search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix a typo - should be '&&' not '&' when checking for privileges.
[Samba/wip.git] / source3 / smbd / open.c
blob80756d6641f64020889ba2fb29da12812fb8e77a
1 /*
2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "printing.h"
24 #include "smbd/globals.h"
25 #include "fake_file.h"
26 #include "librpc/gen_ndr/messaging.h"
27 #include "../libcli/security/security.h"
28 #include "../librpc/gen_ndr/ndr_security.h"
29
30 extern const struct generic_mapping file_generic_mapping;
31
32 struct deferred_open_record {
33 bool delayed_for_oplocks;
34 struct file_id id;
35 };
36
37 /****************************************************************************
38 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
39 ****************************************************************************/
40
41 NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
42 const struct security_descriptor *sd,
43 const struct security_token *token,
44 uint32_t access_desired,
45 uint32_t *access_granted)
46 {
47 *access_granted = 0;
48
49 if (get_current_uid(conn) == (uid_t)0) {
50 /* I'm sorry sir, I didn't know you were root... */
51 *access_granted = access_desired;
52 if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
53 *access_granted |= FILE_GENERIC_ALL;
54 }
55 return NT_STATUS_OK;
56 }
57
58 return se_access_check(sd,
59 token,
60 (access_desired & ~FILE_READ_ATTRIBUTES),
61 access_granted);
62 }
63
64 /****************************************************************************
65 Check if we have open rights.
66 ****************************************************************************/
67
68 NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
69 const struct smb_filename *smb_fname,
70 uint32_t access_mask,
71 uint32_t *access_granted)
72 {
73 /* Check if we have rights to open. */
74 NTSTATUS status;
75 struct security_descriptor *sd = NULL;
76
77 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
78 (SECINFO_OWNER |
79 SECINFO_GROUP |
80 SECINFO_DACL),&sd);
81
82 if (!NT_STATUS_IS_OK(status)) {
83 DEBUG(10, ("smbd_check_open_rights: Could not get acl "
84 "on %s: %s\n",
85 smb_fname_str_dbg(smb_fname),
86 nt_errstr(status)));
87 return status;
88 }
89
90 status = smb1_file_se_access_check(conn,
91 sd,
92 get_current_nttok(conn),
93 access_mask,
94 access_granted);
95
96 DEBUG(10,("smbd_check_open_rights: file %s requesting "
97 "0x%x returning 0x%x (%s)\n",
98 smb_fname_str_dbg(smb_fname),
99 (unsigned int)access_mask,
100 (unsigned int)*access_granted,
101 nt_errstr(status) ));
102
103 if (!NT_STATUS_IS_OK(status)) {
104 if (DEBUGLEVEL >= 10) {
105 DEBUG(10,("smbd_check_open_rights: acl for %s is:\n",
106 smb_fname_str_dbg(smb_fname) ));
107 NDR_PRINT_DEBUG(security_descriptor, sd);
108 }
109 }
110
111 TALLOC_FREE(sd);
112
113 return status;
114 }
115
116 /****************************************************************************
117 fd support routines - attempt to do a dos_open.
118 ****************************************************************************/
119
120 static NTSTATUS fd_open(struct connection_struct *conn,
121 files_struct *fsp,
122 int flags,
123 mode_t mode)
124 {
125 struct smb_filename *smb_fname = fsp->fsp_name;
126 NTSTATUS status = NT_STATUS_OK;
127
128 #ifdef O_NOFOLLOW
129 /*
130 * Never follow symlinks on a POSIX client. The
131 * client should be doing this.
132 */
133
134 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
135 flags |= O_NOFOLLOW;
136 }
137 #endif
138
139 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
140 if (fsp->fh->fd == -1) {
141 status = map_nt_error_from_unix(errno);
142 if (errno == EMFILE) {
143 static time_t last_warned = 0L;
144
145 if (time((time_t *) NULL) > last_warned) {
146 DEBUG(0,("Too many open files, unable "
147 "to open more! smbd's max "
148 "open files = %d\n",
149 lp_max_open_files()));
150 last_warned = time((time_t *) NULL);
151 }
152 }
153
154 }
155
156 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
157 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
158 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
159
160 return status;
161 }
162
163 /****************************************************************************
164 Close the file associated with a fsp.
165 ****************************************************************************/
166
167 NTSTATUS fd_close(files_struct *fsp)
168 {
169 int ret;
170
171 if (fsp->fh->fd == -1) {
172 return NT_STATUS_OK; /* What we used to call a stat open. */
173 }
174 if (fsp->fh->ref_count > 1) {
175 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
176 }
177
178 ret = SMB_VFS_CLOSE(fsp);
179 fsp->fh->fd = -1;
180 if (ret == -1) {
181 return map_nt_error_from_unix(errno);
182 }
183 return NT_STATUS_OK;
184 }
185
186 /****************************************************************************
187 Change the ownership of a file to that of the parent directory.
188 Do this by fd if possible.
189 ****************************************************************************/
190
191 void change_file_owner_to_parent(connection_struct *conn,
192 const char *inherit_from_dir,
193 files_struct *fsp)
194 {
195 struct smb_filename *smb_fname_parent = NULL;
196 NTSTATUS status;
197 int ret;
198
199 status = create_synthetic_smb_fname(talloc_tos(), inherit_from_dir,
200 NULL, NULL, &smb_fname_parent);
201 if (!NT_STATUS_IS_OK(status)) {
202 return;
203 }
204
205 ret = SMB_VFS_STAT(conn, smb_fname_parent);
206 if (ret == -1) {
207 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
208 "directory %s. Error was %s\n",
209 smb_fname_str_dbg(smb_fname_parent),
210 strerror(errno)));
211 return;
212 }
213
214 become_root();
215 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
216 unbecome_root();
217 if (ret == -1) {
218 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
219 "file %s to parent directory uid %u. Error "
220 "was %s\n", fsp_str_dbg(fsp),
221 (unsigned int)smb_fname_parent->st.st_ex_uid,
222 strerror(errno) ));
223 }
224
225 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
226 "parent directory uid %u.\n", fsp_str_dbg(fsp),
227 (unsigned int)smb_fname_parent->st.st_ex_uid));
228
229 TALLOC_FREE(smb_fname_parent);
230 }
231
232 NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
233 const char *inherit_from_dir,
234 const char *fname,
235 SMB_STRUCT_STAT *psbuf)
236 {
237 struct smb_filename *smb_fname_parent = NULL;
238 struct smb_filename *smb_fname_cwd = NULL;
239 char *saved_dir = NULL;
240 TALLOC_CTX *ctx = talloc_tos();
241 NTSTATUS status = NT_STATUS_OK;
242 int ret;
243
244 status = create_synthetic_smb_fname(ctx, inherit_from_dir, NULL, NULL,
245 &smb_fname_parent);
246 if (!NT_STATUS_IS_OK(status)) {
247 return status;
248 }
249
250 ret = SMB_VFS_STAT(conn, smb_fname_parent);
251 if (ret == -1) {
252 status = map_nt_error_from_unix(errno);
253 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
254 "directory %s. Error was %s\n",
255 smb_fname_str_dbg(smb_fname_parent),
256 strerror(errno)));
257 goto out;
258 }
259
260 /* We've already done an lstat into psbuf, and we know it's a
261 directory. If we can cd into the directory and the dev/ino
262 are the same then we can safely chown without races as
263 we're locking the directory in place by being in it. This
264 should work on any UNIX (thanks tridge :-). JRA.
265 */
266
267 saved_dir = vfs_GetWd(ctx,conn);
268 if (!saved_dir) {
269 status = map_nt_error_from_unix(errno);
270 DEBUG(0,("change_dir_owner_to_parent: failed to get "
271 "current working directory. Error was %s\n",
272 strerror(errno)));
273 goto out;
274 }
275
276 /* Chdir into the new path. */
277 if (vfs_ChDir(conn, fname) == -1) {
278 status = map_nt_error_from_unix(errno);
279 DEBUG(0,("change_dir_owner_to_parent: failed to change "
280 "current working directory to %s. Error "
281 "was %s\n", fname, strerror(errno) ));
282 goto chdir;
283 }
284
285 status = create_synthetic_smb_fname(ctx, ".", NULL, NULL,
286 &smb_fname_cwd);
287 if (!NT_STATUS_IS_OK(status)) {
288 return status;
289 }
290
291 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
292 if (ret == -1) {
293 status = map_nt_error_from_unix(errno);
294 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
295 "directory '.' (%s) Error was %s\n",
296 fname, strerror(errno)));
297 goto chdir;
298 }
299
300 /* Ensure we're pointing at the same place. */
301 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
302 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino ||
303 smb_fname_cwd->st.st_ex_mode != psbuf->st_ex_mode ) {
304 DEBUG(0,("change_dir_owner_to_parent: "
305 "device/inode/mode on directory %s changed. "
306 "Refusing to chown !\n", fname ));
307 status = NT_STATUS_ACCESS_DENIED;
308 goto chdir;
309 }
310
311 become_root();
312 ret = SMB_VFS_CHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
313 (gid_t)-1);
314 unbecome_root();
315 if (ret == -1) {
316 status = map_nt_error_from_unix(errno);
317 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
318 "directory %s to parent directory uid %u. "
319 "Error was %s\n", fname,
320 (unsigned int)smb_fname_parent->st.st_ex_uid,
321 strerror(errno) ));
322 goto chdir;
323 }
324
325 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
326 "directory %s to parent directory uid %u.\n",
327 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
328
329 chdir:
330 vfs_ChDir(conn,saved_dir);
331 out:
332 TALLOC_FREE(smb_fname_parent);
333 TALLOC_FREE(smb_fname_cwd);
334 return status;
335 }
336
337 /****************************************************************************
338 Open a file.
339 ****************************************************************************/
340
341 static NTSTATUS open_file(files_struct *fsp,
342 connection_struct *conn,
343 struct smb_request *req,
344 const char *parent_dir,
345 int flags,
346 mode_t unx_mode,
347 uint32 access_mask, /* client requested access mask. */
348 uint32 open_access_mask) /* what we're actually using in the open. */
349 {
350 struct smb_filename *smb_fname = fsp->fsp_name;
351 NTSTATUS status = NT_STATUS_OK;
352 int accmode = (flags & O_ACCMODE);
353 int local_flags = flags;
354 bool file_existed = VALID_STAT(fsp->fsp_name->st);
355
356 fsp->fh->fd = -1;
357 errno = EPERM;
358
359 /* Check permissions */
360
361 /*
362 * This code was changed after seeing a client open request
363 * containing the open mode of (DENY_WRITE/read-only) with
364 * the 'create if not exist' bit set. The previous code
365 * would fail to open the file read only on a read-only share
366 * as it was checking the flags parameter directly against O_RDONLY,
367 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
368 * JRA.
369 */
370
371 if (!CAN_WRITE(conn)) {
372 /* It's a read-only share - fail if we wanted to write. */
373 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
374 DEBUG(3,("Permission denied opening %s\n",
375 smb_fname_str_dbg(smb_fname)));
376 return NT_STATUS_ACCESS_DENIED;
377 } else if(flags & O_CREAT) {
378 /* We don't want to write - but we must make sure that
379 O_CREAT doesn't create the file if we have write
380 access into the directory.
381 */
382 flags &= ~(O_CREAT|O_EXCL);
383 local_flags &= ~(O_CREAT|O_EXCL);
384 }
385 }
386
387 /*
388 * This little piece of insanity is inspired by the
389 * fact that an NT client can open a file for O_RDONLY,
390 * but set the create disposition to FILE_EXISTS_TRUNCATE.
391 * If the client *can* write to the file, then it expects to
392 * truncate the file, even though it is opening for readonly.
393 * Quicken uses this stupid trick in backup file creation...
394 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
395 * for helping track this one down. It didn't bite us in 2.0.x
396 * as we always opened files read-write in that release. JRA.
397 */
398
399 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
400 DEBUG(10,("open_file: truncate requested on read-only open "
401 "for file %s\n", smb_fname_str_dbg(smb_fname)));
402 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
403 }
404
405 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
406 (!file_existed && (local_flags & O_CREAT)) ||
407 ((local_flags & O_TRUNC) == O_TRUNC) ) {
408 const char *wild;
409
410 /*
411 * We can't actually truncate here as the file may be locked.
412 * open_file_ntcreate will take care of the truncate later. JRA.
413 */
414
415 local_flags &= ~O_TRUNC;
416
417 #if defined(O_NONBLOCK) && defined(S_ISFIFO)
418 /*
419 * We would block on opening a FIFO with no one else on the
420 * other end. Do what we used to do and add O_NONBLOCK to the
421 * open flags. JRA.
422 */
423
424 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
425 local_flags |= O_NONBLOCK;
426 }
427 #endif
428
429 /* Don't create files with Microsoft wildcard characters. */
430 if (fsp->base_fsp) {
431 /*
432 * wildcard characters are allowed in stream names
433 * only test the basefilename
434 */
435 wild = fsp->base_fsp->fsp_name->base_name;
436 } else {
437 wild = smb_fname->base_name;
438 }
439 if ((local_flags & O_CREAT) && !file_existed &&
440 ms_has_wild(wild)) {
441 return NT_STATUS_OBJECT_NAME_INVALID;
442 }
443
444 /* Actually do the open */
445 status = fd_open(conn, fsp, local_flags, unx_mode);
446 if (!NT_STATUS_IS_OK(status)) {
447 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
448 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
449 nt_errstr(status),local_flags,flags));
450 return status;
451 }
452
453 if ((local_flags & O_CREAT) && !file_existed) {
454
455 /* Inherit the ACL if required */
456 if (lp_inherit_perms(SNUM(conn))) {
457 inherit_access_posix_acl(conn, parent_dir,
458 smb_fname->base_name,
459 unx_mode);
460 }
461
462 /* Change the owner if required. */
463 if (lp_inherit_owner(SNUM(conn))) {
464 change_file_owner_to_parent(conn, parent_dir,
465 fsp);
466 }
467
468 notify_fname(conn, NOTIFY_ACTION_ADDED,
469 FILE_NOTIFY_CHANGE_FILE_NAME,
470 smb_fname->base_name);
471 }
472
473 } else {
474 fsp->fh->fd = -1; /* What we used to call a stat open. */
475 if (file_existed) {
476 uint32_t access_granted = 0;
477
478 status = smbd_check_open_rights(conn,
479 smb_fname,
480 access_mask,
481 &access_granted);
482 if (!NT_STATUS_IS_OK(status)) {
483 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
484 /*
485 * On NT_STATUS_ACCESS_DENIED, access_granted
486 * contains the denied bits.
487 */
488
489 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
490 (access_granted & FILE_WRITE_ATTRIBUTES) &&
491 (lp_map_readonly(SNUM(conn)) ||
492 lp_map_archive(SNUM(conn)) ||
493 lp_map_hidden(SNUM(conn)) ||
494 lp_map_system(SNUM(conn)))) {
495 access_granted &= ~FILE_WRITE_ATTRIBUTES;
496
497 DEBUG(10,("open_file: "
498 "overrode "
499 "FILE_WRITE_"
500 "ATTRIBUTES "
501 "on file %s\n",
502 smb_fname_str_dbg(
503 smb_fname)));
504 }
505
506 if ((access_mask & DELETE_ACCESS) &&
507 (access_granted & DELETE_ACCESS) &&
508 can_delete_file_in_directory(conn,
509 smb_fname)) {
510 /* Were we trying to do a stat open
511 * for delete and didn't get DELETE
512 * access (only) ? Check if the
513 * directory allows DELETE_CHILD.
514 * See here:
515 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
516 * for details. */
517
518 access_granted &= ~DELETE_ACCESS;
519
520 DEBUG(10,("open_file: "
521 "overrode "
522 "DELETE_ACCESS on "
523 "file %s\n",
524 smb_fname_str_dbg(
525 smb_fname)));
526 }
527
528 if (access_granted != 0) {
529 DEBUG(10,("open_file: Access "
530 "denied on file "
531 "%s\n",
532 smb_fname_str_dbg(
533 smb_fname)));
534 return status;
535 }
536 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
537 fsp->posix_open &&
538 S_ISLNK(smb_fname->st.st_ex_mode)) {
539 /* This is a POSIX stat open for delete
540 * or rename on a symlink that points
541 * nowhere. Allow. */
542 DEBUG(10,("open_file: allowing POSIX "
543 "open on bad symlink %s\n",
544 smb_fname_str_dbg(
545 smb_fname)));
546 } else {
547 DEBUG(10,("open_file: "
548 "smbd_check_open_rights on file "
549 "%s returned %s\n",
550 smb_fname_str_dbg(smb_fname),
551 nt_errstr(status) ));
552 return status;
553 }
554 }
555 }
556 }
557
558 if (!file_existed) {
559 int ret;
560
561 if (fsp->fh->fd == -1) {
562 ret = SMB_VFS_STAT(conn, smb_fname);
563 } else {
564 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
565 /* If we have an fd, this stat should succeed. */
566 if (ret == -1) {
567 DEBUG(0,("Error doing fstat on open file %s "
568 "(%s)\n",
569 smb_fname_str_dbg(smb_fname),
570 strerror(errno) ));
571 }
572 }
573
574 /* For a non-io open, this stat failing means file not found. JRA */
575 if (ret == -1) {
576 status = map_nt_error_from_unix(errno);
577 fd_close(fsp);
578 return status;
579 }
580 }
581
582 /*
583 * POSIX allows read-only opens of directories. We don't
584 * want to do this (we use a different code path for this)
585 * so catch a directory open and return an EISDIR. JRA.
586 */
587
588 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
589 fd_close(fsp);
590 errno = EISDIR;
591 return NT_STATUS_FILE_IS_A_DIRECTORY;
592 }
593
594 fsp->mode = smb_fname->st.st_ex_mode;
595 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
596 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
597 fsp->file_pid = req ? req->smbpid : 0;
598 fsp->can_lock = True;
599 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
600 if (!CAN_WRITE(conn)) {
601 fsp->can_write = False;
602 } else {
603 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
604 True : False;
605 }
606 fsp->print_file = NULL;
607 fsp->modified = False;
608 fsp->sent_oplock_break = NO_BREAK_SENT;
609 fsp->is_directory = False;
610 if (conn->aio_write_behind_list &&
611 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
612 conn->case_sensitive)) {
613 fsp->aio_write_behind = True;
614 }
615
616 fsp->wcp = NULL; /* Write cache pointer. */
617
618 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
619 conn->server_info->unix_name,
620 smb_fname_str_dbg(smb_fname),
621 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
622 conn->num_files_open));
623
624 errno = 0;
625 return NT_STATUS_OK;
626 }
627
628 /*******************************************************************
629 Return True if the filename is one of the special executable types.
630 ********************************************************************/
631
632 bool is_executable(const char *fname)
633 {
634 if ((fname = strrchr_m(fname,'.'))) {
635 if (strequal(fname,".com") ||
636 strequal(fname,".dll") ||
637 strequal(fname,".exe") ||
638 strequal(fname,".sym")) {
639 return True;
640 }
641 }
642 return False;
643 }
644
645 /****************************************************************************
646 Check if we can open a file with a share mode.
647 Returns True if conflict, False if not.
648 ****************************************************************************/
649
650 static bool share_conflict(struct share_mode_entry *entry,
651 uint32 access_mask,
652 uint32 share_access)
653 {
654 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
655 "entry->share_access = 0x%x, "
656 "entry->private_options = 0x%x\n",
657 (unsigned int)entry->access_mask,
658 (unsigned int)entry->share_access,
659 (unsigned int)entry->private_options));
660
661 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
662 (unsigned int)access_mask, (unsigned int)share_access));
663
664 if ((entry->access_mask & (FILE_WRITE_DATA|
665 FILE_APPEND_DATA|
666 FILE_READ_DATA|
667 FILE_EXECUTE|
668 DELETE_ACCESS)) == 0) {
669 DEBUG(10,("share_conflict: No conflict due to "
670 "entry->access_mask = 0x%x\n",
671 (unsigned int)entry->access_mask ));
672 return False;
673 }
674
675 if ((access_mask & (FILE_WRITE_DATA|
676 FILE_APPEND_DATA|
677 FILE_READ_DATA|
678 FILE_EXECUTE|
679 DELETE_ACCESS)) == 0) {
680 DEBUG(10,("share_conflict: No conflict due to "
681 "access_mask = 0x%x\n",
682 (unsigned int)access_mask ));
683 return False;
684 }
685
686 #if 1 /* JRA TEST - Superdebug. */
687 #define CHECK_MASK(num, am, right, sa, share) \
688 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
689 (unsigned int)(num), (unsigned int)(am), \
690 (unsigned int)(right), (unsigned int)(am)&(right) )); \
691 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
692 (unsigned int)(num), (unsigned int)(sa), \
693 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
694 if (((am) & (right)) && !((sa) & (share))) { \
695 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
696 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
697 (unsigned int)(share) )); \
698 return True; \
699 }
700 #else
701 #define CHECK_MASK(num, am, right, sa, share) \
702 if (((am) & (right)) && !((sa) & (share))) { \
703 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
704 sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
705 (unsigned int)(share) )); \
706 return True; \
707 }
708 #endif
709
710 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
711 share_access, FILE_SHARE_WRITE);
712 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
713 entry->share_access, FILE_SHARE_WRITE);
714
715 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
716 share_access, FILE_SHARE_READ);
717 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
718 entry->share_access, FILE_SHARE_READ);
719
720 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
721 share_access, FILE_SHARE_DELETE);
722 CHECK_MASK(6, access_mask, DELETE_ACCESS,
723 entry->share_access, FILE_SHARE_DELETE);
724
725 DEBUG(10,("share_conflict: No conflict.\n"));
726 return False;
727 }
728
729 #if defined(DEVELOPER)
730 static void validate_my_share_entries(struct smbd_server_connection *sconn,
731 int num,
732 struct share_mode_entry *share_entry)
733 {
734 files_struct *fsp;
735
736 if (!procid_is_me(&share_entry->pid)) {
737 return;
738 }
739
740 if (is_deferred_open_entry(share_entry) &&
741 !open_was_deferred(share_entry->op_mid)) {
742 char *str = talloc_asprintf(talloc_tos(),
743 "Got a deferred entry without a request: "
744 "PANIC: %s\n",
745 share_mode_str(talloc_tos(), num, share_entry));
746 smb_panic(str);
747 }
748
749 if (!is_valid_share_mode_entry(share_entry)) {
750 return;
751 }
752
753 fsp = file_find_dif(sconn, share_entry->id,
754 share_entry->share_file_id);
755 if (!fsp) {
756 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
757 share_mode_str(talloc_tos(), num, share_entry) ));
758 smb_panic("validate_my_share_entries: Cannot match a "
759 "share entry with an open file\n");
760 }
761
762 if (is_deferred_open_entry(share_entry) ||
763 is_unused_share_mode_entry(share_entry)) {
764 goto panic;
765 }
766
767 if ((share_entry->op_type == NO_OPLOCK) &&
768 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
769 /* Someone has already written to it, but I haven't yet
770 * noticed */
771 return;
772 }
773
774 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
775 goto panic;
776 }
777
778 return;
779
780 panic:
781 {
782 char *str;
783 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
784 share_mode_str(talloc_tos(), num, share_entry) ));
785 str = talloc_asprintf(talloc_tos(),
786 "validate_my_share_entries: "
787 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
788 fsp->fsp_name->base_name,
789 (unsigned int)fsp->oplock_type,
790 (unsigned int)share_entry->op_type );
791 smb_panic(str);
792 }
793 }
794 #endif
795
796 bool is_stat_open(uint32 access_mask)
797 {
798 return (access_mask &&
799 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
800 FILE_WRITE_ATTRIBUTES))==0) &&
801 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
802 FILE_WRITE_ATTRIBUTES)) != 0));
803 }
804
805 /****************************************************************************
806 Deal with share modes
807 Invarient: Share mode must be locked on entry and exit.
808 Returns -1 on error, or number of share modes on success (may be zero).
809 ****************************************************************************/
810
811 static NTSTATUS open_mode_check(connection_struct *conn,
812 struct share_mode_lock *lck,
813 uint32 access_mask,
814 uint32 share_access,
815 uint32 create_options,
816 bool *file_existed)
817 {
818 int i;
819
820 if(lck->num_share_modes == 0) {
821 return NT_STATUS_OK;
822 }
823
824 *file_existed = True;
825
826 /* A delete on close prohibits everything */
827
828 if (lck->delete_on_close) {
829 return NT_STATUS_DELETE_PENDING;
830 }
831
832 if (is_stat_open(access_mask)) {
833 /* Stat open that doesn't trigger oplock breaks or share mode
834 * checks... ! JRA. */
835 return NT_STATUS_OK;
836 }
837
838 /*
839 * Check if the share modes will give us access.
840 */
841
842 #if defined(DEVELOPER)
843 for(i = 0; i < lck->num_share_modes; i++) {
844 validate_my_share_entries(conn->sconn, i,
845 &lck->share_modes[i]);
846 }
847 #endif
848
849 if (!lp_share_modes(SNUM(conn))) {
850 return NT_STATUS_OK;
851 }
852
853 /* Now we check the share modes, after any oplock breaks. */
854 for(i = 0; i < lck->num_share_modes; i++) {
855
856 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
857 continue;
858 }
859
860 /* someone else has a share lock on it, check to see if we can
861 * too */
862 if (share_conflict(&lck->share_modes[i],
863 access_mask, share_access)) {
864 return NT_STATUS_SHARING_VIOLATION;
865 }
866 }
867
868 return NT_STATUS_OK;
869 }
870
871 static bool is_delete_request(files_struct *fsp) {
872 return ((fsp->access_mask == DELETE_ACCESS) &&
873 (fsp->oplock_type == NO_OPLOCK));
874 }
875
876 /*
877 * Send a break message to the oplock holder and delay the open for
878 * our client.
879 */
880
881 static NTSTATUS send_break_message(files_struct *fsp,
882 struct share_mode_entry *exclusive,
883 uint64_t mid,
884 int oplock_request)
885 {
886 NTSTATUS status;
887 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
888
889 DEBUG(10, ("Sending break request to PID %s\n",
890 procid_str_static(&exclusive->pid)));
891 exclusive->op_mid = mid;
892
893 /* Create the message. */
894 share_mode_entry_to_message(msg, exclusive);
895
896 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
897 don't want this set in the share mode struct pointed to by lck. */
898
899 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
900 SSVAL(msg,OP_BREAK_MSG_OP_TYPE_OFFSET,
901 exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
902 }
903
904 status = messaging_send_buf(fsp->conn->sconn->msg_ctx, exclusive->pid,
905 MSG_SMB_BREAK_REQUEST,
906 (uint8 *)msg,
907 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
908 if (!NT_STATUS_IS_OK(status)) {
909 DEBUG(3, ("Could not send oplock break message: %s\n",
910 nt_errstr(status)));
911 }
912
913 return status;
914 }
915
916 /*
917 * 1) No files open at all or internal open: Grant whatever the client wants.
918 *
919 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
920 * request, break if the oplock around is a batch oplock. If it's another
921 * requested access type, break.
922 *
923 * 3) Only level2 around: Grant level2 and do nothing else.
924 */
925
926 static bool delay_for_oplocks(struct share_mode_lock *lck,
927 files_struct *fsp,
928 uint64_t mid,
929 int pass_number,
930 int oplock_request)
931 {
932 int i;
933 struct share_mode_entry *exclusive = NULL;
934 bool valid_entry = false;
935 bool have_level2 = false;
936 bool have_a_none_oplock = false;
937 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
938 lp_level2_oplocks(SNUM(fsp->conn));
939
940 if (oplock_request & INTERNAL_OPEN_ONLY) {
941 fsp->oplock_type = NO_OPLOCK;
942 }
943
944 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
945 return false;
946 }
947
948 for (i=0; i<lck->num_share_modes; i++) {
949
950 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
951 continue;
952 }
953
954 /* At least one entry is not an invalid or deferred entry. */
955 valid_entry = true;
956
957 if (pass_number == 1) {
958 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
959 SMB_ASSERT(exclusive == NULL);
960 exclusive = &lck->share_modes[i];
961 }
962 } else {
963 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
964 SMB_ASSERT(exclusive == NULL);
965 exclusive = &lck->share_modes[i];
966 }
967 }
968
969 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
970 SMB_ASSERT(exclusive == NULL);
971 have_level2 = true;
972 }
973
974 if (lck->share_modes[i].op_type == NO_OPLOCK) {
975 have_a_none_oplock = true;
976 }
977 }
978
979 if (exclusive != NULL) { /* Found an exclusive oplock */
980 bool delay_it = is_delete_request(fsp) ?
981 BATCH_OPLOCK_TYPE(exclusive->op_type) : true;
982 SMB_ASSERT(!have_level2);
983 if (delay_it) {
984 send_break_message(fsp, exclusive, mid, oplock_request);
985 return true;
986 }
987 }
988
989 /*
990 * Match what was requested (fsp->oplock_type) with
991 * what was found in the existing share modes.
992 */
993
994 if (!valid_entry) {
995 /* All entries are placeholders or deferred.
996 * Directly grant whatever the client wants. */
997 if (fsp->oplock_type == NO_OPLOCK) {
998 /* Store a level2 oplock, but don't tell the client */
999 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1000 }
1001 } else if (have_a_none_oplock) {
1002 fsp->oplock_type = NO_OPLOCK;
1003 } else if (have_level2) {
1004 if (fsp->oplock_type == NO_OPLOCK ||
1005 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
1006 /* Store a level2 oplock, but don't tell the client */
1007 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1008 } else {
1009 fsp->oplock_type = LEVEL_II_OPLOCK;
1010 }
1011 } else {
1012 /* This case can never happen. */
1013 SMB_ASSERT(1);
1014 }
1015
1016 /*
1017 * Don't grant level2 to clients that don't want them
1018 * or if we've turned them off.
1019 */
1020 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1021 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1022 }
1023
1024 DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n",
1025 fsp->oplock_type, fsp_str_dbg(fsp)));
1026
1027 /* No delay. */
1028 return false;
1029 }
1030
1031 bool request_timed_out(struct timeval request_time,
1032 struct timeval timeout)
1033 {
1034 struct timeval now, end_time;
1035 GetTimeOfDay(&now);
1036 end_time = timeval_sum(&request_time, &timeout);
1037 return (timeval_compare(&end_time, &now) < 0);
1038 }
1039
1040 /****************************************************************************
1041 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1042 ****************************************************************************/
1043
1044 static void defer_open(struct share_mode_lock *lck,
1045 struct timeval request_time,
1046 struct timeval timeout,
1047 struct smb_request *req,
1048 struct deferred_open_record *state)
1049 {
1050 int i;
1051
1052 /* Paranoia check */
1053
1054 for (i=0; i<lck->num_share_modes; i++) {
1055 struct share_mode_entry *e = &lck->share_modes[i];
1056
1057 if (!is_deferred_open_entry(e)) {
1058 continue;
1059 }
1060
1061 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
1062 DEBUG(0, ("Trying to defer an already deferred "
1063 "request: mid=%llu, exiting\n",
1064 (unsigned long long)req->mid));
1065 exit_server("attempt to defer a deferred request");
1066 }
1067 }
1068
1069 /* End paranoia check */
1070
1071 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1072 "open entry for mid %llu\n",
1073 (unsigned int)request_time.tv_sec,
1074 (unsigned int)request_time.tv_usec,
1075 (unsigned long long)req->mid));
1076
1077 if (!push_deferred_open_message_smb(req, request_time, timeout,
1078 state->id, (char *)state, sizeof(*state))) {
1079 exit_server("push_deferred_open_message_smb failed");
1080 }
1081 add_deferred_open(lck, req->mid, request_time,
1082 sconn_server_id(req->sconn), state->id);
1083 }
1084
1085
1086 /****************************************************************************
1087 On overwrite open ensure that the attributes match.
1088 ****************************************************************************/
1089
1090 bool open_match_attributes(connection_struct *conn,
1091 uint32 old_dos_attr,
1092 uint32 new_dos_attr,
1093 mode_t existing_unx_mode,
1094 mode_t new_unx_mode,
1095 mode_t *returned_unx_mode)
1096 {
1097 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1098
1099 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1100 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1101
1102 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1103 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1104 *returned_unx_mode = new_unx_mode;
1105 } else {
1106 *returned_unx_mode = (mode_t)0;
1107 }
1108
1109 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1110 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1111 "returned_unx_mode = 0%o\n",
1112 (unsigned int)old_dos_attr,
1113 (unsigned int)existing_unx_mode,
1114 (unsigned int)new_dos_attr,
1115 (unsigned int)*returned_unx_mode ));
1116
1117 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1118 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1119 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1120 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1121 return False;
1122 }
1123 }
1124 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1125 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1126 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1127 return False;
1128 }
1129 }
1130 return True;
1131 }
1132
1133 /****************************************************************************
1134 Special FCB or DOS processing in the case of a sharing violation.
1135 Try and find a duplicated file handle.
1136 ****************************************************************************/
1137
1138 NTSTATUS fcb_or_dos_open(struct smb_request *req,
1139 connection_struct *conn,
1140 files_struct *fsp_to_dup_into,
1141 const struct smb_filename *smb_fname,
1142 struct file_id id,
1143 uint16 file_pid,
1144 uint16 vuid,
1145 uint32 access_mask,
1146 uint32 share_access,
1147 uint32 create_options)
1148 {
1149 files_struct *fsp;
1150
1151 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1152 "file %s.\n", smb_fname_str_dbg(smb_fname)));
1153
1154 for(fsp = file_find_di_first(conn->sconn, id); fsp;
1155 fsp = file_find_di_next(fsp)) {
1156
1157 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1158 "vuid = %u, file_pid = %u, private_options = 0x%x "
1159 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1160 fsp->fh->fd, (unsigned int)fsp->vuid,
1161 (unsigned int)fsp->file_pid,
1162 (unsigned int)fsp->fh->private_options,
1163 (unsigned int)fsp->access_mask ));
1164
1165 if (fsp->fh->fd != -1 &&
1166 fsp->vuid == vuid &&
1167 fsp->file_pid == file_pid &&
1168 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1169 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1170 (fsp->access_mask & FILE_WRITE_DATA) &&
1171 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1172 strequal(fsp->fsp_name->stream_name,
1173 smb_fname->stream_name)) {
1174 DEBUG(10,("fcb_or_dos_open: file match\n"));
1175 break;
1176 }
1177 }
1178
1179 if (!fsp) {
1180 return NT_STATUS_NOT_FOUND;
1181 }
1182
1183 /* quite an insane set of semantics ... */
1184 if (is_executable(smb_fname->base_name) &&
1185 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1186 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1187 return NT_STATUS_INVALID_PARAMETER;
1188 }
1189
1190 /* We need to duplicate this fsp. */
1191 return dup_file_fsp(req, fsp, access_mask, share_access,
1192 create_options, fsp_to_dup_into);
1193 }
1194
1195 /****************************************************************************
1196 Open a file with a share mode - old openX method - map into NTCreate.
1197 ****************************************************************************/
1198
1199 bool map_open_params_to_ntcreate(const struct smb_filename *smb_fname,
1200 int deny_mode, int open_func,
1201 uint32 *paccess_mask,
1202 uint32 *pshare_mode,
1203 uint32 *pcreate_disposition,
1204 uint32 *pcreate_options,
1205 uint32_t *pprivate_flags)
1206 {
1207 uint32 access_mask;
1208 uint32 share_mode;
1209 uint32 create_disposition;
1210 uint32 create_options = FILE_NON_DIRECTORY_FILE;
1211 uint32_t private_flags = 0;
1212
1213 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1214 "open_func = 0x%x\n",
1215 smb_fname_str_dbg(smb_fname), (unsigned int)deny_mode,
1216 (unsigned int)open_func ));
1217
1218 /* Create the NT compatible access_mask. */
1219 switch (GET_OPENX_MODE(deny_mode)) {
1220 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1221 case DOS_OPEN_RDONLY:
1222 access_mask = FILE_GENERIC_READ;
1223 break;
1224 case DOS_OPEN_WRONLY:
1225 access_mask = FILE_GENERIC_WRITE;
1226 break;
1227 case DOS_OPEN_RDWR:
1228 case DOS_OPEN_FCB:
1229 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1230 break;
1231 default:
1232 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1233 (unsigned int)GET_OPENX_MODE(deny_mode)));
1234 return False;
1235 }
1236
1237 /* Create the NT compatible create_disposition. */
1238 switch (open_func) {
1239 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1240 create_disposition = FILE_CREATE;
1241 break;
1242
1243 case OPENX_FILE_EXISTS_OPEN:
1244 create_disposition = FILE_OPEN;
1245 break;
1246
1247 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1248 create_disposition = FILE_OPEN_IF;
1249 break;
1250
1251 case OPENX_FILE_EXISTS_TRUNCATE:
1252 create_disposition = FILE_OVERWRITE;
1253 break;
1254
1255 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1256 create_disposition = FILE_OVERWRITE_IF;
1257 break;
1258
1259 default:
1260 /* From samba4 - to be confirmed. */
1261 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1262 create_disposition = FILE_CREATE;
1263 break;
1264 }
1265 DEBUG(10,("map_open_params_to_ntcreate: bad "
1266 "open_func 0x%x\n", (unsigned int)open_func));
1267 return False;
1268 }
1269
1270 /* Create the NT compatible share modes. */
1271 switch (GET_DENY_MODE(deny_mode)) {
1272 case DENY_ALL:
1273 share_mode = FILE_SHARE_NONE;
1274 break;
1275
1276 case DENY_WRITE:
1277 share_mode = FILE_SHARE_READ;
1278 break;
1279
1280 case DENY_READ:
1281 share_mode = FILE_SHARE_WRITE;
1282 break;
1283
1284 case DENY_NONE:
1285 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1286 break;
1287
1288 case DENY_DOS:
1289 private_flags |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1290 if (is_executable(smb_fname->base_name)) {
1291 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1292 } else {
1293 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1294 share_mode = FILE_SHARE_READ;
1295 } else {
1296 share_mode = FILE_SHARE_NONE;
1297 }
1298 }
1299 break;
1300
1301 case DENY_FCB:
1302 private_flags |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1303 share_mode = FILE_SHARE_NONE;
1304 break;
1305
1306 default:
1307 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1308 (unsigned int)GET_DENY_MODE(deny_mode) ));
1309 return False;
1310 }
1311
1312 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1313 "share_mode = 0x%x, create_disposition = 0x%x, "
1314 "create_options = 0x%x private_flags = 0x%x\n",
1315 smb_fname_str_dbg(smb_fname),
1316 (unsigned int)access_mask,
1317 (unsigned int)share_mode,
1318 (unsigned int)create_disposition,
1319 (unsigned int)create_options,
1320 (unsigned int)private_flags));
1321
1322 if (paccess_mask) {
1323 *paccess_mask = access_mask;
1324 }
1325 if (pshare_mode) {
1326 *pshare_mode = share_mode;
1327 }
1328 if (pcreate_disposition) {
1329 *pcreate_disposition = create_disposition;
1330 }
1331 if (pcreate_options) {
1332 *pcreate_options = create_options;
1333 }
1334 if (pprivate_flags) {
1335 *pprivate_flags = private_flags;
1336 }
1337
1338 return True;
1339
1340 }
1341
1342 static void schedule_defer_open(struct share_mode_lock *lck,
1343 struct timeval request_time,
1344 struct smb_request *req)
1345 {
1346 struct deferred_open_record state;
1347
1348 /* This is a relative time, added to the absolute
1349 request_time value to get the absolute timeout time.
1350 Note that if this is the second or greater time we enter
1351 this codepath for this particular request mid then
1352 request_time is left as the absolute time of the *first*
1353 time this request mid was processed. This is what allows
1354 the request to eventually time out. */
1355
1356 struct timeval timeout;
1357
1358 /* Normally the smbd we asked should respond within
1359 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1360 * the client did, give twice the timeout as a safety
1361 * measure here in case the other smbd is stuck
1362 * somewhere else. */
1363
1364 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1365
1366 /* Nothing actually uses state.delayed_for_oplocks
1367 but it's handy to differentiate in debug messages
1368 between a 30 second delay due to oplock break, and
1369 a 1 second delay for share mode conflicts. */
1370
1371 state.delayed_for_oplocks = True;
1372 state.id = lck->id;
1373
1374 if (!request_timed_out(request_time, timeout)) {
1375 defer_open(lck, request_time, timeout, req, &state);
1376 }
1377 }
1378
1379 /****************************************************************************
1380 Work out what access_mask to use from what the client sent us.
1381 ****************************************************************************/
1382
1383 static NTSTATUS calculate_access_mask(connection_struct *conn,
1384 const struct smb_filename *smb_fname,
1385 bool file_existed,
1386 uint32_t access_mask,
1387 uint32_t *access_mask_out)
1388 {
1389 NTSTATUS status;
1390
1391 /*
1392 * Convert GENERIC bits to specific bits.
1393 */
1394
1395 se_map_generic(&access_mask, &file_generic_mapping);
1396
1397 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1398 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1399 if (file_existed) {
1400
1401 struct security_descriptor *sd;
1402 uint32_t access_granted = 0;
1403
1404 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1405 (SECINFO_OWNER |
1406 SECINFO_GROUP |
1407 SECINFO_DACL),&sd);
1408
1409 if (!NT_STATUS_IS_OK(status)) {
1410 DEBUG(10, ("calculate_access_mask: Could not get acl "
1411 "on file %s: %s\n",
1412 smb_fname_str_dbg(smb_fname),
1413 nt_errstr(status)));
1414 return NT_STATUS_ACCESS_DENIED;
1415 }
1416
1417 status = smb1_file_se_access_check(conn,
1418 sd,
1419 get_current_nttok(conn),
1420 access_mask,
1421 &access_granted);
1422
1423 TALLOC_FREE(sd);
1424
1425 if (!NT_STATUS_IS_OK(status)) {
1426 DEBUG(10, ("calculate_access_mask: Access denied on "
1427 "file %s: when calculating maximum access\n",
1428 smb_fname_str_dbg(smb_fname)));
1429 return NT_STATUS_ACCESS_DENIED;
1430 }
1431
1432 access_mask = access_granted;
1433 } else {
1434 access_mask = FILE_GENERIC_ALL;
1435 }
1436 }
1437
1438 *access_mask_out = access_mask;
1439 return NT_STATUS_OK;
1440 }
1441
1442 /****************************************************************************
1443 Remove the deferred open entry under lock.
1444 ****************************************************************************/
1445
1446 void remove_deferred_open_entry(struct file_id id, uint64_t mid,
1447 struct server_id pid)
1448 {
1449 struct share_mode_lock *lck = get_share_mode_lock(talloc_tos(), id,
1450 NULL, NULL, NULL);
1451 if (lck == NULL) {
1452 DEBUG(0, ("could not get share mode lock\n"));
1453 } else {
1454 del_deferred_open_entry(lck, mid, pid);
1455 TALLOC_FREE(lck);
1456 }
1457 }
1458
1459 /****************************************************************************
1460 Open a file with a share mode. Passed in an already created files_struct *.
1461 ****************************************************************************/
1462
1463 static NTSTATUS open_file_ntcreate(connection_struct *conn,
1464 struct smb_request *req,
1465 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1466 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1467 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1468 uint32 create_options, /* options such as delete on close. */
1469 uint32 new_dos_attributes, /* attributes used for new file. */
1470 int oplock_request, /* internal Samba oplock codes. */
1471 /* Information (FILE_EXISTS etc.) */
1472 uint32_t private_flags, /* Samba specific flags. */
1473 int *pinfo,
1474 files_struct *fsp)
1475 {
1476 struct smb_filename *smb_fname = fsp->fsp_name;
1477 int flags=0;
1478 int flags2=0;
1479 bool file_existed = VALID_STAT(smb_fname->st);
1480 bool def_acl = False;
1481 bool posix_open = False;
1482 bool new_file_created = False;
1483 bool clear_ads = false;
1484 struct file_id id;
1485 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1486 mode_t new_unx_mode = (mode_t)0;
1487 mode_t unx_mode = (mode_t)0;
1488 int info;
1489 uint32 existing_dos_attributes = 0;
1490 struct timeval request_time = timeval_zero();
1491 struct share_mode_lock *lck = NULL;
1492 uint32 open_access_mask = access_mask;
1493 NTSTATUS status;
1494 char *parent_dir;
1495
1496 ZERO_STRUCT(id);
1497
1498 /* Windows allows a new file to be created and
1499 silently removes a FILE_ATTRIBUTE_DIRECTORY
1500 sent by the client. Do the same. */
1501
1502 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
1503
1504 if (conn->printer) {
1505 /*
1506 * Printers are handled completely differently.
1507 * Most of the passed parameters are ignored.
1508 */
1509
1510 if (pinfo) {
1511 *pinfo = FILE_WAS_CREATED;
1512 }
1513
1514 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1515 smb_fname_str_dbg(smb_fname)));
1516
1517 if (!req) {
1518 DEBUG(0,("open_file_ntcreate: printer open without "
1519 "an SMB request!\n"));
1520 return NT_STATUS_INTERNAL_ERROR;
1521 }
1522
1523 return print_spool_open(fsp, smb_fname->base_name,
1524 req->vuid);
1525 }
1526
1527 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
1528 NULL)) {
1529 return NT_STATUS_NO_MEMORY;
1530 }
1531
1532 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1533 posix_open = True;
1534 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1535 new_dos_attributes = 0;
1536 } else {
1537 /* We add aARCH to this as this mode is only used if the file is
1538 * created new. */
1539 unx_mode = unix_mode(conn, new_dos_attributes | aARCH,
1540 smb_fname, parent_dir);
1541 }
1542
1543 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1544 "access_mask=0x%x share_access=0x%x "
1545 "create_disposition = 0x%x create_options=0x%x "
1546 "unix mode=0%o oplock_request=%d private_flags = 0x%x\n",
1547 smb_fname_str_dbg(smb_fname), new_dos_attributes,
1548 access_mask, share_access, create_disposition,
1549 create_options, (unsigned int)unx_mode, oplock_request,
1550 (unsigned int)private_flags));
1551
1552 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1553 DEBUG(0, ("No smb request but not an internal only open!\n"));
1554 return NT_STATUS_INTERNAL_ERROR;
1555 }
1556
1557 /*
1558 * Only non-internal opens can be deferred at all
1559 */
1560
1561 if (req) {
1562 void *ptr;
1563 if (get_deferred_open_message_state(req,
1564 &request_time,
1565 &ptr)) {
1566
1567 struct deferred_open_record *state = (struct deferred_open_record *)ptr;
1568 /* Remember the absolute time of the original
1569 request with this mid. We'll use it later to
1570 see if this has timed out. */
1571
1572 /* Remove the deferred open entry under lock. */
1573 remove_deferred_open_entry(
1574 state->id, req->mid,
1575 sconn_server_id(req->sconn));
1576
1577 /* Ensure we don't reprocess this message. */
1578 remove_deferred_open_message_smb(req->mid);
1579 }
1580 }
1581
1582 status = check_name(conn, smb_fname->base_name);
1583 if (!NT_STATUS_IS_OK(status)) {
1584 return status;
1585 }
1586
1587 if (!posix_open) {
1588 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1589 if (file_existed) {
1590 existing_dos_attributes = dos_mode(conn, smb_fname);
1591 }
1592 }
1593
1594 /* ignore any oplock requests if oplocks are disabled */
1595 if (!lp_oplocks(SNUM(conn)) ||
1596 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
1597 /* Mask off everything except the private Samba bits. */
1598 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1599 }
1600
1601 /* this is for OS/2 long file names - say we don't support them */
1602 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
1603 /* OS/2 Workplace shell fix may be main code stream in a later
1604 * release. */
1605 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1606 "supported.\n"));
1607 if (use_nt_status()) {
1608 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1609 }
1610 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1611 }
1612
1613 switch( create_disposition ) {
1614 /*
1615 * Currently we're using FILE_SUPERSEDE as the same as
1616 * FILE_OVERWRITE_IF but they really are
1617 * different. FILE_SUPERSEDE deletes an existing file
1618 * (requiring delete access) then recreates it.
1619 */
1620 case FILE_SUPERSEDE:
1621 /* If file exists replace/overwrite. If file doesn't
1622 * exist create. */
1623 flags2 |= (O_CREAT | O_TRUNC);
1624 clear_ads = true;
1625 break;
1626
1627 case FILE_OVERWRITE_IF:
1628 /* If file exists replace/overwrite. If file doesn't
1629 * exist create. */
1630 flags2 |= (O_CREAT | O_TRUNC);
1631 clear_ads = true;
1632 break;
1633
1634 case FILE_OPEN:
1635 /* If file exists open. If file doesn't exist error. */
1636 if (!file_existed) {
1637 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1638 "requested for file %s and file "
1639 "doesn't exist.\n",
1640 smb_fname_str_dbg(smb_fname)));
1641 errno = ENOENT;
1642 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1643 }
1644 break;
1645
1646 case FILE_OVERWRITE:
1647 /* If file exists overwrite. If file doesn't exist
1648 * error. */
1649 if (!file_existed) {
1650 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1651 "requested for file %s and file "
1652 "doesn't exist.\n",
1653 smb_fname_str_dbg(smb_fname) ));
1654 errno = ENOENT;
1655 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1656 }
1657 flags2 |= O_TRUNC;
1658 clear_ads = true;
1659 break;
1660
1661 case FILE_CREATE:
1662 /* If file exists error. If file doesn't exist
1663 * create. */
1664 if (file_existed) {
1665 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1666 "requested for file %s and file "
1667 "already exists.\n",
1668 smb_fname_str_dbg(smb_fname)));
1669 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
1670 errno = EISDIR;
1671 } else {
1672 errno = EEXIST;
1673 }
1674 return map_nt_error_from_unix(errno);
1675 }
1676 flags2 |= (O_CREAT|O_EXCL);
1677 break;
1678
1679 case FILE_OPEN_IF:
1680 /* If file exists open. If file doesn't exist
1681 * create. */
1682 flags2 |= O_CREAT;
1683 break;
1684
1685 default:
1686 return NT_STATUS_INVALID_PARAMETER;
1687 }
1688
1689 /* We only care about matching attributes on file exists and
1690 * overwrite. */
1691
1692 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1693 (create_disposition == FILE_OVERWRITE_IF))) {
1694 if (!open_match_attributes(conn, existing_dos_attributes,
1695 new_dos_attributes,
1696 smb_fname->st.st_ex_mode,
1697 unx_mode, &new_unx_mode)) {
1698 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1699 "for file %s (%x %x) (0%o, 0%o)\n",
1700 smb_fname_str_dbg(smb_fname),
1701 existing_dos_attributes,
1702 new_dos_attributes,
1703 (unsigned int)smb_fname->st.st_ex_mode,
1704 (unsigned int)unx_mode ));
1705 errno = EACCES;
1706 return NT_STATUS_ACCESS_DENIED;
1707 }
1708 }
1709
1710 status = calculate_access_mask(conn, smb_fname, file_existed,
1711 access_mask,
1712 &access_mask);
1713 if (!NT_STATUS_IS_OK(status)) {
1714 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1715 "on file %s returned %s\n",
1716 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
1717 return status;
1718 }
1719
1720 open_access_mask = access_mask;
1721
1722 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1723 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1724 }
1725
1726 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1727 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
1728 access_mask));
1729
1730 /*
1731 * Note that we ignore the append flag as append does not
1732 * mean the same thing under DOS and Unix.
1733 */
1734
1735 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1736 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1737 /* DENY_DOS opens are always underlying read-write on the
1738 file handle, no matter what the requested access mask
1739 says. */
1740 if ((private_flags & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1741 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1742 flags = O_RDWR;
1743 } else {
1744 flags = O_WRONLY;
1745 }
1746 } else {
1747 flags = O_RDONLY;
1748 }
1749
1750 /*
1751 * Currently we only look at FILE_WRITE_THROUGH for create options.
1752 */
1753
1754 #if defined(O_SYNC)
1755 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1756 flags2 |= O_SYNC;
1757 }
1758 #endif /* O_SYNC */
1759
1760 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1761 flags2 |= O_APPEND;
1762 }
1763
1764 if (!posix_open && !CAN_WRITE(conn)) {
1765 /*
1766 * We should really return a permission denied error if either
1767 * O_CREAT or O_TRUNC are set, but for compatibility with
1768 * older versions of Samba we just AND them out.
1769 */
1770 flags2 &= ~(O_CREAT|O_TRUNC);
1771 }
1772
1773 /*
1774 * Ensure we can't write on a read-only share or file.
1775 */
1776
1777 if (flags != O_RDONLY && file_existed &&
1778 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1779 DEBUG(5,("open_file_ntcreate: write access requested for "
1780 "file %s on read only %s\n",
1781 smb_fname_str_dbg(smb_fname),
1782 !CAN_WRITE(conn) ? "share" : "file" ));
1783 errno = EACCES;
1784 return NT_STATUS_ACCESS_DENIED;
1785 }
1786
1787 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1788 fsp->share_access = share_access;
1789 fsp->fh->private_options = private_flags;
1790 fsp->access_mask = open_access_mask; /* We change this to the
1791 * requested access_mask after
1792 * the open is done. */
1793 fsp->posix_open = posix_open;
1794
1795 /* Ensure no SAMBA_PRIVATE bits can be set. */
1796 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1797
1798 if (timeval_is_zero(&request_time)) {
1799 request_time = fsp->open_time;
1800 }
1801
1802 if (file_existed) {
1803 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
1804 id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1805
1806 lck = get_share_mode_lock(talloc_tos(), id,
1807 conn->connectpath,
1808 smb_fname, &old_write_time);
1809
1810 if (lck == NULL) {
1811 DEBUG(0, ("Could not get share mode lock\n"));
1812 return NT_STATUS_SHARING_VIOLATION;
1813 }
1814
1815 /* First pass - send break only on batch oplocks. */
1816 if ((req != NULL)
1817 && delay_for_oplocks(lck, fsp, req->mid, 1,
1818 oplock_request)) {
1819 schedule_defer_open(lck, request_time, req);
1820 TALLOC_FREE(lck);
1821 return NT_STATUS_SHARING_VIOLATION;
1822 }
1823
1824 /* Use the client requested access mask here, not the one we
1825 * open with. */
1826 status = open_mode_check(conn, lck, access_mask, share_access,
1827 create_options, &file_existed);
1828
1829 if (NT_STATUS_IS_OK(status)) {
1830 /* We might be going to allow this open. Check oplock
1831 * status again. */
1832 /* Second pass - send break for both batch or
1833 * exclusive oplocks. */
1834 if ((req != NULL)
1835 && delay_for_oplocks(lck, fsp, req->mid, 2,
1836 oplock_request)) {
1837 schedule_defer_open(lck, request_time, req);
1838 TALLOC_FREE(lck);
1839 return NT_STATUS_SHARING_VIOLATION;
1840 }
1841 }
1842
1843 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1844 /* DELETE_PENDING is not deferred for a second */
1845 TALLOC_FREE(lck);
1846 return status;
1847 }
1848
1849 if (!NT_STATUS_IS_OK(status)) {
1850 uint32 can_access_mask;
1851 bool can_access = True;
1852
1853 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1854
1855 /* Check if this can be done with the deny_dos and fcb
1856 * calls. */
1857 if (private_flags &
1858 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1859 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1860 if (req == NULL) {
1861 DEBUG(0, ("DOS open without an SMB "
1862 "request!\n"));
1863 TALLOC_FREE(lck);
1864 return NT_STATUS_INTERNAL_ERROR;
1865 }
1866
1867 /* Use the client requested access mask here,
1868 * not the one we open with. */
1869 status = fcb_or_dos_open(req,
1870 conn,
1871 fsp,
1872 smb_fname,
1873 id,
1874 req->smbpid,
1875 req->vuid,
1876 access_mask,
1877 share_access,
1878 create_options);
1879
1880 if (NT_STATUS_IS_OK(status)) {
1881 TALLOC_FREE(lck);
1882 if (pinfo) {
1883 *pinfo = FILE_WAS_OPENED;
1884 }
1885 return NT_STATUS_OK;
1886 }
1887 }
1888
1889 /*
1890 * This next line is a subtlety we need for
1891 * MS-Access. If a file open will fail due to share
1892 * permissions and also for security (access) reasons,
1893 * we need to return the access failed error, not the
1894 * share error. We can't open the file due to kernel
1895 * oplock deadlock (it's possible we failed above on
1896 * the open_mode_check()) so use a userspace check.
1897 */
1898
1899 if (flags & O_RDWR) {
1900 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1901 } else if (flags & O_WRONLY) {
1902 can_access_mask = FILE_WRITE_DATA;
1903 } else {
1904 can_access_mask = FILE_READ_DATA;
1905 }
1906
1907 if (((can_access_mask & FILE_WRITE_DATA) &&
1908 !CAN_WRITE(conn)) ||
1909 !can_access_file_data(conn, smb_fname,
1910 can_access_mask)) {
1911 can_access = False;
1912 }
1913
1914 /*
1915 * If we're returning a share violation, ensure we
1916 * cope with the braindead 1 second delay.
1917 */
1918
1919 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1920 lp_defer_sharing_violations()) {
1921 struct timeval timeout;
1922 struct deferred_open_record state;
1923 int timeout_usecs;
1924
1925 /* this is a hack to speed up torture tests
1926 in 'make test' */
1927 timeout_usecs = lp_parm_int(SNUM(conn),
1928 "smbd","sharedelay",
1929 SHARING_VIOLATION_USEC_WAIT);
1930
1931 /* This is a relative time, added to the absolute
1932 request_time value to get the absolute timeout time.
1933 Note that if this is the second or greater time we enter
1934 this codepath for this particular request mid then
1935 request_time is left as the absolute time of the *first*
1936 time this request mid was processed. This is what allows
1937 the request to eventually time out. */
1938
1939 timeout = timeval_set(0, timeout_usecs);
1940
1941 /* Nothing actually uses state.delayed_for_oplocks
1942 but it's handy to differentiate in debug messages
1943 between a 30 second delay due to oplock break, and
1944 a 1 second delay for share mode conflicts. */
1945
1946 state.delayed_for_oplocks = False;
1947 state.id = id;
1948
1949 if ((req != NULL)
1950 && !request_timed_out(request_time,
1951 timeout)) {
1952 defer_open(lck, request_time, timeout,
1953 req, &state);
1954 }
1955 }
1956
1957 TALLOC_FREE(lck);
1958 if (can_access) {
1959 /*
1960 * We have detected a sharing violation here
1961 * so return the correct error code
1962 */
1963 status = NT_STATUS_SHARING_VIOLATION;
1964 } else {
1965 status = NT_STATUS_ACCESS_DENIED;
1966 }
1967 return status;
1968 }
1969
1970 /*
1971 * We exit this block with the share entry *locked*.....
1972 */
1973 }
1974
1975 SMB_ASSERT(!file_existed || (lck != NULL));
1976
1977 /*
1978 * Ensure we pay attention to default ACLs on directories if required.
1979 */
1980
1981 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1982 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1983 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
1984 }
1985
1986 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1987 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1988 (unsigned int)flags, (unsigned int)flags2,
1989 (unsigned int)unx_mode, (unsigned int)access_mask,
1990 (unsigned int)open_access_mask));
1991
1992 /*
1993 * open_file strips any O_TRUNC flags itself.
1994 */
1995
1996 fsp_open = open_file(fsp, conn, req, parent_dir,
1997 flags|flags2, unx_mode, access_mask,
1998 open_access_mask);
1999
2000 if (!NT_STATUS_IS_OK(fsp_open)) {
2001 if (lck != NULL) {
2002 TALLOC_FREE(lck);
2003 }
2004 return fsp_open;
2005 }
2006
2007 if (!file_existed) {
2008 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
2009 /*
2010 * Deal with the race condition where two smbd's detect the
2011 * file doesn't exist and do the create at the same time. One
2012 * of them will win and set a share mode, the other (ie. this
2013 * one) should check if the requested share mode for this
2014 * create is allowed.
2015 */
2016
2017 /*
2018 * Now the file exists and fsp is successfully opened,
2019 * fsp->dev and fsp->inode are valid and should replace the
2020 * dev=0,inode=0 from a non existent file. Spotted by
2021 * Nadav Danieli <nadavd@exanet.com>. JRA.
2022 */
2023
2024 id = fsp->file_id;
2025
2026 lck = get_share_mode_lock(talloc_tos(), id,
2027 conn->connectpath,
2028 smb_fname, &old_write_time);
2029
2030 if (lck == NULL) {
2031 DEBUG(0, ("open_file_ntcreate: Could not get share "
2032 "mode lock for %s\n",
2033 smb_fname_str_dbg(smb_fname)));
2034 fd_close(fsp);
2035 return NT_STATUS_SHARING_VIOLATION;
2036 }
2037
2038 /* First pass - send break only on batch oplocks. */
2039 if ((req != NULL)
2040 && delay_for_oplocks(lck, fsp, req->mid, 1,
2041 oplock_request)) {
2042 schedule_defer_open(lck, request_time, req);
2043 TALLOC_FREE(lck);
2044 fd_close(fsp);
2045 return NT_STATUS_SHARING_VIOLATION;
2046 }
2047
2048 status = open_mode_check(conn, lck, access_mask, share_access,
2049 create_options, &file_existed);
2050
2051 if (NT_STATUS_IS_OK(status)) {
2052 /* We might be going to allow this open. Check oplock
2053 * status again. */
2054 /* Second pass - send break for both batch or
2055 * exclusive oplocks. */
2056 if ((req != NULL)
2057 && delay_for_oplocks(lck, fsp, req->mid, 2,
2058 oplock_request)) {
2059 schedule_defer_open(lck, request_time, req);
2060 TALLOC_FREE(lck);
2061 fd_close(fsp);
2062 return NT_STATUS_SHARING_VIOLATION;
2063 }
2064 }
2065
2066 if (!NT_STATUS_IS_OK(status)) {
2067 struct deferred_open_record state;
2068
2069 fd_close(fsp);
2070
2071 state.delayed_for_oplocks = False;
2072 state.id = id;
2073
2074 /* Do it all over again immediately. In the second
2075 * round we will find that the file existed and handle
2076 * the DELETE_PENDING and FCB cases correctly. No need
2077 * to duplicate the code here. Essentially this is a
2078 * "goto top of this function", but don't tell
2079 * anybody... */
2080
2081 if (req != NULL) {
2082 defer_open(lck, request_time, timeval_zero(),
2083 req, &state);
2084 }
2085 TALLOC_FREE(lck);
2086 return status;
2087 }
2088
2089 /*
2090 * We exit this block with the share entry *locked*.....
2091 */
2092
2093 }
2094
2095 SMB_ASSERT(lck != NULL);
2096
2097 /* Delete streams if create_disposition requires it */
2098 if (file_existed && clear_ads &&
2099 !is_ntfs_stream_smb_fname(smb_fname)) {
2100 status = delete_all_streams(conn, smb_fname->base_name);
2101 if (!NT_STATUS_IS_OK(status)) {
2102 TALLOC_FREE(lck);
2103 fd_close(fsp);
2104 return status;
2105 }
2106 }
2107
2108 /* note that we ignore failure for the following. It is
2109 basically a hack for NFS, and NFS will never set one of
2110 these only read them. Nobody but Samba can ever set a deny
2111 mode and we have already checked our more authoritative
2112 locking database for permission to set this deny mode. If
2113 the kernel refuses the operations then the kernel is wrong.
2114 note that GPFS supports it as well - jmcd */
2115
2116 if (fsp->fh->fd != -1) {
2117 int ret_flock;
2118 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
2119 if(ret_flock == -1 ){
2120
2121 TALLOC_FREE(lck);
2122 fd_close(fsp);
2123
2124 return NT_STATUS_SHARING_VIOLATION;
2125 }
2126 }
2127
2128 /*
2129 * At this point onwards, we can guarentee that the share entry
2130 * is locked, whether we created the file or not, and that the
2131 * deny mode is compatible with all current opens.
2132 */
2133
2134 /*
2135 * If requested, truncate the file.
2136 */
2137
2138 if (file_existed && (flags2&O_TRUNC)) {
2139 /*
2140 * We are modifing the file after open - update the stat
2141 * struct..
2142 */
2143 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2144 (SMB_VFS_FSTAT(fsp, &smb_fname->st)==-1)) {
2145 status = map_nt_error_from_unix(errno);
2146 TALLOC_FREE(lck);
2147 fd_close(fsp);
2148 return status;
2149 }
2150 }
2151
2152 /*
2153 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2154 */
2155 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2156
2157 if (file_existed) {
2158 /* stat opens on existing files don't get oplocks. */
2159 if (is_stat_open(open_access_mask)) {
2160 fsp->oplock_type = NO_OPLOCK;
2161 }
2162
2163 if (!(flags2 & O_TRUNC)) {
2164 info = FILE_WAS_OPENED;
2165 } else {
2166 info = FILE_WAS_OVERWRITTEN;
2167 }
2168 } else {
2169 info = FILE_WAS_CREATED;
2170 }
2171
2172 if (pinfo) {
2173 *pinfo = info;
2174 }
2175
2176 /*
2177 * Setup the oplock info in both the shared memory and
2178 * file structs.
2179 */
2180
2181 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2182 /* Could not get the kernel oplock */
2183 fsp->oplock_type = NO_OPLOCK;
2184 }
2185
2186 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2187 new_file_created = True;
2188 }
2189
2190 set_share_mode(lck, fsp, get_current_uid(conn), 0,
2191 fsp->oplock_type);
2192
2193 /* Handle strange delete on close create semantics. */
2194 if (create_options & FILE_DELETE_ON_CLOSE) {
2195
2196 status = can_set_delete_on_close(fsp, new_dos_attributes);
2197
2198 if (!NT_STATUS_IS_OK(status)) {
2199 /* Remember to delete the mode we just added. */
2200 del_share_mode(lck, fsp);
2201 TALLOC_FREE(lck);
2202 fd_close(fsp);
2203 return status;
2204 }
2205 /* Note that here we set the *inital* delete on close flag,
2206 not the regular one. The magic gets handled in close. */
2207 fsp->initial_delete_on_close = True;
2208 }
2209
2210 if (new_file_created) {
2211 /* Files should be initially set as archive */
2212 if (lp_map_archive(SNUM(conn)) ||
2213 lp_store_dos_attributes(SNUM(conn))) {
2214 if (!posix_open) {
2215 if (file_set_dosmode(conn, smb_fname,
2216 new_dos_attributes | aARCH,
2217 parent_dir, true) == 0) {
2218 unx_mode = smb_fname->st.st_ex_mode;
2219 }
2220 }
2221 }
2222 }
2223
2224 /*
2225 * Take care of inherited ACLs on created files - if default ACL not
2226 * selected.
2227 */
2228
2229 if (!posix_open && !file_existed && !def_acl) {
2230
2231 int saved_errno = errno; /* We might get ENOSYS in the next
2232 * call.. */
2233
2234 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2235 errno == ENOSYS) {
2236 errno = saved_errno; /* Ignore ENOSYS */
2237 }
2238
2239 } else if (new_unx_mode) {
2240
2241 int ret = -1;
2242
2243 /* Attributes need changing. File already existed. */
2244
2245 {
2246 int saved_errno = errno; /* We might get ENOSYS in the
2247 * next call.. */
2248 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2249
2250 if (ret == -1 && errno == ENOSYS) {
2251 errno = saved_errno; /* Ignore ENOSYS */
2252 } else {
2253 DEBUG(5, ("open_file_ntcreate: reset "
2254 "attributes of file %s to 0%o\n",
2255 smb_fname_str_dbg(smb_fname),
2256 (unsigned int)new_unx_mode));
2257 ret = 0; /* Don't do the fchmod below. */
2258 }
2259 }
2260
2261 if ((ret == -1) &&
2262 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2263 DEBUG(5, ("open_file_ntcreate: failed to reset "
2264 "attributes of file %s to 0%o\n",
2265 smb_fname_str_dbg(smb_fname),
2266 (unsigned int)new_unx_mode));
2267 }
2268
2269 /* If this is a successful open, we must remove any deferred open
2270 * records. */
2271 if (req != NULL) {
2272 del_deferred_open_entry(lck, req->mid,
2273 sconn_server_id(req->sconn));
2274 }
2275 TALLOC_FREE(lck);
2276
2277 return NT_STATUS_OK;
2278 }
2279
2280
2281 /****************************************************************************
2282 Open a file for for write to ensure that we can fchmod it.
2283 ****************************************************************************/
2284
2285 NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn,
2286 struct smb_filename *smb_fname,
2287 files_struct **result)
2288 {
2289 files_struct *fsp = NULL;
2290 NTSTATUS status;
2291
2292 if (!VALID_STAT(smb_fname->st)) {
2293 return NT_STATUS_INVALID_PARAMETER;
2294 }
2295
2296 status = file_new(req, conn, &fsp);
2297 if(!NT_STATUS_IS_OK(status)) {
2298 return status;
2299 }
2300
2301 status = SMB_VFS_CREATE_FILE(
2302 conn, /* conn */
2303 NULL, /* req */
2304 0, /* root_dir_fid */
2305 smb_fname, /* fname */
2306 FILE_WRITE_DATA, /* access_mask */
2307 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2308 FILE_SHARE_DELETE),
2309 FILE_OPEN, /* create_disposition*/
2310 0, /* create_options */
2311 0, /* file_attributes */
2312 0, /* oplock_request */
2313 0, /* allocation_size */
2314 0, /* private_flags */
2315 NULL, /* sd */
2316 NULL, /* ea_list */
2317 &fsp, /* result */
2318 NULL); /* pinfo */
2319
2320 /*
2321 * This is not a user visible file open.
2322 * Don't set a share mode.
2323 */
2324
2325 if (!NT_STATUS_IS_OK(status)) {
2326 file_free(req, fsp);
2327 return status;
2328 }
2329
2330 *result = fsp;
2331 return NT_STATUS_OK;
2332 }
2333
2334 /****************************************************************************
2335 Close the fchmod file fd - ensure no locks are lost.
2336 ****************************************************************************/
2337
2338 NTSTATUS close_file_fchmod(struct smb_request *req, files_struct *fsp)
2339 {
2340 NTSTATUS status = fd_close(fsp);
2341 file_free(req, fsp);
2342 return status;
2343 }
2344
2345 static NTSTATUS mkdir_internal(connection_struct *conn,
2346 struct smb_filename *smb_dname,
2347 uint32 file_attributes)
2348 {
2349 mode_t mode;
2350 char *parent_dir;
2351 NTSTATUS status;
2352 bool posix_open = false;
2353
2354 if(!CAN_WRITE(conn)) {
2355 DEBUG(5,("mkdir_internal: failing create on read-only share "
2356 "%s\n", lp_servicename(SNUM(conn))));
2357 return NT_STATUS_ACCESS_DENIED;
2358 }
2359
2360 status = check_name(conn, smb_dname->base_name);
2361 if (!NT_STATUS_IS_OK(status)) {
2362 return status;
2363 }
2364
2365 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2366 NULL)) {
2367 return NT_STATUS_NO_MEMORY;
2368 }
2369
2370 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2371 posix_open = true;
2372 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2373 } else {
2374 mode = unix_mode(conn, aDIR, smb_dname, parent_dir);
2375 }
2376
2377 if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2378 return map_nt_error_from_unix(errno);
2379 }
2380
2381 /* Ensure we're checking for a symlink here.... */
2382 /* We don't want to get caught by a symlink racer. */
2383
2384 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2385 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2386 smb_fname_str_dbg(smb_dname), strerror(errno)));
2387 return map_nt_error_from_unix(errno);
2388 }
2389
2390 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2391 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2392 smb_fname_str_dbg(smb_dname)));
2393 return NT_STATUS_ACCESS_DENIED;
2394 }
2395
2396 if (lp_store_dos_attributes(SNUM(conn))) {
2397 if (!posix_open) {
2398 file_set_dosmode(conn, smb_dname,
2399 file_attributes | aDIR,
2400 parent_dir, true);
2401 }
2402 }
2403
2404 if (lp_inherit_perms(SNUM(conn))) {
2405 inherit_access_posix_acl(conn, parent_dir,
2406 smb_dname->base_name, mode);
2407 }
2408
2409 if (!posix_open) {
2410 /*
2411 * Check if high bits should have been set,
2412 * then (if bits are missing): add them.
2413 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2414 * dir.
2415 */
2416 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2417 (mode & ~smb_dname->st.st_ex_mode)) {
2418 SMB_VFS_CHMOD(conn, smb_dname->base_name,
2419 (smb_dname->st.st_ex_mode |
2420 (mode & ~smb_dname->st.st_ex_mode)));
2421 }
2422 }
2423
2424 /* Change the owner if required. */
2425 if (lp_inherit_owner(SNUM(conn))) {
2426 change_dir_owner_to_parent(conn, parent_dir,
2427 smb_dname->base_name,
2428 &smb_dname->st);
2429 }
2430
2431 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2432 smb_dname->base_name);
2433
2434 return NT_STATUS_OK;
2435 }
2436
2437 /****************************************************************************
2438 Open a directory from an NT SMB call.
2439 ****************************************************************************/
2440
2441 static NTSTATUS open_directory(connection_struct *conn,
2442 struct smb_request *req,
2443 struct smb_filename *smb_dname,
2444 uint32 access_mask,
2445 uint32 share_access,
2446 uint32 create_disposition,
2447 uint32 create_options,
2448 uint32 file_attributes,
2449 int *pinfo,
2450 files_struct **result)
2451 {
2452 files_struct *fsp = NULL;
2453 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
2454 struct share_mode_lock *lck = NULL;
2455 NTSTATUS status;
2456 struct timespec mtimespec;
2457 int info = 0;
2458
2459 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
2460
2461 /* Ensure we have a directory attribute. */
2462 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
2463
2464 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2465 "share_access = 0x%x create_options = 0x%x, "
2466 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2467 smb_fname_str_dbg(smb_dname),
2468 (unsigned int)access_mask,
2469 (unsigned int)share_access,
2470 (unsigned int)create_options,
2471 (unsigned int)create_disposition,
2472 (unsigned int)file_attributes));
2473
2474 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2475 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2476 is_ntfs_stream_smb_fname(smb_dname)) {
2477 DEBUG(2, ("open_directory: %s is a stream name!\n",
2478 smb_fname_str_dbg(smb_dname)));
2479 return NT_STATUS_NOT_A_DIRECTORY;
2480 }
2481
2482 status = calculate_access_mask(conn, smb_dname, dir_existed,
2483 access_mask, &access_mask);
2484 if (!NT_STATUS_IS_OK(status)) {
2485 DEBUG(10, ("open_directory: calculate_access_mask "
2486 "on file %s returned %s\n",
2487 smb_fname_str_dbg(smb_dname),
2488 nt_errstr(status)));
2489 return status;
2490 }
2491
2492 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2493 !security_token_has_privilege(get_current_nttok(conn),
2494 SEC_PRIV_SECURITY)) {
2495 DEBUG(10, ("open_directory: open on %s "
2496 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2497 smb_fname_str_dbg(smb_dname)));
2498 return NT_STATUS_PRIVILEGE_NOT_HELD;
2499 }
2500
2501 switch( create_disposition ) {
2502 case FILE_OPEN:
2503
2504 info = FILE_WAS_OPENED;
2505
2506 /*
2507 * We want to follow symlinks here.
2508 */
2509
2510 if (SMB_VFS_STAT(conn, smb_dname) != 0) {
2511 return map_nt_error_from_unix(errno);
2512 }
2513
2514 break;
2515
2516 case FILE_CREATE:
2517
2518 /* If directory exists error. If directory doesn't
2519 * exist create. */
2520
2521 status = mkdir_internal(conn, smb_dname,
2522 file_attributes);
2523
2524 if (!NT_STATUS_IS_OK(status)) {
2525 DEBUG(2, ("open_directory: unable to create "
2526 "%s. Error was %s\n",
2527 smb_fname_str_dbg(smb_dname),
2528 nt_errstr(status)));
2529 return status;
2530 }
2531
2532 info = FILE_WAS_CREATED;
2533 break;
2534
2535 case FILE_OPEN_IF:
2536 /*
2537 * If directory exists open. If directory doesn't
2538 * exist create.
2539 */
2540
2541 status = mkdir_internal(conn, smb_dname,
2542 file_attributes);
2543
2544 if (NT_STATUS_IS_OK(status)) {
2545 info = FILE_WAS_CREATED;
2546 }
2547
2548 if (NT_STATUS_EQUAL(status,
2549 NT_STATUS_OBJECT_NAME_COLLISION)) {
2550 info = FILE_WAS_OPENED;
2551 status = NT_STATUS_OK;
2552 }
2553
2554 break;
2555
2556 case FILE_SUPERSEDE:
2557 case FILE_OVERWRITE:
2558 case FILE_OVERWRITE_IF:
2559 default:
2560 DEBUG(5,("open_directory: invalid create_disposition "
2561 "0x%x for directory %s\n",
2562 (unsigned int)create_disposition,
2563 smb_fname_str_dbg(smb_dname)));
2564 return NT_STATUS_INVALID_PARAMETER;
2565 }
2566
2567 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
2568 DEBUG(5,("open_directory: %s is not a directory !\n",
2569 smb_fname_str_dbg(smb_dname)));
2570 return NT_STATUS_NOT_A_DIRECTORY;
2571 }
2572
2573 if (info == FILE_WAS_OPENED) {
2574 uint32_t access_granted = 0;
2575 status = smbd_check_open_rights(conn, smb_dname, access_mask,
2576 &access_granted);
2577
2578 /* Were we trying to do a directory open
2579 * for delete and didn't get DELETE
2580 * access (only) ? Check if the
2581 * directory allows DELETE_CHILD.
2582 * See here:
2583 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
2584 * for details. */
2585
2586 if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
2587 (access_mask & DELETE_ACCESS) &&
2588 (access_granted == DELETE_ACCESS) &&
2589 can_delete_file_in_directory(conn, smb_dname))) {
2590 DEBUG(10,("open_directory: overrode ACCESS_DENIED "
2591 "on directory %s\n",
2592 smb_fname_str_dbg(smb_dname)));
2593 status = NT_STATUS_OK;
2594 }
2595
2596 if (!NT_STATUS_IS_OK(status)) {
2597 DEBUG(10, ("open_directory: smbd_check_open_rights on "
2598 "file %s failed with %s\n",
2599 smb_fname_str_dbg(smb_dname),
2600 nt_errstr(status)));
2601 return status;
2602 }
2603 }
2604
2605 status = file_new(req, conn, &fsp);
2606 if(!NT_STATUS_IS_OK(status)) {
2607 return status;
2608 }
2609
2610 /*
2611 * Setup the files_struct for it.
2612 */
2613
2614 fsp->mode = smb_dname->st.st_ex_mode;
2615 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
2616 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2617 fsp->file_pid = req ? req->smbpid : 0;
2618 fsp->can_lock = False;
2619 fsp->can_read = False;
2620 fsp->can_write = False;
2621
2622 fsp->share_access = share_access;
2623 fsp->fh->private_options = 0;
2624 /*
2625 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2626 */
2627 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2628 fsp->print_file = NULL;
2629 fsp->modified = False;
2630 fsp->oplock_type = NO_OPLOCK;
2631 fsp->sent_oplock_break = NO_BREAK_SENT;
2632 fsp->is_directory = True;
2633 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2634 status = fsp_set_smb_fname(fsp, smb_dname);
2635 if (!NT_STATUS_IS_OK(status)) {
2636 return status;
2637 }
2638
2639 mtimespec = smb_dname->st.st_ex_mtime;
2640
2641 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2642 conn->connectpath, smb_dname, &mtimespec);
2643
2644 if (lck == NULL) {
2645 DEBUG(0, ("open_directory: Could not get share mode lock for "
2646 "%s\n", smb_fname_str_dbg(smb_dname)));
2647 file_free(req, fsp);
2648 return NT_STATUS_SHARING_VIOLATION;
2649 }
2650
2651 status = open_mode_check(conn, lck, access_mask, share_access,
2652 create_options, &dir_existed);
2653
2654 if (!NT_STATUS_IS_OK(status)) {
2655 TALLOC_FREE(lck);
2656 file_free(req, fsp);
2657 return status;
2658 }
2659
2660 set_share_mode(lck, fsp, get_current_uid(conn), 0, NO_OPLOCK);
2661
2662 /* For directories the delete on close bit at open time seems
2663 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2664 if (create_options & FILE_DELETE_ON_CLOSE) {
2665 status = can_set_delete_on_close(fsp, 0);
2666 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2667 TALLOC_FREE(lck);
2668 file_free(req, fsp);
2669 return status;
2670 }
2671
2672 if (NT_STATUS_IS_OK(status)) {
2673 /* Note that here we set the *inital* delete on close flag,
2674 not the regular one. The magic gets handled in close. */
2675 fsp->initial_delete_on_close = True;
2676 }
2677 }
2678
2679 TALLOC_FREE(lck);
2680
2681 if (pinfo) {
2682 *pinfo = info;
2683 }
2684
2685 *result = fsp;
2686 return NT_STATUS_OK;
2687 }
2688
2689 NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
2690 struct smb_filename *smb_dname)
2691 {
2692 NTSTATUS status;
2693 files_struct *fsp;
2694
2695 status = SMB_VFS_CREATE_FILE(
2696 conn, /* conn */
2697 req, /* req */
2698 0, /* root_dir_fid */
2699 smb_dname, /* fname */
2700 FILE_READ_ATTRIBUTES, /* access_mask */
2701 FILE_SHARE_NONE, /* share_access */
2702 FILE_CREATE, /* create_disposition*/
2703 FILE_DIRECTORY_FILE, /* create_options */
2704 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
2705 0, /* oplock_request */
2706 0, /* allocation_size */
2707 0, /* private_flags */
2708 NULL, /* sd */
2709 NULL, /* ea_list */
2710 &fsp, /* result */
2711 NULL); /* pinfo */
2712
2713 if (NT_STATUS_IS_OK(status)) {
2714 close_file(req, fsp, NORMAL_CLOSE);
2715 }
2716
2717 return status;
2718 }
2719
2720 /****************************************************************************
2721 Receive notification that one of our open files has been renamed by another
2722 smbd process.
2723 ****************************************************************************/
2724
2725 void msg_file_was_renamed(struct messaging_context *msg,
2726 void *private_data,
2727 uint32_t msg_type,
2728 struct server_id server_id,
2729 DATA_BLOB *data)
2730 {
2731 struct smbd_server_connection *sconn;
2732 files_struct *fsp;
2733 char *frm = (char *)data->data;
2734 struct file_id id;
2735 const char *sharepath;
2736 const char *base_name;
2737 const char *stream_name;
2738 struct smb_filename *smb_fname = NULL;
2739 size_t sp_len, bn_len;
2740 NTSTATUS status;
2741
2742 sconn = msg_ctx_to_sconn(msg);
2743 if (sconn == NULL) {
2744 DEBUG(1, ("could not find sconn\n"));
2745 return;
2746 }
2747
2748 if (data->data == NULL
2749 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2750 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2751 (int)data->length));
2752 return;
2753 }
2754
2755 /* Unpack the message. */
2756 pull_file_id_24(frm, &id);
2757 sharepath = &frm[24];
2758 sp_len = strlen(sharepath);
2759 base_name = sharepath + sp_len + 1;
2760 bn_len = strlen(base_name);
2761 stream_name = sharepath + sp_len + 1 + bn_len + 1;
2762
2763 /* stream_name must always be NULL if there is no stream. */
2764 if (stream_name[0] == '\0') {
2765 stream_name = NULL;
2766 }
2767
2768 status = create_synthetic_smb_fname(talloc_tos(), base_name,
2769 stream_name, NULL, &smb_fname);
2770 if (!NT_STATUS_IS_OK(status)) {
2771 return;
2772 }
2773
2774 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2775 "file_id %s\n",
2776 sharepath, smb_fname_str_dbg(smb_fname),
2777 file_id_string_tos(&id)));
2778
2779 for(fsp = file_find_di_first(sconn, id); fsp;
2780 fsp = file_find_di_next(fsp)) {
2781 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2782
2783 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2784 fsp->fnum, fsp_str_dbg(fsp),
2785 smb_fname_str_dbg(smb_fname)));
2786 status = fsp_set_smb_fname(fsp, smb_fname);
2787 if (!NT_STATUS_IS_OK(status)) {
2788 goto out;
2789 }
2790 } else {
2791 /* TODO. JRA. */
2792 /* Now we have the complete path we can work out if this is
2793 actually within this share and adjust newname accordingly. */
2794 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2795 "not sharepath %s) "
2796 "fnum %d from %s -> %s\n",
2797 fsp->conn->connectpath,
2798 sharepath,
2799 fsp->fnum,
2800 fsp_str_dbg(fsp),
2801 smb_fname_str_dbg(smb_fname)));
2802 }
2803 }
2804 out:
2805 TALLOC_FREE(smb_fname);
2806 return;
2807 }
2808
2809 /*
2810 * If a main file is opened for delete, all streams need to be checked for
2811 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2812 * If that works, delete them all by setting the delete on close and close.
2813 */
2814
2815 NTSTATUS open_streams_for_delete(connection_struct *conn,
2816 const char *fname)
2817 {
2818 struct stream_struct *stream_info;
2819 files_struct **streams;
2820 int i;
2821 unsigned int num_streams;
2822 TALLOC_CTX *frame = talloc_stackframe();
2823 NTSTATUS status;
2824
2825 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2826 &num_streams, &stream_info);
2827
2828 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2829 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2830 DEBUG(10, ("no streams around\n"));
2831 TALLOC_FREE(frame);
2832 return NT_STATUS_OK;
2833 }
2834
2835 if (!NT_STATUS_IS_OK(status)) {
2836 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2837 nt_errstr(status)));
2838 goto fail;
2839 }
2840
2841 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2842 num_streams));
2843
2844 if (num_streams == 0) {
2845 TALLOC_FREE(frame);
2846 return NT_STATUS_OK;
2847 }
2848
2849 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2850 if (streams == NULL) {
2851 DEBUG(0, ("talloc failed\n"));
2852 status = NT_STATUS_NO_MEMORY;
2853 goto fail;
2854 }
2855
2856 for (i=0; i<num_streams; i++) {
2857 struct smb_filename *smb_fname = NULL;
2858
2859 if (strequal(stream_info[i].name, "::$DATA")) {
2860 streams[i] = NULL;
2861 continue;
2862 }
2863
2864 status = create_synthetic_smb_fname(talloc_tos(), fname,
2865 stream_info[i].name,
2866 NULL, &smb_fname);
2867 if (!NT_STATUS_IS_OK(status)) {
2868 goto fail;
2869 }
2870
2871 if (SMB_VFS_STAT(conn, smb_fname) == -1) {
2872 DEBUG(10, ("Unable to stat stream: %s\n",
2873 smb_fname_str_dbg(smb_fname)));
2874 }
2875
2876 status = SMB_VFS_CREATE_FILE(
2877 conn, /* conn */
2878 NULL, /* req */
2879 0, /* root_dir_fid */
2880 smb_fname, /* fname */
2881 DELETE_ACCESS, /* access_mask */
2882 (FILE_SHARE_READ | /* share_access */
2883 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
2884 FILE_OPEN, /* create_disposition*/
2885 0, /* create_options */
2886 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2887 0, /* oplock_request */
2888 0, /* allocation_size */
2889 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* private_flags */
2890 NULL, /* sd */
2891 NULL, /* ea_list */
2892 &streams[i], /* result */
2893 NULL); /* pinfo */
2894
2895 if (!NT_STATUS_IS_OK(status)) {
2896 DEBUG(10, ("Could not open stream %s: %s\n",
2897 smb_fname_str_dbg(smb_fname),
2898 nt_errstr(status)));
2899
2900 TALLOC_FREE(smb_fname);
2901 break;
2902 }
2903 TALLOC_FREE(smb_fname);
2904 }
2905
2906 /*
2907 * don't touch the variable "status" beyond this point :-)
2908 */
2909
2910 for (i -= 1 ; i >= 0; i--) {
2911 if (streams[i] == NULL) {
2912 continue;
2913 }
2914
2915 DEBUG(10, ("Closing stream # %d, %s\n", i,
2916 fsp_str_dbg(streams[i])));
2917 close_file(NULL, streams[i], NORMAL_CLOSE);
2918 }
2919
2920 fail:
2921 TALLOC_FREE(frame);
2922 return status;
2923 }
2924
2925 /*
2926 * Wrapper around open_file_ntcreate and open_directory
2927 */
2928
2929 static NTSTATUS create_file_unixpath(connection_struct *conn,
2930 struct smb_request *req,
2931 struct smb_filename *smb_fname,
2932 uint32_t access_mask,
2933 uint32_t share_access,
2934 uint32_t create_disposition,
2935 uint32_t create_options,
2936 uint32_t file_attributes,
2937 uint32_t oplock_request,
2938 uint64_t allocation_size,
2939 uint32_t private_flags,
2940 struct security_descriptor *sd,
2941 struct ea_list *ea_list,
2942
2943 files_struct **result,
2944 int *pinfo)
2945 {
2946 int info = FILE_WAS_OPENED;
2947 files_struct *base_fsp = NULL;
2948 files_struct *fsp = NULL;
2949 NTSTATUS status;
2950
2951 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2952 "file_attributes = 0x%x, share_access = 0x%x, "
2953 "create_disposition = 0x%x create_options = 0x%x "
2954 "oplock_request = 0x%x private_flags = 0x%x "
2955 "ea_list = 0x%p, sd = 0x%p, "
2956 "fname = %s\n",
2957 (unsigned int)access_mask,
2958 (unsigned int)file_attributes,
2959 (unsigned int)share_access,
2960 (unsigned int)create_disposition,
2961 (unsigned int)create_options,
2962 (unsigned int)oplock_request,
2963 (unsigned int)private_flags,
2964 ea_list, sd, smb_fname_str_dbg(smb_fname)));
2965
2966 if (create_options & FILE_OPEN_BY_FILE_ID) {
2967 status = NT_STATUS_NOT_SUPPORTED;
2968 goto fail;
2969 }
2970
2971 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2972 status = NT_STATUS_INVALID_PARAMETER;
2973 goto fail;
2974 }
2975
2976 if (req == NULL) {
2977 oplock_request |= INTERNAL_OPEN_ONLY;
2978 }
2979
2980 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2981 && (access_mask & DELETE_ACCESS)
2982 && !is_ntfs_stream_smb_fname(smb_fname)) {
2983 /*
2984 * We can't open a file with DELETE access if any of the
2985 * streams is open without FILE_SHARE_DELETE
2986 */
2987 status = open_streams_for_delete(conn, smb_fname->base_name);
2988
2989 if (!NT_STATUS_IS_OK(status)) {
2990 goto fail;
2991 }
2992 }
2993
2994 /* This is the correct thing to do (check every time) but can_delete
2995 * is expensive (it may have to read the parent directory
2996 * permissions). So for now we're not doing it unless we have a strong
2997 * hint the client is really going to delete this file. If the client
2998 * is forcing FILE_CREATE let the filesystem take care of the
2999 * permissions. */
3000
3001 /* Setting FILE_SHARE_DELETE is the hint. */
3002
3003 if (lp_acl_check_permissions(SNUM(conn))
3004 && (create_disposition != FILE_CREATE)
3005 && (share_access & FILE_SHARE_DELETE)
3006 && (access_mask & DELETE_ACCESS)
3007 && (!(can_delete_file_in_directory(conn, smb_fname) ||
3008 can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {
3009 status = NT_STATUS_ACCESS_DENIED;
3010 DEBUG(10,("create_file_unixpath: open file %s "
3011 "for delete ACCESS_DENIED\n",
3012 smb_fname_str_dbg(smb_fname)));
3013 goto fail;
3014 }
3015
3016 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
3017 !security_token_has_privilege(get_current_nttok(conn),
3018 SEC_PRIV_SECURITY)) {
3019 DEBUG(10, ("create_file_unixpath: open on %s "
3020 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
3021 smb_fname_str_dbg(smb_fname)));
3022 status = NT_STATUS_PRIVILEGE_NOT_HELD;
3023 goto fail;
3024 }
3025
3026 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3027 && is_ntfs_stream_smb_fname(smb_fname)
3028 && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
3029 uint32 base_create_disposition;
3030 struct smb_filename *smb_fname_base = NULL;
3031
3032 if (create_options & FILE_DIRECTORY_FILE) {
3033 status = NT_STATUS_NOT_A_DIRECTORY;
3034 goto fail;
3035 }
3036
3037 switch (create_disposition) {
3038 case FILE_OPEN:
3039 base_create_disposition = FILE_OPEN;
3040 break;
3041 default:
3042 base_create_disposition = FILE_OPEN_IF;
3043 break;
3044 }
3045
3046 /* Create an smb_filename with stream_name == NULL. */
3047 status = create_synthetic_smb_fname(talloc_tos(),
3048 smb_fname->base_name,
3049 NULL, NULL,
3050 &smb_fname_base);
3051 if (!NT_STATUS_IS_OK(status)) {
3052 goto fail;
3053 }
3054
3055 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
3056 DEBUG(10, ("Unable to stat stream: %s\n",
3057 smb_fname_str_dbg(smb_fname_base)));
3058 }
3059
3060 /* Open the base file. */
3061 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
3062 FILE_SHARE_READ
3063 | FILE_SHARE_WRITE
3064 | FILE_SHARE_DELETE,
3065 base_create_disposition,
3066 0, 0, 0, 0, 0, NULL, NULL,
3067 &base_fsp, NULL);
3068 TALLOC_FREE(smb_fname_base);
3069
3070 if (!NT_STATUS_IS_OK(status)) {
3071 DEBUG(10, ("create_file_unixpath for base %s failed: "
3072 "%s\n", smb_fname->base_name,
3073 nt_errstr(status)));
3074 goto fail;
3075 }
3076 /* we don't need to low level fd */
3077 fd_close(base_fsp);
3078 }
3079
3080 /*
3081 * If it's a request for a directory open, deal with it separately.
3082 */
3083
3084 if (create_options & FILE_DIRECTORY_FILE) {
3085
3086 if (create_options & FILE_NON_DIRECTORY_FILE) {
3087 status = NT_STATUS_INVALID_PARAMETER;
3088 goto fail;
3089 }
3090
3091 /* Can't open a temp directory. IFS kit test. */
3092 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
3093 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
3094 status = NT_STATUS_INVALID_PARAMETER;
3095 goto fail;
3096 }
3097
3098 /*
3099 * We will get a create directory here if the Win32
3100 * app specified a security descriptor in the
3101 * CreateDirectory() call.
3102 */
3103
3104 oplock_request = 0;
3105 status = open_directory(
3106 conn, req, smb_fname, access_mask, share_access,
3107 create_disposition, create_options, file_attributes,
3108 &info, &fsp);
3109 } else {
3110
3111 /*
3112 * Ordinary file case.
3113 */
3114
3115 status = file_new(req, conn, &fsp);
3116 if(!NT_STATUS_IS_OK(status)) {
3117 goto fail;
3118 }
3119
3120 status = fsp_set_smb_fname(fsp, smb_fname);
3121 if (!NT_STATUS_IS_OK(status)) {
3122 goto fail;
3123 }
3124
3125 /*
3126 * We're opening the stream element of a base_fsp
3127 * we already opened. Set up the base_fsp pointer.
3128 */
3129 if (base_fsp) {
3130 fsp->base_fsp = base_fsp;
3131 }
3132
3133 status = open_file_ntcreate(conn,
3134 req,
3135 access_mask,
3136 share_access,
3137 create_disposition,
3138 create_options,
3139 file_attributes,
3140 oplock_request,
3141 private_flags,
3142 &info,
3143 fsp);
3144
3145 if(!NT_STATUS_IS_OK(status)) {
3146 file_free(req, fsp);
3147 fsp = NULL;
3148 }
3149
3150 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3151
3152 /* A stream open never opens a directory */
3153
3154 if (base_fsp) {
3155 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3156 goto fail;
3157 }
3158
3159 /*
3160 * Fail the open if it was explicitly a non-directory
3161 * file.
3162 */
3163
3164 if (create_options & FILE_NON_DIRECTORY_FILE) {
3165 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3166 goto fail;
3167 }
3168
3169 oplock_request = 0;
3170 status = open_directory(
3171 conn, req, smb_fname, access_mask,
3172 share_access, create_disposition,
3173 create_options, file_attributes,
3174 &info, &fsp);
3175 }
3176 }
3177
3178 if (!NT_STATUS_IS_OK(status)) {
3179 goto fail;
3180 }
3181
3182 fsp->base_fsp = base_fsp;
3183
3184 /*
3185 * According to the MS documentation, the only time the security
3186 * descriptor is applied to the opened file is iff we *created* the
3187 * file; an existing file stays the same.
3188 *
3189 * Also, it seems (from observation) that you can open the file with
3190 * any access mask but you can still write the sd. We need to override
3191 * the granted access before we call set_sd
3192 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3193 */
3194
3195 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3196 && lp_nt_acl_support(SNUM(conn))) {
3197
3198 uint32_t sec_info_sent;
3199 uint32_t saved_access_mask = fsp->access_mask;
3200
3201 sec_info_sent = get_sec_info(sd);
3202
3203 fsp->access_mask = FILE_GENERIC_ALL;
3204
3205 /* Convert all the generic bits. */
3206 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3207 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3208
3209 if (sec_info_sent & (SECINFO_OWNER|
3210 SECINFO_GROUP|
3211 SECINFO_DACL|
3212 SECINFO_SACL)) {
3213 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3214 }
3215
3216 fsp->access_mask = saved_access_mask;
3217
3218 if (!NT_STATUS_IS_OK(status)) {
3219 goto fail;
3220 }
3221 }
3222
3223 if ((ea_list != NULL) &&
3224 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
3225 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
3226 if (!NT_STATUS_IS_OK(status)) {
3227 goto fail;
3228 }
3229 }
3230
3231 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
3232 status = NT_STATUS_ACCESS_DENIED;
3233 goto fail;
3234 }
3235
3236 /* Save the requested allocation size. */
3237 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3238 if (allocation_size
3239 && (allocation_size > fsp->fsp_name->st.st_ex_size)) {
3240 fsp->initial_allocation_size = smb_roundup(
3241 fsp->conn, allocation_size);
3242 if (fsp->is_directory) {
3243 /* Can't set allocation size on a directory. */
3244 status = NT_STATUS_ACCESS_DENIED;
3245 goto fail;
3246 }
3247 if (vfs_allocate_file_space(
3248 fsp, fsp->initial_allocation_size) == -1) {
3249 status = NT_STATUS_DISK_FULL;
3250 goto fail;
3251 }
3252 } else {
3253 fsp->initial_allocation_size = smb_roundup(
3254 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
3255 }
3256 }
3257
3258 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3259
3260 *result = fsp;
3261 if (pinfo != NULL) {
3262 *pinfo = info;
3263 }
3264
3265 smb_fname->st = fsp->fsp_name->st;
3266
3267 return NT_STATUS_OK;
3268
3269 fail:
3270 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3271
3272 if (fsp != NULL) {
3273 if (base_fsp && fsp->base_fsp == base_fsp) {
3274 /*
3275 * The close_file below will close
3276 * fsp->base_fsp.
3277 */
3278 base_fsp = NULL;
3279 }
3280 close_file(req, fsp, ERROR_CLOSE);
3281 fsp = NULL;
3282 }
3283 if (base_fsp != NULL) {
3284 close_file(req, base_fsp, ERROR_CLOSE);
3285 base_fsp = NULL;
3286 }
3287 return status;
3288 }
3289
3290 /*
3291 * Calculate the full path name given a relative fid.
3292 */
3293 NTSTATUS get_relative_fid_filename(connection_struct *conn,
3294 struct smb_request *req,
3295 uint16_t root_dir_fid,
3296 struct smb_filename *smb_fname)
3297 {
3298 files_struct *dir_fsp;
3299 char *parent_fname = NULL;
3300 char *new_base_name = NULL;
3301 NTSTATUS status;
3302
3303 if (root_dir_fid == 0 || !smb_fname) {
3304 status = NT_STATUS_INTERNAL_ERROR;
3305 goto out;
3306 }
3307
3308 dir_fsp = file_fsp(req, root_dir_fid);
3309
3310 if (dir_fsp == NULL) {
3311 status = NT_STATUS_INVALID_HANDLE;
3312 goto out;
3313 }
3314
3315 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
3316 status = NT_STATUS_INVALID_HANDLE;
3317 goto out;
3318 }
3319
3320 if (!dir_fsp->is_directory) {
3321
3322 /*
3323 * Check to see if this is a mac fork of some kind.
3324 */
3325
3326 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3327 is_ntfs_stream_smb_fname(smb_fname)) {
3328 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3329 goto out;
3330 }
3331
3332 /*
3333 we need to handle the case when we get a
3334 relative open relative to a file and the
3335 pathname is blank - this is a reopen!
3336 (hint from demyn plantenberg)
3337 */
3338
3339 status = NT_STATUS_INVALID_HANDLE;
3340 goto out;
3341 }
3342
3343 if (ISDOT(dir_fsp->fsp_name->base_name)) {
3344 /*
3345 * We're at the toplevel dir, the final file name
3346 * must not contain ./, as this is filtered out
3347 * normally by srvstr_get_path and unix_convert
3348 * explicitly rejects paths containing ./.
3349 */
3350 parent_fname = talloc_strdup(talloc_tos(), "");
3351 if (parent_fname == NULL) {
3352 status = NT_STATUS_NO_MEMORY;
3353 goto out;
3354 }
3355 } else {
3356 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
3357
3358 /*
3359 * Copy in the base directory name.
3360 */
3361
3362 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3363 dir_name_len+2);
3364 if (parent_fname == NULL) {
3365 status = NT_STATUS_NO_MEMORY;
3366 goto out;
3367 }
3368 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
3369 dir_name_len+1);
3370
3371 /*
3372 * Ensure it ends in a '/'.
3373 * We used TALLOC_SIZE +2 to add space for the '/'.
3374 */
3375
3376 if(dir_name_len
3377 && (parent_fname[dir_name_len-1] != '\\')
3378 && (parent_fname[dir_name_len-1] != '/')) {
3379 parent_fname[dir_name_len] = '/';
3380 parent_fname[dir_name_len+1] = '\0';
3381 }
3382 }
3383
3384 new_base_name = talloc_asprintf(smb_fname, "%s%s", parent_fname,
3385 smb_fname->base_name);
3386 if (new_base_name == NULL) {
3387 status = NT_STATUS_NO_MEMORY;
3388 goto out;
3389 }
3390
3391 TALLOC_FREE(smb_fname->base_name);
3392 smb_fname->base_name = new_base_name;
3393 status = NT_STATUS_OK;
3394
3395 out:
3396 TALLOC_FREE(parent_fname);
3397 return status;
3398 }
3399
3400 NTSTATUS create_file_default(connection_struct *conn,
3401 struct smb_request *req,
3402 uint16_t root_dir_fid,
3403 struct smb_filename *smb_fname,
3404 uint32_t access_mask,
3405 uint32_t share_access,
3406 uint32_t create_disposition,
3407 uint32_t create_options,
3408 uint32_t file_attributes,
3409 uint32_t oplock_request,
3410 uint64_t allocation_size,
3411 uint32_t private_flags,
3412 struct security_descriptor *sd,
3413 struct ea_list *ea_list,
3414 files_struct **result,
3415 int *pinfo)
3416 {
3417 int info = FILE_WAS_OPENED;
3418 files_struct *fsp = NULL;
3419 NTSTATUS status;
3420 bool stream_name = false;
3421
3422 DEBUG(10,("create_file: access_mask = 0x%x "
3423 "file_attributes = 0x%x, share_access = 0x%x, "
3424 "create_disposition = 0x%x create_options = 0x%x "
3425 "oplock_request = 0x%x "
3426 "private_flags = 0x%x "
3427 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3428 "fname = %s\n",
3429 (unsigned int)access_mask,
3430 (unsigned int)file_attributes,
3431 (unsigned int)share_access,
3432 (unsigned int)create_disposition,
3433 (unsigned int)create_options,
3434 (unsigned int)oplock_request,
3435 (unsigned int)private_flags,
3436 (unsigned int)root_dir_fid,
3437 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3438
3439 /*
3440 * Calculate the filename from the root_dir_if if necessary.
3441 */
3442
3443 if (root_dir_fid != 0) {
3444 status = get_relative_fid_filename(conn, req, root_dir_fid,
3445 smb_fname);
3446 if (!NT_STATUS_IS_OK(status)) {
3447 goto fail;
3448 }
3449 }
3450
3451 /*
3452 * Check to see if this is a mac fork of some kind.
3453 */
3454
3455 stream_name = is_ntfs_stream_smb_fname(smb_fname);
3456 if (stream_name) {
3457 enum FAKE_FILE_TYPE fake_file_type;
3458
3459 fake_file_type = is_fake_file(smb_fname);
3460
3461 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3462
3463 /*
3464 * Here we go! support for changing the disk quotas
3465 * --metze
3466 *
3467 * We need to fake up to open this MAGIC QUOTA file
3468 * and return a valid FID.
3469 *
3470 * w2k close this file directly after openening xp
3471 * also tries a QUERY_FILE_INFO on the file and then
3472 * close it
3473 */
3474 status = open_fake_file(req, conn, req->vuid,
3475 fake_file_type, smb_fname,
3476 access_mask, &fsp);
3477 if (!NT_STATUS_IS_OK(status)) {
3478 goto fail;
3479 }
3480
3481 ZERO_STRUCT(smb_fname->st);
3482 goto done;
3483 }
3484
3485 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3486 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3487 goto fail;
3488 }
3489 }
3490
3491 /* All file access must go through check_name() */
3492
3493 status = check_name(conn, smb_fname->base_name);
3494 if (!NT_STATUS_IS_OK(status)) {
3495 goto fail;
3496 }
3497
3498 if (stream_name && is_ntfs_default_stream_smb_fname(smb_fname)) {
3499 int ret;
3500 smb_fname->stream_name = NULL;
3501 /* We have to handle this error here. */
3502 if (create_options & FILE_DIRECTORY_FILE) {
3503 status = NT_STATUS_NOT_A_DIRECTORY;
3504 goto fail;
3505 }
3506 if (lp_posix_pathnames()) {
3507 ret = SMB_VFS_LSTAT(conn, smb_fname);
3508 } else {
3509 ret = SMB_VFS_STAT(conn, smb_fname);
3510 }
3511
3512 if (ret == 0 && VALID_STAT_OF_DIR(smb_fname->st)) {
3513 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3514 goto fail;
3515 }
3516 }
3517
3518 status = create_file_unixpath(
3519 conn, req, smb_fname, access_mask, share_access,
3520 create_disposition, create_options, file_attributes,
3521 oplock_request, allocation_size, private_flags,
3522 sd, ea_list,
3523 &fsp, &info);
3524
3525 if (!NT_STATUS_IS_OK(status)) {
3526 goto fail;
3527 }
3528
3529 done:
3530 DEBUG(10, ("create_file: info=%d\n", info));
3531
3532 *result = fsp;
3533 if (pinfo != NULL) {
3534 *pinfo = info;
3535 }
3536 return NT_STATUS_OK;
3537
3538 fail:
3539 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3540
3541 if (fsp != NULL) {
3542 close_file(req, fsp, ERROR_CLOSE);
3543 fsp = NULL;
3544 }
3545 return status;
3546 }
Anubhav's Work In Progress branches