Remove unneeded argument from can_set_delete_on_close(). Ensure
[Samba.git] / source3 / modules / onefs_open.c
blobb96c4b6afbbfbb116e96d2a3c31da8ba5e363937
1 /*
2 * Unix SMB/CIFS implementation.
4 * This file began with some code from source3/smbd/open.c and has been
5 * modified it work with ifs_createfile.
7 * ifs_createfile is a CIFS-specific syscall for opening/files and
8 * directories. It adds support for:
9 * - Full in-kernel access checks using a windows access_mask
10 * - Cluster-coherent share mode locks
11 * - Cluster-coherent oplocks
12 * - Streams
13 * - Setting security descriptors at create time
14 * - Setting dos_attributes at create time
16 * Copyright (C) Andrew Tridgell 1992-1998
17 * Copyright (C) Jeremy Allison 2001-2004
18 * Copyright (C) Volker Lendecke 2005
19 * Copyright (C) Tim Prouty, 2008
21 * This program is free software; you can redistribute it and/or modify
22 * it under the terms of the GNU General Public License as published by
23 * the Free Software Foundation; either version 3 of the License, or
24 * (at your option) any later version.
26 * This program is distributed in the hope that it will be useful,
27 * but WITHOUT ANY WARRANTY; without even the implied warranty of
28 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29 * GNU General Public License for more details.
31 * You should have received a copy of the GNU General Public License
32 * along with this program; if not, see <http://www.gnu.org/licenses/>.
35 #include "includes.h"
36 #include "onefs.h"
37 #include "onefs_config.h"
38 #include "oplock_onefs.h"
39 #include "smbd/globals.h"
41 extern const struct generic_mapping file_generic_mapping;
43 struct onefs_fsp_data {
44 uint64_t oplock_callback_id;
47 static NTSTATUS onefs_create_file_unixpath(connection_struct *conn,
48 struct smb_request *req,
49 struct smb_filename *smb_fname,
50 uint32_t access_mask,
51 uint32_t share_access,
52 uint32_t create_disposition,
53 uint32_t create_options,
54 uint32_t file_attributes,
55 uint32_t oplock_request,
56 uint64_t allocation_size,
57 struct security_descriptor *sd,
58 struct ea_list *ea_list,
59 files_struct **result,
60 int *pinfo,
61 struct onefs_fsp_data *fsp_data);
63 /****************************************************************************
64 Open a file.
65 ****************************************************************************/
67 static NTSTATUS onefs_open_file(files_struct *fsp,
68 connection_struct *conn,
69 struct smb_request *req,
70 const char *parent_dir,
71 struct smb_filename *smb_fname,
72 int flags,
73 mode_t unx_mode,
74 uint32 access_mask,
75 uint32 open_access_mask,
76 int oplock_request,
77 uint64 id,
78 uint32 share_access,
79 uint32 create_options,
80 uint32_t new_dos_attributes,
81 struct security_descriptor *sd,
82 int *granted_oplock)
84 struct smb_filename *smb_fname_onefs = NULL;
85 NTSTATUS status = NT_STATUS_OK;
86 int accmode = (flags & O_ACCMODE);
87 int local_flags = flags;
88 bool file_existed = VALID_STAT(smb_fname->st);
89 const char *wild;
90 int base_fd = -1;
92 fsp->fh->fd = -1;
93 errno = EPERM;
95 /* Check permissions */
98 * This code was changed after seeing a client open request
99 * containing the open mode of (DENY_WRITE/read-only) with
100 * the 'create if not exist' bit set. The previous code
101 * would fail to open the file read only on a read-only share
102 * as it was checking the flags parameter directly against O_RDONLY,
103 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
104 * JRA.
107 if (!CAN_WRITE(conn)) {
108 /* It's a read-only share - fail if we wanted to write. */
109 if(accmode != O_RDONLY) {
110 DEBUG(3, ("Permission denied opening %s\n",
111 smb_fname_str_dbg(smb_fname)));
112 return NT_STATUS_ACCESS_DENIED;
113 } else if(flags & O_CREAT) {
114 /* We don't want to write - but we must make sure that
115 O_CREAT doesn't create the file if we have write
116 access into the directory.
118 flags &= ~O_CREAT;
119 local_flags &= ~O_CREAT;
124 * This little piece of insanity is inspired by the
125 * fact that an NT client can open a file for O_RDONLY,
126 * but set the create disposition to FILE_EXISTS_TRUNCATE.
127 * If the client *can* write to the file, then it expects to
128 * truncate the file, even though it is opening for readonly.
129 * Quicken uses this stupid trick in backup file creation...
130 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
131 * for helping track this one down. It didn't bite us in 2.0.x
132 * as we always opened files read-write in that release. JRA.
135 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
136 DEBUG(10,("onefs_open_file: truncate requested on read-only "
137 "open for file %s\n", smb_fname_str_dbg(smb_fname)));
138 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
141 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
143 * We would block on opening a FIFO with no one else on the
144 * other end. Do what we used to do and add O_NONBLOCK to the
145 * open flags. JRA.
148 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
149 local_flags |= O_NONBLOCK;
151 #endif
153 /* Don't create files with Microsoft wildcard characters. */
154 if (fsp->base_fsp) {
156 * wildcard characters are allowed in stream names
157 * only test the basefilename
159 wild = fsp->base_fsp->fsp_name->base_name;
160 } else {
161 wild = smb_fname->base_name;
163 if ((local_flags & O_CREAT) && !file_existed &&
164 ms_has_wild(wild)) {
166 * XXX: may need to remvoe this return...
168 * We dont think this check needs to exist. All it does is
169 * block creating files with Microsoft wildcards, which is
170 * fine if the creation originated from NFS or locally and
171 * then was copied via Samba.
173 DEBUG(1, ("onefs_open_file: creating file with wildcard: %s\n",
174 smb_fname_str_dbg(smb_fname)));
175 return NT_STATUS_OBJECT_NAME_INVALID;
178 /* Actually do the open */
180 #ifdef O_NOFOLLOW
182 * Never follow symlinks on a POSIX client. The
183 * client should be doing this.
186 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
187 flags |= O_NOFOLLOW;
189 #endif
190 /* Setup a onefs-style smb_fname struct. */
191 status = onefs_stream_prep_smb_fname(talloc_tos(), smb_fname,
192 &smb_fname_onefs);
193 if (!NT_STATUS_IS_OK(status)) {
194 return status;
197 /* If it's a stream pass in the base_fd */
198 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
199 is_ntfs_stream_smb_fname(smb_fname_onefs)) {
200 SMB_ASSERT(fsp->base_fsp);
202 DEBUG(10, ("Opening a stream: base=%s(%d), stream=%s\n",
203 smb_fname_onefs->base_name, fsp->base_fsp->fh->fd,
204 smb_fname_onefs->stream_name));
206 base_fd = fsp->base_fsp->fh->fd;
209 fsp->fh->fd = onefs_sys_create_file(conn,
210 base_fd,
211 smb_fname_onefs->stream_name != NULL ?
212 smb_fname_onefs->stream_name :
213 smb_fname_onefs->base_name,
214 access_mask,
215 open_access_mask,
216 share_access,
217 create_options,
218 flags,
219 unx_mode,
220 oplock_request,
223 new_dos_attributes,
224 granted_oplock);
225 TALLOC_FREE(smb_fname_onefs);
227 if (fsp->fh->fd == -1) {
228 if (errno == EMFILE) {
229 static time_t last_warned = 0L;
231 if (time((time_t *) NULL) > last_warned) {
232 DEBUG(0, ("Too many open files, unable "
233 "to open more! smbd's max "
234 "open files = %d, also check "
235 "sysctl kern.maxfiles and "
236 "sysctl kern.maxfilesperproc\n",
237 lp_max_open_files()));
238 last_warned = time((time_t *) NULL);
242 status = map_nt_error_from_unix(errno);
243 DEBUG(3, ("Error opening file %s (%s) (local_flags=%d) "
244 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
245 strerror(errno), local_flags, flags));
246 return status;
249 if ((local_flags & O_CREAT) && !file_existed) {
251 /* Inherit the ACL if required */
252 if (lp_inherit_perms(SNUM(conn))) {
253 inherit_access_posix_acl(conn, parent_dir,
254 smb_fname->base_name, unx_mode);
257 /* Change the owner if required. */
258 if (lp_inherit_owner(SNUM(conn))) {
259 change_file_owner_to_parent(conn, parent_dir,
260 fsp);
263 notify_fname(conn, NOTIFY_ACTION_ADDED,
264 FILE_NOTIFY_CHANGE_FILE_NAME, smb_fname->base_name);
267 if (!file_existed) {
268 int ret;
270 if (fsp->fh->fd == -1) {
271 ret = SMB_VFS_STAT(conn, smb_fname);
272 } else {
273 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
274 /* If we have an fd, this stat should succeed. */
275 if (ret == -1) {
276 DEBUG(0, ("Error doing fstat on open file %s "
277 "(%s)\n",
278 smb_fname_str_dbg(smb_fname),
279 strerror(errno) ));
283 /* For a non-io open, this stat failing means file not found. JRA */
284 if (ret == -1) {
285 status = map_nt_error_from_unix(errno);
286 fd_close(fsp);
287 return status;
292 * POSIX allows read-only opens of directories. We don't
293 * want to do this (we use a different code path for this)
294 * so catch a directory open and return an EISDIR. JRA.
297 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
298 fd_close(fsp);
299 errno = EISDIR;
300 return NT_STATUS_FILE_IS_A_DIRECTORY;
303 fsp->mode = smb_fname->st.st_ex_mode;
304 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
305 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
306 fsp->file_pid = req ? req->smbpid : 0;
307 fsp->can_lock = True;
308 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
309 if (!CAN_WRITE(conn)) {
310 fsp->can_write = False;
311 } else {
312 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
313 True : False;
315 fsp->print_file = False;
316 fsp->modified = False;
317 fsp->sent_oplock_break = NO_BREAK_SENT;
318 fsp->is_directory = False;
319 if (conn->aio_write_behind_list &&
320 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
321 conn->case_sensitive)) {
322 fsp->aio_write_behind = True;
325 status = fsp_set_smb_fname(fsp, smb_fname);
326 if (!NT_STATUS_IS_OK(status)) {
327 fd_close(fsp);
328 errno = map_errno_from_nt_status(status);
329 return status;
332 fsp->wcp = NULL; /* Write cache pointer. */
334 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
335 conn->server_info->unix_name,
336 smb_fname_str_dbg(smb_fname),
337 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
338 conn->num_files_open));
340 errno = 0;
341 return NT_STATUS_OK;
344 /****************************************************************************
345 Handle the 1 second delay in returning a SHARING_VIOLATION error.
346 ****************************************************************************/
348 static void defer_open(struct share_mode_lock *lck,
349 struct timeval request_time,
350 struct timeval timeout,
351 struct smb_request *req,
352 struct deferred_open_record *state)
354 int i;
356 /* Paranoia check */
358 for (i=0; i<lck->num_share_modes; i++) {
359 struct share_mode_entry *e = &lck->share_modes[i];
361 if (!is_deferred_open_entry(e)) {
362 continue;
365 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
366 DEBUG(0, ("Trying to defer an already deferred "
367 "request: mid=%d, exiting\n", req->mid));
368 exit_server("attempt to defer a deferred request");
372 /* End paranoia check */
374 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
375 "open entry for mid %u\n",
376 (unsigned int)request_time.tv_sec,
377 (unsigned int)request_time.tv_usec,
378 (unsigned int)req->mid));
380 if (!push_deferred_smb_message(req, request_time, timeout,
381 (char *)state, sizeof(*state))) {
382 exit_server("push_deferred_smb_message failed");
384 add_deferred_open(lck, req->mid, request_time, state->id);
387 static void schedule_defer_open(struct share_mode_lock *lck,
388 struct timeval request_time,
389 struct smb_request *req)
391 struct deferred_open_record state;
393 /* This is a relative time, added to the absolute
394 request_time value to get the absolute timeout time.
395 Note that if this is the second or greater time we enter
396 this codepath for this particular request mid then
397 request_time is left as the absolute time of the *first*
398 time this request mid was processed. This is what allows
399 the request to eventually time out. */
401 struct timeval timeout;
403 /* Normally the smbd we asked should respond within
404 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
405 * the client did, give twice the timeout as a safety
406 * measure here in case the other smbd is stuck
407 * somewhere else. */
410 * On OneFS, the kernel will always send an oplock_revoked message
411 * before this timeout is hit.
413 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*10, 0);
415 /* Nothing actually uses state.delayed_for_oplocks
416 but it's handy to differentiate in debug messages
417 between a 30 second delay due to oplock break, and
418 a 1 second delay for share mode conflicts. */
420 state.delayed_for_oplocks = True;
421 state.failed = false;
422 state.id = lck->id;
424 if (!request_timed_out(request_time, timeout)) {
425 defer_open(lck, request_time, timeout, req, &state);
426 } else {
427 /* A delayed-for-oplocks deferred open timing out should only
428 * happen if there is a bug or extreme load, since we set the
429 * timeout to 300 seconds. */
430 DEBUG(0, ("Deferred open timeout! request_time=%d.%d, "
431 "mid=%d\n", request_time.tv_sec, request_time.tv_usec,
432 req->mid));
436 /****************************************************************************
437 Open a file with a share mode. Passed in an already created files_struct.
438 ****************************************************************************/
439 NTSTATUS onefs_open_file_ntcreate(connection_struct *conn,
440 struct smb_request *req,
441 struct smb_filename *smb_fname,
442 uint32 access_mask,
443 uint32 share_access,
444 uint32 create_disposition,
445 uint32 create_options,
446 uint32 new_dos_attributes,
447 int oplock_request,
448 struct security_descriptor *sd,
449 files_struct *fsp,
450 int *pinfo,
451 struct onefs_fsp_data *fsp_data)
453 int flags=0;
454 int flags2=0;
455 bool file_existed = VALID_STAT(smb_fname->st);
456 bool def_acl = False;
457 bool posix_open = False;
458 bool new_file_created = False;
459 bool clear_ads = False;
460 struct file_id id;
461 mode_t new_unx_mode = (mode_t)0;
462 mode_t unx_mode = (mode_t)0;
463 int info;
464 uint32 existing_dos_attributes = 0;
465 struct pending_message_list *pml = NULL;
466 struct timeval request_time = timeval_zero();
467 struct share_mode_lock *lck = NULL;
468 uint32 open_access_mask = access_mask;
469 NTSTATUS status;
470 int ret_flock;
471 char *parent_dir;
472 int granted_oplock;
473 uint64_t oplock_callback_id = 0;
474 uint32 createfile_attributes = 0;
476 ZERO_STRUCT(id);
478 if (conn->printer) {
480 * Printers are handled completely differently.
481 * Most of the passed parameters are ignored.
484 if (pinfo) {
485 *pinfo = FILE_WAS_CREATED;
488 DEBUG(10, ("onefs_open_file_ntcreate: printer open fname=%s\n",
489 smb_fname_str_dbg(smb_fname)));
491 return print_fsp_open(req, conn, smb_fname->base_name,
492 req->vuid, fsp);
495 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
496 NULL)) {
497 return NT_STATUS_NO_MEMORY;
500 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
501 posix_open = True;
502 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
503 new_dos_attributes = 0;
504 } else {
505 /* We add aARCH to this as this mode is only used if the file is
506 * created new. */
507 unx_mode = unix_mode(conn, new_dos_attributes | aARCH,
508 smb_fname, parent_dir);
511 DEBUG(10,("onefs_open_file_ntcreate: fname=%s, dos_attrs=0x%x "
512 "access_mask=0x%x share_access=0x%x "
513 "create_disposition = 0x%x create_options=0x%x "
514 "unix mode=0%o oplock_request=0x%x\n",
515 smb_fname_str_dbg(smb_fname), new_dos_attributes,
516 access_mask, share_access, create_disposition,
517 create_options, unx_mode, oplock_request));
520 * Any non-stat-only open has the potential to contend oplocks, which
521 * means to avoid blocking in the kernel (which is unacceptable), the
522 * open must be deferred. In order to defer opens, req must not be
523 * NULL. The known cases of calling with a NULL req:
525 * 1. Open the base file of a stream: Always done stat-only
527 * 2. open_file_fchmod(), which is called from 3 places:
528 * A. try_chown: Posix acls only. Never called on onefs.
529 * B. set_ea_dos_attributes: Can't be called from onefs, because
530 * SMB_VFS_SETXATTR return ENOSYS.
531 * C. file_set_dos_mode: This would only happen if the "dos
532 * filemode" smb.conf parameter is set to yes. We ship with
533 * it off, but if a customer were to turn it on it would be
534 * bad.
536 if (req == NULL && !is_stat_open(access_mask) &&
537 !is_ntfs_stream_smb_fname(smb_fname)) {
538 smb_panic("NULL req on a non-stat-open!");
541 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
542 DEBUG(0, ("No smb request but not an internal only open!\n"));
543 return NT_STATUS_INTERNAL_ERROR;
547 * Only non-internal opens can be deferred at all
550 if ((req != NULL)
551 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
552 struct deferred_open_record *state =
553 (struct deferred_open_record *)pml->private_data.data;
555 /* Remember the absolute time of the original
556 request with this mid. We'll use it later to
557 see if this has timed out. */
559 request_time = pml->request_time;
561 /* Remove the deferred open entry under lock. */
562 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
563 NULL);
564 if (lck == NULL) {
565 DEBUG(0, ("could not get share mode lock\n"));
566 } else {
567 del_deferred_open_entry(lck, req->mid);
568 TALLOC_FREE(lck);
571 /* Ensure we don't reprocess this message. */
572 remove_deferred_open_smb_message(req->mid);
575 * When receiving a semlock_async_failure message, the
576 * deferred open will be marked as "failed". Returning
577 * INTERNAL_ERROR.
579 if (state->failed) {
580 DEBUG(0, ("onefs_open_file_ntcreate: "
581 "semlock_async_failure detected!\n"));
582 return NT_STATUS_INTERNAL_ERROR;
586 status = check_name(conn, smb_fname->base_name);
587 if (!NT_STATUS_IS_OK(status)) {
588 return status;
591 if (!posix_open) {
592 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
593 if (file_existed) {
594 existing_dos_attributes = dos_mode(conn, smb_fname);
598 /* Setup dos_attributes to be set by ifs_createfile */
599 if (lp_store_dos_attributes(SNUM(conn))) {
600 createfile_attributes = (new_dos_attributes | aARCH) &
601 ~(FILE_ATTRIBUTE_NONINDEXED | FILE_ATTRIBUTE_COMPRESSED);
604 /* Ignore oplock requests if oplocks are disabled. */
605 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
606 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
607 /* Mask off everything except the private Samba bits. */
608 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
611 /* this is for OS/2 long file names - say we don't support them */
612 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
613 /* OS/2 Workplace shell fix may be main code stream in a later
614 * release. */
615 DEBUG(5,("onefs_open_file_ntcreate: OS/2 long filenames are "
616 "not supported.\n"));
617 if (use_nt_status()) {
618 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
620 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
623 switch( create_disposition ) {
625 * Currently we're using FILE_SUPERSEDE as the same as
626 * FILE_OVERWRITE_IF but they really are
627 * different. FILE_SUPERSEDE deletes an existing file
628 * (requiring delete access) then recreates it.
630 case FILE_SUPERSEDE:
632 * @todo: Clear all file attributes?
633 * http://www.osronline.com/article.cfm?article=302
634 * create if not exist, trunc if exist
636 * If file exists replace/overwrite. If file doesn't
637 * exist create.
639 flags2 |= (O_CREAT | O_TRUNC);
640 clear_ads = true;
641 break;
643 case FILE_OVERWRITE_IF:
644 /* If file exists replace/overwrite. If file doesn't
645 * exist create. */
646 flags2 |= (O_CREAT | O_TRUNC);
647 clear_ads = true;
648 break;
650 case FILE_OPEN:
651 /* If file exists open. If file doesn't exist error. */
652 if (!file_existed) {
653 DEBUG(5,("onefs_open_file_ntcreate: FILE_OPEN "
654 "requested for file %s and file "
655 "doesn't exist.\n",
656 smb_fname_str_dbg(smb_fname)));
657 errno = ENOENT;
658 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
660 break;
662 case FILE_OVERWRITE:
663 /* If file exists overwrite. If file doesn't exist
664 * error. */
665 if (!file_existed) {
666 DEBUG(5, ("onefs_open_file_ntcreate: "
667 "FILE_OVERWRITE requested for file "
668 "%s and file doesn't exist.\n",
669 smb_fname_str_dbg(smb_fname)));
670 errno = ENOENT;
671 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
673 flags2 |= O_TRUNC;
674 clear_ads = true;
675 break;
677 case FILE_CREATE:
678 /* If file exists error. If file doesn't exist
679 * create. */
680 if (file_existed) {
681 DEBUG(5, ("onefs_open_file_ntcreate: "
682 "FILE_CREATE requested for file %s "
683 "and file already exists.\n",
684 smb_fname_str_dbg(smb_fname)));
685 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
686 errno = EISDIR;
687 } else {
688 errno = EEXIST;
690 return map_nt_error_from_unix(errno);
692 flags2 |= (O_CREAT|O_EXCL);
693 break;
695 case FILE_OPEN_IF:
696 /* If file exists open. If file doesn't exist
697 * create. */
698 flags2 |= O_CREAT;
699 break;
701 default:
702 return NT_STATUS_INVALID_PARAMETER;
705 /* Match attributes on file exists and overwrite. */
706 if (!posix_open && file_existed &&
707 ((create_disposition == FILE_OVERWRITE) ||
708 (create_disposition == FILE_OVERWRITE_IF))) {
709 if (!open_match_attributes(conn, existing_dos_attributes,
710 new_dos_attributes,
711 smb_fname->st.st_ex_mode,
712 unx_mode, &new_unx_mode)) {
713 DEBUG(5, ("onefs_open_file_ntcreate: attributes "
714 "missmatch for file %s (%x %x) (0%o, 0%o)\n",
715 smb_fname_str_dbg(smb_fname),
716 existing_dos_attributes,
717 new_dos_attributes,
718 (unsigned int)smb_fname->st.st_ex_mode,
719 (unsigned int)unx_mode ));
720 errno = EACCES;
721 return NT_STATUS_ACCESS_DENIED;
726 * OneFS understands MAXIMUM_ALLOWED_ACCESS, so only hack the
727 * access_mask, but leave the MAA for the actual open in
728 * open_access_mask.
730 open_access_mask = access_mask;
731 if (open_access_mask & MAXIMUM_ALLOWED_ACCESS) {
732 access_mask |= FILE_GENERIC_ALL;
735 /* Convert GENERIC bits to specific bits. */
736 se_map_generic(&access_mask, &file_generic_mapping);
737 se_map_generic(&open_access_mask, &file_generic_mapping);
739 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
740 /* This will cause oplock breaks. */
741 open_access_mask |= FILE_WRITE_DATA;
744 DEBUG(10, ("onefs_open_file_ntcreate: fname=%s, after mapping "
745 "open_access_mask=%#x, access_mask=0x%x\n",
746 smb_fname_str_dbg(smb_fname), open_access_mask,
747 access_mask));
750 * Note that we ignore the append flag as append does not
751 * mean the same thing under DOS and Unix.
754 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
755 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
758 * DENY_DOS opens are always underlying read-write on the
759 * file handle, no matter what the requested access mask
760 * says. Stock samba just sets the flags, but since
761 * ifs_createfile uses the access_mask, it must be updated as
762 * well. This allows BASE-DENY* to pass.
764 if (create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) {
766 DEBUG(10,("onefs_open_file_ntcreate: deny_dos: "
767 "Adding O_RDWR to flags "
768 "(0x%x) and some READ bits to "
769 "open_access_mask (0x%x)\n",
770 flags, open_access_mask));
772 flags = O_RDWR;
773 open_access_mask |= (FILE_READ_ATTRIBUTES |
774 FILE_READ_DATA | FILE_READ_EA | FILE_EXECUTE);
776 } else if (access_mask & (FILE_READ_ATTRIBUTES |
777 FILE_READ_DATA |
778 FILE_READ_EA |
779 FILE_EXECUTE)) {
780 flags = O_RDWR;
781 } else {
782 flags = O_WRONLY;
784 } else {
785 flags = O_RDONLY;
788 /* Currently we only look at FILE_WRITE_THROUGH for create options. */
789 #if defined(O_SYNC)
790 if ((create_options & FILE_WRITE_THROUGH) &&
791 lp_strict_sync(SNUM(conn))) {
792 flags2 |= O_SYNC;
794 #endif /* O_SYNC */
796 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
797 flags2 |= O_APPEND;
800 if (!posix_open && !CAN_WRITE(conn)) {
802 * We should really return a permission denied error if either
803 * O_CREAT or O_TRUNC are set, but for compatibility with
804 * older versions of Samba we just AND them out.
806 flags2 &= ~(O_CREAT|O_TRUNC);
808 /* Deny DELETE_ACCESS explicitly if the share is read only. */
809 if (access_mask & DELETE_ACCESS) {
810 return map_nt_error_from_unix(EACCES);
814 /* Ensure we can't write on a read-only share or file. */
815 if (flags != O_RDONLY && file_existed &&
816 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
817 DEBUG(5, ("onefs_open_file_ntcreate: write access requested "
818 "for file %s on read only %s\n",
819 smb_fname_str_dbg(smb_fname),
820 !CAN_WRITE(conn) ? "share" : "file" ));
821 errno = EACCES;
822 return NT_STATUS_ACCESS_DENIED;
825 DEBUG(10, ("fsp = %p\n", fsp));
827 fsp->share_access = share_access;
828 fsp->fh->private_options = create_options;
829 fsp->access_mask = open_access_mask; /* We change this to the
830 * requested access_mask after
831 * the open is done. */
832 fsp->posix_open = posix_open;
834 /* Ensure no SAMBA_PRIVATE bits can be set. */
835 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
837 if (timeval_is_zero(&request_time)) {
838 request_time = fsp->open_time;
841 if (file_existed) {
842 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
843 id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
845 lck = get_share_mode_lock(talloc_tos(), id,
846 conn->connectpath,
847 smb_fname, &old_write_time);
849 if (lck == NULL) {
850 DEBUG(0, ("Could not get share mode lock\n"));
851 return NT_STATUS_SHARING_VIOLATION;
854 if (lck->delete_on_close) {
855 /* DELETE_PENDING is not deferred for a second */
856 TALLOC_FREE(lck);
857 return NT_STATUS_DELETE_PENDING;
861 SMB_ASSERT(!file_existed || (lck != NULL));
864 * Ensure we pay attention to default ACLs on directories. May be
865 * neccessary depending on ACL policies.
867 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
868 (def_acl = directory_has_default_acl(conn, parent_dir))) {
869 unx_mode = 0777;
872 DEBUG(4,("calling onefs_open_file with flags=0x%X flags2=0x%X "
873 "mode=0%o, access_mask = 0x%x, open_access_mask = 0x%x\n",
874 (unsigned int)flags, (unsigned int)flags2,
875 (unsigned int)unx_mode, (unsigned int)access_mask,
876 (unsigned int)open_access_mask));
879 * Since the open is guaranteed to be stat only if req == NULL, a
880 * callback record is only needed if req != NULL.
882 if (req) {
883 SMB_ASSERT(fsp_data);
884 oplock_callback_id = onefs_oplock_wait_record(req->mid);
885 if (oplock_callback_id == 0) {
886 return NT_STATUS_NO_MEMORY;
888 } else {
890 * It is also already asserted it's either a stream or a
891 * stat-only open at this point.
893 SMB_ASSERT(fsp->oplock_type == NO_OPLOCK);
895 /* The kernel and Samba's version of stat-only differs
896 * slightly: The kernel doesn't think its stat-only if we're
897 * truncating. We'd better have a req in order to defer the
898 * open. */
899 SMB_ASSERT(!((flags|flags2) & O_TRUNC));
902 /* Do the open. */
903 status = onefs_open_file(fsp,
904 conn,
905 req,
906 parent_dir,
907 smb_fname,
908 flags|flags2,
909 unx_mode,
910 access_mask,
911 open_access_mask,
912 fsp->oplock_type,
913 oplock_callback_id,
914 share_access,
915 create_options,
916 createfile_attributes,
918 &granted_oplock);
920 if (!NT_STATUS_IS_OK(status)) {
922 /* OneFS Oplock Handling */
923 if (errno == EINPROGRESS) {
925 /* If we get EINPROGRESS, the kernel will send us an
926 * asynchronous semlock event back. Ensure we can defer
927 * the open, by asserting req. */
928 SMB_ASSERT(req);
930 if (lck == NULL) {
932 * We hit the race that when we did the stat
933 * on the file it did not exist, and someone
934 * has created it in between the stat and the
935 * open_file() call. Defer our open waiting,
936 * to break the oplock of the first opener.
939 struct timespec old_write_time;
941 DEBUG(3, ("Someone created file %s with an "
942 "oplock after we looked: Retrying\n",
943 smb_fname_str_dbg(smb_fname)));
945 * We hit the race that when we did the stat
946 * on the file it did not exist, and someone
947 * has created it in between the stat and the
948 * open_file() call. Just retry immediately.
950 id = vfs_file_id_from_sbuf(conn,
951 &smb_fname->st);
952 if (!(lck = get_share_mode_lock(talloc_tos(),
953 id, conn->connectpath, smb_fname,
954 &old_write_time))) {
956 * Emergency exit
958 DEBUG(0, ("onefs_open_file_ntcreate: "
959 "Could not get share mode "
960 "lock for %s\n",
961 smb_fname_str_dbg(smb_fname)));
962 status = NT_STATUS_SHARING_VIOLATION;
964 /* XXXZLK: This will cause us to get a
965 * semlock event when we aren't
966 * expecting one. */
967 goto cleanup_destroy;
970 schedule_defer_open(lck, request_time, req);
971 goto cleanup;
973 /* Waiting for an oplock */
974 DEBUG(5,("Async createfile because a client has an "
975 "oplock on %s\n",
976 smb_fname_str_dbg(smb_fname)));
978 SMB_ASSERT(req);
979 schedule_defer_open(lck, request_time, req);
980 goto cleanup;
983 /* Check for a sharing violation */
984 if ((errno == EAGAIN) || (errno == EWOULDBLOCK)) {
985 uint32 can_access_mask;
986 bool can_access = True;
988 /* If we raced on open we may not have a valid file_id
989 * or stat buf. Get them again. */
990 if (SMB_VFS_STAT(conn, fname, psbuf) == -1) {
991 DEBUG(0,("Error doing stat on file %s "
992 "(%s)\n", fname, strerror(errno)));
993 status = NT_STATUS_SHARING_VIOLATION;
994 goto cleanup_destroy;
996 id = vfs_file_id_from_sbuf(conn, psbuf);
998 /* Check if this can be done with the deny_dos and fcb
999 * calls. */
1001 /* Try to find dup fsp if possible. */
1002 if (create_options &
1003 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1004 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1006 if (req == NULL) {
1007 DEBUG(0, ("DOS open without an SMB "
1008 "request!\n"));
1009 status = NT_STATUS_INTERNAL_ERROR;
1010 goto cleanup_destroy;
1013 /* Use the client requested access mask here,
1014 * not the one we open with. */
1015 status = fcb_or_dos_open(req,
1016 conn,
1017 fsp,
1018 smb_fname,
1020 req->smbpid,
1021 req->vuid,
1022 access_mask,
1023 share_access,
1024 create_options);
1026 if (NT_STATUS_IS_OK(status)) {
1027 if (pinfo) {
1028 *pinfo = FILE_WAS_OPENED;
1030 status = NT_STATUS_OK;
1031 goto cleanup;
1036 * This next line is a subtlety we need for
1037 * MS-Access. If a file open will fail due to share
1038 * permissions and also for security (access) reasons,
1039 * we need to return the access failed error, not the
1040 * share error. We can't open the file due to kernel
1041 * oplock deadlock (it's possible we failed above on
1042 * the open_mode_check()) so use a userspace check.
1045 if (flags & O_RDWR) {
1046 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1047 } else if (flags & O_WRONLY) {
1048 can_access_mask = FILE_WRITE_DATA;
1049 } else {
1050 can_access_mask = FILE_READ_DATA;
1053 if (((can_access_mask & FILE_WRITE_DATA) &&
1054 !CAN_WRITE(conn)) ||
1055 !can_access_file_data(conn, smb_fname,
1056 can_access_mask)) {
1057 can_access = False;
1061 * If we're returning a share violation, ensure we
1062 * cope with the braindead 1 second delay.
1064 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1065 lp_defer_sharing_violations()) {
1066 struct timeval timeout;
1067 struct deferred_open_record state;
1068 int timeout_usecs;
1070 /* this is a hack to speed up torture tests
1071 in 'make test' */
1072 timeout_usecs = lp_parm_int(SNUM(conn),
1073 "smbd","sharedelay",
1074 SHARING_VIOLATION_USEC_WAIT);
1076 /* This is a relative time, added to the
1077 absolute request_time value to get the
1078 absolute timeout time. Note that if this
1079 is the second or greater time we enter this
1080 codepath for this particular request mid
1081 then request_time is left as the absolute
1082 time of the *first* time this request mid
1083 was processed. This is what allows the
1084 request to eventually time out. */
1086 timeout = timeval_set(0, timeout_usecs);
1088 /* Nothing actually uses
1089 state.delayed_for_oplocks but it's handy to
1090 differentiate in debug messages between a
1091 30 second delay due to oplock break, and a
1092 1 second delay for share mode conflicts. */
1094 state.delayed_for_oplocks = False;
1095 state.id = id;
1096 state.failed = false;
1099 * We hit the race that when we did the stat
1100 * on the file it did not exist, and someone
1101 * has created it in between the stat and the
1102 * open_file() call. Retrieve the share_mode
1103 * lock on the newly opened file so we can
1104 * defer our request.
1106 if (lck == NULL) {
1107 struct timespec old_write_time;
1108 old_write_time = get_mtimespec(psbuf);
1110 lck = get_share_mode_lock(talloc_tos(),
1111 id, conn->connectpath, fname,
1112 &old_write_time);
1113 if (lck == NULL) {
1114 DEBUG(0,
1115 ("onefs_open_file_ntcreate:"
1116 " Could not get share "
1117 "mode lock for %s\n",
1118 fname));
1119 /* This will cause us to return
1120 * immediately skipping the
1121 * the 1 second delay, which
1122 * isn't a big deal */
1123 status = NT_STATUS_SHARING_VIOLATION;
1124 goto cleanup_destroy;
1128 if ((req != NULL) &&
1129 !request_timed_out(request_time, timeout))
1131 defer_open(lck, request_time, timeout,
1132 req, &state);
1136 if (can_access) {
1138 * We have detected a sharing violation here
1139 * so return the correct error code
1141 status = NT_STATUS_SHARING_VIOLATION;
1142 } else {
1143 status = NT_STATUS_ACCESS_DENIED;
1146 goto cleanup_destroy;
1150 * Normal error, for example EACCES
1152 cleanup_destroy:
1153 if (oplock_callback_id != 0) {
1154 destroy_onefs_callback_record(oplock_callback_id);
1156 cleanup:
1157 TALLOC_FREE(lck);
1158 return status;
1161 fsp->oplock_type = granted_oplock;
1163 if (oplock_callback_id != 0) {
1164 onefs_set_oplock_callback(oplock_callback_id, fsp);
1165 fsp_data->oplock_callback_id = oplock_callback_id;
1166 } else {
1167 SMB_ASSERT(fsp->oplock_type == NO_OPLOCK);
1170 if (!file_existed) {
1171 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
1173 * Deal with the race condition where two smbd's detect the
1174 * file doesn't exist and do the create at the same time. One
1175 * of them will win and set a share mode, the other (ie. this
1176 * one) should check if the requested share mode for this
1177 * create is allowed.
1181 * Now the file exists and fsp is successfully opened,
1182 * fsp->file_id is valid and should replace the
1183 * dev=0, inode=0 from a non existent file. Spotted by
1184 * Nadav Danieli <nadavd@exanet.com>. JRA.
1187 id = fsp->file_id;
1189 lck = get_share_mode_lock(talloc_tos(), id,
1190 conn->connectpath,
1191 smb_fname, &old_write_time);
1193 if (lck == NULL) {
1194 DEBUG(0, ("onefs_open_file_ntcreate: Could not get "
1195 "share mode lock for %s\n",
1196 smb_fname_str_dbg(smb_fname)));
1197 fd_close(fsp);
1198 return NT_STATUS_SHARING_VIOLATION;
1201 if (lck->delete_on_close) {
1202 status = NT_STATUS_DELETE_PENDING;
1205 if (!NT_STATUS_IS_OK(status)) {
1206 struct deferred_open_record state;
1208 fd_close(fsp);
1210 state.delayed_for_oplocks = False;
1211 state.id = id;
1213 /* Do it all over again immediately. In the second
1214 * round we will find that the file existed and handle
1215 * the DELETE_PENDING and FCB cases correctly. No need
1216 * to duplicate the code here. Essentially this is a
1217 * "goto top of this function", but don't tell
1218 * anybody... */
1220 if (req != NULL) {
1221 defer_open(lck, request_time, timeval_zero(),
1222 req, &state);
1224 TALLOC_FREE(lck);
1225 return status;
1229 * We exit this block with the share entry *locked*.....
1234 SMB_ASSERT(lck != NULL);
1236 /* Delete streams if create_disposition requires it */
1237 if (file_existed && clear_ads &&
1238 !is_ntfs_stream_smb_fname(smb_fname)) {
1239 status = delete_all_streams(conn, smb_fname->base_name);
1240 if (!NT_STATUS_IS_OK(status)) {
1241 TALLOC_FREE(lck);
1242 fd_close(fsp);
1243 return status;
1247 /* note that we ignore failure for the following. It is
1248 basically a hack for NFS, and NFS will never set one of
1249 these only read them. Nobody but Samba can ever set a deny
1250 mode and we have already checked our more authoritative
1251 locking database for permission to set this deny mode. If
1252 the kernel refuses the operations then the kernel is wrong.
1253 note that GPFS supports it as well - jmcd */
1255 if (fsp->fh->fd != -1) {
1256 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
1257 if(ret_flock == -1 ){
1259 TALLOC_FREE(lck);
1260 fd_close(fsp);
1261 return NT_STATUS_SHARING_VIOLATION;
1266 * At this point onwards, we can guarentee that the share entry
1267 * is locked, whether we created the file or not, and that the
1268 * deny mode is compatible with all current opens.
1271 /* Record the options we were opened with. */
1272 fsp->share_access = share_access;
1273 fsp->fh->private_options = create_options;
1275 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
1277 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
1279 if (file_existed) {
1280 /* stat opens on existing files don't get oplocks. */
1281 if (is_stat_open(open_access_mask)) {
1282 fsp->oplock_type = NO_OPLOCK;
1285 if (!(flags2 & O_TRUNC)) {
1286 info = FILE_WAS_OPENED;
1287 } else {
1288 info = FILE_WAS_OVERWRITTEN;
1290 } else {
1291 info = FILE_WAS_CREATED;
1294 if (pinfo) {
1295 *pinfo = info;
1299 * Setup the oplock info in both the shared memory and
1300 * file structs.
1303 if ((fsp->oplock_type != NO_OPLOCK) &&
1304 (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) {
1305 if (!set_file_oplock(fsp, fsp->oplock_type)) {
1306 /* Could not get the kernel oplock */
1307 fsp->oplock_type = NO_OPLOCK;
1311 if (fsp->oplock_type == LEVEL_II_OPLOCK &&
1312 (!lp_level2_oplocks(SNUM(conn)) ||
1313 !(global_client_caps & CAP_LEVEL_II_OPLOCKS))) {
1315 DEBUG(5, ("Downgrading level2 oplock on open "
1316 "because level2 oplocks = off\n"));
1318 release_file_oplock(fsp);
1321 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED ||
1322 info == FILE_WAS_SUPERSEDED) {
1323 new_file_created = True;
1326 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
1327 fsp->oplock_type);
1329 /* Handle strange delete on close create semantics. */
1330 if (create_options & FILE_DELETE_ON_CLOSE) {
1331 status = can_set_delete_on_close(fsp, new_dos_attributes);
1333 if (!NT_STATUS_IS_OK(status)) {
1334 /* Remember to delete the mode we just added. */
1335 del_share_mode(lck, fsp);
1336 TALLOC_FREE(lck);
1337 fd_close(fsp);
1338 return status;
1340 /* Note that here we set the *inital* delete on close flag,
1341 not the regular one. The magic gets handled in close. */
1342 fsp->initial_delete_on_close = True;
1346 * Take care of inherited ACLs on created files - if default ACL not
1347 * selected.
1348 * May be necessary depending on acl policies.
1350 if (!posix_open && !file_existed && !def_acl &&
1351 !(VALID_STAT(smb_fname->st) &&
1352 (smb_fname->st.st_ex_flags & SF_HASNTFSACL))) {
1354 int saved_errno = errno; /* We might get ENOSYS in the next
1355 * call.. */
1357 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
1358 errno == ENOSYS) {
1359 errno = saved_errno; /* Ignore ENOSYS */
1362 } else if (new_unx_mode) {
1364 int ret = -1;
1366 /* Attributes need changing. File already existed. */
1369 int saved_errno = errno; /* We might get ENOSYS in the
1370 * next call.. */
1371 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
1373 if (ret == -1 && errno == ENOSYS) {
1374 errno = saved_errno; /* Ignore ENOSYS */
1375 } else {
1376 DEBUG(5, ("onefs_open_file_ntcreate: reset "
1377 "attributes of file %s to 0%o\n",
1378 smb_fname_str_dbg(smb_fname),
1379 (unsigned int)new_unx_mode));
1380 ret = 0; /* Don't do the fchmod below. */
1384 if ((ret == -1) &&
1385 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
1386 DEBUG(5, ("onefs_open_file_ntcreate: failed to reset "
1387 "attributes of file %s to 0%o\n",
1388 smb_fname_str_dbg(smb_fname),
1389 (unsigned int)new_unx_mode));
1392 /* If this is a successful open, we must remove any deferred open
1393 * records. */
1394 if (req != NULL) {
1395 del_deferred_open_entry(lck, req->mid);
1397 TALLOC_FREE(lck);
1399 return NT_STATUS_OK;
1403 /****************************************************************************
1404 Open a directory from an NT SMB call.
1405 ****************************************************************************/
1406 static NTSTATUS onefs_open_directory(connection_struct *conn,
1407 struct smb_request *req,
1408 struct smb_filename *smb_dname,
1409 uint32 access_mask,
1410 uint32 share_access,
1411 uint32 create_disposition,
1412 uint32 create_options,
1413 uint32 file_attributes,
1414 struct security_descriptor *sd,
1415 files_struct **result,
1416 int *pinfo)
1418 files_struct *fsp = NULL;
1419 struct share_mode_lock *lck = NULL;
1420 NTSTATUS status;
1421 struct timespec mtimespec;
1422 int info = 0;
1423 char *parent_dir;
1424 bool posix_open = false;
1425 uint32 create_flags = 0;
1426 uint32 mode = lp_dir_mask(SNUM(conn));
1428 DEBUG(5, ("onefs_open_directory: opening directory %s, "
1429 "access_mask = 0x%x, "
1430 "share_access = 0x%x create_options = 0x%x, "
1431 "create_disposition = 0x%x, file_attributes = 0x%x\n",
1432 smb_fname_str_dbg(smb_dname), (unsigned int)access_mask,
1433 (unsigned int)share_access, (unsigned int)create_options,
1434 (unsigned int)create_disposition,
1435 (unsigned int)file_attributes));
1437 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
1438 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
1439 is_ntfs_stream_smb_fname(smb_dname)) {
1440 DEBUG(2, ("onefs_open_directory: %s is a stream name!\n",
1441 smb_fname_str_dbg(smb_dname)));
1442 return NT_STATUS_NOT_A_DIRECTORY;
1445 switch (create_disposition) {
1446 case FILE_OPEN:
1447 /* If directory exists open. If directory doesn't
1448 * exist error. */
1449 create_flags = 0;
1450 info = FILE_WAS_OPENED;
1451 break;
1452 case FILE_CREATE:
1453 /* If directory exists error. If directory doesn't
1454 * exist create. */
1455 create_flags = O_CREAT | O_EXCL;
1456 info = FILE_WAS_CREATED;
1457 break;
1458 case FILE_OPEN_IF:
1459 /* If directory exists open. If directory doesn't
1460 * exist create. */
1462 /* Note: in order to return whether the directory was
1463 * opened or created, we first try to open and then try
1464 * to create. */
1465 create_flags = 0;
1466 info = FILE_WAS_OPENED;
1467 break;
1468 case FILE_SUPERSEDE:
1469 case FILE_OVERWRITE:
1470 case FILE_OVERWRITE_IF:
1471 default:
1472 DEBUG(5, ("onefs_open_directory: invalid "
1473 "create_disposition 0x%x for directory %s\n",
1474 (unsigned int)create_disposition,
1475 smb_fname_str_dbg(smb_dname)));
1476 return NT_STATUS_INVALID_PARAMETER;
1480 * Check for write access to the share. Done in mkdir_internal() in
1481 * mainline samba.
1483 if (!CAN_WRITE(conn) && (create_flags & O_CREAT)) {
1484 return NT_STATUS_ACCESS_DENIED;
1487 /* Get parent dirname */
1488 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
1489 NULL)) {
1490 return NT_STATUS_NO_MEMORY;
1493 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1494 posix_open = true;
1495 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1496 file_attributes = 0;
1497 } else {
1498 mode = unix_mode(conn, aDIR, smb_dname, parent_dir);
1502 * The NONINDEXED and COMPRESSED bits seem to always be cleared on
1503 * directories, no matter if you specify that they should be set.
1505 file_attributes &=
1506 ~(FILE_ATTRIBUTE_NONINDEXED | FILE_ATTRIBUTE_COMPRESSED);
1508 status = file_new(req, conn, &fsp);
1509 if(!NT_STATUS_IS_OK(status)) {
1510 return status;
1514 * Actual open with retry magic to handle FILE_OPEN_IF which is
1515 * unique because the kernel won't tell us if the file was opened or
1516 * created.
1518 retry_open:
1519 fsp->fh->fd = onefs_sys_create_file(conn,
1521 smb_dname->base_name,
1522 access_mask,
1523 access_mask,
1524 share_access,
1525 create_options,
1526 create_flags | O_DIRECTORY,
1527 mode,
1531 file_attributes,
1532 NULL);
1534 if (fsp->fh->fd == -1) {
1535 DEBUG(3, ("Error opening %s. Errno=%d (%s).\n",
1536 smb_fname_str_dbg(smb_dname), errno,
1537 strerror(errno)));
1538 SMB_ASSERT(errno != EINPROGRESS);
1540 if (create_disposition == FILE_OPEN_IF) {
1541 if (errno == ENOENT) {
1542 /* Try again, creating it this time. */
1543 create_flags = O_CREAT | O_EXCL;
1544 info = FILE_WAS_CREATED;
1545 goto retry_open;
1546 } else if (errno == EEXIST) {
1547 /* Uggh. Try again again. */
1548 create_flags = 0;
1549 info = FILE_WAS_OPENED;
1550 goto retry_open;
1554 /* Error cases below: */
1555 file_free(req, fsp);
1557 if ((errno == ENOENT) && (create_disposition == FILE_OPEN)) {
1558 DEBUG(5, ("onefs_open_directory: FILE_OPEN requested "
1559 "for directory %s and it doesn't "
1560 "exist.\n", smb_fname_str_dbg(smb_dname)));
1561 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1562 } else if ((errno == EEXIST) &&
1563 (create_disposition == FILE_CREATE)) {
1564 DEBUG(5, ("onefs_open_directory: FILE_CREATE "
1565 "requested for directory %s and it "
1566 "already exists.\n",
1567 smb_fname_str_dbg(smb_dname)));
1568 return NT_STATUS_OBJECT_NAME_COLLISION;
1569 } else if ((errno == EAGAIN) || (errno == EWOULDBLOCK)) {
1570 /* Catch sharing violations. */
1571 return NT_STATUS_SHARING_VIOLATION;
1574 return map_nt_error_from_unix(errno);
1577 if (info == FILE_WAS_CREATED) {
1579 /* Pulled from mkdir_internal() */
1580 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
1581 DEBUG(2, ("Could not stat directory '%s' just "
1582 "created: %s\n",
1583 smb_fname_str_dbg(smb_dname),
1584 strerror(errno)));
1585 return map_nt_error_from_unix(errno);
1588 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
1589 DEBUG(0, ("Directory just '%s' created is not a "
1590 "directory\n",
1591 smb_fname_str_dbg(smb_dname)));
1592 return NT_STATUS_ACCESS_DENIED;
1595 if (!posix_open) {
1597 * Check if high bits should have been set, then (if
1598 * bits are missing): add them. Consider bits
1599 * automagically set by UNIX, i.e. SGID bit from
1600 * parent dir.
1602 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) &&
1603 (mode & ~smb_dname->st.st_ex_mode)) {
1604 SMB_VFS_CHMOD(conn, smb_dname->base_name,
1605 (smb_dname->st.st_ex_mode |
1606 (mode & ~smb_dname->st.st_ex_mode)));
1610 /* Change the owner if required. */
1611 if (lp_inherit_owner(SNUM(conn))) {
1612 change_dir_owner_to_parent(conn, parent_dir,
1613 smb_dname->base_name,
1614 &smb_dname->st);
1617 notify_fname(conn, NOTIFY_ACTION_ADDED,
1618 FILE_NOTIFY_CHANGE_DIR_NAME,
1619 smb_dname->base_name);
1622 /* Stat the fd for Samba bookkeeping. */
1623 if(SMB_VFS_FSTAT(fsp, &smb_dname->st) != 0) {
1624 fd_close(fsp);
1625 file_free(req, fsp);
1626 return map_nt_error_from_unix(errno);
1629 /* Setup the files_struct for it. */
1630 fsp->mode = smb_dname->st.st_ex_mode;
1631 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
1632 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
1633 fsp->file_pid = req ? req->smbpid : 0;
1634 fsp->can_lock = False;
1635 fsp->can_read = False;
1636 fsp->can_write = False;
1638 fsp->share_access = share_access;
1639 fsp->fh->private_options = create_options;
1641 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
1643 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
1644 fsp->print_file = False;
1645 fsp->modified = False;
1646 fsp->oplock_type = NO_OPLOCK;
1647 fsp->sent_oplock_break = NO_BREAK_SENT;
1648 fsp->is_directory = True;
1649 fsp->posix_open = posix_open;
1651 status = fsp_set_smb_fname(fsp, smb_dname);
1652 if (!NT_STATUS_IS_OK(status)) {
1653 fd_close(fsp);
1654 file_free(req, fsp);
1655 return status;
1658 mtimespec = smb_dname->st.st_ex_mtime;
1661 * Still set the samba share mode lock for correct delete-on-close
1662 * semantics and to make smbstatus more useful.
1664 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
1665 conn->connectpath, smb_dname, &mtimespec);
1667 if (lck == NULL) {
1668 DEBUG(0, ("onefs_open_directory: Could not get share mode "
1669 "lock for %s\n", smb_fname_str_dbg(smb_dname)));
1670 fd_close(fsp);
1671 file_free(req, fsp);
1672 return NT_STATUS_SHARING_VIOLATION;
1675 if (lck->delete_on_close) {
1676 TALLOC_FREE(lck);
1677 fd_close(fsp);
1678 file_free(req, fsp);
1679 return NT_STATUS_DELETE_PENDING;
1682 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
1685 * For directories the delete on close bit at open time seems
1686 * always to be honored on close... See test 19 in Samba4 BASE-DELETE.
1688 if (create_options & FILE_DELETE_ON_CLOSE) {
1689 status = can_set_delete_on_close(fsp, 0);
1690 if (!NT_STATUS_IS_OK(status) &&
1691 !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
1692 TALLOC_FREE(lck);
1693 fd_close(fsp);
1694 file_free(req, fsp);
1695 return status;
1698 if (NT_STATUS_IS_OK(status)) {
1699 /* Note that here we set the *inital* delete on close flag,
1700 not the regular one. The magic gets handled in close. */
1701 fsp->initial_delete_on_close = True;
1705 TALLOC_FREE(lck);
1707 if (pinfo) {
1708 *pinfo = info;
1711 *result = fsp;
1712 return NT_STATUS_OK;
1716 * Wrapper around onefs_open_file_ntcreate and onefs_open_directory.
1718 static NTSTATUS onefs_create_file_unixpath(connection_struct *conn,
1719 struct smb_request *req,
1720 struct smb_filename *smb_fname,
1721 uint32_t access_mask,
1722 uint32_t share_access,
1723 uint32_t create_disposition,
1724 uint32_t create_options,
1725 uint32_t file_attributes,
1726 uint32_t oplock_request,
1727 uint64_t allocation_size,
1728 struct security_descriptor *sd,
1729 struct ea_list *ea_list,
1730 files_struct **result,
1731 int *pinfo,
1732 struct onefs_fsp_data *fsp_data)
1734 int info = FILE_WAS_OPENED;
1735 files_struct *base_fsp = NULL;
1736 files_struct *fsp = NULL;
1737 NTSTATUS status;
1739 DEBUG(10,("onefs_create_file_unixpath: access_mask = 0x%x "
1740 "file_attributes = 0x%x, share_access = 0x%x, "
1741 "create_disposition = 0x%x create_options = 0x%x "
1742 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
1743 "fname = %s\n",
1744 (unsigned int)access_mask,
1745 (unsigned int)file_attributes,
1746 (unsigned int)share_access,
1747 (unsigned int)create_disposition,
1748 (unsigned int)create_options,
1749 (unsigned int)oplock_request,
1750 ea_list, sd, smb_fname_str_dbg(smb_fname)));
1752 if (create_options & FILE_OPEN_BY_FILE_ID) {
1753 status = NT_STATUS_NOT_SUPPORTED;
1754 goto fail;
1757 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
1758 status = NT_STATUS_INVALID_PARAMETER;
1759 goto fail;
1762 if (req == NULL) {
1763 SMB_ASSERT((oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK) ==
1764 NO_OPLOCK);
1765 oplock_request |= INTERNAL_OPEN_ONLY;
1768 if (lp_parm_bool(SNUM(conn), PARM_ONEFS_TYPE,
1769 PARM_IGNORE_SACLS, PARM_IGNORE_SACLS_DEFAULT)) {
1770 access_mask &= ~SYSTEM_SECURITY_ACCESS;
1773 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
1774 && (access_mask & DELETE_ACCESS)
1775 && !is_ntfs_stream_smb_fname(smb_fname)) {
1777 * We can't open a file with DELETE access if any of the
1778 * streams is open without FILE_SHARE_DELETE
1780 status = open_streams_for_delete(conn, smb_fname->base_name);
1782 if (!NT_STATUS_IS_OK(status)) {
1783 goto fail;
1787 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
1788 && is_ntfs_stream_smb_fname(smb_fname)) {
1789 uint32 base_create_disposition;
1790 struct smb_filename *smb_fname_base = NULL;
1792 if (create_options & FILE_DIRECTORY_FILE) {
1793 status = NT_STATUS_NOT_A_DIRECTORY;
1794 goto fail;
1797 switch (create_disposition) {
1798 case FILE_OPEN:
1799 base_create_disposition = FILE_OPEN;
1800 break;
1801 default:
1802 base_create_disposition = FILE_OPEN_IF;
1803 break;
1806 /* Create an smb_filename with stream_name == NULL. */
1807 status = create_synthetic_smb_fname(talloc_tos(),
1808 smb_fname->base_name,
1809 NULL, NULL,
1810 &smb_fname_base);
1811 if (!NT_STATUS_IS_OK(status)) {
1812 goto fail;
1815 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
1816 DEBUG(10, ("Unable to stat stream: %s\n",
1817 smb_fname_str_dbg(smb_fname_base)));
1820 status = onefs_create_file_unixpath(
1821 conn, /* conn */
1822 NULL, /* req */
1823 smb_fname_base, /* fname */
1824 SYNCHRONIZE_ACCESS, /* access_mask */
1825 (FILE_SHARE_READ |
1826 FILE_SHARE_WRITE |
1827 FILE_SHARE_DELETE), /* share_access */
1828 base_create_disposition, /* create_disposition*/
1829 0, /* create_options */
1830 file_attributes, /* file_attributes */
1831 NO_OPLOCK, /* oplock_request */
1832 0, /* allocation_size */
1833 NULL, /* sd */
1834 NULL, /* ea_list */
1835 &base_fsp, /* result */
1836 NULL, /* pinfo */
1837 NULL); /* fsp_data */
1839 TALLOC_FREE(smb_fname_base);
1841 if (!NT_STATUS_IS_OK(status)) {
1842 DEBUG(10, ("onefs_create_file_unixpath for base %s "
1843 "failed: %s\n", smb_fname->base_name,
1844 nt_errstr(status)));
1845 goto fail;
1849 * Testing against windows xp/2003/vista shows that oplocks
1850 * can actually be requested and granted on streams (see the
1851 * RAW-OPLOCK-STREAM1 smbtorture test).
1853 if ((oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK) !=
1854 NO_OPLOCK) {
1855 DEBUG(5, ("Oplock(%d) being requested on a stream! "
1856 "Ignoring oplock request: fname=%s\n",
1857 oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK,
1858 smb_fname_str_dbg(smb_fname)));
1859 /* Request NO_OPLOCK instead. */
1860 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1864 /* Covert generic bits in the security descriptor. */
1865 if (sd != NULL) {
1866 security_acl_map_generic(sd->dacl, &file_generic_mapping);
1867 security_acl_map_generic(sd->sacl, &file_generic_mapping);
1871 * If it's a request for a directory open, deal with it separately.
1874 if (create_options & FILE_DIRECTORY_FILE) {
1876 if (create_options & FILE_NON_DIRECTORY_FILE) {
1877 status = NT_STATUS_INVALID_PARAMETER;
1878 goto fail;
1881 /* Can't open a temp directory. IFS kit test. */
1882 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
1883 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
1884 status = NT_STATUS_INVALID_PARAMETER;
1885 goto fail;
1889 * We will get a create directory here if the Win32
1890 * app specified a security descriptor in the
1891 * CreateDirectory() call.
1894 status = onefs_open_directory(
1895 conn, /* conn */
1896 req, /* req */
1897 smb_fname, /* fname */
1898 access_mask, /* access_mask */
1899 share_access, /* share_access */
1900 create_disposition, /* create_disposition*/
1901 create_options, /* create_options */
1902 file_attributes, /* file_attributes */
1903 sd, /* sd */
1904 &fsp, /* result */
1905 &info); /* pinfo */
1906 } else {
1909 * Ordinary file case.
1912 status = file_new(req, conn, &fsp);
1913 if(!NT_STATUS_IS_OK(status)) {
1914 goto fail;
1918 * We're opening the stream element of a base_fsp
1919 * we already opened. Set up the base_fsp pointer.
1921 if (base_fsp) {
1922 fsp->base_fsp = base_fsp;
1925 status = onefs_open_file_ntcreate(
1926 conn, /* conn */
1927 req, /* req */
1928 smb_fname, /* fname */
1929 access_mask, /* access_mask */
1930 share_access, /* share_access */
1931 create_disposition, /* create_disposition*/
1932 create_options, /* create_options */
1933 file_attributes, /* file_attributes */
1934 oplock_request, /* oplock_request */
1935 sd, /* sd */
1936 fsp, /* result */
1937 &info, /* pinfo */
1938 fsp_data); /* fsp_data */
1940 if(!NT_STATUS_IS_OK(status)) {
1941 file_free(req, fsp);
1942 fsp = NULL;
1945 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
1947 /* A stream open never opens a directory */
1949 if (base_fsp) {
1950 status = NT_STATUS_FILE_IS_A_DIRECTORY;
1951 goto fail;
1955 * Fail the open if it was explicitly a non-directory
1956 * file.
1959 if (create_options & FILE_NON_DIRECTORY_FILE) {
1960 status = NT_STATUS_FILE_IS_A_DIRECTORY;
1961 goto fail;
1964 create_options |= FILE_DIRECTORY_FILE;
1966 status = onefs_open_directory(
1967 conn, /* conn */
1968 req, /* req */
1969 smb_fname, /* fname */
1970 access_mask, /* access_mask */
1971 share_access, /* share_access */
1972 create_disposition, /* create_disposition*/
1973 create_options, /* create_options */
1974 file_attributes, /* file_attributes */
1975 sd, /* sd */
1976 &fsp, /* result */
1977 &info); /* pinfo */
1981 if (!NT_STATUS_IS_OK(status)) {
1982 goto fail;
1985 fsp->base_fsp = base_fsp;
1987 SMB_ASSERT(fsp);
1989 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
1990 status = set_ea(conn, fsp, smb_fname, ea_list);
1991 if (!NT_STATUS_IS_OK(status)) {
1992 goto fail;
1996 if (!fsp->is_directory && S_ISDIR(smb_fname->st.st_ex_mode)) {
1997 status = NT_STATUS_ACCESS_DENIED;
1998 goto fail;
2001 /* Save the requested allocation size. */
2002 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
2003 if (allocation_size
2004 && (allocation_size > smb_fname->st.st_ex_size)) {
2005 fsp->initial_allocation_size = smb_roundup(
2006 fsp->conn, allocation_size);
2007 if (fsp->is_directory) {
2008 /* Can't set allocation size on a directory. */
2009 status = NT_STATUS_ACCESS_DENIED;
2010 goto fail;
2012 if (vfs_allocate_file_space(
2013 fsp, fsp->initial_allocation_size) == -1) {
2014 status = NT_STATUS_DISK_FULL;
2015 goto fail;
2017 } else {
2018 fsp->initial_allocation_size = smb_roundup(
2019 fsp->conn, (uint64_t)smb_fname->st.st_ex_size);
2023 DEBUG(10, ("onefs_create_file_unixpath: info=%d\n", info));
2025 *result = fsp;
2026 if (pinfo != NULL) {
2027 *pinfo = info;
2029 if ((fsp->fh != NULL) && (fsp->fh->fd != -1)) {
2030 SMB_VFS_FSTAT(fsp, &smb_fname->st);
2032 return NT_STATUS_OK;
2034 fail:
2035 DEBUG(10, ("onefs_create_file_unixpath: %s\n", nt_errstr(status)));
2037 if (fsp != NULL) {
2038 if (base_fsp && fsp->base_fsp == base_fsp) {
2040 * The close_file below will close
2041 * fsp->base_fsp.
2043 base_fsp = NULL;
2045 close_file(req, fsp, ERROR_CLOSE);
2046 fsp = NULL;
2048 if (base_fsp != NULL) {
2049 close_file(req, base_fsp, ERROR_CLOSE);
2050 base_fsp = NULL;
2052 return status;
2055 static void destroy_onefs_fsp_data(void *p_data)
2057 struct onefs_fsp_data *fsp_data = (struct onefs_fsp_data *)p_data;
2059 destroy_onefs_callback_record(fsp_data->oplock_callback_id);
2063 * SMB_VFS_CREATE_FILE interface to onefs.
2065 NTSTATUS onefs_create_file(vfs_handle_struct *handle,
2066 struct smb_request *req,
2067 uint16_t root_dir_fid,
2068 struct smb_filename *smb_fname,
2069 uint32_t access_mask,
2070 uint32_t share_access,
2071 uint32_t create_disposition,
2072 uint32_t create_options,
2073 uint32_t file_attributes,
2074 uint32_t oplock_request,
2075 uint64_t allocation_size,
2076 struct security_descriptor *sd,
2077 struct ea_list *ea_list,
2078 files_struct **result,
2079 int *pinfo)
2081 connection_struct *conn = handle->conn;
2082 struct onefs_fsp_data fsp_data = {};
2083 int info = FILE_WAS_OPENED;
2084 files_struct *fsp = NULL;
2085 NTSTATUS status;
2087 DEBUG(10,("onefs_create_file: access_mask = 0x%x "
2088 "file_attributes = 0x%x, share_access = 0x%x, "
2089 "create_disposition = 0x%x create_options = 0x%x "
2090 "oplock_request = 0x%x "
2091 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
2092 "fname = %s\n",
2093 (unsigned int)access_mask,
2094 (unsigned int)file_attributes,
2095 (unsigned int)share_access,
2096 (unsigned int)create_disposition,
2097 (unsigned int)create_options,
2098 (unsigned int)oplock_request,
2099 (unsigned int)root_dir_fid,
2100 ea_list, sd, smb_fname_str_dbg(smb_fname)));
2102 /* Get the file name if root_dir_fid was specified. */
2103 if (root_dir_fid != 0) {
2104 status = get_relative_fid_filename(conn, req, root_dir_fid,
2105 smb_fname);
2106 if (!NT_STATUS_IS_OK(status)) {
2107 goto fail;
2111 /* All file access must go through check_name() */
2112 status = check_name(conn, smb_fname->base_name);
2113 if (!NT_STATUS_IS_OK(status)) {
2114 goto fail;
2117 status = onefs_create_file_unixpath(
2118 conn, /* conn */
2119 req, /* req */
2120 smb_fname, /* fname */
2121 access_mask, /* access_mask */
2122 share_access, /* share_access */
2123 create_disposition, /* create_disposition*/
2124 create_options, /* create_options */
2125 file_attributes, /* file_attributes */
2126 oplock_request, /* oplock_request */
2127 allocation_size, /* allocation_size */
2128 sd, /* sd */
2129 ea_list, /* ea_list */
2130 &fsp, /* result */
2131 &info, /* pinfo */
2132 &fsp_data); /* psbuf */
2134 if (!NT_STATUS_IS_OK(status)) {
2135 goto fail;
2138 DEBUG(10, ("onefs_create_file: info=%d\n", info));
2141 * Setup private onefs_fsp_data. Currently the private data struct is
2142 * only used to store the oplock_callback_id so that when the file is
2143 * closed, the onefs_callback_record can be properly cleaned up in the
2144 * oplock_onefs sub-system.
2146 if (fsp) {
2147 struct onefs_fsp_data *fsp_data_tmp = NULL;
2148 fsp_data_tmp = (struct onefs_fsp_data *)
2149 VFS_ADD_FSP_EXTENSION(handle, fsp, struct onefs_fsp_data,
2150 &destroy_onefs_fsp_data);
2152 if (fsp_data_tmp == NULL) {
2153 status = NT_STATUS_NO_MEMORY;
2154 goto fail;
2157 *fsp_data_tmp = fsp_data;
2160 *result = fsp;
2161 if (pinfo != NULL) {
2162 *pinfo = info;
2164 return NT_STATUS_OK;
2166 fail:
2167 DEBUG(10, ("onefs_create_file: %s\n", nt_errstr(status)));
2169 if (fsp != NULL) {
2170 close_file(req, fsp, ERROR_CLOSE);
2171 fsp = NULL;
2173 return status;