search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix bug #6082 - smbd_gpfs_getacl failed: Windows client canĀ“t rename or delete file
[Samba.git] / source / smbd / open.c
blob7e127eafbf4d70c4e5ca56db92a0c08a497bbcb5
1 /*
2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23
24 extern const struct generic_mapping file_generic_mapping;
25 extern bool global_client_failed_oplock_break;
26
27 struct deferred_open_record {
28 bool delayed_for_oplocks;
29 struct file_id id;
30 };
31
32 /****************************************************************************
33 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
34 ****************************************************************************/
35
36 NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
37 const NT_USER_TOKEN *token,
38 uint32_t access_desired,
39 uint32_t *access_granted)
40 {
41 return se_access_check(sd,
42 token,
43 (access_desired & ~FILE_READ_ATTRIBUTES),
44 access_granted);
45 }
46
47 /****************************************************************************
48 Check if we have open rights.
49 ****************************************************************************/
50
51 static NTSTATUS check_open_rights(struct connection_struct *conn,
52 const char *fname,
53 uint32_t access_mask,
54 uint32_t *access_granted)
55 {
56 /* Check if we have rights to open. */
57 NTSTATUS status;
58 struct security_descriptor *sd;
59
60 *access_granted = 0;
61
62 status = SMB_VFS_GET_NT_ACL(conn, fname,
63 (OWNER_SECURITY_INFORMATION |
64 GROUP_SECURITY_INFORMATION |
65 DACL_SECURITY_INFORMATION),&sd);
66
67 if (!NT_STATUS_IS_OK(status)) {
68 DEBUG(10, ("check_open_rights: Could not get acl "
69 "on %s: %s\n",
70 fname,
71 nt_errstr(status)));
72 return status;
73 }
74
75 status = smb1_file_se_access_check(sd,
76 conn->server_info->ptok,
77 access_mask,
78 access_granted);
79
80 TALLOC_FREE(sd);
81
82 DEBUG(10,("check_open_rights: file %s requesting "
83 "0x%x returning 0x%x (%s)\n",
84 fname,
85 (unsigned int)access_mask,
86 (unsigned int)*access_granted,
87 nt_errstr(status) ));
88
89 return status;
90 }
91
92 /****************************************************************************
93 fd support routines - attempt to do a dos_open.
94 ****************************************************************************/
95
96 static NTSTATUS fd_open(struct connection_struct *conn,
97 const char *fname,
98 files_struct *fsp,
99 int flags,
100 mode_t mode)
101 {
102 NTSTATUS status = NT_STATUS_OK;
103
104 #ifdef O_NOFOLLOW
105 /*
106 * Never follow symlinks on a POSIX client. The
107 * client should be doing this.
108 */
109
110 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
111 flags |= O_NOFOLLOW;
112 }
113 #endif
114
115 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
116 if (fsp->fh->fd == -1) {
117 status = map_nt_error_from_unix(errno);
118 }
119
120 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
121 fname, flags, (int)mode, fsp->fh->fd,
122 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
123
124 return status;
125 }
126
127 /****************************************************************************
128 Close the file associated with a fsp.
129 ****************************************************************************/
130
131 NTSTATUS fd_close(files_struct *fsp)
132 {
133 int ret;
134
135 if (fsp->fh->fd == -1) {
136 return NT_STATUS_OK; /* What we used to call a stat open. */
137 }
138 if (fsp->fh->ref_count > 1) {
139 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
140 }
141
142 ret = SMB_VFS_CLOSE(fsp);
143 fsp->fh->fd = -1;
144 if (ret == -1) {
145 return map_nt_error_from_unix(errno);
146 }
147 return NT_STATUS_OK;
148 }
149
150 /****************************************************************************
151 Change the ownership of a file to that of the parent directory.
152 Do this by fd if possible.
153 ****************************************************************************/
154
155 static void change_file_owner_to_parent(connection_struct *conn,
156 const char *inherit_from_dir,
157 files_struct *fsp)
158 {
159 SMB_STRUCT_STAT parent_st;
160 int ret;
161
162 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
163 if (ret == -1) {
164 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
165 "directory %s. Error was %s\n",
166 inherit_from_dir, strerror(errno) ));
167 return;
168 }
169
170 become_root();
171 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
172 unbecome_root();
173 if (ret == -1) {
174 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
175 "file %s to parent directory uid %u. Error "
176 "was %s\n", fsp->fsp_name,
177 (unsigned int)parent_st.st_uid,
178 strerror(errno) ));
179 }
180
181 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
182 "parent directory uid %u.\n", fsp->fsp_name,
183 (unsigned int)parent_st.st_uid ));
184 }
185
186 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
187 const char *inherit_from_dir,
188 const char *fname,
189 SMB_STRUCT_STAT *psbuf)
190 {
191 char *saved_dir = NULL;
192 SMB_STRUCT_STAT sbuf;
193 SMB_STRUCT_STAT parent_st;
194 TALLOC_CTX *ctx = talloc_tos();
195 NTSTATUS status = NT_STATUS_OK;
196 int ret;
197
198 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
199 if (ret == -1) {
200 status = map_nt_error_from_unix(errno);
201 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
202 "directory %s. Error was %s\n",
203 inherit_from_dir, strerror(errno) ));
204 return status;
205 }
206
207 /* We've already done an lstat into psbuf, and we know it's a
208 directory. If we can cd into the directory and the dev/ino
209 are the same then we can safely chown without races as
210 we're locking the directory in place by being in it. This
211 should work on any UNIX (thanks tridge :-). JRA.
212 */
213
214 saved_dir = vfs_GetWd(ctx,conn);
215 if (!saved_dir) {
216 status = map_nt_error_from_unix(errno);
217 DEBUG(0,("change_dir_owner_to_parent: failed to get "
218 "current working directory. Error was %s\n",
219 strerror(errno)));
220 return status;
221 }
222
223 /* Chdir into the new path. */
224 if (vfs_ChDir(conn, fname) == -1) {
225 status = map_nt_error_from_unix(errno);
226 DEBUG(0,("change_dir_owner_to_parent: failed to change "
227 "current working directory to %s. Error "
228 "was %s\n", fname, strerror(errno) ));
229 goto out;
230 }
231
232 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
233 status = map_nt_error_from_unix(errno);
234 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
235 "directory '.' (%s) Error was %s\n",
236 fname, strerror(errno)));
237 goto out;
238 }
239
240 /* Ensure we're pointing at the same place. */
241 if (sbuf.st_dev != psbuf->st_dev ||
242 sbuf.st_ino != psbuf->st_ino ||
243 sbuf.st_mode != psbuf->st_mode ) {
244 DEBUG(0,("change_dir_owner_to_parent: "
245 "device/inode/mode on directory %s changed. "
246 "Refusing to chown !\n", fname ));
247 status = NT_STATUS_ACCESS_DENIED;
248 goto out;
249 }
250
251 become_root();
252 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
253 unbecome_root();
254 if (ret == -1) {
255 status = map_nt_error_from_unix(errno);
256 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
257 "directory %s to parent directory uid %u. "
258 "Error was %s\n", fname,
259 (unsigned int)parent_st.st_uid, strerror(errno) ));
260 goto out;
261 }
262
263 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
264 "directory %s to parent directory uid %u.\n",
265 fname, (unsigned int)parent_st.st_uid ));
266
267 out:
268
269 vfs_ChDir(conn,saved_dir);
270 return status;
271 }
272
273 /****************************************************************************
274 Open a file.
275 ****************************************************************************/
276
277 static NTSTATUS open_file(files_struct *fsp,
278 connection_struct *conn,
279 struct smb_request *req,
280 const char *parent_dir,
281 const char *name,
282 const char *path,
283 SMB_STRUCT_STAT *psbuf,
284 int flags,
285 mode_t unx_mode,
286 uint32 access_mask, /* client requested access mask. */
287 uint32 open_access_mask) /* what we're actually using in the open. */
288 {
289 NTSTATUS status = NT_STATUS_OK;
290 int accmode = (flags & O_ACCMODE);
291 int local_flags = flags;
292 bool file_existed = VALID_STAT(*psbuf);
293
294 fsp->fh->fd = -1;
295 errno = EPERM;
296
297 /* Check permissions */
298
299 /*
300 * This code was changed after seeing a client open request
301 * containing the open mode of (DENY_WRITE/read-only) with
302 * the 'create if not exist' bit set. The previous code
303 * would fail to open the file read only on a read-only share
304 * as it was checking the flags parameter directly against O_RDONLY,
305 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
306 * JRA.
307 */
308
309 if (!CAN_WRITE(conn)) {
310 /* It's a read-only share - fail if we wanted to write. */
311 if(accmode != O_RDONLY) {
312 DEBUG(3,("Permission denied opening %s\n", path));
313 return NT_STATUS_ACCESS_DENIED;
314 } else if(flags & O_CREAT) {
315 /* We don't want to write - but we must make sure that
316 O_CREAT doesn't create the file if we have write
317 access into the directory.
318 */
319 flags &= ~O_CREAT;
320 local_flags &= ~O_CREAT;
321 }
322 }
323
324 /*
325 * This little piece of insanity is inspired by the
326 * fact that an NT client can open a file for O_RDONLY,
327 * but set the create disposition to FILE_EXISTS_TRUNCATE.
328 * If the client *can* write to the file, then it expects to
329 * truncate the file, even though it is opening for readonly.
330 * Quicken uses this stupid trick in backup file creation...
331 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
332 * for helping track this one down. It didn't bite us in 2.0.x
333 * as we always opened files read-write in that release. JRA.
334 */
335
336 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
337 DEBUG(10,("open_file: truncate requested on read-only open "
338 "for file %s\n", path));
339 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
340 }
341
342 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
343 (!file_existed && (local_flags & O_CREAT)) ||
344 ((local_flags & O_TRUNC) == O_TRUNC) ) {
345 const char *wild;
346
347 /*
348 * We can't actually truncate here as the file may be locked.
349 * open_file_ntcreate will take care of the truncate later. JRA.
350 */
351
352 local_flags &= ~O_TRUNC;
353
354 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
355 /*
356 * We would block on opening a FIFO with no one else on the
357 * other end. Do what we used to do and add O_NONBLOCK to the
358 * open flags. JRA.
359 */
360
361 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
362 local_flags |= O_NONBLOCK;
363 }
364 #endif
365
366 /* Don't create files with Microsoft wildcard characters. */
367 if (fsp->base_fsp) {
368 /*
369 * wildcard characters are allowed in stream names
370 * only test the basefilename
371 */
372 wild = fsp->base_fsp->fsp_name;
373 } else {
374 wild = path;
375 }
376 if ((local_flags & O_CREAT) && !file_existed &&
377 ms_has_wild(wild)) {
378 return NT_STATUS_OBJECT_NAME_INVALID;
379 }
380
381 /* Actually do the open */
382 status = fd_open(conn, path, fsp, local_flags, unx_mode);
383 if (!NT_STATUS_IS_OK(status)) {
384 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
385 "(flags=%d)\n",
386 path,nt_errstr(status),local_flags,flags));
387 return status;
388 }
389
390 if ((local_flags & O_CREAT) && !file_existed) {
391
392 /* Inherit the ACL if required */
393 if (lp_inherit_perms(SNUM(conn))) {
394 inherit_access_posix_acl(conn, parent_dir, path,
395 unx_mode);
396 }
397
398 /* Change the owner if required. */
399 if (lp_inherit_owner(SNUM(conn))) {
400 change_file_owner_to_parent(conn, parent_dir,
401 fsp);
402 }
403
404 notify_fname(conn, NOTIFY_ACTION_ADDED,
405 FILE_NOTIFY_CHANGE_FILE_NAME, path);
406 }
407
408 } else {
409 fsp->fh->fd = -1; /* What we used to call a stat open. */
410 if (file_existed) {
411 uint32_t access_granted = 0;
412
413 status = check_open_rights(conn,
414 path,
415 access_mask,
416 &access_granted);
417 if (!NT_STATUS_IS_OK(status)) {
418
419 /* Were we trying to do a stat open
420 * for delete and didn't get DELETE
421 * access (only) ? Check if the
422 * directory allows DELETE_CHILD.
423 * See here:
424 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
425 * for details. */
426
427 if (!(NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
428 (access_mask & DELETE_ACCESS) &&
429 (access_granted == DELETE_ACCESS) &&
430 can_delete_file_in_directory(conn, path))) {
431 DEBUG(10, ("open_file: Access denied on "
432 "file %s\n",
433 path));
434 return status;
435 }
436
437 DEBUG(10,("open_file: overrode ACCESS_DENIED "
438 "on file %s\n",
439 path ));
440 }
441 }
442 }
443
444 if (!file_existed) {
445 int ret;
446
447 if (fsp->fh->fd == -1) {
448 ret = SMB_VFS_STAT(conn, path, psbuf);
449 } else {
450 ret = SMB_VFS_FSTAT(fsp, psbuf);
451 /* If we have an fd, this stat should succeed. */
452 if (ret == -1) {
453 DEBUG(0,("Error doing fstat on open file %s "
454 "(%s)\n", path,strerror(errno) ));
455 }
456 }
457
458 /* For a non-io open, this stat failing means file not found. JRA */
459 if (ret == -1) {
460 status = map_nt_error_from_unix(errno);
461 fd_close(fsp);
462 return status;
463 }
464 }
465
466 /*
467 * POSIX allows read-only opens of directories. We don't
468 * want to do this (we use a different code path for this)
469 * so catch a directory open and return an EISDIR. JRA.
470 */
471
472 if(S_ISDIR(psbuf->st_mode)) {
473 fd_close(fsp);
474 errno = EISDIR;
475 return NT_STATUS_FILE_IS_A_DIRECTORY;
476 }
477
478 fsp->mode = psbuf->st_mode;
479 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
480 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
481 fsp->file_pid = req ? req->smbpid : 0;
482 fsp->can_lock = True;
483 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
484 if (!CAN_WRITE(conn)) {
485 fsp->can_write = False;
486 } else {
487 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
488 True : False;
489 }
490 fsp->print_file = False;
491 fsp->modified = False;
492 fsp->sent_oplock_break = NO_BREAK_SENT;
493 fsp->is_directory = False;
494 if (conn->aio_write_behind_list &&
495 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
496 fsp->aio_write_behind = True;
497 }
498
499 string_set(&fsp->fsp_name, path);
500 fsp->wcp = NULL; /* Write cache pointer. */
501
502 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
503 conn->server_info->unix_name,
504 fsp->fsp_name,
505 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
506 conn->num_files_open));
507
508 errno = 0;
509 return NT_STATUS_OK;
510 }
511
512 /*******************************************************************
513 Return True if the filename is one of the special executable types.
514 ********************************************************************/
515
516 static bool is_executable(const char *fname)
517 {
518 if ((fname = strrchr_m(fname,'.'))) {
519 if (strequal(fname,".com") ||
520 strequal(fname,".dll") ||
521 strequal(fname,".exe") ||
522 strequal(fname,".sym")) {
523 return True;
524 }
525 }
526 return False;
527 }
528
529 /****************************************************************************
530 Check if we can open a file with a share mode.
531 Returns True if conflict, False if not.
532 ****************************************************************************/
533
534 static bool share_conflict(struct share_mode_entry *entry,
535 uint32 access_mask,
536 uint32 share_access)
537 {
538 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
539 "entry->share_access = 0x%x, "
540 "entry->private_options = 0x%x\n",
541 (unsigned int)entry->access_mask,
542 (unsigned int)entry->share_access,
543 (unsigned int)entry->private_options));
544
545 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
546 (unsigned int)access_mask, (unsigned int)share_access));
547
548 if ((entry->access_mask & (FILE_WRITE_DATA|
549 FILE_APPEND_DATA|
550 FILE_READ_DATA|
551 FILE_EXECUTE|
552 DELETE_ACCESS)) == 0) {
553 DEBUG(10,("share_conflict: No conflict due to "
554 "entry->access_mask = 0x%x\n",
555 (unsigned int)entry->access_mask ));
556 return False;
557 }
558
559 if ((access_mask & (FILE_WRITE_DATA|
560 FILE_APPEND_DATA|
561 FILE_READ_DATA|
562 FILE_EXECUTE|
563 DELETE_ACCESS)) == 0) {
564 DEBUG(10,("share_conflict: No conflict due to "
565 "access_mask = 0x%x\n",
566 (unsigned int)access_mask ));
567 return False;
568 }
569
570 #if 1 /* JRA TEST - Superdebug. */
571 #define CHECK_MASK(num, am, right, sa, share) \
572 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
573 (unsigned int)(num), (unsigned int)(am), \
574 (unsigned int)(right), (unsigned int)(am)&(right) )); \
575 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
576 (unsigned int)(num), (unsigned int)(sa), \
577 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
578 if (((am) & (right)) && !((sa) & (share))) { \
579 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
580 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
581 (unsigned int)(share) )); \
582 return True; \
583 }
584 #else
585 #define CHECK_MASK(num, am, right, sa, share) \
586 if (((am) & (right)) && !((sa) & (share))) { \
587 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
588 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
589 (unsigned int)(share) )); \
590 return True; \
591 }
592 #endif
593
594 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
595 share_access, FILE_SHARE_WRITE);
596 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
597 entry->share_access, FILE_SHARE_WRITE);
598
599 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
600 share_access, FILE_SHARE_READ);
601 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
602 entry->share_access, FILE_SHARE_READ);
603
604 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
605 share_access, FILE_SHARE_DELETE);
606 CHECK_MASK(6, access_mask, DELETE_ACCESS,
607 entry->share_access, FILE_SHARE_DELETE);
608
609 DEBUG(10,("share_conflict: No conflict.\n"));
610 return False;
611 }
612
613 #if defined(DEVELOPER)
614 static void validate_my_share_entries(int num,
615 struct share_mode_entry *share_entry)
616 {
617 files_struct *fsp;
618
619 if (!procid_is_me(&share_entry->pid)) {
620 return;
621 }
622
623 if (is_deferred_open_entry(share_entry) &&
624 !open_was_deferred(share_entry->op_mid)) {
625 char *str = talloc_asprintf(talloc_tos(),
626 "Got a deferred entry without a request: "
627 "PANIC: %s\n",
628 share_mode_str(talloc_tos(), num, share_entry));
629 smb_panic(str);
630 }
631
632 if (!is_valid_share_mode_entry(share_entry)) {
633 return;
634 }
635
636 fsp = file_find_dif(share_entry->id,
637 share_entry->share_file_id);
638 if (!fsp) {
639 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
640 share_mode_str(talloc_tos(), num, share_entry) ));
641 smb_panic("validate_my_share_entries: Cannot match a "
642 "share entry with an open file\n");
643 }
644
645 if (is_deferred_open_entry(share_entry) ||
646 is_unused_share_mode_entry(share_entry)) {
647 goto panic;
648 }
649
650 if ((share_entry->op_type == NO_OPLOCK) &&
651 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
652 /* Someone has already written to it, but I haven't yet
653 * noticed */
654 return;
655 }
656
657 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
658 goto panic;
659 }
660
661 return;
662
663 panic:
664 {
665 char *str;
666 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
667 share_mode_str(talloc_tos(), num, share_entry) ));
668 str = talloc_asprintf(talloc_tos(),
669 "validate_my_share_entries: "
670 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
671 fsp->fsp_name, (unsigned int)fsp->oplock_type,
672 (unsigned int)share_entry->op_type );
673 smb_panic(str);
674 }
675 }
676 #endif
677
678 static bool is_stat_open(uint32 access_mask)
679 {
680 return (access_mask &&
681 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
682 FILE_WRITE_ATTRIBUTES))==0) &&
683 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
684 FILE_WRITE_ATTRIBUTES)) != 0));
685 }
686
687 /****************************************************************************
688 Deal with share modes
689 Invarient: Share mode must be locked on entry and exit.
690 Returns -1 on error, or number of share modes on success (may be zero).
691 ****************************************************************************/
692
693 static NTSTATUS open_mode_check(connection_struct *conn,
694 const char *fname,
695 struct share_mode_lock *lck,
696 uint32 access_mask,
697 uint32 share_access,
698 uint32 create_options,
699 bool *file_existed)
700 {
701 int i;
702
703 if(lck->num_share_modes == 0) {
704 return NT_STATUS_OK;
705 }
706
707 *file_existed = True;
708
709 /* A delete on close prohibits everything */
710
711 if (lck->delete_on_close) {
712 return NT_STATUS_DELETE_PENDING;
713 }
714
715 if (is_stat_open(access_mask)) {
716 /* Stat open that doesn't trigger oplock breaks or share mode
717 * checks... ! JRA. */
718 return NT_STATUS_OK;
719 }
720
721 /*
722 * Check if the share modes will give us access.
723 */
724
725 #if defined(DEVELOPER)
726 for(i = 0; i < lck->num_share_modes; i++) {
727 validate_my_share_entries(i, &lck->share_modes[i]);
728 }
729 #endif
730
731 if (!lp_share_modes(SNUM(conn))) {
732 return NT_STATUS_OK;
733 }
734
735 /* Now we check the share modes, after any oplock breaks. */
736 for(i = 0; i < lck->num_share_modes; i++) {
737
738 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
739 continue;
740 }
741
742 /* someone else has a share lock on it, check to see if we can
743 * too */
744 if (share_conflict(&lck->share_modes[i],
745 access_mask, share_access)) {
746 return NT_STATUS_SHARING_VIOLATION;
747 }
748 }
749
750 return NT_STATUS_OK;
751 }
752
753 static bool is_delete_request(files_struct *fsp) {
754 return ((fsp->access_mask == DELETE_ACCESS) &&
755 (fsp->oplock_type == NO_OPLOCK));
756 }
757
758 /*
759 * Send a break message to the oplock holder and delay the open for
760 * our client.
761 */
762
763 static NTSTATUS send_break_message(files_struct *fsp,
764 struct share_mode_entry *exclusive,
765 uint16 mid,
766 int oplock_request)
767 {
768 NTSTATUS status;
769 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
770
771 DEBUG(10, ("Sending break request to PID %s\n",
772 procid_str_static(&exclusive->pid)));
773 exclusive->op_mid = mid;
774
775 /* Create the message. */
776 share_mode_entry_to_message(msg, exclusive);
777
778 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
779 don't want this set in the share mode struct pointed to by lck. */
780
781 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
782 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
783 }
784
785 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
786 MSG_SMB_BREAK_REQUEST,
787 (uint8 *)msg,
788 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
789 if (!NT_STATUS_IS_OK(status)) {
790 DEBUG(3, ("Could not send oplock break message: %s\n",
791 nt_errstr(status)));
792 }
793
794 return status;
795 }
796
797 /*
798 * 1) No files open at all or internal open: Grant whatever the client wants.
799 *
800 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
801 * request, break if the oplock around is a batch oplock. If it's another
802 * requested access type, break.
803 *
804 * 3) Only level2 around: Grant level2 and do nothing else.
805 */
806
807 static bool delay_for_oplocks(struct share_mode_lock *lck,
808 files_struct *fsp,
809 uint16 mid,
810 int pass_number,
811 int oplock_request)
812 {
813 extern uint32 global_client_caps;
814 int i;
815 struct share_mode_entry *exclusive = NULL;
816 bool valid_entry = false;
817 bool have_level2 = false;
818 bool have_a_none_oplock = false;
819 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
820 lp_level2_oplocks(SNUM(fsp->conn));
821
822 if (oplock_request & INTERNAL_OPEN_ONLY) {
823 fsp->oplock_type = NO_OPLOCK;
824 }
825
826 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
827 return false;
828 }
829
830 for (i=0; i<lck->num_share_modes; i++) {
831
832 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
833 continue;
834 }
835
836 /* At least one entry is not an invalid or deferred entry. */
837 valid_entry = true;
838
839 if (pass_number == 1) {
840 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
841 SMB_ASSERT(exclusive == NULL);
842 exclusive = &lck->share_modes[i];
843 }
844 } else {
845 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
846 SMB_ASSERT(exclusive == NULL);
847 exclusive = &lck->share_modes[i];
848 }
849 }
850
851 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
852 SMB_ASSERT(exclusive == NULL);
853 have_level2 = true;
854 }
855
856 if (lck->share_modes[i].op_type == NO_OPLOCK) {
857 have_a_none_oplock = true;
858 }
859 }
860
861 if (exclusive != NULL) { /* Found an exclusive oplock */
862 bool delay_it = is_delete_request(fsp) ?
863 BATCH_OPLOCK_TYPE(exclusive->op_type) : true;
864 SMB_ASSERT(!have_level2);
865 if (delay_it) {
866 send_break_message(fsp, exclusive, mid, oplock_request);
867 return true;
868 }
869 }
870
871 /*
872 * Match what was requested (fsp->oplock_type) with
873 * what was found in the existing share modes.
874 */
875
876 if (!valid_entry) {
877 /* All entries are placeholders or deferred.
878 * Directly grant whatever the client wants. */
879 if (fsp->oplock_type == NO_OPLOCK) {
880 /* Store a level2 oplock, but don't tell the client */
881 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
882 }
883 } else if (have_a_none_oplock) {
884 fsp->oplock_type = NO_OPLOCK;
885 } else if (have_level2) {
886 if (fsp->oplock_type == NO_OPLOCK ||
887 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
888 /* Store a level2 oplock, but don't tell the client */
889 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
890 } else {
891 fsp->oplock_type = LEVEL_II_OPLOCK;
892 }
893 } else {
894 /* This case can never happen. */
895 SMB_ASSERT(1);
896 }
897
898 /*
899 * Don't grant level2 to clients that don't want them
900 * or if we've turned them off.
901 */
902 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
903 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
904 }
905
906 DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n",
907 fsp->oplock_type, fsp->fsp_name));
908
909 /* No delay. */
910 return false;
911 }
912
913 static bool request_timed_out(struct timeval request_time,
914 struct timeval timeout)
915 {
916 struct timeval now, end_time;
917 GetTimeOfDay(&now);
918 end_time = timeval_sum(&request_time, &timeout);
919 return (timeval_compare(&end_time, &now) < 0);
920 }
921
922 /****************************************************************************
923 Handle the 1 second delay in returning a SHARING_VIOLATION error.
924 ****************************************************************************/
925
926 static void defer_open(struct share_mode_lock *lck,
927 struct timeval request_time,
928 struct timeval timeout,
929 struct smb_request *req,
930 struct deferred_open_record *state)
931 {
932 int i;
933
934 /* Paranoia check */
935
936 for (i=0; i<lck->num_share_modes; i++) {
937 struct share_mode_entry *e = &lck->share_modes[i];
938
939 if (!is_deferred_open_entry(e)) {
940 continue;
941 }
942
943 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
944 DEBUG(0, ("Trying to defer an already deferred "
945 "request: mid=%d, exiting\n", req->mid));
946 exit_server("attempt to defer a deferred request");
947 }
948 }
949
950 /* End paranoia check */
951
952 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
953 "open entry for mid %u\n",
954 (unsigned int)request_time.tv_sec,
955 (unsigned int)request_time.tv_usec,
956 (unsigned int)req->mid));
957
958 if (!push_deferred_smb_message(req, request_time, timeout,
959 (char *)state, sizeof(*state))) {
960 exit_server("push_deferred_smb_message failed");
961 }
962 add_deferred_open(lck, req->mid, request_time, state->id);
963
964 /*
965 * Push the MID of this packet on the signing queue.
966 * We only do this once, the first time we push the packet
967 * onto the deferred open queue, as this has a side effect
968 * of incrementing the response sequence number.
969 */
970
971 srv_defer_sign_response(req->mid);
972 }
973
974
975 /****************************************************************************
976 On overwrite open ensure that the attributes match.
977 ****************************************************************************/
978
979 static bool open_match_attributes(connection_struct *conn,
980 const char *path,
981 uint32 old_dos_attr,
982 uint32 new_dos_attr,
983 mode_t existing_unx_mode,
984 mode_t new_unx_mode,
985 mode_t *returned_unx_mode)
986 {
987 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
988
989 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
990 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
991
992 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
993 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
994 *returned_unx_mode = new_unx_mode;
995 } else {
996 *returned_unx_mode = (mode_t)0;
997 }
998
999 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
1000 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1001 "returned_unx_mode = 0%o\n",
1002 path,
1003 (unsigned int)old_dos_attr,
1004 (unsigned int)existing_unx_mode,
1005 (unsigned int)new_dos_attr,
1006 (unsigned int)*returned_unx_mode ));
1007
1008 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1009 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1010 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1011 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1012 return False;
1013 }
1014 }
1015 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1016 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1017 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1018 return False;
1019 }
1020 }
1021 return True;
1022 }
1023
1024 /****************************************************************************
1025 Special FCB or DOS processing in the case of a sharing violation.
1026 Try and find a duplicated file handle.
1027 ****************************************************************************/
1028
1029 static NTSTATUS fcb_or_dos_open(connection_struct *conn,
1030 files_struct *fsp_to_dup_into,
1031 const char *fname,
1032 struct file_id id,
1033 uint16 file_pid,
1034 uint16 vuid,
1035 uint32 access_mask,
1036 uint32 share_access,
1037 uint32 create_options)
1038 {
1039 files_struct *fsp;
1040
1041 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1042 "file %s.\n", fname ));
1043
1044 for(fsp = file_find_di_first(id); fsp;
1045 fsp = file_find_di_next(fsp)) {
1046
1047 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1048 "vuid = %u, file_pid = %u, private_options = 0x%x "
1049 "access_mask = 0x%x\n", fsp->fsp_name,
1050 fsp->fh->fd, (unsigned int)fsp->vuid,
1051 (unsigned int)fsp->file_pid,
1052 (unsigned int)fsp->fh->private_options,
1053 (unsigned int)fsp->access_mask ));
1054
1055 if (fsp->fh->fd != -1 &&
1056 fsp->vuid == vuid &&
1057 fsp->file_pid == file_pid &&
1058 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1059 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1060 (fsp->access_mask & FILE_WRITE_DATA) &&
1061 strequal(fsp->fsp_name, fname)) {
1062 DEBUG(10,("fcb_or_dos_open: file match\n"));
1063 break;
1064 }
1065 }
1066
1067 if (!fsp) {
1068 return NT_STATUS_NOT_FOUND;
1069 }
1070
1071 /* quite an insane set of semantics ... */
1072 if (is_executable(fname) &&
1073 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1074 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1075 return NT_STATUS_INVALID_PARAMETER;
1076 }
1077
1078 /* We need to duplicate this fsp. */
1079 dup_file_fsp(fsp, access_mask, share_access,
1080 create_options, fsp_to_dup_into);
1081
1082 return NT_STATUS_OK;
1083 }
1084
1085 /****************************************************************************
1086 Open a file with a share mode - old openX method - map into NTCreate.
1087 ****************************************************************************/
1088
1089 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
1090 uint32 *paccess_mask,
1091 uint32 *pshare_mode,
1092 uint32 *pcreate_disposition,
1093 uint32 *pcreate_options)
1094 {
1095 uint32 access_mask;
1096 uint32 share_mode;
1097 uint32 create_disposition;
1098 uint32 create_options = FILE_NON_DIRECTORY_FILE;
1099
1100 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1101 "open_func = 0x%x\n",
1102 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
1103
1104 /* Create the NT compatible access_mask. */
1105 switch (GET_OPENX_MODE(deny_mode)) {
1106 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1107 case DOS_OPEN_RDONLY:
1108 access_mask = FILE_GENERIC_READ;
1109 break;
1110 case DOS_OPEN_WRONLY:
1111 access_mask = FILE_GENERIC_WRITE;
1112 break;
1113 case DOS_OPEN_RDWR:
1114 case DOS_OPEN_FCB:
1115 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1116 break;
1117 default:
1118 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1119 (unsigned int)GET_OPENX_MODE(deny_mode)));
1120 return False;
1121 }
1122
1123 /* Create the NT compatible create_disposition. */
1124 switch (open_func) {
1125 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1126 create_disposition = FILE_CREATE;
1127 break;
1128
1129 case OPENX_FILE_EXISTS_OPEN:
1130 create_disposition = FILE_OPEN;
1131 break;
1132
1133 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1134 create_disposition = FILE_OPEN_IF;
1135 break;
1136
1137 case OPENX_FILE_EXISTS_TRUNCATE:
1138 create_disposition = FILE_OVERWRITE;
1139 break;
1140
1141 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1142 create_disposition = FILE_OVERWRITE_IF;
1143 break;
1144
1145 default:
1146 /* From samba4 - to be confirmed. */
1147 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1148 create_disposition = FILE_CREATE;
1149 break;
1150 }
1151 DEBUG(10,("map_open_params_to_ntcreate: bad "
1152 "open_func 0x%x\n", (unsigned int)open_func));
1153 return False;
1154 }
1155
1156 /* Create the NT compatible share modes. */
1157 switch (GET_DENY_MODE(deny_mode)) {
1158 case DENY_ALL:
1159 share_mode = FILE_SHARE_NONE;
1160 break;
1161
1162 case DENY_WRITE:
1163 share_mode = FILE_SHARE_READ;
1164 break;
1165
1166 case DENY_READ:
1167 share_mode = FILE_SHARE_WRITE;
1168 break;
1169
1170 case DENY_NONE:
1171 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1172 break;
1173
1174 case DENY_DOS:
1175 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1176 if (is_executable(fname)) {
1177 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1178 } else {
1179 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1180 share_mode = FILE_SHARE_READ;
1181 } else {
1182 share_mode = FILE_SHARE_NONE;
1183 }
1184 }
1185 break;
1186
1187 case DENY_FCB:
1188 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1189 share_mode = FILE_SHARE_NONE;
1190 break;
1191
1192 default:
1193 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1194 (unsigned int)GET_DENY_MODE(deny_mode) ));
1195 return False;
1196 }
1197
1198 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1199 "share_mode = 0x%x, create_disposition = 0x%x, "
1200 "create_options = 0x%x\n",
1201 fname,
1202 (unsigned int)access_mask,
1203 (unsigned int)share_mode,
1204 (unsigned int)create_disposition,
1205 (unsigned int)create_options ));
1206
1207 if (paccess_mask) {
1208 *paccess_mask = access_mask;
1209 }
1210 if (pshare_mode) {
1211 *pshare_mode = share_mode;
1212 }
1213 if (pcreate_disposition) {
1214 *pcreate_disposition = create_disposition;
1215 }
1216 if (pcreate_options) {
1217 *pcreate_options = create_options;
1218 }
1219
1220 return True;
1221
1222 }
1223
1224 static void schedule_defer_open(struct share_mode_lock *lck,
1225 struct timeval request_time,
1226 struct smb_request *req)
1227 {
1228 struct deferred_open_record state;
1229
1230 /* This is a relative time, added to the absolute
1231 request_time value to get the absolute timeout time.
1232 Note that if this is the second or greater time we enter
1233 this codepath for this particular request mid then
1234 request_time is left as the absolute time of the *first*
1235 time this request mid was processed. This is what allows
1236 the request to eventually time out. */
1237
1238 struct timeval timeout;
1239
1240 /* Normally the smbd we asked should respond within
1241 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1242 * the client did, give twice the timeout as a safety
1243 * measure here in case the other smbd is stuck
1244 * somewhere else. */
1245
1246 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1247
1248 /* Nothing actually uses state.delayed_for_oplocks
1249 but it's handy to differentiate in debug messages
1250 between a 30 second delay due to oplock break, and
1251 a 1 second delay for share mode conflicts. */
1252
1253 state.delayed_for_oplocks = True;
1254 state.id = lck->id;
1255
1256 if (!request_timed_out(request_time, timeout)) {
1257 defer_open(lck, request_time, timeout, req, &state);
1258 }
1259 }
1260
1261 /****************************************************************************
1262 Work out what access_mask to use from what the client sent us.
1263 ****************************************************************************/
1264
1265 static NTSTATUS calculate_access_mask(connection_struct *conn,
1266 const char *fname,
1267 bool file_existed,
1268 uint32_t access_mask,
1269 uint32_t *access_mask_out)
1270 {
1271 NTSTATUS status;
1272
1273 /*
1274 * Convert GENERIC bits to specific bits.
1275 */
1276
1277 se_map_generic(&access_mask, &file_generic_mapping);
1278
1279 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1280 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1281 if (file_existed) {
1282
1283 struct security_descriptor *sd;
1284 uint32_t access_granted = 0;
1285
1286 status = SMB_VFS_GET_NT_ACL(conn, fname,
1287 (OWNER_SECURITY_INFORMATION |
1288 GROUP_SECURITY_INFORMATION |
1289 DACL_SECURITY_INFORMATION),&sd);
1290
1291 if (!NT_STATUS_IS_OK(status)) {
1292 DEBUG(10, ("calculate_access_mask: Could not get acl "
1293 "on file %s: %s\n",
1294 fname,
1295 nt_errstr(status)));
1296 return NT_STATUS_ACCESS_DENIED;
1297 }
1298
1299 status = smb1_file_se_access_check(sd,
1300 conn->server_info->ptok,
1301 access_mask,
1302 &access_granted);
1303
1304 TALLOC_FREE(sd);
1305
1306 if (!NT_STATUS_IS_OK(status)) {
1307 DEBUG(10, ("calculate_access_mask: Access denied on "
1308 "file %s: when calculating maximum access\n",
1309 fname));
1310 return NT_STATUS_ACCESS_DENIED;
1311 }
1312
1313 access_mask = access_granted;
1314 } else {
1315 access_mask = FILE_GENERIC_ALL;
1316 }
1317 }
1318
1319 *access_mask_out = access_mask;
1320 return NT_STATUS_OK;
1321 }
1322
1323 /****************************************************************************
1324 Open a file with a share mode. Passed in an already created files_struct *.
1325 ****************************************************************************/
1326
1327 static NTSTATUS open_file_ntcreate_internal(connection_struct *conn,
1328 struct smb_request *req,
1329 const char *fname,
1330 SMB_STRUCT_STAT *psbuf,
1331 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1332 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1333 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1334 uint32 create_options, /* options such as delete on close. */
1335 uint32 new_dos_attributes, /* attributes used for new file. */
1336 int oplock_request, /* internal Samba oplock codes. */
1337 /* Information (FILE_EXISTS etc.) */
1338 int *pinfo,
1339 files_struct *fsp)
1340 {
1341 int flags=0;
1342 int flags2=0;
1343 bool file_existed = VALID_STAT(*psbuf);
1344 bool def_acl = False;
1345 bool posix_open = False;
1346 bool new_file_created = False;
1347 struct file_id id;
1348 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1349 mode_t new_unx_mode = (mode_t)0;
1350 mode_t unx_mode = (mode_t)0;
1351 int info;
1352 uint32 existing_dos_attributes = 0;
1353 struct pending_message_list *pml = NULL;
1354 struct timeval request_time = timeval_zero();
1355 struct share_mode_lock *lck = NULL;
1356 uint32 open_access_mask = access_mask;
1357 NTSTATUS status;
1358 int ret_flock;
1359 char *parent_dir;
1360 const char *newname;
1361
1362 ZERO_STRUCT(id);
1363
1364 if (conn->printer) {
1365 /*
1366 * Printers are handled completely differently.
1367 * Most of the passed parameters are ignored.
1368 */
1369
1370 if (pinfo) {
1371 *pinfo = FILE_WAS_CREATED;
1372 }
1373
1374 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1375
1376 return print_fsp_open(conn, fname, req->vuid, fsp, psbuf);
1377 }
1378
1379 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1380 &newname)) {
1381 return NT_STATUS_NO_MEMORY;
1382 }
1383
1384 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1385 posix_open = True;
1386 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1387 new_dos_attributes = 0;
1388 } else {
1389 /* We add aARCH to this as this mode is only used if the file is
1390 * created new. */
1391 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1392 parent_dir);
1393 }
1394
1395 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1396 "access_mask=0x%x share_access=0x%x "
1397 "create_disposition = 0x%x create_options=0x%x "
1398 "unix mode=0%o oplock_request=%d\n",
1399 fname, new_dos_attributes, access_mask, share_access,
1400 create_disposition, create_options, unx_mode,
1401 oplock_request));
1402
1403 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1404 DEBUG(0, ("No smb request but not an internal only open!\n"));
1405 return NT_STATUS_INTERNAL_ERROR;
1406 }
1407
1408 /*
1409 * Only non-internal opens can be deferred at all
1410 */
1411
1412 if ((req != NULL)
1413 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1414 struct deferred_open_record *state =
1415 (struct deferred_open_record *)pml->private_data.data;
1416
1417 /* Remember the absolute time of the original
1418 request with this mid. We'll use it later to
1419 see if this has timed out. */
1420
1421 request_time = pml->request_time;
1422
1423 /* Remove the deferred open entry under lock. */
1424 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1425 NULL);
1426 if (lck == NULL) {
1427 DEBUG(0, ("could not get share mode lock\n"));
1428 } else {
1429 del_deferred_open_entry(lck, req->mid);
1430 TALLOC_FREE(lck);
1431 }
1432
1433 /* Ensure we don't reprocess this message. */
1434 remove_deferred_open_smb_message(req->mid);
1435 }
1436
1437 status = check_name(conn, fname);
1438 if (!NT_STATUS_IS_OK(status)) {
1439 return status;
1440 }
1441
1442 if (!posix_open) {
1443 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1444 if (file_existed) {
1445 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1446 }
1447 }
1448
1449 /* ignore any oplock requests if oplocks are disabled */
1450 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1451 IS_VETO_OPLOCK_PATH(conn, fname)) {
1452 /* Mask off everything except the private Samba bits. */
1453 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1454 }
1455
1456 /* this is for OS/2 long file names - say we don't support them */
1457 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1458 /* OS/2 Workplace shell fix may be main code stream in a later
1459 * release. */
1460 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1461 "supported.\n"));
1462 if (use_nt_status()) {
1463 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1464 }
1465 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1466 }
1467
1468 switch( create_disposition ) {
1469 /*
1470 * Currently we're using FILE_SUPERSEDE as the same as
1471 * FILE_OVERWRITE_IF but they really are
1472 * different. FILE_SUPERSEDE deletes an existing file
1473 * (requiring delete access) then recreates it.
1474 */
1475 case FILE_SUPERSEDE:
1476 /* If file exists replace/overwrite. If file doesn't
1477 * exist create. */
1478 flags2 |= (O_CREAT | O_TRUNC);
1479 break;
1480
1481 case FILE_OVERWRITE_IF:
1482 /* If file exists replace/overwrite. If file doesn't
1483 * exist create. */
1484 flags2 |= (O_CREAT | O_TRUNC);
1485 break;
1486
1487 case FILE_OPEN:
1488 /* If file exists open. If file doesn't exist error. */
1489 if (!file_existed) {
1490 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1491 "requested for file %s and file "
1492 "doesn't exist.\n", fname ));
1493 errno = ENOENT;
1494 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1495 }
1496 break;
1497
1498 case FILE_OVERWRITE:
1499 /* If file exists overwrite. If file doesn't exist
1500 * error. */
1501 if (!file_existed) {
1502 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1503 "requested for file %s and file "
1504 "doesn't exist.\n", fname ));
1505 errno = ENOENT;
1506 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1507 }
1508 flags2 |= O_TRUNC;
1509 break;
1510
1511 case FILE_CREATE:
1512 /* If file exists error. If file doesn't exist
1513 * create. */
1514 if (file_existed) {
1515 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1516 "requested for file %s and file "
1517 "already exists.\n", fname ));
1518 if (S_ISDIR(psbuf->st_mode)) {
1519 errno = EISDIR;
1520 } else {
1521 errno = EEXIST;
1522 }
1523 return map_nt_error_from_unix(errno);
1524 }
1525 flags2 |= (O_CREAT|O_EXCL);
1526 break;
1527
1528 case FILE_OPEN_IF:
1529 /* If file exists open. If file doesn't exist
1530 * create. */
1531 flags2 |= O_CREAT;
1532 break;
1533
1534 default:
1535 return NT_STATUS_INVALID_PARAMETER;
1536 }
1537
1538 /* We only care about matching attributes on file exists and
1539 * overwrite. */
1540
1541 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1542 (create_disposition == FILE_OVERWRITE_IF))) {
1543 if (!open_match_attributes(conn, fname,
1544 existing_dos_attributes,
1545 new_dos_attributes, psbuf->st_mode,
1546 unx_mode, &new_unx_mode)) {
1547 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1548 "for file %s (%x %x) (0%o, 0%o)\n",
1549 fname, existing_dos_attributes,
1550 new_dos_attributes,
1551 (unsigned int)psbuf->st_mode,
1552 (unsigned int)unx_mode ));
1553 errno = EACCES;
1554 return NT_STATUS_ACCESS_DENIED;
1555 }
1556 }
1557
1558 status = calculate_access_mask(conn, fname, file_existed,
1559 access_mask,
1560 &access_mask);
1561 if (!NT_STATUS_IS_OK(status)) {
1562 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1563 "on file %s returned %s\n",
1564 fname,
1565 nt_errstr(status)));
1566 return status;
1567 }
1568
1569 open_access_mask = access_mask;
1570
1571 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1572 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1573 }
1574
1575 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1576 "access_mask=0x%x\n", fname, access_mask ));
1577
1578 /*
1579 * Note that we ignore the append flag as append does not
1580 * mean the same thing under DOS and Unix.
1581 */
1582
1583 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1584 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1585 /* DENY_DOS opens are always underlying read-write on the
1586 file handle, no matter what the requested access mask
1587 says. */
1588 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1589 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1590 flags = O_RDWR;
1591 } else {
1592 flags = O_WRONLY;
1593 }
1594 } else {
1595 flags = O_RDONLY;
1596 }
1597
1598 /*
1599 * Currently we only look at FILE_WRITE_THROUGH for create options.
1600 */
1601
1602 #if defined(O_SYNC)
1603 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1604 flags2 |= O_SYNC;
1605 }
1606 #endif /* O_SYNC */
1607
1608 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1609 flags2 |= O_APPEND;
1610 }
1611
1612 if (!posix_open && !CAN_WRITE(conn)) {
1613 /*
1614 * We should really return a permission denied error if either
1615 * O_CREAT or O_TRUNC are set, but for compatibility with
1616 * older versions of Samba we just AND them out.
1617 */
1618 flags2 &= ~(O_CREAT|O_TRUNC);
1619 }
1620
1621 /*
1622 * Ensure we can't write on a read-only share or file.
1623 */
1624
1625 if (flags != O_RDONLY && file_existed &&
1626 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1627 DEBUG(5,("open_file_ntcreate: write access requested for "
1628 "file %s on read only %s\n",
1629 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1630 errno = EACCES;
1631 return NT_STATUS_ACCESS_DENIED;
1632 }
1633
1634 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1635 fsp->share_access = share_access;
1636 fsp->fh->private_options = create_options;
1637 fsp->access_mask = open_access_mask; /* We change this to the
1638 * requested access_mask after
1639 * the open is done. */
1640 fsp->posix_open = posix_open;
1641
1642 /* Ensure no SAMBA_PRIVATE bits can be set. */
1643 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1644
1645 if (timeval_is_zero(&request_time)) {
1646 request_time = fsp->open_time;
1647 }
1648
1649 if (file_existed) {
1650 struct timespec old_write_time = get_mtimespec(psbuf);
1651 id = vfs_file_id_from_sbuf(conn, psbuf);
1652
1653 lck = get_share_mode_lock(talloc_tos(), id,
1654 conn->connectpath,
1655 fname, &old_write_time);
1656
1657 if (lck == NULL) {
1658 DEBUG(0, ("Could not get share mode lock\n"));
1659 return NT_STATUS_SHARING_VIOLATION;
1660 }
1661
1662 /* First pass - send break only on batch oplocks. */
1663 if ((req != NULL)
1664 && delay_for_oplocks(lck, fsp, req->mid, 1,
1665 oplock_request)) {
1666 schedule_defer_open(lck, request_time, req);
1667 TALLOC_FREE(lck);
1668 return NT_STATUS_SHARING_VIOLATION;
1669 }
1670
1671 /* Use the client requested access mask here, not the one we
1672 * open with. */
1673 status = open_mode_check(conn, fname, lck,
1674 access_mask, share_access,
1675 create_options, &file_existed);
1676
1677 if (NT_STATUS_IS_OK(status)) {
1678 /* We might be going to allow this open. Check oplock
1679 * status again. */
1680 /* Second pass - send break for both batch or
1681 * exclusive oplocks. */
1682 if ((req != NULL)
1683 && delay_for_oplocks(lck, fsp, req->mid, 2,
1684 oplock_request)) {
1685 schedule_defer_open(lck, request_time, req);
1686 TALLOC_FREE(lck);
1687 return NT_STATUS_SHARING_VIOLATION;
1688 }
1689 }
1690
1691 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1692 /* DELETE_PENDING is not deferred for a second */
1693 TALLOC_FREE(lck);
1694 return status;
1695 }
1696
1697 if (!NT_STATUS_IS_OK(status)) {
1698 uint32 can_access_mask;
1699 bool can_access = True;
1700
1701 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1702
1703 /* Check if this can be done with the deny_dos and fcb
1704 * calls. */
1705 if (create_options &
1706 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1707 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1708 if (req == NULL) {
1709 DEBUG(0, ("DOS open without an SMB "
1710 "request!\n"));
1711 TALLOC_FREE(lck);
1712 return NT_STATUS_INTERNAL_ERROR;
1713 }
1714
1715 /* Use the client requested access mask here,
1716 * not the one we open with. */
1717 status = fcb_or_dos_open(conn,
1718 fsp,
1719 fname,
1720 id,
1721 req->smbpid,
1722 req->vuid,
1723 access_mask,
1724 share_access,
1725 create_options);
1726
1727 if (NT_STATUS_IS_OK(status)) {
1728 TALLOC_FREE(lck);
1729 if (pinfo) {
1730 *pinfo = FILE_WAS_OPENED;
1731 }
1732 return NT_STATUS_OK;
1733 }
1734 }
1735
1736 /*
1737 * This next line is a subtlety we need for
1738 * MS-Access. If a file open will fail due to share
1739 * permissions and also for security (access) reasons,
1740 * we need to return the access failed error, not the
1741 * share error. We can't open the file due to kernel
1742 * oplock deadlock (it's possible we failed above on
1743 * the open_mode_check()) so use a userspace check.
1744 */
1745
1746 if (flags & O_RDWR) {
1747 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1748 } else if (flags & O_WRONLY) {
1749 can_access_mask = FILE_WRITE_DATA;
1750 } else {
1751 can_access_mask = FILE_READ_DATA;
1752 }
1753
1754 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1755 !can_access_file_data(conn,fname,psbuf,can_access_mask)) {
1756 can_access = False;
1757 }
1758
1759 /*
1760 * If we're returning a share violation, ensure we
1761 * cope with the braindead 1 second delay.
1762 */
1763
1764 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1765 lp_defer_sharing_violations()) {
1766 struct timeval timeout;
1767 struct deferred_open_record state;
1768 int timeout_usecs;
1769
1770 /* this is a hack to speed up torture tests
1771 in 'make test' */
1772 timeout_usecs = lp_parm_int(SNUM(conn),
1773 "smbd","sharedelay",
1774 SHARING_VIOLATION_USEC_WAIT);
1775
1776 /* This is a relative time, added to the absolute
1777 request_time value to get the absolute timeout time.
1778 Note that if this is the second or greater time we enter
1779 this codepath for this particular request mid then
1780 request_time is left as the absolute time of the *first*
1781 time this request mid was processed. This is what allows
1782 the request to eventually time out. */
1783
1784 timeout = timeval_set(0, timeout_usecs);
1785
1786 /* Nothing actually uses state.delayed_for_oplocks
1787 but it's handy to differentiate in debug messages
1788 between a 30 second delay due to oplock break, and
1789 a 1 second delay for share mode conflicts. */
1790
1791 state.delayed_for_oplocks = False;
1792 state.id = id;
1793
1794 if ((req != NULL)
1795 && !request_timed_out(request_time,
1796 timeout)) {
1797 defer_open(lck, request_time, timeout,
1798 req, &state);
1799 }
1800 }
1801
1802 TALLOC_FREE(lck);
1803 if (can_access) {
1804 /*
1805 * We have detected a sharing violation here
1806 * so return the correct error code
1807 */
1808 status = NT_STATUS_SHARING_VIOLATION;
1809 } else {
1810 status = NT_STATUS_ACCESS_DENIED;
1811 }
1812 return status;
1813 }
1814
1815 /*
1816 * We exit this block with the share entry *locked*.....
1817 */
1818 }
1819
1820 SMB_ASSERT(!file_existed || (lck != NULL));
1821
1822 /*
1823 * Ensure we pay attention to default ACLs on directories if required.
1824 */
1825
1826 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1827 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1828 unx_mode = 0777;
1829 }
1830
1831 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1832 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1833 (unsigned int)flags, (unsigned int)flags2,
1834 (unsigned int)unx_mode, (unsigned int)access_mask,
1835 (unsigned int)open_access_mask));
1836
1837 /*
1838 * open_file strips any O_TRUNC flags itself.
1839 */
1840
1841 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1842 flags|flags2, unx_mode, access_mask,
1843 open_access_mask);
1844
1845 if (!NT_STATUS_IS_OK(fsp_open)) {
1846 if (lck != NULL) {
1847 TALLOC_FREE(lck);
1848 }
1849 return fsp_open;
1850 }
1851
1852 if (!file_existed) {
1853 struct timespec old_write_time = get_mtimespec(psbuf);
1854 /*
1855 * Deal with the race condition where two smbd's detect the
1856 * file doesn't exist and do the create at the same time. One
1857 * of them will win and set a share mode, the other (ie. this
1858 * one) should check if the requested share mode for this
1859 * create is allowed.
1860 */
1861
1862 /*
1863 * Now the file exists and fsp is successfully opened,
1864 * fsp->dev and fsp->inode are valid and should replace the
1865 * dev=0,inode=0 from a non existent file. Spotted by
1866 * Nadav Danieli <nadavd@exanet.com>. JRA.
1867 */
1868
1869 id = fsp->file_id;
1870
1871 lck = get_share_mode_lock(talloc_tos(), id,
1872 conn->connectpath,
1873 fname, &old_write_time);
1874
1875 if (lck == NULL) {
1876 DEBUG(0, ("open_file_ntcreate: Could not get share "
1877 "mode lock for %s\n", fname));
1878 fd_close(fsp);
1879 return NT_STATUS_SHARING_VIOLATION;
1880 }
1881
1882 /* First pass - send break only on batch oplocks. */
1883 if ((req != NULL)
1884 && delay_for_oplocks(lck, fsp, req->mid, 1,
1885 oplock_request)) {
1886 schedule_defer_open(lck, request_time, req);
1887 TALLOC_FREE(lck);
1888 fd_close(fsp);
1889 return NT_STATUS_SHARING_VIOLATION;
1890 }
1891
1892 status = open_mode_check(conn, fname, lck,
1893 access_mask, share_access,
1894 create_options, &file_existed);
1895
1896 if (NT_STATUS_IS_OK(status)) {
1897 /* We might be going to allow this open. Check oplock
1898 * status again. */
1899 /* Second pass - send break for both batch or
1900 * exclusive oplocks. */
1901 if ((req != NULL)
1902 && delay_for_oplocks(lck, fsp, req->mid, 2,
1903 oplock_request)) {
1904 schedule_defer_open(lck, request_time, req);
1905 TALLOC_FREE(lck);
1906 fd_close(fsp);
1907 return NT_STATUS_SHARING_VIOLATION;
1908 }
1909 }
1910
1911 if (!NT_STATUS_IS_OK(status)) {
1912 struct deferred_open_record state;
1913
1914 fd_close(fsp);
1915
1916 state.delayed_for_oplocks = False;
1917 state.id = id;
1918
1919 /* Do it all over again immediately. In the second
1920 * round we will find that the file existed and handle
1921 * the DELETE_PENDING and FCB cases correctly. No need
1922 * to duplicate the code here. Essentially this is a
1923 * "goto top of this function", but don't tell
1924 * anybody... */
1925
1926 if (req != NULL) {
1927 defer_open(lck, request_time, timeval_zero(),
1928 req, &state);
1929 }
1930 TALLOC_FREE(lck);
1931 return status;
1932 }
1933
1934 /*
1935 * We exit this block with the share entry *locked*.....
1936 */
1937
1938 }
1939
1940 SMB_ASSERT(lck != NULL);
1941
1942 /* note that we ignore failure for the following. It is
1943 basically a hack for NFS, and NFS will never set one of
1944 these only read them. Nobody but Samba can ever set a deny
1945 mode and we have already checked our more authoritative
1946 locking database for permission to set this deny mode. If
1947 the kernel refuses the operations then the kernel is wrong.
1948 note that GPFS supports it as well - jmcd */
1949
1950 if (fsp->fh->fd != -1) {
1951 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
1952 if(ret_flock == -1 ){
1953
1954 TALLOC_FREE(lck);
1955 fd_close(fsp);
1956
1957 return NT_STATUS_SHARING_VIOLATION;
1958 }
1959 }
1960
1961 /*
1962 * At this point onwards, we can guarentee that the share entry
1963 * is locked, whether we created the file or not, and that the
1964 * deny mode is compatible with all current opens.
1965 */
1966
1967 /*
1968 * If requested, truncate the file.
1969 */
1970
1971 if (flags2&O_TRUNC) {
1972 /*
1973 * We are modifing the file after open - update the stat
1974 * struct..
1975 */
1976 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
1977 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
1978 status = map_nt_error_from_unix(errno);
1979 TALLOC_FREE(lck);
1980 fd_close(fsp);
1981 return status;
1982 }
1983 }
1984
1985 /* Record the options we were opened with. */
1986 fsp->share_access = share_access;
1987 fsp->fh->private_options = create_options;
1988 /*
1989 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
1990 */
1991 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
1992
1993 if (file_existed) {
1994 /* stat opens on existing files don't get oplocks. */
1995 if (is_stat_open(open_access_mask)) {
1996 fsp->oplock_type = NO_OPLOCK;
1997 }
1998
1999 if (!(flags2 & O_TRUNC)) {
2000 info = FILE_WAS_OPENED;
2001 } else {
2002 info = FILE_WAS_OVERWRITTEN;
2003 }
2004 } else {
2005 info = FILE_WAS_CREATED;
2006 }
2007
2008 if (pinfo) {
2009 *pinfo = info;
2010 }
2011
2012 /*
2013 * Setup the oplock info in both the shared memory and
2014 * file structs.
2015 */
2016
2017 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2018 /* Could not get the kernel oplock */
2019 fsp->oplock_type = NO_OPLOCK;
2020 }
2021
2022 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2023 new_file_created = True;
2024 }
2025
2026 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
2027 fsp->oplock_type);
2028
2029 /* Handle strange delete on close create semantics. */
2030 if (create_options & FILE_DELETE_ON_CLOSE) {
2031
2032 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
2033
2034 if (!NT_STATUS_IS_OK(status)) {
2035 /* Remember to delete the mode we just added. */
2036 del_share_mode(lck, fsp);
2037 TALLOC_FREE(lck);
2038 fd_close(fsp);
2039 return status;
2040 }
2041 /* Note that here we set the *inital* delete on close flag,
2042 not the regular one. The magic gets handled in close. */
2043 fsp->initial_delete_on_close = True;
2044 }
2045
2046 if (new_file_created) {
2047 /* Files should be initially set as archive */
2048 if (lp_map_archive(SNUM(conn)) ||
2049 lp_store_dos_attributes(SNUM(conn))) {
2050 if (!posix_open) {
2051 SMB_STRUCT_STAT tmp_sbuf;
2052 SET_STAT_INVALID(tmp_sbuf);
2053 if (file_set_dosmode(
2054 conn, fname,
2055 new_dos_attributes | aARCH,
2056 &tmp_sbuf, parent_dir,
2057 true) == 0) {
2058 unx_mode = tmp_sbuf.st_mode;
2059 }
2060 }
2061 }
2062 }
2063
2064 /*
2065 * Take care of inherited ACLs on created files - if default ACL not
2066 * selected.
2067 */
2068
2069 if (!posix_open && !file_existed && !def_acl) {
2070
2071 int saved_errno = errno; /* We might get ENOSYS in the next
2072 * call.. */
2073
2074 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2075 errno == ENOSYS) {
2076 errno = saved_errno; /* Ignore ENOSYS */
2077 }
2078
2079 } else if (new_unx_mode) {
2080
2081 int ret = -1;
2082
2083 /* Attributes need changing. File already existed. */
2084
2085 {
2086 int saved_errno = errno; /* We might get ENOSYS in the
2087 * next call.. */
2088 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2089
2090 if (ret == -1 && errno == ENOSYS) {
2091 errno = saved_errno; /* Ignore ENOSYS */
2092 } else {
2093 DEBUG(5, ("open_file_ntcreate: reset "
2094 "attributes of file %s to 0%o\n",
2095 fname, (unsigned int)new_unx_mode));
2096 ret = 0; /* Don't do the fchmod below. */
2097 }
2098 }
2099
2100 if ((ret == -1) &&
2101 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2102 DEBUG(5, ("open_file_ntcreate: failed to reset "
2103 "attributes of file %s to 0%o\n",
2104 fname, (unsigned int)new_unx_mode));
2105 }
2106
2107 /* If this is a successful open, we must remove any deferred open
2108 * records. */
2109 if (req != NULL) {
2110 del_deferred_open_entry(lck, req->mid);
2111 }
2112 TALLOC_FREE(lck);
2113
2114 return NT_STATUS_OK;
2115 }
2116
2117 /****************************************************************************
2118 Open a file with a share mode.
2119 ****************************************************************************/
2120
2121 NTSTATUS open_file_ntcreate(connection_struct *conn,
2122 struct smb_request *req,
2123 const char *fname,
2124 SMB_STRUCT_STAT *psbuf,
2125 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
2126 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
2127 uint32 create_disposition, /* FILE_OPEN_IF etc. */
2128 uint32 create_options, /* options such as delete on close. */
2129 uint32 new_dos_attributes, /* attributes used for new file. */
2130 int oplock_request, /* internal Samba oplock codes. */
2131 /* Information (FILE_EXISTS etc.) */
2132 int *pinfo,
2133 files_struct **result)
2134 {
2135 NTSTATUS status;
2136 files_struct *fsp = NULL;
2137
2138 *result = NULL;
2139
2140 status = file_new(conn, &fsp);
2141 if(!NT_STATUS_IS_OK(status)) {
2142 return status;
2143 }
2144
2145 status = open_file_ntcreate_internal(conn,
2146 req,
2147 fname,
2148 psbuf,
2149 access_mask,
2150 share_access,
2151 create_disposition,
2152 create_options,
2153 new_dos_attributes,
2154 oplock_request,
2155 pinfo,
2156 fsp);
2157
2158 if(!NT_STATUS_IS_OK(status)) {
2159 file_free(fsp);
2160 return status;
2161 }
2162
2163 *result = fsp;
2164 return status;
2165 }
2166
2167 /****************************************************************************
2168 Open a file for for write to ensure that we can fchmod it.
2169 ****************************************************************************/
2170
2171 NTSTATUS open_file_fchmod(connection_struct *conn, const char *fname,
2172 SMB_STRUCT_STAT *psbuf, files_struct **result)
2173 {
2174 files_struct *fsp = NULL;
2175 NTSTATUS status;
2176
2177 if (!VALID_STAT(*psbuf)) {
2178 return NT_STATUS_INVALID_PARAMETER;
2179 }
2180
2181 status = file_new(conn, &fsp);
2182 if(!NT_STATUS_IS_OK(status)) {
2183 return status;
2184 }
2185
2186 /* note! we must use a non-zero desired access or we don't get
2187 a real file descriptor. Oh what a twisted web we weave. */
2188 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
2189 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
2190
2191 /*
2192 * This is not a user visible file open.
2193 * Don't set a share mode.
2194 */
2195
2196 if (!NT_STATUS_IS_OK(status)) {
2197 file_free(fsp);
2198 return status;
2199 }
2200
2201 *result = fsp;
2202 return NT_STATUS_OK;
2203 }
2204
2205 /****************************************************************************
2206 Close the fchmod file fd - ensure no locks are lost.
2207 ****************************************************************************/
2208
2209 NTSTATUS close_file_fchmod(files_struct *fsp)
2210 {
2211 NTSTATUS status = fd_close(fsp);
2212 file_free(fsp);
2213 return status;
2214 }
2215
2216 static NTSTATUS mkdir_internal(connection_struct *conn,
2217 const char *name,
2218 uint32 file_attributes,
2219 SMB_STRUCT_STAT *psbuf)
2220 {
2221 mode_t mode;
2222 char *parent_dir;
2223 const char *dirname;
2224 NTSTATUS status;
2225 bool posix_open = false;
2226
2227 if(!CAN_WRITE(conn)) {
2228 DEBUG(5,("mkdir_internal: failing create on read-only share "
2229 "%s\n", lp_servicename(SNUM(conn))));
2230 return NT_STATUS_ACCESS_DENIED;
2231 }
2232
2233 status = check_name(conn, name);
2234 if (!NT_STATUS_IS_OK(status)) {
2235 return status;
2236 }
2237
2238 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2239 &dirname)) {
2240 return NT_STATUS_NO_MEMORY;
2241 }
2242
2243 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2244 posix_open = true;
2245 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2246 } else {
2247 mode = unix_mode(conn, aDIR, name, parent_dir);
2248 }
2249
2250 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2251 return map_nt_error_from_unix(errno);
2252 }
2253
2254 /* Ensure we're checking for a symlink here.... */
2255 /* We don't want to get caught by a symlink racer. */
2256
2257 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2258 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2259 name, strerror(errno)));
2260 return map_nt_error_from_unix(errno);
2261 }
2262
2263 if (!S_ISDIR(psbuf->st_mode)) {
2264 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2265 name));
2266 return NT_STATUS_ACCESS_DENIED;
2267 }
2268
2269 if (lp_store_dos_attributes(SNUM(conn))) {
2270 if (!posix_open) {
2271 file_set_dosmode(conn, name,
2272 file_attributes | aDIR, NULL,
2273 parent_dir,
2274 true);
2275 }
2276 }
2277
2278 if (lp_inherit_perms(SNUM(conn))) {
2279 inherit_access_posix_acl(conn, parent_dir, name, mode);
2280 }
2281
2282 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2283 /*
2284 * Check if high bits should have been set,
2285 * then (if bits are missing): add them.
2286 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2287 * dir.
2288 */
2289 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2290 SMB_VFS_CHMOD(conn, name,
2291 psbuf->st_mode | (mode & ~psbuf->st_mode));
2292 }
2293 }
2294
2295 /* Change the owner if required. */
2296 if (lp_inherit_owner(SNUM(conn))) {
2297 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2298 }
2299
2300 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2301 name);
2302
2303 return NT_STATUS_OK;
2304 }
2305
2306 /****************************************************************************
2307 Open a directory from an NT SMB call.
2308 ****************************************************************************/
2309
2310 NTSTATUS open_directory(connection_struct *conn,
2311 struct smb_request *req,
2312 const char *fname,
2313 SMB_STRUCT_STAT *psbuf,
2314 uint32 access_mask,
2315 uint32 share_access,
2316 uint32 create_disposition,
2317 uint32 create_options,
2318 uint32 file_attributes,
2319 int *pinfo,
2320 files_struct **result)
2321 {
2322 files_struct *fsp = NULL;
2323 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2324 struct share_mode_lock *lck = NULL;
2325 NTSTATUS status;
2326 struct timespec mtimespec;
2327 int info = 0;
2328
2329 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2330 "share_access = 0x%x create_options = 0x%x, "
2331 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2332 fname,
2333 (unsigned int)access_mask,
2334 (unsigned int)share_access,
2335 (unsigned int)create_options,
2336 (unsigned int)create_disposition,
2337 (unsigned int)file_attributes));
2338
2339 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2340 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2341 is_ntfs_stream_name(fname)) {
2342 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2343 return NT_STATUS_NOT_A_DIRECTORY;
2344 }
2345
2346 status = calculate_access_mask(conn, fname, dir_existed,
2347 access_mask,
2348 &access_mask);
2349 if (!NT_STATUS_IS_OK(status)) {
2350 DEBUG(10, ("open_directory: calculate_access_mask "
2351 "on file %s returned %s\n",
2352 fname,
2353 nt_errstr(status)));
2354 return status;
2355 }
2356
2357 switch( create_disposition ) {
2358 case FILE_OPEN:
2359
2360 info = FILE_WAS_OPENED;
2361
2362 /*
2363 * We want to follow symlinks here.
2364 */
2365
2366 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2367 return map_nt_error_from_unix(errno);
2368 }
2369
2370 break;
2371
2372 case FILE_CREATE:
2373
2374 /* If directory exists error. If directory doesn't
2375 * exist create. */
2376
2377 status = mkdir_internal(conn,
2378 fname,
2379 file_attributes,
2380 psbuf);
2381
2382 if (!NT_STATUS_IS_OK(status)) {
2383 DEBUG(2, ("open_directory: unable to create "
2384 "%s. Error was %s\n", fname,
2385 nt_errstr(status)));
2386 return status;
2387 }
2388
2389 info = FILE_WAS_CREATED;
2390 break;
2391
2392 case FILE_OPEN_IF:
2393 /*
2394 * If directory exists open. If directory doesn't
2395 * exist create.
2396 */
2397
2398 status = mkdir_internal(conn,
2399 fname,
2400 file_attributes,
2401 psbuf);
2402
2403 if (NT_STATUS_IS_OK(status)) {
2404 info = FILE_WAS_CREATED;
2405 }
2406
2407 if (NT_STATUS_EQUAL(status,
2408 NT_STATUS_OBJECT_NAME_COLLISION)) {
2409 info = FILE_WAS_OPENED;
2410 status = NT_STATUS_OK;
2411 }
2412
2413 break;
2414
2415 case FILE_SUPERSEDE:
2416 case FILE_OVERWRITE:
2417 case FILE_OVERWRITE_IF:
2418 default:
2419 DEBUG(5,("open_directory: invalid create_disposition "
2420 "0x%x for directory %s\n",
2421 (unsigned int)create_disposition, fname));
2422 return NT_STATUS_INVALID_PARAMETER;
2423 }
2424
2425 if(!S_ISDIR(psbuf->st_mode)) {
2426 DEBUG(5,("open_directory: %s is not a directory !\n",
2427 fname ));
2428 return NT_STATUS_NOT_A_DIRECTORY;
2429 }
2430
2431 if (info == FILE_WAS_OPENED) {
2432 uint32_t access_granted = 0;
2433 status = check_open_rights(conn,
2434 fname,
2435 access_mask,
2436 &access_granted);
2437 if (!NT_STATUS_IS_OK(status)) {
2438 DEBUG(10, ("open_directory: check_open_rights on "
2439 "file %s failed with %s\n",
2440 fname,
2441 nt_errstr(status)));
2442 return status;
2443 }
2444 }
2445
2446 status = file_new(conn, &fsp);
2447 if(!NT_STATUS_IS_OK(status)) {
2448 return status;
2449 }
2450
2451 /*
2452 * Setup the files_struct for it.
2453 */
2454
2455 fsp->mode = psbuf->st_mode;
2456 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2457 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2458 fsp->file_pid = req ? req->smbpid : 0;
2459 fsp->can_lock = False;
2460 fsp->can_read = False;
2461 fsp->can_write = False;
2462
2463 fsp->share_access = share_access;
2464 fsp->fh->private_options = create_options;
2465 /*
2466 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2467 */
2468 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2469 fsp->print_file = False;
2470 fsp->modified = False;
2471 fsp->oplock_type = NO_OPLOCK;
2472 fsp->sent_oplock_break = NO_BREAK_SENT;
2473 fsp->is_directory = True;
2474 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2475
2476 string_set(&fsp->fsp_name,fname);
2477
2478 mtimespec = get_mtimespec(psbuf);
2479
2480 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2481 conn->connectpath,
2482 fname, &mtimespec);
2483
2484 if (lck == NULL) {
2485 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2486 file_free(fsp);
2487 return NT_STATUS_SHARING_VIOLATION;
2488 }
2489
2490 status = open_mode_check(conn, fname, lck,
2491 access_mask, share_access,
2492 create_options, &dir_existed);
2493
2494 if (!NT_STATUS_IS_OK(status)) {
2495 TALLOC_FREE(lck);
2496 file_free(fsp);
2497 return status;
2498 }
2499
2500 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
2501
2502 /* For directories the delete on close bit at open time seems
2503 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2504 if (create_options & FILE_DELETE_ON_CLOSE) {
2505 status = can_set_delete_on_close(fsp, True, 0);
2506 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2507 TALLOC_FREE(lck);
2508 file_free(fsp);
2509 return status;
2510 }
2511
2512 if (NT_STATUS_IS_OK(status)) {
2513 /* Note that here we set the *inital* delete on close flag,
2514 not the regular one. The magic gets handled in close. */
2515 fsp->initial_delete_on_close = True;
2516 }
2517 }
2518
2519 TALLOC_FREE(lck);
2520
2521 if (pinfo) {
2522 *pinfo = info;
2523 }
2524
2525 *result = fsp;
2526 return NT_STATUS_OK;
2527 }
2528
2529 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2530 {
2531 NTSTATUS status;
2532 SMB_STRUCT_STAT sbuf;
2533 files_struct *fsp;
2534
2535 SET_STAT_INVALID(sbuf);
2536
2537 status = open_directory(conn, req, directory, &sbuf,
2538 FILE_READ_ATTRIBUTES, /* Just a stat open */
2539 FILE_SHARE_NONE, /* Ignored for stat opens */
2540 FILE_CREATE,
2541 0,
2542 FILE_ATTRIBUTE_DIRECTORY,
2543 NULL,
2544 &fsp);
2545
2546 if (NT_STATUS_IS_OK(status)) {
2547 close_file(fsp, NORMAL_CLOSE);
2548 }
2549
2550 return status;
2551 }
2552
2553 /****************************************************************************
2554 Receive notification that one of our open files has been renamed by another
2555 smbd process.
2556 ****************************************************************************/
2557
2558 void msg_file_was_renamed(struct messaging_context *msg,
2559 void *private_data,
2560 uint32_t msg_type,
2561 struct server_id server_id,
2562 DATA_BLOB *data)
2563 {
2564 files_struct *fsp;
2565 char *frm = (char *)data->data;
2566 struct file_id id;
2567 const char *sharepath;
2568 const char *newname;
2569 size_t sp_len;
2570
2571 if (data->data == NULL
2572 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2573 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2574 (int)data->length));
2575 return;
2576 }
2577
2578 /* Unpack the message. */
2579 pull_file_id_16(frm, &id);
2580 sharepath = &frm[16];
2581 newname = sharepath + strlen(sharepath) + 1;
2582 sp_len = strlen(sharepath);
2583
2584 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2585 "file_id %s\n",
2586 sharepath, newname, file_id_string_tos(&id)));
2587
2588 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2589 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2590 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2591 fsp->fnum, fsp->fsp_name, newname ));
2592 string_set(&fsp->fsp_name, newname);
2593 } else {
2594 /* TODO. JRA. */
2595 /* Now we have the complete path we can work out if this is
2596 actually within this share and adjust newname accordingly. */
2597 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2598 "not sharepath %s) "
2599 "fnum %d from %s -> %s\n",
2600 fsp->conn->connectpath,
2601 sharepath,
2602 fsp->fnum,
2603 fsp->fsp_name,
2604 newname ));
2605 }
2606 }
2607 }
2608
2609 struct case_semantics_state {
2610 connection_struct *conn;
2611 bool case_sensitive;
2612 bool case_preserve;
2613 bool short_case_preserve;
2614 };
2615
2616 /****************************************************************************
2617 Restore case semantics.
2618 ****************************************************************************/
2619 static int restore_case_semantics(struct case_semantics_state *state)
2620 {
2621 state->conn->case_sensitive = state->case_sensitive;
2622 state->conn->case_preserve = state->case_preserve;
2623 state->conn->short_case_preserve = state->short_case_preserve;
2624 return 0;
2625 }
2626
2627 /****************************************************************************
2628 Save case semantics.
2629 ****************************************************************************/
2630 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2631 connection_struct *conn)
2632 {
2633 struct case_semantics_state *result;
2634
2635 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2636 DEBUG(0, ("talloc failed\n"));
2637 return NULL;
2638 }
2639
2640 result->conn = conn;
2641 result->case_sensitive = conn->case_sensitive;
2642 result->case_preserve = conn->case_preserve;
2643 result->short_case_preserve = conn->short_case_preserve;
2644
2645 /* Set to POSIX. */
2646 conn->case_sensitive = True;
2647 conn->case_preserve = True;
2648 conn->short_case_preserve = True;
2649
2650 talloc_set_destructor(result, restore_case_semantics);
2651
2652 return result;
2653 }
2654
2655 /*
2656 * If a main file is opened for delete, all streams need to be checked for
2657 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2658 * If that works, delete them all by setting the delete on close and close.
2659 */
2660
2661 static NTSTATUS open_streams_for_delete(connection_struct *conn,
2662 const char *fname)
2663 {
2664 struct stream_struct *stream_info;
2665 files_struct **streams;
2666 int i;
2667 unsigned int num_streams;
2668 TALLOC_CTX *frame = talloc_stackframe();
2669 NTSTATUS status;
2670
2671 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2672 &num_streams, &stream_info);
2673
2674 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2675 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2676 DEBUG(10, ("no streams around\n"));
2677 TALLOC_FREE(frame);
2678 return NT_STATUS_OK;
2679 }
2680
2681 if (!NT_STATUS_IS_OK(status)) {
2682 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2683 nt_errstr(status)));
2684 goto fail;
2685 }
2686
2687 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2688 num_streams));
2689
2690 if (num_streams == 0) {
2691 TALLOC_FREE(frame);
2692 return NT_STATUS_OK;
2693 }
2694
2695 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2696 if (streams == NULL) {
2697 DEBUG(0, ("talloc failed\n"));
2698 status = NT_STATUS_NO_MEMORY;
2699 goto fail;
2700 }
2701
2702 for (i=0; i<num_streams; i++) {
2703 char *streamname;
2704
2705 if (strequal(stream_info[i].name, "::$DATA")) {
2706 streams[i] = NULL;
2707 continue;
2708 }
2709
2710 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2711 stream_info[i].name);
2712
2713 if (streamname == NULL) {
2714 DEBUG(0, ("talloc_aprintf failed\n"));
2715 status = NT_STATUS_NO_MEMORY;
2716 goto fail;
2717 }
2718
2719 status = create_file_unixpath
2720 (conn, /* conn */
2721 NULL, /* req */
2722 streamname, /* fname */
2723 DELETE_ACCESS, /* access_mask */
2724 FILE_SHARE_READ | FILE_SHARE_WRITE
2725 | FILE_SHARE_DELETE, /* share_access */
2726 FILE_OPEN, /* create_disposition*/
2727 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2728 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2729 0, /* oplock_request */
2730 0, /* allocation_size */
2731 NULL, /* sd */
2732 NULL, /* ea_list */
2733 &streams[i], /* result */
2734 NULL, /* pinfo */
2735 NULL); /* psbuf */
2736
2737 TALLOC_FREE(streamname);
2738
2739 if (!NT_STATUS_IS_OK(status)) {
2740 DEBUG(10, ("Could not open stream %s: %s\n",
2741 streamname, nt_errstr(status)));
2742 break;
2743 }
2744 }
2745
2746 /*
2747 * don't touch the variable "status" beyond this point :-)
2748 */
2749
2750 for (i -= 1 ; i >= 0; i--) {
2751 if (streams[i] == NULL) {
2752 continue;
2753 }
2754
2755 DEBUG(10, ("Closing stream # %d, %s\n", i,
2756 streams[i]->fsp_name));
2757 close_file(streams[i], NORMAL_CLOSE);
2758 }
2759
2760 fail:
2761 TALLOC_FREE(frame);
2762 return status;
2763 }
2764
2765 /*
2766 * Wrapper around open_file_ntcreate and open_directory
2767 */
2768
2769 NTSTATUS create_file_unixpath(connection_struct *conn,
2770 struct smb_request *req,
2771 const char *fname,
2772 uint32_t access_mask,
2773 uint32_t share_access,
2774 uint32_t create_disposition,
2775 uint32_t create_options,
2776 uint32_t file_attributes,
2777 uint32_t oplock_request,
2778 SMB_BIG_UINT allocation_size,
2779 struct security_descriptor *sd,
2780 struct ea_list *ea_list,
2781
2782 files_struct **result,
2783 int *pinfo,
2784 SMB_STRUCT_STAT *psbuf)
2785 {
2786 SMB_STRUCT_STAT sbuf;
2787 int info = FILE_WAS_OPENED;
2788 files_struct *base_fsp = NULL;
2789 files_struct *fsp = NULL;
2790 NTSTATUS status;
2791
2792 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2793 "file_attributes = 0x%x, share_access = 0x%x, "
2794 "create_disposition = 0x%x create_options = 0x%x "
2795 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2796 "fname = %s\n",
2797 (unsigned int)access_mask,
2798 (unsigned int)file_attributes,
2799 (unsigned int)share_access,
2800 (unsigned int)create_disposition,
2801 (unsigned int)create_options,
2802 (unsigned int)oplock_request,
2803 ea_list, sd, fname));
2804
2805 if (create_options & FILE_OPEN_BY_FILE_ID) {
2806 status = NT_STATUS_NOT_SUPPORTED;
2807 goto fail;
2808 }
2809
2810 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2811 status = NT_STATUS_INVALID_PARAMETER;
2812 goto fail;
2813 }
2814
2815 if (req == NULL) {
2816 oplock_request |= INTERNAL_OPEN_ONLY;
2817 }
2818
2819 if (psbuf != NULL) {
2820 sbuf = *psbuf;
2821 }
2822 else {
2823 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2824 SET_STAT_INVALID(sbuf);
2825 }
2826 }
2827
2828 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2829 && (access_mask & DELETE_ACCESS)
2830 && !is_ntfs_stream_name(fname)) {
2831 /*
2832 * We can't open a file with DELETE access if any of the
2833 * streams is open without FILE_SHARE_DELETE
2834 */
2835 status = open_streams_for_delete(conn, fname);
2836
2837 if (!NT_STATUS_IS_OK(status)) {
2838 goto fail;
2839 }
2840 }
2841
2842 /* This is the correct thing to do (check every time) but can_delete
2843 * is expensive (it may have to read the parent directory
2844 * permissions). So for now we're not doing it unless we have a strong
2845 * hint the client is really going to delete this file. If the client
2846 * is forcing FILE_CREATE let the filesystem take care of the
2847 * permissions. */
2848
2849 /* Setting FILE_SHARE_DELETE is the hint. */
2850
2851 if (lp_acl_check_permissions(SNUM(conn))
2852 && (create_disposition != FILE_CREATE)
2853 && (share_access & FILE_SHARE_DELETE)
2854 && (access_mask & DELETE_ACCESS)
2855 && (!(can_delete_file_in_directory(conn, fname) ||
2856 can_access_file_acl(conn, fname, DELETE_ACCESS)))) {
2857 status = NT_STATUS_ACCESS_DENIED;
2858 DEBUG(10,("create_file_unixpath: open file %s "
2859 "for delete ACCESS_DENIED\n", fname ));
2860 goto fail;
2861 }
2862
2863 #if 0
2864 /* We need to support SeSecurityPrivilege for this. */
2865 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2866 !user_has_privileges(current_user.nt_user_token,
2867 &se_security)) {
2868 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2869 goto fail;
2870 }
2871 #endif
2872
2873 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2874 && is_ntfs_stream_name(fname)
2875 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2876 char *base;
2877 uint32 base_create_disposition;
2878
2879 if (create_options & FILE_DIRECTORY_FILE) {
2880 status = NT_STATUS_NOT_A_DIRECTORY;
2881 goto fail;
2882 }
2883
2884 status = split_ntfs_stream_name(talloc_tos(), fname,
2885 &base, NULL);
2886 if (!NT_STATUS_IS_OK(status)) {
2887 DEBUG(10, ("create_file_unixpath: "
2888 "split_ntfs_stream_name failed: %s\n",
2889 nt_errstr(status)));
2890 goto fail;
2891 }
2892
2893 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2894
2895 switch (create_disposition) {
2896 case FILE_OPEN:
2897 base_create_disposition = FILE_OPEN;
2898 break;
2899 default:
2900 base_create_disposition = FILE_OPEN_IF;
2901 break;
2902 }
2903
2904 status = create_file_unixpath(conn, NULL, base, 0,
2905 FILE_SHARE_READ
2906 | FILE_SHARE_WRITE
2907 | FILE_SHARE_DELETE,
2908 base_create_disposition,
2909 0, 0, 0, 0, NULL, NULL,
2910 &base_fsp, NULL, NULL);
2911 if (!NT_STATUS_IS_OK(status)) {
2912 DEBUG(10, ("create_file_unixpath for base %s failed: "
2913 "%s\n", base, nt_errstr(status)));
2914 goto fail;
2915 }
2916 /* we don't need to low level fd */
2917 fd_close(base_fsp);
2918 }
2919
2920 /*
2921 * If it's a request for a directory open, deal with it separately.
2922 */
2923
2924 if (create_options & FILE_DIRECTORY_FILE) {
2925
2926 if (create_options & FILE_NON_DIRECTORY_FILE) {
2927 status = NT_STATUS_INVALID_PARAMETER;
2928 goto fail;
2929 }
2930
2931 /* Can't open a temp directory. IFS kit test. */
2932 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2933 status = NT_STATUS_INVALID_PARAMETER;
2934 goto fail;
2935 }
2936
2937 /*
2938 * We will get a create directory here if the Win32
2939 * app specified a security descriptor in the
2940 * CreateDirectory() call.
2941 */
2942
2943 oplock_request = 0;
2944 status = open_directory(
2945 conn, req, fname, &sbuf, access_mask, share_access,
2946 create_disposition, create_options, file_attributes,
2947 &info, &fsp);
2948 } else {
2949
2950 /*
2951 * Ordinary file case.
2952 */
2953
2954 if (base_fsp) {
2955 /*
2956 * We're opening the stream element of a base_fsp
2957 * we already opened. We need to initialize
2958 * the fsp first, and set up the base_fsp pointer.
2959 */
2960 status = file_new(conn, &fsp);
2961 if(!NT_STATUS_IS_OK(status)) {
2962 goto fail;
2963 }
2964
2965 fsp->base_fsp = base_fsp;
2966
2967 status = open_file_ntcreate_internal(conn,
2968 req,
2969 fname,
2970 &sbuf,
2971 access_mask,
2972 share_access,
2973 create_disposition,
2974 create_options,
2975 file_attributes,
2976 oplock_request,
2977 &info,
2978 fsp);
2979
2980 if(!NT_STATUS_IS_OK(status)) {
2981 file_free(fsp);
2982 fsp = NULL;
2983 }
2984 } else {
2985 status = open_file_ntcreate(
2986 conn, req, fname, &sbuf, access_mask, share_access,
2987 create_disposition, create_options, file_attributes,
2988 oplock_request, &info, &fsp);
2989 }
2990
2991 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2992
2993 /* A stream open never opens a directory */
2994
2995 if (base_fsp) {
2996 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2997 goto fail;
2998 }
2999
3000 /*
3001 * Fail the open if it was explicitly a non-directory
3002 * file.
3003 */
3004
3005 if (create_options & FILE_NON_DIRECTORY_FILE) {
3006 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3007 goto fail;
3008 }
3009
3010 oplock_request = 0;
3011 status = open_directory(
3012 conn, req, fname, &sbuf, access_mask,
3013 share_access, create_disposition,
3014 create_options, file_attributes,
3015 &info, &fsp);
3016 }
3017 }
3018
3019 if (!NT_STATUS_IS_OK(status)) {
3020 goto fail;
3021 }
3022
3023 fsp->base_fsp = base_fsp;
3024
3025 /*
3026 * According to the MS documentation, the only time the security
3027 * descriptor is applied to the opened file is iff we *created* the
3028 * file; an existing file stays the same.
3029 *
3030 * Also, it seems (from observation) that you can open the file with
3031 * any access mask but you can still write the sd. We need to override
3032 * the granted access before we call set_sd
3033 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3034 */
3035
3036 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3037 && lp_nt_acl_support(SNUM(conn))) {
3038
3039 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
3040 uint32_t saved_access_mask = fsp->access_mask;
3041
3042 if (sd->owner_sid == NULL) {
3043 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
3044 }
3045 if (sd->group_sid == NULL) {
3046 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
3047 }
3048 if (sd->sacl == NULL) {
3049 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
3050 }
3051 if (sd->dacl == NULL) {
3052 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
3053 }
3054
3055 fsp->access_mask = FILE_GENERIC_ALL;
3056
3057 /* Convert all the generic bits. */
3058 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3059 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3060
3061 if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
3062 GROUP_SECURITY_INFORMATION|
3063 DACL_SECURITY_INFORMATION|
3064 SACL_SECURITY_INFORMATION)) {
3065 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3066 }
3067
3068 fsp->access_mask = saved_access_mask;
3069
3070 if (!NT_STATUS_IS_OK(status)) {
3071 goto fail;
3072 }
3073 }
3074
3075 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
3076 status = set_ea(conn, fsp, fname, ea_list);
3077 if (!NT_STATUS_IS_OK(status)) {
3078 goto fail;
3079 }
3080 }
3081
3082 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
3083 status = NT_STATUS_ACCESS_DENIED;
3084 goto fail;
3085 }
3086
3087 /* Save the requested allocation size. */
3088 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3089 if (allocation_size
3090 && (allocation_size > sbuf.st_size)) {
3091 fsp->initial_allocation_size = smb_roundup(
3092 fsp->conn, allocation_size);
3093 if (fsp->is_directory) {
3094 /* Can't set allocation size on a directory. */
3095 status = NT_STATUS_ACCESS_DENIED;
3096 goto fail;
3097 }
3098 if (vfs_allocate_file_space(
3099 fsp, fsp->initial_allocation_size) == -1) {
3100 status = NT_STATUS_DISK_FULL;
3101 goto fail;
3102 }
3103 } else {
3104 fsp->initial_allocation_size = smb_roundup(
3105 fsp->conn, (SMB_BIG_UINT)sbuf.st_size);
3106 }
3107 }
3108
3109 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3110
3111 *result = fsp;
3112 if (pinfo != NULL) {
3113 *pinfo = info;
3114 }
3115 if (psbuf != NULL) {
3116 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
3117 *psbuf = sbuf;
3118 }
3119 else {
3120 SMB_VFS_FSTAT(fsp, psbuf);
3121 }
3122 }
3123 return NT_STATUS_OK;
3124
3125 fail:
3126 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3127
3128 if (fsp != NULL) {
3129 if (base_fsp && fsp->base_fsp == base_fsp) {
3130 /*
3131 * The close_file below will close
3132 * fsp->base_fsp.
3133 */
3134 base_fsp = NULL;
3135 }
3136 close_file(fsp, ERROR_CLOSE);
3137 fsp = NULL;
3138 }
3139 if (base_fsp != NULL) {
3140 close_file(base_fsp, ERROR_CLOSE);
3141 base_fsp = NULL;
3142 }
3143 return status;
3144 }
3145
3146 NTSTATUS create_file(connection_struct *conn,
3147 struct smb_request *req,
3148 uint16_t root_dir_fid,
3149 const char *fname,
3150 uint32_t access_mask,
3151 uint32_t share_access,
3152 uint32_t create_disposition,
3153 uint32_t create_options,
3154 uint32_t file_attributes,
3155 uint32_t oplock_request,
3156 SMB_BIG_UINT allocation_size,
3157 struct security_descriptor *sd,
3158 struct ea_list *ea_list,
3159
3160 files_struct **result,
3161 int *pinfo,
3162 SMB_STRUCT_STAT *psbuf)
3163 {
3164 struct case_semantics_state *case_state = NULL;
3165 SMB_STRUCT_STAT sbuf;
3166 int info = FILE_WAS_OPENED;
3167 files_struct *fsp = NULL;
3168 NTSTATUS status;
3169
3170 DEBUG(10,("create_file: access_mask = 0x%x "
3171 "file_attributes = 0x%x, share_access = 0x%x, "
3172 "create_disposition = 0x%x create_options = 0x%x "
3173 "oplock_request = 0x%x "
3174 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3175 "fname = %s\n",
3176 (unsigned int)access_mask,
3177 (unsigned int)file_attributes,
3178 (unsigned int)share_access,
3179 (unsigned int)create_disposition,
3180 (unsigned int)create_options,
3181 (unsigned int)oplock_request,
3182 (unsigned int)root_dir_fid,
3183 ea_list, sd, fname));
3184
3185 /*
3186 * Get the file name.
3187 */
3188
3189 if (root_dir_fid != 0) {
3190 /*
3191 * This filename is relative to a directory fid.
3192 */
3193 char *parent_fname = NULL;
3194 files_struct *dir_fsp = file_fsp(root_dir_fid);
3195
3196 if (dir_fsp == NULL) {
3197 status = NT_STATUS_INVALID_HANDLE;
3198 goto fail;
3199 }
3200
3201 if (!dir_fsp->is_directory) {
3202
3203 /*
3204 * Check to see if this is a mac fork of some kind.
3205 */
3206
3207 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3208 is_ntfs_stream_name(fname)) {
3209 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3210 goto fail;
3211 }
3212
3213 /*
3214 we need to handle the case when we get a
3215 relative open relative to a file and the
3216 pathname is blank - this is a reopen!
3217 (hint from demyn plantenberg)
3218 */
3219
3220 status = NT_STATUS_INVALID_HANDLE;
3221 goto fail;
3222 }
3223
3224 if (ISDOT(dir_fsp->fsp_name)) {
3225 /*
3226 * We're at the toplevel dir, the final file name
3227 * must not contain ./, as this is filtered out
3228 * normally by srvstr_get_path and unix_convert
3229 * explicitly rejects paths containing ./.
3230 */
3231 parent_fname = talloc_strdup(talloc_tos(), "");
3232 if (parent_fname == NULL) {
3233 status = NT_STATUS_NO_MEMORY;
3234 goto fail;
3235 }
3236 } else {
3237 size_t dir_name_len = strlen(dir_fsp->fsp_name);
3238
3239 /*
3240 * Copy in the base directory name.
3241 */
3242
3243 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3244 dir_name_len+2);
3245 if (parent_fname == NULL) {
3246 status = NT_STATUS_NO_MEMORY;
3247 goto fail;
3248 }
3249 memcpy(parent_fname, dir_fsp->fsp_name,
3250 dir_name_len+1);
3251
3252 /*
3253 * Ensure it ends in a '/'.
3254 * We used TALLOC_SIZE +2 to add space for the '/'.
3255 */
3256
3257 if(dir_name_len
3258 && (parent_fname[dir_name_len-1] != '\\')
3259 && (parent_fname[dir_name_len-1] != '/')) {
3260 parent_fname[dir_name_len] = '/';
3261 parent_fname[dir_name_len+1] = '\0';
3262 }
3263 }
3264
3265 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3266 fname);
3267 if (fname == NULL) {
3268 status = NT_STATUS_NO_MEMORY;
3269 goto fail;
3270 }
3271 }
3272
3273 /*
3274 * Check to see if this is a mac fork of some kind.
3275 */
3276
3277 if (is_ntfs_stream_name(fname)) {
3278 enum FAKE_FILE_TYPE fake_file_type;
3279
3280 fake_file_type = is_fake_file(fname);
3281
3282 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3283
3284 /*
3285 * Here we go! support for changing the disk quotas
3286 * --metze
3287 *
3288 * We need to fake up to open this MAGIC QUOTA file
3289 * and return a valid FID.
3290 *
3291 * w2k close this file directly after openening xp
3292 * also tries a QUERY_FILE_INFO on the file and then
3293 * close it
3294 */
3295 status = open_fake_file(conn, req->vuid,
3296 fake_file_type, fname,
3297 access_mask, &fsp);
3298 if (!NT_STATUS_IS_OK(status)) {
3299 goto fail;
3300 }
3301
3302 ZERO_STRUCT(sbuf);
3303 goto done;
3304 }
3305
3306 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3307 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3308 goto fail;
3309 }
3310 }
3311
3312 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3313 char *resolved_fname;
3314
3315 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3316 &resolved_fname);
3317
3318 if (!NT_STATUS_IS_OK(status)) {
3319 /*
3320 * For PATH_NOT_COVERED we had
3321 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3322 * ERRSRV, ERRbadpath);
3323 * Need to fix in callers
3324 */
3325 goto fail;
3326 }
3327 fname = resolved_fname;
3328 }
3329
3330 /*
3331 * Check if POSIX semantics are wanted.
3332 */
3333
3334 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3335 case_state = set_posix_case_semantics(talloc_tos(), conn);
3336 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
3337 }
3338
3339 {
3340 char *converted_fname;
3341
3342 SET_STAT_INVALID(sbuf);
3343
3344 status = unix_convert(talloc_tos(), conn, fname, False,
3345 &converted_fname, NULL, &sbuf);
3346 if (!NT_STATUS_IS_OK(status)) {
3347 goto fail;
3348 }
3349 fname = converted_fname;
3350 }
3351
3352 TALLOC_FREE(case_state);
3353
3354 /* All file access must go through check_name() */
3355
3356 status = check_name(conn, fname);
3357 if (!NT_STATUS_IS_OK(status)) {
3358 goto fail;
3359 }
3360
3361 status = create_file_unixpath(
3362 conn, req, fname, access_mask, share_access,
3363 create_disposition, create_options, file_attributes,
3364 oplock_request, allocation_size, sd, ea_list,
3365 &fsp, &info, &sbuf);
3366
3367 if (!NT_STATUS_IS_OK(status)) {
3368 goto fail;
3369 }
3370
3371 done:
3372 DEBUG(10, ("create_file: info=%d\n", info));
3373
3374 *result = fsp;
3375 if (pinfo != NULL) {
3376 *pinfo = info;
3377 }
3378 if (psbuf != NULL) {
3379 *psbuf = sbuf;
3380 }
3381 return NT_STATUS_OK;
3382
3383 fail:
3384 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3385
3386 if (fsp != NULL) {
3387 close_file(fsp, ERROR_CLOSE);
3388 fsp = NULL;
3389 }
3390 return status;
3391 }
Samba GIT mirror