search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
First part of fix for bug #8663 - deleting a symlink fails if the symlink target...
[Samba.git] / source3 / smbd / open.c
blobab54f28c352f174b2a673bc4fe37b64c9e740c31
1 /*
2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "system/filesys.h"
24 #include "printing.h"
25 #include "smbd/smbd.h"
26 #include "smbd/globals.h"
27 #include "fake_file.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_security.h"
30 #include "auth.h"
31 #include "messages.h"
32
33 extern const struct generic_mapping file_generic_mapping;
34
35 struct deferred_open_record {
36 bool delayed_for_oplocks;
37 struct file_id id;
38 };
39
40 /****************************************************************************
41 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
42 ****************************************************************************/
43
44 NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
45 const struct security_descriptor *sd,
46 const struct security_token *token,
47 uint32_t access_desired,
48 uint32_t *access_granted)
49 {
50 *access_granted = 0;
51
52 if (get_current_uid(conn) == (uid_t)0) {
53 /* I'm sorry sir, I didn't know you were root... */
54 *access_granted = access_desired;
55 if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
56 *access_granted |= FILE_GENERIC_ALL;
57 }
58 return NT_STATUS_OK;
59 }
60
61 return se_access_check(sd,
62 token,
63 (access_desired & ~FILE_READ_ATTRIBUTES),
64 access_granted);
65 }
66
67 /****************************************************************************
68 Check if we have open rights.
69 ****************************************************************************/
70
71 NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
72 const struct smb_filename *smb_fname,
73 uint32_t access_mask,
74 uint32_t *access_granted)
75 {
76 /* Check if we have rights to open. */
77 NTSTATUS status;
78 struct security_descriptor *sd = NULL;
79 uint32_t rejected_share_access;
80
81 rejected_share_access = access_mask & ~(conn->share_access);
82
83 if (rejected_share_access) {
84 *access_granted = rejected_share_access;
85 return NT_STATUS_ACCESS_DENIED;
86 }
87
88 if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
89 *access_granted = access_mask;
90
91 DEBUG(10,("smbd_check_open_rights: not checking ACL "
92 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
93 smb_fname_str_dbg(smb_fname),
94 (unsigned int)*access_granted ));
95 return NT_STATUS_OK;
96 }
97
98 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
99 (SECINFO_OWNER |
100 SECINFO_GROUP |
101 SECINFO_DACL),&sd);
102
103 if (!NT_STATUS_IS_OK(status)) {
104 DEBUG(10, ("smbd_check_open_rights: Could not get acl "
105 "on %s: %s\n",
106 smb_fname_str_dbg(smb_fname),
107 nt_errstr(status)));
108 return status;
109 }
110
111 status = smb1_file_se_access_check(conn,
112 sd,
113 get_current_nttok(conn),
114 access_mask,
115 access_granted);
116
117 DEBUG(10,("smbd_check_open_rights: file %s requesting "
118 "0x%x returning 0x%x (%s)\n",
119 smb_fname_str_dbg(smb_fname),
120 (unsigned int)access_mask,
121 (unsigned int)*access_granted,
122 nt_errstr(status) ));
123
124 if (!NT_STATUS_IS_OK(status)) {
125 if (DEBUGLEVEL >= 10) {
126 DEBUG(10,("smbd_check_open_rights: acl for %s is:\n",
127 smb_fname_str_dbg(smb_fname) ));
128 NDR_PRINT_DEBUG(security_descriptor, sd);
129 }
130 }
131
132 TALLOC_FREE(sd);
133
134 return status;
135 }
136
137 /****************************************************************************
138 fd support routines - attempt to do a dos_open.
139 ****************************************************************************/
140
141 static NTSTATUS fd_open(struct connection_struct *conn,
142 files_struct *fsp,
143 int flags,
144 mode_t mode)
145 {
146 struct smb_filename *smb_fname = fsp->fsp_name;
147 NTSTATUS status = NT_STATUS_OK;
148
149 #ifdef O_NOFOLLOW
150 /*
151 * Never follow symlinks on a POSIX client. The
152 * client should be doing this.
153 */
154
155 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
156 flags |= O_NOFOLLOW;
157 }
158 #endif
159
160 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
161 if (fsp->fh->fd == -1) {
162 status = map_nt_error_from_unix(errno);
163 if (errno == EMFILE) {
164 static time_t last_warned = 0L;
165
166 if (time((time_t *) NULL) > last_warned) {
167 DEBUG(0,("Too many open files, unable "
168 "to open more! smbd's max "
169 "open files = %d\n",
170 lp_max_open_files()));
171 last_warned = time((time_t *) NULL);
172 }
173 }
174
175 }
176
177 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
178 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
179 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
180
181 return status;
182 }
183
184 /****************************************************************************
185 Close the file associated with a fsp.
186 ****************************************************************************/
187
188 NTSTATUS fd_close(files_struct *fsp)
189 {
190 int ret;
191
192 if (fsp->dptr) {
193 dptr_CloseDir(fsp);
194 }
195 if (fsp->fh->fd == -1) {
196 return NT_STATUS_OK; /* What we used to call a stat open. */
197 }
198 if (fsp->fh->ref_count > 1) {
199 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
200 }
201
202 ret = SMB_VFS_CLOSE(fsp);
203 fsp->fh->fd = -1;
204 if (ret == -1) {
205 return map_nt_error_from_unix(errno);
206 }
207 return NT_STATUS_OK;
208 }
209
210 /****************************************************************************
211 Change the ownership of a file to that of the parent directory.
212 Do this by fd if possible.
213 ****************************************************************************/
214
215 void change_file_owner_to_parent(connection_struct *conn,
216 const char *inherit_from_dir,
217 files_struct *fsp)
218 {
219 struct smb_filename *smb_fname_parent = NULL;
220 NTSTATUS status;
221 int ret;
222
223 status = create_synthetic_smb_fname(talloc_tos(), inherit_from_dir,
224 NULL, NULL, &smb_fname_parent);
225 if (!NT_STATUS_IS_OK(status)) {
226 return;
227 }
228
229 ret = SMB_VFS_STAT(conn, smb_fname_parent);
230 if (ret == -1) {
231 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
232 "directory %s. Error was %s\n",
233 smb_fname_str_dbg(smb_fname_parent),
234 strerror(errno)));
235 TALLOC_FREE(smb_fname_parent);
236 return;
237 }
238
239 if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
240 /* Already this uid - no need to change. */
241 DEBUG(10,("change_file_owner_to_parent: file %s "
242 "is already owned by uid %d\n",
243 fsp_str_dbg(fsp),
244 (int)fsp->fsp_name->st.st_ex_uid ));
245 TALLOC_FREE(smb_fname_parent);
246 return;
247 }
248
249 become_root();
250 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
251 unbecome_root();
252 if (ret == -1) {
253 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
254 "file %s to parent directory uid %u. Error "
255 "was %s\n", fsp_str_dbg(fsp),
256 (unsigned int)smb_fname_parent->st.st_ex_uid,
257 strerror(errno) ));
258 } else {
259 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
260 "parent directory uid %u.\n", fsp_str_dbg(fsp),
261 (unsigned int)smb_fname_parent->st.st_ex_uid));
262 /* Ensure the uid entry is updated. */
263 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
264 }
265
266 TALLOC_FREE(smb_fname_parent);
267 }
268
269 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
270 const char *inherit_from_dir,
271 const char *fname,
272 SMB_STRUCT_STAT *psbuf)
273 {
274 struct smb_filename *smb_fname_parent = NULL;
275 struct smb_filename *smb_fname_cwd = NULL;
276 char *saved_dir = NULL;
277 TALLOC_CTX *ctx = talloc_tos();
278 NTSTATUS status = NT_STATUS_OK;
279 int ret;
280
281 status = create_synthetic_smb_fname(ctx, inherit_from_dir, NULL, NULL,
282 &smb_fname_parent);
283 if (!NT_STATUS_IS_OK(status)) {
284 return status;
285 }
286
287 ret = SMB_VFS_STAT(conn, smb_fname_parent);
288 if (ret == -1) {
289 status = map_nt_error_from_unix(errno);
290 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
291 "directory %s. Error was %s\n",
292 smb_fname_str_dbg(smb_fname_parent),
293 strerror(errno)));
294 goto out;
295 }
296
297 /* We've already done an lstat into psbuf, and we know it's a
298 directory. If we can cd into the directory and the dev/ino
299 are the same then we can safely chown without races as
300 we're locking the directory in place by being in it. This
301 should work on any UNIX (thanks tridge :-). JRA.
302 */
303
304 saved_dir = vfs_GetWd(ctx,conn);
305 if (!saved_dir) {
306 status = map_nt_error_from_unix(errno);
307 DEBUG(0,("change_dir_owner_to_parent: failed to get "
308 "current working directory. Error was %s\n",
309 strerror(errno)));
310 goto out;
311 }
312
313 /* Chdir into the new path. */
314 if (vfs_ChDir(conn, fname) == -1) {
315 status = map_nt_error_from_unix(errno);
316 DEBUG(0,("change_dir_owner_to_parent: failed to change "
317 "current working directory to %s. Error "
318 "was %s\n", fname, strerror(errno) ));
319 goto chdir;
320 }
321
322 status = create_synthetic_smb_fname(ctx, ".", NULL, NULL,
323 &smb_fname_cwd);
324 if (!NT_STATUS_IS_OK(status)) {
325 return status;
326 }
327
328 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
329 if (ret == -1) {
330 status = map_nt_error_from_unix(errno);
331 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
332 "directory '.' (%s) Error was %s\n",
333 fname, strerror(errno)));
334 goto chdir;
335 }
336
337 /* Ensure we're pointing at the same place. */
338 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
339 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
340 DEBUG(0,("change_dir_owner_to_parent: "
341 "device/inode on directory %s changed. "
342 "Refusing to chown !\n", fname ));
343 status = NT_STATUS_ACCESS_DENIED;
344 goto chdir;
345 }
346
347 if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
348 /* Already this uid - no need to change. */
349 DEBUG(10,("change_dir_owner_to_parent: directory %s "
350 "is already owned by uid %d\n",
351 fname,
352 (int)smb_fname_cwd->st.st_ex_uid ));
353 status = NT_STATUS_OK;
354 goto chdir;
355 }
356
357 become_root();
358 ret = SMB_VFS_LCHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
359 (gid_t)-1);
360 unbecome_root();
361 if (ret == -1) {
362 status = map_nt_error_from_unix(errno);
363 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
364 "directory %s to parent directory uid %u. "
365 "Error was %s\n", fname,
366 (unsigned int)smb_fname_parent->st.st_ex_uid,
367 strerror(errno) ));
368 goto chdir;
369 }
370
371 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
372 "directory %s to parent directory uid %u.\n",
373 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
374
375 chdir:
376 vfs_ChDir(conn,saved_dir);
377 out:
378 TALLOC_FREE(smb_fname_parent);
379 TALLOC_FREE(smb_fname_cwd);
380 return status;
381 }
382
383 /****************************************************************************
384 Open a file.
385 ****************************************************************************/
386
387 static NTSTATUS open_file(files_struct *fsp,
388 connection_struct *conn,
389 struct smb_request *req,
390 const char *parent_dir,
391 int flags,
392 mode_t unx_mode,
393 uint32 access_mask, /* client requested access mask. */
394 uint32 open_access_mask) /* what we're actually using in the open. */
395 {
396 struct smb_filename *smb_fname = fsp->fsp_name;
397 NTSTATUS status = NT_STATUS_OK;
398 int accmode = (flags & O_ACCMODE);
399 int local_flags = flags;
400 bool file_existed = VALID_STAT(fsp->fsp_name->st);
401 bool file_created = false;
402
403 fsp->fh->fd = -1;
404 errno = EPERM;
405
406 /* Check permissions */
407
408 /*
409 * This code was changed after seeing a client open request
410 * containing the open mode of (DENY_WRITE/read-only) with
411 * the 'create if not exist' bit set. The previous code
412 * would fail to open the file read only on a read-only share
413 * as it was checking the flags parameter directly against O_RDONLY,
414 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
415 * JRA.
416 */
417
418 if (!CAN_WRITE(conn)) {
419 /* It's a read-only share - fail if we wanted to write. */
420 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
421 DEBUG(3,("Permission denied opening %s\n",
422 smb_fname_str_dbg(smb_fname)));
423 return NT_STATUS_ACCESS_DENIED;
424 } else if(flags & O_CREAT) {
425 /* We don't want to write - but we must make sure that
426 O_CREAT doesn't create the file if we have write
427 access into the directory.
428 */
429 flags &= ~(O_CREAT|O_EXCL);
430 local_flags &= ~(O_CREAT|O_EXCL);
431 }
432 }
433
434 /*
435 * This little piece of insanity is inspired by the
436 * fact that an NT client can open a file for O_RDONLY,
437 * but set the create disposition to FILE_EXISTS_TRUNCATE.
438 * If the client *can* write to the file, then it expects to
439 * truncate the file, even though it is opening for readonly.
440 * Quicken uses this stupid trick in backup file creation...
441 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
442 * for helping track this one down. It didn't bite us in 2.0.x
443 * as we always opened files read-write in that release. JRA.
444 */
445
446 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
447 DEBUG(10,("open_file: truncate requested on read-only open "
448 "for file %s\n", smb_fname_str_dbg(smb_fname)));
449 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
450 }
451
452 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
453 (!file_existed && (local_flags & O_CREAT)) ||
454 ((local_flags & O_TRUNC) == O_TRUNC) ) {
455 const char *wild;
456
457 /*
458 * We can't actually truncate here as the file may be locked.
459 * open_file_ntcreate will take care of the truncate later. JRA.
460 */
461
462 local_flags &= ~O_TRUNC;
463
464 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
465 /*
466 * We would block on opening a FIFO with no one else on the
467 * other end. Do what we used to do and add O_NONBLOCK to the
468 * open flags. JRA.
469 */
470
471 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
472 local_flags |= O_NONBLOCK;
473 }
474 #endif
475
476 /* Don't create files with Microsoft wildcard characters. */
477 if (fsp->base_fsp) {
478 /*
479 * wildcard characters are allowed in stream names
480 * only test the basefilename
481 */
482 wild = fsp->base_fsp->fsp_name->base_name;
483 } else {
484 wild = smb_fname->base_name;
485 }
486 if ((local_flags & O_CREAT) && !file_existed &&
487 ms_has_wild(wild)) {
488 return NT_STATUS_OBJECT_NAME_INVALID;
489 }
490
491 /* Actually do the open */
492 status = fd_open(conn, fsp, local_flags, unx_mode);
493 if (!NT_STATUS_IS_OK(status)) {
494 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
495 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
496 nt_errstr(status),local_flags,flags));
497 return status;
498 }
499
500 if ((local_flags & O_CREAT) && !file_existed) {
501 file_created = true;
502 }
503
504 } else {
505 fsp->fh->fd = -1; /* What we used to call a stat open. */
506 if (file_existed) {
507 uint32_t access_granted = 0;
508
509 status = smbd_check_open_rights(conn,
510 smb_fname,
511 access_mask,
512 &access_granted);
513 if (!NT_STATUS_IS_OK(status)) {
514 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
515 /*
516 * On NT_STATUS_ACCESS_DENIED, access_granted
517 * contains the denied bits.
518 */
519
520 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
521 (access_granted & FILE_WRITE_ATTRIBUTES) &&
522 (lp_map_readonly(SNUM(conn)) ||
523 lp_map_archive(SNUM(conn)) ||
524 lp_map_hidden(SNUM(conn)) ||
525 lp_map_system(SNUM(conn)))) {
526 access_granted &= ~FILE_WRITE_ATTRIBUTES;
527
528 DEBUG(10,("open_file: "
529 "overrode "
530 "FILE_WRITE_"
531 "ATTRIBUTES "
532 "on file %s\n",
533 smb_fname_str_dbg(
534 smb_fname)));
535 }
536
537 if ((access_mask & DELETE_ACCESS) &&
538 (access_granted & DELETE_ACCESS) &&
539 can_delete_file_in_directory(conn,
540 smb_fname)) {
541 /* Were we trying to do a stat open
542 * for delete and didn't get DELETE
543 * access (only) ? Check if the
544 * directory allows DELETE_CHILD.
545 * See here:
546 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
547 * for details. */
548
549 access_granted &= ~DELETE_ACCESS;
550
551 DEBUG(10,("open_file: "
552 "overrode "
553 "DELETE_ACCESS on "
554 "file %s\n",
555 smb_fname_str_dbg(
556 smb_fname)));
557 }
558
559 if (access_granted != 0) {
560 DEBUG(10,("open_file: Access "
561 "denied on file "
562 "%s\n",
563 smb_fname_str_dbg(
564 smb_fname)));
565 return status;
566 }
567 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
568 fsp->posix_open &&
569 S_ISLNK(smb_fname->st.st_ex_mode)) {
570 /* This is a POSIX stat open for delete
571 * or rename on a symlink that points
572 * nowhere. Allow. */
573 DEBUG(10,("open_file: allowing POSIX "
574 "open on bad symlink %s\n",
575 smb_fname_str_dbg(
576 smb_fname)));
577 } else {
578 DEBUG(10,("open_file: "
579 "smbd_check_open_rights on file "
580 "%s returned %s\n",
581 smb_fname_str_dbg(smb_fname),
582 nt_errstr(status) ));
583 return status;
584 }
585 }
586 }
587 }
588
589 if (!file_existed) {
590 int ret;
591
592 if (fsp->fh->fd == -1) {
593 ret = SMB_VFS_STAT(conn, smb_fname);
594 } else {
595 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
596 /* If we have an fd, this stat should succeed. */
597 if (ret == -1) {
598 DEBUG(0,("Error doing fstat on open file %s "
599 "(%s)\n",
600 smb_fname_str_dbg(smb_fname),
601 strerror(errno) ));
602 }
603 }
604
605 /* For a non-io open, this stat failing means file not found. JRA */
606 if (ret == -1) {
607 status = map_nt_error_from_unix(errno);
608 fd_close(fsp);
609 return status;
610 }
611
612 if (file_created) {
613 bool need_re_stat = false;
614 /* Do all inheritance work after we've
615 done a successful stat call and filled
616 in the stat struct in fsp->fsp_name. */
617
618 /* Inherit the ACL if required */
619 if (lp_inherit_perms(SNUM(conn))) {
620 inherit_access_posix_acl(conn, parent_dir,
621 smb_fname->base_name,
622 unx_mode);
623 need_re_stat = true;
624 }
625
626 /* Change the owner if required. */
627 if (lp_inherit_owner(SNUM(conn))) {
628 change_file_owner_to_parent(conn, parent_dir,
629 fsp);
630 need_re_stat = true;
631 }
632
633 if (need_re_stat) {
634 if (fsp->fh->fd == -1) {
635 ret = SMB_VFS_STAT(conn, smb_fname);
636 } else {
637 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
638 /* If we have an fd, this stat should succeed. */
639 if (ret == -1) {
640 DEBUG(0,("Error doing fstat on open file %s "
641 "(%s)\n",
642 smb_fname_str_dbg(smb_fname),
643 strerror(errno) ));
644 }
645 }
646 }
647
648 notify_fname(conn, NOTIFY_ACTION_ADDED,
649 FILE_NOTIFY_CHANGE_FILE_NAME,
650 smb_fname->base_name);
651 }
652 }
653
654 /*
655 * POSIX allows read-only opens of directories. We don't
656 * want to do this (we use a different code path for this)
657 * so catch a directory open and return an EISDIR. JRA.
658 */
659
660 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
661 fd_close(fsp);
662 errno = EISDIR;
663 return NT_STATUS_FILE_IS_A_DIRECTORY;
664 }
665
666 fsp->mode = smb_fname->st.st_ex_mode;
667 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
668 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
669 fsp->file_pid = req ? req->smbpid : 0;
670 fsp->can_lock = True;
671 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
672 if (!CAN_WRITE(conn)) {
673 fsp->can_write = False;
674 } else {
675 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
676 True : False;
677 }
678 fsp->print_file = NULL;
679 fsp->modified = False;
680 fsp->sent_oplock_break = NO_BREAK_SENT;
681 fsp->is_directory = False;
682 if (conn->aio_write_behind_list &&
683 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
684 conn->case_sensitive)) {
685 fsp->aio_write_behind = True;
686 }
687
688 fsp->wcp = NULL; /* Write cache pointer. */
689
690 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
691 conn->session_info->unix_name,
692 smb_fname_str_dbg(smb_fname),
693 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
694 conn->num_files_open));
695
696 errno = 0;
697 return NT_STATUS_OK;
698 }
699
700 /****************************************************************************
701 Check if we can open a file with a share mode.
702 Returns True if conflict, False if not.
703 ****************************************************************************/
704
705 static bool share_conflict(struct share_mode_entry *entry,
706 uint32 access_mask,
707 uint32 share_access)
708 {
709 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
710 "entry->share_access = 0x%x, "
711 "entry->private_options = 0x%x\n",
712 (unsigned int)entry->access_mask,
713 (unsigned int)entry->share_access,
714 (unsigned int)entry->private_options));
715
716 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
717 (unsigned int)access_mask, (unsigned int)share_access));
718
719 if ((entry->access_mask & (FILE_WRITE_DATA|
720 FILE_APPEND_DATA|
721 FILE_READ_DATA|
722 FILE_EXECUTE|
723 DELETE_ACCESS)) == 0) {
724 DEBUG(10,("share_conflict: No conflict due to "
725 "entry->access_mask = 0x%x\n",
726 (unsigned int)entry->access_mask ));
727 return False;
728 }
729
730 if ((access_mask & (FILE_WRITE_DATA|
731 FILE_APPEND_DATA|
732 FILE_READ_DATA|
733 FILE_EXECUTE|
734 DELETE_ACCESS)) == 0) {
735 DEBUG(10,("share_conflict: No conflict due to "
736 "access_mask = 0x%x\n",
737 (unsigned int)access_mask ));
738 return False;
739 }
740
741 #if 1 /* JRA TEST - Superdebug. */
742 #define CHECK_MASK(num, am, right, sa, share) \
743 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
744 (unsigned int)(num), (unsigned int)(am), \
745 (unsigned int)(right), (unsigned int)(am)&(right) )); \
746 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
747 (unsigned int)(num), (unsigned int)(sa), \
748 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
749 if (((am) & (right)) && !((sa) & (share))) { \
750 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
751 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
752 (unsigned int)(share) )); \
753 return True; \
754 }
755 #else
756 #define CHECK_MASK(num, am, right, sa, share) \
757 if (((am) & (right)) && !((sa) & (share))) { \
758 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
759 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
760 (unsigned int)(share) )); \
761 return True; \
762 }
763 #endif
764
765 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
766 share_access, FILE_SHARE_WRITE);
767 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
768 entry->share_access, FILE_SHARE_WRITE);
769
770 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
771 share_access, FILE_SHARE_READ);
772 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
773 entry->share_access, FILE_SHARE_READ);
774
775 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
776 share_access, FILE_SHARE_DELETE);
777 CHECK_MASK(6, access_mask, DELETE_ACCESS,
778 entry->share_access, FILE_SHARE_DELETE);
779
780 DEBUG(10,("share_conflict: No conflict.\n"));
781 return False;
782 }
783
784 #if defined(DEVELOPER)
785 static void validate_my_share_entries(struct smbd_server_connection *sconn,
786 int num,
787 struct share_mode_entry *share_entry)
788 {
789 files_struct *fsp;
790
791 if (!procid_is_me(&share_entry->pid)) {
792 return;
793 }
794
795 if (is_deferred_open_entry(share_entry) &&
796 !open_was_deferred(share_entry->op_mid)) {
797 char *str = talloc_asprintf(talloc_tos(),
798 "Got a deferred entry without a request: "
799 "PANIC: %s\n",
800 share_mode_str(talloc_tos(), num, share_entry));
801 smb_panic(str);
802 }
803
804 if (!is_valid_share_mode_entry(share_entry)) {
805 return;
806 }
807
808 fsp = file_find_dif(sconn, share_entry->id,
809 share_entry->share_file_id);
810 if (!fsp) {
811 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
812 share_mode_str(talloc_tos(), num, share_entry) ));
813 smb_panic("validate_my_share_entries: Cannot match a "
814 "share entry with an open file\n");
815 }
816
817 if (is_deferred_open_entry(share_entry) ||
818 is_unused_share_mode_entry(share_entry)) {
819 goto panic;
820 }
821
822 if ((share_entry->op_type == NO_OPLOCK) &&
823 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
824 /* Someone has already written to it, but I haven't yet
825 * noticed */
826 return;
827 }
828
829 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
830 goto panic;
831 }
832
833 return;
834
835 panic:
836 {
837 char *str;
838 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
839 share_mode_str(talloc_tos(), num, share_entry) ));
840 str = talloc_asprintf(talloc_tos(),
841 "validate_my_share_entries: "
842 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
843 fsp->fsp_name->base_name,
844 (unsigned int)fsp->oplock_type,
845 (unsigned int)share_entry->op_type );
846 smb_panic(str);
847 }
848 }
849 #endif
850
851 bool is_stat_open(uint32 access_mask)
852 {
853 return (access_mask &&
854 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
855 FILE_WRITE_ATTRIBUTES))==0) &&
856 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
857 FILE_WRITE_ATTRIBUTES)) != 0));
858 }
859
860 /****************************************************************************
861 Deal with share modes
862 Invarient: Share mode must be locked on entry and exit.
863 Returns -1 on error, or number of share modes on success (may be zero).
864 ****************************************************************************/
865
866 static NTSTATUS open_mode_check(connection_struct *conn,
867 struct share_mode_lock *lck,
868 uint32_t name_hash,
869 uint32 access_mask,
870 uint32 share_access,
871 uint32 create_options,
872 bool *file_existed)
873 {
874 int i;
875
876 if(lck->num_share_modes == 0) {
877 return NT_STATUS_OK;
878 }
879
880 *file_existed = True;
881
882 /* A delete on close prohibits everything */
883
884 if (is_delete_on_close_set(lck, name_hash)) {
885 return NT_STATUS_DELETE_PENDING;
886 }
887
888 if (is_stat_open(access_mask)) {
889 /* Stat open that doesn't trigger oplock breaks or share mode
890 * checks... ! JRA. */
891 return NT_STATUS_OK;
892 }
893
894 /*
895 * Check if the share modes will give us access.
896 */
897
898 #if defined(DEVELOPER)
899 for(i = 0; i < lck->num_share_modes; i++) {
900 validate_my_share_entries(conn->sconn, i,
901 &lck->share_modes[i]);
902 }
903 #endif
904
905 if (!lp_share_modes(SNUM(conn))) {
906 return NT_STATUS_OK;
907 }
908
909 /* Now we check the share modes, after any oplock breaks. */
910 for(i = 0; i < lck->num_share_modes; i++) {
911
912 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
913 continue;
914 }
915
916 /* someone else has a share lock on it, check to see if we can
917 * too */
918 if (share_conflict(&lck->share_modes[i],
919 access_mask, share_access)) {
920 return NT_STATUS_SHARING_VIOLATION;
921 }
922 }
923
924 return NT_STATUS_OK;
925 }
926
927 static bool is_delete_request(files_struct *fsp) {
928 return ((fsp->access_mask == DELETE_ACCESS) &&
929 (fsp->oplock_type == NO_OPLOCK));
930 }
931
932 /*
933 * Send a break message to the oplock holder and delay the open for
934 * our client.
935 */
936
937 static NTSTATUS send_break_message(files_struct *fsp,
938 struct share_mode_entry *exclusive,
939 uint64_t mid,
940 int oplock_request)
941 {
942 NTSTATUS status;
943 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
944
945 DEBUG(10, ("Sending break request to PID %s\n",
946 procid_str_static(&exclusive->pid)));
947 exclusive->op_mid = mid;
948
949 /* Create the message. */
950 share_mode_entry_to_message(msg, exclusive);
951
952 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
953 don't want this set in the share mode struct pointed to by lck. */
954
955 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
956 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET,
957 exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
958 }
959
960 status = messaging_send_buf(fsp->conn->sconn->msg_ctx, exclusive->pid,
961 MSG_SMB_BREAK_REQUEST,
962 (uint8 *)msg,
963 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
964 if (!NT_STATUS_IS_OK(status)) {
965 DEBUG(3, ("Could not send oplock break message: %s\n",
966 nt_errstr(status)));
967 }
968
969 return status;
970 }
971
972 /*
973 * Return share_mode_entry pointers for :
974 * 1). Batch oplock entry.
975 * 2). Batch or exclusive oplock entry (may be identical to #1).
976 * bool have_level2_oplock
977 * bool have_no_oplock.
978 * Do internal consistency checks on the share mode for a file.
979 */
980
981 static void find_oplock_types(files_struct *fsp,
982 int oplock_request,
983 struct share_mode_lock *lck,
984 struct share_mode_entry **pp_batch,
985 struct share_mode_entry **pp_ex_or_batch,
986 bool *got_level2,
987 bool *got_no_oplock)
988 {
989 int i;
990
991 *pp_batch = NULL;
992 *pp_ex_or_batch = NULL;
993 *got_level2 = false;
994 *got_no_oplock = false;
995
996 /* Ignore stat or internal opens, as is done in
997 delay_for_batch_oplocks() and
998 delay_for_exclusive_oplocks().
999 */
1000 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1001 return;
1002 }
1003
1004 for (i=0; i<lck->num_share_modes; i++) {
1005 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
1006 continue;
1007 }
1008
1009 if (lck->share_modes[i].op_type == NO_OPLOCK &&
1010 is_stat_open(lck->share_modes[i].access_mask)) {
1011 /* We ignore stat opens in the table - they
1012 always have NO_OPLOCK and never get or
1013 cause breaks. JRA. */
1014 continue;
1015 }
1016
1017 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
1018 /* batch - can only be one. */
1019 if (*pp_ex_or_batch || *pp_batch || *got_level2 || *got_no_oplock) {
1020 smb_panic("Bad batch oplock entry.");
1021 }
1022 *pp_batch = &lck->share_modes[i];
1023 }
1024
1025 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
1026 /* Exclusive or batch - can only be one. */
1027 if (*pp_ex_or_batch || *got_level2 || *got_no_oplock) {
1028 smb_panic("Bad exclusive or batch oplock entry.");
1029 }
1030 *pp_ex_or_batch = &lck->share_modes[i];
1031 }
1032
1033 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
1034 if (*pp_batch || *pp_ex_or_batch) {
1035 smb_panic("Bad levelII oplock entry.");
1036 }
1037 *got_level2 = true;
1038 }
1039
1040 if (lck->share_modes[i].op_type == NO_OPLOCK) {
1041 if (*pp_batch || *pp_ex_or_batch) {
1042 smb_panic("Bad no oplock entry.");
1043 }
1044 *got_no_oplock = true;
1045 }
1046 }
1047 }
1048
1049 static bool delay_for_batch_oplocks(files_struct *fsp,
1050 uint64_t mid,
1051 int oplock_request,
1052 struct share_mode_entry *batch_entry)
1053 {
1054 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1055 return false;
1056 }
1057
1058 if (batch_entry != NULL) {
1059 /* Found a batch oplock */
1060 send_break_message(fsp, batch_entry, mid, oplock_request);
1061 return true;
1062 }
1063 return false;
1064 }
1065
1066 static bool delay_for_exclusive_oplocks(files_struct *fsp,
1067 uint64_t mid,
1068 int oplock_request,
1069 struct share_mode_entry *ex_entry)
1070 {
1071 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1072 return false;
1073 }
1074
1075 if (ex_entry != NULL) {
1076 /* Found an exclusive or batch oplock */
1077 bool delay_it = is_delete_request(fsp) ?
1078 BATCH_OPLOCK_TYPE(ex_entry->op_type) : true;
1079 if (delay_it) {
1080 send_break_message(fsp, ex_entry, mid, oplock_request);
1081 return true;
1082 }
1083 }
1084 return false;
1085 }
1086
1087 static void grant_fsp_oplock_type(files_struct *fsp,
1088 const struct byte_range_lock *br_lck,
1089 int oplock_request,
1090 bool got_level2_oplock,
1091 bool got_a_none_oplock)
1092 {
1093 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
1094 lp_level2_oplocks(SNUM(fsp->conn));
1095
1096 /* Start by granting what the client asked for,
1097 but ensure no SAMBA_PRIVATE bits can be set. */
1098 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1099
1100 if (oplock_request & INTERNAL_OPEN_ONLY) {
1101 /* No oplocks on internal open. */
1102 fsp->oplock_type = NO_OPLOCK;
1103 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1104 fsp->oplock_type, fsp_str_dbg(fsp)));
1105 return;
1106 } else if (br_lck && br_lck->num_locks > 0) {
1107 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
1108 fsp_str_dbg(fsp)));
1109 fsp->oplock_type = NO_OPLOCK;
1110 }
1111
1112 if (is_stat_open(fsp->access_mask)) {
1113 /* Leave the value already set. */
1114 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1115 fsp->oplock_type, fsp_str_dbg(fsp)));
1116 return;
1117 }
1118
1119 /*
1120 * Match what was requested (fsp->oplock_type) with
1121 * what was found in the existing share modes.
1122 */
1123
1124 if (got_a_none_oplock) {
1125 fsp->oplock_type = NO_OPLOCK;
1126 } else if (got_level2_oplock) {
1127 if (fsp->oplock_type == NO_OPLOCK ||
1128 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
1129 /* Store a level2 oplock, but don't tell the client */
1130 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1131 } else {
1132 fsp->oplock_type = LEVEL_II_OPLOCK;
1133 }
1134 } else {
1135 /* All share_mode_entries are placeholders or deferred.
1136 * Silently upgrade to fake levelII if the client didn't
1137 * ask for an oplock. */
1138 if (fsp->oplock_type == NO_OPLOCK) {
1139 /* Store a level2 oplock, but don't tell the client */
1140 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1141 }
1142 }
1143
1144 /*
1145 * Don't grant level2 to clients that don't want them
1146 * or if we've turned them off.
1147 */
1148 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1149 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1150 }
1151
1152 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1153 fsp->oplock_type, fsp_str_dbg(fsp)));
1154 }
1155
1156 bool request_timed_out(struct timeval request_time,
1157 struct timeval timeout)
1158 {
1159 struct timeval now, end_time;
1160 GetTimeOfDay(&now);
1161 end_time = timeval_sum(&request_time, &timeout);
1162 return (timeval_compare(&end_time, &now) < 0);
1163 }
1164
1165 /****************************************************************************
1166 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1167 ****************************************************************************/
1168
1169 static void defer_open(struct share_mode_lock *lck,
1170 struct timeval request_time,
1171 struct timeval timeout,
1172 struct smb_request *req,
1173 struct deferred_open_record *state)
1174 {
1175 int i;
1176
1177 /* Paranoia check */
1178
1179 for (i=0; i<lck->num_share_modes; i++) {
1180 struct share_mode_entry *e = &lck->share_modes[i];
1181
1182 if (!is_deferred_open_entry(e)) {
1183 continue;
1184 }
1185
1186 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
1187 DEBUG(0, ("Trying to defer an already deferred "
1188 "request: mid=%llu, exiting\n",
1189 (unsigned long long)req->mid));
1190 exit_server("attempt to defer a deferred request");
1191 }
1192 }
1193
1194 /* End paranoia check */
1195
1196 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1197 "open entry for mid %llu\n",
1198 (unsigned int)request_time.tv_sec,
1199 (unsigned int)request_time.tv_usec,
1200 (unsigned long long)req->mid));
1201
1202 if (!push_deferred_open_message_smb(req, request_time, timeout,
1203 state->id, (char *)state, sizeof(*state))) {
1204 exit_server("push_deferred_open_message_smb failed");
1205 }
1206 add_deferred_open(lck, req->mid, request_time,
1207 sconn_server_id(req->sconn), state->id);
1208 }
1209
1210
1211 /****************************************************************************
1212 On overwrite open ensure that the attributes match.
1213 ****************************************************************************/
1214
1215 bool open_match_attributes(connection_struct *conn,
1216 uint32 old_dos_attr,
1217 uint32 new_dos_attr,
1218 mode_t existing_unx_mode,
1219 mode_t new_unx_mode,
1220 mode_t *returned_unx_mode)
1221 {
1222 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1223
1224 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1225 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1226
1227 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1228 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1229 *returned_unx_mode = new_unx_mode;
1230 } else {
1231 *returned_unx_mode = (mode_t)0;
1232 }
1233
1234 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1235 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1236 "returned_unx_mode = 0%o\n",
1237 (unsigned int)old_dos_attr,
1238 (unsigned int)existing_unx_mode,
1239 (unsigned int)new_dos_attr,
1240 (unsigned int)*returned_unx_mode ));
1241
1242 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1243 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1244 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1245 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1246 return False;
1247 }
1248 }
1249 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1250 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1251 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1252 return False;
1253 }
1254 }
1255 return True;
1256 }
1257
1258 /****************************************************************************
1259 Special FCB or DOS processing in the case of a sharing violation.
1260 Try and find a duplicated file handle.
1261 ****************************************************************************/
1262
1263 NTSTATUS fcb_or_dos_open(struct smb_request *req,
1264 connection_struct *conn,
1265 files_struct *fsp_to_dup_into,
1266 const struct smb_filename *smb_fname,
1267 struct file_id id,
1268 uint16 file_pid,
1269 uint16 vuid,
1270 uint32 access_mask,
1271 uint32 share_access,
1272 uint32 create_options)
1273 {
1274 files_struct *fsp;
1275
1276 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1277 "file %s.\n", smb_fname_str_dbg(smb_fname)));
1278
1279 for(fsp = file_find_di_first(conn->sconn, id); fsp;
1280 fsp = file_find_di_next(fsp)) {
1281
1282 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1283 "vuid = %u, file_pid = %u, private_options = 0x%x "
1284 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1285 fsp->fh->fd, (unsigned int)fsp->vuid,
1286 (unsigned int)fsp->file_pid,
1287 (unsigned int)fsp->fh->private_options,
1288 (unsigned int)fsp->access_mask ));
1289
1290 if (fsp->fh->fd != -1 &&
1291 fsp->vuid == vuid &&
1292 fsp->file_pid == file_pid &&
1293 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1294 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1295 (fsp->access_mask & FILE_WRITE_DATA) &&
1296 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1297 strequal(fsp->fsp_name->stream_name,
1298 smb_fname->stream_name)) {
1299 DEBUG(10,("fcb_or_dos_open: file match\n"));
1300 break;
1301 }
1302 }
1303
1304 if (!fsp) {
1305 return NT_STATUS_NOT_FOUND;
1306 }
1307
1308 /* quite an insane set of semantics ... */
1309 if (is_executable(smb_fname->base_name) &&
1310 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1311 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1312 return NT_STATUS_INVALID_PARAMETER;
1313 }
1314
1315 /* We need to duplicate this fsp. */
1316 return dup_file_fsp(req, fsp, access_mask, share_access,
1317 create_options, fsp_to_dup_into);
1318 }
1319
1320 static void schedule_defer_open(struct share_mode_lock *lck,
1321 struct timeval request_time,
1322 struct smb_request *req)
1323 {
1324 struct deferred_open_record state;
1325
1326 /* This is a relative time, added to the absolute
1327 request_time value to get the absolute timeout time.
1328 Note that if this is the second or greater time we enter
1329 this codepath for this particular request mid then
1330 request_time is left as the absolute time of the *first*
1331 time this request mid was processed. This is what allows
1332 the request to eventually time out. */
1333
1334 struct timeval timeout;
1335
1336 /* Normally the smbd we asked should respond within
1337 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1338 * the client did, give twice the timeout as a safety
1339 * measure here in case the other smbd is stuck
1340 * somewhere else. */
1341
1342 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1343
1344 /* Nothing actually uses state.delayed_for_oplocks
1345 but it's handy to differentiate in debug messages
1346 between a 30 second delay due to oplock break, and
1347 a 1 second delay for share mode conflicts. */
1348
1349 state.delayed_for_oplocks = True;
1350 state.id = lck->id;
1351
1352 if (!request_timed_out(request_time, timeout)) {
1353 defer_open(lck, request_time, timeout, req, &state);
1354 }
1355 }
1356
1357 /****************************************************************************
1358 Work out what access_mask to use from what the client sent us.
1359 ****************************************************************************/
1360
1361 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
1362 const struct smb_filename *smb_fname,
1363 bool file_existed,
1364 uint32_t access_mask,
1365 uint32_t *access_mask_out)
1366 {
1367 NTSTATUS status;
1368 uint32_t orig_access_mask = access_mask;
1369 uint32_t rejected_share_access;
1370
1371 /*
1372 * Convert GENERIC bits to specific bits.
1373 */
1374
1375 se_map_generic(&access_mask, &file_generic_mapping);
1376
1377 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1378 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1379 if (file_existed) {
1380
1381 struct security_descriptor *sd;
1382 uint32_t access_granted = 0;
1383
1384 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1385 (SECINFO_OWNER |
1386 SECINFO_GROUP |
1387 SECINFO_DACL),&sd);
1388
1389 if (!NT_STATUS_IS_OK(status)) {
1390 DEBUG(10,("smbd_calculate_access_mask: "
1391 "Could not get acl on file %s: %s\n",
1392 smb_fname_str_dbg(smb_fname),
1393 nt_errstr(status)));
1394 return NT_STATUS_ACCESS_DENIED;
1395 }
1396
1397 status = smb1_file_se_access_check(conn,
1398 sd,
1399 get_current_nttok(conn),
1400 access_mask,
1401 &access_granted);
1402
1403 TALLOC_FREE(sd);
1404
1405 if (!NT_STATUS_IS_OK(status)) {
1406 DEBUG(10, ("smbd_calculate_access_mask: "
1407 "Access denied on file %s: "
1408 "when calculating maximum access\n",
1409 smb_fname_str_dbg(smb_fname)));
1410 return NT_STATUS_ACCESS_DENIED;
1411 }
1412
1413 access_mask = access_granted;
1414 } else {
1415 access_mask = FILE_GENERIC_ALL;
1416 }
1417
1418 access_mask &= conn->share_access;
1419 }
1420
1421 rejected_share_access = access_mask & ~(conn->share_access);
1422
1423 if (rejected_share_access) {
1424 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
1425 "file %s: rejected by share access mask[0x%08X] "
1426 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
1427 smb_fname_str_dbg(smb_fname),
1428 conn->share_access,
1429 orig_access_mask, access_mask,
1430 rejected_share_access));
1431 return NT_STATUS_ACCESS_DENIED;
1432 }
1433
1434 *access_mask_out = access_mask;
1435 return NT_STATUS_OK;
1436 }
1437
1438 /****************************************************************************
1439 Remove the deferred open entry under lock.
1440 ****************************************************************************/
1441
1442 void remove_deferred_open_entry(struct file_id id, uint64_t mid,
1443 struct server_id pid)
1444 {
1445 struct share_mode_lock *lck = get_share_mode_lock(talloc_tos(), id,
1446 NULL, NULL, NULL);
1447 if (lck == NULL) {
1448 DEBUG(0, ("could not get share mode lock\n"));
1449 } else {
1450 del_deferred_open_entry(lck, mid, pid);
1451 TALLOC_FREE(lck);
1452 }
1453 }
1454
1455 /****************************************************************
1456 Ensure we get the brlock lock followed by the share mode lock
1457 in the correct order to prevent deadlocks if other smbd's are
1458 using the brlock database on this file simultaneously with this open
1459 (that code also gets the locks in brlock -> share mode lock order).
1460 ****************************************************************/
1461
1462 static bool acquire_ordered_locks(TALLOC_CTX *mem_ctx,
1463 files_struct *fsp,
1464 const struct file_id id,
1465 const char *connectpath,
1466 const struct smb_filename *smb_fname,
1467 const struct timespec *p_old_write_time,
1468 struct share_mode_lock **p_lck,
1469 struct byte_range_lock **p_br_lck)
1470 {
1471 /* Ordering - we must get the br_lck for this
1472 file before the share mode. */
1473 if (lp_locking(fsp->conn->params)) {
1474 *p_br_lck = brl_get_locks_readonly(fsp);
1475 if (*p_br_lck == NULL) {
1476 DEBUG(0, ("Could not get br_lock\n"));
1477 return false;
1478 }
1479 /* Note - we don't need to free the returned
1480 br_lck explicitly as it was allocated on talloc_tos()
1481 and so will be autofreed (and release the lock)
1482 once the frame context disappears.
1483
1484 If it was set to fsp->brlock_rec then it was
1485 talloc_move'd to hang off the fsp pointer and
1486 in this case is guarenteed to not be holding the
1487 lock on the brlock database. */
1488 }
1489
1490 *p_lck = get_share_mode_lock(mem_ctx,
1491 id,
1492 connectpath,
1493 smb_fname,
1494 p_old_write_time);
1495
1496 if (*p_lck == NULL) {
1497 DEBUG(0, ("Could not get share mode lock\n"));
1498 TALLOC_FREE(*p_br_lck);
1499 return false;
1500 }
1501 return true;
1502 }
1503
1504 /****************************************************************************
1505 Open a file with a share mode. Passed in an already created files_struct *.
1506 ****************************************************************************/
1507
1508 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1509 struct smb_request *req,
1510 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1511 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1512 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1513 uint32 create_options, /* options such as delete on close. */
1514 uint32 new_dos_attributes, /* attributes used for new file. */
1515 int oplock_request, /* internal Samba oplock codes. */
1516 /* Information (FILE_EXISTS etc.) */
1517 uint32_t private_flags, /* Samba specific flags. */
1518 int *pinfo,
1519 files_struct *fsp)
1520 {
1521 struct smb_filename *smb_fname = fsp->fsp_name;
1522 int flags=0;
1523 int flags2=0;
1524 bool file_existed = VALID_STAT(smb_fname->st);
1525 bool def_acl = False;
1526 bool posix_open = False;
1527 bool new_file_created = False;
1528 bool clear_ads = false;
1529 struct file_id id;
1530 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1531 mode_t new_unx_mode = (mode_t)0;
1532 mode_t unx_mode = (mode_t)0;
1533 int info;
1534 uint32 existing_dos_attributes = 0;
1535 struct timeval request_time = timeval_zero();
1536 struct share_mode_lock *lck = NULL;
1537 uint32 open_access_mask = access_mask;
1538 NTSTATUS status;
1539 char *parent_dir;
1540
1541 ZERO_STRUCT(id);
1542
1543 if (conn->printer) {
1544 /*
1545 * Printers are handled completely differently.
1546 * Most of the passed parameters are ignored.
1547 */
1548
1549 if (pinfo) {
1550 *pinfo = FILE_WAS_CREATED;
1551 }
1552
1553 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1554 smb_fname_str_dbg(smb_fname)));
1555
1556 if (!req) {
1557 DEBUG(0,("open_file_ntcreate: printer open without "
1558 "an SMB request!\n"));
1559 return NT_STATUS_INTERNAL_ERROR;
1560 }
1561
1562 return print_spool_open(fsp, smb_fname->base_name,
1563 req->vuid);
1564 }
1565
1566 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
1567 NULL)) {
1568 return NT_STATUS_NO_MEMORY;
1569 }
1570
1571 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1572 posix_open = True;
1573 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1574 new_dos_attributes = 0;
1575 } else {
1576 /* Windows allows a new file to be created and
1577 silently removes a FILE_ATTRIBUTE_DIRECTORY
1578 sent by the client. Do the same. */
1579
1580 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
1581
1582 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
1583 * created new. */
1584 unx_mode = unix_mode(conn, new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
1585 smb_fname, parent_dir);
1586 }
1587
1588 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1589 "access_mask=0x%x share_access=0x%x "
1590 "create_disposition = 0x%x create_options=0x%x "
1591 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
1592 smb_fname_str_dbg(smb_fname), new_dos_attributes,
1593 access_mask, share_access, create_disposition,
1594 create_options, (unsigned int)unx_mode, oplock_request,
1595 (unsigned int)private_flags));
1596
1597 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1598 DEBUG(0, ("No smb request but not an internal only open!\n"));
1599 return NT_STATUS_INTERNAL_ERROR;
1600 }
1601
1602 /*
1603 * Only non-internal opens can be deferred at all
1604 */
1605
1606 if (req) {
1607 void *ptr;
1608 if (get_deferred_open_message_state(req,
1609 &request_time,
1610 &ptr)) {
1611
1612 struct deferred_open_record *state = (struct deferred_open_record *)ptr;
1613 /* Remember the absolute time of the original
1614 request with this mid. We'll use it later to
1615 see if this has timed out. */
1616
1617 /* Remove the deferred open entry under lock. */
1618 remove_deferred_open_entry(
1619 state->id, req->mid,
1620 sconn_server_id(req->sconn));
1621
1622 /* Ensure we don't reprocess this message. */
1623 remove_deferred_open_message_smb(req->mid);
1624 }
1625 }
1626
1627 if (!posix_open) {
1628 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1629 if (file_existed) {
1630 existing_dos_attributes = dos_mode(conn, smb_fname);
1631 }
1632 }
1633
1634 /* ignore any oplock requests if oplocks are disabled */
1635 if (!lp_oplocks(SNUM(conn)) ||
1636 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
1637 /* Mask off everything except the private Samba bits. */
1638 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1639 }
1640
1641 /* this is for OS/2 long file names - say we don't support them */
1642 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
1643 /* OS/2 Workplace shell fix may be main code stream in a later
1644 * release. */
1645 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1646 "supported.\n"));
1647 if (use_nt_status()) {
1648 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1649 }
1650 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1651 }
1652
1653 switch( create_disposition ) {
1654 /*
1655 * Currently we're using FILE_SUPERSEDE as the same as
1656 * FILE_OVERWRITE_IF but they really are
1657 * different. FILE_SUPERSEDE deletes an existing file
1658 * (requiring delete access) then recreates it.
1659 */
1660 case FILE_SUPERSEDE:
1661 /* If file exists replace/overwrite. If file doesn't
1662 * exist create. */
1663 flags2 |= (O_CREAT | O_TRUNC);
1664 clear_ads = true;
1665 break;
1666
1667 case FILE_OVERWRITE_IF:
1668 /* If file exists replace/overwrite. If file doesn't
1669 * exist create. */
1670 flags2 |= (O_CREAT | O_TRUNC);
1671 clear_ads = true;
1672 break;
1673
1674 case FILE_OPEN:
1675 /* If file exists open. If file doesn't exist error. */
1676 if (!file_existed) {
1677 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1678 "requested for file %s and file "
1679 "doesn't exist.\n",
1680 smb_fname_str_dbg(smb_fname)));
1681 errno = ENOENT;
1682 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1683 }
1684 break;
1685
1686 case FILE_OVERWRITE:
1687 /* If file exists overwrite. If file doesn't exist
1688 * error. */
1689 if (!file_existed) {
1690 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1691 "requested for file %s and file "
1692 "doesn't exist.\n",
1693 smb_fname_str_dbg(smb_fname) ));
1694 errno = ENOENT;
1695 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1696 }
1697 flags2 |= O_TRUNC;
1698 clear_ads = true;
1699 break;
1700
1701 case FILE_CREATE:
1702 /* If file exists error. If file doesn't exist
1703 * create. */
1704 if (file_existed) {
1705 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1706 "requested for file %s and file "
1707 "already exists.\n",
1708 smb_fname_str_dbg(smb_fname)));
1709 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
1710 errno = EISDIR;
1711 } else {
1712 errno = EEXIST;
1713 }
1714 return map_nt_error_from_unix(errno);
1715 }
1716 flags2 |= (O_CREAT|O_EXCL);
1717 break;
1718
1719 case FILE_OPEN_IF:
1720 /* If file exists open. If file doesn't exist
1721 * create. */
1722 flags2 |= O_CREAT;
1723 break;
1724
1725 default:
1726 return NT_STATUS_INVALID_PARAMETER;
1727 }
1728
1729 /* We only care about matching attributes on file exists and
1730 * overwrite. */
1731
1732 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1733 (create_disposition == FILE_OVERWRITE_IF))) {
1734 if (!open_match_attributes(conn, existing_dos_attributes,
1735 new_dos_attributes,
1736 smb_fname->st.st_ex_mode,
1737 unx_mode, &new_unx_mode)) {
1738 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1739 "for file %s (%x %x) (0%o, 0%o)\n",
1740 smb_fname_str_dbg(smb_fname),
1741 existing_dos_attributes,
1742 new_dos_attributes,
1743 (unsigned int)smb_fname->st.st_ex_mode,
1744 (unsigned int)unx_mode ));
1745 errno = EACCES;
1746 return NT_STATUS_ACCESS_DENIED;
1747 }
1748 }
1749
1750 status = smbd_calculate_access_mask(conn, smb_fname, file_existed,
1751 access_mask,
1752 &access_mask);
1753 if (!NT_STATUS_IS_OK(status)) {
1754 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
1755 "on file %s returned %s\n",
1756 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
1757 return status;
1758 }
1759
1760 open_access_mask = access_mask;
1761
1762 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1763 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1764 }
1765
1766 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1767 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
1768 access_mask));
1769
1770 /*
1771 * Note that we ignore the append flag as append does not
1772 * mean the same thing under DOS and Unix.
1773 */
1774
1775 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1776 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1777 /* DENY_DOS opens are always underlying read-write on the
1778 file handle, no matter what the requested access mask
1779 says. */
1780 if ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1781 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1782 flags = O_RDWR;
1783 } else {
1784 flags = O_WRONLY;
1785 }
1786 } else {
1787 flags = O_RDONLY;
1788 }
1789
1790 /*
1791 * Currently we only look at FILE_WRITE_THROUGH for create options.
1792 */
1793
1794 #if defined(O_SYNC)
1795 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1796 flags2 |= O_SYNC;
1797 }
1798 #endif /* O_SYNC */
1799
1800 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1801 flags2 |= O_APPEND;
1802 }
1803
1804 if (!posix_open && !CAN_WRITE(conn)) {
1805 /*
1806 * We should really return a permission denied error if either
1807 * O_CREAT or O_TRUNC are set, but for compatibility with
1808 * older versions of Samba we just AND them out.
1809 */
1810 flags2 &= ~(O_CREAT|O_TRUNC);
1811 }
1812
1813 /*
1814 * Ensure we can't write on a read-only share or file.
1815 */
1816
1817 if (flags != O_RDONLY && file_existed &&
1818 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1819 DEBUG(5,("open_file_ntcreate: write access requested for "
1820 "file %s on read only %s\n",
1821 smb_fname_str_dbg(smb_fname),
1822 !CAN_WRITE(conn) ? "share" : "file" ));
1823 errno = EACCES;
1824 return NT_STATUS_ACCESS_DENIED;
1825 }
1826
1827 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1828 fsp->share_access = share_access;
1829 fsp->fh->private_options = private_flags;
1830 fsp->access_mask = open_access_mask; /* We change this to the
1831 * requested access_mask after
1832 * the open is done. */
1833 fsp->posix_open = posix_open;
1834
1835 /* Ensure no SAMBA_PRIVATE bits can be set. */
1836 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1837
1838 if (timeval_is_zero(&request_time)) {
1839 request_time = fsp->open_time;
1840 }
1841
1842 if (file_existed) {
1843 struct byte_range_lock *br_lck = NULL;
1844 struct share_mode_entry *batch_entry = NULL;
1845 struct share_mode_entry *exclusive_entry = NULL;
1846 bool got_level2_oplock = false;
1847 bool got_a_none_oplock = false;
1848
1849 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
1850 id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1851
1852 if (!acquire_ordered_locks(talloc_tos(),
1853 fsp,
1854 id,
1855 conn->connectpath,
1856 smb_fname,
1857 &old_write_time,
1858 &lck,
1859 &br_lck)) {
1860 return NT_STATUS_SHARING_VIOLATION;
1861 }
1862
1863 /* Get the types we need to examine. */
1864 find_oplock_types(fsp,
1865 oplock_request,
1866 lck,
1867 &batch_entry,
1868 &exclusive_entry,
1869 &got_level2_oplock,
1870 &got_a_none_oplock);
1871
1872 /* First pass - send break only on batch oplocks. */
1873 if ((req != NULL) &&
1874 delay_for_batch_oplocks(fsp,
1875 req->mid,
1876 oplock_request,
1877 batch_entry)) {
1878 schedule_defer_open(lck, request_time, req);
1879 TALLOC_FREE(lck);
1880 return NT_STATUS_SHARING_VIOLATION;
1881 }
1882
1883 /* Use the client requested access mask here, not the one we
1884 * open with. */
1885 status = open_mode_check(conn, lck, fsp->name_hash,
1886 access_mask, share_access,
1887 create_options, &file_existed);
1888
1889 if (NT_STATUS_IS_OK(status)) {
1890 /* We might be going to allow this open. Check oplock
1891 * status again. */
1892 /* Second pass - send break for both batch or
1893 * exclusive oplocks. */
1894 if ((req != NULL) &&
1895 delay_for_exclusive_oplocks(
1896 fsp,
1897 req->mid,
1898 oplock_request,
1899 exclusive_entry)) {
1900 schedule_defer_open(lck, request_time, req);
1901 TALLOC_FREE(lck);
1902 return NT_STATUS_SHARING_VIOLATION;
1903 }
1904 }
1905
1906 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1907 /* DELETE_PENDING is not deferred for a second */
1908 TALLOC_FREE(lck);
1909 return status;
1910 }
1911
1912 grant_fsp_oplock_type(fsp,
1913 br_lck,
1914 oplock_request,
1915 got_level2_oplock,
1916 got_a_none_oplock);
1917
1918 if (!NT_STATUS_IS_OK(status)) {
1919 uint32 can_access_mask;
1920 bool can_access = True;
1921
1922 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1923
1924 /* Check if this can be done with the deny_dos and fcb
1925 * calls. */
1926 if (private_flags &
1927 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1928 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1929 if (req == NULL) {
1930 DEBUG(0, ("DOS open without an SMB "
1931 "request!\n"));
1932 TALLOC_FREE(lck);
1933 return NT_STATUS_INTERNAL_ERROR;
1934 }
1935
1936 /* Use the client requested access mask here,
1937 * not the one we open with. */
1938 status = fcb_or_dos_open(req,
1939 conn,
1940 fsp,
1941 smb_fname,
1942 id,
1943 req->smbpid,
1944 req->vuid,
1945 access_mask,
1946 share_access,
1947 create_options);
1948
1949 if (NT_STATUS_IS_OK(status)) {
1950 TALLOC_FREE(lck);
1951 if (pinfo) {
1952 *pinfo = FILE_WAS_OPENED;
1953 }
1954 return NT_STATUS_OK;
1955 }
1956 }
1957
1958 /*
1959 * This next line is a subtlety we need for
1960 * MS-Access. If a file open will fail due to share
1961 * permissions and also for security (access) reasons,
1962 * we need to return the access failed error, not the
1963 * share error. We can't open the file due to kernel
1964 * oplock deadlock (it's possible we failed above on
1965 * the open_mode_check()) so use a userspace check.
1966 */
1967
1968 if (flags & O_RDWR) {
1969 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1970 } else if (flags & O_WRONLY) {
1971 can_access_mask = FILE_WRITE_DATA;
1972 } else {
1973 can_access_mask = FILE_READ_DATA;
1974 }
1975
1976 if (((can_access_mask & FILE_WRITE_DATA) &&
1977 !CAN_WRITE(conn)) ||
1978 !can_access_file_data(conn, smb_fname,
1979 can_access_mask)) {
1980 can_access = False;
1981 }
1982
1983 /*
1984 * If we're returning a share violation, ensure we
1985 * cope with the braindead 1 second delay.
1986 */
1987
1988 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1989 lp_defer_sharing_violations()) {
1990 struct timeval timeout;
1991 struct deferred_open_record state;
1992 int timeout_usecs;
1993
1994 /* this is a hack to speed up torture tests
1995 in 'make test' */
1996 timeout_usecs = lp_parm_int(SNUM(conn),
1997 "smbd","sharedelay",
1998 SHARING_VIOLATION_USEC_WAIT);
1999
2000 /* This is a relative time, added to the absolute
2001 request_time value to get the absolute timeout time.
2002 Note that if this is the second or greater time we enter
2003 this codepath for this particular request mid then
2004 request_time is left as the absolute time of the *first*
2005 time this request mid was processed. This is what allows
2006 the request to eventually time out. */
2007
2008 timeout = timeval_set(0, timeout_usecs);
2009
2010 /* Nothing actually uses state.delayed_for_oplocks
2011 but it's handy to differentiate in debug messages
2012 between a 30 second delay due to oplock break, and
2013 a 1 second delay for share mode conflicts. */
2014
2015 state.delayed_for_oplocks = False;
2016 state.id = id;
2017
2018 if ((req != NULL)
2019 && !request_timed_out(request_time,
2020 timeout)) {
2021 defer_open(lck, request_time, timeout,
2022 req, &state);
2023 }
2024 }
2025
2026 TALLOC_FREE(lck);
2027 if (can_access) {
2028 /*
2029 * We have detected a sharing violation here
2030 * so return the correct error code
2031 */
2032 status = NT_STATUS_SHARING_VIOLATION;
2033 } else {
2034 status = NT_STATUS_ACCESS_DENIED;
2035 }
2036 return status;
2037 }
2038
2039 /*
2040 * We exit this block with the share entry *locked*.....
2041 */
2042 }
2043
2044 SMB_ASSERT(!file_existed || (lck != NULL));
2045
2046 /*
2047 * Ensure we pay attention to default ACLs on directories if required.
2048 */
2049
2050 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
2051 (def_acl = directory_has_default_acl(conn, parent_dir))) {
2052 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
2053 }
2054
2055 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2056 "access_mask = 0x%x, open_access_mask = 0x%x\n",
2057 (unsigned int)flags, (unsigned int)flags2,
2058 (unsigned int)unx_mode, (unsigned int)access_mask,
2059 (unsigned int)open_access_mask));
2060
2061 /*
2062 * open_file strips any O_TRUNC flags itself.
2063 */
2064
2065 fsp_open = open_file(fsp, conn, req, parent_dir,
2066 flags|flags2, unx_mode, access_mask,
2067 open_access_mask);
2068
2069 if (!NT_STATUS_IS_OK(fsp_open)) {
2070 if (lck != NULL) {
2071 TALLOC_FREE(lck);
2072 }
2073 return fsp_open;
2074 }
2075
2076 if (!file_existed) {
2077 struct byte_range_lock *br_lck = NULL;
2078 struct share_mode_entry *batch_entry = NULL;
2079 struct share_mode_entry *exclusive_entry = NULL;
2080 bool got_level2_oplock = false;
2081 bool got_a_none_oplock = false;
2082 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
2083 /*
2084 * Deal with the race condition where two smbd's detect the
2085 * file doesn't exist and do the create at the same time. One
2086 * of them will win and set a share mode, the other (ie. this
2087 * one) should check if the requested share mode for this
2088 * create is allowed.
2089 */
2090
2091 /*
2092 * Now the file exists and fsp is successfully opened,
2093 * fsp->dev and fsp->inode are valid and should replace the
2094 * dev=0,inode=0 from a non existent file. Spotted by
2095 * Nadav Danieli <nadavd@exanet.com>. JRA.
2096 */
2097
2098 id = fsp->file_id;
2099
2100 if (!acquire_ordered_locks(talloc_tos(),
2101 fsp,
2102 id,
2103 conn->connectpath,
2104 smb_fname,
2105 &old_write_time,
2106 &lck,
2107 &br_lck)) {
2108 return NT_STATUS_SHARING_VIOLATION;
2109 }
2110
2111 /* Get the types we need to examine. */
2112 find_oplock_types(fsp,
2113 oplock_request,
2114 lck,
2115 &batch_entry,
2116 &exclusive_entry,
2117 &got_level2_oplock,
2118 &got_a_none_oplock);
2119
2120 /* First pass - send break only on batch oplocks. */
2121 if ((req != NULL) &&
2122 delay_for_batch_oplocks(fsp,
2123 req->mid,
2124 oplock_request,
2125 batch_entry)) {
2126 schedule_defer_open(lck, request_time, req);
2127 TALLOC_FREE(lck);
2128 fd_close(fsp);
2129 return NT_STATUS_SHARING_VIOLATION;
2130 }
2131
2132 status = open_mode_check(conn, lck, fsp->name_hash,
2133 access_mask, share_access,
2134 create_options, &file_existed);
2135
2136 if (NT_STATUS_IS_OK(status)) {
2137 /* We might be going to allow this open. Check oplock
2138 * status again. */
2139 /* Second pass - send break for both batch or
2140 * exclusive oplocks. */
2141 if ((req != NULL) &&
2142 delay_for_exclusive_oplocks(
2143 fsp,
2144 req->mid,
2145 oplock_request,
2146 exclusive_entry)) {
2147 schedule_defer_open(lck, request_time, req);
2148 TALLOC_FREE(lck);
2149 fd_close(fsp);
2150 return NT_STATUS_SHARING_VIOLATION;
2151 }
2152 }
2153
2154 if (!NT_STATUS_IS_OK(status)) {
2155 struct deferred_open_record state;
2156
2157 fd_close(fsp);
2158
2159 state.delayed_for_oplocks = False;
2160 state.id = id;
2161
2162 /* Do it all over again immediately. In the second
2163 * round we will find that the file existed and handle
2164 * the DELETE_PENDING and FCB cases correctly. No need
2165 * to duplicate the code here. Essentially this is a
2166 * "goto top of this function", but don't tell
2167 * anybody... */
2168
2169 if (req != NULL) {
2170 defer_open(lck, request_time, timeval_zero(),
2171 req, &state);
2172 }
2173 TALLOC_FREE(lck);
2174 return status;
2175 }
2176
2177 grant_fsp_oplock_type(fsp,
2178 br_lck,
2179 oplock_request,
2180 got_level2_oplock,
2181 got_a_none_oplock);
2182
2183 /*
2184 * We exit this block with the share entry *locked*.....
2185 */
2186
2187 }
2188
2189 SMB_ASSERT(lck != NULL);
2190
2191 /* Delete streams if create_disposition requires it */
2192 if (file_existed && clear_ads &&
2193 !is_ntfs_stream_smb_fname(smb_fname)) {
2194 status = delete_all_streams(conn, smb_fname->base_name);
2195 if (!NT_STATUS_IS_OK(status)) {
2196 TALLOC_FREE(lck);
2197 fd_close(fsp);
2198 return status;
2199 }
2200 }
2201
2202 /* note that we ignore failure for the following. It is
2203 basically a hack for NFS, and NFS will never set one of
2204 these only read them. Nobody but Samba can ever set a deny
2205 mode and we have already checked our more authoritative
2206 locking database for permission to set this deny mode. If
2207 the kernel refuses the operations then the kernel is wrong.
2208 note that GPFS supports it as well - jmcd */
2209
2210 if (fsp->fh->fd != -1) {
2211 int ret_flock;
2212 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
2213 if(ret_flock == -1 ){
2214
2215 TALLOC_FREE(lck);
2216 fd_close(fsp);
2217
2218 return NT_STATUS_SHARING_VIOLATION;
2219 }
2220 }
2221
2222 /*
2223 * At this point onwards, we can guarentee that the share entry
2224 * is locked, whether we created the file or not, and that the
2225 * deny mode is compatible with all current opens.
2226 */
2227
2228 /*
2229 * If requested, truncate the file.
2230 */
2231
2232 if (file_existed && (flags2&O_TRUNC)) {
2233 /*
2234 * We are modifing the file after open - update the stat
2235 * struct..
2236 */
2237 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2238 (SMB_VFS_FSTAT(fsp, &smb_fname->st)==-1)) {
2239 status = map_nt_error_from_unix(errno);
2240 TALLOC_FREE(lck);
2241 fd_close(fsp);
2242 return status;
2243 }
2244 }
2245
2246 /*
2247 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2248 * but we don't have to store this - just ignore it on access check.
2249 */
2250 if (conn->sconn->using_smb2) {
2251 /*
2252 * SMB2 doesn't return it (according to Microsoft tests).
2253 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
2254 * File created with access = 0x7 (Read, Write, Delete)
2255 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
2256 */
2257 fsp->access_mask = access_mask;
2258 } else {
2259 /* But SMB1 does. */
2260 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2261 }
2262
2263 if (file_existed) {
2264 /* stat opens on existing files don't get oplocks. */
2265 if (is_stat_open(open_access_mask)) {
2266 fsp->oplock_type = NO_OPLOCK;
2267 }
2268
2269 if (!(flags2 & O_TRUNC)) {
2270 info = FILE_WAS_OPENED;
2271 } else {
2272 info = FILE_WAS_OVERWRITTEN;
2273 }
2274 } else {
2275 info = FILE_WAS_CREATED;
2276 }
2277
2278 if (pinfo) {
2279 *pinfo = info;
2280 }
2281
2282 /*
2283 * Setup the oplock info in both the shared memory and
2284 * file structs.
2285 */
2286
2287 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2288 /*
2289 * Could not get the kernel oplock or there are byte-range
2290 * locks on the file.
2291 */
2292 fsp->oplock_type = NO_OPLOCK;
2293 }
2294
2295 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2296 new_file_created = True;
2297 }
2298
2299 set_share_mode(lck, fsp, get_current_uid(conn),
2300 req ? req->mid : 0,
2301 fsp->oplock_type);
2302
2303 /* Handle strange delete on close create semantics. */
2304 if (create_options & FILE_DELETE_ON_CLOSE) {
2305
2306 status = can_set_delete_on_close(fsp, new_dos_attributes);
2307
2308 if (!NT_STATUS_IS_OK(status)) {
2309 /* Remember to delete the mode we just added. */
2310 del_share_mode(lck, fsp);
2311 TALLOC_FREE(lck);
2312 fd_close(fsp);
2313 return status;
2314 }
2315 /* Note that here we set the *inital* delete on close flag,
2316 not the regular one. The magic gets handled in close. */
2317 fsp->initial_delete_on_close = True;
2318 }
2319
2320 if (new_file_created) {
2321 /* Files should be initially set as archive */
2322 if (lp_map_archive(SNUM(conn)) ||
2323 lp_store_dos_attributes(SNUM(conn))) {
2324 if (!posix_open) {
2325 if (file_set_dosmode(conn, smb_fname,
2326 new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
2327 parent_dir, true) == 0) {
2328 unx_mode = smb_fname->st.st_ex_mode;
2329 }
2330 }
2331 }
2332 }
2333
2334 /* Determine sparse flag. */
2335 if (posix_open) {
2336 /* POSIX opens are sparse by default. */
2337 fsp->is_sparse = true;
2338 } else {
2339 fsp->is_sparse = (file_existed &&
2340 (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE));
2341 }
2342
2343 /*
2344 * Take care of inherited ACLs on created files - if default ACL not
2345 * selected.
2346 */
2347
2348 if (!posix_open && !file_existed && !def_acl) {
2349
2350 int saved_errno = errno; /* We might get ENOSYS in the next
2351 * call.. */
2352
2353 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2354 errno == ENOSYS) {
2355 errno = saved_errno; /* Ignore ENOSYS */
2356 }
2357
2358 } else if (new_unx_mode) {
2359
2360 int ret = -1;
2361
2362 /* Attributes need changing. File already existed. */
2363
2364 {
2365 int saved_errno = errno; /* We might get ENOSYS in the
2366 * next call.. */
2367 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2368
2369 if (ret == -1 && errno == ENOSYS) {
2370 errno = saved_errno; /* Ignore ENOSYS */
2371 } else {
2372 DEBUG(5, ("open_file_ntcreate: reset "
2373 "attributes of file %s to 0%o\n",
2374 smb_fname_str_dbg(smb_fname),
2375 (unsigned int)new_unx_mode));
2376 ret = 0; /* Don't do the fchmod below. */
2377 }
2378 }
2379
2380 if ((ret == -1) &&
2381 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2382 DEBUG(5, ("open_file_ntcreate: failed to reset "
2383 "attributes of file %s to 0%o\n",
2384 smb_fname_str_dbg(smb_fname),
2385 (unsigned int)new_unx_mode));
2386 }
2387
2388 /* If this is a successful open, we must remove any deferred open
2389 * records. */
2390 if (req != NULL) {
2391 del_deferred_open_entry(lck, req->mid,
2392 sconn_server_id(req->sconn));
2393 }
2394 TALLOC_FREE(lck);
2395
2396 return NT_STATUS_OK;
2397 }
2398
2399
2400 /****************************************************************************
2401 Open a file for for write to ensure that we can fchmod it.
2402 ****************************************************************************/
2403
2404 NTSTATUS open_file_fchmod(connection_struct *conn,
2405 struct smb_filename *smb_fname,
2406 files_struct **result)
2407 {
2408 if (!VALID_STAT(smb_fname->st)) {
2409 return NT_STATUS_INVALID_PARAMETER;
2410 }
2411
2412 return SMB_VFS_CREATE_FILE(
2413 conn, /* conn */
2414 NULL, /* req */
2415 0, /* root_dir_fid */
2416 smb_fname, /* fname */
2417 FILE_WRITE_DATA, /* access_mask */
2418 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2419 FILE_SHARE_DELETE),
2420 FILE_OPEN, /* create_disposition*/
2421 0, /* create_options */
2422 0, /* file_attributes */
2423 INTERNAL_OPEN_ONLY, /* oplock_request */
2424 0, /* allocation_size */
2425 0, /* private_flags */
2426 NULL, /* sd */
2427 NULL, /* ea_list */
2428 result, /* result */
2429 NULL); /* pinfo */
2430 }
2431
2432 static NTSTATUS mkdir_internal(connection_struct *conn,
2433 struct smb_filename *smb_dname,
2434 uint32 file_attributes)
2435 {
2436 mode_t mode;
2437 char *parent_dir;
2438 NTSTATUS status;
2439 bool posix_open = false;
2440 bool need_re_stat = false;
2441
2442 if(!CAN_WRITE(conn)) {
2443 DEBUG(5,("mkdir_internal: failing create on read-only share "
2444 "%s\n", lp_servicename(SNUM(conn))));
2445 return NT_STATUS_ACCESS_DENIED;
2446 }
2447
2448 status = check_name(conn, smb_dname->base_name);
2449 if (!NT_STATUS_IS_OK(status)) {
2450 return status;
2451 }
2452
2453 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2454 NULL)) {
2455 return NT_STATUS_NO_MEMORY;
2456 }
2457
2458 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2459 posix_open = true;
2460 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2461 } else {
2462 mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, smb_dname, parent_dir);
2463 }
2464
2465 if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2466 return map_nt_error_from_unix(errno);
2467 }
2468
2469 /* Ensure we're checking for a symlink here.... */
2470 /* We don't want to get caught by a symlink racer. */
2471
2472 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2473 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2474 smb_fname_str_dbg(smb_dname), strerror(errno)));
2475 return map_nt_error_from_unix(errno);
2476 }
2477
2478 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2479 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2480 smb_fname_str_dbg(smb_dname)));
2481 return NT_STATUS_ACCESS_DENIED;
2482 }
2483
2484 if (lp_store_dos_attributes(SNUM(conn))) {
2485 if (!posix_open) {
2486 file_set_dosmode(conn, smb_dname,
2487 file_attributes | FILE_ATTRIBUTE_DIRECTORY,
2488 parent_dir, true);
2489 }
2490 }
2491
2492 if (lp_inherit_perms(SNUM(conn))) {
2493 inherit_access_posix_acl(conn, parent_dir,
2494 smb_dname->base_name, mode);
2495 need_re_stat = true;
2496 }
2497
2498 if (!posix_open) {
2499 /*
2500 * Check if high bits should have been set,
2501 * then (if bits are missing): add them.
2502 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2503 * dir.
2504 */
2505 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2506 (mode & ~smb_dname->st.st_ex_mode)) {
2507 SMB_VFS_CHMOD(conn, smb_dname->base_name,
2508 (smb_dname->st.st_ex_mode |
2509 (mode & ~smb_dname->st.st_ex_mode)));
2510 need_re_stat = true;
2511 }
2512 }
2513
2514 /* Change the owner if required. */
2515 if (lp_inherit_owner(SNUM(conn))) {
2516 change_dir_owner_to_parent(conn, parent_dir,
2517 smb_dname->base_name,
2518 &smb_dname->st);
2519 need_re_stat = true;
2520 }
2521
2522 if (need_re_stat) {
2523 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2524 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2525 smb_fname_str_dbg(smb_dname), strerror(errno)));
2526 return map_nt_error_from_unix(errno);
2527 }
2528 }
2529
2530 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2531 smb_dname->base_name);
2532
2533 return NT_STATUS_OK;
2534 }
2535
2536 /****************************************************************************
2537 Ensure we didn't get symlink raced on opening a directory.
2538 ****************************************************************************/
2539
2540 bool check_same_stat(const SMB_STRUCT_STAT *sbuf1,
2541 const SMB_STRUCT_STAT *sbuf2)
2542 {
2543 if (sbuf1->st_ex_uid != sbuf2->st_ex_uid ||
2544 sbuf1->st_ex_gid != sbuf2->st_ex_gid ||
2545 sbuf1->st_ex_dev != sbuf2->st_ex_dev ||
2546 sbuf1->st_ex_ino != sbuf2->st_ex_ino) {
2547 return false;
2548 }
2549 return true;
2550 }
2551
2552 /****************************************************************************
2553 Open a directory from an NT SMB call.
2554 ****************************************************************************/
2555
2556 static NTSTATUS open_directory(connection_struct *conn,
2557 struct smb_request *req,
2558 struct smb_filename *smb_dname,
2559 uint32 access_mask,
2560 uint32 share_access,
2561 uint32 create_disposition,
2562 uint32 create_options,
2563 uint32 file_attributes,
2564 int *pinfo,
2565 files_struct **result)
2566 {
2567 files_struct *fsp = NULL;
2568 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
2569 struct share_mode_lock *lck = NULL;
2570 NTSTATUS status;
2571 struct timespec mtimespec;
2572 int info = 0;
2573
2574 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
2575
2576 /* Ensure we have a directory attribute. */
2577 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
2578
2579 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2580 "share_access = 0x%x create_options = 0x%x, "
2581 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2582 smb_fname_str_dbg(smb_dname),
2583 (unsigned int)access_mask,
2584 (unsigned int)share_access,
2585 (unsigned int)create_options,
2586 (unsigned int)create_disposition,
2587 (unsigned int)file_attributes));
2588
2589 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2590 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2591 is_ntfs_stream_smb_fname(smb_dname)) {
2592 DEBUG(2, ("open_directory: %s is a stream name!\n",
2593 smb_fname_str_dbg(smb_dname)));
2594 return NT_STATUS_NOT_A_DIRECTORY;
2595 }
2596
2597 status = smbd_calculate_access_mask(conn, smb_dname, dir_existed,
2598 access_mask, &access_mask);
2599 if (!NT_STATUS_IS_OK(status)) {
2600 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
2601 "on file %s returned %s\n",
2602 smb_fname_str_dbg(smb_dname),
2603 nt_errstr(status)));
2604 return status;
2605 }
2606
2607 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2608 !security_token_has_privilege(get_current_nttok(conn),
2609 SEC_PRIV_SECURITY)) {
2610 DEBUG(10, ("open_directory: open on %s "
2611 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2612 smb_fname_str_dbg(smb_dname)));
2613 return NT_STATUS_PRIVILEGE_NOT_HELD;
2614 }
2615
2616 switch( create_disposition ) {
2617 case FILE_OPEN:
2618
2619 if (!dir_existed) {
2620 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2621 }
2622
2623 info = FILE_WAS_OPENED;
2624 break;
2625
2626 case FILE_CREATE:
2627
2628 /* If directory exists error. If directory doesn't
2629 * exist create. */
2630
2631 status = mkdir_internal(conn, smb_dname,
2632 file_attributes);
2633
2634 if (!NT_STATUS_IS_OK(status)) {
2635 DEBUG(2, ("open_directory: unable to create "
2636 "%s. Error was %s\n",
2637 smb_fname_str_dbg(smb_dname),
2638 nt_errstr(status)));
2639 return status;
2640 }
2641
2642 info = FILE_WAS_CREATED;
2643 break;
2644
2645 case FILE_OPEN_IF:
2646 /*
2647 * If directory exists open. If directory doesn't
2648 * exist create.
2649 */
2650
2651 status = mkdir_internal(conn, smb_dname,
2652 file_attributes);
2653
2654 if (NT_STATUS_IS_OK(status)) {
2655 info = FILE_WAS_CREATED;
2656 }
2657
2658 if (NT_STATUS_EQUAL(status,
2659 NT_STATUS_OBJECT_NAME_COLLISION)) {
2660 info = FILE_WAS_OPENED;
2661 status = NT_STATUS_OK;
2662 }
2663 break;
2664
2665 case FILE_SUPERSEDE:
2666 case FILE_OVERWRITE:
2667 case FILE_OVERWRITE_IF:
2668 default:
2669 DEBUG(5,("open_directory: invalid create_disposition "
2670 "0x%x for directory %s\n",
2671 (unsigned int)create_disposition,
2672 smb_fname_str_dbg(smb_dname)));
2673 return NT_STATUS_INVALID_PARAMETER;
2674 }
2675
2676 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
2677 DEBUG(5,("open_directory: %s is not a directory !\n",
2678 smb_fname_str_dbg(smb_dname)));
2679 return NT_STATUS_NOT_A_DIRECTORY;
2680 }
2681
2682 if (info == FILE_WAS_OPENED) {
2683 uint32_t access_granted = 0;
2684 status = smbd_check_open_rights(conn, smb_dname, access_mask,
2685 &access_granted);
2686
2687 /* Were we trying to do a directory open
2688 * for delete and didn't get DELETE
2689 * access (only) ? Check if the
2690 * directory allows DELETE_CHILD.
2691 * See here:
2692 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
2693 * for details. */
2694
2695 if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
2696 (access_mask & DELETE_ACCESS) &&
2697 (access_granted == DELETE_ACCESS) &&
2698 can_delete_file_in_directory(conn, smb_dname))) {
2699 DEBUG(10,("open_directory: overrode ACCESS_DENIED "
2700 "on directory %s\n",
2701 smb_fname_str_dbg(smb_dname)));
2702 status = NT_STATUS_OK;
2703 }
2704
2705 if (!NT_STATUS_IS_OK(status)) {
2706 DEBUG(10, ("open_directory: smbd_check_open_rights on "
2707 "file %s failed with %s\n",
2708 smb_fname_str_dbg(smb_dname),
2709 nt_errstr(status)));
2710 return status;
2711 }
2712 }
2713
2714 status = file_new(req, conn, &fsp);
2715 if(!NT_STATUS_IS_OK(status)) {
2716 return status;
2717 }
2718
2719 /*
2720 * Setup the files_struct for it.
2721 */
2722
2723 fsp->mode = smb_dname->st.st_ex_mode;
2724 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
2725 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2726 fsp->file_pid = req ? req->smbpid : 0;
2727 fsp->can_lock = False;
2728 fsp->can_read = False;
2729 fsp->can_write = False;
2730
2731 fsp->share_access = share_access;
2732 fsp->fh->private_options = 0;
2733 /*
2734 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2735 */
2736 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2737 fsp->print_file = NULL;
2738 fsp->modified = False;
2739 fsp->oplock_type = NO_OPLOCK;
2740 fsp->sent_oplock_break = NO_BREAK_SENT;
2741 fsp->is_directory = True;
2742 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2743 status = fsp_set_smb_fname(fsp, smb_dname);
2744 if (!NT_STATUS_IS_OK(status)) {
2745 file_free(req, fsp);
2746 return status;
2747 }
2748
2749 mtimespec = smb_dname->st.st_ex_mtime;
2750
2751 #ifdef O_DIRECTORY
2752 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
2753 #else
2754 /* POSIX allows us to open a directory with O_RDONLY. */
2755 status = fd_open(conn, fsp, O_RDONLY, 0);
2756 #endif
2757 if (!NT_STATUS_IS_OK(status)) {
2758 DEBUG(5, ("open_directory: Could not open fd for "
2759 "%s (%s)\n",
2760 smb_fname_str_dbg(smb_dname),
2761 nt_errstr(status)));
2762 file_free(req, fsp);
2763 return status;
2764 }
2765
2766 status = vfs_stat_fsp(fsp);
2767 if (!NT_STATUS_IS_OK(status)) {
2768 fd_close(fsp);
2769 file_free(req, fsp);
2770 return status;
2771 }
2772
2773 /* Ensure there was no race condition. */
2774 if (!check_same_stat(&smb_dname->st, &fsp->fsp_name->st)) {
2775 DEBUG(5,("open_directory: stat struct differs for "
2776 "directory %s.\n",
2777 smb_fname_str_dbg(smb_dname)));
2778 fd_close(fsp);
2779 file_free(req, fsp);
2780 return NT_STATUS_ACCESS_DENIED;
2781 }
2782
2783 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2784 conn->connectpath, smb_dname, &mtimespec);
2785
2786 if (lck == NULL) {
2787 DEBUG(0, ("open_directory: Could not get share mode lock for "
2788 "%s\n", smb_fname_str_dbg(smb_dname)));
2789 fd_close(fsp);
2790 file_free(req, fsp);
2791 return NT_STATUS_SHARING_VIOLATION;
2792 }
2793
2794 status = open_mode_check(conn, lck, fsp->name_hash,
2795 access_mask, share_access,
2796 create_options, &dir_existed);
2797
2798 if (!NT_STATUS_IS_OK(status)) {
2799 TALLOC_FREE(lck);
2800 fd_close(fsp);
2801 file_free(req, fsp);
2802 return status;
2803 }
2804
2805 set_share_mode(lck, fsp, get_current_uid(conn),
2806 req ? req->mid : 0, NO_OPLOCK);
2807
2808 /* For directories the delete on close bit at open time seems
2809 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2810 if (create_options & FILE_DELETE_ON_CLOSE) {
2811 status = can_set_delete_on_close(fsp, 0);
2812 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2813 TALLOC_FREE(lck);
2814 fd_close(fsp);
2815 file_free(req, fsp);
2816 return status;
2817 }
2818
2819 if (NT_STATUS_IS_OK(status)) {
2820 /* Note that here we set the *inital* delete on close flag,
2821 not the regular one. The magic gets handled in close. */
2822 fsp->initial_delete_on_close = True;
2823 }
2824 }
2825
2826 TALLOC_FREE(lck);
2827
2828 if (pinfo) {
2829 *pinfo = info;
2830 }
2831
2832 *result = fsp;
2833 return NT_STATUS_OK;
2834 }
2835
2836 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
2837 struct smb_filename *smb_dname)
2838 {
2839 NTSTATUS status;
2840 files_struct *fsp;
2841
2842 status = SMB_VFS_CREATE_FILE(
2843 conn, /* conn */
2844 req, /* req */
2845 0, /* root_dir_fid */
2846 smb_dname, /* fname */
2847 FILE_READ_ATTRIBUTES, /* access_mask */
2848 FILE_SHARE_NONE, /* share_access */
2849 FILE_CREATE, /* create_disposition*/
2850 FILE_DIRECTORY_FILE, /* create_options */
2851 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
2852 0, /* oplock_request */
2853 0, /* allocation_size */
2854 0, /* private_flags */
2855 NULL, /* sd */
2856 NULL, /* ea_list */
2857 &fsp, /* result */
2858 NULL); /* pinfo */
2859
2860 if (NT_STATUS_IS_OK(status)) {
2861 close_file(req, fsp, NORMAL_CLOSE);
2862 }
2863
2864 return status;
2865 }
2866
2867 /****************************************************************************
2868 Receive notification that one of our open files has been renamed by another
2869 smbd process.
2870 ****************************************************************************/
2871
2872 void msg_file_was_renamed(struct messaging_context *msg,
2873 void *private_data,
2874 uint32_t msg_type,
2875 struct server_id server_id,
2876 DATA_BLOB *data)
2877 {
2878 struct smbd_server_connection *sconn;
2879 files_struct *fsp;
2880 char *frm = (char *)data->data;
2881 struct file_id id;
2882 const char *sharepath;
2883 const char *base_name;
2884 const char *stream_name;
2885 struct smb_filename *smb_fname = NULL;
2886 size_t sp_len, bn_len;
2887 NTSTATUS status;
2888
2889 sconn = msg_ctx_to_sconn(msg);
2890 if (sconn == NULL) {
2891 DEBUG(1, ("could not find sconn\n"));
2892 return;
2893 }
2894
2895 if (data->data == NULL
2896 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2897 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2898 (int)data->length));
2899 return;
2900 }
2901
2902 /* Unpack the message. */
2903 pull_file_id_24(frm, &id);
2904 sharepath = &frm[24];
2905 sp_len = strlen(sharepath);
2906 base_name = sharepath + sp_len + 1;
2907 bn_len = strlen(base_name);
2908 stream_name = sharepath + sp_len + 1 + bn_len + 1;
2909
2910 /* stream_name must always be NULL if there is no stream. */
2911 if (stream_name[0] == '\0') {
2912 stream_name = NULL;
2913 }
2914
2915 status = create_synthetic_smb_fname(talloc_tos(), base_name,
2916 stream_name, NULL, &smb_fname);
2917 if (!NT_STATUS_IS_OK(status)) {
2918 return;
2919 }
2920
2921 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2922 "file_id %s\n",
2923 sharepath, smb_fname_str_dbg(smb_fname),
2924 file_id_string_tos(&id)));
2925
2926 for(fsp = file_find_di_first(sconn, id); fsp;
2927 fsp = file_find_di_next(fsp)) {
2928 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2929
2930 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2931 fsp->fnum, fsp_str_dbg(fsp),
2932 smb_fname_str_dbg(smb_fname)));
2933 status = fsp_set_smb_fname(fsp, smb_fname);
2934 if (!NT_STATUS_IS_OK(status)) {
2935 goto out;
2936 }
2937 } else {
2938 /* TODO. JRA. */
2939 /* Now we have the complete path we can work out if this is
2940 actually within this share and adjust newname accordingly. */
2941 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2942 "not sharepath %s) "
2943 "fnum %d from %s -> %s\n",
2944 fsp->conn->connectpath,
2945 sharepath,
2946 fsp->fnum,
2947 fsp_str_dbg(fsp),
2948 smb_fname_str_dbg(smb_fname)));
2949 }
2950 }
2951 out:
2952 TALLOC_FREE(smb_fname);
2953 return;
2954 }
2955
2956 /*
2957 * If a main file is opened for delete, all streams need to be checked for
2958 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2959 * If that works, delete them all by setting the delete on close and close.
2960 */
2961
2962 NTSTATUS open_streams_for_delete(connection_struct *conn,
2963 const char *fname)
2964 {
2965 struct stream_struct *stream_info = NULL;
2966 files_struct **streams = NULL;
2967 int i;
2968 unsigned int num_streams = 0;
2969 TALLOC_CTX *frame = talloc_stackframe();
2970 NTSTATUS status;
2971
2972 status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
2973 &num_streams, &stream_info);
2974
2975 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2976 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2977 DEBUG(10, ("no streams around\n"));
2978 TALLOC_FREE(frame);
2979 return NT_STATUS_OK;
2980 }
2981
2982 if (!NT_STATUS_IS_OK(status)) {
2983 DEBUG(10, ("vfs_streaminfo failed: %s\n",
2984 nt_errstr(status)));
2985 goto fail;
2986 }
2987
2988 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2989 num_streams));
2990
2991 if (num_streams == 0) {
2992 TALLOC_FREE(frame);
2993 return NT_STATUS_OK;
2994 }
2995
2996 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2997 if (streams == NULL) {
2998 DEBUG(0, ("talloc failed\n"));
2999 status = NT_STATUS_NO_MEMORY;
3000 goto fail;
3001 }
3002
3003 for (i=0; i<num_streams; i++) {
3004 struct smb_filename *smb_fname = NULL;
3005
3006 if (strequal(stream_info[i].name, "::$DATA")) {
3007 streams[i] = NULL;
3008 continue;
3009 }
3010
3011 status = create_synthetic_smb_fname(talloc_tos(), fname,
3012 stream_info[i].name,
3013 NULL, &smb_fname);
3014 if (!NT_STATUS_IS_OK(status)) {
3015 goto fail;
3016 }
3017
3018 if (SMB_VFS_STAT(conn, smb_fname) == -1) {
3019 DEBUG(10, ("Unable to stat stream: %s\n",
3020 smb_fname_str_dbg(smb_fname)));
3021 }
3022
3023 status = SMB_VFS_CREATE_FILE(
3024 conn, /* conn */
3025 NULL, /* req */
3026 0, /* root_dir_fid */
3027 smb_fname, /* fname */
3028 DELETE_ACCESS, /* access_mask */
3029 (FILE_SHARE_READ | /* share_access */
3030 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
3031 FILE_OPEN, /* create_disposition*/
3032 0, /* create_options */
3033 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
3034 0, /* oplock_request */
3035 0, /* allocation_size */
3036 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
3037 NULL, /* sd */
3038 NULL, /* ea_list */
3039 &streams[i], /* result */
3040 NULL); /* pinfo */
3041
3042 if (!NT_STATUS_IS_OK(status)) {
3043 DEBUG(10, ("Could not open stream %s: %s\n",
3044 smb_fname_str_dbg(smb_fname),
3045 nt_errstr(status)));
3046
3047 TALLOC_FREE(smb_fname);
3048 break;
3049 }
3050 TALLOC_FREE(smb_fname);
3051 }
3052
3053 /*
3054 * don't touch the variable "status" beyond this point :-)
3055 */
3056
3057 for (i -= 1 ; i >= 0; i--) {
3058 if (streams[i] == NULL) {
3059 continue;
3060 }
3061
3062 DEBUG(10, ("Closing stream # %d, %s\n", i,
3063 fsp_str_dbg(streams[i])));
3064 close_file(NULL, streams[i], NORMAL_CLOSE);
3065 }
3066
3067 fail:
3068 TALLOC_FREE(frame);
3069 return status;
3070 }
3071
3072 /*
3073 * Wrapper around open_file_ntcreate and open_directory
3074 */
3075
3076 static NTSTATUS create_file_unixpath(connection_struct *conn,
3077 struct smb_request *req,
3078 struct smb_filename *smb_fname,
3079 uint32_t access_mask,
3080 uint32_t share_access,
3081 uint32_t create_disposition,
3082 uint32_t create_options,
3083 uint32_t file_attributes,
3084 uint32_t oplock_request,
3085 uint64_t allocation_size,
3086 uint32_t private_flags,
3087 struct security_descriptor *sd,
3088 struct ea_list *ea_list,
3089
3090 files_struct **result,
3091 int *pinfo)
3092 {
3093 int info = FILE_WAS_OPENED;
3094 files_struct *base_fsp = NULL;
3095 files_struct *fsp = NULL;
3096 NTSTATUS status;
3097
3098 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
3099 "file_attributes = 0x%x, share_access = 0x%x, "
3100 "create_disposition = 0x%x create_options = 0x%x "
3101 "oplock_request = 0x%x private_flags = 0x%x "
3102 "ea_list = 0x%p, sd = 0x%p, "
3103 "fname = %s\n",
3104 (unsigned int)access_mask,
3105 (unsigned int)file_attributes,
3106 (unsigned int)share_access,
3107 (unsigned int)create_disposition,
3108 (unsigned int)create_options,
3109 (unsigned int)oplock_request,
3110 (unsigned int)private_flags,
3111 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3112
3113 if (create_options & FILE_OPEN_BY_FILE_ID) {
3114 status = NT_STATUS_NOT_SUPPORTED;
3115 goto fail;
3116 }
3117
3118 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
3119 status = NT_STATUS_INVALID_PARAMETER;
3120 goto fail;
3121 }
3122
3123 if (req == NULL) {
3124 oplock_request |= INTERNAL_OPEN_ONLY;
3125 }
3126
3127 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3128 && (access_mask & DELETE_ACCESS)
3129 && !is_ntfs_stream_smb_fname(smb_fname)) {
3130 /*
3131 * We can't open a file with DELETE access if any of the
3132 * streams is open without FILE_SHARE_DELETE
3133 */
3134 status = open_streams_for_delete(conn, smb_fname->base_name);
3135
3136 if (!NT_STATUS_IS_OK(status)) {
3137 goto fail;
3138 }
3139 }
3140
3141 /* This is the correct thing to do (check every time) but can_delete
3142 * is expensive (it may have to read the parent directory
3143 * permissions). So for now we're not doing it unless we have a strong
3144 * hint the client is really going to delete this file. If the client
3145 * is forcing FILE_CREATE let the filesystem take care of the
3146 * permissions. */
3147
3148 /* Setting FILE_SHARE_DELETE is the hint. */
3149
3150 if ((create_disposition != FILE_CREATE)
3151 && (access_mask & DELETE_ACCESS)
3152 && (!(can_delete_file_in_directory(conn, smb_fname) ||
3153 can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {
3154 status = NT_STATUS_ACCESS_DENIED;
3155 DEBUG(10,("create_file_unixpath: open file %s "
3156 "for delete ACCESS_DENIED\n",
3157 smb_fname_str_dbg(smb_fname)));
3158 goto fail;
3159 }
3160
3161 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
3162 !security_token_has_privilege(get_current_nttok(conn),
3163 SEC_PRIV_SECURITY)) {
3164 DEBUG(10, ("create_file_unixpath: open on %s "
3165 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3166 smb_fname_str_dbg(smb_fname)));
3167 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3168 goto fail;
3169 }
3170
3171 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3172 && is_ntfs_stream_smb_fname(smb_fname)
3173 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
3174 uint32 base_create_disposition;
3175 struct smb_filename *smb_fname_base = NULL;
3176
3177 if (create_options & FILE_DIRECTORY_FILE) {
3178 status = NT_STATUS_NOT_A_DIRECTORY;
3179 goto fail;
3180 }
3181
3182 switch (create_disposition) {
3183 case FILE_OPEN:
3184 base_create_disposition = FILE_OPEN;
3185 break;
3186 default:
3187 base_create_disposition = FILE_OPEN_IF;
3188 break;
3189 }
3190
3191 /* Create an smb_filename with stream_name == NULL. */
3192 status = create_synthetic_smb_fname(talloc_tos(),
3193 smb_fname->base_name,
3194 NULL, NULL,
3195 &smb_fname_base);
3196 if (!NT_STATUS_IS_OK(status)) {
3197 goto fail;
3198 }
3199
3200 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
3201 DEBUG(10, ("Unable to stat stream: %s\n",
3202 smb_fname_str_dbg(smb_fname_base)));
3203 }
3204
3205 /* Open the base file. */
3206 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
3207 FILE_SHARE_READ
3208 | FILE_SHARE_WRITE
3209 | FILE_SHARE_DELETE,
3210 base_create_disposition,
3211 0, 0, 0, 0, 0, NULL, NULL,
3212 &base_fsp, NULL);
3213 TALLOC_FREE(smb_fname_base);
3214
3215 if (!NT_STATUS_IS_OK(status)) {
3216 DEBUG(10, ("create_file_unixpath for base %s failed: "
3217 "%s\n", smb_fname->base_name,
3218 nt_errstr(status)));
3219 goto fail;
3220 }
3221 /* we don't need to low level fd */
3222 fd_close(base_fsp);
3223 }
3224
3225 /*
3226 * If it's a request for a directory open, deal with it separately.
3227 */
3228
3229 if (create_options & FILE_DIRECTORY_FILE) {
3230
3231 if (create_options & FILE_NON_DIRECTORY_FILE) {
3232 status = NT_STATUS_INVALID_PARAMETER;
3233 goto fail;
3234 }
3235
3236 /* Can't open a temp directory. IFS kit test. */
3237 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
3238 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
3239 status = NT_STATUS_INVALID_PARAMETER;
3240 goto fail;
3241 }
3242
3243 /*
3244 * We will get a create directory here if the Win32
3245 * app specified a security descriptor in the
3246 * CreateDirectory() call.
3247 */
3248
3249 oplock_request = 0;
3250 status = open_directory(
3251 conn, req, smb_fname, access_mask, share_access,
3252 create_disposition, create_options, file_attributes,
3253 &info, &fsp);
3254 } else {
3255
3256 /*
3257 * Ordinary file case.
3258 */
3259
3260 status = file_new(req, conn, &fsp);
3261 if(!NT_STATUS_IS_OK(status)) {
3262 goto fail;
3263 }
3264
3265 status = fsp_set_smb_fname(fsp, smb_fname);
3266 if (!NT_STATUS_IS_OK(status)) {
3267 goto fail;
3268 }
3269
3270 /*
3271 * We're opening the stream element of a base_fsp
3272 * we already opened. Set up the base_fsp pointer.
3273 */
3274 if (base_fsp) {
3275 fsp->base_fsp = base_fsp;
3276 }
3277
3278 status = open_file_ntcreate(conn,
3279 req,
3280 access_mask,
3281 share_access,
3282 create_disposition,
3283 create_options,
3284 file_attributes,
3285 oplock_request,
3286 private_flags,
3287 &info,
3288 fsp);
3289
3290 if(!NT_STATUS_IS_OK(status)) {
3291 file_free(req, fsp);
3292 fsp = NULL;
3293 }
3294
3295 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3296
3297 /* A stream open never opens a directory */
3298
3299 if (base_fsp) {
3300 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3301 goto fail;
3302 }
3303
3304 /*
3305 * Fail the open if it was explicitly a non-directory
3306 * file.
3307 */
3308
3309 if (create_options & FILE_NON_DIRECTORY_FILE) {
3310 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3311 goto fail;
3312 }
3313
3314 oplock_request = 0;
3315 status = open_directory(
3316 conn, req, smb_fname, access_mask,
3317 share_access, create_disposition,
3318 create_options, file_attributes,
3319 &info, &fsp);
3320 }
3321 }
3322
3323 if (!NT_STATUS_IS_OK(status)) {
3324 goto fail;
3325 }
3326
3327 fsp->base_fsp = base_fsp;
3328
3329 /*
3330 * According to the MS documentation, the only time the security
3331 * descriptor is applied to the opened file is iff we *created* the
3332 * file; an existing file stays the same.
3333 *
3334 * Also, it seems (from observation) that you can open the file with
3335 * any access mask but you can still write the sd. We need to override
3336 * the granted access before we call set_sd
3337 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3338 */
3339
3340 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3341 && lp_nt_acl_support(SNUM(conn))) {
3342
3343 uint32_t sec_info_sent;
3344 uint32_t saved_access_mask = fsp->access_mask;
3345
3346 sec_info_sent = get_sec_info(sd);
3347
3348 fsp->access_mask = FILE_GENERIC_ALL;
3349
3350 /* Convert all the generic bits. */
3351 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3352 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3353
3354 if (sec_info_sent & (SECINFO_OWNER|
3355 SECINFO_GROUP|
3356 SECINFO_DACL|
3357 SECINFO_SACL)) {
3358 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3359 }
3360
3361 fsp->access_mask = saved_access_mask;
3362
3363 if (!NT_STATUS_IS_OK(status)) {
3364 goto fail;
3365 }
3366 }
3367
3368 if ((ea_list != NULL) &&
3369 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
3370 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
3371 if (!NT_STATUS_IS_OK(status)) {
3372 goto fail;
3373 }
3374 }
3375
3376 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
3377 status = NT_STATUS_ACCESS_DENIED;
3378 goto fail;
3379 }
3380
3381 /* Save the requested allocation size. */
3382 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3383 if (allocation_size
3384 && (allocation_size > fsp->fsp_name->st.st_ex_size)) {
3385 fsp->initial_allocation_size = smb_roundup(
3386 fsp->conn, allocation_size);
3387 if (fsp->is_directory) {
3388 /* Can't set allocation size on a directory. */
3389 status = NT_STATUS_ACCESS_DENIED;
3390 goto fail;
3391 }
3392 if (vfs_allocate_file_space(
3393 fsp, fsp->initial_allocation_size) == -1) {
3394 status = NT_STATUS_DISK_FULL;
3395 goto fail;
3396 }
3397 } else {
3398 fsp->initial_allocation_size = smb_roundup(
3399 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
3400 }
3401 }
3402
3403 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3404
3405 *result = fsp;
3406 if (pinfo != NULL) {
3407 *pinfo = info;
3408 }
3409
3410 smb_fname->st = fsp->fsp_name->st;
3411
3412 return NT_STATUS_OK;
3413
3414 fail:
3415 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3416
3417 if (fsp != NULL) {
3418 if (base_fsp && fsp->base_fsp == base_fsp) {
3419 /*
3420 * The close_file below will close
3421 * fsp->base_fsp.
3422 */
3423 base_fsp = NULL;
3424 }
3425 close_file(req, fsp, ERROR_CLOSE);
3426 fsp = NULL;
3427 }
3428 if (base_fsp != NULL) {
3429 close_file(req, base_fsp, ERROR_CLOSE);
3430 base_fsp = NULL;
3431 }
3432 return status;
3433 }
3434
3435 /*
3436 * Calculate the full path name given a relative fid.
3437 */
3438 NTSTATUS get_relative_fid_filename(connection_struct *conn,
3439 struct smb_request *req,
3440 uint16_t root_dir_fid,
3441 const struct smb_filename *smb_fname,
3442 struct smb_filename **smb_fname_out)
3443 {
3444 files_struct *dir_fsp;
3445 char *parent_fname = NULL;
3446 char *new_base_name = NULL;
3447 NTSTATUS status;
3448
3449 if (root_dir_fid == 0 || !smb_fname) {
3450 status = NT_STATUS_INTERNAL_ERROR;
3451 goto out;
3452 }
3453
3454 dir_fsp = file_fsp(req, root_dir_fid);
3455
3456 if (dir_fsp == NULL) {
3457 status = NT_STATUS_INVALID_HANDLE;
3458 goto out;
3459 }
3460
3461 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
3462 status = NT_STATUS_INVALID_HANDLE;
3463 goto out;
3464 }
3465
3466 if (!dir_fsp->is_directory) {
3467
3468 /*
3469 * Check to see if this is a mac fork of some kind.
3470 */
3471
3472 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3473 is_ntfs_stream_smb_fname(smb_fname)) {
3474 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3475 goto out;
3476 }
3477
3478 /*
3479 we need to handle the case when we get a
3480 relative open relative to a file and the
3481 pathname is blank - this is a reopen!
3482 (hint from demyn plantenberg)
3483 */
3484
3485 status = NT_STATUS_INVALID_HANDLE;
3486 goto out;
3487 }
3488
3489 if (ISDOT(dir_fsp->fsp_name->base_name)) {
3490 /*
3491 * We're at the toplevel dir, the final file name
3492 * must not contain ./, as this is filtered out
3493 * normally by srvstr_get_path and unix_convert
3494 * explicitly rejects paths containing ./.
3495 */
3496 parent_fname = talloc_strdup(talloc_tos(), "");
3497 if (parent_fname == NULL) {
3498 status = NT_STATUS_NO_MEMORY;
3499 goto out;
3500 }
3501 } else {
3502 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
3503
3504 /*
3505 * Copy in the base directory name.
3506 */
3507
3508 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3509 dir_name_len+2);
3510 if (parent_fname == NULL) {
3511 status = NT_STATUS_NO_MEMORY;
3512 goto out;
3513 }
3514 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
3515 dir_name_len+1);
3516
3517 /*
3518 * Ensure it ends in a '/'.
3519 * We used TALLOC_SIZE +2 to add space for the '/'.
3520 */
3521
3522 if(dir_name_len
3523 && (parent_fname[dir_name_len-1] != '\\')
3524 && (parent_fname[dir_name_len-1] != '/')) {
3525 parent_fname[dir_name_len] = '/';
3526 parent_fname[dir_name_len+1] = '\0';
3527 }
3528 }
3529
3530 new_base_name = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3531 smb_fname->base_name);
3532 if (new_base_name == NULL) {
3533 status = NT_STATUS_NO_MEMORY;
3534 goto out;
3535 }
3536
3537 status = filename_convert(req,
3538 conn,
3539 req->flags2 & FLAGS2_DFS_PATHNAMES,
3540 new_base_name,
3541 0,
3542 NULL,
3543 smb_fname_out);
3544 if (!NT_STATUS_IS_OK(status)) {
3545 goto out;
3546 }
3547
3548 out:
3549 TALLOC_FREE(parent_fname);
3550 TALLOC_FREE(new_base_name);
3551 return status;
3552 }
3553
3554 NTSTATUS create_file_default(connection_struct *conn,
3555 struct smb_request *req,
3556 uint16_t root_dir_fid,
3557 struct smb_filename *smb_fname,
3558 uint32_t access_mask,
3559 uint32_t share_access,
3560 uint32_t create_disposition,
3561 uint32_t create_options,
3562 uint32_t file_attributes,
3563 uint32_t oplock_request,
3564 uint64_t allocation_size,
3565 uint32_t private_flags,
3566 struct security_descriptor *sd,
3567 struct ea_list *ea_list,
3568 files_struct **result,
3569 int *pinfo)
3570 {
3571 int info = FILE_WAS_OPENED;
3572 files_struct *fsp = NULL;
3573 NTSTATUS status;
3574 bool stream_name = false;
3575
3576 DEBUG(10,("create_file: access_mask = 0x%x "
3577 "file_attributes = 0x%x, share_access = 0x%x, "
3578 "create_disposition = 0x%x create_options = 0x%x "
3579 "oplock_request = 0x%x "
3580 "private_flags = 0x%x "
3581 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3582 "fname = %s\n",
3583 (unsigned int)access_mask,
3584 (unsigned int)file_attributes,
3585 (unsigned int)share_access,
3586 (unsigned int)create_disposition,
3587 (unsigned int)create_options,
3588 (unsigned int)oplock_request,
3589 (unsigned int)private_flags,
3590 (unsigned int)root_dir_fid,
3591 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3592
3593 /*
3594 * Calculate the filename from the root_dir_if if necessary.
3595 */
3596
3597 if (root_dir_fid != 0) {
3598 struct smb_filename *smb_fname_out = NULL;
3599 status = get_relative_fid_filename(conn, req, root_dir_fid,
3600 smb_fname, &smb_fname_out);
3601 if (!NT_STATUS_IS_OK(status)) {
3602 goto fail;
3603 }
3604 smb_fname = smb_fname_out;
3605 }
3606
3607 /*
3608 * Check to see if this is a mac fork of some kind.
3609 */
3610
3611 stream_name = is_ntfs_stream_smb_fname(smb_fname);
3612 if (stream_name) {
3613 enum FAKE_FILE_TYPE fake_file_type;
3614
3615 fake_file_type = is_fake_file(smb_fname);
3616
3617 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3618
3619 /*
3620 * Here we go! support for changing the disk quotas
3621 * --metze
3622 *
3623 * We need to fake up to open this MAGIC QUOTA file
3624 * and return a valid FID.
3625 *
3626 * w2k close this file directly after openening xp
3627 * also tries a QUERY_FILE_INFO on the file and then
3628 * close it
3629 */
3630 status = open_fake_file(req, conn, req->vuid,
3631 fake_file_type, smb_fname,
3632 access_mask, &fsp);
3633 if (!NT_STATUS_IS_OK(status)) {
3634 goto fail;
3635 }
3636
3637 ZERO_STRUCT(smb_fname->st);
3638 goto done;
3639 }
3640
3641 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3642 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3643 goto fail;
3644 }
3645 }
3646
3647 if (stream_name && is_ntfs_default_stream_smb_fname(smb_fname)) {
3648 int ret;
3649 smb_fname->stream_name = NULL;
3650 /* We have to handle this error here. */
3651 if (create_options & FILE_DIRECTORY_FILE) {
3652 status = NT_STATUS_NOT_A_DIRECTORY;
3653 goto fail;
3654 }
3655 if (lp_posix_pathnames()) {
3656 ret = SMB_VFS_LSTAT(conn, smb_fname);
3657 } else {
3658 ret = SMB_VFS_STAT(conn, smb_fname);
3659 }
3660
3661 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) {
3662 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3663 goto fail;
3664 }
3665 }
3666
3667 status = create_file_unixpath(
3668 conn, req, smb_fname, access_mask, share_access,
3669 create_disposition, create_options, file_attributes,
3670 oplock_request, allocation_size, private_flags,
3671 sd, ea_list,
3672 &fsp, &info);
3673
3674 if (!NT_STATUS_IS_OK(status)) {
3675 goto fail;
3676 }
3677
3678 done:
3679 DEBUG(10, ("create_file: info=%d\n", info));
3680
3681 *result = fsp;
3682 if (pinfo != NULL) {
3683 *pinfo = info;
3684 }
3685 return NT_STATUS_OK;
3686
3687 fail:
3688 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3689
3690 if (fsp != NULL) {
3691 close_file(req, fsp, ERROR_CLOSE);
3692 fsp = NULL;
3693 }
3694 return status;
3695 }
Samba GIT mirror