2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/filesys.h"
25 #include "smbd/smbd.h"
26 #include "smbd/globals.h"
27 #include "fake_file.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_security.h"
33 extern const struct generic_mapping file_generic_mapping
;
35 struct deferred_open_record
{
36 bool delayed_for_oplocks
;
40 /****************************************************************************
41 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
42 ****************************************************************************/
44 NTSTATUS
smb1_file_se_access_check(struct connection_struct
*conn
,
45 const struct security_descriptor
*sd
,
46 const struct security_token
*token
,
47 uint32_t access_desired
,
48 uint32_t *access_granted
)
52 if (get_current_uid(conn
) == (uid_t
)0) {
53 /* I'm sorry sir, I didn't know you were root... */
54 *access_granted
= access_desired
;
55 if (access_desired
& SEC_FLAG_MAXIMUM_ALLOWED
) {
56 *access_granted
|= FILE_GENERIC_ALL
;
61 return se_access_check(sd
,
63 (access_desired
& ~FILE_READ_ATTRIBUTES
),
67 /****************************************************************************
68 Check if we have open rights.
69 ****************************************************************************/
71 NTSTATUS
smbd_check_open_rights(struct connection_struct
*conn
,
72 const struct smb_filename
*smb_fname
,
74 uint32_t *access_granted
)
76 /* Check if we have rights to open. */
78 struct security_descriptor
*sd
= NULL
;
79 uint32_t rejected_share_access
;
81 rejected_share_access
= access_mask
& ~(conn
->share_access
);
83 if (rejected_share_access
) {
84 *access_granted
= rejected_share_access
;
85 return NT_STATUS_ACCESS_DENIED
;
88 if ((access_mask
& DELETE_ACCESS
) && !lp_acl_check_permissions(SNUM(conn
))) {
89 *access_granted
= access_mask
;
91 DEBUG(10,("smbd_check_open_rights: not checking ACL "
92 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
93 smb_fname_str_dbg(smb_fname
),
94 (unsigned int)*access_granted
));
98 status
= SMB_VFS_GET_NT_ACL(conn
, smb_fname
->base_name
,
103 if (!NT_STATUS_IS_OK(status
)) {
104 DEBUG(10, ("smbd_check_open_rights: Could not get acl "
106 smb_fname_str_dbg(smb_fname
),
111 status
= smb1_file_se_access_check(conn
,
113 get_current_nttok(conn
),
117 DEBUG(10,("smbd_check_open_rights: file %s requesting "
118 "0x%x returning 0x%x (%s)\n",
119 smb_fname_str_dbg(smb_fname
),
120 (unsigned int)access_mask
,
121 (unsigned int)*access_granted
,
122 nt_errstr(status
) ));
124 if (!NT_STATUS_IS_OK(status
)) {
125 if (DEBUGLEVEL
>= 10) {
126 DEBUG(10,("smbd_check_open_rights: acl for %s is:\n",
127 smb_fname_str_dbg(smb_fname
) ));
128 NDR_PRINT_DEBUG(security_descriptor
, sd
);
137 /****************************************************************************
138 fd support routines - attempt to do a dos_open.
139 ****************************************************************************/
141 static NTSTATUS
fd_open(struct connection_struct
*conn
,
146 struct smb_filename
*smb_fname
= fsp
->fsp_name
;
147 NTSTATUS status
= NT_STATUS_OK
;
151 * Never follow symlinks on a POSIX client. The
152 * client should be doing this.
155 if (fsp
->posix_open
|| !lp_symlinks(SNUM(conn
))) {
160 fsp
->fh
->fd
= SMB_VFS_OPEN(conn
, smb_fname
, fsp
, flags
, mode
);
161 if (fsp
->fh
->fd
== -1) {
162 status
= map_nt_error_from_unix(errno
);
163 if (errno
== EMFILE
) {
164 static time_t last_warned
= 0L;
166 if (time((time_t *) NULL
) > last_warned
) {
167 DEBUG(0,("Too many open files, unable "
168 "to open more! smbd's max "
170 lp_max_open_files()));
171 last_warned
= time((time_t *) NULL
);
177 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
178 smb_fname_str_dbg(smb_fname
), flags
, (int)mode
, fsp
->fh
->fd
,
179 (fsp
->fh
->fd
== -1) ? strerror(errno
) : "" ));
184 /****************************************************************************
185 Close the file associated with a fsp.
186 ****************************************************************************/
188 NTSTATUS
fd_close(files_struct
*fsp
)
195 if (fsp
->fh
->fd
== -1) {
196 return NT_STATUS_OK
; /* What we used to call a stat open. */
198 if (fsp
->fh
->ref_count
> 1) {
199 return NT_STATUS_OK
; /* Shared handle. Only close last reference. */
202 ret
= SMB_VFS_CLOSE(fsp
);
205 return map_nt_error_from_unix(errno
);
210 /****************************************************************************
211 Change the ownership of a file to that of the parent directory.
212 Do this by fd if possible.
213 ****************************************************************************/
215 void change_file_owner_to_parent(connection_struct
*conn
,
216 const char *inherit_from_dir
,
219 struct smb_filename
*smb_fname_parent
= NULL
;
223 status
= create_synthetic_smb_fname(talloc_tos(), inherit_from_dir
,
224 NULL
, NULL
, &smb_fname_parent
);
225 if (!NT_STATUS_IS_OK(status
)) {
229 ret
= SMB_VFS_STAT(conn
, smb_fname_parent
);
231 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
232 "directory %s. Error was %s\n",
233 smb_fname_str_dbg(smb_fname_parent
),
235 TALLOC_FREE(smb_fname_parent
);
239 if (smb_fname_parent
->st
.st_ex_uid
== fsp
->fsp_name
->st
.st_ex_uid
) {
240 /* Already this uid - no need to change. */
241 DEBUG(10,("change_file_owner_to_parent: file %s "
242 "is already owned by uid %d\n",
244 (int)fsp
->fsp_name
->st
.st_ex_uid
));
245 TALLOC_FREE(smb_fname_parent
);
250 ret
= SMB_VFS_FCHOWN(fsp
, smb_fname_parent
->st
.st_ex_uid
, (gid_t
)-1);
253 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
254 "file %s to parent directory uid %u. Error "
255 "was %s\n", fsp_str_dbg(fsp
),
256 (unsigned int)smb_fname_parent
->st
.st_ex_uid
,
259 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
260 "parent directory uid %u.\n", fsp_str_dbg(fsp
),
261 (unsigned int)smb_fname_parent
->st
.st_ex_uid
));
262 /* Ensure the uid entry is updated. */
263 fsp
->fsp_name
->st
.st_ex_uid
= smb_fname_parent
->st
.st_ex_uid
;
266 TALLOC_FREE(smb_fname_parent
);
269 NTSTATUS
change_dir_owner_to_parent(connection_struct
*conn
,
270 const char *inherit_from_dir
,
272 SMB_STRUCT_STAT
*psbuf
)
274 struct smb_filename
*smb_fname_parent
= NULL
;
275 struct smb_filename
*smb_fname_cwd
= NULL
;
276 char *saved_dir
= NULL
;
277 TALLOC_CTX
*ctx
= talloc_tos();
278 NTSTATUS status
= NT_STATUS_OK
;
281 status
= create_synthetic_smb_fname(ctx
, inherit_from_dir
, NULL
, NULL
,
283 if (!NT_STATUS_IS_OK(status
)) {
287 ret
= SMB_VFS_STAT(conn
, smb_fname_parent
);
289 status
= map_nt_error_from_unix(errno
);
290 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
291 "directory %s. Error was %s\n",
292 smb_fname_str_dbg(smb_fname_parent
),
297 /* We've already done an lstat into psbuf, and we know it's a
298 directory. If we can cd into the directory and the dev/ino
299 are the same then we can safely chown without races as
300 we're locking the directory in place by being in it. This
301 should work on any UNIX (thanks tridge :-). JRA.
304 saved_dir
= vfs_GetWd(ctx
,conn
);
306 status
= map_nt_error_from_unix(errno
);
307 DEBUG(0,("change_dir_owner_to_parent: failed to get "
308 "current working directory. Error was %s\n",
313 /* Chdir into the new path. */
314 if (vfs_ChDir(conn
, fname
) == -1) {
315 status
= map_nt_error_from_unix(errno
);
316 DEBUG(0,("change_dir_owner_to_parent: failed to change "
317 "current working directory to %s. Error "
318 "was %s\n", fname
, strerror(errno
) ));
322 status
= create_synthetic_smb_fname(ctx
, ".", NULL
, NULL
,
324 if (!NT_STATUS_IS_OK(status
)) {
328 ret
= SMB_VFS_STAT(conn
, smb_fname_cwd
);
330 status
= map_nt_error_from_unix(errno
);
331 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
332 "directory '.' (%s) Error was %s\n",
333 fname
, strerror(errno
)));
337 /* Ensure we're pointing at the same place. */
338 if (smb_fname_cwd
->st
.st_ex_dev
!= psbuf
->st_ex_dev
||
339 smb_fname_cwd
->st
.st_ex_ino
!= psbuf
->st_ex_ino
) {
340 DEBUG(0,("change_dir_owner_to_parent: "
341 "device/inode on directory %s changed. "
342 "Refusing to chown !\n", fname
));
343 status
= NT_STATUS_ACCESS_DENIED
;
347 if (smb_fname_parent
->st
.st_ex_uid
== smb_fname_cwd
->st
.st_ex_uid
) {
348 /* Already this uid - no need to change. */
349 DEBUG(10,("change_dir_owner_to_parent: directory %s "
350 "is already owned by uid %d\n",
352 (int)smb_fname_cwd
->st
.st_ex_uid
));
353 status
= NT_STATUS_OK
;
358 ret
= SMB_VFS_LCHOWN(conn
, ".", smb_fname_parent
->st
.st_ex_uid
,
362 status
= map_nt_error_from_unix(errno
);
363 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
364 "directory %s to parent directory uid %u. "
365 "Error was %s\n", fname
,
366 (unsigned int)smb_fname_parent
->st
.st_ex_uid
,
371 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
372 "directory %s to parent directory uid %u.\n",
373 fname
, (unsigned int)smb_fname_parent
->st
.st_ex_uid
));
376 vfs_ChDir(conn
,saved_dir
);
378 TALLOC_FREE(smb_fname_parent
);
379 TALLOC_FREE(smb_fname_cwd
);
383 /****************************************************************************
385 ****************************************************************************/
387 static NTSTATUS
open_file(files_struct
*fsp
,
388 connection_struct
*conn
,
389 struct smb_request
*req
,
390 const char *parent_dir
,
393 uint32 access_mask
, /* client requested access mask. */
394 uint32 open_access_mask
) /* what we're actually using in the open. */
396 struct smb_filename
*smb_fname
= fsp
->fsp_name
;
397 NTSTATUS status
= NT_STATUS_OK
;
398 int accmode
= (flags
& O_ACCMODE
);
399 int local_flags
= flags
;
400 bool file_existed
= VALID_STAT(fsp
->fsp_name
->st
);
401 bool file_created
= false;
406 /* Check permissions */
409 * This code was changed after seeing a client open request
410 * containing the open mode of (DENY_WRITE/read-only) with
411 * the 'create if not exist' bit set. The previous code
412 * would fail to open the file read only on a read-only share
413 * as it was checking the flags parameter directly against O_RDONLY,
414 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
418 if (!CAN_WRITE(conn
)) {
419 /* It's a read-only share - fail if we wanted to write. */
420 if(accmode
!= O_RDONLY
|| (flags
& O_TRUNC
) || (flags
& O_APPEND
)) {
421 DEBUG(3,("Permission denied opening %s\n",
422 smb_fname_str_dbg(smb_fname
)));
423 return NT_STATUS_ACCESS_DENIED
;
424 } else if(flags
& O_CREAT
) {
425 /* We don't want to write - but we must make sure that
426 O_CREAT doesn't create the file if we have write
427 access into the directory.
429 flags
&= ~(O_CREAT
|O_EXCL
);
430 local_flags
&= ~(O_CREAT
|O_EXCL
);
435 * This little piece of insanity is inspired by the
436 * fact that an NT client can open a file for O_RDONLY,
437 * but set the create disposition to FILE_EXISTS_TRUNCATE.
438 * If the client *can* write to the file, then it expects to
439 * truncate the file, even though it is opening for readonly.
440 * Quicken uses this stupid trick in backup file creation...
441 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
442 * for helping track this one down. It didn't bite us in 2.0.x
443 * as we always opened files read-write in that release. JRA.
446 if ((accmode
== O_RDONLY
) && ((flags
& O_TRUNC
) == O_TRUNC
)) {
447 DEBUG(10,("open_file: truncate requested on read-only open "
448 "for file %s\n", smb_fname_str_dbg(smb_fname
)));
449 local_flags
= (flags
& ~O_ACCMODE
)|O_RDWR
;
452 if ((open_access_mask
& (FILE_READ_DATA
|FILE_WRITE_DATA
|FILE_APPEND_DATA
|FILE_EXECUTE
)) ||
453 (!file_existed
&& (local_flags
& O_CREAT
)) ||
454 ((local_flags
& O_TRUNC
) == O_TRUNC
) ) {
458 * We can't actually truncate here as the file may be locked.
459 * open_file_ntcreate will take care of the truncate later. JRA.
462 local_flags
&= ~O_TRUNC
;
464 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
466 * We would block on opening a FIFO with no one else on the
467 * other end. Do what we used to do and add O_NONBLOCK to the
471 if (file_existed
&& S_ISFIFO(smb_fname
->st
.st_ex_mode
)) {
472 local_flags
|= O_NONBLOCK
;
476 /* Don't create files with Microsoft wildcard characters. */
479 * wildcard characters are allowed in stream names
480 * only test the basefilename
482 wild
= fsp
->base_fsp
->fsp_name
->base_name
;
484 wild
= smb_fname
->base_name
;
486 if ((local_flags
& O_CREAT
) && !file_existed
&&
488 return NT_STATUS_OBJECT_NAME_INVALID
;
491 /* Actually do the open */
492 status
= fd_open(conn
, fsp
, local_flags
, unx_mode
);
493 if (!NT_STATUS_IS_OK(status
)) {
494 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
495 "(flags=%d)\n", smb_fname_str_dbg(smb_fname
),
496 nt_errstr(status
),local_flags
,flags
));
500 if ((local_flags
& O_CREAT
) && !file_existed
) {
505 fsp
->fh
->fd
= -1; /* What we used to call a stat open. */
507 uint32_t access_granted
= 0;
509 status
= smbd_check_open_rights(conn
,
513 if (!NT_STATUS_IS_OK(status
)) {
514 if (NT_STATUS_EQUAL(status
, NT_STATUS_ACCESS_DENIED
)) {
516 * On NT_STATUS_ACCESS_DENIED, access_granted
517 * contains the denied bits.
520 if ((access_mask
& FILE_WRITE_ATTRIBUTES
) &&
521 (access_granted
& FILE_WRITE_ATTRIBUTES
) &&
522 (lp_map_readonly(SNUM(conn
)) ||
523 lp_map_archive(SNUM(conn
)) ||
524 lp_map_hidden(SNUM(conn
)) ||
525 lp_map_system(SNUM(conn
)))) {
526 access_granted
&= ~FILE_WRITE_ATTRIBUTES
;
528 DEBUG(10,("open_file: "
537 if ((access_mask
& DELETE_ACCESS
) &&
538 (access_granted
& DELETE_ACCESS
) &&
539 can_delete_file_in_directory(conn
,
541 /* Were we trying to do a stat open
542 * for delete and didn't get DELETE
543 * access (only) ? Check if the
544 * directory allows DELETE_CHILD.
546 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
549 access_granted
&= ~DELETE_ACCESS
;
551 DEBUG(10,("open_file: "
559 if (access_granted
!= 0) {
560 DEBUG(10,("open_file: Access "
567 } else if (NT_STATUS_EQUAL(status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
) &&
569 S_ISLNK(smb_fname
->st
.st_ex_mode
)) {
570 /* This is a POSIX stat open for delete
571 * or rename on a symlink that points
573 DEBUG(10,("open_file: allowing POSIX "
574 "open on bad symlink %s\n",
578 DEBUG(10,("open_file: "
579 "smbd_check_open_rights on file "
581 smb_fname_str_dbg(smb_fname
),
582 nt_errstr(status
) ));
592 if (fsp
->fh
->fd
== -1) {
593 ret
= SMB_VFS_STAT(conn
, smb_fname
);
595 ret
= SMB_VFS_FSTAT(fsp
, &smb_fname
->st
);
596 /* If we have an fd, this stat should succeed. */
598 DEBUG(0,("Error doing fstat on open file %s "
600 smb_fname_str_dbg(smb_fname
),
605 /* For a non-io open, this stat failing means file not found. JRA */
607 status
= map_nt_error_from_unix(errno
);
613 bool need_re_stat
= false;
614 /* Do all inheritance work after we've
615 done a successful stat call and filled
616 in the stat struct in fsp->fsp_name. */
618 /* Inherit the ACL if required */
619 if (lp_inherit_perms(SNUM(conn
))) {
620 inherit_access_posix_acl(conn
, parent_dir
,
621 smb_fname
->base_name
,
626 /* Change the owner if required. */
627 if (lp_inherit_owner(SNUM(conn
))) {
628 change_file_owner_to_parent(conn
, parent_dir
,
634 if (fsp
->fh
->fd
== -1) {
635 ret
= SMB_VFS_STAT(conn
, smb_fname
);
637 ret
= SMB_VFS_FSTAT(fsp
, &smb_fname
->st
);
638 /* If we have an fd, this stat should succeed. */
640 DEBUG(0,("Error doing fstat on open file %s "
642 smb_fname_str_dbg(smb_fname
),
648 notify_fname(conn
, NOTIFY_ACTION_ADDED
,
649 FILE_NOTIFY_CHANGE_FILE_NAME
,
650 smb_fname
->base_name
);
655 * POSIX allows read-only opens of directories. We don't
656 * want to do this (we use a different code path for this)
657 * so catch a directory open and return an EISDIR. JRA.
660 if(S_ISDIR(smb_fname
->st
.st_ex_mode
)) {
663 return NT_STATUS_FILE_IS_A_DIRECTORY
;
666 fsp
->mode
= smb_fname
->st
.st_ex_mode
;
667 fsp
->file_id
= vfs_file_id_from_sbuf(conn
, &smb_fname
->st
);
668 fsp
->vuid
= req
? req
->vuid
: UID_FIELD_INVALID
;
669 fsp
->file_pid
= req
? req
->smbpid
: 0;
670 fsp
->can_lock
= True
;
671 fsp
->can_read
= (access_mask
& (FILE_READ_DATA
)) ? True
: False
;
672 if (!CAN_WRITE(conn
)) {
673 fsp
->can_write
= False
;
675 fsp
->can_write
= (access_mask
& (FILE_WRITE_DATA
| FILE_APPEND_DATA
)) ?
678 fsp
->print_file
= NULL
;
679 fsp
->modified
= False
;
680 fsp
->sent_oplock_break
= NO_BREAK_SENT
;
681 fsp
->is_directory
= False
;
682 if (conn
->aio_write_behind_list
&&
683 is_in_path(smb_fname
->base_name
, conn
->aio_write_behind_list
,
684 conn
->case_sensitive
)) {
685 fsp
->aio_write_behind
= True
;
688 fsp
->wcp
= NULL
; /* Write cache pointer. */
690 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
691 conn
->session_info
->unix_name
,
692 smb_fname_str_dbg(smb_fname
),
693 BOOLSTR(fsp
->can_read
), BOOLSTR(fsp
->can_write
),
694 conn
->num_files_open
));
700 /****************************************************************************
701 Check if we can open a file with a share mode.
702 Returns True if conflict, False if not.
703 ****************************************************************************/
705 static bool share_conflict(struct share_mode_entry
*entry
,
709 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
710 "entry->share_access = 0x%x, "
711 "entry->private_options = 0x%x\n",
712 (unsigned int)entry
->access_mask
,
713 (unsigned int)entry
->share_access
,
714 (unsigned int)entry
->private_options
));
716 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
717 (unsigned int)access_mask
, (unsigned int)share_access
));
719 if ((entry
->access_mask
& (FILE_WRITE_DATA
|
723 DELETE_ACCESS
)) == 0) {
724 DEBUG(10,("share_conflict: No conflict due to "
725 "entry->access_mask = 0x%x\n",
726 (unsigned int)entry
->access_mask
));
730 if ((access_mask
& (FILE_WRITE_DATA
|
734 DELETE_ACCESS
)) == 0) {
735 DEBUG(10,("share_conflict: No conflict due to "
736 "access_mask = 0x%x\n",
737 (unsigned int)access_mask
));
741 #if 1 /* JRA TEST - Superdebug. */
742 #define CHECK_MASK(num, am, right, sa, share) \
743 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
744 (unsigned int)(num), (unsigned int)(am), \
745 (unsigned int)(right), (unsigned int)(am)&(right) )); \
746 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
747 (unsigned int)(num), (unsigned int)(sa), \
748 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
749 if (((am) & (right)) && !((sa) & (share))) { \
750 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
751 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
752 (unsigned int)(share) )); \
756 #define CHECK_MASK(num, am, right, sa, share) \
757 if (((am) & (right)) && !((sa) & (share))) { \
758 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
759 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
760 (unsigned int)(share) )); \
765 CHECK_MASK(1, entry
->access_mask
, FILE_WRITE_DATA
| FILE_APPEND_DATA
,
766 share_access
, FILE_SHARE_WRITE
);
767 CHECK_MASK(2, access_mask
, FILE_WRITE_DATA
| FILE_APPEND_DATA
,
768 entry
->share_access
, FILE_SHARE_WRITE
);
770 CHECK_MASK(3, entry
->access_mask
, FILE_READ_DATA
| FILE_EXECUTE
,
771 share_access
, FILE_SHARE_READ
);
772 CHECK_MASK(4, access_mask
, FILE_READ_DATA
| FILE_EXECUTE
,
773 entry
->share_access
, FILE_SHARE_READ
);
775 CHECK_MASK(5, entry
->access_mask
, DELETE_ACCESS
,
776 share_access
, FILE_SHARE_DELETE
);
777 CHECK_MASK(6, access_mask
, DELETE_ACCESS
,
778 entry
->share_access
, FILE_SHARE_DELETE
);
780 DEBUG(10,("share_conflict: No conflict.\n"));
784 #if defined(DEVELOPER)
785 static void validate_my_share_entries(struct smbd_server_connection
*sconn
,
787 struct share_mode_entry
*share_entry
)
791 if (!procid_is_me(&share_entry
->pid
)) {
795 if (is_deferred_open_entry(share_entry
) &&
796 !open_was_deferred(share_entry
->op_mid
)) {
797 char *str
= talloc_asprintf(talloc_tos(),
798 "Got a deferred entry without a request: "
800 share_mode_str(talloc_tos(), num
, share_entry
));
804 if (!is_valid_share_mode_entry(share_entry
)) {
808 fsp
= file_find_dif(sconn
, share_entry
->id
,
809 share_entry
->share_file_id
);
811 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
812 share_mode_str(talloc_tos(), num
, share_entry
) ));
813 smb_panic("validate_my_share_entries: Cannot match a "
814 "share entry with an open file\n");
817 if (is_deferred_open_entry(share_entry
) ||
818 is_unused_share_mode_entry(share_entry
)) {
822 if ((share_entry
->op_type
== NO_OPLOCK
) &&
823 (fsp
->oplock_type
== FAKE_LEVEL_II_OPLOCK
)) {
824 /* Someone has already written to it, but I haven't yet
829 if (((uint16
)fsp
->oplock_type
) != share_entry
->op_type
) {
838 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
839 share_mode_str(talloc_tos(), num
, share_entry
) ));
840 str
= talloc_asprintf(talloc_tos(),
841 "validate_my_share_entries: "
842 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
843 fsp
->fsp_name
->base_name
,
844 (unsigned int)fsp
->oplock_type
,
845 (unsigned int)share_entry
->op_type
);
851 bool is_stat_open(uint32 access_mask
)
853 return (access_mask
&&
854 ((access_mask
& ~(SYNCHRONIZE_ACCESS
| FILE_READ_ATTRIBUTES
|
855 FILE_WRITE_ATTRIBUTES
))==0) &&
856 ((access_mask
& (SYNCHRONIZE_ACCESS
|FILE_READ_ATTRIBUTES
|
857 FILE_WRITE_ATTRIBUTES
)) != 0));
860 /****************************************************************************
861 Deal with share modes
862 Invarient: Share mode must be locked on entry and exit.
863 Returns -1 on error, or number of share modes on success (may be zero).
864 ****************************************************************************/
866 static NTSTATUS
open_mode_check(connection_struct
*conn
,
867 struct share_mode_lock
*lck
,
871 uint32 create_options
,
876 if(lck
->num_share_modes
== 0) {
880 *file_existed
= True
;
882 /* A delete on close prohibits everything */
884 if (is_delete_on_close_set(lck
, name_hash
)) {
885 return NT_STATUS_DELETE_PENDING
;
888 if (is_stat_open(access_mask
)) {
889 /* Stat open that doesn't trigger oplock breaks or share mode
890 * checks... ! JRA. */
895 * Check if the share modes will give us access.
898 #if defined(DEVELOPER)
899 for(i
= 0; i
< lck
->num_share_modes
; i
++) {
900 validate_my_share_entries(conn
->sconn
, i
,
901 &lck
->share_modes
[i
]);
905 if (!lp_share_modes(SNUM(conn
))) {
909 /* Now we check the share modes, after any oplock breaks. */
910 for(i
= 0; i
< lck
->num_share_modes
; i
++) {
912 if (!is_valid_share_mode_entry(&lck
->share_modes
[i
])) {
916 /* someone else has a share lock on it, check to see if we can
918 if (share_conflict(&lck
->share_modes
[i
],
919 access_mask
, share_access
)) {
920 return NT_STATUS_SHARING_VIOLATION
;
927 static bool is_delete_request(files_struct
*fsp
) {
928 return ((fsp
->access_mask
== DELETE_ACCESS
) &&
929 (fsp
->oplock_type
== NO_OPLOCK
));
933 * Send a break message to the oplock holder and delay the open for
937 static NTSTATUS
send_break_message(files_struct
*fsp
,
938 struct share_mode_entry
*exclusive
,
943 char msg
[MSG_SMB_SHARE_MODE_ENTRY_SIZE
];
945 DEBUG(10, ("Sending break request to PID %s\n",
946 procid_str_static(&exclusive
->pid
)));
947 exclusive
->op_mid
= mid
;
949 /* Create the message. */
950 share_mode_entry_to_message(msg
, exclusive
);
952 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
953 don't want this set in the share mode struct pointed to by lck. */
955 if (oplock_request
& FORCE_OPLOCK_BREAK_TO_NONE
) {
956 SSVAL(msg
,OP_BREAK_MSG_OP_TYPE_OFFSET
,
957 exclusive
->op_type
| FORCE_OPLOCK_BREAK_TO_NONE
);
960 status
= messaging_send_buf(fsp
->conn
->sconn
->msg_ctx
, exclusive
->pid
,
961 MSG_SMB_BREAK_REQUEST
,
963 MSG_SMB_SHARE_MODE_ENTRY_SIZE
);
964 if (!NT_STATUS_IS_OK(status
)) {
965 DEBUG(3, ("Could not send oplock break message: %s\n",
973 * Return share_mode_entry pointers for :
974 * 1). Batch oplock entry.
975 * 2). Batch or exclusive oplock entry (may be identical to #1).
976 * bool have_level2_oplock
977 * bool have_no_oplock.
978 * Do internal consistency checks on the share mode for a file.
981 static void find_oplock_types(files_struct
*fsp
,
983 struct share_mode_lock
*lck
,
984 struct share_mode_entry
**pp_batch
,
985 struct share_mode_entry
**pp_ex_or_batch
,
992 *pp_ex_or_batch
= NULL
;
994 *got_no_oplock
= false;
996 /* Ignore stat or internal opens, as is done in
997 delay_for_batch_oplocks() and
998 delay_for_exclusive_oplocks().
1000 if ((oplock_request
& INTERNAL_OPEN_ONLY
) || is_stat_open(fsp
->access_mask
)) {
1004 for (i
=0; i
<lck
->num_share_modes
; i
++) {
1005 if (!is_valid_share_mode_entry(&lck
->share_modes
[i
])) {
1009 if (lck
->share_modes
[i
].op_type
== NO_OPLOCK
&&
1010 is_stat_open(lck
->share_modes
[i
].access_mask
)) {
1011 /* We ignore stat opens in the table - they
1012 always have NO_OPLOCK and never get or
1013 cause breaks. JRA. */
1017 if (BATCH_OPLOCK_TYPE(lck
->share_modes
[i
].op_type
)) {
1018 /* batch - can only be one. */
1019 if (*pp_ex_or_batch
|| *pp_batch
|| *got_level2
|| *got_no_oplock
) {
1020 smb_panic("Bad batch oplock entry.");
1022 *pp_batch
= &lck
->share_modes
[i
];
1025 if (EXCLUSIVE_OPLOCK_TYPE(lck
->share_modes
[i
].op_type
)) {
1026 /* Exclusive or batch - can only be one. */
1027 if (*pp_ex_or_batch
|| *got_level2
|| *got_no_oplock
) {
1028 smb_panic("Bad exclusive or batch oplock entry.");
1030 *pp_ex_or_batch
= &lck
->share_modes
[i
];
1033 if (LEVEL_II_OPLOCK_TYPE(lck
->share_modes
[i
].op_type
)) {
1034 if (*pp_batch
|| *pp_ex_or_batch
) {
1035 smb_panic("Bad levelII oplock entry.");
1040 if (lck
->share_modes
[i
].op_type
== NO_OPLOCK
) {
1041 if (*pp_batch
|| *pp_ex_or_batch
) {
1042 smb_panic("Bad no oplock entry.");
1044 *got_no_oplock
= true;
1049 static bool delay_for_batch_oplocks(files_struct
*fsp
,
1052 struct share_mode_entry
*batch_entry
)
1054 if ((oplock_request
& INTERNAL_OPEN_ONLY
) || is_stat_open(fsp
->access_mask
)) {
1058 if (batch_entry
!= NULL
) {
1059 /* Found a batch oplock */
1060 send_break_message(fsp
, batch_entry
, mid
, oplock_request
);
1066 static bool delay_for_exclusive_oplocks(files_struct
*fsp
,
1069 struct share_mode_entry
*ex_entry
)
1071 if ((oplock_request
& INTERNAL_OPEN_ONLY
) || is_stat_open(fsp
->access_mask
)) {
1075 if (ex_entry
!= NULL
) {
1076 /* Found an exclusive or batch oplock */
1077 bool delay_it
= is_delete_request(fsp
) ?
1078 BATCH_OPLOCK_TYPE(ex_entry
->op_type
) : true;
1080 send_break_message(fsp
, ex_entry
, mid
, oplock_request
);
1087 static void grant_fsp_oplock_type(files_struct
*fsp
,
1088 const struct byte_range_lock
*br_lck
,
1090 bool got_level2_oplock
,
1091 bool got_a_none_oplock
)
1093 bool allow_level2
= (global_client_caps
& CAP_LEVEL_II_OPLOCKS
) &&
1094 lp_level2_oplocks(SNUM(fsp
->conn
));
1096 /* Start by granting what the client asked for,
1097 but ensure no SAMBA_PRIVATE bits can be set. */
1098 fsp
->oplock_type
= (oplock_request
& ~SAMBA_PRIVATE_OPLOCK_MASK
);
1100 if (oplock_request
& INTERNAL_OPEN_ONLY
) {
1101 /* No oplocks on internal open. */
1102 fsp
->oplock_type
= NO_OPLOCK
;
1103 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1104 fsp
->oplock_type
, fsp_str_dbg(fsp
)));
1106 } else if (br_lck
&& br_lck
->num_locks
> 0) {
1107 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
1109 fsp
->oplock_type
= NO_OPLOCK
;
1112 if (is_stat_open(fsp
->access_mask
)) {
1113 /* Leave the value already set. */
1114 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1115 fsp
->oplock_type
, fsp_str_dbg(fsp
)));
1120 * Match what was requested (fsp->oplock_type) with
1121 * what was found in the existing share modes.
1124 if (got_a_none_oplock
) {
1125 fsp
->oplock_type
= NO_OPLOCK
;
1126 } else if (got_level2_oplock
) {
1127 if (fsp
->oplock_type
== NO_OPLOCK
||
1128 fsp
->oplock_type
== FAKE_LEVEL_II_OPLOCK
) {
1129 /* Store a level2 oplock, but don't tell the client */
1130 fsp
->oplock_type
= FAKE_LEVEL_II_OPLOCK
;
1132 fsp
->oplock_type
= LEVEL_II_OPLOCK
;
1135 /* All share_mode_entries are placeholders or deferred.
1136 * Silently upgrade to fake levelII if the client didn't
1137 * ask for an oplock. */
1138 if (fsp
->oplock_type
== NO_OPLOCK
) {
1139 /* Store a level2 oplock, but don't tell the client */
1140 fsp
->oplock_type
= FAKE_LEVEL_II_OPLOCK
;
1145 * Don't grant level2 to clients that don't want them
1146 * or if we've turned them off.
1148 if (fsp
->oplock_type
== LEVEL_II_OPLOCK
&& !allow_level2
) {
1149 fsp
->oplock_type
= FAKE_LEVEL_II_OPLOCK
;
1152 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1153 fsp
->oplock_type
, fsp_str_dbg(fsp
)));
1156 bool request_timed_out(struct timeval request_time
,
1157 struct timeval timeout
)
1159 struct timeval now
, end_time
;
1161 end_time
= timeval_sum(&request_time
, &timeout
);
1162 return (timeval_compare(&end_time
, &now
) < 0);
1165 /****************************************************************************
1166 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1167 ****************************************************************************/
1169 static void defer_open(struct share_mode_lock
*lck
,
1170 struct timeval request_time
,
1171 struct timeval timeout
,
1172 struct smb_request
*req
,
1173 struct deferred_open_record
*state
)
1177 /* Paranoia check */
1179 for (i
=0; i
<lck
->num_share_modes
; i
++) {
1180 struct share_mode_entry
*e
= &lck
->share_modes
[i
];
1182 if (!is_deferred_open_entry(e
)) {
1186 if (procid_is_me(&e
->pid
) && (e
->op_mid
== req
->mid
)) {
1187 DEBUG(0, ("Trying to defer an already deferred "
1188 "request: mid=%llu, exiting\n",
1189 (unsigned long long)req
->mid
));
1190 exit_server("attempt to defer a deferred request");
1194 /* End paranoia check */
1196 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1197 "open entry for mid %llu\n",
1198 (unsigned int)request_time
.tv_sec
,
1199 (unsigned int)request_time
.tv_usec
,
1200 (unsigned long long)req
->mid
));
1202 if (!push_deferred_open_message_smb(req
, request_time
, timeout
,
1203 state
->id
, (char *)state
, sizeof(*state
))) {
1204 exit_server("push_deferred_open_message_smb failed");
1206 add_deferred_open(lck
, req
->mid
, request_time
,
1207 sconn_server_id(req
->sconn
), state
->id
);
1211 /****************************************************************************
1212 On overwrite open ensure that the attributes match.
1213 ****************************************************************************/
1215 bool open_match_attributes(connection_struct
*conn
,
1216 uint32 old_dos_attr
,
1217 uint32 new_dos_attr
,
1218 mode_t existing_unx_mode
,
1219 mode_t new_unx_mode
,
1220 mode_t
*returned_unx_mode
)
1222 uint32 noarch_old_dos_attr
, noarch_new_dos_attr
;
1224 noarch_old_dos_attr
= (old_dos_attr
& ~FILE_ATTRIBUTE_ARCHIVE
);
1225 noarch_new_dos_attr
= (new_dos_attr
& ~FILE_ATTRIBUTE_ARCHIVE
);
1227 if((noarch_old_dos_attr
== 0 && noarch_new_dos_attr
!= 0) ||
1228 (noarch_old_dos_attr
!= 0 && ((noarch_old_dos_attr
& noarch_new_dos_attr
) == noarch_old_dos_attr
))) {
1229 *returned_unx_mode
= new_unx_mode
;
1231 *returned_unx_mode
= (mode_t
)0;
1234 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1235 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1236 "returned_unx_mode = 0%o\n",
1237 (unsigned int)old_dos_attr
,
1238 (unsigned int)existing_unx_mode
,
1239 (unsigned int)new_dos_attr
,
1240 (unsigned int)*returned_unx_mode
));
1242 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1243 if (lp_map_system(SNUM(conn
)) || lp_store_dos_attributes(SNUM(conn
))) {
1244 if ((old_dos_attr
& FILE_ATTRIBUTE_SYSTEM
) &&
1245 !(new_dos_attr
& FILE_ATTRIBUTE_SYSTEM
)) {
1249 if (lp_map_hidden(SNUM(conn
)) || lp_store_dos_attributes(SNUM(conn
))) {
1250 if ((old_dos_attr
& FILE_ATTRIBUTE_HIDDEN
) &&
1251 !(new_dos_attr
& FILE_ATTRIBUTE_HIDDEN
)) {
1258 /****************************************************************************
1259 Special FCB or DOS processing in the case of a sharing violation.
1260 Try and find a duplicated file handle.
1261 ****************************************************************************/
1263 NTSTATUS
fcb_or_dos_open(struct smb_request
*req
,
1264 connection_struct
*conn
,
1265 files_struct
*fsp_to_dup_into
,
1266 const struct smb_filename
*smb_fname
,
1271 uint32 share_access
,
1272 uint32 create_options
)
1276 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1277 "file %s.\n", smb_fname_str_dbg(smb_fname
)));
1279 for(fsp
= file_find_di_first(conn
->sconn
, id
); fsp
;
1280 fsp
= file_find_di_next(fsp
)) {
1282 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1283 "vuid = %u, file_pid = %u, private_options = 0x%x "
1284 "access_mask = 0x%x\n", fsp_str_dbg(fsp
),
1285 fsp
->fh
->fd
, (unsigned int)fsp
->vuid
,
1286 (unsigned int)fsp
->file_pid
,
1287 (unsigned int)fsp
->fh
->private_options
,
1288 (unsigned int)fsp
->access_mask
));
1290 if (fsp
->fh
->fd
!= -1 &&
1291 fsp
->vuid
== vuid
&&
1292 fsp
->file_pid
== file_pid
&&
1293 (fsp
->fh
->private_options
& (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
|
1294 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB
)) &&
1295 (fsp
->access_mask
& FILE_WRITE_DATA
) &&
1296 strequal(fsp
->fsp_name
->base_name
, smb_fname
->base_name
) &&
1297 strequal(fsp
->fsp_name
->stream_name
,
1298 smb_fname
->stream_name
)) {
1299 DEBUG(10,("fcb_or_dos_open: file match\n"));
1305 return NT_STATUS_NOT_FOUND
;
1308 /* quite an insane set of semantics ... */
1309 if (is_executable(smb_fname
->base_name
) &&
1310 (fsp
->fh
->private_options
& NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
)) {
1311 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1312 return NT_STATUS_INVALID_PARAMETER
;
1315 /* We need to duplicate this fsp. */
1316 return dup_file_fsp(req
, fsp
, access_mask
, share_access
,
1317 create_options
, fsp_to_dup_into
);
1320 static void schedule_defer_open(struct share_mode_lock
*lck
,
1321 struct timeval request_time
,
1322 struct smb_request
*req
)
1324 struct deferred_open_record state
;
1326 /* This is a relative time, added to the absolute
1327 request_time value to get the absolute timeout time.
1328 Note that if this is the second or greater time we enter
1329 this codepath for this particular request mid then
1330 request_time is left as the absolute time of the *first*
1331 time this request mid was processed. This is what allows
1332 the request to eventually time out. */
1334 struct timeval timeout
;
1336 /* Normally the smbd we asked should respond within
1337 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1338 * the client did, give twice the timeout as a safety
1339 * measure here in case the other smbd is stuck
1340 * somewhere else. */
1342 timeout
= timeval_set(OPLOCK_BREAK_TIMEOUT
*2, 0);
1344 /* Nothing actually uses state.delayed_for_oplocks
1345 but it's handy to differentiate in debug messages
1346 between a 30 second delay due to oplock break, and
1347 a 1 second delay for share mode conflicts. */
1349 state
.delayed_for_oplocks
= True
;
1352 if (!request_timed_out(request_time
, timeout
)) {
1353 defer_open(lck
, request_time
, timeout
, req
, &state
);
1357 /****************************************************************************
1358 Work out what access_mask to use from what the client sent us.
1359 ****************************************************************************/
1361 NTSTATUS
smbd_calculate_access_mask(connection_struct
*conn
,
1362 const struct smb_filename
*smb_fname
,
1364 uint32_t access_mask
,
1365 uint32_t *access_mask_out
)
1368 uint32_t orig_access_mask
= access_mask
;
1369 uint32_t rejected_share_access
;
1372 * Convert GENERIC bits to specific bits.
1375 se_map_generic(&access_mask
, &file_generic_mapping
);
1377 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1378 if (access_mask
& MAXIMUM_ALLOWED_ACCESS
) {
1381 struct security_descriptor
*sd
;
1382 uint32_t access_granted
= 0;
1384 status
= SMB_VFS_GET_NT_ACL(conn
, smb_fname
->base_name
,
1389 if (!NT_STATUS_IS_OK(status
)) {
1390 DEBUG(10,("smbd_calculate_access_mask: "
1391 "Could not get acl on file %s: %s\n",
1392 smb_fname_str_dbg(smb_fname
),
1393 nt_errstr(status
)));
1394 return NT_STATUS_ACCESS_DENIED
;
1397 status
= smb1_file_se_access_check(conn
,
1399 get_current_nttok(conn
),
1405 if (!NT_STATUS_IS_OK(status
)) {
1406 DEBUG(10, ("smbd_calculate_access_mask: "
1407 "Access denied on file %s: "
1408 "when calculating maximum access\n",
1409 smb_fname_str_dbg(smb_fname
)));
1410 return NT_STATUS_ACCESS_DENIED
;
1413 access_mask
= access_granted
;
1415 access_mask
= FILE_GENERIC_ALL
;
1418 access_mask
&= conn
->share_access
;
1421 rejected_share_access
= access_mask
& ~(conn
->share_access
);
1423 if (rejected_share_access
) {
1424 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
1425 "file %s: rejected by share access mask[0x%08X] "
1426 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
1427 smb_fname_str_dbg(smb_fname
),
1429 orig_access_mask
, access_mask
,
1430 rejected_share_access
));
1431 return NT_STATUS_ACCESS_DENIED
;
1434 *access_mask_out
= access_mask
;
1435 return NT_STATUS_OK
;
1438 /****************************************************************************
1439 Remove the deferred open entry under lock.
1440 ****************************************************************************/
1442 void remove_deferred_open_entry(struct file_id id
, uint64_t mid
,
1443 struct server_id pid
)
1445 struct share_mode_lock
*lck
= get_share_mode_lock(talloc_tos(), id
,
1448 DEBUG(0, ("could not get share mode lock\n"));
1450 del_deferred_open_entry(lck
, mid
, pid
);
1455 /****************************************************************
1456 Ensure we get the brlock lock followed by the share mode lock
1457 in the correct order to prevent deadlocks if other smbd's are
1458 using the brlock database on this file simultaneously with this open
1459 (that code also gets the locks in brlock -> share mode lock order).
1460 ****************************************************************/
1462 static bool acquire_ordered_locks(TALLOC_CTX
*mem_ctx
,
1464 const struct file_id id
,
1465 const char *connectpath
,
1466 const struct smb_filename
*smb_fname
,
1467 const struct timespec
*p_old_write_time
,
1468 struct share_mode_lock
**p_lck
,
1469 struct byte_range_lock
**p_br_lck
)
1471 /* Ordering - we must get the br_lck for this
1472 file before the share mode. */
1473 if (lp_locking(fsp
->conn
->params
)) {
1474 *p_br_lck
= brl_get_locks_readonly(fsp
);
1475 if (*p_br_lck
== NULL
) {
1476 DEBUG(0, ("Could not get br_lock\n"));
1479 /* Note - we don't need to free the returned
1480 br_lck explicitly as it was allocated on talloc_tos()
1481 and so will be autofreed (and release the lock)
1482 once the frame context disappears.
1484 If it was set to fsp->brlock_rec then it was
1485 talloc_move'd to hang off the fsp pointer and
1486 in this case is guarenteed to not be holding the
1487 lock on the brlock database. */
1490 *p_lck
= get_share_mode_lock(mem_ctx
,
1496 if (*p_lck
== NULL
) {
1497 DEBUG(0, ("Could not get share mode lock\n"));
1498 TALLOC_FREE(*p_br_lck
);
1504 /****************************************************************************
1505 Open a file with a share mode. Passed in an already created files_struct *.
1506 ****************************************************************************/
1508 static NTSTATUS
open_file_ntcreate(connection_struct
*conn
,
1509 struct smb_request
*req
,
1510 uint32 access_mask
, /* access bits (FILE_READ_DATA etc.) */
1511 uint32 share_access
, /* share constants (FILE_SHARE_READ etc) */
1512 uint32 create_disposition
, /* FILE_OPEN_IF etc. */
1513 uint32 create_options
, /* options such as delete on close. */
1514 uint32 new_dos_attributes
, /* attributes used for new file. */
1515 int oplock_request
, /* internal Samba oplock codes. */
1516 /* Information (FILE_EXISTS etc.) */
1517 uint32_t private_flags
, /* Samba specific flags. */
1521 struct smb_filename
*smb_fname
= fsp
->fsp_name
;
1524 bool file_existed
= VALID_STAT(smb_fname
->st
);
1525 bool def_acl
= False
;
1526 bool posix_open
= False
;
1527 bool new_file_created
= False
;
1528 bool clear_ads
= false;
1530 NTSTATUS fsp_open
= NT_STATUS_ACCESS_DENIED
;
1531 mode_t new_unx_mode
= (mode_t
)0;
1532 mode_t unx_mode
= (mode_t
)0;
1534 uint32 existing_dos_attributes
= 0;
1535 struct timeval request_time
= timeval_zero();
1536 struct share_mode_lock
*lck
= NULL
;
1537 uint32 open_access_mask
= access_mask
;
1543 if (conn
->printer
) {
1545 * Printers are handled completely differently.
1546 * Most of the passed parameters are ignored.
1550 *pinfo
= FILE_WAS_CREATED
;
1553 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1554 smb_fname_str_dbg(smb_fname
)));
1557 DEBUG(0,("open_file_ntcreate: printer open without "
1558 "an SMB request!\n"));
1559 return NT_STATUS_INTERNAL_ERROR
;
1562 return print_spool_open(fsp
, smb_fname
->base_name
,
1566 if (!parent_dirname(talloc_tos(), smb_fname
->base_name
, &parent_dir
,
1568 return NT_STATUS_NO_MEMORY
;
1571 if (new_dos_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
1573 unx_mode
= (mode_t
)(new_dos_attributes
& ~FILE_FLAG_POSIX_SEMANTICS
);
1574 new_dos_attributes
= 0;
1576 /* Windows allows a new file to be created and
1577 silently removes a FILE_ATTRIBUTE_DIRECTORY
1578 sent by the client. Do the same. */
1580 new_dos_attributes
&= ~FILE_ATTRIBUTE_DIRECTORY
;
1582 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
1584 unx_mode
= unix_mode(conn
, new_dos_attributes
| FILE_ATTRIBUTE_ARCHIVE
,
1585 smb_fname
, parent_dir
);
1588 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1589 "access_mask=0x%x share_access=0x%x "
1590 "create_disposition = 0x%x create_options=0x%x "
1591 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
1592 smb_fname_str_dbg(smb_fname
), new_dos_attributes
,
1593 access_mask
, share_access
, create_disposition
,
1594 create_options
, (unsigned int)unx_mode
, oplock_request
,
1595 (unsigned int)private_flags
));
1597 if ((req
== NULL
) && ((oplock_request
& INTERNAL_OPEN_ONLY
) == 0)) {
1598 DEBUG(0, ("No smb request but not an internal only open!\n"));
1599 return NT_STATUS_INTERNAL_ERROR
;
1603 * Only non-internal opens can be deferred at all
1608 if (get_deferred_open_message_state(req
,
1612 struct deferred_open_record
*state
= (struct deferred_open_record
*)ptr
;
1613 /* Remember the absolute time of the original
1614 request with this mid. We'll use it later to
1615 see if this has timed out. */
1617 /* Remove the deferred open entry under lock. */
1618 remove_deferred_open_entry(
1619 state
->id
, req
->mid
,
1620 sconn_server_id(req
->sconn
));
1622 /* Ensure we don't reprocess this message. */
1623 remove_deferred_open_message_smb(req
->mid
);
1628 new_dos_attributes
&= SAMBA_ATTRIBUTES_MASK
;
1630 existing_dos_attributes
= dos_mode(conn
, smb_fname
);
1634 /* ignore any oplock requests if oplocks are disabled */
1635 if (!lp_oplocks(SNUM(conn
)) ||
1636 IS_VETO_OPLOCK_PATH(conn
, smb_fname
->base_name
)) {
1637 /* Mask off everything except the private Samba bits. */
1638 oplock_request
&= SAMBA_PRIVATE_OPLOCK_MASK
;
1641 /* this is for OS/2 long file names - say we don't support them */
1642 if (!lp_posix_pathnames() && strstr(smb_fname
->base_name
,".+,;=[].")) {
1643 /* OS/2 Workplace shell fix may be main code stream in a later
1645 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1647 if (use_nt_status()) {
1648 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1650 return NT_STATUS_DOS(ERRDOS
, ERRcannotopen
);
1653 switch( create_disposition
) {
1655 * Currently we're using FILE_SUPERSEDE as the same as
1656 * FILE_OVERWRITE_IF but they really are
1657 * different. FILE_SUPERSEDE deletes an existing file
1658 * (requiring delete access) then recreates it.
1660 case FILE_SUPERSEDE
:
1661 /* If file exists replace/overwrite. If file doesn't
1663 flags2
|= (O_CREAT
| O_TRUNC
);
1667 case FILE_OVERWRITE_IF
:
1668 /* If file exists replace/overwrite. If file doesn't
1670 flags2
|= (O_CREAT
| O_TRUNC
);
1675 /* If file exists open. If file doesn't exist error. */
1676 if (!file_existed
) {
1677 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1678 "requested for file %s and file "
1680 smb_fname_str_dbg(smb_fname
)));
1682 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1686 case FILE_OVERWRITE
:
1687 /* If file exists overwrite. If file doesn't exist
1689 if (!file_existed
) {
1690 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1691 "requested for file %s and file "
1693 smb_fname_str_dbg(smb_fname
) ));
1695 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1702 /* If file exists error. If file doesn't exist
1705 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1706 "requested for file %s and file "
1707 "already exists.\n",
1708 smb_fname_str_dbg(smb_fname
)));
1709 if (S_ISDIR(smb_fname
->st
.st_ex_mode
)) {
1714 return map_nt_error_from_unix(errno
);
1716 flags2
|= (O_CREAT
|O_EXCL
);
1720 /* If file exists open. If file doesn't exist
1726 return NT_STATUS_INVALID_PARAMETER
;
1729 /* We only care about matching attributes on file exists and
1732 if (!posix_open
&& file_existed
&& ((create_disposition
== FILE_OVERWRITE
) ||
1733 (create_disposition
== FILE_OVERWRITE_IF
))) {
1734 if (!open_match_attributes(conn
, existing_dos_attributes
,
1736 smb_fname
->st
.st_ex_mode
,
1737 unx_mode
, &new_unx_mode
)) {
1738 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1739 "for file %s (%x %x) (0%o, 0%o)\n",
1740 smb_fname_str_dbg(smb_fname
),
1741 existing_dos_attributes
,
1743 (unsigned int)smb_fname
->st
.st_ex_mode
,
1744 (unsigned int)unx_mode
));
1746 return NT_STATUS_ACCESS_DENIED
;
1750 status
= smbd_calculate_access_mask(conn
, smb_fname
, file_existed
,
1753 if (!NT_STATUS_IS_OK(status
)) {
1754 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
1755 "on file %s returned %s\n",
1756 smb_fname_str_dbg(smb_fname
), nt_errstr(status
)));
1760 open_access_mask
= access_mask
;
1762 if ((flags2
& O_TRUNC
) || (oplock_request
& FORCE_OPLOCK_BREAK_TO_NONE
)) {
1763 open_access_mask
|= FILE_WRITE_DATA
; /* This will cause oplock breaks. */
1766 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1767 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname
),
1771 * Note that we ignore the append flag as append does not
1772 * mean the same thing under DOS and Unix.
1775 if ((access_mask
& (FILE_WRITE_DATA
| FILE_APPEND_DATA
)) ||
1776 (oplock_request
& FORCE_OPLOCK_BREAK_TO_NONE
)) {
1777 /* DENY_DOS opens are always underlying read-write on the
1778 file handle, no matter what the requested access mask
1780 if ((private_flags
& NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
) ||
1781 access_mask
& (FILE_READ_ATTRIBUTES
|FILE_READ_DATA
|FILE_READ_EA
|FILE_EXECUTE
)) {
1791 * Currently we only look at FILE_WRITE_THROUGH for create options.
1795 if ((create_options
& FILE_WRITE_THROUGH
) && lp_strict_sync(SNUM(conn
))) {
1800 if (posix_open
&& (access_mask
& FILE_APPEND_DATA
)) {
1804 if (!posix_open
&& !CAN_WRITE(conn
)) {
1806 * We should really return a permission denied error if either
1807 * O_CREAT or O_TRUNC are set, but for compatibility with
1808 * older versions of Samba we just AND them out.
1810 flags2
&= ~(O_CREAT
|O_TRUNC
);
1814 * Ensure we can't write on a read-only share or file.
1817 if (flags
!= O_RDONLY
&& file_existed
&&
1818 (!CAN_WRITE(conn
) || IS_DOS_READONLY(existing_dos_attributes
))) {
1819 DEBUG(5,("open_file_ntcreate: write access requested for "
1820 "file %s on read only %s\n",
1821 smb_fname_str_dbg(smb_fname
),
1822 !CAN_WRITE(conn
) ? "share" : "file" ));
1824 return NT_STATUS_ACCESS_DENIED
;
1827 fsp
->file_id
= vfs_file_id_from_sbuf(conn
, &smb_fname
->st
);
1828 fsp
->share_access
= share_access
;
1829 fsp
->fh
->private_options
= private_flags
;
1830 fsp
->access_mask
= open_access_mask
; /* We change this to the
1831 * requested access_mask after
1832 * the open is done. */
1833 fsp
->posix_open
= posix_open
;
1835 /* Ensure no SAMBA_PRIVATE bits can be set. */
1836 fsp
->oplock_type
= (oplock_request
& ~SAMBA_PRIVATE_OPLOCK_MASK
);
1838 if (timeval_is_zero(&request_time
)) {
1839 request_time
= fsp
->open_time
;
1843 struct byte_range_lock
*br_lck
= NULL
;
1844 struct share_mode_entry
*batch_entry
= NULL
;
1845 struct share_mode_entry
*exclusive_entry
= NULL
;
1846 bool got_level2_oplock
= false;
1847 bool got_a_none_oplock
= false;
1849 struct timespec old_write_time
= smb_fname
->st
.st_ex_mtime
;
1850 id
= vfs_file_id_from_sbuf(conn
, &smb_fname
->st
);
1852 if (!acquire_ordered_locks(talloc_tos(),
1860 return NT_STATUS_SHARING_VIOLATION
;
1863 /* Get the types we need to examine. */
1864 find_oplock_types(fsp
,
1870 &got_a_none_oplock
);
1872 /* First pass - send break only on batch oplocks. */
1873 if ((req
!= NULL
) &&
1874 delay_for_batch_oplocks(fsp
,
1878 schedule_defer_open(lck
, request_time
, req
);
1880 return NT_STATUS_SHARING_VIOLATION
;
1883 /* Use the client requested access mask here, not the one we
1885 status
= open_mode_check(conn
, lck
, fsp
->name_hash
,
1886 access_mask
, share_access
,
1887 create_options
, &file_existed
);
1889 if (NT_STATUS_IS_OK(status
)) {
1890 /* We might be going to allow this open. Check oplock
1892 /* Second pass - send break for both batch or
1893 * exclusive oplocks. */
1894 if ((req
!= NULL
) &&
1895 delay_for_exclusive_oplocks(
1900 schedule_defer_open(lck
, request_time
, req
);
1902 return NT_STATUS_SHARING_VIOLATION
;
1906 if (NT_STATUS_EQUAL(status
, NT_STATUS_DELETE_PENDING
)) {
1907 /* DELETE_PENDING is not deferred for a second */
1912 grant_fsp_oplock_type(fsp
,
1918 if (!NT_STATUS_IS_OK(status
)) {
1919 uint32 can_access_mask
;
1920 bool can_access
= True
;
1922 SMB_ASSERT(NT_STATUS_EQUAL(status
, NT_STATUS_SHARING_VIOLATION
));
1924 /* Check if this can be done with the deny_dos and fcb
1927 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
|
1928 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB
)) {
1930 DEBUG(0, ("DOS open without an SMB "
1933 return NT_STATUS_INTERNAL_ERROR
;
1936 /* Use the client requested access mask here,
1937 * not the one we open with. */
1938 status
= fcb_or_dos_open(req
,
1949 if (NT_STATUS_IS_OK(status
)) {
1952 *pinfo
= FILE_WAS_OPENED
;
1954 return NT_STATUS_OK
;
1959 * This next line is a subtlety we need for
1960 * MS-Access. If a file open will fail due to share
1961 * permissions and also for security (access) reasons,
1962 * we need to return the access failed error, not the
1963 * share error. We can't open the file due to kernel
1964 * oplock deadlock (it's possible we failed above on
1965 * the open_mode_check()) so use a userspace check.
1968 if (flags
& O_RDWR
) {
1969 can_access_mask
= FILE_READ_DATA
|FILE_WRITE_DATA
;
1970 } else if (flags
& O_WRONLY
) {
1971 can_access_mask
= FILE_WRITE_DATA
;
1973 can_access_mask
= FILE_READ_DATA
;
1976 if (((can_access_mask
& FILE_WRITE_DATA
) &&
1977 !CAN_WRITE(conn
)) ||
1978 !can_access_file_data(conn
, smb_fname
,
1984 * If we're returning a share violation, ensure we
1985 * cope with the braindead 1 second delay.
1988 if (!(oplock_request
& INTERNAL_OPEN_ONLY
) &&
1989 lp_defer_sharing_violations()) {
1990 struct timeval timeout
;
1991 struct deferred_open_record state
;
1994 /* this is a hack to speed up torture tests
1996 timeout_usecs
= lp_parm_int(SNUM(conn
),
1997 "smbd","sharedelay",
1998 SHARING_VIOLATION_USEC_WAIT
);
2000 /* This is a relative time, added to the absolute
2001 request_time value to get the absolute timeout time.
2002 Note that if this is the second or greater time we enter
2003 this codepath for this particular request mid then
2004 request_time is left as the absolute time of the *first*
2005 time this request mid was processed. This is what allows
2006 the request to eventually time out. */
2008 timeout
= timeval_set(0, timeout_usecs
);
2010 /* Nothing actually uses state.delayed_for_oplocks
2011 but it's handy to differentiate in debug messages
2012 between a 30 second delay due to oplock break, and
2013 a 1 second delay for share mode conflicts. */
2015 state
.delayed_for_oplocks
= False
;
2019 && !request_timed_out(request_time
,
2021 defer_open(lck
, request_time
, timeout
,
2029 * We have detected a sharing violation here
2030 * so return the correct error code
2032 status
= NT_STATUS_SHARING_VIOLATION
;
2034 status
= NT_STATUS_ACCESS_DENIED
;
2040 * We exit this block with the share entry *locked*.....
2044 SMB_ASSERT(!file_existed
|| (lck
!= NULL
));
2047 * Ensure we pay attention to default ACLs on directories if required.
2050 if ((flags2
& O_CREAT
) && lp_inherit_acls(SNUM(conn
)) &&
2051 (def_acl
= directory_has_default_acl(conn
, parent_dir
))) {
2052 unx_mode
= (0777 & lp_create_mask(SNUM(conn
)));
2055 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2056 "access_mask = 0x%x, open_access_mask = 0x%x\n",
2057 (unsigned int)flags
, (unsigned int)flags2
,
2058 (unsigned int)unx_mode
, (unsigned int)access_mask
,
2059 (unsigned int)open_access_mask
));
2062 * open_file strips any O_TRUNC flags itself.
2065 fsp_open
= open_file(fsp
, conn
, req
, parent_dir
,
2066 flags
|flags2
, unx_mode
, access_mask
,
2069 if (!NT_STATUS_IS_OK(fsp_open
)) {
2076 if (!file_existed
) {
2077 struct byte_range_lock
*br_lck
= NULL
;
2078 struct share_mode_entry
*batch_entry
= NULL
;
2079 struct share_mode_entry
*exclusive_entry
= NULL
;
2080 bool got_level2_oplock
= false;
2081 bool got_a_none_oplock
= false;
2082 struct timespec old_write_time
= smb_fname
->st
.st_ex_mtime
;
2084 * Deal with the race condition where two smbd's detect the
2085 * file doesn't exist and do the create at the same time. One
2086 * of them will win and set a share mode, the other (ie. this
2087 * one) should check if the requested share mode for this
2088 * create is allowed.
2092 * Now the file exists and fsp is successfully opened,
2093 * fsp->dev and fsp->inode are valid and should replace the
2094 * dev=0,inode=0 from a non existent file. Spotted by
2095 * Nadav Danieli <nadavd@exanet.com>. JRA.
2100 if (!acquire_ordered_locks(talloc_tos(),
2108 return NT_STATUS_SHARING_VIOLATION
;
2111 /* Get the types we need to examine. */
2112 find_oplock_types(fsp
,
2118 &got_a_none_oplock
);
2120 /* First pass - send break only on batch oplocks. */
2121 if ((req
!= NULL
) &&
2122 delay_for_batch_oplocks(fsp
,
2126 schedule_defer_open(lck
, request_time
, req
);
2129 return NT_STATUS_SHARING_VIOLATION
;
2132 status
= open_mode_check(conn
, lck
, fsp
->name_hash
,
2133 access_mask
, share_access
,
2134 create_options
, &file_existed
);
2136 if (NT_STATUS_IS_OK(status
)) {
2137 /* We might be going to allow this open. Check oplock
2139 /* Second pass - send break for both batch or
2140 * exclusive oplocks. */
2141 if ((req
!= NULL
) &&
2142 delay_for_exclusive_oplocks(
2147 schedule_defer_open(lck
, request_time
, req
);
2150 return NT_STATUS_SHARING_VIOLATION
;
2154 if (!NT_STATUS_IS_OK(status
)) {
2155 struct deferred_open_record state
;
2159 state
.delayed_for_oplocks
= False
;
2162 /* Do it all over again immediately. In the second
2163 * round we will find that the file existed and handle
2164 * the DELETE_PENDING and FCB cases correctly. No need
2165 * to duplicate the code here. Essentially this is a
2166 * "goto top of this function", but don't tell
2170 defer_open(lck
, request_time
, timeval_zero(),
2177 grant_fsp_oplock_type(fsp
,
2184 * We exit this block with the share entry *locked*.....
2189 SMB_ASSERT(lck
!= NULL
);
2191 /* Delete streams if create_disposition requires it */
2192 if (file_existed
&& clear_ads
&&
2193 !is_ntfs_stream_smb_fname(smb_fname
)) {
2194 status
= delete_all_streams(conn
, smb_fname
->base_name
);
2195 if (!NT_STATUS_IS_OK(status
)) {
2202 /* note that we ignore failure for the following. It is
2203 basically a hack for NFS, and NFS will never set one of
2204 these only read them. Nobody but Samba can ever set a deny
2205 mode and we have already checked our more authoritative
2206 locking database for permission to set this deny mode. If
2207 the kernel refuses the operations then the kernel is wrong.
2208 note that GPFS supports it as well - jmcd */
2210 if (fsp
->fh
->fd
!= -1) {
2212 ret_flock
= SMB_VFS_KERNEL_FLOCK(fsp
, share_access
, access_mask
);
2213 if(ret_flock
== -1 ){
2218 return NT_STATUS_SHARING_VIOLATION
;
2223 * At this point onwards, we can guarentee that the share entry
2224 * is locked, whether we created the file or not, and that the
2225 * deny mode is compatible with all current opens.
2229 * If requested, truncate the file.
2232 if (file_existed
&& (flags2
&O_TRUNC
)) {
2234 * We are modifing the file after open - update the stat
2237 if ((SMB_VFS_FTRUNCATE(fsp
, 0) == -1) ||
2238 (SMB_VFS_FSTAT(fsp
, &smb_fname
->st
)==-1)) {
2239 status
= map_nt_error_from_unix(errno
);
2247 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2248 * but we don't have to store this - just ignore it on access check.
2250 if (conn
->sconn
->using_smb2
) {
2252 * SMB2 doesn't return it (according to Microsoft tests).
2253 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
2254 * File created with access = 0x7 (Read, Write, Delete)
2255 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
2257 fsp
->access_mask
= access_mask
;
2259 /* But SMB1 does. */
2260 fsp
->access_mask
= access_mask
| FILE_READ_ATTRIBUTES
;
2264 /* stat opens on existing files don't get oplocks. */
2265 if (is_stat_open(open_access_mask
)) {
2266 fsp
->oplock_type
= NO_OPLOCK
;
2269 if (!(flags2
& O_TRUNC
)) {
2270 info
= FILE_WAS_OPENED
;
2272 info
= FILE_WAS_OVERWRITTEN
;
2275 info
= FILE_WAS_CREATED
;
2283 * Setup the oplock info in both the shared memory and
2287 if (!set_file_oplock(fsp
, fsp
->oplock_type
)) {
2289 * Could not get the kernel oplock or there are byte-range
2290 * locks on the file.
2292 fsp
->oplock_type
= NO_OPLOCK
;
2295 if (info
== FILE_WAS_OVERWRITTEN
|| info
== FILE_WAS_CREATED
|| info
== FILE_WAS_SUPERSEDED
) {
2296 new_file_created
= True
;
2299 set_share_mode(lck
, fsp
, get_current_uid(conn
),
2303 /* Handle strange delete on close create semantics. */
2304 if (create_options
& FILE_DELETE_ON_CLOSE
) {
2306 status
= can_set_delete_on_close(fsp
, new_dos_attributes
);
2308 if (!NT_STATUS_IS_OK(status
)) {
2309 /* Remember to delete the mode we just added. */
2310 del_share_mode(lck
, fsp
);
2315 /* Note that here we set the *inital* delete on close flag,
2316 not the regular one. The magic gets handled in close. */
2317 fsp
->initial_delete_on_close
= True
;
2320 if (new_file_created
) {
2321 /* Files should be initially set as archive */
2322 if (lp_map_archive(SNUM(conn
)) ||
2323 lp_store_dos_attributes(SNUM(conn
))) {
2325 if (file_set_dosmode(conn
, smb_fname
,
2326 new_dos_attributes
| FILE_ATTRIBUTE_ARCHIVE
,
2327 parent_dir
, true) == 0) {
2328 unx_mode
= smb_fname
->st
.st_ex_mode
;
2334 /* Determine sparse flag. */
2336 /* POSIX opens are sparse by default. */
2337 fsp
->is_sparse
= true;
2339 fsp
->is_sparse
= (file_existed
&&
2340 (existing_dos_attributes
& FILE_ATTRIBUTE_SPARSE
));
2344 * Take care of inherited ACLs on created files - if default ACL not
2348 if (!posix_open
&& !file_existed
&& !def_acl
) {
2350 int saved_errno
= errno
; /* We might get ENOSYS in the next
2353 if (SMB_VFS_FCHMOD_ACL(fsp
, unx_mode
) == -1 &&
2355 errno
= saved_errno
; /* Ignore ENOSYS */
2358 } else if (new_unx_mode
) {
2362 /* Attributes need changing. File already existed. */
2365 int saved_errno
= errno
; /* We might get ENOSYS in the
2367 ret
= SMB_VFS_FCHMOD_ACL(fsp
, new_unx_mode
);
2369 if (ret
== -1 && errno
== ENOSYS
) {
2370 errno
= saved_errno
; /* Ignore ENOSYS */
2372 DEBUG(5, ("open_file_ntcreate: reset "
2373 "attributes of file %s to 0%o\n",
2374 smb_fname_str_dbg(smb_fname
),
2375 (unsigned int)new_unx_mode
));
2376 ret
= 0; /* Don't do the fchmod below. */
2381 (SMB_VFS_FCHMOD(fsp
, new_unx_mode
) == -1))
2382 DEBUG(5, ("open_file_ntcreate: failed to reset "
2383 "attributes of file %s to 0%o\n",
2384 smb_fname_str_dbg(smb_fname
),
2385 (unsigned int)new_unx_mode
));
2388 /* If this is a successful open, we must remove any deferred open
2391 del_deferred_open_entry(lck
, req
->mid
,
2392 sconn_server_id(req
->sconn
));
2396 return NT_STATUS_OK
;
2400 /****************************************************************************
2401 Open a file for for write to ensure that we can fchmod it.
2402 ****************************************************************************/
2404 NTSTATUS
open_file_fchmod(connection_struct
*conn
,
2405 struct smb_filename
*smb_fname
,
2406 files_struct
**result
)
2408 if (!VALID_STAT(smb_fname
->st
)) {
2409 return NT_STATUS_INVALID_PARAMETER
;
2412 return SMB_VFS_CREATE_FILE(
2415 0, /* root_dir_fid */
2416 smb_fname
, /* fname */
2417 FILE_WRITE_DATA
, /* access_mask */
2418 (FILE_SHARE_READ
| FILE_SHARE_WRITE
| /* share_access */
2420 FILE_OPEN
, /* create_disposition*/
2421 0, /* create_options */
2422 0, /* file_attributes */
2423 INTERNAL_OPEN_ONLY
, /* oplock_request */
2424 0, /* allocation_size */
2425 0, /* private_flags */
2428 result
, /* result */
2432 static NTSTATUS
mkdir_internal(connection_struct
*conn
,
2433 struct smb_filename
*smb_dname
,
2434 uint32 file_attributes
)
2439 bool posix_open
= false;
2440 bool need_re_stat
= false;
2442 if(!CAN_WRITE(conn
)) {
2443 DEBUG(5,("mkdir_internal: failing create on read-only share "
2444 "%s\n", lp_servicename(SNUM(conn
))));
2445 return NT_STATUS_ACCESS_DENIED
;
2448 status
= check_name(conn
, smb_dname
->base_name
);
2449 if (!NT_STATUS_IS_OK(status
)) {
2453 if (!parent_dirname(talloc_tos(), smb_dname
->base_name
, &parent_dir
,
2455 return NT_STATUS_NO_MEMORY
;
2458 if (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
2460 mode
= (mode_t
)(file_attributes
& ~FILE_FLAG_POSIX_SEMANTICS
);
2462 mode
= unix_mode(conn
, FILE_ATTRIBUTE_DIRECTORY
, smb_dname
, parent_dir
);
2465 if (SMB_VFS_MKDIR(conn
, smb_dname
->base_name
, mode
) != 0) {
2466 return map_nt_error_from_unix(errno
);
2469 /* Ensure we're checking for a symlink here.... */
2470 /* We don't want to get caught by a symlink racer. */
2472 if (SMB_VFS_LSTAT(conn
, smb_dname
) == -1) {
2473 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2474 smb_fname_str_dbg(smb_dname
), strerror(errno
)));
2475 return map_nt_error_from_unix(errno
);
2478 if (!S_ISDIR(smb_dname
->st
.st_ex_mode
)) {
2479 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2480 smb_fname_str_dbg(smb_dname
)));
2481 return NT_STATUS_ACCESS_DENIED
;
2484 if (lp_store_dos_attributes(SNUM(conn
))) {
2486 file_set_dosmode(conn
, smb_dname
,
2487 file_attributes
| FILE_ATTRIBUTE_DIRECTORY
,
2492 if (lp_inherit_perms(SNUM(conn
))) {
2493 inherit_access_posix_acl(conn
, parent_dir
,
2494 smb_dname
->base_name
, mode
);
2495 need_re_stat
= true;
2500 * Check if high bits should have been set,
2501 * then (if bits are missing): add them.
2502 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2505 if ((mode
& ~(S_IRWXU
|S_IRWXG
|S_IRWXO
)) &&
2506 (mode
& ~smb_dname
->st
.st_ex_mode
)) {
2507 SMB_VFS_CHMOD(conn
, smb_dname
->base_name
,
2508 (smb_dname
->st
.st_ex_mode
|
2509 (mode
& ~smb_dname
->st
.st_ex_mode
)));
2510 need_re_stat
= true;
2514 /* Change the owner if required. */
2515 if (lp_inherit_owner(SNUM(conn
))) {
2516 change_dir_owner_to_parent(conn
, parent_dir
,
2517 smb_dname
->base_name
,
2519 need_re_stat
= true;
2523 if (SMB_VFS_LSTAT(conn
, smb_dname
) == -1) {
2524 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2525 smb_fname_str_dbg(smb_dname
), strerror(errno
)));
2526 return map_nt_error_from_unix(errno
);
2530 notify_fname(conn
, NOTIFY_ACTION_ADDED
, FILE_NOTIFY_CHANGE_DIR_NAME
,
2531 smb_dname
->base_name
);
2533 return NT_STATUS_OK
;
2536 /****************************************************************************
2537 Ensure we didn't get symlink raced on opening a directory.
2538 ****************************************************************************/
2540 bool check_same_stat(const SMB_STRUCT_STAT
*sbuf1
,
2541 const SMB_STRUCT_STAT
*sbuf2
)
2543 if (sbuf1
->st_ex_uid
!= sbuf2
->st_ex_uid
||
2544 sbuf1
->st_ex_gid
!= sbuf2
->st_ex_gid
||
2545 sbuf1
->st_ex_dev
!= sbuf2
->st_ex_dev
||
2546 sbuf1
->st_ex_ino
!= sbuf2
->st_ex_ino
) {
2552 /****************************************************************************
2553 Open a directory from an NT SMB call.
2554 ****************************************************************************/
2556 static NTSTATUS
open_directory(connection_struct
*conn
,
2557 struct smb_request
*req
,
2558 struct smb_filename
*smb_dname
,
2560 uint32 share_access
,
2561 uint32 create_disposition
,
2562 uint32 create_options
,
2563 uint32 file_attributes
,
2565 files_struct
**result
)
2567 files_struct
*fsp
= NULL
;
2568 bool dir_existed
= VALID_STAT(smb_dname
->st
) ? True
: False
;
2569 struct share_mode_lock
*lck
= NULL
;
2571 struct timespec mtimespec
;
2574 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname
));
2576 /* Ensure we have a directory attribute. */
2577 file_attributes
|= FILE_ATTRIBUTE_DIRECTORY
;
2579 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2580 "share_access = 0x%x create_options = 0x%x, "
2581 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2582 smb_fname_str_dbg(smb_dname
),
2583 (unsigned int)access_mask
,
2584 (unsigned int)share_access
,
2585 (unsigned int)create_options
,
2586 (unsigned int)create_disposition
,
2587 (unsigned int)file_attributes
));
2589 if (!(file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) &&
2590 (conn
->fs_capabilities
& FILE_NAMED_STREAMS
) &&
2591 is_ntfs_stream_smb_fname(smb_dname
)) {
2592 DEBUG(2, ("open_directory: %s is a stream name!\n",
2593 smb_fname_str_dbg(smb_dname
)));
2594 return NT_STATUS_NOT_A_DIRECTORY
;
2597 status
= smbd_calculate_access_mask(conn
, smb_dname
, dir_existed
,
2598 access_mask
, &access_mask
);
2599 if (!NT_STATUS_IS_OK(status
)) {
2600 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
2601 "on file %s returned %s\n",
2602 smb_fname_str_dbg(smb_dname
),
2603 nt_errstr(status
)));
2607 if ((access_mask
& SEC_FLAG_SYSTEM_SECURITY
) &&
2608 !security_token_has_privilege(get_current_nttok(conn
),
2609 SEC_PRIV_SECURITY
)) {
2610 DEBUG(10, ("open_directory: open on %s "
2611 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2612 smb_fname_str_dbg(smb_dname
)));
2613 return NT_STATUS_PRIVILEGE_NOT_HELD
;
2616 switch( create_disposition
) {
2620 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
2623 info
= FILE_WAS_OPENED
;
2628 /* If directory exists error. If directory doesn't
2631 status
= mkdir_internal(conn
, smb_dname
,
2634 if (!NT_STATUS_IS_OK(status
)) {
2635 DEBUG(2, ("open_directory: unable to create "
2636 "%s. Error was %s\n",
2637 smb_fname_str_dbg(smb_dname
),
2638 nt_errstr(status
)));
2642 info
= FILE_WAS_CREATED
;
2647 * If directory exists open. If directory doesn't
2651 status
= mkdir_internal(conn
, smb_dname
,
2654 if (NT_STATUS_IS_OK(status
)) {
2655 info
= FILE_WAS_CREATED
;
2658 if (NT_STATUS_EQUAL(status
,
2659 NT_STATUS_OBJECT_NAME_COLLISION
)) {
2660 info
= FILE_WAS_OPENED
;
2661 status
= NT_STATUS_OK
;
2665 case FILE_SUPERSEDE
:
2666 case FILE_OVERWRITE
:
2667 case FILE_OVERWRITE_IF
:
2669 DEBUG(5,("open_directory: invalid create_disposition "
2670 "0x%x for directory %s\n",
2671 (unsigned int)create_disposition
,
2672 smb_fname_str_dbg(smb_dname
)));
2673 return NT_STATUS_INVALID_PARAMETER
;
2676 if(!S_ISDIR(smb_dname
->st
.st_ex_mode
)) {
2677 DEBUG(5,("open_directory: %s is not a directory !\n",
2678 smb_fname_str_dbg(smb_dname
)));
2679 return NT_STATUS_NOT_A_DIRECTORY
;
2682 if (info
== FILE_WAS_OPENED
) {
2683 uint32_t access_granted
= 0;
2684 status
= smbd_check_open_rights(conn
, smb_dname
, access_mask
,
2687 /* Were we trying to do a directory open
2688 * for delete and didn't get DELETE
2689 * access (only) ? Check if the
2690 * directory allows DELETE_CHILD.
2692 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
2695 if ((NT_STATUS_EQUAL(status
, NT_STATUS_ACCESS_DENIED
) &&
2696 (access_mask
& DELETE_ACCESS
) &&
2697 (access_granted
== DELETE_ACCESS
) &&
2698 can_delete_file_in_directory(conn
, smb_dname
))) {
2699 DEBUG(10,("open_directory: overrode ACCESS_DENIED "
2700 "on directory %s\n",
2701 smb_fname_str_dbg(smb_dname
)));
2702 status
= NT_STATUS_OK
;
2705 if (!NT_STATUS_IS_OK(status
)) {
2706 DEBUG(10, ("open_directory: smbd_check_open_rights on "
2707 "file %s failed with %s\n",
2708 smb_fname_str_dbg(smb_dname
),
2709 nt_errstr(status
)));
2714 status
= file_new(req
, conn
, &fsp
);
2715 if(!NT_STATUS_IS_OK(status
)) {
2720 * Setup the files_struct for it.
2723 fsp
->mode
= smb_dname
->st
.st_ex_mode
;
2724 fsp
->file_id
= vfs_file_id_from_sbuf(conn
, &smb_dname
->st
);
2725 fsp
->vuid
= req
? req
->vuid
: UID_FIELD_INVALID
;
2726 fsp
->file_pid
= req
? req
->smbpid
: 0;
2727 fsp
->can_lock
= False
;
2728 fsp
->can_read
= False
;
2729 fsp
->can_write
= False
;
2731 fsp
->share_access
= share_access
;
2732 fsp
->fh
->private_options
= 0;
2734 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2736 fsp
->access_mask
= access_mask
| FILE_READ_ATTRIBUTES
;
2737 fsp
->print_file
= NULL
;
2738 fsp
->modified
= False
;
2739 fsp
->oplock_type
= NO_OPLOCK
;
2740 fsp
->sent_oplock_break
= NO_BREAK_SENT
;
2741 fsp
->is_directory
= True
;
2742 fsp
->posix_open
= (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) ? True
: False
;
2743 status
= fsp_set_smb_fname(fsp
, smb_dname
);
2744 if (!NT_STATUS_IS_OK(status
)) {
2745 file_free(req
, fsp
);
2749 mtimespec
= smb_dname
->st
.st_ex_mtime
;
2752 status
= fd_open(conn
, fsp
, O_RDONLY
|O_DIRECTORY
, 0);
2754 /* POSIX allows us to open a directory with O_RDONLY. */
2755 status
= fd_open(conn
, fsp
, O_RDONLY
, 0);
2757 if (!NT_STATUS_IS_OK(status
)) {
2758 DEBUG(5, ("open_directory: Could not open fd for "
2760 smb_fname_str_dbg(smb_dname
),
2761 nt_errstr(status
)));
2762 file_free(req
, fsp
);
2766 status
= vfs_stat_fsp(fsp
);
2767 if (!NT_STATUS_IS_OK(status
)) {
2769 file_free(req
, fsp
);
2773 /* Ensure there was no race condition. */
2774 if (!check_same_stat(&smb_dname
->st
, &fsp
->fsp_name
->st
)) {
2775 DEBUG(5,("open_directory: stat struct differs for "
2777 smb_fname_str_dbg(smb_dname
)));
2779 file_free(req
, fsp
);
2780 return NT_STATUS_ACCESS_DENIED
;
2783 lck
= get_share_mode_lock(talloc_tos(), fsp
->file_id
,
2784 conn
->connectpath
, smb_dname
, &mtimespec
);
2787 DEBUG(0, ("open_directory: Could not get share mode lock for "
2788 "%s\n", smb_fname_str_dbg(smb_dname
)));
2790 file_free(req
, fsp
);
2791 return NT_STATUS_SHARING_VIOLATION
;
2794 status
= open_mode_check(conn
, lck
, fsp
->name_hash
,
2795 access_mask
, share_access
,
2796 create_options
, &dir_existed
);
2798 if (!NT_STATUS_IS_OK(status
)) {
2801 file_free(req
, fsp
);
2805 set_share_mode(lck
, fsp
, get_current_uid(conn
),
2806 req
? req
->mid
: 0, NO_OPLOCK
);
2808 /* For directories the delete on close bit at open time seems
2809 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2810 if (create_options
& FILE_DELETE_ON_CLOSE
) {
2811 status
= can_set_delete_on_close(fsp
, 0);
2812 if (!NT_STATUS_IS_OK(status
) && !NT_STATUS_EQUAL(status
, NT_STATUS_DIRECTORY_NOT_EMPTY
)) {
2815 file_free(req
, fsp
);
2819 if (NT_STATUS_IS_OK(status
)) {
2820 /* Note that here we set the *inital* delete on close flag,
2821 not the regular one. The magic gets handled in close. */
2822 fsp
->initial_delete_on_close
= True
;
2833 return NT_STATUS_OK
;
2836 NTSTATUS
create_directory(connection_struct
*conn
, struct smb_request
*req
,
2837 struct smb_filename
*smb_dname
)
2842 status
= SMB_VFS_CREATE_FILE(
2845 0, /* root_dir_fid */
2846 smb_dname
, /* fname */
2847 FILE_READ_ATTRIBUTES
, /* access_mask */
2848 FILE_SHARE_NONE
, /* share_access */
2849 FILE_CREATE
, /* create_disposition*/
2850 FILE_DIRECTORY_FILE
, /* create_options */
2851 FILE_ATTRIBUTE_DIRECTORY
, /* file_attributes */
2852 0, /* oplock_request */
2853 0, /* allocation_size */
2854 0, /* private_flags */
2860 if (NT_STATUS_IS_OK(status
)) {
2861 close_file(req
, fsp
, NORMAL_CLOSE
);
2867 /****************************************************************************
2868 Receive notification that one of our open files has been renamed by another
2870 ****************************************************************************/
2872 void msg_file_was_renamed(struct messaging_context
*msg
,
2875 struct server_id server_id
,
2878 struct smbd_server_connection
*sconn
;
2880 char *frm
= (char *)data
->data
;
2882 const char *sharepath
;
2883 const char *base_name
;
2884 const char *stream_name
;
2885 struct smb_filename
*smb_fname
= NULL
;
2886 size_t sp_len
, bn_len
;
2889 sconn
= msg_ctx_to_sconn(msg
);
2890 if (sconn
== NULL
) {
2891 DEBUG(1, ("could not find sconn\n"));
2895 if (data
->data
== NULL
2896 || data
->length
< MSG_FILE_RENAMED_MIN_SIZE
+ 2) {
2897 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2898 (int)data
->length
));
2902 /* Unpack the message. */
2903 pull_file_id_24(frm
, &id
);
2904 sharepath
= &frm
[24];
2905 sp_len
= strlen(sharepath
);
2906 base_name
= sharepath
+ sp_len
+ 1;
2907 bn_len
= strlen(base_name
);
2908 stream_name
= sharepath
+ sp_len
+ 1 + bn_len
+ 1;
2910 /* stream_name must always be NULL if there is no stream. */
2911 if (stream_name
[0] == '\0') {
2915 status
= create_synthetic_smb_fname(talloc_tos(), base_name
,
2916 stream_name
, NULL
, &smb_fname
);
2917 if (!NT_STATUS_IS_OK(status
)) {
2921 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2923 sharepath
, smb_fname_str_dbg(smb_fname
),
2924 file_id_string_tos(&id
)));
2926 for(fsp
= file_find_di_first(sconn
, id
); fsp
;
2927 fsp
= file_find_di_next(fsp
)) {
2928 if (memcmp(fsp
->conn
->connectpath
, sharepath
, sp_len
) == 0) {
2930 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2931 fsp
->fnum
, fsp_str_dbg(fsp
),
2932 smb_fname_str_dbg(smb_fname
)));
2933 status
= fsp_set_smb_fname(fsp
, smb_fname
);
2934 if (!NT_STATUS_IS_OK(status
)) {
2939 /* Now we have the complete path we can work out if this is
2940 actually within this share and adjust newname accordingly. */
2941 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2942 "not sharepath %s) "
2943 "fnum %d from %s -> %s\n",
2944 fsp
->conn
->connectpath
,
2948 smb_fname_str_dbg(smb_fname
)));
2952 TALLOC_FREE(smb_fname
);
2957 * If a main file is opened for delete, all streams need to be checked for
2958 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2959 * If that works, delete them all by setting the delete on close and close.
2962 NTSTATUS
open_streams_for_delete(connection_struct
*conn
,
2965 struct stream_struct
*stream_info
= NULL
;
2966 files_struct
**streams
= NULL
;
2968 unsigned int num_streams
= 0;
2969 TALLOC_CTX
*frame
= talloc_stackframe();
2972 status
= vfs_streaminfo(conn
, NULL
, fname
, talloc_tos(),
2973 &num_streams
, &stream_info
);
2975 if (NT_STATUS_EQUAL(status
, NT_STATUS_NOT_IMPLEMENTED
)
2976 || NT_STATUS_EQUAL(status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
)) {
2977 DEBUG(10, ("no streams around\n"));
2979 return NT_STATUS_OK
;
2982 if (!NT_STATUS_IS_OK(status
)) {
2983 DEBUG(10, ("vfs_streaminfo failed: %s\n",
2984 nt_errstr(status
)));
2988 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2991 if (num_streams
== 0) {
2993 return NT_STATUS_OK
;
2996 streams
= TALLOC_ARRAY(talloc_tos(), files_struct
*, num_streams
);
2997 if (streams
== NULL
) {
2998 DEBUG(0, ("talloc failed\n"));
2999 status
= NT_STATUS_NO_MEMORY
;
3003 for (i
=0; i
<num_streams
; i
++) {
3004 struct smb_filename
*smb_fname
= NULL
;
3006 if (strequal(stream_info
[i
].name
, "::$DATA")) {
3011 status
= create_synthetic_smb_fname(talloc_tos(), fname
,
3012 stream_info
[i
].name
,
3014 if (!NT_STATUS_IS_OK(status
)) {
3018 if (SMB_VFS_STAT(conn
, smb_fname
) == -1) {
3019 DEBUG(10, ("Unable to stat stream: %s\n",
3020 smb_fname_str_dbg(smb_fname
)));
3023 status
= SMB_VFS_CREATE_FILE(
3026 0, /* root_dir_fid */
3027 smb_fname
, /* fname */
3028 DELETE_ACCESS
, /* access_mask */
3029 (FILE_SHARE_READ
| /* share_access */
3030 FILE_SHARE_WRITE
| FILE_SHARE_DELETE
),
3031 FILE_OPEN
, /* create_disposition*/
3032 0, /* create_options */
3033 FILE_ATTRIBUTE_NORMAL
, /* file_attributes */
3034 0, /* oplock_request */
3035 0, /* allocation_size */
3036 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE
, /* private_flags */
3039 &streams
[i
], /* result */
3042 if (!NT_STATUS_IS_OK(status
)) {
3043 DEBUG(10, ("Could not open stream %s: %s\n",
3044 smb_fname_str_dbg(smb_fname
),
3045 nt_errstr(status
)));
3047 TALLOC_FREE(smb_fname
);
3050 TALLOC_FREE(smb_fname
);
3054 * don't touch the variable "status" beyond this point :-)
3057 for (i
-= 1 ; i
>= 0; i
--) {
3058 if (streams
[i
] == NULL
) {
3062 DEBUG(10, ("Closing stream # %d, %s\n", i
,
3063 fsp_str_dbg(streams
[i
])));
3064 close_file(NULL
, streams
[i
], NORMAL_CLOSE
);
3073 * Wrapper around open_file_ntcreate and open_directory
3076 static NTSTATUS
create_file_unixpath(connection_struct
*conn
,
3077 struct smb_request
*req
,
3078 struct smb_filename
*smb_fname
,
3079 uint32_t access_mask
,
3080 uint32_t share_access
,
3081 uint32_t create_disposition
,
3082 uint32_t create_options
,
3083 uint32_t file_attributes
,
3084 uint32_t oplock_request
,
3085 uint64_t allocation_size
,
3086 uint32_t private_flags
,
3087 struct security_descriptor
*sd
,
3088 struct ea_list
*ea_list
,
3090 files_struct
**result
,
3093 int info
= FILE_WAS_OPENED
;
3094 files_struct
*base_fsp
= NULL
;
3095 files_struct
*fsp
= NULL
;
3098 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
3099 "file_attributes = 0x%x, share_access = 0x%x, "
3100 "create_disposition = 0x%x create_options = 0x%x "
3101 "oplock_request = 0x%x private_flags = 0x%x "
3102 "ea_list = 0x%p, sd = 0x%p, "
3104 (unsigned int)access_mask
,
3105 (unsigned int)file_attributes
,
3106 (unsigned int)share_access
,
3107 (unsigned int)create_disposition
,
3108 (unsigned int)create_options
,
3109 (unsigned int)oplock_request
,
3110 (unsigned int)private_flags
,
3111 ea_list
, sd
, smb_fname_str_dbg(smb_fname
)));
3113 if (create_options
& FILE_OPEN_BY_FILE_ID
) {
3114 status
= NT_STATUS_NOT_SUPPORTED
;
3118 if (create_options
& NTCREATEX_OPTIONS_INVALID_PARAM_MASK
) {
3119 status
= NT_STATUS_INVALID_PARAMETER
;
3124 oplock_request
|= INTERNAL_OPEN_ONLY
;
3127 if ((conn
->fs_capabilities
& FILE_NAMED_STREAMS
)
3128 && (access_mask
& DELETE_ACCESS
)
3129 && !is_ntfs_stream_smb_fname(smb_fname
)) {
3131 * We can't open a file with DELETE access if any of the
3132 * streams is open without FILE_SHARE_DELETE
3134 status
= open_streams_for_delete(conn
, smb_fname
->base_name
);
3136 if (!NT_STATUS_IS_OK(status
)) {
3141 /* This is the correct thing to do (check every time) but can_delete
3142 * is expensive (it may have to read the parent directory
3143 * permissions). So for now we're not doing it unless we have a strong
3144 * hint the client is really going to delete this file. If the client
3145 * is forcing FILE_CREATE let the filesystem take care of the
3148 /* Setting FILE_SHARE_DELETE is the hint. */
3150 if ((create_disposition
!= FILE_CREATE
)
3151 && (access_mask
& DELETE_ACCESS
)
3152 && (!(can_delete_file_in_directory(conn
, smb_fname
) ||
3153 can_access_file_acl(conn
, smb_fname
, DELETE_ACCESS
)))) {
3154 status
= NT_STATUS_ACCESS_DENIED
;
3155 DEBUG(10,("create_file_unixpath: open file %s "
3156 "for delete ACCESS_DENIED\n",
3157 smb_fname_str_dbg(smb_fname
)));
3161 if ((access_mask
& SEC_FLAG_SYSTEM_SECURITY
) &&
3162 !security_token_has_privilege(get_current_nttok(conn
),
3163 SEC_PRIV_SECURITY
)) {
3164 DEBUG(10, ("create_file_unixpath: open on %s "
3165 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3166 smb_fname_str_dbg(smb_fname
)));
3167 status
= NT_STATUS_PRIVILEGE_NOT_HELD
;
3171 if ((conn
->fs_capabilities
& FILE_NAMED_STREAMS
)
3172 && is_ntfs_stream_smb_fname(smb_fname
)
3173 && (!(private_flags
& NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE
))) {
3174 uint32 base_create_disposition
;
3175 struct smb_filename
*smb_fname_base
= NULL
;
3177 if (create_options
& FILE_DIRECTORY_FILE
) {
3178 status
= NT_STATUS_NOT_A_DIRECTORY
;
3182 switch (create_disposition
) {
3184 base_create_disposition
= FILE_OPEN
;
3187 base_create_disposition
= FILE_OPEN_IF
;
3191 /* Create an smb_filename with stream_name == NULL. */
3192 status
= create_synthetic_smb_fname(talloc_tos(),
3193 smb_fname
->base_name
,
3196 if (!NT_STATUS_IS_OK(status
)) {
3200 if (SMB_VFS_STAT(conn
, smb_fname_base
) == -1) {
3201 DEBUG(10, ("Unable to stat stream: %s\n",
3202 smb_fname_str_dbg(smb_fname_base
)));
3205 /* Open the base file. */
3206 status
= create_file_unixpath(conn
, NULL
, smb_fname_base
, 0,
3209 | FILE_SHARE_DELETE
,
3210 base_create_disposition
,
3211 0, 0, 0, 0, 0, NULL
, NULL
,
3213 TALLOC_FREE(smb_fname_base
);
3215 if (!NT_STATUS_IS_OK(status
)) {
3216 DEBUG(10, ("create_file_unixpath for base %s failed: "
3217 "%s\n", smb_fname
->base_name
,
3218 nt_errstr(status
)));
3221 /* we don't need to low level fd */
3226 * If it's a request for a directory open, deal with it separately.
3229 if (create_options
& FILE_DIRECTORY_FILE
) {
3231 if (create_options
& FILE_NON_DIRECTORY_FILE
) {
3232 status
= NT_STATUS_INVALID_PARAMETER
;
3236 /* Can't open a temp directory. IFS kit test. */
3237 if (!(file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) &&
3238 (file_attributes
& FILE_ATTRIBUTE_TEMPORARY
)) {
3239 status
= NT_STATUS_INVALID_PARAMETER
;
3244 * We will get a create directory here if the Win32
3245 * app specified a security descriptor in the
3246 * CreateDirectory() call.
3250 status
= open_directory(
3251 conn
, req
, smb_fname
, access_mask
, share_access
,
3252 create_disposition
, create_options
, file_attributes
,
3257 * Ordinary file case.
3260 status
= file_new(req
, conn
, &fsp
);
3261 if(!NT_STATUS_IS_OK(status
)) {
3265 status
= fsp_set_smb_fname(fsp
, smb_fname
);
3266 if (!NT_STATUS_IS_OK(status
)) {
3271 * We're opening the stream element of a base_fsp
3272 * we already opened. Set up the base_fsp pointer.
3275 fsp
->base_fsp
= base_fsp
;
3278 status
= open_file_ntcreate(conn
,
3290 if(!NT_STATUS_IS_OK(status
)) {
3291 file_free(req
, fsp
);
3295 if (NT_STATUS_EQUAL(status
, NT_STATUS_FILE_IS_A_DIRECTORY
)) {
3297 /* A stream open never opens a directory */
3300 status
= NT_STATUS_FILE_IS_A_DIRECTORY
;
3305 * Fail the open if it was explicitly a non-directory
3309 if (create_options
& FILE_NON_DIRECTORY_FILE
) {
3310 status
= NT_STATUS_FILE_IS_A_DIRECTORY
;
3315 status
= open_directory(
3316 conn
, req
, smb_fname
, access_mask
,
3317 share_access
, create_disposition
,
3318 create_options
, file_attributes
,
3323 if (!NT_STATUS_IS_OK(status
)) {
3327 fsp
->base_fsp
= base_fsp
;
3330 * According to the MS documentation, the only time the security
3331 * descriptor is applied to the opened file is iff we *created* the
3332 * file; an existing file stays the same.
3334 * Also, it seems (from observation) that you can open the file with
3335 * any access mask but you can still write the sd. We need to override
3336 * the granted access before we call set_sd
3337 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3340 if ((sd
!= NULL
) && (info
== FILE_WAS_CREATED
)
3341 && lp_nt_acl_support(SNUM(conn
))) {
3343 uint32_t sec_info_sent
;
3344 uint32_t saved_access_mask
= fsp
->access_mask
;
3346 sec_info_sent
= get_sec_info(sd
);
3348 fsp
->access_mask
= FILE_GENERIC_ALL
;
3350 /* Convert all the generic bits. */
3351 security_acl_map_generic(sd
->dacl
, &file_generic_mapping
);
3352 security_acl_map_generic(sd
->sacl
, &file_generic_mapping
);
3354 if (sec_info_sent
& (SECINFO_OWNER
|
3358 status
= SMB_VFS_FSET_NT_ACL(fsp
, sec_info_sent
, sd
);
3361 fsp
->access_mask
= saved_access_mask
;
3363 if (!NT_STATUS_IS_OK(status
)) {
3368 if ((ea_list
!= NULL
) &&
3369 ((info
== FILE_WAS_CREATED
) || (info
== FILE_WAS_OVERWRITTEN
))) {
3370 status
= set_ea(conn
, fsp
, fsp
->fsp_name
, ea_list
);
3371 if (!NT_STATUS_IS_OK(status
)) {
3376 if (!fsp
->is_directory
&& S_ISDIR(fsp
->fsp_name
->st
.st_ex_mode
)) {
3377 status
= NT_STATUS_ACCESS_DENIED
;
3381 /* Save the requested allocation size. */
3382 if ((info
== FILE_WAS_CREATED
) || (info
== FILE_WAS_OVERWRITTEN
)) {
3384 && (allocation_size
> fsp
->fsp_name
->st
.st_ex_size
)) {
3385 fsp
->initial_allocation_size
= smb_roundup(
3386 fsp
->conn
, allocation_size
);
3387 if (fsp
->is_directory
) {
3388 /* Can't set allocation size on a directory. */
3389 status
= NT_STATUS_ACCESS_DENIED
;
3392 if (vfs_allocate_file_space(
3393 fsp
, fsp
->initial_allocation_size
) == -1) {
3394 status
= NT_STATUS_DISK_FULL
;
3398 fsp
->initial_allocation_size
= smb_roundup(
3399 fsp
->conn
, (uint64_t)fsp
->fsp_name
->st
.st_ex_size
);
3403 DEBUG(10, ("create_file_unixpath: info=%d\n", info
));
3406 if (pinfo
!= NULL
) {
3410 smb_fname
->st
= fsp
->fsp_name
->st
;
3412 return NT_STATUS_OK
;
3415 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status
)));
3418 if (base_fsp
&& fsp
->base_fsp
== base_fsp
) {
3420 * The close_file below will close
3425 close_file(req
, fsp
, ERROR_CLOSE
);
3428 if (base_fsp
!= NULL
) {
3429 close_file(req
, base_fsp
, ERROR_CLOSE
);
3436 * Calculate the full path name given a relative fid.
3438 NTSTATUS
get_relative_fid_filename(connection_struct
*conn
,
3439 struct smb_request
*req
,
3440 uint16_t root_dir_fid
,
3441 const struct smb_filename
*smb_fname
,
3442 struct smb_filename
**smb_fname_out
)
3444 files_struct
*dir_fsp
;
3445 char *parent_fname
= NULL
;
3446 char *new_base_name
= NULL
;
3449 if (root_dir_fid
== 0 || !smb_fname
) {
3450 status
= NT_STATUS_INTERNAL_ERROR
;
3454 dir_fsp
= file_fsp(req
, root_dir_fid
);
3456 if (dir_fsp
== NULL
) {
3457 status
= NT_STATUS_INVALID_HANDLE
;
3461 if (is_ntfs_stream_smb_fname(dir_fsp
->fsp_name
)) {
3462 status
= NT_STATUS_INVALID_HANDLE
;
3466 if (!dir_fsp
->is_directory
) {
3469 * Check to see if this is a mac fork of some kind.
3472 if ((conn
->fs_capabilities
& FILE_NAMED_STREAMS
) &&
3473 is_ntfs_stream_smb_fname(smb_fname
)) {
3474 status
= NT_STATUS_OBJECT_PATH_NOT_FOUND
;
3479 we need to handle the case when we get a
3480 relative open relative to a file and the
3481 pathname is blank - this is a reopen!
3482 (hint from demyn plantenberg)
3485 status
= NT_STATUS_INVALID_HANDLE
;
3489 if (ISDOT(dir_fsp
->fsp_name
->base_name
)) {
3491 * We're at the toplevel dir, the final file name
3492 * must not contain ./, as this is filtered out
3493 * normally by srvstr_get_path and unix_convert
3494 * explicitly rejects paths containing ./.
3496 parent_fname
= talloc_strdup(talloc_tos(), "");
3497 if (parent_fname
== NULL
) {
3498 status
= NT_STATUS_NO_MEMORY
;
3502 size_t dir_name_len
= strlen(dir_fsp
->fsp_name
->base_name
);
3505 * Copy in the base directory name.
3508 parent_fname
= TALLOC_ARRAY(talloc_tos(), char,
3510 if (parent_fname
== NULL
) {
3511 status
= NT_STATUS_NO_MEMORY
;
3514 memcpy(parent_fname
, dir_fsp
->fsp_name
->base_name
,
3518 * Ensure it ends in a '/'.
3519 * We used TALLOC_SIZE +2 to add space for the '/'.
3523 && (parent_fname
[dir_name_len
-1] != '\\')
3524 && (parent_fname
[dir_name_len
-1] != '/')) {
3525 parent_fname
[dir_name_len
] = '/';
3526 parent_fname
[dir_name_len
+1] = '\0';
3530 new_base_name
= talloc_asprintf(talloc_tos(), "%s%s", parent_fname
,
3531 smb_fname
->base_name
);
3532 if (new_base_name
== NULL
) {
3533 status
= NT_STATUS_NO_MEMORY
;
3537 status
= filename_convert(req
,
3539 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
3544 if (!NT_STATUS_IS_OK(status
)) {
3549 TALLOC_FREE(parent_fname
);
3550 TALLOC_FREE(new_base_name
);
3554 NTSTATUS
create_file_default(connection_struct
*conn
,
3555 struct smb_request
*req
,
3556 uint16_t root_dir_fid
,
3557 struct smb_filename
*smb_fname
,
3558 uint32_t access_mask
,
3559 uint32_t share_access
,
3560 uint32_t create_disposition
,
3561 uint32_t create_options
,
3562 uint32_t file_attributes
,
3563 uint32_t oplock_request
,
3564 uint64_t allocation_size
,
3565 uint32_t private_flags
,
3566 struct security_descriptor
*sd
,
3567 struct ea_list
*ea_list
,
3568 files_struct
**result
,
3571 int info
= FILE_WAS_OPENED
;
3572 files_struct
*fsp
= NULL
;
3574 bool stream_name
= false;
3576 DEBUG(10,("create_file: access_mask = 0x%x "
3577 "file_attributes = 0x%x, share_access = 0x%x, "
3578 "create_disposition = 0x%x create_options = 0x%x "
3579 "oplock_request = 0x%x "
3580 "private_flags = 0x%x "
3581 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3583 (unsigned int)access_mask
,
3584 (unsigned int)file_attributes
,
3585 (unsigned int)share_access
,
3586 (unsigned int)create_disposition
,
3587 (unsigned int)create_options
,
3588 (unsigned int)oplock_request
,
3589 (unsigned int)private_flags
,
3590 (unsigned int)root_dir_fid
,
3591 ea_list
, sd
, smb_fname_str_dbg(smb_fname
)));
3594 * Calculate the filename from the root_dir_if if necessary.
3597 if (root_dir_fid
!= 0) {
3598 struct smb_filename
*smb_fname_out
= NULL
;
3599 status
= get_relative_fid_filename(conn
, req
, root_dir_fid
,
3600 smb_fname
, &smb_fname_out
);
3601 if (!NT_STATUS_IS_OK(status
)) {
3604 smb_fname
= smb_fname_out
;
3608 * Check to see if this is a mac fork of some kind.
3611 stream_name
= is_ntfs_stream_smb_fname(smb_fname
);
3613 enum FAKE_FILE_TYPE fake_file_type
;
3615 fake_file_type
= is_fake_file(smb_fname
);
3617 if (fake_file_type
!= FAKE_FILE_TYPE_NONE
) {
3620 * Here we go! support for changing the disk quotas
3623 * We need to fake up to open this MAGIC QUOTA file
3624 * and return a valid FID.
3626 * w2k close this file directly after openening xp
3627 * also tries a QUERY_FILE_INFO on the file and then
3630 status
= open_fake_file(req
, conn
, req
->vuid
,
3631 fake_file_type
, smb_fname
,
3633 if (!NT_STATUS_IS_OK(status
)) {
3637 ZERO_STRUCT(smb_fname
->st
);
3641 if (!(conn
->fs_capabilities
& FILE_NAMED_STREAMS
)) {
3642 status
= NT_STATUS_OBJECT_NAME_NOT_FOUND
;
3647 if (stream_name
&& is_ntfs_default_stream_smb_fname(smb_fname
)) {
3649 smb_fname
->stream_name
= NULL
;
3650 /* We have to handle this error here. */
3651 if (create_options
& FILE_DIRECTORY_FILE
) {
3652 status
= NT_STATUS_NOT_A_DIRECTORY
;
3655 if (lp_posix_pathnames()) {
3656 ret
= SMB_VFS_LSTAT(conn
, smb_fname
);
3658 ret
= SMB_VFS_STAT(conn
, smb_fname
);
3661 if (ret
== 0 && VALID_STAT_OF_DIR(smb_fname
->st
)) {
3662 status
= NT_STATUS_FILE_IS_A_DIRECTORY
;
3667 status
= create_file_unixpath(
3668 conn
, req
, smb_fname
, access_mask
, share_access
,
3669 create_disposition
, create_options
, file_attributes
,
3670 oplock_request
, allocation_size
, private_flags
,
3674 if (!NT_STATUS_IS_OK(status
)) {
3679 DEBUG(10, ("create_file: info=%d\n", info
));
3682 if (pinfo
!= NULL
) {
3685 return NT_STATUS_OK
;
3688 DEBUG(10, ("create_file: %s\n", nt_errstr(status
)));
3691 close_file(req
, fsp
, ERROR_CLOSE
);