2929 (unsigned int)file_attributes,
2930 (unsigned int)share_access,
2931 (unsigned int)create_disposition,
2932 (unsigned int)create_options,
2933 (unsigned int)oplock_request,
2934 (unsigned int)root_dir_fid,
2935 ea_list, sd, fname));
2936
2937 /*
2938 * Get the file name.
2939 */
2940
2941 if (root_dir_fid != 0) {
2942 /*
2943 * This filename is relative to a directory fid.
2944 */
2945 char *parent_fname = NULL;
2946 files_struct *dir_fsp = file_fsp(root_dir_fid);
2947
2948 if (dir_fsp == NULL) {
2949 status = NT_STATUS_INVALID_HANDLE;
2950 goto fail;
2951 }
2952
2953 if (!dir_fsp->is_directory) {
2954
2955 /*
2956 * Check to see if this is a mac fork of some kind.
2957 */
2958
2959 if (is_ntfs_stream_name(fname)) {
2960 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
2961 goto fail;
2962 }
2963
2964 /*
2965 we need to handle the case when we get a
2966 relative open relative to a file and the
2967 pathname is blank - this is a reopen!
2968 (hint from demyn plantenberg)
2969 */
2970
2971 status = NT_STATUS_INVALID_HANDLE;
2972 goto fail;
2973 }
2974
2975 if (ISDOT(dir_fsp->fsp_name)) {
2976 /*
2977 * We're at the toplevel dir, the final file name
2978 * must not contain ./, as this is filtered out
2979 * normally by srvstr_get_path and unix_convert
2980 * explicitly rejects paths containing ./.
2981 */
2982 parent_fname = talloc_strdup(talloc_tos(), "");
2983 if (parent_fname == NULL) {
2984 status = NT_STATUS_NO_MEMORY;
2985 goto fail;
2986 }
2987 } else {
2988 size_t dir_name_len = strlen(dir_fsp->fsp_name);
2989
2990 /*
2991 * Copy in the base directory name.
2992 */
2993
2994 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
2995 dir_name_len+2);
2996 if (parent_fname == NULL) {
2997 status = NT_STATUS_NO_MEMORY;
2998 goto fail;
2999 }
3000 memcpy(parent_fname, dir_fsp->fsp_name,
3001 dir_name_len+1);
3002
3003 /*
3004 * Ensure it ends in a '/'.
3005 * We used TALLOC_SIZE +2 to add space for the '/'.
3006 */
3007
3008 if(dir_name_len
3009 && (parent_fname[dir_name_len-1] != '\\')
3010 && (parent_fname[dir_name_len-1] != '/')) {
3011 parent_fname[dir_name_len] = '/';
3012 parent_fname[dir_name_len+1] = '\0';
3013 }
3014 }
3015
3016 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3017 fname);
3018 if (fname == NULL) {
3019 status = NT_STATUS_NO_MEMORY;
3020 goto fail;
3021 }
3022 }
3023
3024 /*
3025 * Check to see if this is a mac fork of some kind.
3026 */
3027
3028 if (is_ntfs_stream_name(fname)) {
3029 enum FAKE_FILE_TYPE fake_file_type;
3030
3031 fake_file_type = is_fake_file(fname);
3032
3033 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3034
3035 /*
3036 * Here we go! support for changing the disk quotas
3037 * --metze
3038 *
3039 * We need to fake up to open this MAGIC QUOTA file
3040 * and return a valid FID.
3041 *
3042 * w2k close this file directly after openening xp
3043 * also tries a QUERY_FILE_INFO on the file and then
3044 * close it
3045 */
3046 status = open_fake_file(conn, fake_file_type, fname,
3047 access_mask, &fsp);
3048 if (!NT_STATUS_IS_OK(status)) {
3049 goto fail;
3050 }
3051
3052 ZERO_STRUCT(sbuf);
3053 goto done;
3054 }
3055 }
3056
3057 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3058 char *resolved_fname;
3059
3060 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3061 &resolved_fname);
3062
3063 if (!NT_STATUS_IS_OK(status)) {
3064 /*
3065 * For PATH_NOT_COVERED we had
3066 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3067 * ERRSRV, ERRbadpath);
3068 * Need to fix in callers
3069 */
3070 goto fail;
3071 }
3072 fname = resolved_fname;
3073 }
3074
3075 /*
3076 * Check if POSIX semantics are wanted.
3077 */
3078
3079 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3080 case_state = set_posix_case_semantics(talloc_tos(), conn);
3081 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
3082 }
3083
3084 {
3085 char *converted_fname;
3086
3087 SET_STAT_INVALID(sbuf);
3088
3089 status = unix_convert(talloc_tos(), conn, fname, False,
3090 &converted_fname, NULL, &sbuf);
3091 if (!NT_STATUS_IS_OK(status)) {
3092 goto fail;
3093 }
3094 fname = converted_fname;
3095 }
3096
3097 TALLOC_FREE(case_state);
3098
3099 /* All file access must go through check_name() */
3100
3101 status = check_name(conn, fname);
3102 if (!NT_STATUS_IS_OK(status)) {
3103 goto fail;
3104 }
3105
3106 status = create_file_unixpath(
3107 conn, req, fname, access_mask, share_access,
3108 create_disposition, create_options, file_attributes,
3109 oplock_request, allocation_size, sd, ea_list,
3110 &fsp, &info, &sbuf);
3111
3112 if (!NT_STATUS_IS_OK(status)) {
3113 goto fail;
3114 }
3115
3116 done:
3117 DEBUG(10, ("create_file: info=%d\n", info));
3118
3119 *result = fsp;
3120 if (pinfo != NULL) {
3121 *pinfo = info;
3122 }
3123 if (psbuf != NULL) {
3124 *psbuf = sbuf;
3125 }
3126 return NT_STATUS_OK;
3127
3128 fail:
3129 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3130
3131 if (fsp != NULL) {
3132 close_file(fsp, ERROR_CLOSE);
3133 fsp = NULL;
3134 }
3135 return status;
3136 }
Samba GIT mirror