search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-winbind: Move finding the domain to it's own function.
[Samba.git] / source3 / smbd / open.c
blob09716d906be37bbb345f0567d36b85c107aad872
1 /*
2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "system/filesys.h"
24 #include "printing.h"
25 #include "smbd/smbd.h"
26 #include "smbd/globals.h"
27 #include "fake_file.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_security.h"
30 #include "auth.h"
31 #include "messages.h"
32
33 extern const struct generic_mapping file_generic_mapping;
34
35 struct deferred_open_record {
36 bool delayed_for_oplocks;
37 struct file_id id;
38 };
39
40 /****************************************************************************
41 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
42 ****************************************************************************/
43
44 NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
45 const struct security_descriptor *sd,
46 const struct security_token *token,
47 uint32_t access_desired,
48 uint32_t *access_granted)
49 {
50 *access_granted = 0;
51
52 if (get_current_uid(conn) == (uid_t)0) {
53 /* I'm sorry sir, I didn't know you were root... */
54 *access_granted = access_desired;
55 if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
56 *access_granted |= FILE_GENERIC_ALL;
57 }
58 return NT_STATUS_OK;
59 }
60
61 return se_access_check(sd,
62 token,
63 (access_desired & ~FILE_READ_ATTRIBUTES),
64 access_granted);
65 }
66
67 /****************************************************************************
68 Check if we have open rights.
69 ****************************************************************************/
70
71 NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
72 const struct smb_filename *smb_fname,
73 uint32_t access_mask,
74 uint32_t *access_granted)
75 {
76 /* Check if we have rights to open. */
77 NTSTATUS status;
78 struct security_descriptor *sd = NULL;
79 uint32_t rejected_share_access;
80
81 rejected_share_access = access_mask & ~(conn->share_access);
82
83 if (rejected_share_access) {
84 *access_granted = rejected_share_access;
85 return NT_STATUS_ACCESS_DENIED;
86 }
87
88 if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
89 *access_granted = access_mask;
90
91 DEBUG(10,("smbd_check_open_rights: not checking ACL "
92 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
93 smb_fname_str_dbg(smb_fname),
94 (unsigned int)*access_granted ));
95 return NT_STATUS_OK;
96 }
97
98 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
99 (SECINFO_OWNER |
100 SECINFO_GROUP |
101 SECINFO_DACL),&sd);
102
103 if (!NT_STATUS_IS_OK(status)) {
104 DEBUG(10, ("smbd_check_open_rights: Could not get acl "
105 "on %s: %s\n",
106 smb_fname_str_dbg(smb_fname),
107 nt_errstr(status)));
108 return status;
109 }
110
111 status = smb1_file_se_access_check(conn,
112 sd,
113 get_current_nttok(conn),
114 access_mask,
115 access_granted);
116
117 DEBUG(10,("smbd_check_open_rights: file %s requesting "
118 "0x%x returning 0x%x (%s)\n",
119 smb_fname_str_dbg(smb_fname),
120 (unsigned int)access_mask,
121 (unsigned int)*access_granted,
122 nt_errstr(status) ));
123
124 if (!NT_STATUS_IS_OK(status)) {
125 if (DEBUGLEVEL >= 10) {
126 DEBUG(10,("smbd_check_open_rights: acl for %s is:\n",
127 smb_fname_str_dbg(smb_fname) ));
128 NDR_PRINT_DEBUG(security_descriptor, sd);
129 }
130 }
131
132 TALLOC_FREE(sd);
133
134 return status;
135 }
136
137 /****************************************************************************
138 fd support routines - attempt to do a dos_open.
139 ****************************************************************************/
140
141 static NTSTATUS fd_open(struct connection_struct *conn,
142 files_struct *fsp,
143 int flags,
144 mode_t mode)
145 {
146 struct smb_filename *smb_fname = fsp->fsp_name;
147 NTSTATUS status = NT_STATUS_OK;
148
149 #ifdef O_NOFOLLOW
150 /*
151 * Never follow symlinks on a POSIX client. The
152 * client should be doing this.
153 */
154
155 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
156 flags |= O_NOFOLLOW;
157 }
158 #endif
159
160 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
161 if (fsp->fh->fd == -1) {
162 status = map_nt_error_from_unix(errno);
163 if (errno == EMFILE) {
164 static time_t last_warned = 0L;
165
166 if (time((time_t *) NULL) > last_warned) {
167 DEBUG(0,("Too many open files, unable "
168 "to open more! smbd's max "
169 "open files = %d\n",
170 lp_max_open_files()));
171 last_warned = time((time_t *) NULL);
172 }
173 }
174
175 }
176
177 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
178 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
179 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
180
181 return status;
182 }
183
184 /****************************************************************************
185 Close the file associated with a fsp.
186 ****************************************************************************/
187
188 NTSTATUS fd_close(files_struct *fsp)
189 {
190 int ret;
191
192 if (fsp->dptr) {
193 dptr_CloseDir(fsp);
194 }
195 if (fsp->fh->fd == -1) {
196 return NT_STATUS_OK; /* What we used to call a stat open. */
197 }
198 if (fsp->fh->ref_count > 1) {
199 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
200 }
201
202 ret = SMB_VFS_CLOSE(fsp);
203 fsp->fh->fd = -1;
204 if (ret == -1) {
205 return map_nt_error_from_unix(errno);
206 }
207 return NT_STATUS_OK;
208 }
209
210 /****************************************************************************
211 Change the ownership of a file to that of the parent directory.
212 Do this by fd if possible.
213 ****************************************************************************/
214
215 void change_file_owner_to_parent(connection_struct *conn,
216 const char *inherit_from_dir,
217 files_struct *fsp)
218 {
219 struct smb_filename *smb_fname_parent = NULL;
220 NTSTATUS status;
221 int ret;
222
223 status = create_synthetic_smb_fname(talloc_tos(), inherit_from_dir,
224 NULL, NULL, &smb_fname_parent);
225 if (!NT_STATUS_IS_OK(status)) {
226 return;
227 }
228
229 ret = SMB_VFS_STAT(conn, smb_fname_parent);
230 if (ret == -1) {
231 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
232 "directory %s. Error was %s\n",
233 smb_fname_str_dbg(smb_fname_parent),
234 strerror(errno)));
235 TALLOC_FREE(smb_fname_parent);
236 return;
237 }
238
239 if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
240 /* Already this uid - no need to change. */
241 DEBUG(10,("change_file_owner_to_parent: file %s "
242 "is already owned by uid %d\n",
243 fsp_str_dbg(fsp),
244 (int)fsp->fsp_name->st.st_ex_uid ));
245 TALLOC_FREE(smb_fname_parent);
246 return;
247 }
248
249 become_root();
250 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
251 unbecome_root();
252 if (ret == -1) {
253 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
254 "file %s to parent directory uid %u. Error "
255 "was %s\n", fsp_str_dbg(fsp),
256 (unsigned int)smb_fname_parent->st.st_ex_uid,
257 strerror(errno) ));
258 } else {
259 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
260 "parent directory uid %u.\n", fsp_str_dbg(fsp),
261 (unsigned int)smb_fname_parent->st.st_ex_uid));
262 /* Ensure the uid entry is updated. */
263 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
264 }
265
266 TALLOC_FREE(smb_fname_parent);
267 }
268
269 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
270 const char *inherit_from_dir,
271 const char *fname,
272 SMB_STRUCT_STAT *psbuf)
273 {
274 struct smb_filename *smb_fname_parent = NULL;
275 struct smb_filename *smb_fname_cwd = NULL;
276 char *saved_dir = NULL;
277 TALLOC_CTX *ctx = talloc_tos();
278 NTSTATUS status = NT_STATUS_OK;
279 int ret;
280
281 status = create_synthetic_smb_fname(ctx, inherit_from_dir, NULL, NULL,
282 &smb_fname_parent);
283 if (!NT_STATUS_IS_OK(status)) {
284 return status;
285 }
286
287 ret = SMB_VFS_STAT(conn, smb_fname_parent);
288 if (ret == -1) {
289 status = map_nt_error_from_unix(errno);
290 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
291 "directory %s. Error was %s\n",
292 smb_fname_str_dbg(smb_fname_parent),
293 strerror(errno)));
294 goto out;
295 }
296
297 /* We've already done an lstat into psbuf, and we know it's a
298 directory. If we can cd into the directory and the dev/ino
299 are the same then we can safely chown without races as
300 we're locking the directory in place by being in it. This
301 should work on any UNIX (thanks tridge :-). JRA.
302 */
303
304 saved_dir = vfs_GetWd(ctx,conn);
305 if (!saved_dir) {
306 status = map_nt_error_from_unix(errno);
307 DEBUG(0,("change_dir_owner_to_parent: failed to get "
308 "current working directory. Error was %s\n",
309 strerror(errno)));
310 goto out;
311 }
312
313 /* Chdir into the new path. */
314 if (vfs_ChDir(conn, fname) == -1) {
315 status = map_nt_error_from_unix(errno);
316 DEBUG(0,("change_dir_owner_to_parent: failed to change "
317 "current working directory to %s. Error "
318 "was %s\n", fname, strerror(errno) ));
319 goto chdir;
320 }
321
322 status = create_synthetic_smb_fname(ctx, ".", NULL, NULL,
323 &smb_fname_cwd);
324 if (!NT_STATUS_IS_OK(status)) {
325 return status;
326 }
327
328 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
329 if (ret == -1) {
330 status = map_nt_error_from_unix(errno);
331 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
332 "directory '.' (%s) Error was %s\n",
333 fname, strerror(errno)));
334 goto chdir;
335 }
336
337 /* Ensure we're pointing at the same place. */
338 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
339 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
340 DEBUG(0,("change_dir_owner_to_parent: "
341 "device/inode on directory %s changed. "
342 "Refusing to chown !\n", fname ));
343 status = NT_STATUS_ACCESS_DENIED;
344 goto chdir;
345 }
346
347 if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
348 /* Already this uid - no need to change. */
349 DEBUG(10,("change_dir_owner_to_parent: directory %s "
350 "is already owned by uid %d\n",
351 fname,
352 (int)smb_fname_cwd->st.st_ex_uid ));
353 status = NT_STATUS_OK;
354 goto chdir;
355 }
356
357 become_root();
358 ret = SMB_VFS_LCHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
359 (gid_t)-1);
360 unbecome_root();
361 if (ret == -1) {
362 status = map_nt_error_from_unix(errno);
363 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
364 "directory %s to parent directory uid %u. "
365 "Error was %s\n", fname,
366 (unsigned int)smb_fname_parent->st.st_ex_uid,
367 strerror(errno) ));
368 goto chdir;
369 }
370
371 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
372 "directory %s to parent directory uid %u.\n",
373 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
374
375 chdir:
376 vfs_ChDir(conn,saved_dir);
377 out:
378 TALLOC_FREE(smb_fname_parent);
379 TALLOC_FREE(smb_fname_cwd);
380 return status;
381 }
382
383 /****************************************************************************
384 Open a file.
385 ****************************************************************************/
386
387 static NTSTATUS open_file(files_struct *fsp,
388 connection_struct *conn,
389 struct smb_request *req,
390 const char *parent_dir,
391 int flags,
392 mode_t unx_mode,
393 uint32 access_mask, /* client requested access mask. */
394 uint32 open_access_mask) /* what we're actually using in the open. */
395 {
396 struct smb_filename *smb_fname = fsp->fsp_name;
397 NTSTATUS status = NT_STATUS_OK;
398 int accmode = (flags & O_ACCMODE);
399 int local_flags = flags;
400 bool file_existed = VALID_STAT(fsp->fsp_name->st);
401 bool file_created = false;
402
403 fsp->fh->fd = -1;
404 errno = EPERM;
405
406 /* Check permissions */
407
408 /*
409 * This code was changed after seeing a client open request
410 * containing the open mode of (DENY_WRITE/read-only) with
411 * the 'create if not exist' bit set. The previous code
412 * would fail to open the file read only on a read-only share
413 * as it was checking the flags parameter directly against O_RDONLY,
414 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
415 * JRA.
416 */
417
418 if (!CAN_WRITE(conn)) {
419 /* It's a read-only share - fail if we wanted to write. */
420 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
421 DEBUG(3,("Permission denied opening %s\n",
422 smb_fname_str_dbg(smb_fname)));
423 return NT_STATUS_ACCESS_DENIED;
424 } else if(flags & O_CREAT) {
425 /* We don't want to write - but we must make sure that
426 O_CREAT doesn't create the file if we have write
427 access into the directory.
428 */
429 flags &= ~(O_CREAT|O_EXCL);
430 local_flags &= ~(O_CREAT|O_EXCL);
431 }
432 }
433
434 /*
435 * This little piece of insanity is inspired by the
436 * fact that an NT client can open a file for O_RDONLY,
437 * but set the create disposition to FILE_EXISTS_TRUNCATE.
438 * If the client *can* write to the file, then it expects to
439 * truncate the file, even though it is opening for readonly.
440 * Quicken uses this stupid trick in backup file creation...
441 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
442 * for helping track this one down. It didn't bite us in 2.0.x
443 * as we always opened files read-write in that release. JRA.
444 */
445
446 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
447 DEBUG(10,("open_file: truncate requested on read-only open "
448 "for file %s\n", smb_fname_str_dbg(smb_fname)));
449 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
450 }
451
452 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
453 (!file_existed && (local_flags & O_CREAT)) ||
454 ((local_flags & O_TRUNC) == O_TRUNC) ) {
455 const char *wild;
456
457 /*
458 * We can't actually truncate here as the file may be locked.
459 * open_file_ntcreate will take care of the truncate later. JRA.
460 */
461
462 local_flags &= ~O_TRUNC;
463
464 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
465 /*
466 * We would block on opening a FIFO with no one else on the
467 * other end. Do what we used to do and add O_NONBLOCK to the
468 * open flags. JRA.
469 */
470
471 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
472 local_flags |= O_NONBLOCK;
473 }
474 #endif
475
476 /* Don't create files with Microsoft wildcard characters. */
477 if (fsp->base_fsp) {
478 /*
479 * wildcard characters are allowed in stream names
480 * only test the basefilename
481 */
482 wild = fsp->base_fsp->fsp_name->base_name;
483 } else {
484 wild = smb_fname->base_name;
485 }
486 if ((local_flags & O_CREAT) && !file_existed &&
487 ms_has_wild(wild)) {
488 return NT_STATUS_OBJECT_NAME_INVALID;
489 }
490
491 /* Actually do the open */
492 status = fd_open(conn, fsp, local_flags, unx_mode);
493 if (!NT_STATUS_IS_OK(status)) {
494 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
495 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
496 nt_errstr(status),local_flags,flags));
497 return status;
498 }
499
500 if ((local_flags & O_CREAT) && !file_existed) {
501 file_created = true;
502 }
503
504 } else {
505 fsp->fh->fd = -1; /* What we used to call a stat open. */
506 if (file_existed) {
507 uint32_t access_granted = 0;
508
509 status = smbd_check_open_rights(conn,
510 smb_fname,
511 access_mask,
512 &access_granted);
513 if (!NT_STATUS_IS_OK(status)) {
514 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
515 /*
516 * On NT_STATUS_ACCESS_DENIED, access_granted
517 * contains the denied bits.
518 */
519
520 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
521 (access_granted & FILE_WRITE_ATTRIBUTES) &&
522 (lp_map_readonly(SNUM(conn)) ||
523 lp_map_archive(SNUM(conn)) ||
524 lp_map_hidden(SNUM(conn)) ||
525 lp_map_system(SNUM(conn)))) {
526 access_granted &= ~FILE_WRITE_ATTRIBUTES;
527
528 DEBUG(10,("open_file: "
529 "overrode "
530 "FILE_WRITE_"
531 "ATTRIBUTES "
532 "on file %s\n",
533 smb_fname_str_dbg(
534 smb_fname)));
535 }
536
537 if ((access_mask & DELETE_ACCESS) &&
538 (access_granted & DELETE_ACCESS) &&
539 can_delete_file_in_directory(conn,
540 smb_fname)) {
541 /* Were we trying to do a stat open
542 * for delete and didn't get DELETE
543 * access (only) ? Check if the
544 * directory allows DELETE_CHILD.
545 * See here:
546 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
547 * for details. */
548
549 access_granted &= ~DELETE_ACCESS;
550
551 DEBUG(10,("open_file: "
552 "overrode "
553 "DELETE_ACCESS on "
554 "file %s\n",
555 smb_fname_str_dbg(
556 smb_fname)));
557 }
558
559 if (access_granted != 0) {
560 DEBUG(10,("open_file: Access "
561 "denied on file "
562 "%s\n",
563 smb_fname_str_dbg(
564 smb_fname)));
565 return status;
566 }
567 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
568 fsp->posix_open &&
569 S_ISLNK(smb_fname->st.st_ex_mode)) {
570 /* This is a POSIX stat open for delete
571 * or rename on a symlink that points
572 * nowhere. Allow. */
573 DEBUG(10,("open_file: allowing POSIX "
574 "open on bad symlink %s\n",
575 smb_fname_str_dbg(
576 smb_fname)));
577 } else {
578 DEBUG(10,("open_file: "
579 "smbd_check_open_rights on file "
580 "%s returned %s\n",
581 smb_fname_str_dbg(smb_fname),
582 nt_errstr(status) ));
583 return status;
584 }
585 }
586 }
587 }
588
589 if (!file_existed) {
590 int ret;
591
592 if (fsp->fh->fd == -1) {
593 ret = SMB_VFS_STAT(conn, smb_fname);
594 } else {
595 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
596 /* If we have an fd, this stat should succeed. */
597 if (ret == -1) {
598 DEBUG(0,("Error doing fstat on open file %s "
599 "(%s)\n",
600 smb_fname_str_dbg(smb_fname),
601 strerror(errno) ));
602 }
603 }
604
605 /* For a non-io open, this stat failing means file not found. JRA */
606 if (ret == -1) {
607 status = map_nt_error_from_unix(errno);
608 fd_close(fsp);
609 return status;
610 }
611
612 if (file_created) {
613 bool need_re_stat = false;
614 /* Do all inheritance work after we've
615 done a successful stat call and filled
616 in the stat struct in fsp->fsp_name. */
617
618 /* Inherit the ACL if required */
619 if (lp_inherit_perms(SNUM(conn))) {
620 inherit_access_posix_acl(conn, parent_dir,
621 smb_fname->base_name,
622 unx_mode);
623 need_re_stat = true;
624 }
625
626 /* Change the owner if required. */
627 if (lp_inherit_owner(SNUM(conn))) {
628 change_file_owner_to_parent(conn, parent_dir,
629 fsp);
630 need_re_stat = true;
631 }
632
633 if (need_re_stat) {
634 if (fsp->fh->fd == -1) {
635 ret = SMB_VFS_STAT(conn, smb_fname);
636 } else {
637 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
638 /* If we have an fd, this stat should succeed. */
639 if (ret == -1) {
640 DEBUG(0,("Error doing fstat on open file %s "
641 "(%s)\n",
642 smb_fname_str_dbg(smb_fname),
643 strerror(errno) ));
644 }
645 }
646 }
647
648 notify_fname(conn, NOTIFY_ACTION_ADDED,
649 FILE_NOTIFY_CHANGE_FILE_NAME,
650 smb_fname->base_name);
651 }
652 }
653
654 /*
655 * POSIX allows read-only opens of directories. We don't
656 * want to do this (we use a different code path for this)
657 * so catch a directory open and return an EISDIR. JRA.
658 */
659
660 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
661 fd_close(fsp);
662 errno = EISDIR;
663 return NT_STATUS_FILE_IS_A_DIRECTORY;
664 }
665
666 fsp->mode = smb_fname->st.st_ex_mode;
667 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
668 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
669 fsp->file_pid = req ? req->smbpid : 0;
670 fsp->can_lock = True;
671 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
672 if (!CAN_WRITE(conn)) {
673 fsp->can_write = False;
674 } else {
675 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
676 True : False;
677 }
678 fsp->print_file = NULL;
679 fsp->modified = False;
680 fsp->sent_oplock_break = NO_BREAK_SENT;
681 fsp->is_directory = False;
682 if (conn->aio_write_behind_list &&
683 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
684 conn->case_sensitive)) {
685 fsp->aio_write_behind = True;
686 }
687
688 fsp->wcp = NULL; /* Write cache pointer. */
689
690 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
691 conn->session_info->unix_name,
692 smb_fname_str_dbg(smb_fname),
693 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
694 conn->num_files_open));
695
696 errno = 0;
697 return NT_STATUS_OK;
698 }
699
700 /****************************************************************************
701 Check if we can open a file with a share mode.
702 Returns True if conflict, False if not.
703 ****************************************************************************/
704
705 static bool share_conflict(struct share_mode_entry *entry,
706 uint32 access_mask,
707 uint32 share_access)
708 {
709 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
710 "entry->share_access = 0x%x, "
711 "entry->private_options = 0x%x\n",
712 (unsigned int)entry->access_mask,
713 (unsigned int)entry->share_access,
714 (unsigned int)entry->private_options));
715
716 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
717 (unsigned int)access_mask, (unsigned int)share_access));
718
719 if ((entry->access_mask & (FILE_WRITE_DATA|
720 FILE_APPEND_DATA|
721 FILE_READ_DATA|
722 FILE_EXECUTE|
723 DELETE_ACCESS)) == 0) {
724 DEBUG(10,("share_conflict: No conflict due to "
725 "entry->access_mask = 0x%x\n",
726 (unsigned int)entry->access_mask ));
727 return False;
728 }
729
730 if ((access_mask & (FILE_WRITE_DATA|
731 FILE_APPEND_DATA|
732 FILE_READ_DATA|
733 FILE_EXECUTE|
734 DELETE_ACCESS)) == 0) {
735 DEBUG(10,("share_conflict: No conflict due to "
736 "access_mask = 0x%x\n",
737 (unsigned int)access_mask ));
738 return False;
739 }
740
741 #if 1 /* JRA TEST - Superdebug. */
742 #define CHECK_MASK(num, am, right, sa, share) \
743 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
744 (unsigned int)(num), (unsigned int)(am), \
745 (unsigned int)(right), (unsigned int)(am)&(right) )); \
746 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
747 (unsigned int)(num), (unsigned int)(sa), \
748 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
749 if (((am) & (right)) && !((sa) & (share))) { \
750 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
751 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
752 (unsigned int)(share) )); \
753 return True; \
754 }
755 #else
756 #define CHECK_MASK(num, am, right, sa, share) \
757 if (((am) & (right)) && !((sa) & (share))) { \
758 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
759 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
760 (unsigned int)(share) )); \
761 return True; \
762 }
763 #endif
764
765 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
766 share_access, FILE_SHARE_WRITE);
767 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
768 entry->share_access, FILE_SHARE_WRITE);
769
770 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
771 share_access, FILE_SHARE_READ);
772 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
773 entry->share_access, FILE_SHARE_READ);
774
775 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
776 share_access, FILE_SHARE_DELETE);
777 CHECK_MASK(6, access_mask, DELETE_ACCESS,
778 entry->share_access, FILE_SHARE_DELETE);
779
780 DEBUG(10,("share_conflict: No conflict.\n"));
781 return False;
782 }
783
784 #if defined(DEVELOPER)
785 static void validate_my_share_entries(struct smbd_server_connection *sconn,
786 int num,
787 struct share_mode_entry *share_entry)
788 {
789 files_struct *fsp;
790
791 if (!procid_is_me(&share_entry->pid)) {
792 return;
793 }
794
795 if (is_deferred_open_entry(share_entry) &&
796 !open_was_deferred(share_entry->op_mid)) {
797 char *str = talloc_asprintf(talloc_tos(),
798 "Got a deferred entry without a request: "
799 "PANIC: %s\n",
800 share_mode_str(talloc_tos(), num, share_entry));
801 smb_panic(str);
802 }
803
804 if (!is_valid_share_mode_entry(share_entry)) {
805 return;
806 }
807
808 fsp = file_find_dif(sconn, share_entry->id,
809 share_entry->share_file_id);
810 if (!fsp) {
811 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
812 share_mode_str(talloc_tos(), num, share_entry) ));
813 smb_panic("validate_my_share_entries: Cannot match a "
814 "share entry with an open file\n");
815 }
816
817 if (is_deferred_open_entry(share_entry) ||
818 is_unused_share_mode_entry(share_entry)) {
819 goto panic;
820 }
821
822 if ((share_entry->op_type == NO_OPLOCK) &&
823 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
824 /* Someone has already written to it, but I haven't yet
825 * noticed */
826 return;
827 }
828
829 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
830 goto panic;
831 }
832
833 return;
834
835 panic:
836 {
837 char *str;
838 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
839 share_mode_str(talloc_tos(), num, share_entry) ));
840 str = talloc_asprintf(talloc_tos(),
841 "validate_my_share_entries: "
842 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
843 fsp->fsp_name->base_name,
844 (unsigned int)fsp->oplock_type,
845 (unsigned int)share_entry->op_type );
846 smb_panic(str);
847 }
848 }
849 #endif
850
851 bool is_stat_open(uint32 access_mask)
852 {
853 return (access_mask &&
854 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
855 FILE_WRITE_ATTRIBUTES))==0) &&
856 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
857 FILE_WRITE_ATTRIBUTES)) != 0));
858 }
859
860 /****************************************************************************
861 Deal with share modes
862 Invarient: Share mode must be locked on entry and exit.
863 Returns -1 on error, or number of share modes on success (may be zero).
864 ****************************************************************************/
865
866 static NTSTATUS open_mode_check(connection_struct *conn,
867 struct share_mode_lock *lck,
868 uint32_t name_hash,
869 uint32 access_mask,
870 uint32 share_access,
871 uint32 create_options,
872 bool *file_existed)
873 {
874 int i;
875
876 if(lck->num_share_modes == 0) {
877 return NT_STATUS_OK;
878 }
879
880 *file_existed = True;
881
882 /* A delete on close prohibits everything */
883
884 if (is_delete_on_close_set(lck, name_hash)) {
885 return NT_STATUS_DELETE_PENDING;
886 }
887
888 if (is_stat_open(access_mask)) {
889 /* Stat open that doesn't trigger oplock breaks or share mode
890 * checks... ! JRA. */
891 return NT_STATUS_OK;
892 }
893
894 /*
895 * Check if the share modes will give us access.
896 */
897
898 #if defined(DEVELOPER)
899 for(i = 0; i < lck->num_share_modes; i++) {
900 validate_my_share_entries(conn->sconn, i,
901 &lck->share_modes[i]);
902 }
903 #endif
904
905 if (!lp_share_modes(SNUM(conn))) {
906 return NT_STATUS_OK;
907 }
908
909 /* Now we check the share modes, after any oplock breaks. */
910 for(i = 0; i < lck->num_share_modes; i++) {
911
912 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
913 continue;
914 }
915
916 /* someone else has a share lock on it, check to see if we can
917 * too */
918 if (share_conflict(&lck->share_modes[i],
919 access_mask, share_access)) {
920 return NT_STATUS_SHARING_VIOLATION;
921 }
922 }
923
924 return NT_STATUS_OK;
925 }
926
927 static bool is_delete_request(files_struct *fsp) {
928 return ((fsp->access_mask == DELETE_ACCESS) &&
929 (fsp->oplock_type == NO_OPLOCK));
930 }
931
932 /*
933 * Send a break message to the oplock holder and delay the open for
934 * our client.
935 */
936
937 static NTSTATUS send_break_message(files_struct *fsp,
938 struct share_mode_entry *exclusive,
939 uint64_t mid,
940 int oplock_request)
941 {
942 NTSTATUS status;
943 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
944
945 DEBUG(10, ("Sending break request to PID %s\n",
946 procid_str_static(&exclusive->pid)));
947 exclusive->op_mid = mid;
948
949 /* Create the message. */
950 share_mode_entry_to_message(msg, exclusive);
951
952 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
953 don't want this set in the share mode struct pointed to by lck. */
954
955 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
956 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET,
957 exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
958 }
959
960 status = messaging_send_buf(fsp->conn->sconn->msg_ctx, exclusive->pid,
961 MSG_SMB_BREAK_REQUEST,
962 (uint8 *)msg,
963 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
964 if (!NT_STATUS_IS_OK(status)) {
965 DEBUG(3, ("Could not send oplock break message: %s\n",
966 nt_errstr(status)));
967 }
968
969 return status;
970 }
971
972 /*
973 * Return share_mode_entry pointers for :
974 * 1). Batch oplock entry.
975 * 2). Batch or exclusive oplock entry (may be identical to #1).
976 * bool have_level2_oplock
977 * bool have_no_oplock.
978 * Do internal consistency checks on the share mode for a file.
979 */
980
981 static void find_oplock_types(files_struct *fsp,
982 int oplock_request,
983 struct share_mode_lock *lck,
984 struct share_mode_entry **pp_batch,
985 struct share_mode_entry **pp_ex_or_batch,
986 bool *got_level2,
987 bool *got_no_oplock)
988 {
989 int i;
990
991 *pp_batch = NULL;
992 *pp_ex_or_batch = NULL;
993 *got_level2 = false;
994 *got_no_oplock = false;
995
996 /* Ignore stat or internal opens, as is done in
997 delay_for_batch_oplocks() and
998 delay_for_exclusive_oplocks().
999 */
1000 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1001 return;
1002 }
1003
1004 for (i=0; i<lck->num_share_modes; i++) {
1005 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
1006 continue;
1007 }
1008
1009 if (lck->share_modes[i].op_type == NO_OPLOCK &&
1010 is_stat_open(lck->share_modes[i].access_mask)) {
1011 /* We ignore stat opens in the table - they
1012 always have NO_OPLOCK and never get or
1013 cause breaks. JRA. */
1014 continue;
1015 }
1016
1017 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
1018 /* batch - can only be one. */
1019 if (*pp_ex_or_batch || *pp_batch || *got_level2 || *got_no_oplock) {
1020 smb_panic("Bad batch oplock entry.");
1021 }
1022 *pp_batch = &lck->share_modes[i];
1023 }
1024
1025 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
1026 /* Exclusive or batch - can only be one. */
1027 if (*pp_ex_or_batch || *got_level2 || *got_no_oplock) {
1028 smb_panic("Bad exclusive or batch oplock entry.");
1029 }
1030 *pp_ex_or_batch = &lck->share_modes[i];
1031 }
1032
1033 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
1034 if (*pp_batch || *pp_ex_or_batch) {
1035 smb_panic("Bad levelII oplock entry.");
1036 }
1037 *got_level2 = true;
1038 }
1039
1040 if (lck->share_modes[i].op_type == NO_OPLOCK) {
1041 if (*pp_batch || *pp_ex_or_batch) {
1042 smb_panic("Bad no oplock entry.");
1043 }
1044 *got_no_oplock = true;
1045 }
1046 }
1047 }
1048
1049 static bool delay_for_batch_oplocks(files_struct *fsp,
1050 uint64_t mid,
1051 int oplock_request,
1052 struct share_mode_entry *batch_entry)
1053 {
1054 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1055 return false;
1056 }
1057
1058 if (batch_entry != NULL) {
1059 /* Found a batch oplock */
1060 send_break_message(fsp, batch_entry, mid, oplock_request);
1061 return true;
1062 }
1063 return false;
1064 }
1065
1066 static bool delay_for_exclusive_oplocks(files_struct *fsp,
1067 uint64_t mid,
1068 int oplock_request,
1069 struct share_mode_entry *ex_entry)
1070 {
1071 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
1072 return false;
1073 }
1074
1075 if (ex_entry != NULL) {
1076 /* Found an exclusive or batch oplock */
1077 bool delay_it = is_delete_request(fsp) ?
1078 BATCH_OPLOCK_TYPE(ex_entry->op_type) : true;
1079 if (delay_it) {
1080 send_break_message(fsp, ex_entry, mid, oplock_request);
1081 return true;
1082 }
1083 }
1084 return false;
1085 }
1086
1087 static void grant_fsp_oplock_type(files_struct *fsp,
1088 const struct byte_range_lock *br_lck,
1089 int oplock_request,
1090 bool got_level2_oplock,
1091 bool got_a_none_oplock)
1092 {
1093 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
1094 lp_level2_oplocks(SNUM(fsp->conn));
1095
1096 /* Start by granting what the client asked for,
1097 but ensure no SAMBA_PRIVATE bits can be set. */
1098 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1099
1100 if (oplock_request & INTERNAL_OPEN_ONLY) {
1101 /* No oplocks on internal open. */
1102 fsp->oplock_type = NO_OPLOCK;
1103 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1104 fsp->oplock_type, fsp_str_dbg(fsp)));
1105 return;
1106 } else if (br_lck && br_lck->num_locks > 0) {
1107 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
1108 fsp_str_dbg(fsp)));
1109 fsp->oplock_type = NO_OPLOCK;
1110 }
1111
1112 if (is_stat_open(fsp->access_mask)) {
1113 /* Leave the value already set. */
1114 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1115 fsp->oplock_type, fsp_str_dbg(fsp)));
1116 return;
1117 }
1118
1119 /*
1120 * Match what was requested (fsp->oplock_type) with
1121 * what was found in the existing share modes.
1122 */
1123
1124 if (got_a_none_oplock) {
1125 fsp->oplock_type = NO_OPLOCK;
1126 } else if (got_level2_oplock) {
1127 if (fsp->oplock_type == NO_OPLOCK ||
1128 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
1129 /* Store a level2 oplock, but don't tell the client */
1130 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1131 } else {
1132 fsp->oplock_type = LEVEL_II_OPLOCK;
1133 }
1134 } else {
1135 /* All share_mode_entries are placeholders or deferred.
1136 * Silently upgrade to fake levelII if the client didn't
1137 * ask for an oplock. */
1138 if (fsp->oplock_type == NO_OPLOCK) {
1139 /* Store a level2 oplock, but don't tell the client */
1140 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1141 }
1142 }
1143
1144 /*
1145 * Don't grant level2 to clients that don't want them
1146 * or if we've turned them off.
1147 */
1148 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1149 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1150 }
1151
1152 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1153 fsp->oplock_type, fsp_str_dbg(fsp)));
1154 }
1155
1156 bool request_timed_out(struct timeval request_time,
1157 struct timeval timeout)
1158 {
1159 struct timeval now, end_time;
1160 GetTimeOfDay(&now);
1161 end_time = timeval_sum(&request_time, &timeout);
1162 return (timeval_compare(&end_time, &now) < 0);
1163 }
1164
1165 /****************************************************************************
1166 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1167 ****************************************************************************/
1168
1169 static void defer_open(struct share_mode_lock *lck,
1170 struct timeval request_time,
1171 struct timeval timeout,
1172 struct smb_request *req,
1173 struct deferred_open_record *state)
1174 {
1175 int i;
1176
1177 /* Paranoia check */
1178
1179 for (i=0; i<lck->num_share_modes; i++) {
1180 struct share_mode_entry *e = &lck->share_modes[i];
1181
1182 if (!is_deferred_open_entry(e)) {
1183 continue;
1184 }
1185
1186 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
1187 DEBUG(0, ("Trying to defer an already deferred "
1188 "request: mid=%llu, exiting\n",
1189 (unsigned long long)req->mid));
1190 exit_server("attempt to defer a deferred request");
1191 }
1192 }
1193
1194 /* End paranoia check */
1195
1196 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1197 "open entry for mid %llu\n",
1198 (unsigned int)request_time.tv_sec,
1199 (unsigned int)request_time.tv_usec,
1200 (unsigned long long)req->mid));
1201
1202 if (!push_deferred_open_message_smb(req, request_time, timeout,
1203 state->id, (char *)state, sizeof(*state))) {
1204 exit_server("push_deferred_open_message_smb failed");
1205 }
1206 add_deferred_open(lck, req->mid, request_time,
1207 sconn_server_id(req->sconn), state->id);
1208 }
1209
1210
1211 /****************************************************************************
1212 On overwrite open ensure that the attributes match.
1213 ****************************************************************************/
1214
1215 bool open_match_attributes(connection_struct *conn,
1216 uint32 old_dos_attr,
1217 uint32 new_dos_attr,
1218 mode_t existing_unx_mode,
1219 mode_t new_unx_mode,
1220 mode_t *returned_unx_mode)
1221 {
1222 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1223
1224 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1225 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1226
1227 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1228 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1229 *returned_unx_mode = new_unx_mode;
1230 } else {
1231 *returned_unx_mode = (mode_t)0;
1232 }
1233
1234 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1235 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1236 "returned_unx_mode = 0%o\n",
1237 (unsigned int)old_dos_attr,
1238 (unsigned int)existing_unx_mode,
1239 (unsigned int)new_dos_attr,
1240 (unsigned int)*returned_unx_mode ));
1241
1242 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1243 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1244 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1245 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1246 return False;
1247 }
1248 }
1249 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1250 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1251 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1252 return False;
1253 }
1254 }
1255 return True;
1256 }
1257
1258 /****************************************************************************
1259 Special FCB or DOS processing in the case of a sharing violation.
1260 Try and find a duplicated file handle.
1261 ****************************************************************************/
1262
1263 NTSTATUS fcb_or_dos_open(struct smb_request *req,
1264 connection_struct *conn,
1265 files_struct *fsp_to_dup_into,
1266 const struct smb_filename *smb_fname,
1267 struct file_id id,
1268 uint16 file_pid,
1269 uint16 vuid,
1270 uint32 access_mask,
1271 uint32 share_access,
1272 uint32 create_options)
1273 {
1274 files_struct *fsp;
1275
1276 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1277 "file %s.\n", smb_fname_str_dbg(smb_fname)));
1278
1279 for(fsp = file_find_di_first(conn->sconn, id); fsp;
1280 fsp = file_find_di_next(fsp)) {
1281
1282 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1283 "vuid = %u, file_pid = %u, private_options = 0x%x "
1284 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1285 fsp->fh->fd, (unsigned int)fsp->vuid,
1286 (unsigned int)fsp->file_pid,
1287 (unsigned int)fsp->fh->private_options,
1288 (unsigned int)fsp->access_mask ));
1289
1290 if (fsp->fh->fd != -1 &&
1291 fsp->vuid == vuid &&
1292 fsp->file_pid == file_pid &&
1293 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1294 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1295 (fsp->access_mask & FILE_WRITE_DATA) &&
1296 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1297 strequal(fsp->fsp_name->stream_name,
1298 smb_fname->stream_name)) {
1299 DEBUG(10,("fcb_or_dos_open: file match\n"));
1300 break;
1301 }
1302 }
1303
1304 if (!fsp) {
1305 return NT_STATUS_NOT_FOUND;
1306 }
1307
1308 /* quite an insane set of semantics ... */
1309 if (is_executable(smb_fname->base_name) &&
1310 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1311 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1312 return NT_STATUS_INVALID_PARAMETER;
1313 }
1314
1315 /* We need to duplicate this fsp. */
1316 return dup_file_fsp(req, fsp, access_mask, share_access,
1317 create_options, fsp_to_dup_into);
1318 }
1319
1320 static void schedule_defer_open(struct share_mode_lock *lck,
1321 struct timeval request_time,
1322 struct smb_request *req)
1323 {
1324 struct deferred_open_record state;
1325
1326 /* This is a relative time, added to the absolute
1327 request_time value to get the absolute timeout time.
1328 Note that if this is the second or greater time we enter
1329 this codepath for this particular request mid then
1330 request_time is left as the absolute time of the *first*
1331 time this request mid was processed. This is what allows
1332 the request to eventually time out. */
1333
1334 struct timeval timeout;
1335
1336 /* Normally the smbd we asked should respond within
1337 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1338 * the client did, give twice the timeout as a safety
1339 * measure here in case the other smbd is stuck
1340 * somewhere else. */
1341
1342 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1343
1344 /* Nothing actually uses state.delayed_for_oplocks
1345 but it's handy to differentiate in debug messages
1346 between a 30 second delay due to oplock break, and
1347 a 1 second delay for share mode conflicts. */
1348
1349 state.delayed_for_oplocks = True;
1350 state.id = lck->id;
1351
1352 if (!request_timed_out(request_time, timeout)) {
1353 defer_open(lck, request_time, timeout, req, &state);
1354 }
1355 }
1356
1357 /****************************************************************************
1358 Work out what access_mask to use from what the client sent us.
1359 ****************************************************************************/
1360
1361 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
1362 const struct smb_filename *smb_fname,
1363 bool file_existed,
1364 uint32_t access_mask,
1365 uint32_t *access_mask_out)
1366 {
1367 NTSTATUS status;
1368 uint32_t orig_access_mask = access_mask;
1369 uint32_t rejected_share_access;
1370
1371 /*
1372 * Convert GENERIC bits to specific bits.
1373 */
1374
1375 se_map_generic(&access_mask, &file_generic_mapping);
1376
1377 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1378 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1379 if (file_existed) {
1380
1381 struct security_descriptor *sd;
1382 uint32_t access_granted = 0;
1383
1384 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1385 (SECINFO_OWNER |
1386 SECINFO_GROUP |
1387 SECINFO_DACL),&sd);
1388
1389 if (!NT_STATUS_IS_OK(status)) {
1390 DEBUG(10,("smbd_calculate_access_mask: "
1391 "Could not get acl on file %s: %s\n",
1392 smb_fname_str_dbg(smb_fname),
1393 nt_errstr(status)));
1394 return NT_STATUS_ACCESS_DENIED;
1395 }
1396
1397 status = smb1_file_se_access_check(conn,
1398 sd,
1399 get_current_nttok(conn),
1400 access_mask,
1401 &access_granted);
1402
1403 TALLOC_FREE(sd);
1404
1405 if (!NT_STATUS_IS_OK(status)) {
1406 DEBUG(10, ("smbd_calculate_access_mask: "
1407 "Access denied on file %s: "
1408 "when calculating maximum access\n",
1409 smb_fname_str_dbg(smb_fname)));
1410 return NT_STATUS_ACCESS_DENIED;
1411 }
1412
1413 access_mask = access_granted;
1414 } else {
1415 access_mask = FILE_GENERIC_ALL;
1416 }
1417
1418 access_mask &= conn->share_access;
1419 }
1420
1421 rejected_share_access = access_mask & ~(conn->share_access);
1422
1423 if (rejected_share_access) {
1424 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
1425 "file %s: rejected by share access mask[0x%08X] "
1426 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
1427 smb_fname_str_dbg(smb_fname),
1428 conn->share_access,
1429 orig_access_mask, access_mask,
1430 rejected_share_access));
1431 return NT_STATUS_ACCESS_DENIED;
1432 }
1433
1434 *access_mask_out = access_mask;
1435 return NT_STATUS_OK;
1436 }
1437
1438 /****************************************************************************
1439 Remove the deferred open entry under lock.
1440 ****************************************************************************/
1441
1442 void remove_deferred_open_entry(struct file_id id, uint64_t mid,
1443 struct server_id pid)
1444 {
1445 struct share_mode_lock *lck = get_share_mode_lock(talloc_tos(), id,
1446 NULL, NULL, NULL);
1447 if (lck == NULL) {
1448 DEBUG(0, ("could not get share mode lock\n"));
1449 } else {
1450 del_deferred_open_entry(lck, mid, pid);
1451 TALLOC_FREE(lck);
1452 }
1453 }
1454
1455 /****************************************************************
1456 Ensure we get the brlock lock followed by the share mode lock
1457 in the correct order to prevent deadlocks if other smbd's are
1458 using the brlock database on this file simultaneously with this open
1459 (that code also gets the locks in brlock -> share mode lock order).
1460 ****************************************************************/
1461
1462 static bool acquire_ordered_locks(TALLOC_CTX *mem_ctx,
1463 files_struct *fsp,
1464 const struct file_id id,
1465 const char *connectpath,
1466 const struct smb_filename *smb_fname,
1467 const struct timespec *p_old_write_time,
1468 struct share_mode_lock **p_lck,
1469 struct byte_range_lock **p_br_lck)
1470 {
1471 /* Ordering - we must get the br_lck for this
1472 file before the share mode. */
1473 if (lp_locking(fsp->conn->params)) {
1474 *p_br_lck = brl_get_locks_readonly(fsp);
1475 if (*p_br_lck == NULL) {
1476 DEBUG(0, ("Could not get br_lock\n"));
1477 return false;
1478 }
1479 /* Note - we don't need to free the returned
1480 br_lck explicitly as it was allocated on talloc_tos()
1481 and so will be autofreed (and release the lock)
1482 once the frame context disappears.
1483
1484 If it was set to fsp->brlock_rec then it was
1485 talloc_move'd to hang off the fsp pointer and
1486 in this case is guarenteed to not be holding the
1487 lock on the brlock database. */
1488 }
1489
1490 *p_lck = get_share_mode_lock(mem_ctx,
1491 id,
1492 connectpath,
1493 smb_fname,
1494 p_old_write_time);
1495
1496 if (*p_lck == NULL) {
1497 DEBUG(0, ("Could not get share mode lock\n"));
1498 TALLOC_FREE(*p_br_lck);
1499 return false;
1500 }
1501 return true;
1502 }
1503
1504 /****************************************************************************
1505 Open a file with a share mode. Passed in an already created files_struct *.
1506 ****************************************************************************/
1507
1508 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1509 struct smb_request *req,
1510 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1511 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1512 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1513 uint32 create_options, /* options such as delete on close. */
1514 uint32 new_dos_attributes, /* attributes used for new file. */
1515 int oplock_request, /* internal Samba oplock codes. */
1516 /* Information (FILE_EXISTS etc.) */
1517 uint32_t private_flags, /* Samba specific flags. */
1518 int *pinfo,
1519 files_struct *fsp)
1520 {
1521 struct smb_filename *smb_fname = fsp->fsp_name;
1522 int flags=0;
1523 int flags2=0;
1524 bool file_existed = VALID_STAT(smb_fname->st);
1525 bool def_acl = False;
1526 bool posix_open = False;
1527 bool new_file_created = False;
1528 bool clear_ads = false;
1529 struct file_id id;
1530 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1531 mode_t new_unx_mode = (mode_t)0;
1532 mode_t unx_mode = (mode_t)0;
1533 int info;
1534 uint32 existing_dos_attributes = 0;
1535 struct timeval request_time = timeval_zero();
1536 struct share_mode_lock *lck = NULL;
1537 uint32 open_access_mask = access_mask;
1538 NTSTATUS status;
1539 char *parent_dir;
1540
1541 ZERO_STRUCT(id);
1542
1543 if (conn->printer) {
1544 /*
1545 * Printers are handled completely differently.
1546 * Most of the passed parameters are ignored.
1547 */
1548
1549 if (pinfo) {
1550 *pinfo = FILE_WAS_CREATED;
1551 }
1552
1553 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1554 smb_fname_str_dbg(smb_fname)));
1555
1556 if (!req) {
1557 DEBUG(0,("open_file_ntcreate: printer open without "
1558 "an SMB request!\n"));
1559 return NT_STATUS_INTERNAL_ERROR;
1560 }
1561
1562 return print_spool_open(fsp, smb_fname->base_name,
1563 req->vuid);
1564 }
1565
1566 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
1567 NULL)) {
1568 return NT_STATUS_NO_MEMORY;
1569 }
1570
1571 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1572 posix_open = True;
1573 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1574 new_dos_attributes = 0;
1575 } else {
1576 /* Windows allows a new file to be created and
1577 silently removes a FILE_ATTRIBUTE_DIRECTORY
1578 sent by the client. Do the same. */
1579
1580 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
1581
1582 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
1583 * created new. */
1584 unx_mode = unix_mode(conn, new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
1585 smb_fname, parent_dir);
1586 }
1587
1588 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1589 "access_mask=0x%x share_access=0x%x "
1590 "create_disposition = 0x%x create_options=0x%x "
1591 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
1592 smb_fname_str_dbg(smb_fname), new_dos_attributes,
1593 access_mask, share_access, create_disposition,
1594 create_options, (unsigned int)unx_mode, oplock_request,
1595 (unsigned int)private_flags));
1596
1597 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1598 DEBUG(0, ("No smb request but not an internal only open!\n"));
1599 return NT_STATUS_INTERNAL_ERROR;
1600 }
1601
1602 /*
1603 * Only non-internal opens can be deferred at all
1604 */
1605
1606 if (req) {
1607 void *ptr;
1608 if (get_deferred_open_message_state(req,
1609 &request_time,
1610 &ptr)) {
1611
1612 struct deferred_open_record *state = (struct deferred_open_record *)ptr;
1613 /* Remember the absolute time of the original
1614 request with this mid. We'll use it later to
1615 see if this has timed out. */
1616
1617 /* Remove the deferred open entry under lock. */
1618 remove_deferred_open_entry(
1619 state->id, req->mid,
1620 sconn_server_id(req->sconn));
1621
1622 /* Ensure we don't reprocess this message. */
1623 remove_deferred_open_message_smb(req->mid);
1624 }
1625 }
1626
1627 status = check_name(conn, smb_fname->base_name);
1628 if (!NT_STATUS_IS_OK(status)) {
1629 return status;
1630 }
1631
1632 if (!posix_open) {
1633 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1634 if (file_existed) {
1635 existing_dos_attributes = dos_mode(conn, smb_fname);
1636 }
1637 }
1638
1639 /* ignore any oplock requests if oplocks are disabled */
1640 if (!lp_oplocks(SNUM(conn)) ||
1641 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
1642 /* Mask off everything except the private Samba bits. */
1643 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1644 }
1645
1646 /* this is for OS/2 long file names - say we don't support them */
1647 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
1648 /* OS/2 Workplace shell fix may be main code stream in a later
1649 * release. */
1650 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1651 "supported.\n"));
1652 if (use_nt_status()) {
1653 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1654 }
1655 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1656 }
1657
1658 switch( create_disposition ) {
1659 /*
1660 * Currently we're using FILE_SUPERSEDE as the same as
1661 * FILE_OVERWRITE_IF but they really are
1662 * different. FILE_SUPERSEDE deletes an existing file
1663 * (requiring delete access) then recreates it.
1664 */
1665 case FILE_SUPERSEDE:
1666 /* If file exists replace/overwrite. If file doesn't
1667 * exist create. */
1668 flags2 |= (O_CREAT | O_TRUNC);
1669 clear_ads = true;
1670 break;
1671
1672 case FILE_OVERWRITE_IF:
1673 /* If file exists replace/overwrite. If file doesn't
1674 * exist create. */
1675 flags2 |= (O_CREAT | O_TRUNC);
1676 clear_ads = true;
1677 break;
1678
1679 case FILE_OPEN:
1680 /* If file exists open. If file doesn't exist error. */
1681 if (!file_existed) {
1682 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1683 "requested for file %s and file "
1684 "doesn't exist.\n",
1685 smb_fname_str_dbg(smb_fname)));
1686 errno = ENOENT;
1687 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1688 }
1689 break;
1690
1691 case FILE_OVERWRITE:
1692 /* If file exists overwrite. If file doesn't exist
1693 * error. */
1694 if (!file_existed) {
1695 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1696 "requested for file %s and file "
1697 "doesn't exist.\n",
1698 smb_fname_str_dbg(smb_fname) ));
1699 errno = ENOENT;
1700 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1701 }
1702 flags2 |= O_TRUNC;
1703 clear_ads = true;
1704 break;
1705
1706 case FILE_CREATE:
1707 /* If file exists error. If file doesn't exist
1708 * create. */
1709 if (file_existed) {
1710 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1711 "requested for file %s and file "
1712 "already exists.\n",
1713 smb_fname_str_dbg(smb_fname)));
1714 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
1715 errno = EISDIR;
1716 } else {
1717 errno = EEXIST;
1718 }
1719 return map_nt_error_from_unix(errno);
1720 }
1721 flags2 |= (O_CREAT|O_EXCL);
1722 break;
1723
1724 case FILE_OPEN_IF:
1725 /* If file exists open. If file doesn't exist
1726 * create. */
1727 flags2 |= O_CREAT;
1728 break;
1729
1730 default:
1731 return NT_STATUS_INVALID_PARAMETER;
1732 }
1733
1734 /* We only care about matching attributes on file exists and
1735 * overwrite. */
1736
1737 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1738 (create_disposition == FILE_OVERWRITE_IF))) {
1739 if (!open_match_attributes(conn, existing_dos_attributes,
1740 new_dos_attributes,
1741 smb_fname->st.st_ex_mode,
1742 unx_mode, &new_unx_mode)) {
1743 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1744 "for file %s (%x %x) (0%o, 0%o)\n",
1745 smb_fname_str_dbg(smb_fname),
1746 existing_dos_attributes,
1747 new_dos_attributes,
1748 (unsigned int)smb_fname->st.st_ex_mode,
1749 (unsigned int)unx_mode ));
1750 errno = EACCES;
1751 return NT_STATUS_ACCESS_DENIED;
1752 }
1753 }
1754
1755 status = smbd_calculate_access_mask(conn, smb_fname, file_existed,
1756 access_mask,
1757 &access_mask);
1758 if (!NT_STATUS_IS_OK(status)) {
1759 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
1760 "on file %s returned %s\n",
1761 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
1762 return status;
1763 }
1764
1765 open_access_mask = access_mask;
1766
1767 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1768 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1769 }
1770
1771 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1772 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
1773 access_mask));
1774
1775 /*
1776 * Note that we ignore the append flag as append does not
1777 * mean the same thing under DOS and Unix.
1778 */
1779
1780 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1781 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1782 /* DENY_DOS opens are always underlying read-write on the
1783 file handle, no matter what the requested access mask
1784 says. */
1785 if ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1786 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1787 flags = O_RDWR;
1788 } else {
1789 flags = O_WRONLY;
1790 }
1791 } else {
1792 flags = O_RDONLY;
1793 }
1794
1795 /*
1796 * Currently we only look at FILE_WRITE_THROUGH for create options.
1797 */
1798
1799 #if defined(O_SYNC)
1800 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1801 flags2 |= O_SYNC;
1802 }
1803 #endif /* O_SYNC */
1804
1805 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1806 flags2 |= O_APPEND;
1807 }
1808
1809 if (!posix_open && !CAN_WRITE(conn)) {
1810 /*
1811 * We should really return a permission denied error if either
1812 * O_CREAT or O_TRUNC are set, but for compatibility with
1813 * older versions of Samba we just AND them out.
1814 */
1815 flags2 &= ~(O_CREAT|O_TRUNC);
1816 }
1817
1818 /*
1819 * Ensure we can't write on a read-only share or file.
1820 */
1821
1822 if (flags != O_RDONLY && file_existed &&
1823 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1824 DEBUG(5,("open_file_ntcreate: write access requested for "
1825 "file %s on read only %s\n",
1826 smb_fname_str_dbg(smb_fname),
1827 !CAN_WRITE(conn) ? "share" : "file" ));
1828 errno = EACCES;
1829 return NT_STATUS_ACCESS_DENIED;
1830 }
1831
1832 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1833 fsp->share_access = share_access;
1834 fsp->fh->private_options = private_flags;
1835 fsp->access_mask = open_access_mask; /* We change this to the
1836 * requested access_mask after
1837 * the open is done. */
1838 fsp->posix_open = posix_open;
1839
1840 /* Ensure no SAMBA_PRIVATE bits can be set. */
1841 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1842
1843 if (timeval_is_zero(&request_time)) {
1844 request_time = fsp->open_time;
1845 }
1846
1847 if (file_existed) {
1848 struct byte_range_lock *br_lck = NULL;
1849 struct share_mode_entry *batch_entry = NULL;
1850 struct share_mode_entry *exclusive_entry = NULL;
1851 bool got_level2_oplock = false;
1852 bool got_a_none_oplock = false;
1853
1854 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
1855 id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1856
1857 if (!acquire_ordered_locks(talloc_tos(),
1858 fsp,
1859 id,
1860 conn->connectpath,
1861 smb_fname,
1862 &old_write_time,
1863 &lck,
1864 &br_lck)) {
1865 return NT_STATUS_SHARING_VIOLATION;
1866 }
1867
1868 /* Get the types we need to examine. */
1869 find_oplock_types(fsp,
1870 oplock_request,
1871 lck,
1872 &batch_entry,
1873 &exclusive_entry,
1874 &got_level2_oplock,
1875 &got_a_none_oplock);
1876
1877 /* First pass - send break only on batch oplocks. */
1878 if ((req != NULL) &&
1879 delay_for_batch_oplocks(fsp,
1880 req->mid,
1881 oplock_request,
1882 batch_entry)) {
1883 schedule_defer_open(lck, request_time, req);
1884 TALLOC_FREE(lck);
1885 return NT_STATUS_SHARING_VIOLATION;
1886 }
1887
1888 /* Use the client requested access mask here, not the one we
1889 * open with. */
1890 status = open_mode_check(conn, lck, fsp->name_hash,
1891 access_mask, share_access,
1892 create_options, &file_existed);
1893
1894 if (NT_STATUS_IS_OK(status)) {
1895 /* We might be going to allow this open. Check oplock
1896 * status again. */
1897 /* Second pass - send break for both batch or
1898 * exclusive oplocks. */
1899 if ((req != NULL) &&
1900 delay_for_exclusive_oplocks(
1901 fsp,
1902 req->mid,
1903 oplock_request,
1904 exclusive_entry)) {
1905 schedule_defer_open(lck, request_time, req);
1906 TALLOC_FREE(lck);
1907 return NT_STATUS_SHARING_VIOLATION;
1908 }
1909 }
1910
1911 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1912 /* DELETE_PENDING is not deferred for a second */
1913 TALLOC_FREE(lck);
1914 return status;
1915 }
1916
1917 grant_fsp_oplock_type(fsp,
1918 br_lck,
1919 oplock_request,
1920 got_level2_oplock,
1921 got_a_none_oplock);
1922
1923 if (!NT_STATUS_IS_OK(status)) {
1924 uint32 can_access_mask;
1925 bool can_access = True;
1926
1927 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1928
1929 /* Check if this can be done with the deny_dos and fcb
1930 * calls. */
1931 if (private_flags &
1932 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1933 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1934 if (req == NULL) {
1935 DEBUG(0, ("DOS open without an SMB "
1936 "request!\n"));
1937 TALLOC_FREE(lck);
1938 return NT_STATUS_INTERNAL_ERROR;
1939 }
1940
1941 /* Use the client requested access mask here,
1942 * not the one we open with. */
1943 status = fcb_or_dos_open(req,
1944 conn,
1945 fsp,
1946 smb_fname,
1947 id,
1948 req->smbpid,
1949 req->vuid,
1950 access_mask,
1951 share_access,
1952 create_options);
1953
1954 if (NT_STATUS_IS_OK(status)) {
1955 TALLOC_FREE(lck);
1956 if (pinfo) {
1957 *pinfo = FILE_WAS_OPENED;
1958 }
1959 return NT_STATUS_OK;
1960 }
1961 }
1962
1963 /*
1964 * This next line is a subtlety we need for
1965 * MS-Access. If a file open will fail due to share
1966 * permissions and also for security (access) reasons,
1967 * we need to return the access failed error, not the
1968 * share error. We can't open the file due to kernel
1969 * oplock deadlock (it's possible we failed above on
1970 * the open_mode_check()) so use a userspace check.
1971 */
1972
1973 if (flags & O_RDWR) {
1974 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1975 } else if (flags & O_WRONLY) {
1976 can_access_mask = FILE_WRITE_DATA;
1977 } else {
1978 can_access_mask = FILE_READ_DATA;
1979 }
1980
1981 if (((can_access_mask & FILE_WRITE_DATA) &&
1982 !CAN_WRITE(conn)) ||
1983 !can_access_file_data(conn, smb_fname,
1984 can_access_mask)) {
1985 can_access = False;
1986 }
1987
1988 /*
1989 * If we're returning a share violation, ensure we
1990 * cope with the braindead 1 second delay.
1991 */
1992
1993 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1994 lp_defer_sharing_violations()) {
1995 struct timeval timeout;
1996 struct deferred_open_record state;
1997 int timeout_usecs;
1998
1999 /* this is a hack to speed up torture tests
2000 in 'make test' */
2001 timeout_usecs = lp_parm_int(SNUM(conn),
2002 "smbd","sharedelay",
2003 SHARING_VIOLATION_USEC_WAIT);
2004
2005 /* This is a relative time, added to the absolute
2006 request_time value to get the absolute timeout time.
2007 Note that if this is the second or greater time we enter
2008 this codepath for this particular request mid then
2009 request_time is left as the absolute time of the *first*
2010 time this request mid was processed. This is what allows
2011 the request to eventually time out. */
2012
2013 timeout = timeval_set(0, timeout_usecs);
2014
2015 /* Nothing actually uses state.delayed_for_oplocks
2016 but it's handy to differentiate in debug messages
2017 between a 30 second delay due to oplock break, and
2018 a 1 second delay for share mode conflicts. */
2019
2020 state.delayed_for_oplocks = False;
2021 state.id = id;
2022
2023 if ((req != NULL)
2024 && !request_timed_out(request_time,
2025 timeout)) {
2026 defer_open(lck, request_time, timeout,
2027 req, &state);
2028 }
2029 }
2030
2031 TALLOC_FREE(lck);
2032 if (can_access) {
2033 /*
2034 * We have detected a sharing violation here
2035 * so return the correct error code
2036 */
2037 status = NT_STATUS_SHARING_VIOLATION;
2038 } else {
2039 status = NT_STATUS_ACCESS_DENIED;
2040 }
2041 return status;
2042 }
2043
2044 /*
2045 * We exit this block with the share entry *locked*.....
2046 */
2047 }
2048
2049 SMB_ASSERT(!file_existed || (lck != NULL));
2050
2051 /*
2052 * Ensure we pay attention to default ACLs on directories if required.
2053 */
2054
2055 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
2056 (def_acl = directory_has_default_acl(conn, parent_dir))) {
2057 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
2058 }
2059
2060 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2061 "access_mask = 0x%x, open_access_mask = 0x%x\n",
2062 (unsigned int)flags, (unsigned int)flags2,
2063 (unsigned int)unx_mode, (unsigned int)access_mask,
2064 (unsigned int)open_access_mask));
2065
2066 /*
2067 * open_file strips any O_TRUNC flags itself.
2068 */
2069
2070 fsp_open = open_file(fsp, conn, req, parent_dir,
2071 flags|flags2, unx_mode, access_mask,
2072 open_access_mask);
2073
2074 if (!NT_STATUS_IS_OK(fsp_open)) {
2075 if (lck != NULL) {
2076 TALLOC_FREE(lck);
2077 }
2078 return fsp_open;
2079 }
2080
2081 if (!file_existed) {
2082 struct byte_range_lock *br_lck = NULL;
2083 struct share_mode_entry *batch_entry = NULL;
2084 struct share_mode_entry *exclusive_entry = NULL;
2085 bool got_level2_oplock = false;
2086 bool got_a_none_oplock = false;
2087 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
2088 /*
2089 * Deal with the race condition where two smbd's detect the
2090 * file doesn't exist and do the create at the same time. One
2091 * of them will win and set a share mode, the other (ie. this
2092 * one) should check if the requested share mode for this
2093 * create is allowed.
2094 */
2095
2096 /*
2097 * Now the file exists and fsp is successfully opened,
2098 * fsp->dev and fsp->inode are valid and should replace the
2099 * dev=0,inode=0 from a non existent file. Spotted by
2100 * Nadav Danieli <nadavd@exanet.com>. JRA.
2101 */
2102
2103 id = fsp->file_id;
2104
2105 if (!acquire_ordered_locks(talloc_tos(),
2106 fsp,
2107 id,
2108 conn->connectpath,
2109 smb_fname,
2110 &old_write_time,
2111 &lck,
2112 &br_lck)) {
2113 return NT_STATUS_SHARING_VIOLATION;
2114 }
2115
2116 /* Get the types we need to examine. */
2117 find_oplock_types(fsp,
2118 oplock_request,
2119 lck,
2120 &batch_entry,
2121 &exclusive_entry,
2122 &got_level2_oplock,
2123 &got_a_none_oplock);
2124
2125 /* First pass - send break only on batch oplocks. */
2126 if ((req != NULL) &&
2127 delay_for_batch_oplocks(fsp,
2128 req->mid,
2129 oplock_request,
2130 batch_entry)) {
2131 schedule_defer_open(lck, request_time, req);
2132 TALLOC_FREE(lck);
2133 fd_close(fsp);
2134 return NT_STATUS_SHARING_VIOLATION;
2135 }
2136
2137 status = open_mode_check(conn, lck, fsp->name_hash,
2138 access_mask, share_access,
2139 create_options, &file_existed);
2140
2141 if (NT_STATUS_IS_OK(status)) {
2142 /* We might be going to allow this open. Check oplock
2143 * status again. */
2144 /* Second pass - send break for both batch or
2145 * exclusive oplocks. */
2146 if ((req != NULL) &&
2147 delay_for_exclusive_oplocks(
2148 fsp,
2149 req->mid,
2150 oplock_request,
2151 exclusive_entry)) {
2152 schedule_defer_open(lck, request_time, req);
2153 TALLOC_FREE(lck);
2154 fd_close(fsp);
2155 return NT_STATUS_SHARING_VIOLATION;
2156 }
2157 }
2158
2159 if (!NT_STATUS_IS_OK(status)) {
2160 struct deferred_open_record state;
2161
2162 fd_close(fsp);
2163
2164 state.delayed_for_oplocks = False;
2165 state.id = id;
2166
2167 /* Do it all over again immediately. In the second
2168 * round we will find that the file existed and handle
2169 * the DELETE_PENDING and FCB cases correctly. No need
2170 * to duplicate the code here. Essentially this is a
2171 * "goto top of this function", but don't tell
2172 * anybody... */
2173
2174 if (req != NULL) {
2175 defer_open(lck, request_time, timeval_zero(),
2176 req, &state);
2177 }
2178 TALLOC_FREE(lck);
2179 return status;
2180 }
2181
2182 grant_fsp_oplock_type(fsp,
2183 br_lck,
2184 oplock_request,
2185 got_level2_oplock,
2186 got_a_none_oplock);
2187
2188 /*
2189 * We exit this block with the share entry *locked*.....
2190 */
2191
2192 }
2193
2194 SMB_ASSERT(lck != NULL);
2195
2196 /* Delete streams if create_disposition requires it */
2197 if (file_existed && clear_ads &&
2198 !is_ntfs_stream_smb_fname(smb_fname)) {
2199 status = delete_all_streams(conn, smb_fname->base_name);
2200 if (!NT_STATUS_IS_OK(status)) {
2201 TALLOC_FREE(lck);
2202 fd_close(fsp);
2203 return status;
2204 }
2205 }
2206
2207 /* note that we ignore failure for the following. It is
2208 basically a hack for NFS, and NFS will never set one of
2209 these only read them. Nobody but Samba can ever set a deny
2210 mode and we have already checked our more authoritative
2211 locking database for permission to set this deny mode. If
2212 the kernel refuses the operations then the kernel is wrong.
2213 note that GPFS supports it as well - jmcd */
2214
2215 if (fsp->fh->fd != -1) {
2216 int ret_flock;
2217 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
2218 if(ret_flock == -1 ){
2219
2220 TALLOC_FREE(lck);
2221 fd_close(fsp);
2222
2223 return NT_STATUS_SHARING_VIOLATION;
2224 }
2225 }
2226
2227 /*
2228 * At this point onwards, we can guarentee that the share entry
2229 * is locked, whether we created the file or not, and that the
2230 * deny mode is compatible with all current opens.
2231 */
2232
2233 /*
2234 * If requested, truncate the file.
2235 */
2236
2237 if (file_existed && (flags2&O_TRUNC)) {
2238 /*
2239 * We are modifing the file after open - update the stat
2240 * struct..
2241 */
2242 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2243 (SMB_VFS_FSTAT(fsp, &smb_fname->st)==-1)) {
2244 status = map_nt_error_from_unix(errno);
2245 TALLOC_FREE(lck);
2246 fd_close(fsp);
2247 return status;
2248 }
2249 }
2250
2251 /*
2252 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2253 * but we don't have to store this - just ignore it on access check.
2254 */
2255 if (conn->sconn->using_smb2) {
2256 /*
2257 * SMB2 doesn't return it (according to Microsoft tests).
2258 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
2259 * File created with access = 0x7 (Read, Write, Delete)
2260 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
2261 */
2262 fsp->access_mask = access_mask;
2263 } else {
2264 /* But SMB1 does. */
2265 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2266 }
2267
2268 if (file_existed) {
2269 /* stat opens on existing files don't get oplocks. */
2270 if (is_stat_open(open_access_mask)) {
2271 fsp->oplock_type = NO_OPLOCK;
2272 }
2273
2274 if (!(flags2 & O_TRUNC)) {
2275 info = FILE_WAS_OPENED;
2276 } else {
2277 info = FILE_WAS_OVERWRITTEN;
2278 }
2279 } else {
2280 info = FILE_WAS_CREATED;
2281 }
2282
2283 if (pinfo) {
2284 *pinfo = info;
2285 }
2286
2287 /*
2288 * Setup the oplock info in both the shared memory and
2289 * file structs.
2290 */
2291
2292 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2293 /*
2294 * Could not get the kernel oplock or there are byte-range
2295 * locks on the file.
2296 */
2297 fsp->oplock_type = NO_OPLOCK;
2298 }
2299
2300 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2301 new_file_created = True;
2302 }
2303
2304 set_share_mode(lck, fsp, get_current_uid(conn),
2305 req ? req->mid : 0,
2306 fsp->oplock_type);
2307
2308 /* Handle strange delete on close create semantics. */
2309 if (create_options & FILE_DELETE_ON_CLOSE) {
2310
2311 status = can_set_delete_on_close(fsp, new_dos_attributes);
2312
2313 if (!NT_STATUS_IS_OK(status)) {
2314 /* Remember to delete the mode we just added. */
2315 del_share_mode(lck, fsp);
2316 TALLOC_FREE(lck);
2317 fd_close(fsp);
2318 return status;
2319 }
2320 /* Note that here we set the *inital* delete on close flag,
2321 not the regular one. The magic gets handled in close. */
2322 fsp->initial_delete_on_close = True;
2323 }
2324
2325 if (new_file_created) {
2326 /* Files should be initially set as archive */
2327 if (lp_map_archive(SNUM(conn)) ||
2328 lp_store_dos_attributes(SNUM(conn))) {
2329 if (!posix_open) {
2330 if (file_set_dosmode(conn, smb_fname,
2331 new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
2332 parent_dir, true) == 0) {
2333 unx_mode = smb_fname->st.st_ex_mode;
2334 }
2335 }
2336 }
2337 }
2338
2339 /* Determine sparse flag. */
2340 if (posix_open) {
2341 /* POSIX opens are sparse by default. */
2342 fsp->is_sparse = true;
2343 } else {
2344 fsp->is_sparse = (file_existed &&
2345 (existing_dos_attributes & FILE_ATTRIBUTE_SPARSE));
2346 }
2347
2348 /*
2349 * Take care of inherited ACLs on created files - if default ACL not
2350 * selected.
2351 */
2352
2353 if (!posix_open && !file_existed && !def_acl) {
2354
2355 int saved_errno = errno; /* We might get ENOSYS in the next
2356 * call.. */
2357
2358 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2359 errno == ENOSYS) {
2360 errno = saved_errno; /* Ignore ENOSYS */
2361 }
2362
2363 } else if (new_unx_mode) {
2364
2365 int ret = -1;
2366
2367 /* Attributes need changing. File already existed. */
2368
2369 {
2370 int saved_errno = errno; /* We might get ENOSYS in the
2371 * next call.. */
2372 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2373
2374 if (ret == -1 && errno == ENOSYS) {
2375 errno = saved_errno; /* Ignore ENOSYS */
2376 } else {
2377 DEBUG(5, ("open_file_ntcreate: reset "
2378 "attributes of file %s to 0%o\n",
2379 smb_fname_str_dbg(smb_fname),
2380 (unsigned int)new_unx_mode));
2381 ret = 0; /* Don't do the fchmod below. */
2382 }
2383 }
2384
2385 if ((ret == -1) &&
2386 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2387 DEBUG(5, ("open_file_ntcreate: failed to reset "
2388 "attributes of file %s to 0%o\n",
2389 smb_fname_str_dbg(smb_fname),
2390 (unsigned int)new_unx_mode));
2391 }
2392
2393 /* If this is a successful open, we must remove any deferred open
2394 * records. */
2395 if (req != NULL) {
2396 del_deferred_open_entry(lck, req->mid,
2397 sconn_server_id(req->sconn));
2398 }
2399 TALLOC_FREE(lck);
2400
2401 return NT_STATUS_OK;
2402 }
2403
2404
2405 /****************************************************************************
2406 Open a file for for write to ensure that we can fchmod it.
2407 ****************************************************************************/
2408
2409 NTSTATUS open_file_fchmod(connection_struct *conn,
2410 struct smb_filename *smb_fname,
2411 files_struct **result)
2412 {
2413 if (!VALID_STAT(smb_fname->st)) {
2414 return NT_STATUS_INVALID_PARAMETER;
2415 }
2416
2417 return SMB_VFS_CREATE_FILE(
2418 conn, /* conn */
2419 NULL, /* req */
2420 0, /* root_dir_fid */
2421 smb_fname, /* fname */
2422 FILE_WRITE_DATA, /* access_mask */
2423 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2424 FILE_SHARE_DELETE),
2425 FILE_OPEN, /* create_disposition*/
2426 0, /* create_options */
2427 0, /* file_attributes */
2428 INTERNAL_OPEN_ONLY, /* oplock_request */
2429 0, /* allocation_size */
2430 0, /* private_flags */
2431 NULL, /* sd */
2432 NULL, /* ea_list */
2433 result, /* result */
2434 NULL); /* pinfo */
2435 }
2436
2437 static NTSTATUS mkdir_internal(connection_struct *conn,
2438 struct smb_filename *smb_dname,
2439 uint32 file_attributes)
2440 {
2441 mode_t mode;
2442 char *parent_dir;
2443 NTSTATUS status;
2444 bool posix_open = false;
2445 bool need_re_stat = false;
2446
2447 if(!CAN_WRITE(conn)) {
2448 DEBUG(5,("mkdir_internal: failing create on read-only share "
2449 "%s\n", lp_servicename(SNUM(conn))));
2450 return NT_STATUS_ACCESS_DENIED;
2451 }
2452
2453 status = check_name(conn, smb_dname->base_name);
2454 if (!NT_STATUS_IS_OK(status)) {
2455 return status;
2456 }
2457
2458 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2459 NULL)) {
2460 return NT_STATUS_NO_MEMORY;
2461 }
2462
2463 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2464 posix_open = true;
2465 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2466 } else {
2467 mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, smb_dname, parent_dir);
2468 }
2469
2470 if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2471 return map_nt_error_from_unix(errno);
2472 }
2473
2474 /* Ensure we're checking for a symlink here.... */
2475 /* We don't want to get caught by a symlink racer. */
2476
2477 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2478 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2479 smb_fname_str_dbg(smb_dname), strerror(errno)));
2480 return map_nt_error_from_unix(errno);
2481 }
2482
2483 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2484 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2485 smb_fname_str_dbg(smb_dname)));
2486 return NT_STATUS_ACCESS_DENIED;
2487 }
2488
2489 if (lp_store_dos_attributes(SNUM(conn))) {
2490 if (!posix_open) {
2491 file_set_dosmode(conn, smb_dname,
2492 file_attributes | FILE_ATTRIBUTE_DIRECTORY,
2493 parent_dir, true);
2494 }
2495 }
2496
2497 if (lp_inherit_perms(SNUM(conn))) {
2498 inherit_access_posix_acl(conn, parent_dir,
2499 smb_dname->base_name, mode);
2500 need_re_stat = true;
2501 }
2502
2503 if (!posix_open) {
2504 /*
2505 * Check if high bits should have been set,
2506 * then (if bits are missing): add them.
2507 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2508 * dir.
2509 */
2510 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2511 (mode & ~smb_dname->st.st_ex_mode)) {
2512 SMB_VFS_CHMOD(conn, smb_dname->base_name,
2513 (smb_dname->st.st_ex_mode |
2514 (mode & ~smb_dname->st.st_ex_mode)));
2515 need_re_stat = true;
2516 }
2517 }
2518
2519 /* Change the owner if required. */
2520 if (lp_inherit_owner(SNUM(conn))) {
2521 change_dir_owner_to_parent(conn, parent_dir,
2522 smb_dname->base_name,
2523 &smb_dname->st);
2524 need_re_stat = true;
2525 }
2526
2527 if (need_re_stat) {
2528 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2529 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2530 smb_fname_str_dbg(smb_dname), strerror(errno)));
2531 return map_nt_error_from_unix(errno);
2532 }
2533 }
2534
2535 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2536 smb_dname->base_name);
2537
2538 return NT_STATUS_OK;
2539 }
2540
2541 /****************************************************************************
2542 Ensure we didn't get symlink raced on opening a directory.
2543 ****************************************************************************/
2544
2545 bool check_same_stat(const SMB_STRUCT_STAT *sbuf1,
2546 const SMB_STRUCT_STAT *sbuf2)
2547 {
2548 if (sbuf1->st_ex_uid != sbuf2->st_ex_uid ||
2549 sbuf1->st_ex_gid != sbuf2->st_ex_gid ||
2550 sbuf1->st_ex_dev != sbuf2->st_ex_dev ||
2551 sbuf1->st_ex_ino != sbuf2->st_ex_ino) {
2552 return false;
2553 }
2554 return true;
2555 }
2556
2557 /****************************************************************************
2558 Open a directory from an NT SMB call.
2559 ****************************************************************************/
2560
2561 static NTSTATUS open_directory(connection_struct *conn,
2562 struct smb_request *req,
2563 struct smb_filename *smb_dname,
2564 uint32 access_mask,
2565 uint32 share_access,
2566 uint32 create_disposition,
2567 uint32 create_options,
2568 uint32 file_attributes,
2569 int *pinfo,
2570 files_struct **result)
2571 {
2572 files_struct *fsp = NULL;
2573 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
2574 struct share_mode_lock *lck = NULL;
2575 NTSTATUS status;
2576 struct timespec mtimespec;
2577 int info = 0;
2578
2579 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
2580
2581 /* Ensure we have a directory attribute. */
2582 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
2583
2584 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2585 "share_access = 0x%x create_options = 0x%x, "
2586 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2587 smb_fname_str_dbg(smb_dname),
2588 (unsigned int)access_mask,
2589 (unsigned int)share_access,
2590 (unsigned int)create_options,
2591 (unsigned int)create_disposition,
2592 (unsigned int)file_attributes));
2593
2594 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2595 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2596 is_ntfs_stream_smb_fname(smb_dname)) {
2597 DEBUG(2, ("open_directory: %s is a stream name!\n",
2598 smb_fname_str_dbg(smb_dname)));
2599 return NT_STATUS_NOT_A_DIRECTORY;
2600 }
2601
2602 status = smbd_calculate_access_mask(conn, smb_dname, dir_existed,
2603 access_mask, &access_mask);
2604 if (!NT_STATUS_IS_OK(status)) {
2605 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
2606 "on file %s returned %s\n",
2607 smb_fname_str_dbg(smb_dname),
2608 nt_errstr(status)));
2609 return status;
2610 }
2611
2612 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2613 !security_token_has_privilege(get_current_nttok(conn),
2614 SEC_PRIV_SECURITY)) {
2615 DEBUG(10, ("open_directory: open on %s "
2616 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2617 smb_fname_str_dbg(smb_dname)));
2618 return NT_STATUS_PRIVILEGE_NOT_HELD;
2619 }
2620
2621 switch( create_disposition ) {
2622 case FILE_OPEN:
2623
2624 if (!dir_existed) {
2625 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2626 }
2627
2628 info = FILE_WAS_OPENED;
2629 break;
2630
2631 case FILE_CREATE:
2632
2633 /* If directory exists error. If directory doesn't
2634 * exist create. */
2635
2636 status = mkdir_internal(conn, smb_dname,
2637 file_attributes);
2638
2639 if (!NT_STATUS_IS_OK(status)) {
2640 DEBUG(2, ("open_directory: unable to create "
2641 "%s. Error was %s\n",
2642 smb_fname_str_dbg(smb_dname),
2643 nt_errstr(status)));
2644 return status;
2645 }
2646
2647 info = FILE_WAS_CREATED;
2648 break;
2649
2650 case FILE_OPEN_IF:
2651 /*
2652 * If directory exists open. If directory doesn't
2653 * exist create.
2654 */
2655
2656 status = mkdir_internal(conn, smb_dname,
2657 file_attributes);
2658
2659 if (NT_STATUS_IS_OK(status)) {
2660 info = FILE_WAS_CREATED;
2661 }
2662
2663 if (NT_STATUS_EQUAL(status,
2664 NT_STATUS_OBJECT_NAME_COLLISION)) {
2665 info = FILE_WAS_OPENED;
2666 status = NT_STATUS_OK;
2667 }
2668 break;
2669
2670 case FILE_SUPERSEDE:
2671 case FILE_OVERWRITE:
2672 case FILE_OVERWRITE_IF:
2673 default:
2674 DEBUG(5,("open_directory: invalid create_disposition "
2675 "0x%x for directory %s\n",
2676 (unsigned int)create_disposition,
2677 smb_fname_str_dbg(smb_dname)));
2678 return NT_STATUS_INVALID_PARAMETER;
2679 }
2680
2681 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
2682 DEBUG(5,("open_directory: %s is not a directory !\n",
2683 smb_fname_str_dbg(smb_dname)));
2684 return NT_STATUS_NOT_A_DIRECTORY;
2685 }
2686
2687 if (info == FILE_WAS_OPENED) {
2688 uint32_t access_granted = 0;
2689 status = smbd_check_open_rights(conn, smb_dname, access_mask,
2690 &access_granted);
2691
2692 /* Were we trying to do a directory open
2693 * for delete and didn't get DELETE
2694 * access (only) ? Check if the
2695 * directory allows DELETE_CHILD.
2696 * See here:
2697 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
2698 * for details. */
2699
2700 if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
2701 (access_mask & DELETE_ACCESS) &&
2702 (access_granted == DELETE_ACCESS) &&
2703 can_delete_file_in_directory(conn, smb_dname))) {
2704 DEBUG(10,("open_directory: overrode ACCESS_DENIED "
2705 "on directory %s\n",
2706 smb_fname_str_dbg(smb_dname)));
2707 status = NT_STATUS_OK;
2708 }
2709
2710 if (!NT_STATUS_IS_OK(status)) {
2711 DEBUG(10, ("open_directory: smbd_check_open_rights on "
2712 "file %s failed with %s\n",
2713 smb_fname_str_dbg(smb_dname),
2714 nt_errstr(status)));
2715 return status;
2716 }
2717 }
2718
2719 status = file_new(req, conn, &fsp);
2720 if(!NT_STATUS_IS_OK(status)) {
2721 return status;
2722 }
2723
2724 /*
2725 * Setup the files_struct for it.
2726 */
2727
2728 fsp->mode = smb_dname->st.st_ex_mode;
2729 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
2730 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2731 fsp->file_pid = req ? req->smbpid : 0;
2732 fsp->can_lock = False;
2733 fsp->can_read = False;
2734 fsp->can_write = False;
2735
2736 fsp->share_access = share_access;
2737 fsp->fh->private_options = 0;
2738 /*
2739 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2740 */
2741 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2742 fsp->print_file = NULL;
2743 fsp->modified = False;
2744 fsp->oplock_type = NO_OPLOCK;
2745 fsp->sent_oplock_break = NO_BREAK_SENT;
2746 fsp->is_directory = True;
2747 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2748 status = fsp_set_smb_fname(fsp, smb_dname);
2749 if (!NT_STATUS_IS_OK(status)) {
2750 file_free(req, fsp);
2751 return status;
2752 }
2753
2754 mtimespec = smb_dname->st.st_ex_mtime;
2755
2756 #ifdef O_DIRECTORY
2757 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
2758 #else
2759 /* POSIX allows us to open a directory with O_RDONLY. */
2760 status = fd_open(conn, fsp, O_RDONLY, 0);
2761 #endif
2762 if (!NT_STATUS_IS_OK(status)) {
2763 DEBUG(5, ("open_directory: Could not open fd for "
2764 "%s (%s)\n",
2765 smb_fname_str_dbg(smb_dname),
2766 nt_errstr(status)));
2767 file_free(req, fsp);
2768 return status;
2769 }
2770
2771 status = vfs_stat_fsp(fsp);
2772 if (!NT_STATUS_IS_OK(status)) {
2773 fd_close(fsp);
2774 file_free(req, fsp);
2775 return status;
2776 }
2777
2778 /* Ensure there was no race condition. */
2779 if (!check_same_stat(&smb_dname->st, &fsp->fsp_name->st)) {
2780 DEBUG(5,("open_directory: stat struct differs for "
2781 "directory %s.\n",
2782 smb_fname_str_dbg(smb_dname)));
2783 fd_close(fsp);
2784 file_free(req, fsp);
2785 return NT_STATUS_ACCESS_DENIED;
2786 }
2787
2788 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2789 conn->connectpath, smb_dname, &mtimespec);
2790
2791 if (lck == NULL) {
2792 DEBUG(0, ("open_directory: Could not get share mode lock for "
2793 "%s\n", smb_fname_str_dbg(smb_dname)));
2794 fd_close(fsp);
2795 file_free(req, fsp);
2796 return NT_STATUS_SHARING_VIOLATION;
2797 }
2798
2799 status = open_mode_check(conn, lck, fsp->name_hash,
2800 access_mask, share_access,
2801 create_options, &dir_existed);
2802
2803 if (!NT_STATUS_IS_OK(status)) {
2804 TALLOC_FREE(lck);
2805 fd_close(fsp);
2806 file_free(req, fsp);
2807 return status;
2808 }
2809
2810 set_share_mode(lck, fsp, get_current_uid(conn),
2811 req ? req->mid : 0, NO_OPLOCK);
2812
2813 /* For directories the delete on close bit at open time seems
2814 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2815 if (create_options & FILE_DELETE_ON_CLOSE) {
2816 status = can_set_delete_on_close(fsp, 0);
2817 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2818 TALLOC_FREE(lck);
2819 fd_close(fsp);
2820 file_free(req, fsp);
2821 return status;
2822 }
2823
2824 if (NT_STATUS_IS_OK(status)) {
2825 /* Note that here we set the *inital* delete on close flag,
2826 not the regular one. The magic gets handled in close. */
2827 fsp->initial_delete_on_close = True;
2828 }
2829 }
2830
2831 TALLOC_FREE(lck);
2832
2833 if (pinfo) {
2834 *pinfo = info;
2835 }
2836
2837 *result = fsp;
2838 return NT_STATUS_OK;
2839 }
2840
2841 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
2842 struct smb_filename *smb_dname)
2843 {
2844 NTSTATUS status;
2845 files_struct *fsp;
2846
2847 status = SMB_VFS_CREATE_FILE(
2848 conn, /* conn */
2849 req, /* req */
2850 0, /* root_dir_fid */
2851 smb_dname, /* fname */
2852 FILE_READ_ATTRIBUTES, /* access_mask */
2853 FILE_SHARE_NONE, /* share_access */
2854 FILE_CREATE, /* create_disposition*/
2855 FILE_DIRECTORY_FILE, /* create_options */
2856 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
2857 0, /* oplock_request */
2858 0, /* allocation_size */
2859 0, /* private_flags */
2860 NULL, /* sd */
2861 NULL, /* ea_list */
2862 &fsp, /* result */
2863 NULL); /* pinfo */
2864
2865 if (NT_STATUS_IS_OK(status)) {
2866 close_file(req, fsp, NORMAL_CLOSE);
2867 }
2868
2869 return status;
2870 }
2871
2872 /****************************************************************************
2873 Receive notification that one of our open files has been renamed by another
2874 smbd process.
2875 ****************************************************************************/
2876
2877 void msg_file_was_renamed(struct messaging_context *msg,
2878 void *private_data,
2879 uint32_t msg_type,
2880 struct server_id server_id,
2881 DATA_BLOB *data)
2882 {
2883 struct smbd_server_connection *sconn;
2884 files_struct *fsp;
2885 char *frm = (char *)data->data;
2886 struct file_id id;
2887 const char *sharepath;
2888 const char *base_name;
2889 const char *stream_name;
2890 struct smb_filename *smb_fname = NULL;
2891 size_t sp_len, bn_len;
2892 NTSTATUS status;
2893
2894 sconn = msg_ctx_to_sconn(msg);
2895 if (sconn == NULL) {
2896 DEBUG(1, ("could not find sconn\n"));
2897 return;
2898 }
2899
2900 if (data->data == NULL
2901 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2902 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2903 (int)data->length));
2904 return;
2905 }
2906
2907 /* Unpack the message. */
2908 pull_file_id_24(frm, &id);
2909 sharepath = &frm[24];
2910 sp_len = strlen(sharepath);
2911 base_name = sharepath + sp_len + 1;
2912 bn_len = strlen(base_name);
2913 stream_name = sharepath + sp_len + 1 + bn_len + 1;
2914
2915 /* stream_name must always be NULL if there is no stream. */
2916 if (stream_name[0] == '\0') {
2917 stream_name = NULL;
2918 }
2919
2920 status = create_synthetic_smb_fname(talloc_tos(), base_name,
2921 stream_name, NULL, &smb_fname);
2922 if (!NT_STATUS_IS_OK(status)) {
2923 return;
2924 }
2925
2926 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2927 "file_id %s\n",
2928 sharepath, smb_fname_str_dbg(smb_fname),
2929 file_id_string_tos(&id)));
2930
2931 for(fsp = file_find_di_first(sconn, id); fsp;
2932 fsp = file_find_di_next(fsp)) {
2933 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2934
2935 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2936 fsp->fnum, fsp_str_dbg(fsp),
2937 smb_fname_str_dbg(smb_fname)));
2938 status = fsp_set_smb_fname(fsp, smb_fname);
2939 if (!NT_STATUS_IS_OK(status)) {
2940 goto out;
2941 }
2942 } else {
2943 /* TODO. JRA. */
2944 /* Now we have the complete path we can work out if this is
2945 actually within this share and adjust newname accordingly. */
2946 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2947 "not sharepath %s) "
2948 "fnum %d from %s -> %s\n",
2949 fsp->conn->connectpath,
2950 sharepath,
2951 fsp->fnum,
2952 fsp_str_dbg(fsp),
2953 smb_fname_str_dbg(smb_fname)));
2954 }
2955 }
2956 out:
2957 TALLOC_FREE(smb_fname);
2958 return;
2959 }
2960
2961 /*
2962 * If a main file is opened for delete, all streams need to be checked for
2963 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2964 * If that works, delete them all by setting the delete on close and close.
2965 */
2966
2967 NTSTATUS open_streams_for_delete(connection_struct *conn,
2968 const char *fname)
2969 {
2970 struct stream_struct *stream_info = NULL;
2971 files_struct **streams = NULL;
2972 int i;
2973 unsigned int num_streams = 0;
2974 TALLOC_CTX *frame = talloc_stackframe();
2975 NTSTATUS status;
2976
2977 status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
2978 &num_streams, &stream_info);
2979
2980 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2981 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2982 DEBUG(10, ("no streams around\n"));
2983 TALLOC_FREE(frame);
2984 return NT_STATUS_OK;
2985 }
2986
2987 if (!NT_STATUS_IS_OK(status)) {
2988 DEBUG(10, ("vfs_streaminfo failed: %s\n",
2989 nt_errstr(status)));
2990 goto fail;
2991 }
2992
2993 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2994 num_streams));
2995
2996 if (num_streams == 0) {
2997 TALLOC_FREE(frame);
2998 return NT_STATUS_OK;
2999 }
3000
3001 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
3002 if (streams == NULL) {
3003 DEBUG(0, ("talloc failed\n"));
3004 status = NT_STATUS_NO_MEMORY;
3005 goto fail;
3006 }
3007
3008 for (i=0; i<num_streams; i++) {
3009 struct smb_filename *smb_fname = NULL;
3010
3011 if (strequal(stream_info[i].name, "::$DATA")) {
3012 streams[i] = NULL;
3013 continue;
3014 }
3015
3016 status = create_synthetic_smb_fname(talloc_tos(), fname,
3017 stream_info[i].name,
3018 NULL, &smb_fname);
3019 if (!NT_STATUS_IS_OK(status)) {
3020 goto fail;
3021 }
3022
3023 if (SMB_VFS_STAT(conn, smb_fname) == -1) {
3024 DEBUG(10, ("Unable to stat stream: %s\n",
3025 smb_fname_str_dbg(smb_fname)));
3026 }
3027
3028 status = SMB_VFS_CREATE_FILE(
3029 conn, /* conn */
3030 NULL, /* req */
3031 0, /* root_dir_fid */
3032 smb_fname, /* fname */
3033 DELETE_ACCESS, /* access_mask */
3034 (FILE_SHARE_READ | /* share_access */
3035 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
3036 FILE_OPEN, /* create_disposition*/
3037 0, /* create_options */
3038 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
3039 0, /* oplock_request */
3040 0, /* allocation_size */
3041 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
3042 NULL, /* sd */
3043 NULL, /* ea_list */
3044 &streams[i], /* result */
3045 NULL); /* pinfo */
3046
3047 if (!NT_STATUS_IS_OK(status)) {
3048 DEBUG(10, ("Could not open stream %s: %s\n",
3049 smb_fname_str_dbg(smb_fname),
3050 nt_errstr(status)));
3051
3052 TALLOC_FREE(smb_fname);
3053 break;
3054 }
3055 TALLOC_FREE(smb_fname);
3056 }
3057
3058 /*
3059 * don't touch the variable "status" beyond this point :-)
3060 */
3061
3062 for (i -= 1 ; i >= 0; i--) {
3063 if (streams[i] == NULL) {
3064 continue;
3065 }
3066
3067 DEBUG(10, ("Closing stream # %d, %s\n", i,
3068 fsp_str_dbg(streams[i])));
3069 close_file(NULL, streams[i], NORMAL_CLOSE);
3070 }
3071
3072 fail:
3073 TALLOC_FREE(frame);
3074 return status;
3075 }
3076
3077 /*
3078 * Wrapper around open_file_ntcreate and open_directory
3079 */
3080
3081 static NTSTATUS create_file_unixpath(connection_struct *conn,
3082 struct smb_request *req,
3083 struct smb_filename *smb_fname,
3084 uint32_t access_mask,
3085 uint32_t share_access,
3086 uint32_t create_disposition,
3087 uint32_t create_options,
3088 uint32_t file_attributes,
3089 uint32_t oplock_request,
3090 uint64_t allocation_size,
3091 uint32_t private_flags,
3092 struct security_descriptor *sd,
3093 struct ea_list *ea_list,
3094
3095 files_struct **result,
3096 int *pinfo)
3097 {
3098 int info = FILE_WAS_OPENED;
3099 files_struct *base_fsp = NULL;
3100 files_struct *fsp = NULL;
3101 NTSTATUS status;
3102
3103 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
3104 "file_attributes = 0x%x, share_access = 0x%x, "
3105 "create_disposition = 0x%x create_options = 0x%x "
3106 "oplock_request = 0x%x private_flags = 0x%x "
3107 "ea_list = 0x%p, sd = 0x%p, "
3108 "fname = %s\n",
3109 (unsigned int)access_mask,
3110 (unsigned int)file_attributes,
3111 (unsigned int)share_access,
3112 (unsigned int)create_disposition,
3113 (unsigned int)create_options,
3114 (unsigned int)oplock_request,
3115 (unsigned int)private_flags,
3116 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3117
3118 if (create_options & FILE_OPEN_BY_FILE_ID) {
3119 status = NT_STATUS_NOT_SUPPORTED;
3120 goto fail;
3121 }
3122
3123 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
3124 status = NT_STATUS_INVALID_PARAMETER;
3125 goto fail;
3126 }
3127
3128 if (req == NULL) {
3129 oplock_request |= INTERNAL_OPEN_ONLY;
3130 }
3131
3132 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3133 && (access_mask & DELETE_ACCESS)
3134 && !is_ntfs_stream_smb_fname(smb_fname)) {
3135 /*
3136 * We can't open a file with DELETE access if any of the
3137 * streams is open without FILE_SHARE_DELETE
3138 */
3139 status = open_streams_for_delete(conn, smb_fname->base_name);
3140
3141 if (!NT_STATUS_IS_OK(status)) {
3142 goto fail;
3143 }
3144 }
3145
3146 /* This is the correct thing to do (check every time) but can_delete
3147 * is expensive (it may have to read the parent directory
3148 * permissions). So for now we're not doing it unless we have a strong
3149 * hint the client is really going to delete this file. If the client
3150 * is forcing FILE_CREATE let the filesystem take care of the
3151 * permissions. */
3152
3153 /* Setting FILE_SHARE_DELETE is the hint. */
3154
3155 if ((create_disposition != FILE_CREATE)
3156 && (access_mask & DELETE_ACCESS)
3157 && (!(can_delete_file_in_directory(conn, smb_fname) ||
3158 can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {
3159 status = NT_STATUS_ACCESS_DENIED;
3160 DEBUG(10,("create_file_unixpath: open file %s "
3161 "for delete ACCESS_DENIED\n",
3162 smb_fname_str_dbg(smb_fname)));
3163 goto fail;
3164 }
3165
3166 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
3167 !security_token_has_privilege(get_current_nttok(conn),
3168 SEC_PRIV_SECURITY)) {
3169 DEBUG(10, ("create_file_unixpath: open on %s "
3170 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3171 smb_fname_str_dbg(smb_fname)));
3172 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3173 goto fail;
3174 }
3175
3176 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3177 && is_ntfs_stream_smb_fname(smb_fname)
3178 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
3179 uint32 base_create_disposition;
3180 struct smb_filename *smb_fname_base = NULL;
3181
3182 if (create_options & FILE_DIRECTORY_FILE) {
3183 status = NT_STATUS_NOT_A_DIRECTORY;
3184 goto fail;
3185 }
3186
3187 switch (create_disposition) {
3188 case FILE_OPEN:
3189 base_create_disposition = FILE_OPEN;
3190 break;
3191 default:
3192 base_create_disposition = FILE_OPEN_IF;
3193 break;
3194 }
3195
3196 /* Create an smb_filename with stream_name == NULL. */
3197 status = create_synthetic_smb_fname(talloc_tos(),
3198 smb_fname->base_name,
3199 NULL, NULL,
3200 &smb_fname_base);
3201 if (!NT_STATUS_IS_OK(status)) {
3202 goto fail;
3203 }
3204
3205 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
3206 DEBUG(10, ("Unable to stat stream: %s\n",
3207 smb_fname_str_dbg(smb_fname_base)));
3208 }
3209
3210 /* Open the base file. */
3211 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
3212 FILE_SHARE_READ
3213 | FILE_SHARE_WRITE
3214 | FILE_SHARE_DELETE,
3215 base_create_disposition,
3216 0, 0, 0, 0, 0, NULL, NULL,
3217 &base_fsp, NULL);
3218 TALLOC_FREE(smb_fname_base);
3219
3220 if (!NT_STATUS_IS_OK(status)) {
3221 DEBUG(10, ("create_file_unixpath for base %s failed: "
3222 "%s\n", smb_fname->base_name,
3223 nt_errstr(status)));
3224 goto fail;
3225 }
3226 /* we don't need to low level fd */
3227 fd_close(base_fsp);
3228 }
3229
3230 /*
3231 * If it's a request for a directory open, deal with it separately.
3232 */
3233
3234 if (create_options & FILE_DIRECTORY_FILE) {
3235
3236 if (create_options & FILE_NON_DIRECTORY_FILE) {
3237 status = NT_STATUS_INVALID_PARAMETER;
3238 goto fail;
3239 }
3240
3241 /* Can't open a temp directory. IFS kit test. */
3242 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
3243 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
3244 status = NT_STATUS_INVALID_PARAMETER;
3245 goto fail;
3246 }
3247
3248 /*
3249 * We will get a create directory here if the Win32
3250 * app specified a security descriptor in the
3251 * CreateDirectory() call.
3252 */
3253
3254 oplock_request = 0;
3255 status = open_directory(
3256 conn, req, smb_fname, access_mask, share_access,
3257 create_disposition, create_options, file_attributes,
3258 &info, &fsp);
3259 } else {
3260
3261 /*
3262 * Ordinary file case.
3263 */
3264
3265 status = file_new(req, conn, &fsp);
3266 if(!NT_STATUS_IS_OK(status)) {
3267 goto fail;
3268 }
3269
3270 status = fsp_set_smb_fname(fsp, smb_fname);
3271 if (!NT_STATUS_IS_OK(status)) {
3272 goto fail;
3273 }
3274
3275 /*
3276 * We're opening the stream element of a base_fsp
3277 * we already opened. Set up the base_fsp pointer.
3278 */
3279 if (base_fsp) {
3280 fsp->base_fsp = base_fsp;
3281 }
3282
3283 status = open_file_ntcreate(conn,
3284 req,
3285 access_mask,
3286 share_access,
3287 create_disposition,
3288 create_options,
3289 file_attributes,
3290 oplock_request,
3291 private_flags,
3292 &info,
3293 fsp);
3294
3295 if(!NT_STATUS_IS_OK(status)) {
3296 file_free(req, fsp);
3297 fsp = NULL;
3298 }
3299
3300 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3301
3302 /* A stream open never opens a directory */
3303
3304 if (base_fsp) {
3305 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3306 goto fail;
3307 }
3308
3309 /*
3310 * Fail the open if it was explicitly a non-directory
3311 * file.
3312 */
3313
3314 if (create_options & FILE_NON_DIRECTORY_FILE) {
3315 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3316 goto fail;
3317 }
3318
3319 oplock_request = 0;
3320 status = open_directory(
3321 conn, req, smb_fname, access_mask,
3322 share_access, create_disposition,
3323 create_options, file_attributes,
3324 &info, &fsp);
3325 }
3326 }
3327
3328 if (!NT_STATUS_IS_OK(status)) {
3329 goto fail;
3330 }
3331
3332 fsp->base_fsp = base_fsp;
3333
3334 /*
3335 * According to the MS documentation, the only time the security
3336 * descriptor is applied to the opened file is iff we *created* the
3337 * file; an existing file stays the same.
3338 *
3339 * Also, it seems (from observation) that you can open the file with
3340 * any access mask but you can still write the sd. We need to override
3341 * the granted access before we call set_sd
3342 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3343 */
3344
3345 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3346 && lp_nt_acl_support(SNUM(conn))) {
3347
3348 uint32_t sec_info_sent;
3349 uint32_t saved_access_mask = fsp->access_mask;
3350
3351 sec_info_sent = get_sec_info(sd);
3352
3353 fsp->access_mask = FILE_GENERIC_ALL;
3354
3355 /* Convert all the generic bits. */
3356 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3357 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3358
3359 if (sec_info_sent & (SECINFO_OWNER|
3360 SECINFO_GROUP|
3361 SECINFO_DACL|
3362 SECINFO_SACL)) {
3363 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3364 }
3365
3366 fsp->access_mask = saved_access_mask;
3367
3368 if (!NT_STATUS_IS_OK(status)) {
3369 goto fail;
3370 }
3371 }
3372
3373 if ((ea_list != NULL) &&
3374 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
3375 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
3376 if (!NT_STATUS_IS_OK(status)) {
3377 goto fail;
3378 }
3379 }
3380
3381 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
3382 status = NT_STATUS_ACCESS_DENIED;
3383 goto fail;
3384 }
3385
3386 /* Save the requested allocation size. */
3387 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3388 if (allocation_size
3389 && (allocation_size > fsp->fsp_name->st.st_ex_size)) {
3390 fsp->initial_allocation_size = smb_roundup(
3391 fsp->conn, allocation_size);
3392 if (fsp->is_directory) {
3393 /* Can't set allocation size on a directory. */
3394 status = NT_STATUS_ACCESS_DENIED;
3395 goto fail;
3396 }
3397 if (vfs_allocate_file_space(
3398 fsp, fsp->initial_allocation_size) == -1) {
3399 status = NT_STATUS_DISK_FULL;
3400 goto fail;
3401 }
3402 } else {
3403 fsp->initial_allocation_size = smb_roundup(
3404 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
3405 }
3406 }
3407
3408 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3409
3410 *result = fsp;
3411 if (pinfo != NULL) {
3412 *pinfo = info;
3413 }
3414
3415 smb_fname->st = fsp->fsp_name->st;
3416
3417 return NT_STATUS_OK;
3418
3419 fail:
3420 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3421
3422 if (fsp != NULL) {
3423 if (base_fsp && fsp->base_fsp == base_fsp) {
3424 /*
3425 * The close_file below will close
3426 * fsp->base_fsp.
3427 */
3428 base_fsp = NULL;
3429 }
3430 close_file(req, fsp, ERROR_CLOSE);
3431 fsp = NULL;
3432 }
3433 if (base_fsp != NULL) {
3434 close_file(req, base_fsp, ERROR_CLOSE);
3435 base_fsp = NULL;
3436 }
3437 return status;
3438 }
3439
3440 /*
3441 * Calculate the full path name given a relative fid.
3442 */
3443 NTSTATUS get_relative_fid_filename(connection_struct *conn,
3444 struct smb_request *req,
3445 uint16_t root_dir_fid,
3446 const struct smb_filename *smb_fname,
3447 struct smb_filename **smb_fname_out)
3448 {
3449 files_struct *dir_fsp;
3450 char *parent_fname = NULL;
3451 char *new_base_name = NULL;
3452 NTSTATUS status;
3453
3454 if (root_dir_fid == 0 || !smb_fname) {
3455 status = NT_STATUS_INTERNAL_ERROR;
3456 goto out;
3457 }
3458
3459 dir_fsp = file_fsp(req, root_dir_fid);
3460
3461 if (dir_fsp == NULL) {
3462 status = NT_STATUS_INVALID_HANDLE;
3463 goto out;
3464 }
3465
3466 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
3467 status = NT_STATUS_INVALID_HANDLE;
3468 goto out;
3469 }
3470
3471 if (!dir_fsp->is_directory) {
3472
3473 /*
3474 * Check to see if this is a mac fork of some kind.
3475 */
3476
3477 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3478 is_ntfs_stream_smb_fname(smb_fname)) {
3479 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3480 goto out;
3481 }
3482
3483 /*
3484 we need to handle the case when we get a
3485 relative open relative to a file and the
3486 pathname is blank - this is a reopen!
3487 (hint from demyn plantenberg)
3488 */
3489
3490 status = NT_STATUS_INVALID_HANDLE;
3491 goto out;
3492 }
3493
3494 if (ISDOT(dir_fsp->fsp_name->base_name)) {
3495 /*
3496 * We're at the toplevel dir, the final file name
3497 * must not contain ./, as this is filtered out
3498 * normally by srvstr_get_path and unix_convert
3499 * explicitly rejects paths containing ./.
3500 */
3501 parent_fname = talloc_strdup(talloc_tos(), "");
3502 if (parent_fname == NULL) {
3503 status = NT_STATUS_NO_MEMORY;
3504 goto out;
3505 }
3506 } else {
3507 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
3508
3509 /*
3510 * Copy in the base directory name.
3511 */
3512
3513 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3514 dir_name_len+2);
3515 if (parent_fname == NULL) {
3516 status = NT_STATUS_NO_MEMORY;
3517 goto out;
3518 }
3519 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
3520 dir_name_len+1);
3521
3522 /*
3523 * Ensure it ends in a '/'.
3524 * We used TALLOC_SIZE +2 to add space for the '/'.
3525 */
3526
3527 if(dir_name_len
3528 && (parent_fname[dir_name_len-1] != '\\')
3529 && (parent_fname[dir_name_len-1] != '/')) {
3530 parent_fname[dir_name_len] = '/';
3531 parent_fname[dir_name_len+1] = '\0';
3532 }
3533 }
3534
3535 new_base_name = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3536 smb_fname->base_name);
3537 if (new_base_name == NULL) {
3538 status = NT_STATUS_NO_MEMORY;
3539 goto out;
3540 }
3541
3542 status = filename_convert(req,
3543 conn,
3544 req->flags2 & FLAGS2_DFS_PATHNAMES,
3545 new_base_name,
3546 0,
3547 NULL,
3548 smb_fname_out);
3549 if (!NT_STATUS_IS_OK(status)) {
3550 goto out;
3551 }
3552
3553 out:
3554 TALLOC_FREE(parent_fname);
3555 TALLOC_FREE(new_base_name);
3556 return status;
3557 }
3558
3559 NTSTATUS create_file_default(connection_struct *conn,
3560 struct smb_request *req,
3561 uint16_t root_dir_fid,
3562 struct smb_filename *smb_fname,
3563 uint32_t access_mask,
3564 uint32_t share_access,
3565 uint32_t create_disposition,
3566 uint32_t create_options,
3567 uint32_t file_attributes,
3568 uint32_t oplock_request,
3569 uint64_t allocation_size,
3570 uint32_t private_flags,
3571 struct security_descriptor *sd,
3572 struct ea_list *ea_list,
3573 files_struct **result,
3574 int *pinfo)
3575 {
3576 int info = FILE_WAS_OPENED;
3577 files_struct *fsp = NULL;
3578 NTSTATUS status;
3579 bool stream_name = false;
3580
3581 DEBUG(10,("create_file: access_mask = 0x%x "
3582 "file_attributes = 0x%x, share_access = 0x%x, "
3583 "create_disposition = 0x%x create_options = 0x%x "
3584 "oplock_request = 0x%x "
3585 "private_flags = 0x%x "
3586 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3587 "fname = %s\n",
3588 (unsigned int)access_mask,
3589 (unsigned int)file_attributes,
3590 (unsigned int)share_access,
3591 (unsigned int)create_disposition,
3592 (unsigned int)create_options,
3593 (unsigned int)oplock_request,
3594 (unsigned int)private_flags,
3595 (unsigned int)root_dir_fid,
3596 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3597
3598 /*
3599 * Calculate the filename from the root_dir_if if necessary.
3600 */
3601
3602 if (root_dir_fid != 0) {
3603 struct smb_filename *smb_fname_out = NULL;
3604 status = get_relative_fid_filename(conn, req, root_dir_fid,
3605 smb_fname, &smb_fname_out);
3606 if (!NT_STATUS_IS_OK(status)) {
3607 goto fail;
3608 }
3609 smb_fname = smb_fname_out;
3610 }
3611
3612 /*
3613 * Check to see if this is a mac fork of some kind.
3614 */
3615
3616 stream_name = is_ntfs_stream_smb_fname(smb_fname);
3617 if (stream_name) {
3618 enum FAKE_FILE_TYPE fake_file_type;
3619
3620 fake_file_type = is_fake_file(smb_fname);
3621
3622 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3623
3624 /*
3625 * Here we go! support for changing the disk quotas
3626 * --metze
3627 *
3628 * We need to fake up to open this MAGIC QUOTA file
3629 * and return a valid FID.
3630 *
3631 * w2k close this file directly after openening xp
3632 * also tries a QUERY_FILE_INFO on the file and then
3633 * close it
3634 */
3635 status = open_fake_file(req, conn, req->vuid,
3636 fake_file_type, smb_fname,
3637 access_mask, &fsp);
3638 if (!NT_STATUS_IS_OK(status)) {
3639 goto fail;
3640 }
3641
3642 ZERO_STRUCT(smb_fname->st);
3643 goto done;
3644 }
3645
3646 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3647 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3648 goto fail;
3649 }
3650 }
3651
3652 /* All file access must go through check_name() */
3653
3654 status = check_name(conn, smb_fname->base_name);
3655 if (!NT_STATUS_IS_OK(status)) {
3656 goto fail;
3657 }
3658
3659 if (stream_name && is_ntfs_default_stream_smb_fname(smb_fname)) {
3660 int ret;
3661 smb_fname->stream_name = NULL;
3662 /* We have to handle this error here. */
3663 if (create_options & FILE_DIRECTORY_FILE) {
3664 status = NT_STATUS_NOT_A_DIRECTORY;
3665 goto fail;
3666 }
3667 if (lp_posix_pathnames()) {
3668 ret = SMB_VFS_LSTAT(conn, smb_fname);
3669 } else {
3670 ret = SMB_VFS_STAT(conn, smb_fname);
3671 }
3672
3673 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) {
3674 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3675 goto fail;
3676 }
3677 }
3678
3679 status = create_file_unixpath(
3680 conn, req, smb_fname, access_mask, share_access,
3681 create_disposition, create_options, file_attributes,
3682 oplock_request, allocation_size, private_flags,
3683 sd, ea_list,
3684 &fsp, &info);
3685
3686 if (!NT_STATUS_IS_OK(status)) {
3687 goto fail;
3688 }
3689
3690 done:
3691 DEBUG(10, ("create_file: info=%d\n", info));
3692
3693 *result = fsp;
3694 if (pinfo != NULL) {
3695 *pinfo = info;
3696 }
3697 return NT_STATUS_OK;
3698
3699 fail:
3700 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3701
3702 if (fsp != NULL) {
3703 close_file(req, fsp, ERROR_CLOSE);
3704 fsp = NULL;
3705 }
3706 return status;
3707 }
Samba GIT mirror