2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/filesys.h"
25 #include "smbd/smbd.h"
26 #include "smbd/globals.h"
27 #include "fake_file.h"
28 #include "../libcli/security/security.h"
29 #include "../librpc/gen_ndr/ndr_security.h"
33 extern const struct generic_mapping file_generic_mapping
;
35 struct deferred_open_record
{
36 bool delayed_for_oplocks
;
40 /****************************************************************************
41 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
42 ****************************************************************************/
44 NTSTATUS
smb1_file_se_access_check(struct connection_struct
*conn
,
45 const struct security_descriptor
*sd
,
46 const struct security_token
*token
,
47 uint32_t access_desired
,
48 uint32_t *access_granted
)
52 if (get_current_uid(conn
) == (uid_t
)0) {
53 /* I'm sorry sir, I didn't know you were root... */
54 *access_granted
= access_desired
;
55 if (access_desired
& SEC_FLAG_MAXIMUM_ALLOWED
) {
56 *access_granted
|= FILE_GENERIC_ALL
;
61 return se_access_check(sd
,
63 (access_desired
& ~FILE_READ_ATTRIBUTES
),
67 /****************************************************************************
68 Check if we have open rights.
69 ****************************************************************************/
71 NTSTATUS
smbd_check_open_rights(struct connection_struct
*conn
,
72 const struct smb_filename
*smb_fname
,
74 uint32_t *access_granted
)
76 /* Check if we have rights to open. */
78 struct security_descriptor
*sd
= NULL
;
79 uint32_t rejected_share_access
;
81 rejected_share_access
= access_mask
& ~(conn
->share_access
);
83 if (rejected_share_access
) {
84 *access_granted
= rejected_share_access
;
85 return NT_STATUS_ACCESS_DENIED
;
88 if ((access_mask
& DELETE_ACCESS
) && !lp_acl_check_permissions(SNUM(conn
))) {
89 *access_granted
= access_mask
;
91 DEBUG(10,("smbd_check_open_rights: not checking ACL "
92 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
93 smb_fname_str_dbg(smb_fname
),
94 (unsigned int)*access_granted
));
98 status
= SMB_VFS_GET_NT_ACL(conn
, smb_fname
->base_name
,
103 if (!NT_STATUS_IS_OK(status
)) {
104 DEBUG(10, ("smbd_check_open_rights: Could not get acl "
106 smb_fname_str_dbg(smb_fname
),
111 status
= smb1_file_se_access_check(conn
,
113 get_current_nttok(conn
),
117 DEBUG(10,("smbd_check_open_rights: file %s requesting "
118 "0x%x returning 0x%x (%s)\n",
119 smb_fname_str_dbg(smb_fname
),
120 (unsigned int)access_mask
,
121 (unsigned int)*access_granted
,
122 nt_errstr(status
) ));
124 if (!NT_STATUS_IS_OK(status
)) {
125 if (DEBUGLEVEL
>= 10) {
126 DEBUG(10,("smbd_check_open_rights: acl for %s is:\n",
127 smb_fname_str_dbg(smb_fname
) ));
128 NDR_PRINT_DEBUG(security_descriptor
, sd
);
137 /****************************************************************************
138 fd support routines - attempt to do a dos_open.
139 ****************************************************************************/
141 static NTSTATUS
fd_open(struct connection_struct
*conn
,
146 struct smb_filename
*smb_fname
= fsp
->fsp_name
;
147 NTSTATUS status
= NT_STATUS_OK
;
151 * Never follow symlinks on a POSIX client. The
152 * client should be doing this.
155 if (fsp
->posix_open
|| !lp_symlinks(SNUM(conn
))) {
160 fsp
->fh
->fd
= SMB_VFS_OPEN(conn
, smb_fname
, fsp
, flags
, mode
);
161 if (fsp
->fh
->fd
== -1) {
162 status
= map_nt_error_from_unix(errno
);
163 if (errno
== EMFILE
) {
164 static time_t last_warned
= 0L;
166 if (time((time_t *) NULL
) > last_warned
) {
167 DEBUG(0,("Too many open files, unable "
168 "to open more! smbd's max "
170 lp_max_open_files()));
171 last_warned
= time((time_t *) NULL
);
177 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
178 smb_fname_str_dbg(smb_fname
), flags
, (int)mode
, fsp
->fh
->fd
,
179 (fsp
->fh
->fd
== -1) ? strerror(errno
) : "" ));
184 /****************************************************************************
185 Close the file associated with a fsp.
186 ****************************************************************************/
188 NTSTATUS
fd_close(files_struct
*fsp
)
195 if (fsp
->fh
->fd
== -1) {
196 return NT_STATUS_OK
; /* What we used to call a stat open. */
198 if (fsp
->fh
->ref_count
> 1) {
199 return NT_STATUS_OK
; /* Shared handle. Only close last reference. */
202 ret
= SMB_VFS_CLOSE(fsp
);
205 return map_nt_error_from_unix(errno
);
210 /****************************************************************************
211 Change the ownership of a file to that of the parent directory.
212 Do this by fd if possible.
213 ****************************************************************************/
215 void change_file_owner_to_parent(connection_struct
*conn
,
216 const char *inherit_from_dir
,
219 struct smb_filename
*smb_fname_parent
= NULL
;
223 status
= create_synthetic_smb_fname(talloc_tos(), inherit_from_dir
,
224 NULL
, NULL
, &smb_fname_parent
);
225 if (!NT_STATUS_IS_OK(status
)) {
229 ret
= SMB_VFS_STAT(conn
, smb_fname_parent
);
231 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
232 "directory %s. Error was %s\n",
233 smb_fname_str_dbg(smb_fname_parent
),
235 TALLOC_FREE(smb_fname_parent
);
239 if (smb_fname_parent
->st
.st_ex_uid
== fsp
->fsp_name
->st
.st_ex_uid
) {
240 /* Already this uid - no need to change. */
241 DEBUG(10,("change_file_owner_to_parent: file %s "
242 "is already owned by uid %d\n",
244 (int)fsp
->fsp_name
->st
.st_ex_uid
));
245 TALLOC_FREE(smb_fname_parent
);
250 ret
= SMB_VFS_FCHOWN(fsp
, smb_fname_parent
->st
.st_ex_uid
, (gid_t
)-1);
253 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
254 "file %s to parent directory uid %u. Error "
255 "was %s\n", fsp_str_dbg(fsp
),
256 (unsigned int)smb_fname_parent
->st
.st_ex_uid
,
259 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
260 "parent directory uid %u.\n", fsp_str_dbg(fsp
),
261 (unsigned int)smb_fname_parent
->st
.st_ex_uid
));
262 /* Ensure the uid entry is updated. */
263 fsp
->fsp_name
->st
.st_ex_uid
= smb_fname_parent
->st
.st_ex_uid
;
266 TALLOC_FREE(smb_fname_parent
);
269 NTSTATUS
change_dir_owner_to_parent(connection_struct
*conn
,
270 const char *inherit_from_dir
,
272 SMB_STRUCT_STAT
*psbuf
)
274 struct smb_filename
*smb_fname_parent
= NULL
;
275 struct smb_filename
*smb_fname_cwd
= NULL
;
276 char *saved_dir
= NULL
;
277 TALLOC_CTX
*ctx
= talloc_tos();
278 NTSTATUS status
= NT_STATUS_OK
;
281 status
= create_synthetic_smb_fname(ctx
, inherit_from_dir
, NULL
, NULL
,
283 if (!NT_STATUS_IS_OK(status
)) {
287 ret
= SMB_VFS_STAT(conn
, smb_fname_parent
);
289 status
= map_nt_error_from_unix(errno
);
290 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
291 "directory %s. Error was %s\n",
292 smb_fname_str_dbg(smb_fname_parent
),
297 /* We've already done an lstat into psbuf, and we know it's a
298 directory. If we can cd into the directory and the dev/ino
299 are the same then we can safely chown without races as
300 we're locking the directory in place by being in it. This
301 should work on any UNIX (thanks tridge :-). JRA.
304 saved_dir
= vfs_GetWd(ctx
,conn
);
306 status
= map_nt_error_from_unix(errno
);
307 DEBUG(0,("change_dir_owner_to_parent: failed to get "
308 "current working directory. Error was %s\n",
313 /* Chdir into the new path. */
314 if (vfs_ChDir(conn
, fname
) == -1) {
315 status
= map_nt_error_from_unix(errno
);
316 DEBUG(0,("change_dir_owner_to_parent: failed to change "
317 "current working directory to %s. Error "
318 "was %s\n", fname
, strerror(errno
) ));
322 status
= create_synthetic_smb_fname(ctx
, ".", NULL
, NULL
,
324 if (!NT_STATUS_IS_OK(status
)) {
328 ret
= SMB_VFS_STAT(conn
, smb_fname_cwd
);
330 status
= map_nt_error_from_unix(errno
);
331 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
332 "directory '.' (%s) Error was %s\n",
333 fname
, strerror(errno
)));
337 /* Ensure we're pointing at the same place. */
338 if (smb_fname_cwd
->st
.st_ex_dev
!= psbuf
->st_ex_dev
||
339 smb_fname_cwd
->st
.st_ex_ino
!= psbuf
->st_ex_ino
) {
340 DEBUG(0,("change_dir_owner_to_parent: "
341 "device/inode on directory %s changed. "
342 "Refusing to chown !\n", fname
));
343 status
= NT_STATUS_ACCESS_DENIED
;
347 if (smb_fname_parent
->st
.st_ex_uid
== smb_fname_cwd
->st
.st_ex_uid
) {
348 /* Already this uid - no need to change. */
349 DEBUG(10,("change_dir_owner_to_parent: directory %s "
350 "is already owned by uid %d\n",
352 (int)smb_fname_cwd
->st
.st_ex_uid
));
353 status
= NT_STATUS_OK
;
358 ret
= SMB_VFS_LCHOWN(conn
, ".", smb_fname_parent
->st
.st_ex_uid
,
362 status
= map_nt_error_from_unix(errno
);
363 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
364 "directory %s to parent directory uid %u. "
365 "Error was %s\n", fname
,
366 (unsigned int)smb_fname_parent
->st
.st_ex_uid
,
371 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
372 "directory %s to parent directory uid %u.\n",
373 fname
, (unsigned int)smb_fname_parent
->st
.st_ex_uid
));
376 vfs_ChDir(conn
,saved_dir
);
378 TALLOC_FREE(smb_fname_parent
);
379 TALLOC_FREE(smb_fname_cwd
);
383 /****************************************************************************
385 ****************************************************************************/
387 static NTSTATUS
open_file(files_struct
*fsp
,
388 connection_struct
*conn
,
389 struct smb_request
*req
,
390 const char *parent_dir
,
393 uint32 access_mask
, /* client requested access mask. */
394 uint32 open_access_mask
) /* what we're actually using in the open. */
396 struct smb_filename
*smb_fname
= fsp
->fsp_name
;
397 NTSTATUS status
= NT_STATUS_OK
;
398 int accmode
= (flags
& O_ACCMODE
);
399 int local_flags
= flags
;
400 bool file_existed
= VALID_STAT(fsp
->fsp_name
->st
);
401 bool file_created
= false;
406 /* Check permissions */
409 * This code was changed after seeing a client open request
410 * containing the open mode of (DENY_WRITE/read-only) with
411 * the 'create if not exist' bit set. The previous code
412 * would fail to open the file read only on a read-only share
413 * as it was checking the flags parameter directly against O_RDONLY,
414 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
418 if (!CAN_WRITE(conn
)) {
419 /* It's a read-only share - fail if we wanted to write. */
420 if(accmode
!= O_RDONLY
|| (flags
& O_TRUNC
) || (flags
& O_APPEND
)) {
421 DEBUG(3,("Permission denied opening %s\n",
422 smb_fname_str_dbg(smb_fname
)));
423 return NT_STATUS_ACCESS_DENIED
;
424 } else if(flags
& O_CREAT
) {
425 /* We don't want to write - but we must make sure that
426 O_CREAT doesn't create the file if we have write
427 access into the directory.
429 flags
&= ~(O_CREAT
|O_EXCL
);
430 local_flags
&= ~(O_CREAT
|O_EXCL
);
435 * This little piece of insanity is inspired by the
436 * fact that an NT client can open a file for O_RDONLY,
437 * but set the create disposition to FILE_EXISTS_TRUNCATE.
438 * If the client *can* write to the file, then it expects to
439 * truncate the file, even though it is opening for readonly.
440 * Quicken uses this stupid trick in backup file creation...
441 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
442 * for helping track this one down. It didn't bite us in 2.0.x
443 * as we always opened files read-write in that release. JRA.
446 if ((accmode
== O_RDONLY
) && ((flags
& O_TRUNC
) == O_TRUNC
)) {
447 DEBUG(10,("open_file: truncate requested on read-only open "
448 "for file %s\n", smb_fname_str_dbg(smb_fname
)));
449 local_flags
= (flags
& ~O_ACCMODE
)|O_RDWR
;
452 if ((open_access_mask
& (FILE_READ_DATA
|FILE_WRITE_DATA
|FILE_APPEND_DATA
|FILE_EXECUTE
)) ||
453 (!file_existed
&& (local_flags
& O_CREAT
)) ||
454 ((local_flags
& O_TRUNC
) == O_TRUNC
) ) {
458 * We can't actually truncate here as the file may be locked.
459 * open_file_ntcreate will take care of the truncate later. JRA.
462 local_flags
&= ~O_TRUNC
;
464 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
466 * We would block on opening a FIFO with no one else on the
467 * other end. Do what we used to do and add O_NONBLOCK to the
471 if (file_existed
&& S_ISFIFO(smb_fname
->st
.st_ex_mode
)) {
472 local_flags
|= O_NONBLOCK
;
476 /* Don't create files with Microsoft wildcard characters. */
479 * wildcard characters are allowed in stream names
480 * only test the basefilename
482 wild
= fsp
->base_fsp
->fsp_name
->base_name
;
484 wild
= smb_fname
->base_name
;
486 if ((local_flags
& O_CREAT
) && !file_existed
&&
488 return NT_STATUS_OBJECT_NAME_INVALID
;
491 /* Actually do the open */
492 status
= fd_open(conn
, fsp
, local_flags
, unx_mode
);
493 if (!NT_STATUS_IS_OK(status
)) {
494 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
495 "(flags=%d)\n", smb_fname_str_dbg(smb_fname
),
496 nt_errstr(status
),local_flags
,flags
));
500 if ((local_flags
& O_CREAT
) && !file_existed
) {
505 fsp
->fh
->fd
= -1; /* What we used to call a stat open. */
507 uint32_t access_granted
= 0;
509 status
= smbd_check_open_rights(conn
,
513 if (!NT_STATUS_IS_OK(status
)) {
514 if (NT_STATUS_EQUAL(status
, NT_STATUS_ACCESS_DENIED
)) {
516 * On NT_STATUS_ACCESS_DENIED, access_granted
517 * contains the denied bits.
520 if ((access_mask
& FILE_WRITE_ATTRIBUTES
) &&
521 (access_granted
& FILE_WRITE_ATTRIBUTES
) &&
522 (lp_map_readonly(SNUM(conn
)) ||
523 lp_map_archive(SNUM(conn
)) ||
524 lp_map_hidden(SNUM(conn
)) ||
525 lp_map_system(SNUM(conn
)))) {
526 access_granted
&= ~FILE_WRITE_ATTRIBUTES
;
528 DEBUG(10,("open_file: "
537 if ((access_mask
& DELETE_ACCESS
) &&
538 (access_granted
& DELETE_ACCESS
) &&
539 can_delete_file_in_directory(conn
,
541 /* Were we trying to do a stat open
542 * for delete and didn't get DELETE
543 * access (only) ? Check if the
544 * directory allows DELETE_CHILD.
546 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
549 access_granted
&= ~DELETE_ACCESS
;
551 DEBUG(10,("open_file: "
559 if (access_granted
!= 0) {
560 DEBUG(10,("open_file: Access "
567 } else if (NT_STATUS_EQUAL(status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
) &&
569 S_ISLNK(smb_fname
->st
.st_ex_mode
)) {
570 /* This is a POSIX stat open for delete
571 * or rename on a symlink that points
573 DEBUG(10,("open_file: allowing POSIX "
574 "open on bad symlink %s\n",
578 DEBUG(10,("open_file: "
579 "smbd_check_open_rights on file "
581 smb_fname_str_dbg(smb_fname
),
582 nt_errstr(status
) ));
592 if (fsp
->fh
->fd
== -1) {
593 ret
= SMB_VFS_STAT(conn
, smb_fname
);
595 ret
= SMB_VFS_FSTAT(fsp
, &smb_fname
->st
);
596 /* If we have an fd, this stat should succeed. */
598 DEBUG(0,("Error doing fstat on open file %s "
600 smb_fname_str_dbg(smb_fname
),
605 /* For a non-io open, this stat failing means file not found. JRA */
607 status
= map_nt_error_from_unix(errno
);
613 bool need_re_stat
= false;
614 /* Do all inheritance work after we've
615 done a successful stat call and filled
616 in the stat struct in fsp->fsp_name. */
618 /* Inherit the ACL if required */
619 if (lp_inherit_perms(SNUM(conn
))) {
620 inherit_access_posix_acl(conn
, parent_dir
,
621 smb_fname
->base_name
,
626 /* Change the owner if required. */
627 if (lp_inherit_owner(SNUM(conn
))) {
628 change_file_owner_to_parent(conn
, parent_dir
,
634 if (fsp
->fh
->fd
== -1) {
635 ret
= SMB_VFS_STAT(conn
, smb_fname
);
637 ret
= SMB_VFS_FSTAT(fsp
, &smb_fname
->st
);
638 /* If we have an fd, this stat should succeed. */
640 DEBUG(0,("Error doing fstat on open file %s "
642 smb_fname_str_dbg(smb_fname
),
648 notify_fname(conn
, NOTIFY_ACTION_ADDED
,
649 FILE_NOTIFY_CHANGE_FILE_NAME
,
650 smb_fname
->base_name
);
655 * POSIX allows read-only opens of directories. We don't
656 * want to do this (we use a different code path for this)
657 * so catch a directory open and return an EISDIR. JRA.
660 if(S_ISDIR(smb_fname
->st
.st_ex_mode
)) {
663 return NT_STATUS_FILE_IS_A_DIRECTORY
;
666 fsp
->mode
= smb_fname
->st
.st_ex_mode
;
667 fsp
->file_id
= vfs_file_id_from_sbuf(conn
, &smb_fname
->st
);
668 fsp
->vuid
= req
? req
->vuid
: UID_FIELD_INVALID
;
669 fsp
->file_pid
= req
? req
->smbpid
: 0;
670 fsp
->can_lock
= True
;
671 fsp
->can_read
= (access_mask
& (FILE_READ_DATA
)) ? True
: False
;
672 if (!CAN_WRITE(conn
)) {
673 fsp
->can_write
= False
;
675 fsp
->can_write
= (access_mask
& (FILE_WRITE_DATA
| FILE_APPEND_DATA
)) ?
678 fsp
->print_file
= NULL
;
679 fsp
->modified
= False
;
680 fsp
->sent_oplock_break
= NO_BREAK_SENT
;
681 fsp
->is_directory
= False
;
682 if (conn
->aio_write_behind_list
&&
683 is_in_path(smb_fname
->base_name
, conn
->aio_write_behind_list
,
684 conn
->case_sensitive
)) {
685 fsp
->aio_write_behind
= True
;
688 fsp
->wcp
= NULL
; /* Write cache pointer. */
690 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
691 conn
->session_info
->unix_name
,
692 smb_fname_str_dbg(smb_fname
),
693 BOOLSTR(fsp
->can_read
), BOOLSTR(fsp
->can_write
),
694 conn
->num_files_open
));
700 /****************************************************************************
701 Check if we can open a file with a share mode.
702 Returns True if conflict, False if not.
703 ****************************************************************************/
705 static bool share_conflict(struct share_mode_entry
*entry
,
709 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
710 "entry->share_access = 0x%x, "
711 "entry->private_options = 0x%x\n",
712 (unsigned int)entry
->access_mask
,
713 (unsigned int)entry
->share_access
,
714 (unsigned int)entry
->private_options
));
716 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
717 (unsigned int)access_mask
, (unsigned int)share_access
));
719 if ((entry
->access_mask
& (FILE_WRITE_DATA
|
723 DELETE_ACCESS
)) == 0) {
724 DEBUG(10,("share_conflict: No conflict due to "
725 "entry->access_mask = 0x%x\n",
726 (unsigned int)entry
->access_mask
));
730 if ((access_mask
& (FILE_WRITE_DATA
|
734 DELETE_ACCESS
)) == 0) {
735 DEBUG(10,("share_conflict: No conflict due to "
736 "access_mask = 0x%x\n",
737 (unsigned int)access_mask
));
741 #if 1 /* JRA TEST - Superdebug. */
742 #define CHECK_MASK(num, am, right, sa, share) \
743 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
744 (unsigned int)(num), (unsigned int)(am), \
745 (unsigned int)(right), (unsigned int)(am)&(right) )); \
746 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
747 (unsigned int)(num), (unsigned int)(sa), \
748 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
749 if (((am) & (right)) && !((sa) & (share))) { \
750 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
751 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
752 (unsigned int)(share) )); \
756 #define CHECK_MASK(num, am, right, sa, share) \
757 if (((am) & (right)) && !((sa) & (share))) { \
758 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
759 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
760 (unsigned int)(share) )); \
765 CHECK_MASK(1, entry
->access_mask
, FILE_WRITE_DATA
| FILE_APPEND_DATA
,
766 share_access
, FILE_SHARE_WRITE
);
767 CHECK_MASK(2, access_mask
, FILE_WRITE_DATA
| FILE_APPEND_DATA
,
768 entry
->share_access
, FILE_SHARE_WRITE
);
770 CHECK_MASK(3, entry
->access_mask
, FILE_READ_DATA
| FILE_EXECUTE
,
771 share_access
, FILE_SHARE_READ
);
772 CHECK_MASK(4, access_mask
, FILE_READ_DATA
| FILE_EXECUTE
,
773 entry
->share_access
, FILE_SHARE_READ
);
775 CHECK_MASK(5, entry
->access_mask
, DELETE_ACCESS
,
776 share_access
, FILE_SHARE_DELETE
);
777 CHECK_MASK(6, access_mask
, DELETE_ACCESS
,
778 entry
->share_access
, FILE_SHARE_DELETE
);
780 DEBUG(10,("share_conflict: No conflict.\n"));
784 #if defined(DEVELOPER)
785 static void validate_my_share_entries(struct smbd_server_connection
*sconn
,
787 struct share_mode_entry
*share_entry
)
791 if (!procid_is_me(&share_entry
->pid
)) {
795 if (is_deferred_open_entry(share_entry
) &&
796 !open_was_deferred(share_entry
->op_mid
)) {
797 char *str
= talloc_asprintf(talloc_tos(),
798 "Got a deferred entry without a request: "
800 share_mode_str(talloc_tos(), num
, share_entry
));
804 if (!is_valid_share_mode_entry(share_entry
)) {
808 fsp
= file_find_dif(sconn
, share_entry
->id
,
809 share_entry
->share_file_id
);
811 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
812 share_mode_str(talloc_tos(), num
, share_entry
) ));
813 smb_panic("validate_my_share_entries: Cannot match a "
814 "share entry with an open file\n");
817 if (is_deferred_open_entry(share_entry
) ||
818 is_unused_share_mode_entry(share_entry
)) {
822 if ((share_entry
->op_type
== NO_OPLOCK
) &&
823 (fsp
->oplock_type
== FAKE_LEVEL_II_OPLOCK
)) {
824 /* Someone has already written to it, but I haven't yet
829 if (((uint16
)fsp
->oplock_type
) != share_entry
->op_type
) {
838 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
839 share_mode_str(talloc_tos(), num
, share_entry
) ));
840 str
= talloc_asprintf(talloc_tos(),
841 "validate_my_share_entries: "
842 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
843 fsp
->fsp_name
->base_name
,
844 (unsigned int)fsp
->oplock_type
,
845 (unsigned int)share_entry
->op_type
);
851 bool is_stat_open(uint32 access_mask
)
853 return (access_mask
&&
854 ((access_mask
& ~(SYNCHRONIZE_ACCESS
| FILE_READ_ATTRIBUTES
|
855 FILE_WRITE_ATTRIBUTES
))==0) &&
856 ((access_mask
& (SYNCHRONIZE_ACCESS
|FILE_READ_ATTRIBUTES
|
857 FILE_WRITE_ATTRIBUTES
)) != 0));
860 /****************************************************************************
861 Deal with share modes
862 Invarient: Share mode must be locked on entry and exit.
863 Returns -1 on error, or number of share modes on success (may be zero).
864 ****************************************************************************/
866 static NTSTATUS
open_mode_check(connection_struct
*conn
,
867 struct share_mode_lock
*lck
,
871 uint32 create_options
,
876 if(lck
->num_share_modes
== 0) {
880 *file_existed
= True
;
882 /* A delete on close prohibits everything */
884 if (is_delete_on_close_set(lck
, name_hash
)) {
885 return NT_STATUS_DELETE_PENDING
;
888 if (is_stat_open(access_mask
)) {
889 /* Stat open that doesn't trigger oplock breaks or share mode
890 * checks... ! JRA. */
895 * Check if the share modes will give us access.
898 #if defined(DEVELOPER)
899 for(i
= 0; i
< lck
->num_share_modes
; i
++) {
900 validate_my_share_entries(conn
->sconn
, i
,
901 &lck
->share_modes
[i
]);
905 if (!lp_share_modes(SNUM(conn
))) {
909 /* Now we check the share modes, after any oplock breaks. */
910 for(i
= 0; i
< lck
->num_share_modes
; i
++) {
912 if (!is_valid_share_mode_entry(&lck
->share_modes
[i
])) {
916 /* someone else has a share lock on it, check to see if we can
918 if (share_conflict(&lck
->share_modes
[i
],
919 access_mask
, share_access
)) {
920 return NT_STATUS_SHARING_VIOLATION
;
927 static bool is_delete_request(files_struct
*fsp
) {
928 return ((fsp
->access_mask
== DELETE_ACCESS
) &&
929 (fsp
->oplock_type
== NO_OPLOCK
));
933 * Send a break message to the oplock holder and delay the open for
937 static NTSTATUS
send_break_message(files_struct
*fsp
,
938 struct share_mode_entry
*exclusive
,
943 char msg
[MSG_SMB_SHARE_MODE_ENTRY_SIZE
];
945 DEBUG(10, ("Sending break request to PID %s\n",
946 procid_str_static(&exclusive
->pid
)));
947 exclusive
->op_mid
= mid
;
949 /* Create the message. */
950 share_mode_entry_to_message(msg
, exclusive
);
952 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
953 don't want this set in the share mode struct pointed to by lck. */
955 if (oplock_request
& FORCE_OPLOCK_BREAK_TO_NONE
) {
956 SSVAL(msg
,OP_BREAK_MSG_OP_TYPE_OFFSET
,
957 exclusive
->op_type
| FORCE_OPLOCK_BREAK_TO_NONE
);
960 status
= messaging_send_buf(fsp
->conn
->sconn
->msg_ctx
, exclusive
->pid
,
961 MSG_SMB_BREAK_REQUEST
,
963 MSG_SMB_SHARE_MODE_ENTRY_SIZE
);
964 if (!NT_STATUS_IS_OK(status
)) {
965 DEBUG(3, ("Could not send oplock break message: %s\n",
973 * Return share_mode_entry pointers for :
974 * 1). Batch oplock entry.
975 * 2). Batch or exclusive oplock entry (may be identical to #1).
976 * bool have_level2_oplock
977 * bool have_no_oplock.
978 * Do internal consistency checks on the share mode for a file.
981 static void find_oplock_types(files_struct
*fsp
,
983 struct share_mode_lock
*lck
,
984 struct share_mode_entry
**pp_batch
,
985 struct share_mode_entry
**pp_ex_or_batch
,
992 *pp_ex_or_batch
= NULL
;
994 *got_no_oplock
= false;
996 /* Ignore stat or internal opens, as is done in
997 delay_for_batch_oplocks() and
998 delay_for_exclusive_oplocks().
1000 if ((oplock_request
& INTERNAL_OPEN_ONLY
) || is_stat_open(fsp
->access_mask
)) {
1004 for (i
=0; i
<lck
->num_share_modes
; i
++) {
1005 if (!is_valid_share_mode_entry(&lck
->share_modes
[i
])) {
1009 if (lck
->share_modes
[i
].op_type
== NO_OPLOCK
&&
1010 is_stat_open(lck
->share_modes
[i
].access_mask
)) {
1011 /* We ignore stat opens in the table - they
1012 always have NO_OPLOCK and never get or
1013 cause breaks. JRA. */
1017 if (BATCH_OPLOCK_TYPE(lck
->share_modes
[i
].op_type
)) {
1018 /* batch - can only be one. */
1019 if (*pp_ex_or_batch
|| *pp_batch
|| *got_level2
|| *got_no_oplock
) {
1020 smb_panic("Bad batch oplock entry.");
1022 *pp_batch
= &lck
->share_modes
[i
];
1025 if (EXCLUSIVE_OPLOCK_TYPE(lck
->share_modes
[i
].op_type
)) {
1026 /* Exclusive or batch - can only be one. */
1027 if (*pp_ex_or_batch
|| *got_level2
|| *got_no_oplock
) {
1028 smb_panic("Bad exclusive or batch oplock entry.");
1030 *pp_ex_or_batch
= &lck
->share_modes
[i
];
1033 if (LEVEL_II_OPLOCK_TYPE(lck
->share_modes
[i
].op_type
)) {
1034 if (*pp_batch
|| *pp_ex_or_batch
) {
1035 smb_panic("Bad levelII oplock entry.");
1040 if (lck
->share_modes
[i
].op_type
== NO_OPLOCK
) {
1041 if (*pp_batch
|| *pp_ex_or_batch
) {
1042 smb_panic("Bad no oplock entry.");
1044 *got_no_oplock
= true;
1049 static bool delay_for_batch_oplocks(files_struct
*fsp
,
1052 struct share_mode_entry
*batch_entry
)
1054 if ((oplock_request
& INTERNAL_OPEN_ONLY
) || is_stat_open(fsp
->access_mask
)) {
1058 if (batch_entry
!= NULL
) {
1059 /* Found a batch oplock */
1060 send_break_message(fsp
, batch_entry
, mid
, oplock_request
);
1066 static bool delay_for_exclusive_oplocks(files_struct
*fsp
,
1069 struct share_mode_entry
*ex_entry
)
1071 if ((oplock_request
& INTERNAL_OPEN_ONLY
) || is_stat_open(fsp
->access_mask
)) {
1075 if (ex_entry
!= NULL
) {
1076 /* Found an exclusive or batch oplock */
1077 bool delay_it
= is_delete_request(fsp
) ?
1078 BATCH_OPLOCK_TYPE(ex_entry
->op_type
) : true;
1080 send_break_message(fsp
, ex_entry
, mid
, oplock_request
);
1087 static void grant_fsp_oplock_type(files_struct
*fsp
,
1088 const struct byte_range_lock
*br_lck
,
1090 bool got_level2_oplock
,
1091 bool got_a_none_oplock
)
1093 bool allow_level2
= (global_client_caps
& CAP_LEVEL_II_OPLOCKS
) &&
1094 lp_level2_oplocks(SNUM(fsp
->conn
));
1096 /* Start by granting what the client asked for,
1097 but ensure no SAMBA_PRIVATE bits can be set. */
1098 fsp
->oplock_type
= (oplock_request
& ~SAMBA_PRIVATE_OPLOCK_MASK
);
1100 if (oplock_request
& INTERNAL_OPEN_ONLY
) {
1101 /* No oplocks on internal open. */
1102 fsp
->oplock_type
= NO_OPLOCK
;
1103 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1104 fsp
->oplock_type
, fsp_str_dbg(fsp
)));
1106 } else if (br_lck
&& br_lck
->num_locks
> 0) {
1107 DEBUG(10,("grant_fsp_oplock_type: file %s has byte range locks\n",
1109 fsp
->oplock_type
= NO_OPLOCK
;
1112 if (is_stat_open(fsp
->access_mask
)) {
1113 /* Leave the value already set. */
1114 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1115 fsp
->oplock_type
, fsp_str_dbg(fsp
)));
1120 * Match what was requested (fsp->oplock_type) with
1121 * what was found in the existing share modes.
1124 if (got_a_none_oplock
) {
1125 fsp
->oplock_type
= NO_OPLOCK
;
1126 } else if (got_level2_oplock
) {
1127 if (fsp
->oplock_type
== NO_OPLOCK
||
1128 fsp
->oplock_type
== FAKE_LEVEL_II_OPLOCK
) {
1129 /* Store a level2 oplock, but don't tell the client */
1130 fsp
->oplock_type
= FAKE_LEVEL_II_OPLOCK
;
1132 fsp
->oplock_type
= LEVEL_II_OPLOCK
;
1135 /* All share_mode_entries are placeholders or deferred.
1136 * Silently upgrade to fake levelII if the client didn't
1137 * ask for an oplock. */
1138 if (fsp
->oplock_type
== NO_OPLOCK
) {
1139 /* Store a level2 oplock, but don't tell the client */
1140 fsp
->oplock_type
= FAKE_LEVEL_II_OPLOCK
;
1145 * Don't grant level2 to clients that don't want them
1146 * or if we've turned them off.
1148 if (fsp
->oplock_type
== LEVEL_II_OPLOCK
&& !allow_level2
) {
1149 fsp
->oplock_type
= FAKE_LEVEL_II_OPLOCK
;
1152 DEBUG(10,("grant_fsp_oplock_type: oplock type 0x%x on file %s\n",
1153 fsp
->oplock_type
, fsp_str_dbg(fsp
)));
1156 bool request_timed_out(struct timeval request_time
,
1157 struct timeval timeout
)
1159 struct timeval now
, end_time
;
1161 end_time
= timeval_sum(&request_time
, &timeout
);
1162 return (timeval_compare(&end_time
, &now
) < 0);
1165 /****************************************************************************
1166 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1167 ****************************************************************************/
1169 static void defer_open(struct share_mode_lock
*lck
,
1170 struct timeval request_time
,
1171 struct timeval timeout
,
1172 struct smb_request
*req
,
1173 struct deferred_open_record
*state
)
1177 /* Paranoia check */
1179 for (i
=0; i
<lck
->num_share_modes
; i
++) {
1180 struct share_mode_entry
*e
= &lck
->share_modes
[i
];
1182 if (!is_deferred_open_entry(e
)) {
1186 if (procid_is_me(&e
->pid
) && (e
->op_mid
== req
->mid
)) {
1187 DEBUG(0, ("Trying to defer an already deferred "
1188 "request: mid=%llu, exiting\n",
1189 (unsigned long long)req
->mid
));
1190 exit_server("attempt to defer a deferred request");
1194 /* End paranoia check */
1196 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1197 "open entry for mid %llu\n",
1198 (unsigned int)request_time
.tv_sec
,
1199 (unsigned int)request_time
.tv_usec
,
1200 (unsigned long long)req
->mid
));
1202 if (!push_deferred_open_message_smb(req
, request_time
, timeout
,
1203 state
->id
, (char *)state
, sizeof(*state
))) {
1204 exit_server("push_deferred_open_message_smb failed");
1206 add_deferred_open(lck
, req
->mid
, request_time
,
1207 sconn_server_id(req
->sconn
), state
->id
);
1211 /****************************************************************************
1212 On overwrite open ensure that the attributes match.
1213 ****************************************************************************/
1215 bool open_match_attributes(connection_struct
*conn
,
1216 uint32 old_dos_attr
,
1217 uint32 new_dos_attr
,
1218 mode_t existing_unx_mode
,
1219 mode_t new_unx_mode
,
1220 mode_t
*returned_unx_mode
)
1222 uint32 noarch_old_dos_attr
, noarch_new_dos_attr
;
1224 noarch_old_dos_attr
= (old_dos_attr
& ~FILE_ATTRIBUTE_ARCHIVE
);
1225 noarch_new_dos_attr
= (new_dos_attr
& ~FILE_ATTRIBUTE_ARCHIVE
);
1227 if((noarch_old_dos_attr
== 0 && noarch_new_dos_attr
!= 0) ||
1228 (noarch_old_dos_attr
!= 0 && ((noarch_old_dos_attr
& noarch_new_dos_attr
) == noarch_old_dos_attr
))) {
1229 *returned_unx_mode
= new_unx_mode
;
1231 *returned_unx_mode
= (mode_t
)0;
1234 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1235 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1236 "returned_unx_mode = 0%o\n",
1237 (unsigned int)old_dos_attr
,
1238 (unsigned int)existing_unx_mode
,
1239 (unsigned int)new_dos_attr
,
1240 (unsigned int)*returned_unx_mode
));
1242 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1243 if (lp_map_system(SNUM(conn
)) || lp_store_dos_attributes(SNUM(conn
))) {
1244 if ((old_dos_attr
& FILE_ATTRIBUTE_SYSTEM
) &&
1245 !(new_dos_attr
& FILE_ATTRIBUTE_SYSTEM
)) {
1249 if (lp_map_hidden(SNUM(conn
)) || lp_store_dos_attributes(SNUM(conn
))) {
1250 if ((old_dos_attr
& FILE_ATTRIBUTE_HIDDEN
) &&
1251 !(new_dos_attr
& FILE_ATTRIBUTE_HIDDEN
)) {
1258 /****************************************************************************
1259 Special FCB or DOS processing in the case of a sharing violation.
1260 Try and find a duplicated file handle.
1261 ****************************************************************************/
1263 NTSTATUS
fcb_or_dos_open(struct smb_request
*req
,
1264 connection_struct
*conn
,
1265 files_struct
*fsp_to_dup_into
,
1266 const struct smb_filename
*smb_fname
,
1271 uint32 share_access
,
1272 uint32 create_options
)
1276 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1277 "file %s.\n", smb_fname_str_dbg(smb_fname
)));
1279 for(fsp
= file_find_di_first(conn
->sconn
, id
); fsp
;
1280 fsp
= file_find_di_next(fsp
)) {
1282 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1283 "vuid = %u, file_pid = %u, private_options = 0x%x "
1284 "access_mask = 0x%x\n", fsp_str_dbg(fsp
),
1285 fsp
->fh
->fd
, (unsigned int)fsp
->vuid
,
1286 (unsigned int)fsp
->file_pid
,
1287 (unsigned int)fsp
->fh
->private_options
,
1288 (unsigned int)fsp
->access_mask
));
1290 if (fsp
->fh
->fd
!= -1 &&
1291 fsp
->vuid
== vuid
&&
1292 fsp
->file_pid
== file_pid
&&
1293 (fsp
->fh
->private_options
& (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
|
1294 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB
)) &&
1295 (fsp
->access_mask
& FILE_WRITE_DATA
) &&
1296 strequal(fsp
->fsp_name
->base_name
, smb_fname
->base_name
) &&
1297 strequal(fsp
->fsp_name
->stream_name
,
1298 smb_fname
->stream_name
)) {
1299 DEBUG(10,("fcb_or_dos_open: file match\n"));
1305 return NT_STATUS_NOT_FOUND
;
1308 /* quite an insane set of semantics ... */
1309 if (is_executable(smb_fname
->base_name
) &&
1310 (fsp
->fh
->private_options
& NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
)) {
1311 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1312 return NT_STATUS_INVALID_PARAMETER
;
1315 /* We need to duplicate this fsp. */
1316 return dup_file_fsp(req
, fsp
, access_mask
, share_access
,
1317 create_options
, fsp_to_dup_into
);
1320 static void schedule_defer_open(struct share_mode_lock
*lck
,
1321 struct timeval request_time
,
1322 struct smb_request
*req
)
1324 struct deferred_open_record state
;
1326 /* This is a relative time, added to the absolute
1327 request_time value to get the absolute timeout time.
1328 Note that if this is the second or greater time we enter
1329 this codepath for this particular request mid then
1330 request_time is left as the absolute time of the *first*
1331 time this request mid was processed. This is what allows
1332 the request to eventually time out. */
1334 struct timeval timeout
;
1336 /* Normally the smbd we asked should respond within
1337 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1338 * the client did, give twice the timeout as a safety
1339 * measure here in case the other smbd is stuck
1340 * somewhere else. */
1342 timeout
= timeval_set(OPLOCK_BREAK_TIMEOUT
*2, 0);
1344 /* Nothing actually uses state.delayed_for_oplocks
1345 but it's handy to differentiate in debug messages
1346 between a 30 second delay due to oplock break, and
1347 a 1 second delay for share mode conflicts. */
1349 state
.delayed_for_oplocks
= True
;
1352 if (!request_timed_out(request_time
, timeout
)) {
1353 defer_open(lck
, request_time
, timeout
, req
, &state
);
1357 /****************************************************************************
1358 Work out what access_mask to use from what the client sent us.
1359 ****************************************************************************/
1361 NTSTATUS
smbd_calculate_access_mask(connection_struct
*conn
,
1362 const struct smb_filename
*smb_fname
,
1364 uint32_t access_mask
,
1365 uint32_t *access_mask_out
)
1368 uint32_t orig_access_mask
= access_mask
;
1369 uint32_t rejected_share_access
;
1372 * Convert GENERIC bits to specific bits.
1375 se_map_generic(&access_mask
, &file_generic_mapping
);
1377 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1378 if (access_mask
& MAXIMUM_ALLOWED_ACCESS
) {
1381 struct security_descriptor
*sd
;
1382 uint32_t access_granted
= 0;
1384 status
= SMB_VFS_GET_NT_ACL(conn
, smb_fname
->base_name
,
1389 if (!NT_STATUS_IS_OK(status
)) {
1390 DEBUG(10,("smbd_calculate_access_mask: "
1391 "Could not get acl on file %s: %s\n",
1392 smb_fname_str_dbg(smb_fname
),
1393 nt_errstr(status
)));
1394 return NT_STATUS_ACCESS_DENIED
;
1397 status
= smb1_file_se_access_check(conn
,
1399 get_current_nttok(conn
),
1405 if (!NT_STATUS_IS_OK(status
)) {
1406 DEBUG(10, ("smbd_calculate_access_mask: "
1407 "Access denied on file %s: "
1408 "when calculating maximum access\n",
1409 smb_fname_str_dbg(smb_fname
)));
1410 return NT_STATUS_ACCESS_DENIED
;
1413 access_mask
= access_granted
;
1415 access_mask
= FILE_GENERIC_ALL
;
1418 access_mask
&= conn
->share_access
;
1421 rejected_share_access
= access_mask
& ~(conn
->share_access
);
1423 if (rejected_share_access
) {
1424 DEBUG(10, ("smbd_calculate_access_mask: Access denied on "
1425 "file %s: rejected by share access mask[0x%08X] "
1426 "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n",
1427 smb_fname_str_dbg(smb_fname
),
1429 orig_access_mask
, access_mask
,
1430 rejected_share_access
));
1431 return NT_STATUS_ACCESS_DENIED
;
1434 *access_mask_out
= access_mask
;
1435 return NT_STATUS_OK
;
1438 /****************************************************************************
1439 Remove the deferred open entry under lock.
1440 ****************************************************************************/
1442 void remove_deferred_open_entry(struct file_id id
, uint64_t mid
,
1443 struct server_id pid
)
1445 struct share_mode_lock
*lck
= get_share_mode_lock(talloc_tos(), id
,
1448 DEBUG(0, ("could not get share mode lock\n"));
1450 del_deferred_open_entry(lck
, mid
, pid
);
1455 /****************************************************************
1456 Ensure we get the brlock lock followed by the share mode lock
1457 in the correct order to prevent deadlocks if other smbd's are
1458 using the brlock database on this file simultaneously with this open
1459 (that code also gets the locks in brlock -> share mode lock order).
1460 ****************************************************************/
1462 static bool acquire_ordered_locks(TALLOC_CTX
*mem_ctx
,
1464 const struct file_id id
,
1465 const char *connectpath
,
1466 const struct smb_filename
*smb_fname
,
1467 const struct timespec
*p_old_write_time
,
1468 struct share_mode_lock
**p_lck
,
1469 struct byte_range_lock
**p_br_lck
)
1471 /* Ordering - we must get the br_lck for this
1472 file before the share mode. */
1473 if (lp_locking(fsp
->conn
->params
)) {
1474 *p_br_lck
= brl_get_locks_readonly(fsp
);
1475 if (*p_br_lck
== NULL
) {
1476 DEBUG(0, ("Could not get br_lock\n"));
1479 /* Note - we don't need to free the returned
1480 br_lck explicitly as it was allocated on talloc_tos()
1481 and so will be autofreed (and release the lock)
1482 once the frame context disappears.
1484 If it was set to fsp->brlock_rec then it was
1485 talloc_move'd to hang off the fsp pointer and
1486 in this case is guarenteed to not be holding the
1487 lock on the brlock database. */
1490 *p_lck
= get_share_mode_lock(mem_ctx
,
1496 if (*p_lck
== NULL
) {
1497 DEBUG(0, ("Could not get share mode lock\n"));
1498 TALLOC_FREE(*p_br_lck
);
1504 /****************************************************************************
1505 Open a file with a share mode. Passed in an already created files_struct *.
1506 ****************************************************************************/
1508 static NTSTATUS
open_file_ntcreate(connection_struct
*conn
,
1509 struct smb_request
*req
,
1510 uint32 access_mask
, /* access bits (FILE_READ_DATA etc.) */
1511 uint32 share_access
, /* share constants (FILE_SHARE_READ etc) */
1512 uint32 create_disposition
, /* FILE_OPEN_IF etc. */
1513 uint32 create_options
, /* options such as delete on close. */
1514 uint32 new_dos_attributes
, /* attributes used for new file. */
1515 int oplock_request
, /* internal Samba oplock codes. */
1516 /* Information (FILE_EXISTS etc.) */
1517 uint32_t private_flags
, /* Samba specific flags. */
1521 struct smb_filename
*smb_fname
= fsp
->fsp_name
;
1524 bool file_existed
= VALID_STAT(smb_fname
->st
);
1525 bool def_acl
= False
;
1526 bool posix_open
= False
;
1527 bool new_file_created
= False
;
1528 bool clear_ads
= false;
1530 NTSTATUS fsp_open
= NT_STATUS_ACCESS_DENIED
;
1531 mode_t new_unx_mode
= (mode_t
)0;
1532 mode_t unx_mode
= (mode_t
)0;
1534 uint32 existing_dos_attributes
= 0;
1535 struct timeval request_time
= timeval_zero();
1536 struct share_mode_lock
*lck
= NULL
;
1537 uint32 open_access_mask
= access_mask
;
1543 if (conn
->printer
) {
1545 * Printers are handled completely differently.
1546 * Most of the passed parameters are ignored.
1550 *pinfo
= FILE_WAS_CREATED
;
1553 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1554 smb_fname_str_dbg(smb_fname
)));
1557 DEBUG(0,("open_file_ntcreate: printer open without "
1558 "an SMB request!\n"));
1559 return NT_STATUS_INTERNAL_ERROR
;
1562 return print_spool_open(fsp
, smb_fname
->base_name
,
1566 if (!parent_dirname(talloc_tos(), smb_fname
->base_name
, &parent_dir
,
1568 return NT_STATUS_NO_MEMORY
;
1571 if (new_dos_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
1573 unx_mode
= (mode_t
)(new_dos_attributes
& ~FILE_FLAG_POSIX_SEMANTICS
);
1574 new_dos_attributes
= 0;
1576 /* Windows allows a new file to be created and
1577 silently removes a FILE_ATTRIBUTE_DIRECTORY
1578 sent by the client. Do the same. */
1580 new_dos_attributes
&= ~FILE_ATTRIBUTE_DIRECTORY
;
1582 /* We add FILE_ATTRIBUTE_ARCHIVE to this as this mode is only used if the file is
1584 unx_mode
= unix_mode(conn
, new_dos_attributes
| FILE_ATTRIBUTE_ARCHIVE
,
1585 smb_fname
, parent_dir
);
1588 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1589 "access_mask=0x%x share_access=0x%x "
1590 "create_disposition = 0x%x create_options=0x%x "
1591 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
1592 smb_fname_str_dbg(smb_fname
), new_dos_attributes
,
1593 access_mask
, share_access
, create_disposition
,
1594 create_options
, (unsigned int)unx_mode
, oplock_request
,
1595 (unsigned int)private_flags
));
1597 if ((req
== NULL
) && ((oplock_request
& INTERNAL_OPEN_ONLY
) == 0)) {
1598 DEBUG(0, ("No smb request but not an internal only open!\n"));
1599 return NT_STATUS_INTERNAL_ERROR
;
1603 * Only non-internal opens can be deferred at all
1608 if (get_deferred_open_message_state(req
,
1612 struct deferred_open_record
*state
= (struct deferred_open_record
*)ptr
;
1613 /* Remember the absolute time of the original
1614 request with this mid. We'll use it later to
1615 see if this has timed out. */
1617 /* Remove the deferred open entry under lock. */
1618 remove_deferred_open_entry(
1619 state
->id
, req
->mid
,
1620 sconn_server_id(req
->sconn
));
1622 /* Ensure we don't reprocess this message. */
1623 remove_deferred_open_message_smb(req
->mid
);
1627 status
= check_name(conn
, smb_fname
->base_name
);
1628 if (!NT_STATUS_IS_OK(status
)) {
1633 new_dos_attributes
&= SAMBA_ATTRIBUTES_MASK
;
1635 existing_dos_attributes
= dos_mode(conn
, smb_fname
);
1639 /* ignore any oplock requests if oplocks are disabled */
1640 if (!lp_oplocks(SNUM(conn
)) ||
1641 IS_VETO_OPLOCK_PATH(conn
, smb_fname
->base_name
)) {
1642 /* Mask off everything except the private Samba bits. */
1643 oplock_request
&= SAMBA_PRIVATE_OPLOCK_MASK
;
1646 /* this is for OS/2 long file names - say we don't support them */
1647 if (!lp_posix_pathnames() && strstr(smb_fname
->base_name
,".+,;=[].")) {
1648 /* OS/2 Workplace shell fix may be main code stream in a later
1650 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1652 if (use_nt_status()) {
1653 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1655 return NT_STATUS_DOS(ERRDOS
, ERRcannotopen
);
1658 switch( create_disposition
) {
1660 * Currently we're using FILE_SUPERSEDE as the same as
1661 * FILE_OVERWRITE_IF but they really are
1662 * different. FILE_SUPERSEDE deletes an existing file
1663 * (requiring delete access) then recreates it.
1665 case FILE_SUPERSEDE
:
1666 /* If file exists replace/overwrite. If file doesn't
1668 flags2
|= (O_CREAT
| O_TRUNC
);
1672 case FILE_OVERWRITE_IF
:
1673 /* If file exists replace/overwrite. If file doesn't
1675 flags2
|= (O_CREAT
| O_TRUNC
);
1680 /* If file exists open. If file doesn't exist error. */
1681 if (!file_existed
) {
1682 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1683 "requested for file %s and file "
1685 smb_fname_str_dbg(smb_fname
)));
1687 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1691 case FILE_OVERWRITE
:
1692 /* If file exists overwrite. If file doesn't exist
1694 if (!file_existed
) {
1695 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1696 "requested for file %s and file "
1698 smb_fname_str_dbg(smb_fname
) ));
1700 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
1707 /* If file exists error. If file doesn't exist
1710 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1711 "requested for file %s and file "
1712 "already exists.\n",
1713 smb_fname_str_dbg(smb_fname
)));
1714 if (S_ISDIR(smb_fname
->st
.st_ex_mode
)) {
1719 return map_nt_error_from_unix(errno
);
1721 flags2
|= (O_CREAT
|O_EXCL
);
1725 /* If file exists open. If file doesn't exist
1731 return NT_STATUS_INVALID_PARAMETER
;
1734 /* We only care about matching attributes on file exists and
1737 if (!posix_open
&& file_existed
&& ((create_disposition
== FILE_OVERWRITE
) ||
1738 (create_disposition
== FILE_OVERWRITE_IF
))) {
1739 if (!open_match_attributes(conn
, existing_dos_attributes
,
1741 smb_fname
->st
.st_ex_mode
,
1742 unx_mode
, &new_unx_mode
)) {
1743 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1744 "for file %s (%x %x) (0%o, 0%o)\n",
1745 smb_fname_str_dbg(smb_fname
),
1746 existing_dos_attributes
,
1748 (unsigned int)smb_fname
->st
.st_ex_mode
,
1749 (unsigned int)unx_mode
));
1751 return NT_STATUS_ACCESS_DENIED
;
1755 status
= smbd_calculate_access_mask(conn
, smb_fname
, file_existed
,
1758 if (!NT_STATUS_IS_OK(status
)) {
1759 DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
1760 "on file %s returned %s\n",
1761 smb_fname_str_dbg(smb_fname
), nt_errstr(status
)));
1765 open_access_mask
= access_mask
;
1767 if ((flags2
& O_TRUNC
) || (oplock_request
& FORCE_OPLOCK_BREAK_TO_NONE
)) {
1768 open_access_mask
|= FILE_WRITE_DATA
; /* This will cause oplock breaks. */
1771 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1772 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname
),
1776 * Note that we ignore the append flag as append does not
1777 * mean the same thing under DOS and Unix.
1780 if ((access_mask
& (FILE_WRITE_DATA
| FILE_APPEND_DATA
)) ||
1781 (oplock_request
& FORCE_OPLOCK_BREAK_TO_NONE
)) {
1782 /* DENY_DOS opens are always underlying read-write on the
1783 file handle, no matter what the requested access mask
1785 if ((private_flags
& NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
) ||
1786 access_mask
& (FILE_READ_ATTRIBUTES
|FILE_READ_DATA
|FILE_READ_EA
|FILE_EXECUTE
)) {
1796 * Currently we only look at FILE_WRITE_THROUGH for create options.
1800 if ((create_options
& FILE_WRITE_THROUGH
) && lp_strict_sync(SNUM(conn
))) {
1805 if (posix_open
&& (access_mask
& FILE_APPEND_DATA
)) {
1809 if (!posix_open
&& !CAN_WRITE(conn
)) {
1811 * We should really return a permission denied error if either
1812 * O_CREAT or O_TRUNC are set, but for compatibility with
1813 * older versions of Samba we just AND them out.
1815 flags2
&= ~(O_CREAT
|O_TRUNC
);
1819 * Ensure we can't write on a read-only share or file.
1822 if (flags
!= O_RDONLY
&& file_existed
&&
1823 (!CAN_WRITE(conn
) || IS_DOS_READONLY(existing_dos_attributes
))) {
1824 DEBUG(5,("open_file_ntcreate: write access requested for "
1825 "file %s on read only %s\n",
1826 smb_fname_str_dbg(smb_fname
),
1827 !CAN_WRITE(conn
) ? "share" : "file" ));
1829 return NT_STATUS_ACCESS_DENIED
;
1832 fsp
->file_id
= vfs_file_id_from_sbuf(conn
, &smb_fname
->st
);
1833 fsp
->share_access
= share_access
;
1834 fsp
->fh
->private_options
= private_flags
;
1835 fsp
->access_mask
= open_access_mask
; /* We change this to the
1836 * requested access_mask after
1837 * the open is done. */
1838 fsp
->posix_open
= posix_open
;
1840 /* Ensure no SAMBA_PRIVATE bits can be set. */
1841 fsp
->oplock_type
= (oplock_request
& ~SAMBA_PRIVATE_OPLOCK_MASK
);
1843 if (timeval_is_zero(&request_time
)) {
1844 request_time
= fsp
->open_time
;
1848 struct byte_range_lock
*br_lck
= NULL
;
1849 struct share_mode_entry
*batch_entry
= NULL
;
1850 struct share_mode_entry
*exclusive_entry
= NULL
;
1851 bool got_level2_oplock
= false;
1852 bool got_a_none_oplock
= false;
1854 struct timespec old_write_time
= smb_fname
->st
.st_ex_mtime
;
1855 id
= vfs_file_id_from_sbuf(conn
, &smb_fname
->st
);
1857 if (!acquire_ordered_locks(talloc_tos(),
1865 return NT_STATUS_SHARING_VIOLATION
;
1868 /* Get the types we need to examine. */
1869 find_oplock_types(fsp
,
1875 &got_a_none_oplock
);
1877 /* First pass - send break only on batch oplocks. */
1878 if ((req
!= NULL
) &&
1879 delay_for_batch_oplocks(fsp
,
1883 schedule_defer_open(lck
, request_time
, req
);
1885 return NT_STATUS_SHARING_VIOLATION
;
1888 /* Use the client requested access mask here, not the one we
1890 status
= open_mode_check(conn
, lck
, fsp
->name_hash
,
1891 access_mask
, share_access
,
1892 create_options
, &file_existed
);
1894 if (NT_STATUS_IS_OK(status
)) {
1895 /* We might be going to allow this open. Check oplock
1897 /* Second pass - send break for both batch or
1898 * exclusive oplocks. */
1899 if ((req
!= NULL
) &&
1900 delay_for_exclusive_oplocks(
1905 schedule_defer_open(lck
, request_time
, req
);
1907 return NT_STATUS_SHARING_VIOLATION
;
1911 if (NT_STATUS_EQUAL(status
, NT_STATUS_DELETE_PENDING
)) {
1912 /* DELETE_PENDING is not deferred for a second */
1917 grant_fsp_oplock_type(fsp
,
1923 if (!NT_STATUS_IS_OK(status
)) {
1924 uint32 can_access_mask
;
1925 bool can_access
= True
;
1927 SMB_ASSERT(NT_STATUS_EQUAL(status
, NT_STATUS_SHARING_VIOLATION
));
1929 /* Check if this can be done with the deny_dos and fcb
1932 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
|
1933 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB
)) {
1935 DEBUG(0, ("DOS open without an SMB "
1938 return NT_STATUS_INTERNAL_ERROR
;
1941 /* Use the client requested access mask here,
1942 * not the one we open with. */
1943 status
= fcb_or_dos_open(req
,
1954 if (NT_STATUS_IS_OK(status
)) {
1957 *pinfo
= FILE_WAS_OPENED
;
1959 return NT_STATUS_OK
;
1964 * This next line is a subtlety we need for
1965 * MS-Access. If a file open will fail due to share
1966 * permissions and also for security (access) reasons,
1967 * we need to return the access failed error, not the
1968 * share error. We can't open the file due to kernel
1969 * oplock deadlock (it's possible we failed above on
1970 * the open_mode_check()) so use a userspace check.
1973 if (flags
& O_RDWR
) {
1974 can_access_mask
= FILE_READ_DATA
|FILE_WRITE_DATA
;
1975 } else if (flags
& O_WRONLY
) {
1976 can_access_mask
= FILE_WRITE_DATA
;
1978 can_access_mask
= FILE_READ_DATA
;
1981 if (((can_access_mask
& FILE_WRITE_DATA
) &&
1982 !CAN_WRITE(conn
)) ||
1983 !can_access_file_data(conn
, smb_fname
,
1989 * If we're returning a share violation, ensure we
1990 * cope with the braindead 1 second delay.
1993 if (!(oplock_request
& INTERNAL_OPEN_ONLY
) &&
1994 lp_defer_sharing_violations()) {
1995 struct timeval timeout
;
1996 struct deferred_open_record state
;
1999 /* this is a hack to speed up torture tests
2001 timeout_usecs
= lp_parm_int(SNUM(conn
),
2002 "smbd","sharedelay",
2003 SHARING_VIOLATION_USEC_WAIT
);
2005 /* This is a relative time, added to the absolute
2006 request_time value to get the absolute timeout time.
2007 Note that if this is the second or greater time we enter
2008 this codepath for this particular request mid then
2009 request_time is left as the absolute time of the *first*
2010 time this request mid was processed. This is what allows
2011 the request to eventually time out. */
2013 timeout
= timeval_set(0, timeout_usecs
);
2015 /* Nothing actually uses state.delayed_for_oplocks
2016 but it's handy to differentiate in debug messages
2017 between a 30 second delay due to oplock break, and
2018 a 1 second delay for share mode conflicts. */
2020 state
.delayed_for_oplocks
= False
;
2024 && !request_timed_out(request_time
,
2026 defer_open(lck
, request_time
, timeout
,
2034 * We have detected a sharing violation here
2035 * so return the correct error code
2037 status
= NT_STATUS_SHARING_VIOLATION
;
2039 status
= NT_STATUS_ACCESS_DENIED
;
2045 * We exit this block with the share entry *locked*.....
2049 SMB_ASSERT(!file_existed
|| (lck
!= NULL
));
2052 * Ensure we pay attention to default ACLs on directories if required.
2055 if ((flags2
& O_CREAT
) && lp_inherit_acls(SNUM(conn
)) &&
2056 (def_acl
= directory_has_default_acl(conn
, parent_dir
))) {
2057 unx_mode
= (0777 & lp_create_mask(SNUM(conn
)));
2060 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2061 "access_mask = 0x%x, open_access_mask = 0x%x\n",
2062 (unsigned int)flags
, (unsigned int)flags2
,
2063 (unsigned int)unx_mode
, (unsigned int)access_mask
,
2064 (unsigned int)open_access_mask
));
2067 * open_file strips any O_TRUNC flags itself.
2070 fsp_open
= open_file(fsp
, conn
, req
, parent_dir
,
2071 flags
|flags2
, unx_mode
, access_mask
,
2074 if (!NT_STATUS_IS_OK(fsp_open
)) {
2081 if (!file_existed
) {
2082 struct byte_range_lock
*br_lck
= NULL
;
2083 struct share_mode_entry
*batch_entry
= NULL
;
2084 struct share_mode_entry
*exclusive_entry
= NULL
;
2085 bool got_level2_oplock
= false;
2086 bool got_a_none_oplock
= false;
2087 struct timespec old_write_time
= smb_fname
->st
.st_ex_mtime
;
2089 * Deal with the race condition where two smbd's detect the
2090 * file doesn't exist and do the create at the same time. One
2091 * of them will win and set a share mode, the other (ie. this
2092 * one) should check if the requested share mode for this
2093 * create is allowed.
2097 * Now the file exists and fsp is successfully opened,
2098 * fsp->dev and fsp->inode are valid and should replace the
2099 * dev=0,inode=0 from a non existent file. Spotted by
2100 * Nadav Danieli <nadavd@exanet.com>. JRA.
2105 if (!acquire_ordered_locks(talloc_tos(),
2113 return NT_STATUS_SHARING_VIOLATION
;
2116 /* Get the types we need to examine. */
2117 find_oplock_types(fsp
,
2123 &got_a_none_oplock
);
2125 /* First pass - send break only on batch oplocks. */
2126 if ((req
!= NULL
) &&
2127 delay_for_batch_oplocks(fsp
,
2131 schedule_defer_open(lck
, request_time
, req
);
2134 return NT_STATUS_SHARING_VIOLATION
;
2137 status
= open_mode_check(conn
, lck
, fsp
->name_hash
,
2138 access_mask
, share_access
,
2139 create_options
, &file_existed
);
2141 if (NT_STATUS_IS_OK(status
)) {
2142 /* We might be going to allow this open. Check oplock
2144 /* Second pass - send break for both batch or
2145 * exclusive oplocks. */
2146 if ((req
!= NULL
) &&
2147 delay_for_exclusive_oplocks(
2152 schedule_defer_open(lck
, request_time
, req
);
2155 return NT_STATUS_SHARING_VIOLATION
;
2159 if (!NT_STATUS_IS_OK(status
)) {
2160 struct deferred_open_record state
;
2164 state
.delayed_for_oplocks
= False
;
2167 /* Do it all over again immediately. In the second
2168 * round we will find that the file existed and handle
2169 * the DELETE_PENDING and FCB cases correctly. No need
2170 * to duplicate the code here. Essentially this is a
2171 * "goto top of this function", but don't tell
2175 defer_open(lck
, request_time
, timeval_zero(),
2182 grant_fsp_oplock_type(fsp
,
2189 * We exit this block with the share entry *locked*.....
2194 SMB_ASSERT(lck
!= NULL
);
2196 /* Delete streams if create_disposition requires it */
2197 if (file_existed
&& clear_ads
&&
2198 !is_ntfs_stream_smb_fname(smb_fname
)) {
2199 status
= delete_all_streams(conn
, smb_fname
->base_name
);
2200 if (!NT_STATUS_IS_OK(status
)) {
2207 /* note that we ignore failure for the following. It is
2208 basically a hack for NFS, and NFS will never set one of
2209 these only read them. Nobody but Samba can ever set a deny
2210 mode and we have already checked our more authoritative
2211 locking database for permission to set this deny mode. If
2212 the kernel refuses the operations then the kernel is wrong.
2213 note that GPFS supports it as well - jmcd */
2215 if (fsp
->fh
->fd
!= -1) {
2217 ret_flock
= SMB_VFS_KERNEL_FLOCK(fsp
, share_access
, access_mask
);
2218 if(ret_flock
== -1 ){
2223 return NT_STATUS_SHARING_VIOLATION
;
2228 * At this point onwards, we can guarentee that the share entry
2229 * is locked, whether we created the file or not, and that the
2230 * deny mode is compatible with all current opens.
2234 * If requested, truncate the file.
2237 if (file_existed
&& (flags2
&O_TRUNC
)) {
2239 * We are modifing the file after open - update the stat
2242 if ((SMB_VFS_FTRUNCATE(fsp
, 0) == -1) ||
2243 (SMB_VFS_FSTAT(fsp
, &smb_fname
->st
)==-1)) {
2244 status
= map_nt_error_from_unix(errno
);
2252 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2253 * but we don't have to store this - just ignore it on access check.
2255 if (conn
->sconn
->using_smb2
) {
2257 * SMB2 doesn't return it (according to Microsoft tests).
2258 * Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
2259 * File created with access = 0x7 (Read, Write, Delete)
2260 * Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
2262 fsp
->access_mask
= access_mask
;
2264 /* But SMB1 does. */
2265 fsp
->access_mask
= access_mask
| FILE_READ_ATTRIBUTES
;
2269 /* stat opens on existing files don't get oplocks. */
2270 if (is_stat_open(open_access_mask
)) {
2271 fsp
->oplock_type
= NO_OPLOCK
;
2274 if (!(flags2
& O_TRUNC
)) {
2275 info
= FILE_WAS_OPENED
;
2277 info
= FILE_WAS_OVERWRITTEN
;
2280 info
= FILE_WAS_CREATED
;
2288 * Setup the oplock info in both the shared memory and
2292 if (!set_file_oplock(fsp
, fsp
->oplock_type
)) {
2294 * Could not get the kernel oplock or there are byte-range
2295 * locks on the file.
2297 fsp
->oplock_type
= NO_OPLOCK
;
2300 if (info
== FILE_WAS_OVERWRITTEN
|| info
== FILE_WAS_CREATED
|| info
== FILE_WAS_SUPERSEDED
) {
2301 new_file_created
= True
;
2304 set_share_mode(lck
, fsp
, get_current_uid(conn
),
2308 /* Handle strange delete on close create semantics. */
2309 if (create_options
& FILE_DELETE_ON_CLOSE
) {
2311 status
= can_set_delete_on_close(fsp
, new_dos_attributes
);
2313 if (!NT_STATUS_IS_OK(status
)) {
2314 /* Remember to delete the mode we just added. */
2315 del_share_mode(lck
, fsp
);
2320 /* Note that here we set the *inital* delete on close flag,
2321 not the regular one. The magic gets handled in close. */
2322 fsp
->initial_delete_on_close
= True
;
2325 if (new_file_created
) {
2326 /* Files should be initially set as archive */
2327 if (lp_map_archive(SNUM(conn
)) ||
2328 lp_store_dos_attributes(SNUM(conn
))) {
2330 if (file_set_dosmode(conn
, smb_fname
,
2331 new_dos_attributes
| FILE_ATTRIBUTE_ARCHIVE
,
2332 parent_dir
, true) == 0) {
2333 unx_mode
= smb_fname
->st
.st_ex_mode
;
2339 /* Determine sparse flag. */
2341 /* POSIX opens are sparse by default. */
2342 fsp
->is_sparse
= true;
2344 fsp
->is_sparse
= (file_existed
&&
2345 (existing_dos_attributes
& FILE_ATTRIBUTE_SPARSE
));
2349 * Take care of inherited ACLs on created files - if default ACL not
2353 if (!posix_open
&& !file_existed
&& !def_acl
) {
2355 int saved_errno
= errno
; /* We might get ENOSYS in the next
2358 if (SMB_VFS_FCHMOD_ACL(fsp
, unx_mode
) == -1 &&
2360 errno
= saved_errno
; /* Ignore ENOSYS */
2363 } else if (new_unx_mode
) {
2367 /* Attributes need changing. File already existed. */
2370 int saved_errno
= errno
; /* We might get ENOSYS in the
2372 ret
= SMB_VFS_FCHMOD_ACL(fsp
, new_unx_mode
);
2374 if (ret
== -1 && errno
== ENOSYS
) {
2375 errno
= saved_errno
; /* Ignore ENOSYS */
2377 DEBUG(5, ("open_file_ntcreate: reset "
2378 "attributes of file %s to 0%o\n",
2379 smb_fname_str_dbg(smb_fname
),
2380 (unsigned int)new_unx_mode
));
2381 ret
= 0; /* Don't do the fchmod below. */
2386 (SMB_VFS_FCHMOD(fsp
, new_unx_mode
) == -1))
2387 DEBUG(5, ("open_file_ntcreate: failed to reset "
2388 "attributes of file %s to 0%o\n",
2389 smb_fname_str_dbg(smb_fname
),
2390 (unsigned int)new_unx_mode
));
2393 /* If this is a successful open, we must remove any deferred open
2396 del_deferred_open_entry(lck
, req
->mid
,
2397 sconn_server_id(req
->sconn
));
2401 return NT_STATUS_OK
;
2405 /****************************************************************************
2406 Open a file for for write to ensure that we can fchmod it.
2407 ****************************************************************************/
2409 NTSTATUS
open_file_fchmod(connection_struct
*conn
,
2410 struct smb_filename
*smb_fname
,
2411 files_struct
**result
)
2413 if (!VALID_STAT(smb_fname
->st
)) {
2414 return NT_STATUS_INVALID_PARAMETER
;
2417 return SMB_VFS_CREATE_FILE(
2420 0, /* root_dir_fid */
2421 smb_fname
, /* fname */
2422 FILE_WRITE_DATA
, /* access_mask */
2423 (FILE_SHARE_READ
| FILE_SHARE_WRITE
| /* share_access */
2425 FILE_OPEN
, /* create_disposition*/
2426 0, /* create_options */
2427 0, /* file_attributes */
2428 INTERNAL_OPEN_ONLY
, /* oplock_request */
2429 0, /* allocation_size */
2430 0, /* private_flags */
2433 result
, /* result */
2437 static NTSTATUS
mkdir_internal(connection_struct
*conn
,
2438 struct smb_filename
*smb_dname
,
2439 uint32 file_attributes
)
2444 bool posix_open
= false;
2445 bool need_re_stat
= false;
2447 if(!CAN_WRITE(conn
)) {
2448 DEBUG(5,("mkdir_internal: failing create on read-only share "
2449 "%s\n", lp_servicename(SNUM(conn
))));
2450 return NT_STATUS_ACCESS_DENIED
;
2453 status
= check_name(conn
, smb_dname
->base_name
);
2454 if (!NT_STATUS_IS_OK(status
)) {
2458 if (!parent_dirname(talloc_tos(), smb_dname
->base_name
, &parent_dir
,
2460 return NT_STATUS_NO_MEMORY
;
2463 if (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) {
2465 mode
= (mode_t
)(file_attributes
& ~FILE_FLAG_POSIX_SEMANTICS
);
2467 mode
= unix_mode(conn
, FILE_ATTRIBUTE_DIRECTORY
, smb_dname
, parent_dir
);
2470 if (SMB_VFS_MKDIR(conn
, smb_dname
->base_name
, mode
) != 0) {
2471 return map_nt_error_from_unix(errno
);
2474 /* Ensure we're checking for a symlink here.... */
2475 /* We don't want to get caught by a symlink racer. */
2477 if (SMB_VFS_LSTAT(conn
, smb_dname
) == -1) {
2478 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2479 smb_fname_str_dbg(smb_dname
), strerror(errno
)));
2480 return map_nt_error_from_unix(errno
);
2483 if (!S_ISDIR(smb_dname
->st
.st_ex_mode
)) {
2484 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2485 smb_fname_str_dbg(smb_dname
)));
2486 return NT_STATUS_ACCESS_DENIED
;
2489 if (lp_store_dos_attributes(SNUM(conn
))) {
2491 file_set_dosmode(conn
, smb_dname
,
2492 file_attributes
| FILE_ATTRIBUTE_DIRECTORY
,
2497 if (lp_inherit_perms(SNUM(conn
))) {
2498 inherit_access_posix_acl(conn
, parent_dir
,
2499 smb_dname
->base_name
, mode
);
2500 need_re_stat
= true;
2505 * Check if high bits should have been set,
2506 * then (if bits are missing): add them.
2507 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2510 if ((mode
& ~(S_IRWXU
|S_IRWXG
|S_IRWXO
)) &&
2511 (mode
& ~smb_dname
->st
.st_ex_mode
)) {
2512 SMB_VFS_CHMOD(conn
, smb_dname
->base_name
,
2513 (smb_dname
->st
.st_ex_mode
|
2514 (mode
& ~smb_dname
->st
.st_ex_mode
)));
2515 need_re_stat
= true;
2519 /* Change the owner if required. */
2520 if (lp_inherit_owner(SNUM(conn
))) {
2521 change_dir_owner_to_parent(conn
, parent_dir
,
2522 smb_dname
->base_name
,
2524 need_re_stat
= true;
2528 if (SMB_VFS_LSTAT(conn
, smb_dname
) == -1) {
2529 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2530 smb_fname_str_dbg(smb_dname
), strerror(errno
)));
2531 return map_nt_error_from_unix(errno
);
2535 notify_fname(conn
, NOTIFY_ACTION_ADDED
, FILE_NOTIFY_CHANGE_DIR_NAME
,
2536 smb_dname
->base_name
);
2538 return NT_STATUS_OK
;
2541 /****************************************************************************
2542 Ensure we didn't get symlink raced on opening a directory.
2543 ****************************************************************************/
2545 bool check_same_stat(const SMB_STRUCT_STAT
*sbuf1
,
2546 const SMB_STRUCT_STAT
*sbuf2
)
2548 if (sbuf1
->st_ex_uid
!= sbuf2
->st_ex_uid
||
2549 sbuf1
->st_ex_gid
!= sbuf2
->st_ex_gid
||
2550 sbuf1
->st_ex_dev
!= sbuf2
->st_ex_dev
||
2551 sbuf1
->st_ex_ino
!= sbuf2
->st_ex_ino
) {
2557 /****************************************************************************
2558 Open a directory from an NT SMB call.
2559 ****************************************************************************/
2561 static NTSTATUS
open_directory(connection_struct
*conn
,
2562 struct smb_request
*req
,
2563 struct smb_filename
*smb_dname
,
2565 uint32 share_access
,
2566 uint32 create_disposition
,
2567 uint32 create_options
,
2568 uint32 file_attributes
,
2570 files_struct
**result
)
2572 files_struct
*fsp
= NULL
;
2573 bool dir_existed
= VALID_STAT(smb_dname
->st
) ? True
: False
;
2574 struct share_mode_lock
*lck
= NULL
;
2576 struct timespec mtimespec
;
2579 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname
));
2581 /* Ensure we have a directory attribute. */
2582 file_attributes
|= FILE_ATTRIBUTE_DIRECTORY
;
2584 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2585 "share_access = 0x%x create_options = 0x%x, "
2586 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2587 smb_fname_str_dbg(smb_dname
),
2588 (unsigned int)access_mask
,
2589 (unsigned int)share_access
,
2590 (unsigned int)create_options
,
2591 (unsigned int)create_disposition
,
2592 (unsigned int)file_attributes
));
2594 if (!(file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) &&
2595 (conn
->fs_capabilities
& FILE_NAMED_STREAMS
) &&
2596 is_ntfs_stream_smb_fname(smb_dname
)) {
2597 DEBUG(2, ("open_directory: %s is a stream name!\n",
2598 smb_fname_str_dbg(smb_dname
)));
2599 return NT_STATUS_NOT_A_DIRECTORY
;
2602 status
= smbd_calculate_access_mask(conn
, smb_dname
, dir_existed
,
2603 access_mask
, &access_mask
);
2604 if (!NT_STATUS_IS_OK(status
)) {
2605 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
2606 "on file %s returned %s\n",
2607 smb_fname_str_dbg(smb_dname
),
2608 nt_errstr(status
)));
2612 if ((access_mask
& SEC_FLAG_SYSTEM_SECURITY
) &&
2613 !security_token_has_privilege(get_current_nttok(conn
),
2614 SEC_PRIV_SECURITY
)) {
2615 DEBUG(10, ("open_directory: open on %s "
2616 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2617 smb_fname_str_dbg(smb_dname
)));
2618 return NT_STATUS_PRIVILEGE_NOT_HELD
;
2621 switch( create_disposition
) {
2625 return NT_STATUS_OBJECT_NAME_NOT_FOUND
;
2628 info
= FILE_WAS_OPENED
;
2633 /* If directory exists error. If directory doesn't
2636 status
= mkdir_internal(conn
, smb_dname
,
2639 if (!NT_STATUS_IS_OK(status
)) {
2640 DEBUG(2, ("open_directory: unable to create "
2641 "%s. Error was %s\n",
2642 smb_fname_str_dbg(smb_dname
),
2643 nt_errstr(status
)));
2647 info
= FILE_WAS_CREATED
;
2652 * If directory exists open. If directory doesn't
2656 status
= mkdir_internal(conn
, smb_dname
,
2659 if (NT_STATUS_IS_OK(status
)) {
2660 info
= FILE_WAS_CREATED
;
2663 if (NT_STATUS_EQUAL(status
,
2664 NT_STATUS_OBJECT_NAME_COLLISION
)) {
2665 info
= FILE_WAS_OPENED
;
2666 status
= NT_STATUS_OK
;
2670 case FILE_SUPERSEDE
:
2671 case FILE_OVERWRITE
:
2672 case FILE_OVERWRITE_IF
:
2674 DEBUG(5,("open_directory: invalid create_disposition "
2675 "0x%x for directory %s\n",
2676 (unsigned int)create_disposition
,
2677 smb_fname_str_dbg(smb_dname
)));
2678 return NT_STATUS_INVALID_PARAMETER
;
2681 if(!S_ISDIR(smb_dname
->st
.st_ex_mode
)) {
2682 DEBUG(5,("open_directory: %s is not a directory !\n",
2683 smb_fname_str_dbg(smb_dname
)));
2684 return NT_STATUS_NOT_A_DIRECTORY
;
2687 if (info
== FILE_WAS_OPENED
) {
2688 uint32_t access_granted
= 0;
2689 status
= smbd_check_open_rights(conn
, smb_dname
, access_mask
,
2692 /* Were we trying to do a directory open
2693 * for delete and didn't get DELETE
2694 * access (only) ? Check if the
2695 * directory allows DELETE_CHILD.
2697 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
2700 if ((NT_STATUS_EQUAL(status
, NT_STATUS_ACCESS_DENIED
) &&
2701 (access_mask
& DELETE_ACCESS
) &&
2702 (access_granted
== DELETE_ACCESS
) &&
2703 can_delete_file_in_directory(conn
, smb_dname
))) {
2704 DEBUG(10,("open_directory: overrode ACCESS_DENIED "
2705 "on directory %s\n",
2706 smb_fname_str_dbg(smb_dname
)));
2707 status
= NT_STATUS_OK
;
2710 if (!NT_STATUS_IS_OK(status
)) {
2711 DEBUG(10, ("open_directory: smbd_check_open_rights on "
2712 "file %s failed with %s\n",
2713 smb_fname_str_dbg(smb_dname
),
2714 nt_errstr(status
)));
2719 status
= file_new(req
, conn
, &fsp
);
2720 if(!NT_STATUS_IS_OK(status
)) {
2725 * Setup the files_struct for it.
2728 fsp
->mode
= smb_dname
->st
.st_ex_mode
;
2729 fsp
->file_id
= vfs_file_id_from_sbuf(conn
, &smb_dname
->st
);
2730 fsp
->vuid
= req
? req
->vuid
: UID_FIELD_INVALID
;
2731 fsp
->file_pid
= req
? req
->smbpid
: 0;
2732 fsp
->can_lock
= False
;
2733 fsp
->can_read
= False
;
2734 fsp
->can_write
= False
;
2736 fsp
->share_access
= share_access
;
2737 fsp
->fh
->private_options
= 0;
2739 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2741 fsp
->access_mask
= access_mask
| FILE_READ_ATTRIBUTES
;
2742 fsp
->print_file
= NULL
;
2743 fsp
->modified
= False
;
2744 fsp
->oplock_type
= NO_OPLOCK
;
2745 fsp
->sent_oplock_break
= NO_BREAK_SENT
;
2746 fsp
->is_directory
= True
;
2747 fsp
->posix_open
= (file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) ? True
: False
;
2748 status
= fsp_set_smb_fname(fsp
, smb_dname
);
2749 if (!NT_STATUS_IS_OK(status
)) {
2750 file_free(req
, fsp
);
2754 mtimespec
= smb_dname
->st
.st_ex_mtime
;
2757 status
= fd_open(conn
, fsp
, O_RDONLY
|O_DIRECTORY
, 0);
2759 /* POSIX allows us to open a directory with O_RDONLY. */
2760 status
= fd_open(conn
, fsp
, O_RDONLY
, 0);
2762 if (!NT_STATUS_IS_OK(status
)) {
2763 DEBUG(5, ("open_directory: Could not open fd for "
2765 smb_fname_str_dbg(smb_dname
),
2766 nt_errstr(status
)));
2767 file_free(req
, fsp
);
2771 status
= vfs_stat_fsp(fsp
);
2772 if (!NT_STATUS_IS_OK(status
)) {
2774 file_free(req
, fsp
);
2778 /* Ensure there was no race condition. */
2779 if (!check_same_stat(&smb_dname
->st
, &fsp
->fsp_name
->st
)) {
2780 DEBUG(5,("open_directory: stat struct differs for "
2782 smb_fname_str_dbg(smb_dname
)));
2784 file_free(req
, fsp
);
2785 return NT_STATUS_ACCESS_DENIED
;
2788 lck
= get_share_mode_lock(talloc_tos(), fsp
->file_id
,
2789 conn
->connectpath
, smb_dname
, &mtimespec
);
2792 DEBUG(0, ("open_directory: Could not get share mode lock for "
2793 "%s\n", smb_fname_str_dbg(smb_dname
)));
2795 file_free(req
, fsp
);
2796 return NT_STATUS_SHARING_VIOLATION
;
2799 status
= open_mode_check(conn
, lck
, fsp
->name_hash
,
2800 access_mask
, share_access
,
2801 create_options
, &dir_existed
);
2803 if (!NT_STATUS_IS_OK(status
)) {
2806 file_free(req
, fsp
);
2810 set_share_mode(lck
, fsp
, get_current_uid(conn
),
2811 req
? req
->mid
: 0, NO_OPLOCK
);
2813 /* For directories the delete on close bit at open time seems
2814 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2815 if (create_options
& FILE_DELETE_ON_CLOSE
) {
2816 status
= can_set_delete_on_close(fsp
, 0);
2817 if (!NT_STATUS_IS_OK(status
) && !NT_STATUS_EQUAL(status
, NT_STATUS_DIRECTORY_NOT_EMPTY
)) {
2820 file_free(req
, fsp
);
2824 if (NT_STATUS_IS_OK(status
)) {
2825 /* Note that here we set the *inital* delete on close flag,
2826 not the regular one. The magic gets handled in close. */
2827 fsp
->initial_delete_on_close
= True
;
2838 return NT_STATUS_OK
;
2841 NTSTATUS
create_directory(connection_struct
*conn
, struct smb_request
*req
,
2842 struct smb_filename
*smb_dname
)
2847 status
= SMB_VFS_CREATE_FILE(
2850 0, /* root_dir_fid */
2851 smb_dname
, /* fname */
2852 FILE_READ_ATTRIBUTES
, /* access_mask */
2853 FILE_SHARE_NONE
, /* share_access */
2854 FILE_CREATE
, /* create_disposition*/
2855 FILE_DIRECTORY_FILE
, /* create_options */
2856 FILE_ATTRIBUTE_DIRECTORY
, /* file_attributes */
2857 0, /* oplock_request */
2858 0, /* allocation_size */
2859 0, /* private_flags */
2865 if (NT_STATUS_IS_OK(status
)) {
2866 close_file(req
, fsp
, NORMAL_CLOSE
);
2872 /****************************************************************************
2873 Receive notification that one of our open files has been renamed by another
2875 ****************************************************************************/
2877 void msg_file_was_renamed(struct messaging_context
*msg
,
2880 struct server_id server_id
,
2883 struct smbd_server_connection
*sconn
;
2885 char *frm
= (char *)data
->data
;
2887 const char *sharepath
;
2888 const char *base_name
;
2889 const char *stream_name
;
2890 struct smb_filename
*smb_fname
= NULL
;
2891 size_t sp_len
, bn_len
;
2894 sconn
= msg_ctx_to_sconn(msg
);
2895 if (sconn
== NULL
) {
2896 DEBUG(1, ("could not find sconn\n"));
2900 if (data
->data
== NULL
2901 || data
->length
< MSG_FILE_RENAMED_MIN_SIZE
+ 2) {
2902 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2903 (int)data
->length
));
2907 /* Unpack the message. */
2908 pull_file_id_24(frm
, &id
);
2909 sharepath
= &frm
[24];
2910 sp_len
= strlen(sharepath
);
2911 base_name
= sharepath
+ sp_len
+ 1;
2912 bn_len
= strlen(base_name
);
2913 stream_name
= sharepath
+ sp_len
+ 1 + bn_len
+ 1;
2915 /* stream_name must always be NULL if there is no stream. */
2916 if (stream_name
[0] == '\0') {
2920 status
= create_synthetic_smb_fname(talloc_tos(), base_name
,
2921 stream_name
, NULL
, &smb_fname
);
2922 if (!NT_STATUS_IS_OK(status
)) {
2926 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2928 sharepath
, smb_fname_str_dbg(smb_fname
),
2929 file_id_string_tos(&id
)));
2931 for(fsp
= file_find_di_first(sconn
, id
); fsp
;
2932 fsp
= file_find_di_next(fsp
)) {
2933 if (memcmp(fsp
->conn
->connectpath
, sharepath
, sp_len
) == 0) {
2935 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2936 fsp
->fnum
, fsp_str_dbg(fsp
),
2937 smb_fname_str_dbg(smb_fname
)));
2938 status
= fsp_set_smb_fname(fsp
, smb_fname
);
2939 if (!NT_STATUS_IS_OK(status
)) {
2944 /* Now we have the complete path we can work out if this is
2945 actually within this share and adjust newname accordingly. */
2946 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2947 "not sharepath %s) "
2948 "fnum %d from %s -> %s\n",
2949 fsp
->conn
->connectpath
,
2953 smb_fname_str_dbg(smb_fname
)));
2957 TALLOC_FREE(smb_fname
);
2962 * If a main file is opened for delete, all streams need to be checked for
2963 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2964 * If that works, delete them all by setting the delete on close and close.
2967 NTSTATUS
open_streams_for_delete(connection_struct
*conn
,
2970 struct stream_struct
*stream_info
= NULL
;
2971 files_struct
**streams
= NULL
;
2973 unsigned int num_streams
= 0;
2974 TALLOC_CTX
*frame
= talloc_stackframe();
2977 status
= vfs_streaminfo(conn
, NULL
, fname
, talloc_tos(),
2978 &num_streams
, &stream_info
);
2980 if (NT_STATUS_EQUAL(status
, NT_STATUS_NOT_IMPLEMENTED
)
2981 || NT_STATUS_EQUAL(status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
)) {
2982 DEBUG(10, ("no streams around\n"));
2984 return NT_STATUS_OK
;
2987 if (!NT_STATUS_IS_OK(status
)) {
2988 DEBUG(10, ("vfs_streaminfo failed: %s\n",
2989 nt_errstr(status
)));
2993 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2996 if (num_streams
== 0) {
2998 return NT_STATUS_OK
;
3001 streams
= TALLOC_ARRAY(talloc_tos(), files_struct
*, num_streams
);
3002 if (streams
== NULL
) {
3003 DEBUG(0, ("talloc failed\n"));
3004 status
= NT_STATUS_NO_MEMORY
;
3008 for (i
=0; i
<num_streams
; i
++) {
3009 struct smb_filename
*smb_fname
= NULL
;
3011 if (strequal(stream_info
[i
].name
, "::$DATA")) {
3016 status
= create_synthetic_smb_fname(talloc_tos(), fname
,
3017 stream_info
[i
].name
,
3019 if (!NT_STATUS_IS_OK(status
)) {
3023 if (SMB_VFS_STAT(conn
, smb_fname
) == -1) {
3024 DEBUG(10, ("Unable to stat stream: %s\n",
3025 smb_fname_str_dbg(smb_fname
)));
3028 status
= SMB_VFS_CREATE_FILE(
3031 0, /* root_dir_fid */
3032 smb_fname
, /* fname */
3033 DELETE_ACCESS
, /* access_mask */
3034 (FILE_SHARE_READ
| /* share_access */
3035 FILE_SHARE_WRITE
| FILE_SHARE_DELETE
),
3036 FILE_OPEN
, /* create_disposition*/
3037 0, /* create_options */
3038 FILE_ATTRIBUTE_NORMAL
, /* file_attributes */
3039 0, /* oplock_request */
3040 0, /* allocation_size */
3041 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE
, /* private_flags */
3044 &streams
[i
], /* result */
3047 if (!NT_STATUS_IS_OK(status
)) {
3048 DEBUG(10, ("Could not open stream %s: %s\n",
3049 smb_fname_str_dbg(smb_fname
),
3050 nt_errstr(status
)));
3052 TALLOC_FREE(smb_fname
);
3055 TALLOC_FREE(smb_fname
);
3059 * don't touch the variable "status" beyond this point :-)
3062 for (i
-= 1 ; i
>= 0; i
--) {
3063 if (streams
[i
] == NULL
) {
3067 DEBUG(10, ("Closing stream # %d, %s\n", i
,
3068 fsp_str_dbg(streams
[i
])));
3069 close_file(NULL
, streams
[i
], NORMAL_CLOSE
);
3078 * Wrapper around open_file_ntcreate and open_directory
3081 static NTSTATUS
create_file_unixpath(connection_struct
*conn
,
3082 struct smb_request
*req
,
3083 struct smb_filename
*smb_fname
,
3084 uint32_t access_mask
,
3085 uint32_t share_access
,
3086 uint32_t create_disposition
,
3087 uint32_t create_options
,
3088 uint32_t file_attributes
,
3089 uint32_t oplock_request
,
3090 uint64_t allocation_size
,
3091 uint32_t private_flags
,
3092 struct security_descriptor
*sd
,
3093 struct ea_list
*ea_list
,
3095 files_struct
**result
,
3098 int info
= FILE_WAS_OPENED
;
3099 files_struct
*base_fsp
= NULL
;
3100 files_struct
*fsp
= NULL
;
3103 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
3104 "file_attributes = 0x%x, share_access = 0x%x, "
3105 "create_disposition = 0x%x create_options = 0x%x "
3106 "oplock_request = 0x%x private_flags = 0x%x "
3107 "ea_list = 0x%p, sd = 0x%p, "
3109 (unsigned int)access_mask
,
3110 (unsigned int)file_attributes
,
3111 (unsigned int)share_access
,
3112 (unsigned int)create_disposition
,
3113 (unsigned int)create_options
,
3114 (unsigned int)oplock_request
,
3115 (unsigned int)private_flags
,
3116 ea_list
, sd
, smb_fname_str_dbg(smb_fname
)));
3118 if (create_options
& FILE_OPEN_BY_FILE_ID
) {
3119 status
= NT_STATUS_NOT_SUPPORTED
;
3123 if (create_options
& NTCREATEX_OPTIONS_INVALID_PARAM_MASK
) {
3124 status
= NT_STATUS_INVALID_PARAMETER
;
3129 oplock_request
|= INTERNAL_OPEN_ONLY
;
3132 if ((conn
->fs_capabilities
& FILE_NAMED_STREAMS
)
3133 && (access_mask
& DELETE_ACCESS
)
3134 && !is_ntfs_stream_smb_fname(smb_fname
)) {
3136 * We can't open a file with DELETE access if any of the
3137 * streams is open without FILE_SHARE_DELETE
3139 status
= open_streams_for_delete(conn
, smb_fname
->base_name
);
3141 if (!NT_STATUS_IS_OK(status
)) {
3146 /* This is the correct thing to do (check every time) but can_delete
3147 * is expensive (it may have to read the parent directory
3148 * permissions). So for now we're not doing it unless we have a strong
3149 * hint the client is really going to delete this file. If the client
3150 * is forcing FILE_CREATE let the filesystem take care of the
3153 /* Setting FILE_SHARE_DELETE is the hint. */
3155 if ((create_disposition
!= FILE_CREATE
)
3156 && (access_mask
& DELETE_ACCESS
)
3157 && (!(can_delete_file_in_directory(conn
, smb_fname
) ||
3158 can_access_file_acl(conn
, smb_fname
, DELETE_ACCESS
)))) {
3159 status
= NT_STATUS_ACCESS_DENIED
;
3160 DEBUG(10,("create_file_unixpath: open file %s "
3161 "for delete ACCESS_DENIED\n",
3162 smb_fname_str_dbg(smb_fname
)));
3166 if ((access_mask
& SEC_FLAG_SYSTEM_SECURITY
) &&
3167 !security_token_has_privilege(get_current_nttok(conn
),
3168 SEC_PRIV_SECURITY
)) {
3169 DEBUG(10, ("create_file_unixpath: open on %s "
3170 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3171 smb_fname_str_dbg(smb_fname
)));
3172 status
= NT_STATUS_PRIVILEGE_NOT_HELD
;
3176 if ((conn
->fs_capabilities
& FILE_NAMED_STREAMS
)
3177 && is_ntfs_stream_smb_fname(smb_fname
)
3178 && (!(private_flags
& NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE
))) {
3179 uint32 base_create_disposition
;
3180 struct smb_filename
*smb_fname_base
= NULL
;
3182 if (create_options
& FILE_DIRECTORY_FILE
) {
3183 status
= NT_STATUS_NOT_A_DIRECTORY
;
3187 switch (create_disposition
) {
3189 base_create_disposition
= FILE_OPEN
;
3192 base_create_disposition
= FILE_OPEN_IF
;
3196 /* Create an smb_filename with stream_name == NULL. */
3197 status
= create_synthetic_smb_fname(talloc_tos(),
3198 smb_fname
->base_name
,
3201 if (!NT_STATUS_IS_OK(status
)) {
3205 if (SMB_VFS_STAT(conn
, smb_fname_base
) == -1) {
3206 DEBUG(10, ("Unable to stat stream: %s\n",
3207 smb_fname_str_dbg(smb_fname_base
)));
3210 /* Open the base file. */
3211 status
= create_file_unixpath(conn
, NULL
, smb_fname_base
, 0,
3214 | FILE_SHARE_DELETE
,
3215 base_create_disposition
,
3216 0, 0, 0, 0, 0, NULL
, NULL
,
3218 TALLOC_FREE(smb_fname_base
);
3220 if (!NT_STATUS_IS_OK(status
)) {
3221 DEBUG(10, ("create_file_unixpath for base %s failed: "
3222 "%s\n", smb_fname
->base_name
,
3223 nt_errstr(status
)));
3226 /* we don't need to low level fd */
3231 * If it's a request for a directory open, deal with it separately.
3234 if (create_options
& FILE_DIRECTORY_FILE
) {
3236 if (create_options
& FILE_NON_DIRECTORY_FILE
) {
3237 status
= NT_STATUS_INVALID_PARAMETER
;
3241 /* Can't open a temp directory. IFS kit test. */
3242 if (!(file_attributes
& FILE_FLAG_POSIX_SEMANTICS
) &&
3243 (file_attributes
& FILE_ATTRIBUTE_TEMPORARY
)) {
3244 status
= NT_STATUS_INVALID_PARAMETER
;
3249 * We will get a create directory here if the Win32
3250 * app specified a security descriptor in the
3251 * CreateDirectory() call.
3255 status
= open_directory(
3256 conn
, req
, smb_fname
, access_mask
, share_access
,
3257 create_disposition
, create_options
, file_attributes
,
3262 * Ordinary file case.
3265 status
= file_new(req
, conn
, &fsp
);
3266 if(!NT_STATUS_IS_OK(status
)) {
3270 status
= fsp_set_smb_fname(fsp
, smb_fname
);
3271 if (!NT_STATUS_IS_OK(status
)) {
3276 * We're opening the stream element of a base_fsp
3277 * we already opened. Set up the base_fsp pointer.
3280 fsp
->base_fsp
= base_fsp
;
3283 status
= open_file_ntcreate(conn
,
3295 if(!NT_STATUS_IS_OK(status
)) {
3296 file_free(req
, fsp
);
3300 if (NT_STATUS_EQUAL(status
, NT_STATUS_FILE_IS_A_DIRECTORY
)) {
3302 /* A stream open never opens a directory */
3305 status
= NT_STATUS_FILE_IS_A_DIRECTORY
;
3310 * Fail the open if it was explicitly a non-directory
3314 if (create_options
& FILE_NON_DIRECTORY_FILE
) {
3315 status
= NT_STATUS_FILE_IS_A_DIRECTORY
;
3320 status
= open_directory(
3321 conn
, req
, smb_fname
, access_mask
,
3322 share_access
, create_disposition
,
3323 create_options
, file_attributes
,
3328 if (!NT_STATUS_IS_OK(status
)) {
3332 fsp
->base_fsp
= base_fsp
;
3335 * According to the MS documentation, the only time the security
3336 * descriptor is applied to the opened file is iff we *created* the
3337 * file; an existing file stays the same.
3339 * Also, it seems (from observation) that you can open the file with
3340 * any access mask but you can still write the sd. We need to override
3341 * the granted access before we call set_sd
3342 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3345 if ((sd
!= NULL
) && (info
== FILE_WAS_CREATED
)
3346 && lp_nt_acl_support(SNUM(conn
))) {
3348 uint32_t sec_info_sent
;
3349 uint32_t saved_access_mask
= fsp
->access_mask
;
3351 sec_info_sent
= get_sec_info(sd
);
3353 fsp
->access_mask
= FILE_GENERIC_ALL
;
3355 /* Convert all the generic bits. */
3356 security_acl_map_generic(sd
->dacl
, &file_generic_mapping
);
3357 security_acl_map_generic(sd
->sacl
, &file_generic_mapping
);
3359 if (sec_info_sent
& (SECINFO_OWNER
|
3363 status
= SMB_VFS_FSET_NT_ACL(fsp
, sec_info_sent
, sd
);
3366 fsp
->access_mask
= saved_access_mask
;
3368 if (!NT_STATUS_IS_OK(status
)) {
3373 if ((ea_list
!= NULL
) &&
3374 ((info
== FILE_WAS_CREATED
) || (info
== FILE_WAS_OVERWRITTEN
))) {
3375 status
= set_ea(conn
, fsp
, fsp
->fsp_name
, ea_list
);
3376 if (!NT_STATUS_IS_OK(status
)) {
3381 if (!fsp
->is_directory
&& S_ISDIR(fsp
->fsp_name
->st
.st_ex_mode
)) {
3382 status
= NT_STATUS_ACCESS_DENIED
;
3386 /* Save the requested allocation size. */
3387 if ((info
== FILE_WAS_CREATED
) || (info
== FILE_WAS_OVERWRITTEN
)) {
3389 && (allocation_size
> fsp
->fsp_name
->st
.st_ex_size
)) {
3390 fsp
->initial_allocation_size
= smb_roundup(
3391 fsp
->conn
, allocation_size
);
3392 if (fsp
->is_directory
) {
3393 /* Can't set allocation size on a directory. */
3394 status
= NT_STATUS_ACCESS_DENIED
;
3397 if (vfs_allocate_file_space(
3398 fsp
, fsp
->initial_allocation_size
) == -1) {
3399 status
= NT_STATUS_DISK_FULL
;
3403 fsp
->initial_allocation_size
= smb_roundup(
3404 fsp
->conn
, (uint64_t)fsp
->fsp_name
->st
.st_ex_size
);
3408 DEBUG(10, ("create_file_unixpath: info=%d\n", info
));
3411 if (pinfo
!= NULL
) {
3415 smb_fname
->st
= fsp
->fsp_name
->st
;
3417 return NT_STATUS_OK
;
3420 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status
)));
3423 if (base_fsp
&& fsp
->base_fsp
== base_fsp
) {
3425 * The close_file below will close
3430 close_file(req
, fsp
, ERROR_CLOSE
);
3433 if (base_fsp
!= NULL
) {
3434 close_file(req
, base_fsp
, ERROR_CLOSE
);
3441 * Calculate the full path name given a relative fid.
3443 NTSTATUS
get_relative_fid_filename(connection_struct
*conn
,
3444 struct smb_request
*req
,
3445 uint16_t root_dir_fid
,
3446 const struct smb_filename
*smb_fname
,
3447 struct smb_filename
**smb_fname_out
)
3449 files_struct
*dir_fsp
;
3450 char *parent_fname
= NULL
;
3451 char *new_base_name
= NULL
;
3454 if (root_dir_fid
== 0 || !smb_fname
) {
3455 status
= NT_STATUS_INTERNAL_ERROR
;
3459 dir_fsp
= file_fsp(req
, root_dir_fid
);
3461 if (dir_fsp
== NULL
) {
3462 status
= NT_STATUS_INVALID_HANDLE
;
3466 if (is_ntfs_stream_smb_fname(dir_fsp
->fsp_name
)) {
3467 status
= NT_STATUS_INVALID_HANDLE
;
3471 if (!dir_fsp
->is_directory
) {
3474 * Check to see if this is a mac fork of some kind.
3477 if ((conn
->fs_capabilities
& FILE_NAMED_STREAMS
) &&
3478 is_ntfs_stream_smb_fname(smb_fname
)) {
3479 status
= NT_STATUS_OBJECT_PATH_NOT_FOUND
;
3484 we need to handle the case when we get a
3485 relative open relative to a file and the
3486 pathname is blank - this is a reopen!
3487 (hint from demyn plantenberg)
3490 status
= NT_STATUS_INVALID_HANDLE
;
3494 if (ISDOT(dir_fsp
->fsp_name
->base_name
)) {
3496 * We're at the toplevel dir, the final file name
3497 * must not contain ./, as this is filtered out
3498 * normally by srvstr_get_path and unix_convert
3499 * explicitly rejects paths containing ./.
3501 parent_fname
= talloc_strdup(talloc_tos(), "");
3502 if (parent_fname
== NULL
) {
3503 status
= NT_STATUS_NO_MEMORY
;
3507 size_t dir_name_len
= strlen(dir_fsp
->fsp_name
->base_name
);
3510 * Copy in the base directory name.
3513 parent_fname
= TALLOC_ARRAY(talloc_tos(), char,
3515 if (parent_fname
== NULL
) {
3516 status
= NT_STATUS_NO_MEMORY
;
3519 memcpy(parent_fname
, dir_fsp
->fsp_name
->base_name
,
3523 * Ensure it ends in a '/'.
3524 * We used TALLOC_SIZE +2 to add space for the '/'.
3528 && (parent_fname
[dir_name_len
-1] != '\\')
3529 && (parent_fname
[dir_name_len
-1] != '/')) {
3530 parent_fname
[dir_name_len
] = '/';
3531 parent_fname
[dir_name_len
+1] = '\0';
3535 new_base_name
= talloc_asprintf(talloc_tos(), "%s%s", parent_fname
,
3536 smb_fname
->base_name
);
3537 if (new_base_name
== NULL
) {
3538 status
= NT_STATUS_NO_MEMORY
;
3542 status
= filename_convert(req
,
3544 req
->flags2
& FLAGS2_DFS_PATHNAMES
,
3549 if (!NT_STATUS_IS_OK(status
)) {
3554 TALLOC_FREE(parent_fname
);
3555 TALLOC_FREE(new_base_name
);
3559 NTSTATUS
create_file_default(connection_struct
*conn
,
3560 struct smb_request
*req
,
3561 uint16_t root_dir_fid
,
3562 struct smb_filename
*smb_fname
,
3563 uint32_t access_mask
,
3564 uint32_t share_access
,
3565 uint32_t create_disposition
,
3566 uint32_t create_options
,
3567 uint32_t file_attributes
,
3568 uint32_t oplock_request
,
3569 uint64_t allocation_size
,
3570 uint32_t private_flags
,
3571 struct security_descriptor
*sd
,
3572 struct ea_list
*ea_list
,
3573 files_struct
**result
,
3576 int info
= FILE_WAS_OPENED
;
3577 files_struct
*fsp
= NULL
;
3579 bool stream_name
= false;
3581 DEBUG(10,("create_file: access_mask = 0x%x "
3582 "file_attributes = 0x%x, share_access = 0x%x, "
3583 "create_disposition = 0x%x create_options = 0x%x "
3584 "oplock_request = 0x%x "
3585 "private_flags = 0x%x "
3586 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3588 (unsigned int)access_mask
,
3589 (unsigned int)file_attributes
,
3590 (unsigned int)share_access
,
3591 (unsigned int)create_disposition
,
3592 (unsigned int)create_options
,
3593 (unsigned int)oplock_request
,
3594 (unsigned int)private_flags
,
3595 (unsigned int)root_dir_fid
,
3596 ea_list
, sd
, smb_fname_str_dbg(smb_fname
)));
3599 * Calculate the filename from the root_dir_if if necessary.
3602 if (root_dir_fid
!= 0) {
3603 struct smb_filename
*smb_fname_out
= NULL
;
3604 status
= get_relative_fid_filename(conn
, req
, root_dir_fid
,
3605 smb_fname
, &smb_fname_out
);
3606 if (!NT_STATUS_IS_OK(status
)) {
3609 smb_fname
= smb_fname_out
;
3613 * Check to see if this is a mac fork of some kind.
3616 stream_name
= is_ntfs_stream_smb_fname(smb_fname
);
3618 enum FAKE_FILE_TYPE fake_file_type
;
3620 fake_file_type
= is_fake_file(smb_fname
);
3622 if (fake_file_type
!= FAKE_FILE_TYPE_NONE
) {
3625 * Here we go! support for changing the disk quotas
3628 * We need to fake up to open this MAGIC QUOTA file
3629 * and return a valid FID.
3631 * w2k close this file directly after openening xp
3632 * also tries a QUERY_FILE_INFO on the file and then
3635 status
= open_fake_file(req
, conn
, req
->vuid
,
3636 fake_file_type
, smb_fname
,
3638 if (!NT_STATUS_IS_OK(status
)) {
3642 ZERO_STRUCT(smb_fname
->st
);
3646 if (!(conn
->fs_capabilities
& FILE_NAMED_STREAMS
)) {
3647 status
= NT_STATUS_OBJECT_NAME_NOT_FOUND
;
3652 /* All file access must go through check_name() */
3654 status
= check_name(conn
, smb_fname
->base_name
);
3655 if (!NT_STATUS_IS_OK(status
)) {
3659 if (stream_name
&& is_ntfs_default_stream_smb_fname(smb_fname
)) {
3661 smb_fname
->stream_name
= NULL
;
3662 /* We have to handle this error here. */
3663 if (create_options
& FILE_DIRECTORY_FILE
) {
3664 status
= NT_STATUS_NOT_A_DIRECTORY
;
3667 if (lp_posix_pathnames()) {
3668 ret
= SMB_VFS_LSTAT(conn
, smb_fname
);
3670 ret
= SMB_VFS_STAT(conn
, smb_fname
);
3673 if (ret
== 0 && VALID_STAT_OF_DIR(smb_fname
->st
)) {
3674 status
= NT_STATUS_FILE_IS_A_DIRECTORY
;
3679 status
= create_file_unixpath(
3680 conn
, req
, smb_fname
, access_mask
, share_access
,
3681 create_disposition
, create_options
, file_attributes
,
3682 oplock_request
, allocation_size
, private_flags
,
3686 if (!NT_STATUS_IS_OK(status
)) {
3691 DEBUG(10, ("create_file: info=%d\n", info
));
3694 if (pinfo
!= NULL
) {
3697 return NT_STATUS_OK
;
3700 DEBUG(10, ("create_file: %s\n", nt_errstr(status
)));
3703 close_file(req
, fsp
, ERROR_CLOSE
);