search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bug #11522).
[Samba.git] / source3 / smbd / filename.c
blob770d5a766e6a165fff725c7759661256bff9c2ed
1 /*
2 Unix SMB/CIFS implementation.
3 filename handling routines
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 1999-2007
6 Copyright (C) Ying Chen 2000
7 Copyright (C) Volker Lendecke 2007
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 /*
24 * New hash table stat cache code added by Ying Chen.
25 */
26
27 #include "includes.h"
28 #include "system/filesys.h"
29 #include "fake_file.h"
30 #include "smbd/smbd.h"
31 #include "smbd/globals.h"
32
33 static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx,
34 connection_struct *conn,
35 struct smb_filename *smb_fname);
36
37 /****************************************************************************
38 Mangle the 2nd name and check if it is then equal to the first name.
39 ****************************************************************************/
40
41 static bool mangled_equal(const char *name1,
42 const char *name2,
43 const struct share_params *p)
44 {
45 char mname[13];
46
47 if (!name_to_8_3(name2, mname, False, p)) {
48 return False;
49 }
50 return strequal(name1, mname);
51 }
52
53 /****************************************************************************
54 Cope with the differing wildcard and non-wildcard error cases.
55 ****************************************************************************/
56
57 static NTSTATUS determine_path_error(const char *name,
58 bool allow_wcard_last_component)
59 {
60 const char *p;
61
62 if (!allow_wcard_last_component) {
63 /* Error code within a pathname. */
64 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
65 }
66
67 /* We're terminating here so we
68 * can be a little slower and get
69 * the error code right. Windows
70 * treats the last part of the pathname
71 * separately I think, so if the last
72 * component is a wildcard then we treat
73 * this ./ as "end of component" */
74
75 p = strchr(name, '/');
76
77 if (!p && (ms_has_wild(name) || ISDOT(name))) {
78 /* Error code at the end of a pathname. */
79 return NT_STATUS_OBJECT_NAME_INVALID;
80 } else {
81 /* Error code within a pathname. */
82 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
83 }
84 }
85
86 static NTSTATUS check_for_dot_component(const struct smb_filename *smb_fname)
87 {
88 /* Ensure we catch all names with in "/."
89 this is disallowed under Windows and
90 in POSIX they've already been removed. */
91 const char *p = strstr(smb_fname->base_name, "/."); /*mb safe*/
92 if (p) {
93 if (p[2] == '/') {
94 /* Error code within a pathname. */
95 return NT_STATUS_OBJECT_PATH_NOT_FOUND;
96 } else if (p[2] == '\0') {
97 /* Error code at the end of a pathname. */
98 return NT_STATUS_OBJECT_NAME_INVALID;
99 }
100 }
101 return NT_STATUS_OK;
102 }
103
104 /****************************************************************************
105 Optimization for common case where the missing part
106 is in the last component and the client already
107 sent the correct case.
108 Returns NT_STATUS_OK to mean continue the tree walk
109 (possibly with modified start pointer).
110 Any other NT_STATUS_XXX error means terminate the path
111 lookup here.
112 ****************************************************************************/
113
114 static NTSTATUS check_parent_exists(TALLOC_CTX *ctx,
115 connection_struct *conn,
116 bool posix_pathnames,
117 const struct smb_filename *smb_fname,
118 char **pp_dirpath,
119 char **pp_start)
120 {
121 struct smb_filename parent_fname;
122 const char *last_component = NULL;
123 NTSTATUS status;
124 int ret;
125
126 ZERO_STRUCT(parent_fname);
127 if (!parent_dirname(ctx, smb_fname->base_name,
128 &parent_fname.base_name,
129 &last_component)) {
130 return NT_STATUS_NO_MEMORY;
131 }
132
133 /*
134 * If there was no parent component in
135 * smb_fname->base_name of the parent name
136 * contained a wildcard then don't do this
137 * optimization.
138 */
139 if ((smb_fname->base_name == last_component) ||
140 ms_has_wild(parent_fname.base_name)) {
141 return NT_STATUS_OK;
142 }
143
144 if (posix_pathnames) {
145 ret = SMB_VFS_LSTAT(conn, &parent_fname);
146 } else {
147 ret = SMB_VFS_STAT(conn, &parent_fname);
148 }
149
150 /* If the parent stat failed, just continue
151 with the normal tree walk. */
152
153 if (ret == -1) {
154 return NT_STATUS_OK;
155 }
156
157 status = check_for_dot_component(&parent_fname);
158 if (!NT_STATUS_IS_OK(status)) {
159 return status;
160 }
161
162 /* Parent exists - set "start" to be the
163 * last compnent to shorten the tree walk. */
164
165 /*
166 * Safe to use discard_const_p
167 * here as last_component points
168 * into our smb_fname->base_name.
169 */
170 *pp_start = discard_const_p(char, last_component);
171
172 /* Update dirpath. */
173 TALLOC_FREE(*pp_dirpath);
174 *pp_dirpath = talloc_strdup(ctx, parent_fname.base_name);
175 if (!*pp_dirpath) {
176 return NT_STATUS_NO_MEMORY;
177 }
178
179 DEBUG(5,("check_parent_exists: name "
180 "= %s, dirpath = %s, "
181 "start = %s\n",
182 smb_fname->base_name,
183 *pp_dirpath,
184 *pp_start));
185
186 return NT_STATUS_OK;
187 }
188
189 /****************************************************************************
190 This routine is called to convert names from the dos namespace to unix
191 namespace. It needs to handle any case conversions, mangling, format changes,
192 streams etc.
193
194 We assume that we have already done a chdir() to the right "root" directory
195 for this service.
196
197 The function will return an NTSTATUS error if some part of the name except for
198 the last part cannot be resolved, else NT_STATUS_OK.
199
200 Note NT_STATUS_OK doesn't mean the name exists or is valid, just that we
201 didn't get any fatal errors that should immediately terminate the calling SMB
202 processing whilst resolving.
203
204 If the UCF_SAVE_LCOMP flag is passed in, then the unmodified last component
205 of the pathname is set in smb_filename->original_lcomp.
206
207 If UCF_ALWAYS_ALLOW_WCARD_LCOMP is passed in, then a MS wildcard was detected
208 and should be allowed in the last component of the path only.
209
210 If the orig_path was a stream, smb_filename->base_name will point to the base
211 filename, and smb_filename->stream_name will point to the stream name. If
212 orig_path was not a stream, then smb_filename->stream_name will be NULL.
213
214 On exit from unix_convert, the smb_filename->st stat struct will be populated
215 if the file exists and was found, if not this stat struct will be filled with
216 zeros (and this can be detected by checking for nlinks = 0, which can never be
217 true for any file).
218 ****************************************************************************/
219
220 NTSTATUS unix_convert(TALLOC_CTX *ctx,
221 connection_struct *conn,
222 const char *orig_path,
223 struct smb_filename **smb_fname_out,
224 uint32_t ucf_flags)
225 {
226 struct smb_filename *smb_fname = NULL;
227 char *start, *end;
228 char *dirpath = NULL;
229 char *stream = NULL;
230 bool component_was_mangled = False;
231 bool name_has_wildcard = False;
232 bool posix_pathnames = false;
233 bool allow_wcard_last_component =
234 (ucf_flags & UCF_ALWAYS_ALLOW_WCARD_LCOMP);
235 bool save_last_component = ucf_flags & UCF_SAVE_LCOMP;
236 NTSTATUS status;
237 int ret = -1;
238
239 *smb_fname_out = NULL;
240
241 smb_fname = talloc_zero(ctx, struct smb_filename);
242 if (smb_fname == NULL) {
243 return NT_STATUS_NO_MEMORY;
244 }
245
246 if (conn->printer) {
247 /* we don't ever use the filenames on a printer share as a
248 filename - so don't convert them */
249 if (!(smb_fname->base_name = talloc_strdup(smb_fname,
250 orig_path))) {
251 status = NT_STATUS_NO_MEMORY;
252 goto err;
253 }
254 goto done;
255 }
256
257 DEBUG(5, ("unix_convert called on file \"%s\"\n", orig_path));
258
259 /*
260 * Conversion to basic unix format is already done in
261 * check_path_syntax().
262 */
263
264 /*
265 * Names must be relative to the root of the service - any leading /.
266 * and trailing /'s should have been trimmed by check_path_syntax().
267 */
268
269 #ifdef DEVELOPER
270 SMB_ASSERT(*orig_path != '/');
271 #endif
272
273 /*
274 * If we trimmed down to a single '\0' character
275 * then we should use the "." directory to avoid
276 * searching the cache, but not if we are in a
277 * printing share.
278 * As we know this is valid we can return true here.
279 */
280
281 if (!*orig_path) {
282 if (!(smb_fname->base_name = talloc_strdup(smb_fname, "."))) {
283 status = NT_STATUS_NO_MEMORY;
284 goto err;
285 }
286 if (SMB_VFS_STAT(conn, smb_fname) != 0) {
287 status = map_nt_error_from_unix(errno);
288 goto err;
289 }
290 DEBUG(5, ("conversion finished \"\" -> %s\n",
291 smb_fname->base_name));
292 goto done;
293 }
294
295 if (orig_path[0] == '.' && (orig_path[1] == '/' ||
296 orig_path[1] == '\0')) {
297 /* Start of pathname can't be "." only. */
298 if (orig_path[1] == '\0' || orig_path[2] == '\0') {
299 status = NT_STATUS_OBJECT_NAME_INVALID;
300 } else {
301 status =determine_path_error(&orig_path[2],
302 allow_wcard_last_component);
303 }
304 goto err;
305 }
306
307 /* Start with the full orig_path as given by the caller. */
308 if (!(smb_fname->base_name = talloc_strdup(smb_fname, orig_path))) {
309 DEBUG(0, ("talloc_strdup failed\n"));
310 status = NT_STATUS_NO_MEMORY;
311 goto err;
312 }
313
314 /*
315 * Large directory fix normalization. If we're case sensitive, and
316 * the case preserving parameters are set to "no", normalize the case of
317 * the incoming filename from the client WHETHER IT EXISTS OR NOT !
318 * This is in conflict with the current (3.0.20) man page, but is
319 * what people expect from the "large directory howto". I'll update
320 * the man page. Thanks to jht@samba.org for finding this. JRA.
321 */
322
323 if (conn->case_sensitive && !conn->case_preserve &&
324 !conn->short_case_preserve) {
325 if (!strnorm(smb_fname->base_name, lp_default_case(SNUM(conn)))) {
326 DEBUG(0, ("strnorm %s failed\n", smb_fname->base_name));
327 status = NT_STATUS_INVALID_PARAMETER;
328 goto err;
329 }
330 }
331
332 /*
333 * Ensure saved_last_component is valid even if file exists.
334 */
335
336 if(save_last_component) {
337 end = strrchr_m(smb_fname->base_name, '/');
338 if (end) {
339 smb_fname->original_lcomp = talloc_strdup(smb_fname,
340 end + 1);
341 } else {
342 smb_fname->original_lcomp =
343 talloc_strdup(smb_fname, smb_fname->base_name);
344 }
345 if (smb_fname->original_lcomp == NULL) {
346 status = NT_STATUS_NO_MEMORY;
347 goto err;
348 }
349 }
350
351 posix_pathnames = (lp_posix_pathnames() ||
352 (ucf_flags & UCF_POSIX_PATHNAMES));
353
354 /*
355 * Strip off the stream, and add it back when we're done with the
356 * base_name.
357 */
358 if (!posix_pathnames) {
359 stream = strchr_m(smb_fname->base_name, ':');
360
361 if (stream != NULL) {
362 char *tmp = talloc_strdup(smb_fname, stream);
363 if (tmp == NULL) {
364 status = NT_STATUS_NO_MEMORY;
365 goto err;
366 }
367 /*
368 * Since this is actually pointing into
369 * smb_fname->base_name this truncates base_name.
370 */
371 *stream = '\0';
372 stream = tmp;
373
374 if (smb_fname->base_name[0] == '\0') {
375 /*
376 * orig_name was just a stream name.
377 * This is a stream on the root of
378 * the share. Replace base_name with
379 * a "."
380 */
381 smb_fname->base_name =
382 talloc_strdup(smb_fname, ".");
383 if (smb_fname->base_name == NULL) {
384 status = NT_STATUS_NO_MEMORY;
385 goto err;
386 }
387 if (SMB_VFS_STAT(conn, smb_fname) != 0) {
388 status = map_nt_error_from_unix(errno);
389 goto err;
390 }
391 /* dirpath must exist. */
392 dirpath = talloc_strdup(ctx,"");
393 if (dirpath == NULL) {
394 status = NT_STATUS_NO_MEMORY;
395 goto err;
396 }
397 DEBUG(5, ("conversion finished %s -> %s\n",
398 orig_path,
399 smb_fname->base_name));
400 goto done;
401 }
402 }
403 }
404
405 start = smb_fname->base_name;
406
407 /*
408 * If we're providing case insensitive semantics or
409 * the underlying filesystem is case insensitive,
410 * then a case-normalized hit in the stat-cache is
411 * authoratitive. JRA.
412 *
413 * Note: We're only checking base_name. The stream_name will be
414 * added and verified in build_stream_path().
415 */
416
417 if((!conn->case_sensitive || !(conn->fs_capabilities &
418 FILE_CASE_SENSITIVE_SEARCH)) &&
419 stat_cache_lookup(conn, posix_pathnames, &smb_fname->base_name, &dirpath, &start,
420 &smb_fname->st)) {
421 goto done;
422 }
423
424 /*
425 * Make sure "dirpath" is an allocated string, we use this for
426 * building the directories with talloc_asprintf and free it.
427 */
428
429 if ((dirpath == NULL) && (!(dirpath = talloc_strdup(ctx,"")))) {
430 DEBUG(0, ("talloc_strdup failed\n"));
431 status = NT_STATUS_NO_MEMORY;
432 goto err;
433 }
434
435 /*
436 * If we have a wildcard we must walk the path to
437 * find where the error is, even if case sensitive
438 * is true.
439 */
440
441 name_has_wildcard = ms_has_wild(smb_fname->base_name);
442 if (name_has_wildcard && !allow_wcard_last_component) {
443 /* Wildcard not valid anywhere. */
444 status = NT_STATUS_OBJECT_NAME_INVALID;
445 goto fail;
446 }
447
448 DEBUG(5,("unix_convert begin: name = %s, dirpath = %s, start = %s\n",
449 smb_fname->base_name, dirpath, start));
450
451 if (!name_has_wildcard) {
452 /*
453 * stat the name - if it exists then we can add the stream back (if
454 * there was one) and be done!
455 */
456
457 if (posix_pathnames) {
458 ret = SMB_VFS_LSTAT(conn, smb_fname);
459 } else {
460 ret = SMB_VFS_STAT(conn, smb_fname);
461 }
462
463 if (ret == 0) {
464 status = check_for_dot_component(smb_fname);
465 if (!NT_STATUS_IS_OK(status)) {
466 goto fail;
467 }
468 /* Add the path (not including the stream) to the cache. */
469 stat_cache_add(orig_path, smb_fname->base_name,
470 conn->case_sensitive);
471 DEBUG(5,("conversion of base_name finished %s -> %s\n",
472 orig_path, smb_fname->base_name));
473 goto done;
474 }
475
476 /* Stat failed - ensure we don't use it. */
477 SET_STAT_INVALID(smb_fname->st);
478
479 if (errno == ENOENT) {
480 /* Optimization when creating a new file - only
481 the last component doesn't exist.
482 NOTE : check_parent_exists() doesn't preserve errno.
483 */
484 int saved_errno = errno;
485 status = check_parent_exists(ctx,
486 conn,
487 posix_pathnames,
488 smb_fname,
489 &dirpath,
490 &start);
491 errno = saved_errno;
492 if (!NT_STATUS_IS_OK(status)) {
493 goto fail;
494 }
495 }
496
497 /*
498 * A special case - if we don't have any wildcards or mangling chars and are case
499 * sensitive or the underlying filesystem is case insensitive then searching
500 * won't help.
501 */
502
503 if ((conn->case_sensitive || !(conn->fs_capabilities &
504 FILE_CASE_SENSITIVE_SEARCH)) &&
505 !mangle_is_mangled(smb_fname->base_name, conn->params)) {
506
507 status = check_for_dot_component(smb_fname);
508 if (!NT_STATUS_IS_OK(status)) {
509 goto fail;
510 }
511
512 /*
513 * The stat failed. Could be ok as it could be
514 * a new file.
515 */
516
517 if (errno == ENOTDIR || errno == ELOOP) {
518 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
519 goto fail;
520 } else if (errno == ENOENT) {
521 /*
522 * Was it a missing last component ?
523 * or a missing intermediate component ?
524 */
525 struct smb_filename parent_fname;
526 const char *last_component = NULL;
527
528 ZERO_STRUCT(parent_fname);
529 if (!parent_dirname(ctx, smb_fname->base_name,
530 &parent_fname.base_name,
531 &last_component)) {
532 status = NT_STATUS_NO_MEMORY;
533 goto fail;
534 }
535 if (posix_pathnames) {
536 ret = SMB_VFS_LSTAT(conn, &parent_fname);
537 } else {
538 ret = SMB_VFS_STAT(conn, &parent_fname);
539 }
540 if (ret == -1) {
541 if (errno == ENOTDIR ||
542 errno == ENOENT ||
543 errno == ELOOP) {
544 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
545 goto fail;
546 }
547 }
548
549 /*
550 * Missing last component is ok - new file.
551 * Also deal with permission denied elsewhere.
552 * Just drop out to done.
553 */
554 goto done;
555 }
556 }
557 } else {
558 /*
559 * We have a wildcard in the pathname.
560 *
561 * Optimization for common case where the wildcard
562 * is in the last component and the client already
563 * sent the correct case.
564 * NOTE : check_parent_exists() doesn't preserve errno.
565 */
566 int saved_errno = errno;
567 status = check_parent_exists(ctx,
568 conn,
569 posix_pathnames,
570 smb_fname,
571 &dirpath,
572 &start);
573 errno = saved_errno;
574 if (!NT_STATUS_IS_OK(status)) {
575 goto fail;
576 }
577 }
578
579 /*
580 * is_mangled() was changed to look at an entire pathname, not
581 * just a component. JRA.
582 */
583
584 if (mangle_is_mangled(start, conn->params)) {
585 component_was_mangled = True;
586 }
587
588 /*
589 * Now we need to recursively match the name against the real
590 * directory structure.
591 */
592
593 /*
594 * Match each part of the path name separately, trying the names
595 * as is first, then trying to scan the directory for matching names.
596 */
597
598 for (; start ; start = (end?end+1:(char *)NULL)) {
599 /*
600 * Pinpoint the end of this section of the filename.
601 */
602 /* mb safe. '/' can't be in any encoded char. */
603 end = strchr(start, '/');
604
605 /*
606 * Chop the name at this point.
607 */
608 if (end) {
609 *end = 0;
610 }
611
612 if (save_last_component) {
613 TALLOC_FREE(smb_fname->original_lcomp);
614 smb_fname->original_lcomp = talloc_strdup(smb_fname,
615 end ? end + 1 : start);
616 if (!smb_fname->original_lcomp) {
617 DEBUG(0, ("talloc failed\n"));
618 status = NT_STATUS_NO_MEMORY;
619 goto err;
620 }
621 }
622
623 /* The name cannot have a component of "." */
624
625 if (ISDOT(start)) {
626 if (!end) {
627 /* Error code at the end of a pathname. */
628 status = NT_STATUS_OBJECT_NAME_INVALID;
629 } else {
630 status = determine_path_error(end+1,
631 allow_wcard_last_component);
632 }
633 goto fail;
634 }
635
636 /* The name cannot have a wildcard if it's not
637 the last component. */
638
639 name_has_wildcard = ms_has_wild(start);
640
641 /* Wildcards never valid within a pathname. */
642 if (name_has_wildcard && end) {
643 status = NT_STATUS_OBJECT_NAME_INVALID;
644 goto fail;
645 }
646
647 /* Skip the stat call if it's a wildcard end. */
648 if (name_has_wildcard) {
649 DEBUG(5,("Wildcard %s\n",start));
650 goto done;
651 }
652
653 /*
654 * Check if the name exists up to this point.
655 */
656
657 if (posix_pathnames) {
658 ret = SMB_VFS_LSTAT(conn, smb_fname);
659 } else {
660 ret = SMB_VFS_STAT(conn, smb_fname);
661 }
662
663 if (ret == 0) {
664 /*
665 * It exists. it must either be a directory or this must
666 * be the last part of the path for it to be OK.
667 */
668 if (end && !S_ISDIR(smb_fname->st.st_ex_mode)) {
669 /*
670 * An intermediate part of the name isn't
671 * a directory.
672 */
673 DEBUG(5,("Not a dir %s\n",start));
674 *end = '/';
675 /*
676 * We need to return the fact that the
677 * intermediate name resolution failed. This
678 * is used to return an error of ERRbadpath
679 * rather than ERRbadfile. Some Windows
680 * applications depend on the difference between
681 * these two errors.
682 */
683 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
684 goto fail;
685 }
686
687 } else {
688 char *found_name = NULL;
689
690 /* Stat failed - ensure we don't use it. */
691 SET_STAT_INVALID(smb_fname->st);
692
693 /*
694 * Reset errno so we can detect
695 * directory open errors.
696 */
697 errno = 0;
698
699 /*
700 * Try to find this part of the path in the directory.
701 */
702
703 if (name_has_wildcard ||
704 (get_real_filename(conn, dirpath, start,
705 talloc_tos(),
706 &found_name) == -1)) {
707 char *unmangled;
708
709 if (end) {
710 /*
711 * An intermediate part of the name
712 * can't be found.
713 */
714 DEBUG(5,("Intermediate not found %s\n",
715 start));
716 *end = '/';
717
718 /*
719 * We need to return the fact that the
720 * intermediate name resolution failed.
721 * This is used to return an error of
722 * ERRbadpath rather than ERRbadfile.
723 * Some Windows applications depend on
724 * the difference between these two
725 * errors.
726 */
727
728 /*
729 * ENOENT, ENOTDIR and ELOOP all map
730 * to NT_STATUS_OBJECT_PATH_NOT_FOUND
731 * in the filename walk.
732 */
733
734 if (errno == ENOENT ||
735 errno == ENOTDIR ||
736 errno == ELOOP) {
737 status =
738 NT_STATUS_OBJECT_PATH_NOT_FOUND;
739 }
740 else {
741 status =
742 map_nt_error_from_unix(errno);
743 }
744 goto fail;
745 }
746
747 /*
748 * ENOENT/EACCESS are the only valid errors
749 * here.
750 */
751
752 if (errno == EACCES) {
753 if ((ucf_flags & UCF_PREP_CREATEFILE) == 0) {
754 status = NT_STATUS_ACCESS_DENIED;
755 goto fail;
756 } else {
757 /*
758 * This is the dropbox
759 * behaviour. A dropbox is a
760 * directory with only -wx
761 * permissions, so
762 * get_real_filename fails
763 * with EACCESS, it needs to
764 * list the directory. We
765 * nevertheless want to allow
766 * users creating a file.
767 */
768 errno = 0;
769 }
770 }
771
772 if ((errno != 0) && (errno != ENOENT)) {
773 /*
774 * ENOTDIR and ELOOP both map to
775 * NT_STATUS_OBJECT_PATH_NOT_FOUND
776 * in the filename walk.
777 */
778 if (errno == ENOTDIR ||
779 errno == ELOOP) {
780 status =
781 NT_STATUS_OBJECT_PATH_NOT_FOUND;
782 } else {
783 status =
784 map_nt_error_from_unix(errno);
785 }
786 goto fail;
787 }
788
789 /*
790 * Just the last part of the name doesn't exist.
791 * We need to strupper() or strlower() it as
792 * this conversion may be used for file creation
793 * purposes. Fix inspired by
794 * Thomas Neumann <t.neumann@iku-ag.de>.
795 */
796 if (!conn->case_preserve ||
797 (mangle_is_8_3(start, False,
798 conn->params) &&
799 !conn->short_case_preserve)) {
800 if (!strnorm(start,
801 lp_default_case(SNUM(conn)))) {
802 DEBUG(0, ("strnorm %s failed\n",
803 start));
804 status = NT_STATUS_INVALID_PARAMETER;
805 goto err;
806 }
807 }
808
809 /*
810 * check on the mangled stack to see if we can
811 * recover the base of the filename.
812 */
813
814 if (mangle_is_mangled(start, conn->params)
815 && mangle_lookup_name_from_8_3(ctx,
816 start,
817 &unmangled,
818 conn->params)) {
819 char *tmp;
820 size_t start_ofs =
821 start - smb_fname->base_name;
822
823 if (*dirpath != '\0') {
824 tmp = talloc_asprintf(
825 smb_fname, "%s/%s",
826 dirpath, unmangled);
827 TALLOC_FREE(unmangled);
828 }
829 else {
830 tmp = unmangled;
831 }
832 if (tmp == NULL) {
833 DEBUG(0, ("talloc failed\n"));
834 status = NT_STATUS_NO_MEMORY;
835 goto err;
836 }
837 TALLOC_FREE(smb_fname->base_name);
838 smb_fname->base_name = tmp;
839 start =
840 smb_fname->base_name + start_ofs;
841 end = start + strlen(start);
842 }
843
844 DEBUG(5,("New file %s\n",start));
845 goto done;
846 }
847
848
849 /*
850 * Restore the rest of the string. If the string was
851 * mangled the size may have changed.
852 */
853 if (end) {
854 char *tmp;
855 size_t start_ofs =
856 start - smb_fname->base_name;
857
858 if (*dirpath != '\0') {
859 tmp = talloc_asprintf(smb_fname,
860 "%s/%s/%s", dirpath,
861 found_name, end+1);
862 }
863 else {
864 tmp = talloc_asprintf(smb_fname,
865 "%s/%s", found_name,
866 end+1);
867 }
868 if (tmp == NULL) {
869 DEBUG(0, ("talloc_asprintf failed\n"));
870 status = NT_STATUS_NO_MEMORY;
871 goto err;
872 }
873 TALLOC_FREE(smb_fname->base_name);
874 smb_fname->base_name = tmp;
875 start = smb_fname->base_name + start_ofs;
876 end = start + strlen(found_name);
877 *end = '\0';
878 } else {
879 char *tmp;
880 size_t start_ofs =
881 start - smb_fname->base_name;
882
883 if (*dirpath != '\0') {
884 tmp = talloc_asprintf(smb_fname,
885 "%s/%s", dirpath,
886 found_name);
887 } else {
888 tmp = talloc_strdup(smb_fname,
889 found_name);
890 }
891 if (tmp == NULL) {
892 DEBUG(0, ("talloc failed\n"));
893 status = NT_STATUS_NO_MEMORY;
894 goto err;
895 }
896 TALLOC_FREE(smb_fname->base_name);
897 smb_fname->base_name = tmp;
898 start = smb_fname->base_name + start_ofs;
899
900 /*
901 * We just scanned for, and found the end of
902 * the path. We must return a valid stat struct
903 * if it exists. JRA.
904 */
905
906 if (posix_pathnames) {
907 ret = SMB_VFS_LSTAT(conn, smb_fname);
908 } else {
909 ret = SMB_VFS_STAT(conn, smb_fname);
910 }
911
912 if (ret != 0) {
913 SET_STAT_INVALID(smb_fname->st);
914 }
915 }
916
917 TALLOC_FREE(found_name);
918 } /* end else */
919
920 #ifdef DEVELOPER
921 /*
922 * This sucks!
923 * We should never provide different behaviors
924 * depending on DEVELOPER!!!
925 */
926 if (VALID_STAT(smb_fname->st)) {
927 bool delete_pending;
928 uint32_t name_hash;
929
930 status = file_name_hash(conn,
931 smb_fname_str_dbg(smb_fname),
932 &name_hash);
933 if (!NT_STATUS_IS_OK(status)) {
934 goto fail;
935 }
936
937 get_file_infos(vfs_file_id_from_sbuf(conn,
938 &smb_fname->st),
939 name_hash,
940 &delete_pending, NULL);
941 if (delete_pending) {
942 status = NT_STATUS_DELETE_PENDING;
943 goto fail;
944 }
945 }
946 #endif
947
948 /*
949 * Add to the dirpath that we have resolved so far.
950 */
951
952 if (*dirpath != '\0') {
953 char *tmp = talloc_asprintf(ctx,
954 "%s/%s", dirpath, start);
955 if (!tmp) {
956 DEBUG(0, ("talloc_asprintf failed\n"));
957 status = NT_STATUS_NO_MEMORY;
958 goto err;
959 }
960 TALLOC_FREE(dirpath);
961 dirpath = tmp;
962 }
963 else {
964 TALLOC_FREE(dirpath);
965 if (!(dirpath = talloc_strdup(ctx,start))) {
966 DEBUG(0, ("talloc_strdup failed\n"));
967 status = NT_STATUS_NO_MEMORY;
968 goto err;
969 }
970 }
971
972 /*
973 * Cache the dirpath thus far. Don't cache a name with mangled
974 * or wildcard components as this can change the size.
975 */
976 if(!component_was_mangled && !name_has_wildcard) {
977 stat_cache_add(orig_path, dirpath,
978 conn->case_sensitive);
979 }
980
981 /*
982 * Restore the / that we wiped out earlier.
983 */
984 if (end) {
985 *end = '/';
986 }
987 }
988
989 /*
990 * Cache the full path. Don't cache a name with mangled or wildcard
991 * components as this can change the size.
992 */
993
994 if(!component_was_mangled && !name_has_wildcard) {
995 stat_cache_add(orig_path, smb_fname->base_name,
996 conn->case_sensitive);
997 }
998
999 /*
1000 * The name has been resolved.
1001 */
1002
1003 DEBUG(5,("conversion finished %s -> %s\n", orig_path,
1004 smb_fname->base_name));
1005
1006 done:
1007 /* Add back the stream if one was stripped off originally. */
1008 if (stream != NULL) {
1009 smb_fname->stream_name = stream;
1010
1011 /* Check path now that the base_name has been converted. */
1012 status = build_stream_path(ctx, conn, smb_fname);
1013 if (!NT_STATUS_IS_OK(status)) {
1014 goto fail;
1015 }
1016 }
1017 TALLOC_FREE(dirpath);
1018 *smb_fname_out = smb_fname;
1019 return NT_STATUS_OK;
1020 fail:
1021 DEBUG(10, ("dirpath = [%s] start = [%s]\n", dirpath, start));
1022 if (dirpath && *dirpath != '\0') {
1023 smb_fname->base_name = talloc_asprintf(smb_fname, "%s/%s",
1024 dirpath, start);
1025 } else {
1026 smb_fname->base_name = talloc_strdup(smb_fname, start);
1027 }
1028 if (!smb_fname->base_name) {
1029 DEBUG(0, ("talloc_asprintf failed\n"));
1030 status = NT_STATUS_NO_MEMORY;
1031 goto err;
1032 }
1033
1034 *smb_fname_out = smb_fname;
1035 TALLOC_FREE(dirpath);
1036 return status;
1037 err:
1038 TALLOC_FREE(smb_fname);
1039 return status;
1040 }
1041
1042 /****************************************************************************
1043 Ensure a path is not vetod.
1044 ****************************************************************************/
1045
1046 NTSTATUS check_veto_path(connection_struct *conn, const char *name)
1047 {
1048 if (IS_VETO_PATH(conn, name)) {
1049 /* Is it not dot or dot dot. */
1050 if (!(ISDOT(name) || ISDOTDOT(name))) {
1051 DEBUG(5,("check_veto_path: file path name %s vetoed\n",
1052 name));
1053 return map_nt_error_from_unix(ENOENT);
1054 }
1055 }
1056 return NT_STATUS_OK;
1057 }
1058
1059 /****************************************************************************
1060 Check a filename - possibly calling check_reduced_name.
1061 This is called by every routine before it allows an operation on a filename.
1062 It does any final confirmation necessary to ensure that the filename is
1063 a valid one for the user to access.
1064 ****************************************************************************/
1065
1066 NTSTATUS check_name(connection_struct *conn, const char *name)
1067 {
1068 NTSTATUS status = check_veto_path(conn, name);
1069
1070 if (!NT_STATUS_IS_OK(status)) {
1071 return status;
1072 }
1073
1074 if (!lp_widelinks(SNUM(conn)) || !lp_follow_symlinks(SNUM(conn))) {
1075 status = check_reduced_name(conn,name);
1076 if (!NT_STATUS_IS_OK(status)) {
1077 DEBUG(5,("check_name: name %s failed with %s\n",name,
1078 nt_errstr(status)));
1079 return status;
1080 }
1081 }
1082
1083 return NT_STATUS_OK;
1084 }
1085
1086 /****************************************************************************
1087 Must be called as root. Creates the struct privilege_paths
1088 attached to the struct smb_request if this call is successful.
1089 ****************************************************************************/
1090
1091 static NTSTATUS check_name_with_privilege(connection_struct *conn,
1092 struct smb_request *smbreq,
1093 const char *name)
1094 {
1095 NTSTATUS status = check_veto_path(conn, name);
1096
1097 if (!NT_STATUS_IS_OK(status)) {
1098 return status;
1099 }
1100 return check_reduced_name_with_privilege(conn,
1101 name,
1102 smbreq);
1103 }
1104
1105 /****************************************************************************
1106 Check if two filenames are equal.
1107 This needs to be careful about whether we are case sensitive.
1108 ****************************************************************************/
1109
1110 static bool fname_equal(const char *name1, const char *name2,
1111 bool case_sensitive)
1112 {
1113 /* Normal filename handling */
1114 if (case_sensitive) {
1115 return(strcmp(name1,name2) == 0);
1116 }
1117
1118 return(strequal(name1,name2));
1119 }
1120
1121 /****************************************************************************
1122 Scan a directory to find a filename, matching without case sensitivity.
1123 If the name looks like a mangled name then try via the mangling functions
1124 ****************************************************************************/
1125
1126 static int get_real_filename_full_scan(connection_struct *conn,
1127 const char *path, const char *name,
1128 bool mangled,
1129 TALLOC_CTX *mem_ctx, char **found_name)
1130 {
1131 struct smb_Dir *cur_dir;
1132 const char *dname = NULL;
1133 char *talloced = NULL;
1134 char *unmangled_name = NULL;
1135 long curpos;
1136
1137 /* handle null paths */
1138 if ((path == NULL) || (*path == 0)) {
1139 path = ".";
1140 }
1141
1142 /* If we have a case-sensitive filesystem, it doesn't do us any
1143 * good to search for a name. If a case variation of the name was
1144 * there, then the original stat(2) would have found it.
1145 */
1146 if (!mangled && !(conn->fs_capabilities & FILE_CASE_SENSITIVE_SEARCH)) {
1147 errno = ENOENT;
1148 return -1;
1149 }
1150
1151 /*
1152 * The incoming name can be mangled, and if we de-mangle it
1153 * here it will not compare correctly against the filename (name2)
1154 * read from the directory and then mangled by the name_to_8_3()
1155 * call. We need to mangle both names or neither.
1156 * (JRA).
1157 *
1158 * Fix for bug found by Dina Fine. If in case sensitive mode then
1159 * the mangle cache is no good (3 letter extension could be wrong
1160 * case - so don't demangle in this case - leave as mangled and
1161 * allow the mangling of the directory entry read (which is done
1162 * case insensitively) to match instead. This will lead to more
1163 * false positive matches but we fail completely without it. JRA.
1164 */
1165
1166 if (mangled && !conn->case_sensitive) {
1167 mangled = !mangle_lookup_name_from_8_3(talloc_tos(), name,
1168 &unmangled_name,
1169 conn->params);
1170 if (!mangled) {
1171 /* Name is now unmangled. */
1172 name = unmangled_name;
1173 }
1174 }
1175
1176 /* open the directory */
1177 if (!(cur_dir = OpenDir(talloc_tos(), conn, path, NULL, 0))) {
1178 DEBUG(3,("scan dir didn't open dir [%s]\n",path));
1179 TALLOC_FREE(unmangled_name);
1180 return -1;
1181 }
1182
1183 /* now scan for matching names */
1184 curpos = 0;
1185 while ((dname = ReadDirName(cur_dir, &curpos, NULL, &talloced))) {
1186
1187 /* Is it dot or dot dot. */
1188 if (ISDOT(dname) || ISDOTDOT(dname)) {
1189 TALLOC_FREE(talloced);
1190 continue;
1191 }
1192
1193 /*
1194 * At this point dname is the unmangled name.
1195 * name is either mangled or not, depending on the state
1196 * of the "mangled" variable. JRA.
1197 */
1198
1199 /*
1200 * Check mangled name against mangled name, or unmangled name
1201 * against unmangled name.
1202 */
1203
1204 if ((mangled && mangled_equal(name,dname,conn->params)) ||
1205 fname_equal(name, dname, conn->case_sensitive)) {
1206 /* we've found the file, change it's name and return */
1207 *found_name = talloc_strdup(mem_ctx, dname);
1208 TALLOC_FREE(unmangled_name);
1209 TALLOC_FREE(cur_dir);
1210 if (!*found_name) {
1211 errno = ENOMEM;
1212 TALLOC_FREE(talloced);
1213 return -1;
1214 }
1215 TALLOC_FREE(talloced);
1216 return 0;
1217 }
1218 TALLOC_FREE(talloced);
1219 }
1220
1221 TALLOC_FREE(unmangled_name);
1222 TALLOC_FREE(cur_dir);
1223 errno = ENOENT;
1224 return -1;
1225 }
1226
1227 /****************************************************************************
1228 Wrapper around the vfs get_real_filename and the full directory scan
1229 fallback.
1230 ****************************************************************************/
1231
1232 int get_real_filename(connection_struct *conn, const char *path,
1233 const char *name, TALLOC_CTX *mem_ctx,
1234 char **found_name)
1235 {
1236 int ret;
1237 bool mangled;
1238
1239 mangled = mangle_is_mangled(name, conn->params);
1240
1241 if (mangled) {
1242 return get_real_filename_full_scan(conn, path, name, mangled,
1243 mem_ctx, found_name);
1244 }
1245
1246 /* Try the vfs first to take advantage of case-insensitive stat. */
1247 ret = SMB_VFS_GET_REAL_FILENAME(conn, path, name, mem_ctx, found_name);
1248
1249 /*
1250 * If the case-insensitive stat was successful, or returned an error
1251 * other than EOPNOTSUPP then there is no need to fall back on the
1252 * full directory scan.
1253 */
1254 if (ret == 0 || (ret == -1 && errno != EOPNOTSUPP)) {
1255 return ret;
1256 }
1257
1258 return get_real_filename_full_scan(conn, path, name, mangled, mem_ctx,
1259 found_name);
1260 }
1261
1262 static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx,
1263 connection_struct *conn,
1264 struct smb_filename *smb_fname)
1265 {
1266 NTSTATUS status;
1267 unsigned int i, num_streams = 0;
1268 struct stream_struct *streams = NULL;
1269
1270 if (SMB_VFS_STAT(conn, smb_fname) == 0) {
1271 DEBUG(10, ("'%s' exists\n", smb_fname_str_dbg(smb_fname)));
1272 return NT_STATUS_OK;
1273 }
1274
1275 if (errno != ENOENT) {
1276 DEBUG(10, ("vfs_stat failed: %s\n", strerror(errno)));
1277 status = map_nt_error_from_unix(errno);
1278 goto fail;
1279 }
1280
1281 /* Fall back to a case-insensitive scan of all streams on the file. */
1282 status = vfs_streaminfo(conn, NULL, smb_fname->base_name, mem_ctx,
1283 &num_streams, &streams);
1284
1285 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1286 SET_STAT_INVALID(smb_fname->st);
1287 return NT_STATUS_OK;
1288 }
1289
1290 if (!NT_STATUS_IS_OK(status)) {
1291 DEBUG(10, ("vfs_streaminfo failed: %s\n", nt_errstr(status)));
1292 goto fail;
1293 }
1294
1295 for (i=0; i<num_streams; i++) {
1296 DEBUG(10, ("comparing [%s] and [%s]: ",
1297 smb_fname->stream_name, streams[i].name));
1298 if (fname_equal(smb_fname->stream_name, streams[i].name,
1299 conn->case_sensitive)) {
1300 DEBUGADD(10, ("equal\n"));
1301 break;
1302 }
1303 DEBUGADD(10, ("not equal\n"));
1304 }
1305
1306 /* Couldn't find the stream. */
1307 if (i == num_streams) {
1308 SET_STAT_INVALID(smb_fname->st);
1309 TALLOC_FREE(streams);
1310 return NT_STATUS_OK;
1311 }
1312
1313 DEBUG(10, ("case insensitive stream. requested: %s, actual: %s\n",
1314 smb_fname->stream_name, streams[i].name));
1315
1316
1317 TALLOC_FREE(smb_fname->stream_name);
1318 smb_fname->stream_name = talloc_strdup(smb_fname, streams[i].name);
1319 if (smb_fname->stream_name == NULL) {
1320 status = NT_STATUS_NO_MEMORY;
1321 goto fail;
1322 }
1323
1324 SET_STAT_INVALID(smb_fname->st);
1325
1326 if (SMB_VFS_STAT(conn, smb_fname) == 0) {
1327 DEBUG(10, ("'%s' exists\n", smb_fname_str_dbg(smb_fname)));
1328 }
1329 status = NT_STATUS_OK;
1330 fail:
1331 TALLOC_FREE(streams);
1332 return status;
1333 }
1334
1335 /**
1336 * Go through all the steps to validate a filename.
1337 *
1338 * @param ctx talloc_ctx to allocate memory with.
1339 * @param conn connection struct for vfs calls.
1340 * @param dfs_path Whether this path requires dfs resolution.
1341 * @param smbreq SMB request if we're using privileges.
1342 * @param name_in The unconverted name.
1343 * @param ucf_flags flags to pass through to unix_convert().
1344 * UCF_ALWAYS_ALLOW_WCARD_LCOMP will be OR'd in if
1345 * p_cont_wcard != NULL and is true and
1346 * UCF_COND_ALLOW_WCARD_LCOMP.
1347 * @param p_cont_wcard If not NULL, will be set to true if the dfs path
1348 * resolution detects a wildcard.
1349 * @param pp_smb_fname The final converted name will be allocated if the
1350 * return is NT_STATUS_OK.
1351 *
1352 * @return NT_STATUS_OK if all operations completed succesfully, appropriate
1353 * error otherwise.
1354 */
1355 static NTSTATUS filename_convert_internal(TALLOC_CTX *ctx,
1356 connection_struct *conn,
1357 bool dfs_path,
1358 struct smb_request *smbreq,
1359 const char *name_in,
1360 uint32_t ucf_flags,
1361 bool *ppath_contains_wcard,
1362 struct smb_filename **pp_smb_fname)
1363 {
1364 NTSTATUS status;
1365 bool allow_wcards = (ucf_flags & (UCF_COND_ALLOW_WCARD_LCOMP|UCF_ALWAYS_ALLOW_WCARD_LCOMP));
1366 char *fname = NULL;
1367
1368 *pp_smb_fname = NULL;
1369
1370 status = resolve_dfspath_wcard(ctx, conn,
1371 dfs_path,
1372 name_in,
1373 allow_wcards,
1374 !conn->sconn->using_smb2,
1375 &fname,
1376 ppath_contains_wcard);
1377 if (!NT_STATUS_IS_OK(status)) {
1378 DEBUG(10,("filename_convert_internal: resolve_dfspath failed "
1379 "for name %s with %s\n",
1380 name_in,
1381 nt_errstr(status) ));
1382 return status;
1383 }
1384
1385 if (is_fake_file_path(name_in)) {
1386 SMB_STRUCT_STAT st;
1387 ZERO_STRUCT(st);
1388 st.st_ex_nlink = 1;
1389 *pp_smb_fname = synthetic_smb_fname_split(ctx,
1390 name_in,
1391 &st);
1392 if (*pp_smb_fname == NULL) {
1393 return NT_STATUS_NO_MEMORY;
1394 }
1395 return NT_STATUS_OK;
1396 }
1397
1398 /*
1399 * If the caller conditionally allows wildcard lookups, only add the
1400 * always allow if the path actually does contain a wildcard.
1401 */
1402 if (ucf_flags & UCF_COND_ALLOW_WCARD_LCOMP &&
1403 ppath_contains_wcard != NULL && *ppath_contains_wcard) {
1404 ucf_flags |= UCF_ALWAYS_ALLOW_WCARD_LCOMP;
1405 }
1406
1407 status = unix_convert(ctx, conn, fname, pp_smb_fname, ucf_flags);
1408 if (!NT_STATUS_IS_OK(status)) {
1409 DEBUG(10,("filename_convert_internal: unix_convert failed "
1410 "for name %s with %s\n",
1411 fname,
1412 nt_errstr(status) ));
1413 return status;
1414 }
1415
1416 if ((ucf_flags & UCF_UNIX_NAME_LOOKUP) &&
1417 VALID_STAT((*pp_smb_fname)->st) &&
1418 S_ISLNK((*pp_smb_fname)->st.st_ex_mode)) {
1419 return check_veto_path(conn, (*pp_smb_fname)->base_name);
1420 }
1421
1422 if (!smbreq) {
1423 status = check_name(conn, (*pp_smb_fname)->base_name);
1424 } else {
1425 status = check_name_with_privilege(conn, smbreq, (*pp_smb_fname)->base_name);
1426 }
1427 if (!NT_STATUS_IS_OK(status)) {
1428 DEBUG(3,("filename_convert_internal: check_name failed "
1429 "for name %s with %s\n",
1430 smb_fname_str_dbg(*pp_smb_fname),
1431 nt_errstr(status) ));
1432 TALLOC_FREE(*pp_smb_fname);
1433 return status;
1434 }
1435
1436 return status;
1437 }
1438
1439 /*
1440 * Go through all the steps to validate a filename.
1441 * Non-root version.
1442 */
1443
1444 NTSTATUS filename_convert(TALLOC_CTX *ctx,
1445 connection_struct *conn,
1446 bool dfs_path,
1447 const char *name_in,
1448 uint32_t ucf_flags,
1449 bool *ppath_contains_wcard,
1450 struct smb_filename **pp_smb_fname)
1451 {
1452 return filename_convert_internal(ctx,
1453 conn,
1454 dfs_path,
1455 NULL,
1456 name_in,
1457 ucf_flags,
1458 ppath_contains_wcard,
1459 pp_smb_fname);
1460 }
1461
1462 /*
1463 * Go through all the steps to validate a filename.
1464 * root (privileged) version.
1465 */
1466
1467 NTSTATUS filename_convert_with_privilege(TALLOC_CTX *ctx,
1468 connection_struct *conn,
1469 struct smb_request *smbreq,
1470 const char *name_in,
1471 uint32_t ucf_flags,
1472 bool *ppath_contains_wcard,
1473 struct smb_filename **pp_smb_fname)
1474 {
1475 return filename_convert_internal(ctx,
1476 conn,
1477 smbreq->flags2 & FLAGS2_DFS_PATHNAMES,
1478 smbreq,
1479 name_in,
1480 ucf_flags,
1481 ppath_contains_wcard,
1482 pp_smb_fname);
1483 }
Samba GIT mirror