search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix some C++ warnings
[Samba.git] / source / smbd / open.c
bloba465695c1cb8f876be96b6834d433373f4164aed
1 /*
2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23
24 extern const struct generic_mapping file_generic_mapping;
25 extern bool global_client_failed_oplock_break;
26
27 struct deferred_open_record {
28 bool delayed_for_oplocks;
29 struct file_id id;
30 };
31
32 /****************************************************************************
33 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
34 ****************************************************************************/
35
36 NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
37 const NT_USER_TOKEN *token,
38 uint32_t access_desired,
39 uint32_t *access_granted)
40 {
41 return se_access_check(sd,
42 token,
43 (access_desired & ~FILE_READ_ATTRIBUTES),
44 access_granted);
45 }
46
47 /****************************************************************************
48 Check if we have open rights.
49 ****************************************************************************/
50
51 static NTSTATUS check_open_rights(struct connection_struct *conn,
52 const char *fname,
53 uint32_t access_mask)
54 {
55 /* Check if we have rights to open. */
56 NTSTATUS status;
57 uint32_t access_granted = 0;
58 struct security_descriptor *sd;
59
60 status = SMB_VFS_GET_NT_ACL(conn, fname,
61 (OWNER_SECURITY_INFORMATION |
62 GROUP_SECURITY_INFORMATION |
63 DACL_SECURITY_INFORMATION),&sd);
64
65 if (!NT_STATUS_IS_OK(status)) {
66 DEBUG(10, ("check_open_rights: Could not get acl "
67 "on %s: %s\n",
68 fname,
69 nt_errstr(status)));
70 return status;
71 }
72
73 status = smb1_file_se_access_check(sd,
74 conn->server_info->ptok,
75 access_mask,
76 &access_granted);
77
78 TALLOC_FREE(sd);
79 return status;
80 }
81
82 /****************************************************************************
83 fd support routines - attempt to do a dos_open.
84 ****************************************************************************/
85
86 static NTSTATUS fd_open(struct connection_struct *conn,
87 const char *fname,
88 files_struct *fsp,
89 int flags,
90 mode_t mode)
91 {
92 NTSTATUS status = NT_STATUS_OK;
93
94 #ifdef O_NOFOLLOW
95 /*
96 * Never follow symlinks on a POSIX client. The
97 * client should be doing this.
98 */
99
100 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
101 flags |= O_NOFOLLOW;
102 }
103 #endif
104
105 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
106 if (fsp->fh->fd == -1) {
107 status = map_nt_error_from_unix(errno);
108 }
109
110 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
111 fname, flags, (int)mode, fsp->fh->fd,
112 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
113
114 return status;
115 }
116
117 /****************************************************************************
118 Close the file associated with a fsp.
119 ****************************************************************************/
120
121 NTSTATUS fd_close(files_struct *fsp)
122 {
123 int ret;
124
125 if (fsp->fh->fd == -1) {
126 return NT_STATUS_OK; /* What we used to call a stat open. */
127 }
128 if (fsp->fh->ref_count > 1) {
129 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
130 }
131
132 ret = SMB_VFS_CLOSE(fsp);
133 fsp->fh->fd = -1;
134 if (ret == -1) {
135 return map_nt_error_from_unix(errno);
136 }
137 return NT_STATUS_OK;
138 }
139
140 /****************************************************************************
141 Change the ownership of a file to that of the parent directory.
142 Do this by fd if possible.
143 ****************************************************************************/
144
145 static void change_file_owner_to_parent(connection_struct *conn,
146 const char *inherit_from_dir,
147 files_struct *fsp)
148 {
149 SMB_STRUCT_STAT parent_st;
150 int ret;
151
152 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
153 if (ret == -1) {
154 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
155 "directory %s. Error was %s\n",
156 inherit_from_dir, strerror(errno) ));
157 return;
158 }
159
160 become_root();
161 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
162 unbecome_root();
163 if (ret == -1) {
164 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
165 "file %s to parent directory uid %u. Error "
166 "was %s\n", fsp->fsp_name,
167 (unsigned int)parent_st.st_uid,
168 strerror(errno) ));
169 }
170
171 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
172 "parent directory uid %u.\n", fsp->fsp_name,
173 (unsigned int)parent_st.st_uid ));
174 }
175
176 static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
177 const char *inherit_from_dir,
178 const char *fname,
179 SMB_STRUCT_STAT *psbuf)
180 {
181 char *saved_dir = NULL;
182 SMB_STRUCT_STAT sbuf;
183 SMB_STRUCT_STAT parent_st;
184 TALLOC_CTX *ctx = talloc_tos();
185 NTSTATUS status = NT_STATUS_OK;
186 int ret;
187
188 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
189 if (ret == -1) {
190 status = map_nt_error_from_unix(errno);
191 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
192 "directory %s. Error was %s\n",
193 inherit_from_dir, strerror(errno) ));
194 return status;
195 }
196
197 /* We've already done an lstat into psbuf, and we know it's a
198 directory. If we can cd into the directory and the dev/ino
199 are the same then we can safely chown without races as
200 we're locking the directory in place by being in it. This
201 should work on any UNIX (thanks tridge :-). JRA.
202 */
203
204 saved_dir = vfs_GetWd(ctx,conn);
205 if (!saved_dir) {
206 status = map_nt_error_from_unix(errno);
207 DEBUG(0,("change_dir_owner_to_parent: failed to get "
208 "current working directory. Error was %s\n",
209 strerror(errno)));
210 return status;
211 }
212
213 /* Chdir into the new path. */
214 if (vfs_ChDir(conn, fname) == -1) {
215 status = map_nt_error_from_unix(errno);
216 DEBUG(0,("change_dir_owner_to_parent: failed to change "
217 "current working directory to %s. Error "
218 "was %s\n", fname, strerror(errno) ));
219 goto out;
220 }
221
222 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
223 status = map_nt_error_from_unix(errno);
224 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
225 "directory '.' (%s) Error was %s\n",
226 fname, strerror(errno)));
227 goto out;
228 }
229
230 /* Ensure we're pointing at the same place. */
231 if (sbuf.st_dev != psbuf->st_dev ||
232 sbuf.st_ino != psbuf->st_ino ||
233 sbuf.st_mode != psbuf->st_mode ) {
234 DEBUG(0,("change_dir_owner_to_parent: "
235 "device/inode/mode on directory %s changed. "
236 "Refusing to chown !\n", fname ));
237 status = NT_STATUS_ACCESS_DENIED;
238 goto out;
239 }
240
241 become_root();
242 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
243 unbecome_root();
244 if (ret == -1) {
245 status = map_nt_error_from_unix(errno);
246 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
247 "directory %s to parent directory uid %u. "
248 "Error was %s\n", fname,
249 (unsigned int)parent_st.st_uid, strerror(errno) ));
250 goto out;
251 }
252
253 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
254 "directory %s to parent directory uid %u.\n",
255 fname, (unsigned int)parent_st.st_uid ));
256
257 out:
258
259 vfs_ChDir(conn,saved_dir);
260 return status;
261 }
262
263 /****************************************************************************
264 Open a file.
265 ****************************************************************************/
266
267 static NTSTATUS open_file(files_struct *fsp,
268 connection_struct *conn,
269 struct smb_request *req,
270 const char *parent_dir,
271 const char *name,
272 const char *path,
273 SMB_STRUCT_STAT *psbuf,
274 int flags,
275 mode_t unx_mode,
276 uint32 access_mask, /* client requested access mask. */
277 uint32 open_access_mask) /* what we're actually using in the open. */
278 {
279 NTSTATUS status = NT_STATUS_OK;
280 int accmode = (flags & O_ACCMODE);
281 int local_flags = flags;
282 bool file_existed = VALID_STAT(*psbuf);
283
284 fsp->fh->fd = -1;
285 errno = EPERM;
286
287 /* Check permissions */
288
289 /*
290 * This code was changed after seeing a client open request
291 * containing the open mode of (DENY_WRITE/read-only) with
292 * the 'create if not exist' bit set. The previous code
293 * would fail to open the file read only on a read-only share
294 * as it was checking the flags parameter directly against O_RDONLY,
295 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
296 * JRA.
297 */
298
299 if (!CAN_WRITE(conn)) {
300 /* It's a read-only share - fail if we wanted to write. */
301 if(accmode != O_RDONLY) {
302 DEBUG(3,("Permission denied opening %s\n", path));
303 return NT_STATUS_ACCESS_DENIED;
304 } else if(flags & O_CREAT) {
305 /* We don't want to write - but we must make sure that
306 O_CREAT doesn't create the file if we have write
307 access into the directory.
308 */
309 flags &= ~O_CREAT;
310 local_flags &= ~O_CREAT;
311 }
312 }
313
314 /*
315 * This little piece of insanity is inspired by the
316 * fact that an NT client can open a file for O_RDONLY,
317 * but set the create disposition to FILE_EXISTS_TRUNCATE.
318 * If the client *can* write to the file, then it expects to
319 * truncate the file, even though it is opening for readonly.
320 * Quicken uses this stupid trick in backup file creation...
321 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
322 * for helping track this one down. It didn't bite us in 2.0.x
323 * as we always opened files read-write in that release. JRA.
324 */
325
326 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
327 DEBUG(10,("open_file: truncate requested on read-only open "
328 "for file %s\n", path));
329 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
330 }
331
332 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
333 (!file_existed && (local_flags & O_CREAT)) ||
334 ((local_flags & O_TRUNC) == O_TRUNC) ) {
335 const char *wild;
336
337 /*
338 * We can't actually truncate here as the file may be locked.
339 * open_file_ntcreate will take care of the truncate later. JRA.
340 */
341
342 local_flags &= ~O_TRUNC;
343
344 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
345 /*
346 * We would block on opening a FIFO with no one else on the
347 * other end. Do what we used to do and add O_NONBLOCK to the
348 * open flags. JRA.
349 */
350
351 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
352 local_flags |= O_NONBLOCK;
353 }
354 #endif
355
356 /* Don't create files with Microsoft wildcard characters. */
357 if (fsp->base_fsp) {
358 /*
359 * wildcard characters are allowed in stream names
360 * only test the basefilename
361 */
362 wild = fsp->base_fsp->fsp_name;
363 } else {
364 wild = path;
365 }
366 if ((local_flags & O_CREAT) && !file_existed &&
367 ms_has_wild(wild)) {
368 return NT_STATUS_OBJECT_NAME_INVALID;
369 }
370
371 /* Actually do the open */
372 status = fd_open(conn, path, fsp, local_flags, unx_mode);
373 if (!NT_STATUS_IS_OK(status)) {
374 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
375 "(flags=%d)\n",
376 path,nt_errstr(status),local_flags,flags));
377 return status;
378 }
379
380 if ((local_flags & O_CREAT) && !file_existed) {
381
382 /* Inherit the ACL if required */
383 if (lp_inherit_perms(SNUM(conn))) {
384 inherit_access_posix_acl(conn, parent_dir, path,
385 unx_mode);
386 }
387
388 /* Change the owner if required. */
389 if (lp_inherit_owner(SNUM(conn))) {
390 change_file_owner_to_parent(conn, parent_dir,
391 fsp);
392 }
393
394 notify_fname(conn, NOTIFY_ACTION_ADDED,
395 FILE_NOTIFY_CHANGE_FILE_NAME, path);
396 }
397
398 } else {
399 fsp->fh->fd = -1; /* What we used to call a stat open. */
400 if (file_existed) {
401 status = check_open_rights(conn,
402 path,
403 access_mask);
404 if (!NT_STATUS_IS_OK(status)) {
405 DEBUG(10, ("open_file: Access denied on "
406 "file %s\n",
407 path));
408 return status;
409 }
410 }
411 }
412
413 if (!file_existed) {
414 int ret;
415
416 if (fsp->fh->fd == -1) {
417 ret = SMB_VFS_STAT(conn, path, psbuf);
418 } else {
419 ret = SMB_VFS_FSTAT(fsp, psbuf);
420 /* If we have an fd, this stat should succeed. */
421 if (ret == -1) {
422 DEBUG(0,("Error doing fstat on open file %s "
423 "(%s)\n", path,strerror(errno) ));
424 }
425 }
426
427 /* For a non-io open, this stat failing means file not found. JRA */
428 if (ret == -1) {
429 status = map_nt_error_from_unix(errno);
430 fd_close(fsp);
431 return status;
432 }
433 }
434
435 /*
436 * POSIX allows read-only opens of directories. We don't
437 * want to do this (we use a different code path for this)
438 * so catch a directory open and return an EISDIR. JRA.
439 */
440
441 if(S_ISDIR(psbuf->st_mode)) {
442 fd_close(fsp);
443 errno = EISDIR;
444 return NT_STATUS_FILE_IS_A_DIRECTORY;
445 }
446
447 fsp->mode = psbuf->st_mode;
448 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
449 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
450 fsp->file_pid = req ? req->smbpid : 0;
451 fsp->can_lock = True;
452 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
453 if (!CAN_WRITE(conn)) {
454 fsp->can_write = False;
455 } else {
456 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
457 True : False;
458 }
459 fsp->print_file = False;
460 fsp->modified = False;
461 fsp->sent_oplock_break = NO_BREAK_SENT;
462 fsp->is_directory = False;
463 if (conn->aio_write_behind_list &&
464 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
465 fsp->aio_write_behind = True;
466 }
467
468 string_set(&fsp->fsp_name, path);
469 fsp->wcp = NULL; /* Write cache pointer. */
470
471 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
472 conn->server_info->unix_name,
473 fsp->fsp_name,
474 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
475 conn->num_files_open));
476
477 errno = 0;
478 return NT_STATUS_OK;
479 }
480
481 /*******************************************************************
482 Return True if the filename is one of the special executable types.
483 ********************************************************************/
484
485 static bool is_executable(const char *fname)
486 {
487 if ((fname = strrchr_m(fname,'.'))) {
488 if (strequal(fname,".com") ||
489 strequal(fname,".dll") ||
490 strequal(fname,".exe") ||
491 strequal(fname,".sym")) {
492 return True;
493 }
494 }
495 return False;
496 }
497
498 /****************************************************************************
499 Check if we can open a file with a share mode.
500 Returns True if conflict, False if not.
501 ****************************************************************************/
502
503 static bool share_conflict(struct share_mode_entry *entry,
504 uint32 access_mask,
505 uint32 share_access)
506 {
507 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
508 "entry->share_access = 0x%x, "
509 "entry->private_options = 0x%x\n",
510 (unsigned int)entry->access_mask,
511 (unsigned int)entry->share_access,
512 (unsigned int)entry->private_options));
513
514 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
515 (unsigned int)access_mask, (unsigned int)share_access));
516
517 if ((entry->access_mask & (FILE_WRITE_DATA|
518 FILE_APPEND_DATA|
519 FILE_READ_DATA|
520 FILE_EXECUTE|
521 DELETE_ACCESS)) == 0) {
522 DEBUG(10,("share_conflict: No conflict due to "
523 "entry->access_mask = 0x%x\n",
524 (unsigned int)entry->access_mask ));
525 return False;
526 }
527
528 if ((access_mask & (FILE_WRITE_DATA|
529 FILE_APPEND_DATA|
530 FILE_READ_DATA|
531 FILE_EXECUTE|
532 DELETE_ACCESS)) == 0) {
533 DEBUG(10,("share_conflict: No conflict due to "
534 "access_mask = 0x%x\n",
535 (unsigned int)access_mask ));
536 return False;
537 }
538
539 #if 1 /* JRA TEST - Superdebug. */
540 #define CHECK_MASK(num, am, right, sa, share) \
541 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
542 (unsigned int)(num), (unsigned int)(am), \
543 (unsigned int)(right), (unsigned int)(am)&(right) )); \
544 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
545 (unsigned int)(num), (unsigned int)(sa), \
546 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
547 if (((am) & (right)) && !((sa) & (share))) { \
548 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
549 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
550 (unsigned int)(share) )); \
551 return True; \
552 }
553 #else
554 #define CHECK_MASK(num, am, right, sa, share) \
555 if (((am) & (right)) && !((sa) & (share))) { \
556 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
557 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
558 (unsigned int)(share) )); \
559 return True; \
560 }
561 #endif
562
563 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
564 share_access, FILE_SHARE_WRITE);
565 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
566 entry->share_access, FILE_SHARE_WRITE);
567
568 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
569 share_access, FILE_SHARE_READ);
570 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
571 entry->share_access, FILE_SHARE_READ);
572
573 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
574 share_access, FILE_SHARE_DELETE);
575 CHECK_MASK(6, access_mask, DELETE_ACCESS,
576 entry->share_access, FILE_SHARE_DELETE);
577
578 DEBUG(10,("share_conflict: No conflict.\n"));
579 return False;
580 }
581
582 #if defined(DEVELOPER)
583 static void validate_my_share_entries(int num,
584 struct share_mode_entry *share_entry)
585 {
586 files_struct *fsp;
587
588 if (!procid_is_me(&share_entry->pid)) {
589 return;
590 }
591
592 if (is_deferred_open_entry(share_entry) &&
593 !open_was_deferred(share_entry->op_mid)) {
594 char *str = talloc_asprintf(talloc_tos(),
595 "Got a deferred entry without a request: "
596 "PANIC: %s\n",
597 share_mode_str(talloc_tos(), num, share_entry));
598 smb_panic(str);
599 }
600
601 if (!is_valid_share_mode_entry(share_entry)) {
602 return;
603 }
604
605 fsp = file_find_dif(share_entry->id,
606 share_entry->share_file_id);
607 if (!fsp) {
608 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
609 share_mode_str(talloc_tos(), num, share_entry) ));
610 smb_panic("validate_my_share_entries: Cannot match a "
611 "share entry with an open file\n");
612 }
613
614 if (is_deferred_open_entry(share_entry) ||
615 is_unused_share_mode_entry(share_entry)) {
616 goto panic;
617 }
618
619 if ((share_entry->op_type == NO_OPLOCK) &&
620 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
621 /* Someone has already written to it, but I haven't yet
622 * noticed */
623 return;
624 }
625
626 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
627 goto panic;
628 }
629
630 return;
631
632 panic:
633 {
634 char *str;
635 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
636 share_mode_str(talloc_tos(), num, share_entry) ));
637 str = talloc_asprintf(talloc_tos(),
638 "validate_my_share_entries: "
639 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
640 fsp->fsp_name, (unsigned int)fsp->oplock_type,
641 (unsigned int)share_entry->op_type );
642 smb_panic(str);
643 }
644 }
645 #endif
646
647 static bool is_stat_open(uint32 access_mask)
648 {
649 return (access_mask &&
650 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
651 FILE_WRITE_ATTRIBUTES))==0) &&
652 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
653 FILE_WRITE_ATTRIBUTES)) != 0));
654 }
655
656 /****************************************************************************
657 Deal with share modes
658 Invarient: Share mode must be locked on entry and exit.
659 Returns -1 on error, or number of share modes on success (may be zero).
660 ****************************************************************************/
661
662 static NTSTATUS open_mode_check(connection_struct *conn,
663 const char *fname,
664 struct share_mode_lock *lck,
665 uint32 access_mask,
666 uint32 share_access,
667 uint32 create_options,
668 bool *file_existed)
669 {
670 int i;
671
672 if(lck->num_share_modes == 0) {
673 return NT_STATUS_OK;
674 }
675
676 *file_existed = True;
677
678 /* A delete on close prohibits everything */
679
680 if (lck->delete_on_close) {
681 return NT_STATUS_DELETE_PENDING;
682 }
683
684 if (is_stat_open(access_mask)) {
685 /* Stat open that doesn't trigger oplock breaks or share mode
686 * checks... ! JRA. */
687 return NT_STATUS_OK;
688 }
689
690 /*
691 * Check if the share modes will give us access.
692 */
693
694 #if defined(DEVELOPER)
695 for(i = 0; i < lck->num_share_modes; i++) {
696 validate_my_share_entries(i, &lck->share_modes[i]);
697 }
698 #endif
699
700 if (!lp_share_modes(SNUM(conn))) {
701 return NT_STATUS_OK;
702 }
703
704 /* Now we check the share modes, after any oplock breaks. */
705 for(i = 0; i < lck->num_share_modes; i++) {
706
707 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
708 continue;
709 }
710
711 /* someone else has a share lock on it, check to see if we can
712 * too */
713 if (share_conflict(&lck->share_modes[i],
714 access_mask, share_access)) {
715 return NT_STATUS_SHARING_VIOLATION;
716 }
717 }
718
719 return NT_STATUS_OK;
720 }
721
722 static bool is_delete_request(files_struct *fsp) {
723 return ((fsp->access_mask == DELETE_ACCESS) &&
724 (fsp->oplock_type == NO_OPLOCK));
725 }
726
727 /*
728 * Send a break message to the oplock holder and delay the open for
729 * our client.
730 */
731
732 static NTSTATUS send_break_message(files_struct *fsp,
733 struct share_mode_entry *exclusive,
734 uint16 mid,
735 int oplock_request)
736 {
737 NTSTATUS status;
738 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
739
740 DEBUG(10, ("Sending break request to PID %s\n",
741 procid_str_static(&exclusive->pid)));
742 exclusive->op_mid = mid;
743
744 /* Create the message. */
745 share_mode_entry_to_message(msg, exclusive);
746
747 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
748 don't want this set in the share mode struct pointed to by lck. */
749
750 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
751 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
752 }
753
754 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
755 MSG_SMB_BREAK_REQUEST,
756 (uint8 *)msg,
757 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
758 if (!NT_STATUS_IS_OK(status)) {
759 DEBUG(3, ("Could not send oplock break message: %s\n",
760 nt_errstr(status)));
761 }
762
763 return status;
764 }
765
766 /*
767 * 1) No files open at all or internal open: Grant whatever the client wants.
768 *
769 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
770 * request, break if the oplock around is a batch oplock. If it's another
771 * requested access type, break.
772 *
773 * 3) Only level2 around: Grant level2 and do nothing else.
774 */
775
776 static bool delay_for_oplocks(struct share_mode_lock *lck,
777 files_struct *fsp,
778 uint16 mid,
779 int pass_number,
780 int oplock_request)
781 {
782 extern uint32 global_client_caps;
783 int i;
784 struct share_mode_entry *exclusive = NULL;
785 bool valid_entry = false;
786 bool have_level2 = false;
787 bool have_a_none_oplock = false;
788 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
789 lp_level2_oplocks(SNUM(fsp->conn));
790
791 if (oplock_request & INTERNAL_OPEN_ONLY) {
792 fsp->oplock_type = NO_OPLOCK;
793 }
794
795 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
796 return false;
797 }
798
799 for (i=0; i<lck->num_share_modes; i++) {
800
801 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
802 continue;
803 }
804
805 /* At least one entry is not an invalid or deferred entry. */
806 valid_entry = true;
807
808 if (pass_number == 1) {
809 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
810 SMB_ASSERT(exclusive == NULL);
811 exclusive = &lck->share_modes[i];
812 }
813 } else {
814 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
815 SMB_ASSERT(exclusive == NULL);
816 exclusive = &lck->share_modes[i];
817 }
818 }
819
820 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
821 SMB_ASSERT(exclusive == NULL);
822 have_level2 = true;
823 }
824
825 if (lck->share_modes[i].op_type == NO_OPLOCK) {
826 have_a_none_oplock = true;
827 }
828 }
829
830 if (exclusive != NULL) { /* Found an exclusive oplock */
831 bool delay_it = is_delete_request(fsp) ?
832 BATCH_OPLOCK_TYPE(exclusive->op_type) : true;
833 SMB_ASSERT(!have_level2);
834 if (delay_it) {
835 send_break_message(fsp, exclusive, mid, oplock_request);
836 return true;
837 }
838 }
839
840 /*
841 * Match what was requested (fsp->oplock_type) with
842 * what was found in the existing share modes.
843 */
844
845 if (!valid_entry) {
846 /* All entries are placeholders or deferred.
847 * Directly grant whatever the client wants. */
848 if (fsp->oplock_type == NO_OPLOCK) {
849 /* Store a level2 oplock, but don't tell the client */
850 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
851 }
852 } else if (have_a_none_oplock) {
853 fsp->oplock_type = NO_OPLOCK;
854 } else if (have_level2) {
855 if (fsp->oplock_type == NO_OPLOCK ||
856 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
857 /* Store a level2 oplock, but don't tell the client */
858 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
859 } else {
860 fsp->oplock_type = LEVEL_II_OPLOCK;
861 }
862 } else {
863 /* This case can never happen. */
864 SMB_ASSERT(1);
865 }
866
867 /*
868 * Don't grant level2 to clients that don't want them
869 * or if we've turned them off.
870 */
871 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
872 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
873 }
874
875 DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n",
876 fsp->oplock_type, fsp->fsp_name));
877
878 /* No delay. */
879 return false;
880 }
881
882 static bool request_timed_out(struct timeval request_time,
883 struct timeval timeout)
884 {
885 struct timeval now, end_time;
886 GetTimeOfDay(&now);
887 end_time = timeval_sum(&request_time, &timeout);
888 return (timeval_compare(&end_time, &now) < 0);
889 }
890
891 /****************************************************************************
892 Handle the 1 second delay in returning a SHARING_VIOLATION error.
893 ****************************************************************************/
894
895 static void defer_open(struct share_mode_lock *lck,
896 struct timeval request_time,
897 struct timeval timeout,
898 struct smb_request *req,
899 struct deferred_open_record *state)
900 {
901 int i;
902
903 /* Paranoia check */
904
905 for (i=0; i<lck->num_share_modes; i++) {
906 struct share_mode_entry *e = &lck->share_modes[i];
907
908 if (!is_deferred_open_entry(e)) {
909 continue;
910 }
911
912 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
913 DEBUG(0, ("Trying to defer an already deferred "
914 "request: mid=%d, exiting\n", req->mid));
915 exit_server("attempt to defer a deferred request");
916 }
917 }
918
919 /* End paranoia check */
920
921 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
922 "open entry for mid %u\n",
923 (unsigned int)request_time.tv_sec,
924 (unsigned int)request_time.tv_usec,
925 (unsigned int)req->mid));
926
927 if (!push_deferred_smb_message(req, request_time, timeout,
928 (char *)state, sizeof(*state))) {
929 exit_server("push_deferred_smb_message failed");
930 }
931 add_deferred_open(lck, req->mid, request_time, state->id);
932
933 /*
934 * Push the MID of this packet on the signing queue.
935 * We only do this once, the first time we push the packet
936 * onto the deferred open queue, as this has a side effect
937 * of incrementing the response sequence number.
938 */
939
940 srv_defer_sign_response(req->mid);
941 }
942
943
944 /****************************************************************************
945 On overwrite open ensure that the attributes match.
946 ****************************************************************************/
947
948 static bool open_match_attributes(connection_struct *conn,
949 const char *path,
950 uint32 old_dos_attr,
951 uint32 new_dos_attr,
952 mode_t existing_unx_mode,
953 mode_t new_unx_mode,
954 mode_t *returned_unx_mode)
955 {
956 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
957
958 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
959 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
960
961 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
962 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
963 *returned_unx_mode = new_unx_mode;
964 } else {
965 *returned_unx_mode = (mode_t)0;
966 }
967
968 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
969 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
970 "returned_unx_mode = 0%o\n",
971 path,
972 (unsigned int)old_dos_attr,
973 (unsigned int)existing_unx_mode,
974 (unsigned int)new_dos_attr,
975 (unsigned int)*returned_unx_mode ));
976
977 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
978 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
979 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
980 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
981 return False;
982 }
983 }
984 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
985 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
986 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
987 return False;
988 }
989 }
990 return True;
991 }
992
993 /****************************************************************************
994 Special FCB or DOS processing in the case of a sharing violation.
995 Try and find a duplicated file handle.
996 ****************************************************************************/
997
998 static NTSTATUS fcb_or_dos_open(connection_struct *conn,
999 files_struct *fsp_to_dup_into,
1000 const char *fname,
1001 struct file_id id,
1002 uint16 file_pid,
1003 uint16 vuid,
1004 uint32 access_mask,
1005 uint32 share_access,
1006 uint32 create_options)
1007 {
1008 files_struct *fsp;
1009
1010 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1011 "file %s.\n", fname ));
1012
1013 for(fsp = file_find_di_first(id); fsp;
1014 fsp = file_find_di_next(fsp)) {
1015
1016 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1017 "vuid = %u, file_pid = %u, private_options = 0x%x "
1018 "access_mask = 0x%x\n", fsp->fsp_name,
1019 fsp->fh->fd, (unsigned int)fsp->vuid,
1020 (unsigned int)fsp->file_pid,
1021 (unsigned int)fsp->fh->private_options,
1022 (unsigned int)fsp->access_mask ));
1023
1024 if (fsp->fh->fd != -1 &&
1025 fsp->vuid == vuid &&
1026 fsp->file_pid == file_pid &&
1027 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1028 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1029 (fsp->access_mask & FILE_WRITE_DATA) &&
1030 strequal(fsp->fsp_name, fname)) {
1031 DEBUG(10,("fcb_or_dos_open: file match\n"));
1032 break;
1033 }
1034 }
1035
1036 if (!fsp) {
1037 return NT_STATUS_NOT_FOUND;
1038 }
1039
1040 /* quite an insane set of semantics ... */
1041 if (is_executable(fname) &&
1042 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1043 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1044 return NT_STATUS_INVALID_PARAMETER;
1045 }
1046
1047 /* We need to duplicate this fsp. */
1048 dup_file_fsp(fsp, access_mask, share_access,
1049 create_options, fsp_to_dup_into);
1050
1051 return NT_STATUS_OK;
1052 }
1053
1054 /****************************************************************************
1055 Open a file with a share mode - old openX method - map into NTCreate.
1056 ****************************************************************************/
1057
1058 bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
1059 uint32 *paccess_mask,
1060 uint32 *pshare_mode,
1061 uint32 *pcreate_disposition,
1062 uint32 *pcreate_options)
1063 {
1064 uint32 access_mask;
1065 uint32 share_mode;
1066 uint32 create_disposition;
1067 uint32 create_options = FILE_NON_DIRECTORY_FILE;
1068
1069 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1070 "open_func = 0x%x\n",
1071 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
1072
1073 /* Create the NT compatible access_mask. */
1074 switch (GET_OPENX_MODE(deny_mode)) {
1075 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1076 case DOS_OPEN_RDONLY:
1077 access_mask = FILE_GENERIC_READ;
1078 break;
1079 case DOS_OPEN_WRONLY:
1080 access_mask = FILE_GENERIC_WRITE;
1081 break;
1082 case DOS_OPEN_RDWR:
1083 case DOS_OPEN_FCB:
1084 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1085 break;
1086 default:
1087 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1088 (unsigned int)GET_OPENX_MODE(deny_mode)));
1089 return False;
1090 }
1091
1092 /* Create the NT compatible create_disposition. */
1093 switch (open_func) {
1094 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1095 create_disposition = FILE_CREATE;
1096 break;
1097
1098 case OPENX_FILE_EXISTS_OPEN:
1099 create_disposition = FILE_OPEN;
1100 break;
1101
1102 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1103 create_disposition = FILE_OPEN_IF;
1104 break;
1105
1106 case OPENX_FILE_EXISTS_TRUNCATE:
1107 create_disposition = FILE_OVERWRITE;
1108 break;
1109
1110 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1111 create_disposition = FILE_OVERWRITE_IF;
1112 break;
1113
1114 default:
1115 /* From samba4 - to be confirmed. */
1116 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1117 create_disposition = FILE_CREATE;
1118 break;
1119 }
1120 DEBUG(10,("map_open_params_to_ntcreate: bad "
1121 "open_func 0x%x\n", (unsigned int)open_func));
1122 return False;
1123 }
1124
1125 /* Create the NT compatible share modes. */
1126 switch (GET_DENY_MODE(deny_mode)) {
1127 case DENY_ALL:
1128 share_mode = FILE_SHARE_NONE;
1129 break;
1130
1131 case DENY_WRITE:
1132 share_mode = FILE_SHARE_READ;
1133 break;
1134
1135 case DENY_READ:
1136 share_mode = FILE_SHARE_WRITE;
1137 break;
1138
1139 case DENY_NONE:
1140 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1141 break;
1142
1143 case DENY_DOS:
1144 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1145 if (is_executable(fname)) {
1146 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1147 } else {
1148 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1149 share_mode = FILE_SHARE_READ;
1150 } else {
1151 share_mode = FILE_SHARE_NONE;
1152 }
1153 }
1154 break;
1155
1156 case DENY_FCB:
1157 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1158 share_mode = FILE_SHARE_NONE;
1159 break;
1160
1161 default:
1162 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1163 (unsigned int)GET_DENY_MODE(deny_mode) ));
1164 return False;
1165 }
1166
1167 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1168 "share_mode = 0x%x, create_disposition = 0x%x, "
1169 "create_options = 0x%x\n",
1170 fname,
1171 (unsigned int)access_mask,
1172 (unsigned int)share_mode,
1173 (unsigned int)create_disposition,
1174 (unsigned int)create_options ));
1175
1176 if (paccess_mask) {
1177 *paccess_mask = access_mask;
1178 }
1179 if (pshare_mode) {
1180 *pshare_mode = share_mode;
1181 }
1182 if (pcreate_disposition) {
1183 *pcreate_disposition = create_disposition;
1184 }
1185 if (pcreate_options) {
1186 *pcreate_options = create_options;
1187 }
1188
1189 return True;
1190
1191 }
1192
1193 static void schedule_defer_open(struct share_mode_lock *lck,
1194 struct timeval request_time,
1195 struct smb_request *req)
1196 {
1197 struct deferred_open_record state;
1198
1199 /* This is a relative time, added to the absolute
1200 request_time value to get the absolute timeout time.
1201 Note that if this is the second or greater time we enter
1202 this codepath for this particular request mid then
1203 request_time is left as the absolute time of the *first*
1204 time this request mid was processed. This is what allows
1205 the request to eventually time out. */
1206
1207 struct timeval timeout;
1208
1209 /* Normally the smbd we asked should respond within
1210 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1211 * the client did, give twice the timeout as a safety
1212 * measure here in case the other smbd is stuck
1213 * somewhere else. */
1214
1215 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1216
1217 /* Nothing actually uses state.delayed_for_oplocks
1218 but it's handy to differentiate in debug messages
1219 between a 30 second delay due to oplock break, and
1220 a 1 second delay for share mode conflicts. */
1221
1222 state.delayed_for_oplocks = True;
1223 state.id = lck->id;
1224
1225 if (!request_timed_out(request_time, timeout)) {
1226 defer_open(lck, request_time, timeout, req, &state);
1227 }
1228 }
1229
1230 /****************************************************************************
1231 Work out what access_mask to use from what the client sent us.
1232 ****************************************************************************/
1233
1234 static NTSTATUS calculate_access_mask(connection_struct *conn,
1235 const char *fname,
1236 bool file_existed,
1237 uint32_t access_mask,
1238 uint32_t *access_mask_out)
1239 {
1240 NTSTATUS status;
1241
1242 /*
1243 * Convert GENERIC bits to specific bits.
1244 */
1245
1246 se_map_generic(&access_mask, &file_generic_mapping);
1247
1248 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1249 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1250 if (file_existed) {
1251
1252 struct security_descriptor *sd;
1253 uint32_t access_granted = 0;
1254
1255 status = SMB_VFS_GET_NT_ACL(conn, fname,
1256 (OWNER_SECURITY_INFORMATION |
1257 GROUP_SECURITY_INFORMATION |
1258 DACL_SECURITY_INFORMATION),&sd);
1259
1260 if (!NT_STATUS_IS_OK(status)) {
1261 DEBUG(10, ("calculate_access_mask: Could not get acl "
1262 "on file %s: %s\n",
1263 fname,
1264 nt_errstr(status)));
1265 return NT_STATUS_ACCESS_DENIED;
1266 }
1267
1268 status = smb1_file_se_access_check(sd,
1269 conn->server_info->ptok,
1270 access_mask,
1271 &access_granted);
1272
1273 TALLOC_FREE(sd);
1274
1275 if (!NT_STATUS_IS_OK(status)) {
1276 DEBUG(10, ("calculate_access_mask: Access denied on "
1277 "file %s: when calculating maximum access\n",
1278 fname));
1279 return NT_STATUS_ACCESS_DENIED;
1280 }
1281
1282 access_mask = access_granted;
1283 } else {
1284 access_mask = FILE_GENERIC_ALL;
1285 }
1286 }
1287
1288 *access_mask_out = access_mask;
1289 return NT_STATUS_OK;
1290 }
1291
1292 /****************************************************************************
1293 Open a file with a share mode. Passed in an already created files_struct *.
1294 ****************************************************************************/
1295
1296 static NTSTATUS open_file_ntcreate_internal(connection_struct *conn,
1297 struct smb_request *req,
1298 const char *fname,
1299 SMB_STRUCT_STAT *psbuf,
1300 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1301 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1302 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1303 uint32 create_options, /* options such as delete on close. */
1304 uint32 new_dos_attributes, /* attributes used for new file. */
1305 int oplock_request, /* internal Samba oplock codes. */
1306 /* Information (FILE_EXISTS etc.) */
1307 int *pinfo,
1308 files_struct *fsp)
1309 {
1310 int flags=0;
1311 int flags2=0;
1312 bool file_existed = VALID_STAT(*psbuf);
1313 bool def_acl = False;
1314 bool posix_open = False;
1315 bool new_file_created = False;
1316 struct file_id id;
1317 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1318 mode_t new_unx_mode = (mode_t)0;
1319 mode_t unx_mode = (mode_t)0;
1320 int info;
1321 uint32 existing_dos_attributes = 0;
1322 struct pending_message_list *pml = NULL;
1323 struct timeval request_time = timeval_zero();
1324 struct share_mode_lock *lck = NULL;
1325 uint32 open_access_mask = access_mask;
1326 NTSTATUS status;
1327 int ret_flock;
1328 char *parent_dir;
1329 const char *newname;
1330
1331 ZERO_STRUCT(id);
1332
1333 if (conn->printer) {
1334 /*
1335 * Printers are handled completely differently.
1336 * Most of the passed parameters are ignored.
1337 */
1338
1339 if (pinfo) {
1340 *pinfo = FILE_WAS_CREATED;
1341 }
1342
1343 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1344
1345 return print_fsp_open(conn, fname, req->vuid, fsp);
1346 }
1347
1348 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1349 &newname)) {
1350 return NT_STATUS_NO_MEMORY;
1351 }
1352
1353 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1354 posix_open = True;
1355 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1356 new_dos_attributes = 0;
1357 } else {
1358 /* We add aARCH to this as this mode is only used if the file is
1359 * created new. */
1360 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1361 parent_dir);
1362 }
1363
1364 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1365 "access_mask=0x%x share_access=0x%x "
1366 "create_disposition = 0x%x create_options=0x%x "
1367 "unix mode=0%o oplock_request=%d\n",
1368 fname, new_dos_attributes, access_mask, share_access,
1369 create_disposition, create_options, unx_mode,
1370 oplock_request));
1371
1372 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1373 DEBUG(0, ("No smb request but not an internal only open!\n"));
1374 return NT_STATUS_INTERNAL_ERROR;
1375 }
1376
1377 /*
1378 * Only non-internal opens can be deferred at all
1379 */
1380
1381 if ((req != NULL)
1382 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1383 struct deferred_open_record *state =
1384 (struct deferred_open_record *)pml->private_data.data;
1385
1386 /* Remember the absolute time of the original
1387 request with this mid. We'll use it later to
1388 see if this has timed out. */
1389
1390 request_time = pml->request_time;
1391
1392 /* Remove the deferred open entry under lock. */
1393 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1394 NULL);
1395 if (lck == NULL) {
1396 DEBUG(0, ("could not get share mode lock\n"));
1397 } else {
1398 del_deferred_open_entry(lck, req->mid);
1399 TALLOC_FREE(lck);
1400 }
1401
1402 /* Ensure we don't reprocess this message. */
1403 remove_deferred_open_smb_message(req->mid);
1404 }
1405
1406 status = check_name(conn, fname);
1407 if (!NT_STATUS_IS_OK(status)) {
1408 return status;
1409 }
1410
1411 if (!posix_open) {
1412 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1413 if (file_existed) {
1414 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1415 }
1416 }
1417
1418 /* ignore any oplock requests if oplocks are disabled */
1419 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1420 IS_VETO_OPLOCK_PATH(conn, fname)) {
1421 /* Mask off everything except the private Samba bits. */
1422 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1423 }
1424
1425 /* this is for OS/2 long file names - say we don't support them */
1426 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1427 /* OS/2 Workplace shell fix may be main code stream in a later
1428 * release. */
1429 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1430 "supported.\n"));
1431 if (use_nt_status()) {
1432 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1433 }
1434 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1435 }
1436
1437 switch( create_disposition ) {
1438 /*
1439 * Currently we're using FILE_SUPERSEDE as the same as
1440 * FILE_OVERWRITE_IF but they really are
1441 * different. FILE_SUPERSEDE deletes an existing file
1442 * (requiring delete access) then recreates it.
1443 */
1444 case FILE_SUPERSEDE:
1445 /* If file exists replace/overwrite. If file doesn't
1446 * exist create. */
1447 flags2 |= (O_CREAT | O_TRUNC);
1448 break;
1449
1450 case FILE_OVERWRITE_IF:
1451 /* If file exists replace/overwrite. If file doesn't
1452 * exist create. */
1453 flags2 |= (O_CREAT | O_TRUNC);
1454 break;
1455
1456 case FILE_OPEN:
1457 /* If file exists open. If file doesn't exist error. */
1458 if (!file_existed) {
1459 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1460 "requested for file %s and file "
1461 "doesn't exist.\n", fname ));
1462 errno = ENOENT;
1463 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1464 }
1465 break;
1466
1467 case FILE_OVERWRITE:
1468 /* If file exists overwrite. If file doesn't exist
1469 * error. */
1470 if (!file_existed) {
1471 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1472 "requested for file %s and file "
1473 "doesn't exist.\n", fname ));
1474 errno = ENOENT;
1475 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1476 }
1477 flags2 |= O_TRUNC;
1478 break;
1479
1480 case FILE_CREATE:
1481 /* If file exists error. If file doesn't exist
1482 * create. */
1483 if (file_existed) {
1484 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1485 "requested for file %s and file "
1486 "already exists.\n", fname ));
1487 if (S_ISDIR(psbuf->st_mode)) {
1488 errno = EISDIR;
1489 } else {
1490 errno = EEXIST;
1491 }
1492 return map_nt_error_from_unix(errno);
1493 }
1494 flags2 |= (O_CREAT|O_EXCL);
1495 break;
1496
1497 case FILE_OPEN_IF:
1498 /* If file exists open. If file doesn't exist
1499 * create. */
1500 flags2 |= O_CREAT;
1501 break;
1502
1503 default:
1504 return NT_STATUS_INVALID_PARAMETER;
1505 }
1506
1507 /* We only care about matching attributes on file exists and
1508 * overwrite. */
1509
1510 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1511 (create_disposition == FILE_OVERWRITE_IF))) {
1512 if (!open_match_attributes(conn, fname,
1513 existing_dos_attributes,
1514 new_dos_attributes, psbuf->st_mode,
1515 unx_mode, &new_unx_mode)) {
1516 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1517 "for file %s (%x %x) (0%o, 0%o)\n",
1518 fname, existing_dos_attributes,
1519 new_dos_attributes,
1520 (unsigned int)psbuf->st_mode,
1521 (unsigned int)unx_mode ));
1522 errno = EACCES;
1523 return NT_STATUS_ACCESS_DENIED;
1524 }
1525 }
1526
1527 status = calculate_access_mask(conn, fname, file_existed,
1528 access_mask,
1529 &access_mask);
1530 if (!NT_STATUS_IS_OK(status)) {
1531 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1532 "on file %s returned %s\n",
1533 fname,
1534 nt_errstr(status)));
1535 return status;
1536 }
1537
1538 open_access_mask = access_mask;
1539
1540 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1541 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1542 }
1543
1544 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1545 "access_mask=0x%x\n", fname, access_mask ));
1546
1547 /*
1548 * Note that we ignore the append flag as append does not
1549 * mean the same thing under DOS and Unix.
1550 */
1551
1552 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1553 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1554 /* DENY_DOS opens are always underlying read-write on the
1555 file handle, no matter what the requested access mask
1556 says. */
1557 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1558 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1559 flags = O_RDWR;
1560 } else {
1561 flags = O_WRONLY;
1562 }
1563 } else {
1564 flags = O_RDONLY;
1565 }
1566
1567 /*
1568 * Currently we only look at FILE_WRITE_THROUGH for create options.
1569 */
1570
1571 #if defined(O_SYNC)
1572 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1573 flags2 |= O_SYNC;
1574 }
1575 #endif /* O_SYNC */
1576
1577 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1578 flags2 |= O_APPEND;
1579 }
1580
1581 if (!posix_open && !CAN_WRITE(conn)) {
1582 /*
1583 * We should really return a permission denied error if either
1584 * O_CREAT or O_TRUNC are set, but for compatibility with
1585 * older versions of Samba we just AND them out.
1586 */
1587 flags2 &= ~(O_CREAT|O_TRUNC);
1588 }
1589
1590 /*
1591 * Ensure we can't write on a read-only share or file.
1592 */
1593
1594 if (flags != O_RDONLY && file_existed &&
1595 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1596 DEBUG(5,("open_file_ntcreate: write access requested for "
1597 "file %s on read only %s\n",
1598 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1599 errno = EACCES;
1600 return NT_STATUS_ACCESS_DENIED;
1601 }
1602
1603 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1604 fsp->share_access = share_access;
1605 fsp->fh->private_options = create_options;
1606 fsp->access_mask = open_access_mask; /* We change this to the
1607 * requested access_mask after
1608 * the open is done. */
1609 fsp->posix_open = posix_open;
1610
1611 /* Ensure no SAMBA_PRIVATE bits can be set. */
1612 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1613
1614 if (timeval_is_zero(&request_time)) {
1615 request_time = fsp->open_time;
1616 }
1617
1618 if (file_existed) {
1619 struct timespec old_write_time = get_mtimespec(psbuf);
1620 id = vfs_file_id_from_sbuf(conn, psbuf);
1621
1622 lck = get_share_mode_lock(talloc_tos(), id,
1623 conn->connectpath,
1624 fname, &old_write_time);
1625
1626 if (lck == NULL) {
1627 DEBUG(0, ("Could not get share mode lock\n"));
1628 return NT_STATUS_SHARING_VIOLATION;
1629 }
1630
1631 /* First pass - send break only on batch oplocks. */
1632 if ((req != NULL)
1633 && delay_for_oplocks(lck, fsp, req->mid, 1,
1634 oplock_request)) {
1635 schedule_defer_open(lck, request_time, req);
1636 TALLOC_FREE(lck);
1637 return NT_STATUS_SHARING_VIOLATION;
1638 }
1639
1640 /* Use the client requested access mask here, not the one we
1641 * open with. */
1642 status = open_mode_check(conn, fname, lck,
1643 access_mask, share_access,
1644 create_options, &file_existed);
1645
1646 if (NT_STATUS_IS_OK(status)) {
1647 /* We might be going to allow this open. Check oplock
1648 * status again. */
1649 /* Second pass - send break for both batch or
1650 * exclusive oplocks. */
1651 if ((req != NULL)
1652 && delay_for_oplocks(lck, fsp, req->mid, 2,
1653 oplock_request)) {
1654 schedule_defer_open(lck, request_time, req);
1655 TALLOC_FREE(lck);
1656 return NT_STATUS_SHARING_VIOLATION;
1657 }
1658 }
1659
1660 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1661 /* DELETE_PENDING is not deferred for a second */
1662 TALLOC_FREE(lck);
1663 return status;
1664 }
1665
1666 if (!NT_STATUS_IS_OK(status)) {
1667 uint32 can_access_mask;
1668 bool can_access = True;
1669
1670 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1671
1672 /* Check if this can be done with the deny_dos and fcb
1673 * calls. */
1674 if (create_options &
1675 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1676 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1677 if (req == NULL) {
1678 DEBUG(0, ("DOS open without an SMB "
1679 "request!\n"));
1680 TALLOC_FREE(lck);
1681 return NT_STATUS_INTERNAL_ERROR;
1682 }
1683
1684 /* Use the client requested access mask here,
1685 * not the one we open with. */
1686 status = fcb_or_dos_open(conn,
1687 fsp,
1688 fname,
1689 id,
1690 req->smbpid,
1691 req->vuid,
1692 access_mask,
1693 share_access,
1694 create_options);
1695
1696 if (NT_STATUS_IS_OK(status)) {
1697 TALLOC_FREE(lck);
1698 if (pinfo) {
1699 *pinfo = FILE_WAS_OPENED;
1700 }
1701 return NT_STATUS_OK;
1702 }
1703 }
1704
1705 /*
1706 * This next line is a subtlety we need for
1707 * MS-Access. If a file open will fail due to share
1708 * permissions and also for security (access) reasons,
1709 * we need to return the access failed error, not the
1710 * share error. We can't open the file due to kernel
1711 * oplock deadlock (it's possible we failed above on
1712 * the open_mode_check()) so use a userspace check.
1713 */
1714
1715 if (flags & O_RDWR) {
1716 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1717 } else if (flags & O_WRONLY) {
1718 can_access_mask = FILE_WRITE_DATA;
1719 } else {
1720 can_access_mask = FILE_READ_DATA;
1721 }
1722
1723 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1724 !can_access_file_data(conn,fname,psbuf,can_access_mask)) {
1725 can_access = False;
1726 }
1727
1728 /*
1729 * If we're returning a share violation, ensure we
1730 * cope with the braindead 1 second delay.
1731 */
1732
1733 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1734 lp_defer_sharing_violations()) {
1735 struct timeval timeout;
1736 struct deferred_open_record state;
1737 int timeout_usecs;
1738
1739 /* this is a hack to speed up torture tests
1740 in 'make test' */
1741 timeout_usecs = lp_parm_int(SNUM(conn),
1742 "smbd","sharedelay",
1743 SHARING_VIOLATION_USEC_WAIT);
1744
1745 /* This is a relative time, added to the absolute
1746 request_time value to get the absolute timeout time.
1747 Note that if this is the second or greater time we enter
1748 this codepath for this particular request mid then
1749 request_time is left as the absolute time of the *first*
1750 time this request mid was processed. This is what allows
1751 the request to eventually time out. */
1752
1753 timeout = timeval_set(0, timeout_usecs);
1754
1755 /* Nothing actually uses state.delayed_for_oplocks
1756 but it's handy to differentiate in debug messages
1757 between a 30 second delay due to oplock break, and
1758 a 1 second delay for share mode conflicts. */
1759
1760 state.delayed_for_oplocks = False;
1761 state.id = id;
1762
1763 if ((req != NULL)
1764 && !request_timed_out(request_time,
1765 timeout)) {
1766 defer_open(lck, request_time, timeout,
1767 req, &state);
1768 }
1769 }
1770
1771 TALLOC_FREE(lck);
1772 if (can_access) {
1773 /*
1774 * We have detected a sharing violation here
1775 * so return the correct error code
1776 */
1777 status = NT_STATUS_SHARING_VIOLATION;
1778 } else {
1779 status = NT_STATUS_ACCESS_DENIED;
1780 }
1781 return status;
1782 }
1783
1784 /*
1785 * We exit this block with the share entry *locked*.....
1786 */
1787 }
1788
1789 SMB_ASSERT(!file_existed || (lck != NULL));
1790
1791 /*
1792 * Ensure we pay attention to default ACLs on directories if required.
1793 */
1794
1795 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1796 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1797 unx_mode = 0777;
1798 }
1799
1800 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1801 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1802 (unsigned int)flags, (unsigned int)flags2,
1803 (unsigned int)unx_mode, (unsigned int)access_mask,
1804 (unsigned int)open_access_mask));
1805
1806 /*
1807 * open_file strips any O_TRUNC flags itself.
1808 */
1809
1810 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1811 flags|flags2, unx_mode, access_mask,
1812 open_access_mask);
1813
1814 if (!NT_STATUS_IS_OK(fsp_open)) {
1815 if (lck != NULL) {
1816 TALLOC_FREE(lck);
1817 }
1818 return fsp_open;
1819 }
1820
1821 if (!file_existed) {
1822 struct timespec old_write_time = get_mtimespec(psbuf);
1823 /*
1824 * Deal with the race condition where two smbd's detect the
1825 * file doesn't exist and do the create at the same time. One
1826 * of them will win and set a share mode, the other (ie. this
1827 * one) should check if the requested share mode for this
1828 * create is allowed.
1829 */
1830
1831 /*
1832 * Now the file exists and fsp is successfully opened,
1833 * fsp->dev and fsp->inode are valid and should replace the
1834 * dev=0,inode=0 from a non existent file. Spotted by
1835 * Nadav Danieli <nadavd@exanet.com>. JRA.
1836 */
1837
1838 id = fsp->file_id;
1839
1840 lck = get_share_mode_lock(talloc_tos(), id,
1841 conn->connectpath,
1842 fname, &old_write_time);
1843
1844 if (lck == NULL) {
1845 DEBUG(0, ("open_file_ntcreate: Could not get share "
1846 "mode lock for %s\n", fname));
1847 fd_close(fsp);
1848 return NT_STATUS_SHARING_VIOLATION;
1849 }
1850
1851 /* First pass - send break only on batch oplocks. */
1852 if ((req != NULL)
1853 && delay_for_oplocks(lck, fsp, req->mid, 1,
1854 oplock_request)) {
1855 schedule_defer_open(lck, request_time, req);
1856 TALLOC_FREE(lck);
1857 fd_close(fsp);
1858 return NT_STATUS_SHARING_VIOLATION;
1859 }
1860
1861 status = open_mode_check(conn, fname, lck,
1862 access_mask, share_access,
1863 create_options, &file_existed);
1864
1865 if (NT_STATUS_IS_OK(status)) {
1866 /* We might be going to allow this open. Check oplock
1867 * status again. */
1868 /* Second pass - send break for both batch or
1869 * exclusive oplocks. */
1870 if ((req != NULL)
1871 && delay_for_oplocks(lck, fsp, req->mid, 2,
1872 oplock_request)) {
1873 schedule_defer_open(lck, request_time, req);
1874 TALLOC_FREE(lck);
1875 fd_close(fsp);
1876 return NT_STATUS_SHARING_VIOLATION;
1877 }
1878 }
1879
1880 if (!NT_STATUS_IS_OK(status)) {
1881 struct deferred_open_record state;
1882
1883 fd_close(fsp);
1884
1885 state.delayed_for_oplocks = False;
1886 state.id = id;
1887
1888 /* Do it all over again immediately. In the second
1889 * round we will find that the file existed and handle
1890 * the DELETE_PENDING and FCB cases correctly. No need
1891 * to duplicate the code here. Essentially this is a
1892 * "goto top of this function", but don't tell
1893 * anybody... */
1894
1895 if (req != NULL) {
1896 defer_open(lck, request_time, timeval_zero(),
1897 req, &state);
1898 }
1899 TALLOC_FREE(lck);
1900 return status;
1901 }
1902
1903 /*
1904 * We exit this block with the share entry *locked*.....
1905 */
1906
1907 }
1908
1909 SMB_ASSERT(lck != NULL);
1910
1911 /* note that we ignore failure for the following. It is
1912 basically a hack for NFS, and NFS will never set one of
1913 these only read them. Nobody but Samba can ever set a deny
1914 mode and we have already checked our more authoritative
1915 locking database for permission to set this deny mode. If
1916 the kernel refuses the operations then the kernel is wrong.
1917 note that GPFS supports it as well - jmcd */
1918
1919 if (fsp->fh->fd != -1) {
1920 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
1921 if(ret_flock == -1 ){
1922
1923 TALLOC_FREE(lck);
1924 fd_close(fsp);
1925
1926 return NT_STATUS_SHARING_VIOLATION;
1927 }
1928 }
1929
1930 /*
1931 * At this point onwards, we can guarentee that the share entry
1932 * is locked, whether we created the file or not, and that the
1933 * deny mode is compatible with all current opens.
1934 */
1935
1936 /*
1937 * If requested, truncate the file.
1938 */
1939
1940 if (flags2&O_TRUNC) {
1941 /*
1942 * We are modifing the file after open - update the stat
1943 * struct..
1944 */
1945 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
1946 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
1947 status = map_nt_error_from_unix(errno);
1948 TALLOC_FREE(lck);
1949 fd_close(fsp);
1950 return status;
1951 }
1952 }
1953
1954 /* Record the options we were opened with. */
1955 fsp->share_access = share_access;
1956 fsp->fh->private_options = create_options;
1957 /*
1958 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
1959 */
1960 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
1961
1962 if (file_existed) {
1963 /* stat opens on existing files don't get oplocks. */
1964 if (is_stat_open(open_access_mask)) {
1965 fsp->oplock_type = NO_OPLOCK;
1966 }
1967
1968 if (!(flags2 & O_TRUNC)) {
1969 info = FILE_WAS_OPENED;
1970 } else {
1971 info = FILE_WAS_OVERWRITTEN;
1972 }
1973 } else {
1974 info = FILE_WAS_CREATED;
1975 }
1976
1977 if (pinfo) {
1978 *pinfo = info;
1979 }
1980
1981 /*
1982 * Setup the oplock info in both the shared memory and
1983 * file structs.
1984 */
1985
1986 if (!set_file_oplock(fsp, fsp->oplock_type)) {
1987 /* Could not get the kernel oplock */
1988 fsp->oplock_type = NO_OPLOCK;
1989 }
1990
1991 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
1992 new_file_created = True;
1993 }
1994
1995 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
1996 fsp->oplock_type);
1997
1998 /* Handle strange delete on close create semantics. */
1999 if (create_options & FILE_DELETE_ON_CLOSE) {
2000
2001 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
2002
2003 if (!NT_STATUS_IS_OK(status)) {
2004 /* Remember to delete the mode we just added. */
2005 del_share_mode(lck, fsp);
2006 TALLOC_FREE(lck);
2007 fd_close(fsp);
2008 return status;
2009 }
2010 /* Note that here we set the *inital* delete on close flag,
2011 not the regular one. The magic gets handled in close. */
2012 fsp->initial_delete_on_close = True;
2013 }
2014
2015 if (new_file_created) {
2016 /* Files should be initially set as archive */
2017 if (lp_map_archive(SNUM(conn)) ||
2018 lp_store_dos_attributes(SNUM(conn))) {
2019 if (!posix_open) {
2020 SMB_STRUCT_STAT tmp_sbuf;
2021 SET_STAT_INVALID(tmp_sbuf);
2022 if (file_set_dosmode(
2023 conn, fname,
2024 new_dos_attributes | aARCH,
2025 &tmp_sbuf, parent_dir,
2026 true) == 0) {
2027 unx_mode = tmp_sbuf.st_mode;
2028 }
2029 }
2030 }
2031 }
2032
2033 /*
2034 * Take care of inherited ACLs on created files - if default ACL not
2035 * selected.
2036 */
2037
2038 if (!posix_open && !file_existed && !def_acl) {
2039
2040 int saved_errno = errno; /* We might get ENOSYS in the next
2041 * call.. */
2042
2043 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2044 errno == ENOSYS) {
2045 errno = saved_errno; /* Ignore ENOSYS */
2046 }
2047
2048 } else if (new_unx_mode) {
2049
2050 int ret = -1;
2051
2052 /* Attributes need changing. File already existed. */
2053
2054 {
2055 int saved_errno = errno; /* We might get ENOSYS in the
2056 * next call.. */
2057 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2058
2059 if (ret == -1 && errno == ENOSYS) {
2060 errno = saved_errno; /* Ignore ENOSYS */
2061 } else {
2062 DEBUG(5, ("open_file_ntcreate: reset "
2063 "attributes of file %s to 0%o\n",
2064 fname, (unsigned int)new_unx_mode));
2065 ret = 0; /* Don't do the fchmod below. */
2066 }
2067 }
2068
2069 if ((ret == -1) &&
2070 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2071 DEBUG(5, ("open_file_ntcreate: failed to reset "
2072 "attributes of file %s to 0%o\n",
2073 fname, (unsigned int)new_unx_mode));
2074 }
2075
2076 /* If this is a successful open, we must remove any deferred open
2077 * records. */
2078 if (req != NULL) {
2079 del_deferred_open_entry(lck, req->mid);
2080 }
2081 TALLOC_FREE(lck);
2082
2083 return NT_STATUS_OK;
2084 }
2085
2086 /****************************************************************************
2087 Open a file with a share mode.
2088 ****************************************************************************/
2089
2090 NTSTATUS open_file_ntcreate(connection_struct *conn,
2091 struct smb_request *req,
2092 const char *fname,
2093 SMB_STRUCT_STAT *psbuf,
2094 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
2095 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
2096 uint32 create_disposition, /* FILE_OPEN_IF etc. */
2097 uint32 create_options, /* options such as delete on close. */
2098 uint32 new_dos_attributes, /* attributes used for new file. */
2099 int oplock_request, /* internal Samba oplock codes. */
2100 /* Information (FILE_EXISTS etc.) */
2101 int *pinfo,
2102 files_struct **result)
2103 {
2104 NTSTATUS status;
2105 files_struct *fsp = NULL;
2106
2107 *result = NULL;
2108
2109 status = file_new(conn, &fsp);
2110 if(!NT_STATUS_IS_OK(status)) {
2111 return status;
2112 }
2113
2114 status = open_file_ntcreate_internal(conn,
2115 req,
2116 fname,
2117 psbuf,
2118 access_mask,
2119 share_access,
2120 create_disposition,
2121 create_options,
2122 new_dos_attributes,
2123 oplock_request,
2124 pinfo,
2125 fsp);
2126
2127 if(!NT_STATUS_IS_OK(status)) {
2128 file_free(fsp);
2129 return status;
2130 }
2131
2132 *result = fsp;
2133 return status;
2134 }
2135
2136 /****************************************************************************
2137 Open a file for for write to ensure that we can fchmod it.
2138 ****************************************************************************/
2139
2140 NTSTATUS open_file_fchmod(connection_struct *conn, const char *fname,
2141 SMB_STRUCT_STAT *psbuf, files_struct **result)
2142 {
2143 files_struct *fsp = NULL;
2144 NTSTATUS status;
2145
2146 if (!VALID_STAT(*psbuf)) {
2147 return NT_STATUS_INVALID_PARAMETER;
2148 }
2149
2150 status = file_new(conn, &fsp);
2151 if(!NT_STATUS_IS_OK(status)) {
2152 return status;
2153 }
2154
2155 /* note! we must use a non-zero desired access or we don't get
2156 a real file descriptor. Oh what a twisted web we weave. */
2157 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
2158 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
2159
2160 /*
2161 * This is not a user visible file open.
2162 * Don't set a share mode.
2163 */
2164
2165 if (!NT_STATUS_IS_OK(status)) {
2166 file_free(fsp);
2167 return status;
2168 }
2169
2170 *result = fsp;
2171 return NT_STATUS_OK;
2172 }
2173
2174 /****************************************************************************
2175 Close the fchmod file fd - ensure no locks are lost.
2176 ****************************************************************************/
2177
2178 NTSTATUS close_file_fchmod(files_struct *fsp)
2179 {
2180 NTSTATUS status = fd_close(fsp);
2181 file_free(fsp);
2182 return status;
2183 }
2184
2185 static NTSTATUS mkdir_internal(connection_struct *conn,
2186 const char *name,
2187 uint32 file_attributes,
2188 SMB_STRUCT_STAT *psbuf)
2189 {
2190 mode_t mode;
2191 char *parent_dir;
2192 const char *dirname;
2193 NTSTATUS status;
2194 bool posix_open = false;
2195
2196 if(!CAN_WRITE(conn)) {
2197 DEBUG(5,("mkdir_internal: failing create on read-only share "
2198 "%s\n", lp_servicename(SNUM(conn))));
2199 return NT_STATUS_ACCESS_DENIED;
2200 }
2201
2202 status = check_name(conn, name);
2203 if (!NT_STATUS_IS_OK(status)) {
2204 return status;
2205 }
2206
2207 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2208 &dirname)) {
2209 return NT_STATUS_NO_MEMORY;
2210 }
2211
2212 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2213 posix_open = true;
2214 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2215 } else {
2216 mode = unix_mode(conn, aDIR, name, parent_dir);
2217 }
2218
2219 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2220 return map_nt_error_from_unix(errno);
2221 }
2222
2223 /* Ensure we're checking for a symlink here.... */
2224 /* We don't want to get caught by a symlink racer. */
2225
2226 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2227 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2228 name, strerror(errno)));
2229 return map_nt_error_from_unix(errno);
2230 }
2231
2232 if (!S_ISDIR(psbuf->st_mode)) {
2233 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2234 name));
2235 return NT_STATUS_ACCESS_DENIED;
2236 }
2237
2238 if (lp_store_dos_attributes(SNUM(conn))) {
2239 if (!posix_open) {
2240 file_set_dosmode(conn, name,
2241 file_attributes | aDIR, NULL,
2242 parent_dir,
2243 true);
2244 }
2245 }
2246
2247 if (lp_inherit_perms(SNUM(conn))) {
2248 inherit_access_posix_acl(conn, parent_dir, name, mode);
2249 }
2250
2251 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2252 /*
2253 * Check if high bits should have been set,
2254 * then (if bits are missing): add them.
2255 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2256 * dir.
2257 */
2258 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2259 SMB_VFS_CHMOD(conn, name,
2260 psbuf->st_mode | (mode & ~psbuf->st_mode));
2261 }
2262 }
2263
2264 /* Change the owner if required. */
2265 if (lp_inherit_owner(SNUM(conn))) {
2266 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2267 }
2268
2269 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2270 name);
2271
2272 return NT_STATUS_OK;
2273 }
2274
2275 /****************************************************************************
2276 Open a directory from an NT SMB call.
2277 ****************************************************************************/
2278
2279 NTSTATUS open_directory(connection_struct *conn,
2280 struct smb_request *req,
2281 const char *fname,
2282 SMB_STRUCT_STAT *psbuf,
2283 uint32 access_mask,
2284 uint32 share_access,
2285 uint32 create_disposition,
2286 uint32 create_options,
2287 uint32 file_attributes,
2288 int *pinfo,
2289 files_struct **result)
2290 {
2291 files_struct *fsp = NULL;
2292 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2293 struct share_mode_lock *lck = NULL;
2294 NTSTATUS status;
2295 struct timespec mtimespec;
2296 int info = 0;
2297
2298 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2299 "share_access = 0x%x create_options = 0x%x, "
2300 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2301 fname,
2302 (unsigned int)access_mask,
2303 (unsigned int)share_access,
2304 (unsigned int)create_options,
2305 (unsigned int)create_disposition,
2306 (unsigned int)file_attributes));
2307
2308 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2309 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2310 is_ntfs_stream_name(fname)) {
2311 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2312 return NT_STATUS_NOT_A_DIRECTORY;
2313 }
2314
2315 status = calculate_access_mask(conn, fname, dir_existed,
2316 access_mask,
2317 &access_mask);
2318 if (!NT_STATUS_IS_OK(status)) {
2319 DEBUG(10, ("open_directory: calculate_access_mask "
2320 "on file %s returned %s\n",
2321 fname,
2322 nt_errstr(status)));
2323 return status;
2324 }
2325
2326 switch( create_disposition ) {
2327 case FILE_OPEN:
2328
2329 info = FILE_WAS_OPENED;
2330
2331 /*
2332 * We want to follow symlinks here.
2333 */
2334
2335 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2336 return map_nt_error_from_unix(errno);
2337 }
2338
2339 break;
2340
2341 case FILE_CREATE:
2342
2343 /* If directory exists error. If directory doesn't
2344 * exist create. */
2345
2346 status = mkdir_internal(conn,
2347 fname,
2348 file_attributes,
2349 psbuf);
2350
2351 if (!NT_STATUS_IS_OK(status)) {
2352 DEBUG(2, ("open_directory: unable to create "
2353 "%s. Error was %s\n", fname,
2354 nt_errstr(status)));
2355 return status;
2356 }
2357
2358 info = FILE_WAS_CREATED;
2359 break;
2360
2361 case FILE_OPEN_IF:
2362 /*
2363 * If directory exists open. If directory doesn't
2364 * exist create.
2365 */
2366
2367 status = mkdir_internal(conn,
2368 fname,
2369 file_attributes,
2370 psbuf);
2371
2372 if (NT_STATUS_IS_OK(status)) {
2373 info = FILE_WAS_CREATED;
2374 }
2375
2376 if (NT_STATUS_EQUAL(status,
2377 NT_STATUS_OBJECT_NAME_COLLISION)) {
2378 info = FILE_WAS_OPENED;
2379 status = NT_STATUS_OK;
2380 }
2381
2382 break;
2383
2384 case FILE_SUPERSEDE:
2385 case FILE_OVERWRITE:
2386 case FILE_OVERWRITE_IF:
2387 default:
2388 DEBUG(5,("open_directory: invalid create_disposition "
2389 "0x%x for directory %s\n",
2390 (unsigned int)create_disposition, fname));
2391 return NT_STATUS_INVALID_PARAMETER;
2392 }
2393
2394 if(!S_ISDIR(psbuf->st_mode)) {
2395 DEBUG(5,("open_directory: %s is not a directory !\n",
2396 fname ));
2397 return NT_STATUS_NOT_A_DIRECTORY;
2398 }
2399
2400 if (info == FILE_WAS_OPENED) {
2401 status = check_open_rights(conn,
2402 fname,
2403 access_mask);
2404 if (!NT_STATUS_IS_OK(status)) {
2405 DEBUG(10, ("open_directory: check_open_rights on "
2406 "file %s failed with %s\n",
2407 fname,
2408 nt_errstr(status)));
2409 return status;
2410 }
2411 }
2412
2413 status = file_new(conn, &fsp);
2414 if(!NT_STATUS_IS_OK(status)) {
2415 return status;
2416 }
2417
2418 /*
2419 * Setup the files_struct for it.
2420 */
2421
2422 fsp->mode = psbuf->st_mode;
2423 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2424 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2425 fsp->file_pid = req ? req->smbpid : 0;
2426 fsp->can_lock = False;
2427 fsp->can_read = False;
2428 fsp->can_write = False;
2429
2430 fsp->share_access = share_access;
2431 fsp->fh->private_options = create_options;
2432 /*
2433 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2434 */
2435 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2436 fsp->print_file = False;
2437 fsp->modified = False;
2438 fsp->oplock_type = NO_OPLOCK;
2439 fsp->sent_oplock_break = NO_BREAK_SENT;
2440 fsp->is_directory = True;
2441 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2442
2443 string_set(&fsp->fsp_name,fname);
2444
2445 mtimespec = get_mtimespec(psbuf);
2446
2447 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2448 conn->connectpath,
2449 fname, &mtimespec);
2450
2451 if (lck == NULL) {
2452 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2453 file_free(fsp);
2454 return NT_STATUS_SHARING_VIOLATION;
2455 }
2456
2457 status = open_mode_check(conn, fname, lck,
2458 access_mask, share_access,
2459 create_options, &dir_existed);
2460
2461 if (!NT_STATUS_IS_OK(status)) {
2462 TALLOC_FREE(lck);
2463 file_free(fsp);
2464 return status;
2465 }
2466
2467 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
2468
2469 /* For directories the delete on close bit at open time seems
2470 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2471 if (create_options & FILE_DELETE_ON_CLOSE) {
2472 status = can_set_delete_on_close(fsp, True, 0);
2473 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2474 TALLOC_FREE(lck);
2475 file_free(fsp);
2476 return status;
2477 }
2478
2479 if (NT_STATUS_IS_OK(status)) {
2480 /* Note that here we set the *inital* delete on close flag,
2481 not the regular one. The magic gets handled in close. */
2482 fsp->initial_delete_on_close = True;
2483 }
2484 }
2485
2486 TALLOC_FREE(lck);
2487
2488 if (pinfo) {
2489 *pinfo = info;
2490 }
2491
2492 *result = fsp;
2493 return NT_STATUS_OK;
2494 }
2495
2496 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2497 {
2498 NTSTATUS status;
2499 SMB_STRUCT_STAT sbuf;
2500 files_struct *fsp;
2501
2502 SET_STAT_INVALID(sbuf);
2503
2504 status = open_directory(conn, req, directory, &sbuf,
2505 FILE_READ_ATTRIBUTES, /* Just a stat open */
2506 FILE_SHARE_NONE, /* Ignored for stat opens */
2507 FILE_CREATE,
2508 0,
2509 FILE_ATTRIBUTE_DIRECTORY,
2510 NULL,
2511 &fsp);
2512
2513 if (NT_STATUS_IS_OK(status)) {
2514 close_file(fsp, NORMAL_CLOSE);
2515 }
2516
2517 return status;
2518 }
2519
2520 /****************************************************************************
2521 Receive notification that one of our open files has been renamed by another
2522 smbd process.
2523 ****************************************************************************/
2524
2525 void msg_file_was_renamed(struct messaging_context *msg,
2526 void *private_data,
2527 uint32_t msg_type,
2528 struct server_id server_id,
2529 DATA_BLOB *data)
2530 {
2531 files_struct *fsp;
2532 char *frm = (char *)data->data;
2533 struct file_id id;
2534 const char *sharepath;
2535 const char *newname;
2536 size_t sp_len;
2537
2538 if (data->data == NULL
2539 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2540 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2541 (int)data->length));
2542 return;
2543 }
2544
2545 /* Unpack the message. */
2546 pull_file_id_16(frm, &id);
2547 sharepath = &frm[16];
2548 newname = sharepath + strlen(sharepath) + 1;
2549 sp_len = strlen(sharepath);
2550
2551 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2552 "file_id %s\n",
2553 sharepath, newname, file_id_string_tos(&id)));
2554
2555 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2556 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2557 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2558 fsp->fnum, fsp->fsp_name, newname ));
2559 string_set(&fsp->fsp_name, newname);
2560 } else {
2561 /* TODO. JRA. */
2562 /* Now we have the complete path we can work out if this is
2563 actually within this share and adjust newname accordingly. */
2564 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2565 "not sharepath %s) "
2566 "fnum %d from %s -> %s\n",
2567 fsp->conn->connectpath,
2568 sharepath,
2569 fsp->fnum,
2570 fsp->fsp_name,
2571 newname ));
2572 }
2573 }
2574 }
2575
2576 struct case_semantics_state {
2577 connection_struct *conn;
2578 bool case_sensitive;
2579 bool case_preserve;
2580 bool short_case_preserve;
2581 };
2582
2583 /****************************************************************************
2584 Restore case semantics.
2585 ****************************************************************************/
2586 static int restore_case_semantics(struct case_semantics_state *state)
2587 {
2588 state->conn->case_sensitive = state->case_sensitive;
2589 state->conn->case_preserve = state->case_preserve;
2590 state->conn->short_case_preserve = state->short_case_preserve;
2591 return 0;
2592 }
2593
2594 /****************************************************************************
2595 Save case semantics.
2596 ****************************************************************************/
2597 static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2598 connection_struct *conn)
2599 {
2600 struct case_semantics_state *result;
2601
2602 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2603 DEBUG(0, ("talloc failed\n"));
2604 return NULL;
2605 }
2606
2607 result->conn = conn;
2608 result->case_sensitive = conn->case_sensitive;
2609 result->case_preserve = conn->case_preserve;
2610 result->short_case_preserve = conn->short_case_preserve;
2611
2612 /* Set to POSIX. */
2613 conn->case_sensitive = True;
2614 conn->case_preserve = True;
2615 conn->short_case_preserve = True;
2616
2617 talloc_set_destructor(result, restore_case_semantics);
2618
2619 return result;
2620 }
2621
2622 /*
2623 * If a main file is opened for delete, all streams need to be checked for
2624 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2625 * If that works, delete them all by setting the delete on close and close.
2626 */
2627
2628 static NTSTATUS open_streams_for_delete(connection_struct *conn,
2629 const char *fname)
2630 {
2631 struct stream_struct *stream_info;
2632 files_struct **streams;
2633 int i;
2634 unsigned int num_streams;
2635 TALLOC_CTX *frame = talloc_stackframe();
2636 NTSTATUS status;
2637
2638 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2639 &num_streams, &stream_info);
2640
2641 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2642 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2643 DEBUG(10, ("no streams around\n"));
2644 TALLOC_FREE(frame);
2645 return NT_STATUS_OK;
2646 }
2647
2648 if (!NT_STATUS_IS_OK(status)) {
2649 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2650 nt_errstr(status)));
2651 goto fail;
2652 }
2653
2654 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2655 num_streams));
2656
2657 if (num_streams == 0) {
2658 TALLOC_FREE(frame);
2659 return NT_STATUS_OK;
2660 }
2661
2662 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2663 if (streams == NULL) {
2664 DEBUG(0, ("talloc failed\n"));
2665 status = NT_STATUS_NO_MEMORY;
2666 goto fail;
2667 }
2668
2669 for (i=0; i<num_streams; i++) {
2670 char *streamname;
2671
2672 if (strequal(stream_info[i].name, "::$DATA")) {
2673 streams[i] = NULL;
2674 continue;
2675 }
2676
2677 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2678 stream_info[i].name);
2679
2680 if (streamname == NULL) {
2681 DEBUG(0, ("talloc_aprintf failed\n"));
2682 status = NT_STATUS_NO_MEMORY;
2683 goto fail;
2684 }
2685
2686 status = create_file_unixpath
2687 (conn, /* conn */
2688 NULL, /* req */
2689 streamname, /* fname */
2690 DELETE_ACCESS, /* access_mask */
2691 FILE_SHARE_READ | FILE_SHARE_WRITE
2692 | FILE_SHARE_DELETE, /* share_access */
2693 FILE_OPEN, /* create_disposition*/
2694 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2695 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2696 0, /* oplock_request */
2697 0, /* allocation_size */
2698 NULL, /* sd */
2699 NULL, /* ea_list */
2700 &streams[i], /* result */
2701 NULL, /* pinfo */
2702 NULL); /* psbuf */
2703
2704 TALLOC_FREE(streamname);
2705
2706 if (!NT_STATUS_IS_OK(status)) {
2707 DEBUG(10, ("Could not open stream %s: %s\n",
2708 streamname, nt_errstr(status)));
2709 break;
2710 }
2711 }
2712
2713 /*
2714 * don't touch the variable "status" beyond this point :-)
2715 */
2716
2717 for (i -= 1 ; i >= 0; i--) {
2718 if (streams[i] == NULL) {
2719 continue;
2720 }
2721
2722 DEBUG(10, ("Closing stream # %d, %s\n", i,
2723 streams[i]->fsp_name));
2724 close_file(streams[i], NORMAL_CLOSE);
2725 }
2726
2727 fail:
2728 TALLOC_FREE(frame);
2729 return status;
2730 }
2731
2732 /*
2733 * Wrapper around open_file_ntcreate and open_directory
2734 */
2735
2736 NTSTATUS create_file_unixpath(connection_struct *conn,
2737 struct smb_request *req,
2738 const char *fname,
2739 uint32_t access_mask,
2740 uint32_t share_access,
2741 uint32_t create_disposition,
2742 uint32_t create_options,
2743 uint32_t file_attributes,
2744 uint32_t oplock_request,
2745 SMB_BIG_UINT allocation_size,
2746 struct security_descriptor *sd,
2747 struct ea_list *ea_list,
2748
2749 files_struct **result,
2750 int *pinfo,
2751 SMB_STRUCT_STAT *psbuf)
2752 {
2753 SMB_STRUCT_STAT sbuf;
2754 int info = FILE_WAS_OPENED;
2755 files_struct *base_fsp = NULL;
2756 files_struct *fsp = NULL;
2757 NTSTATUS status;
2758
2759 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2760 "file_attributes = 0x%x, share_access = 0x%x, "
2761 "create_disposition = 0x%x create_options = 0x%x "
2762 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2763 "fname = %s\n",
2764 (unsigned int)access_mask,
2765 (unsigned int)file_attributes,
2766 (unsigned int)share_access,
2767 (unsigned int)create_disposition,
2768 (unsigned int)create_options,
2769 (unsigned int)oplock_request,
2770 ea_list, sd, fname));
2771
2772 if (create_options & FILE_OPEN_BY_FILE_ID) {
2773 status = NT_STATUS_NOT_SUPPORTED;
2774 goto fail;
2775 }
2776
2777 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2778 status = NT_STATUS_INVALID_PARAMETER;
2779 goto fail;
2780 }
2781
2782 if (req == NULL) {
2783 oplock_request |= INTERNAL_OPEN_ONLY;
2784 }
2785
2786 if (psbuf != NULL) {
2787 sbuf = *psbuf;
2788 }
2789 else {
2790 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2791 SET_STAT_INVALID(sbuf);
2792 }
2793 }
2794
2795 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2796 && (access_mask & DELETE_ACCESS)
2797 && !is_ntfs_stream_name(fname)) {
2798 /*
2799 * We can't open a file with DELETE access if any of the
2800 * streams is open without FILE_SHARE_DELETE
2801 */
2802 status = open_streams_for_delete(conn, fname);
2803
2804 if (!NT_STATUS_IS_OK(status)) {
2805 goto fail;
2806 }
2807 }
2808
2809 /* This is the correct thing to do (check every time) but can_delete
2810 * is expensive (it may have to read the parent directory
2811 * permissions). So for now we're not doing it unless we have a strong
2812 * hint the client is really going to delete this file. If the client
2813 * is forcing FILE_CREATE let the filesystem take care of the
2814 * permissions. */
2815
2816 /* Setting FILE_SHARE_DELETE is the hint. */
2817
2818 if (lp_acl_check_permissions(SNUM(conn))
2819 && (create_disposition != FILE_CREATE)
2820 && (share_access & FILE_SHARE_DELETE)
2821 && (access_mask & DELETE_ACCESS)
2822 && (!can_delete_file_in_directory(conn, fname))) {
2823 status = NT_STATUS_ACCESS_DENIED;
2824 goto fail;
2825 }
2826
2827 #if 0
2828 /* We need to support SeSecurityPrivilege for this. */
2829 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2830 !user_has_privileges(current_user.nt_user_token,
2831 &se_security)) {
2832 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2833 goto fail;
2834 }
2835 #endif
2836
2837 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2838 && is_ntfs_stream_name(fname)
2839 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2840 char *base;
2841 uint32 base_create_disposition;
2842
2843 if (create_options & FILE_DIRECTORY_FILE) {
2844 status = NT_STATUS_NOT_A_DIRECTORY;
2845 goto fail;
2846 }
2847
2848 status = split_ntfs_stream_name(talloc_tos(), fname,
2849 &base, NULL);
2850 if (!NT_STATUS_IS_OK(status)) {
2851 DEBUG(10, ("create_file_unixpath: "
2852 "split_ntfs_stream_name failed: %s\n",
2853 nt_errstr(status)));
2854 goto fail;
2855 }
2856
2857 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2858
2859 switch (create_disposition) {
2860 case FILE_OPEN:
2861 base_create_disposition = FILE_OPEN;
2862 break;
2863 default:
2864 base_create_disposition = FILE_OPEN_IF;
2865 break;
2866 }
2867
2868 status = create_file_unixpath(conn, NULL, base, 0,
2869 FILE_SHARE_READ
2870 | FILE_SHARE_WRITE
2871 | FILE_SHARE_DELETE,
2872 base_create_disposition,
2873 0, 0, 0, 0, NULL, NULL,
2874 &base_fsp, NULL, NULL);
2875 if (!NT_STATUS_IS_OK(status)) {
2876 DEBUG(10, ("create_file_unixpath for base %s failed: "
2877 "%s\n", base, nt_errstr(status)));
2878 goto fail;
2879 }
2880 /* we don't need to low level fd */
2881 fd_close(base_fsp);
2882 }
2883
2884 /*
2885 * If it's a request for a directory open, deal with it separately.
2886 */
2887
2888 if (create_options & FILE_DIRECTORY_FILE) {
2889
2890 if (create_options & FILE_NON_DIRECTORY_FILE) {
2891 status = NT_STATUS_INVALID_PARAMETER;
2892 goto fail;
2893 }
2894
2895 /* Can't open a temp directory. IFS kit test. */
2896 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2897 status = NT_STATUS_INVALID_PARAMETER;
2898 goto fail;
2899 }
2900
2901 /*
2902 * We will get a create directory here if the Win32
2903 * app specified a security descriptor in the
2904 * CreateDirectory() call.
2905 */
2906
2907 oplock_request = 0;
2908 status = open_directory(
2909 conn, req, fname, &sbuf, access_mask, share_access,
2910 create_disposition, create_options, file_attributes,
2911 &info, &fsp);
2912 } else {
2913
2914 /*
2915 * Ordinary file case.
2916 */
2917
2918 if (base_fsp) {
2919 /*
2920 * We're opening the stream element of a base_fsp
2921 * we already opened. We need to initialize
2922 * the fsp first, and set up the base_fsp pointer.
2923 */
2924 status = file_new(conn, &fsp);
2925 if(!NT_STATUS_IS_OK(status)) {
2926 goto fail;
2927 }
2928
2929 fsp->base_fsp = base_fsp;
2930
2931 status = open_file_ntcreate_internal(conn,
2932 req,
2933 fname,
2934 &sbuf,
2935 access_mask,
2936 share_access,
2937 create_disposition,
2938 create_options,
2939 file_attributes,
2940 oplock_request,
2941 &info,
2942 fsp);
2943
2944 if(!NT_STATUS_IS_OK(status)) {
2945 file_free(fsp);
2946 fsp = NULL;
2947 }
2948 } else {
2949 status = open_file_ntcreate(
2950 conn, req, fname, &sbuf, access_mask, share_access,
2951 create_disposition, create_options, file_attributes,
2952 oplock_request, &info, &fsp);
2953 }
2954
2955 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2956
2957 /* A stream open never opens a directory */
2958
2959 if (base_fsp) {
2960 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2961 goto fail;
2962 }
2963
2964 /*
2965 * Fail the open if it was explicitly a non-directory
2966 * file.
2967 */
2968
2969 if (create_options & FILE_NON_DIRECTORY_FILE) {
2970 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2971 goto fail;
2972 }
2973
2974 oplock_request = 0;
2975 status = open_directory(
2976 conn, req, fname, &sbuf, access_mask,
2977 share_access, create_disposition,
2978 create_options, file_attributes,
2979 &info, &fsp);
2980 }
2981 }
2982
2983 if (!NT_STATUS_IS_OK(status)) {
2984 goto fail;
2985 }
2986
2987 fsp->base_fsp = base_fsp;
2988
2989 /*
2990 * According to the MS documentation, the only time the security
2991 * descriptor is applied to the opened file is iff we *created* the
2992 * file; an existing file stays the same.
2993 *
2994 * Also, it seems (from observation) that you can open the file with
2995 * any access mask but you can still write the sd. We need to override
2996 * the granted access before we call set_sd
2997 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
2998 */
2999
3000 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3001 && lp_nt_acl_support(SNUM(conn))) {
3002
3003 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
3004 uint32_t saved_access_mask = fsp->access_mask;
3005
3006 if (sd->owner_sid == NULL) {
3007 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
3008 }
3009 if (sd->group_sid == NULL) {
3010 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
3011 }
3012 if (sd->sacl == NULL) {
3013 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
3014 }
3015 if (sd->dacl == NULL) {
3016 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
3017 }
3018
3019 fsp->access_mask = FILE_GENERIC_ALL;
3020
3021 /* Convert all the generic bits. */
3022 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3023 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3024
3025 if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
3026 GROUP_SECURITY_INFORMATION|
3027 DACL_SECURITY_INFORMATION|
3028 SACL_SECURITY_INFORMATION)) {
3029 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3030 }
3031
3032 fsp->access_mask = saved_access_mask;
3033
3034 if (!NT_STATUS_IS_OK(status)) {
3035 goto fail;
3036 }
3037 }
3038
3039 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
3040 status = set_ea(conn, fsp, fname, ea_list);
3041 if (!NT_STATUS_IS_OK(status)) {
3042 goto fail;
3043 }
3044 }
3045
3046 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
3047 status = NT_STATUS_ACCESS_DENIED;
3048 goto fail;
3049 }
3050
3051 /* Save the requested allocation size. */
3052 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3053 if (allocation_size
3054 && (allocation_size > sbuf.st_size)) {
3055 fsp->initial_allocation_size = smb_roundup(
3056 fsp->conn, allocation_size);
3057 if (fsp->is_directory) {
3058 /* Can't set allocation size on a directory. */
3059 status = NT_STATUS_ACCESS_DENIED;
3060 goto fail;
3061 }
3062 if (vfs_allocate_file_space(
3063 fsp, fsp->initial_allocation_size) == -1) {
3064 status = NT_STATUS_DISK_FULL;
3065 goto fail;
3066 }
3067 } else {
3068 fsp->initial_allocation_size = smb_roundup(
3069 fsp->conn, (SMB_BIG_UINT)sbuf.st_size);
3070 }
3071 }
3072
3073 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3074
3075 *result = fsp;
3076 if (pinfo != NULL) {
3077 *pinfo = info;
3078 }
3079 if (psbuf != NULL) {
3080 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
3081 *psbuf = sbuf;
3082 }
3083 else {
3084 SMB_VFS_FSTAT(fsp, psbuf);
3085 }
3086 }
3087 return NT_STATUS_OK;
3088
3089 fail:
3090 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3091
3092 if (fsp != NULL) {
3093 if (base_fsp && fsp->base_fsp == base_fsp) {
3094 /*
3095 * The close_file below will close
3096 * fsp->base_fsp.
3097 */
3098 base_fsp = NULL;
3099 }
3100 close_file(fsp, ERROR_CLOSE);
3101 fsp = NULL;
3102 }
3103 if (base_fsp != NULL) {
3104 close_file(base_fsp, ERROR_CLOSE);
3105 base_fsp = NULL;
3106 }
3107 return status;
3108 }
3109
3110 NTSTATUS create_file(connection_struct *conn,
3111 struct smb_request *req,
3112 uint16_t root_dir_fid,
3113 const char *fname,
3114 uint32_t access_mask,
3115 uint32_t share_access,
3116 uint32_t create_disposition,
3117 uint32_t create_options,
3118 uint32_t file_attributes,
3119 uint32_t oplock_request,
3120 SMB_BIG_UINT allocation_size,
3121 struct security_descriptor *sd,
3122 struct ea_list *ea_list,
3123
3124 files_struct **result,
3125 int *pinfo,
3126 SMB_STRUCT_STAT *psbuf)
3127 {
3128 struct case_semantics_state *case_state = NULL;
3129 SMB_STRUCT_STAT sbuf;
3130 int info = FILE_WAS_OPENED;
3131 files_struct *fsp = NULL;
3132 NTSTATUS status;
3133
3134 DEBUG(10,("create_file: access_mask = 0x%x "
3135 "file_attributes = 0x%x, share_access = 0x%x, "
3136 "create_disposition = 0x%x create_options = 0x%x "
3137 "oplock_request = 0x%x "
3138 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3139 "fname = %s\n",
3140 (unsigned int)access_mask,
3141 (unsigned int)file_attributes,
3142 (unsigned int)share_access,
3143 (unsigned int)create_disposition,
3144 (unsigned int)create_options,
3145 (unsigned int)oplock_request,
3146 (unsigned int)root_dir_fid,
3147 ea_list, sd, fname));
3148
3149 /*
3150 * Get the file name.
3151 */
3152
3153 if (root_dir_fid != 0) {
3154 /*
3155 * This filename is relative to a directory fid.
3156 */
3157 char *parent_fname = NULL;
3158 files_struct *dir_fsp = file_fsp(root_dir_fid);
3159
3160 if (dir_fsp == NULL) {
3161 status = NT_STATUS_INVALID_HANDLE;
3162 goto fail;
3163 }
3164
3165 if (!dir_fsp->is_directory) {
3166
3167 /*
3168 * Check to see if this is a mac fork of some kind.
3169 */
3170
3171 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3172 is_ntfs_stream_name(fname)) {
3173 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3174 goto fail;
3175 }
3176
3177 /*
3178 we need to handle the case when we get a
3179 relative open relative to a file and the
3180 pathname is blank - this is a reopen!
3181 (hint from demyn plantenberg)
3182 */
3183
3184 status = NT_STATUS_INVALID_HANDLE;
3185 goto fail;
3186 }
3187
3188 if (ISDOT(dir_fsp->fsp_name)) {
3189 /*
3190 * We're at the toplevel dir, the final file name
3191 * must not contain ./, as this is filtered out
3192 * normally by srvstr_get_path and unix_convert
3193 * explicitly rejects paths containing ./.
3194 */
3195 parent_fname = talloc_strdup(talloc_tos(), "");
3196 if (parent_fname == NULL) {
3197 status = NT_STATUS_NO_MEMORY;
3198 goto fail;
3199 }
3200 } else {
3201 size_t dir_name_len = strlen(dir_fsp->fsp_name);
3202
3203 /*
3204 * Copy in the base directory name.
3205 */
3206
3207 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3208 dir_name_len+2);
3209 if (parent_fname == NULL) {
3210 status = NT_STATUS_NO_MEMORY;
3211 goto fail;
3212 }
3213 memcpy(parent_fname, dir_fsp->fsp_name,
3214 dir_name_len+1);
3215
3216 /*
3217 * Ensure it ends in a '/'.
3218 * We used TALLOC_SIZE +2 to add space for the '/'.
3219 */
3220
3221 if(dir_name_len
3222 && (parent_fname[dir_name_len-1] != '\\')
3223 && (parent_fname[dir_name_len-1] != '/')) {
3224 parent_fname[dir_name_len] = '/';
3225 parent_fname[dir_name_len+1] = '\0';
3226 }
3227 }
3228
3229 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3230 fname);
3231 if (fname == NULL) {
3232 status = NT_STATUS_NO_MEMORY;
3233 goto fail;
3234 }
3235 }
3236
3237 /*
3238 * Check to see if this is a mac fork of some kind.
3239 */
3240
3241 if (is_ntfs_stream_name(fname)) {
3242 enum FAKE_FILE_TYPE fake_file_type;
3243
3244 fake_file_type = is_fake_file(fname);
3245
3246 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3247
3248 /*
3249 * Here we go! support for changing the disk quotas
3250 * --metze
3251 *
3252 * We need to fake up to open this MAGIC QUOTA file
3253 * and return a valid FID.
3254 *
3255 * w2k close this file directly after openening xp
3256 * also tries a QUERY_FILE_INFO on the file and then
3257 * close it
3258 */
3259 status = open_fake_file(conn, req->vuid,
3260 fake_file_type, fname,
3261 access_mask, &fsp);
3262 if (!NT_STATUS_IS_OK(status)) {
3263 goto fail;
3264 }
3265
3266 ZERO_STRUCT(sbuf);
3267 goto done;
3268 }
3269
3270 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3271 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3272 goto fail;
3273 }
3274 }
3275
3276 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3277 char *resolved_fname;
3278
3279 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3280 &resolved_fname);
3281
3282 if (!NT_STATUS_IS_OK(status)) {
3283 /*
3284 * For PATH_NOT_COVERED we had
3285 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3286 * ERRSRV, ERRbadpath);
3287 * Need to fix in callers
3288 */
3289 goto fail;
3290 }
3291 fname = resolved_fname;
3292 }
3293
3294 /*
3295 * Check if POSIX semantics are wanted.
3296 */
3297
3298 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3299 case_state = set_posix_case_semantics(talloc_tos(), conn);
3300 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
3301 }
3302
3303 {
3304 char *converted_fname;
3305
3306 SET_STAT_INVALID(sbuf);
3307
3308 status = unix_convert(talloc_tos(), conn, fname, False,
3309 &converted_fname, NULL, &sbuf);
3310 if (!NT_STATUS_IS_OK(status)) {
3311 goto fail;
3312 }
3313 fname = converted_fname;
3314 }
3315
3316 TALLOC_FREE(case_state);
3317
3318 /* All file access must go through check_name() */
3319
3320 status = check_name(conn, fname);
3321 if (!NT_STATUS_IS_OK(status)) {
3322 goto fail;
3323 }
3324
3325 status = create_file_unixpath(
3326 conn, req, fname, access_mask, share_access,
3327 create_disposition, create_options, file_attributes,
3328 oplock_request, allocation_size, sd, ea_list,
3329 &fsp, &info, &sbuf);
3330
3331 if (!NT_STATUS_IS_OK(status)) {
3332 goto fail;
3333 }
3334
3335 done:
3336 DEBUG(10, ("create_file: info=%d\n", info));
3337
3338 *result = fsp;
3339 if (pinfo != NULL) {
3340 *pinfo = info;
3341 }
3342 if (psbuf != NULL) {
3343 *psbuf = sbuf;
3344 }
3345 return NT_STATUS_OK;
3346
3347 fail:
3348 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3349
3350 if (fsp != NULL) {
3351 close_file(fsp, ERROR_CLOSE);
3352 fsp = NULL;
3353 }
3354 return status;
3355 }
Samba GIT mirror