source: branches/samba-3.2.x/source/smbd/open.c@ 205

Last change on this file since 205 was 204, checked in by Herwig Bauernfeind, 16 years ago

Update 3.2 branch to 3.2.4
File size: 86.5 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20*/
21
22#include "includes.h"
23
24extern const struct generic_mapping file_generic_mapping;
25extern struct current_user current_user;
26extern userdom_struct current_user_info;
27extern bool global_client_failed_oplock_break;
28
29struct deferred_open_record {
30 bool delayed_for_oplocks;
31 struct file_id id;
32};
33
34/****************************************************************************
35 fd support routines - attempt to do a dos_open.
36****************************************************************************/
37
38static NTSTATUS fd_open(struct connection_struct *conn,
39 const char *fname,
40 files_struct *fsp,
41 int flags,
42 mode_t mode)
43{
44 NTSTATUS status = NT_STATUS_OK;
45
46#ifdef O_NOFOLLOW
47 /*
48 * Never follow symlinks on a POSIX client. The
49 * client should be doing this.
50 */
51
52 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
53 flags |= O_NOFOLLOW;
54 }
55#endif
56
57 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
58 if (fsp->fh->fd == -1) {
59 status = map_nt_error_from_unix(errno);
60 }
61
62 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
63 fname, flags, (int)mode, fsp->fh->fd,
64 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
65
66 return status;
67}
68
69/****************************************************************************
70 Close the file associated with a fsp.
71****************************************************************************/
72
73NTSTATUS fd_close(files_struct *fsp)
74{
75 int ret;
76
77 if (fsp->fh->fd == -1) {
78 return NT_STATUS_OK; /* What we used to call a stat open. */
79 }
80 if (fsp->fh->ref_count > 1) {
81 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
82 }
83
84 ret = SMB_VFS_CLOSE(fsp);
85 fsp->fh->fd = -1;
86 if (ret == -1) {
87 return map_nt_error_from_unix(errno);
88 }
89 return NT_STATUS_OK;
90}
91
92/****************************************************************************
93 Change the ownership of a file to that of the parent directory.
94 Do this by fd if possible.
95****************************************************************************/
96
97static void change_file_owner_to_parent(connection_struct *conn,
98 const char *inherit_from_dir,
99 files_struct *fsp)
100{
101 SMB_STRUCT_STAT parent_st;
102 int ret;
103
104 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
105 if (ret == -1) {
106 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
107 "directory %s. Error was %s\n",
108 inherit_from_dir, strerror(errno) ));
109 return;
110 }
111
112 become_root();
113 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
114 unbecome_root();
115 if (ret == -1) {
116 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
117 "file %s to parent directory uid %u. Error "
118 "was %s\n", fsp->fsp_name,
119 (unsigned int)parent_st.st_uid,
120 strerror(errno) ));
121 }
122
123 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
124 "parent directory uid %u.\n", fsp->fsp_name,
125 (unsigned int)parent_st.st_uid ));
126}
127
128static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
129 const char *inherit_from_dir,
130 const char *fname,
131 SMB_STRUCT_STAT *psbuf)
132{
133 char *saved_dir = NULL;
134 SMB_STRUCT_STAT sbuf;
135 SMB_STRUCT_STAT parent_st;
136 TALLOC_CTX *ctx = talloc_tos();
137 NTSTATUS status = NT_STATUS_OK;
138 int ret;
139
140 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
141 if (ret == -1) {
142 status = map_nt_error_from_unix(errno);
143 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
144 "directory %s. Error was %s\n",
145 inherit_from_dir, strerror(errno) ));
146 return status;
147 }
148
149 /* We've already done an lstat into psbuf, and we know it's a
150 directory. If we can cd into the directory and the dev/ino
151 are the same then we can safely chown without races as
152 we're locking the directory in place by being in it. This
153 should work on any UNIX (thanks tridge :-). JRA.
154 */
155
156 saved_dir = vfs_GetWd(ctx,conn);
157 if (!saved_dir) {
158 status = map_nt_error_from_unix(errno);
159 DEBUG(0,("change_dir_owner_to_parent: failed to get "
160 "current working directory. Error was %s\n",
161 strerror(errno)));
162 return status;
163 }
164
165 /* Chdir into the new path. */
166 if (vfs_ChDir(conn, fname) == -1) {
167 status = map_nt_error_from_unix(errno);
168 DEBUG(0,("change_dir_owner_to_parent: failed to change "
169 "current working directory to %s. Error "
170 "was %s\n", fname, strerror(errno) ));
171 goto out;
172 }
173
174 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
175 status = map_nt_error_from_unix(errno);
176 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
177 "directory '.' (%s) Error was %s\n",
178 fname, strerror(errno)));
179 goto out;
180 }
181
182 /* Ensure we're pointing at the same place. */
183 if (sbuf.st_dev != psbuf->st_dev ||
184 sbuf.st_ino != psbuf->st_ino ||
185 sbuf.st_mode != psbuf->st_mode ) {
186 DEBUG(0,("change_dir_owner_to_parent: "
187 "device/inode/mode on directory %s changed. "
188 "Refusing to chown !\n", fname ));
189 status = NT_STATUS_ACCESS_DENIED;
190 goto out;
191 }
192
193 become_root();
194 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
195 unbecome_root();
196 if (ret == -1) {
197 status = map_nt_error_from_unix(errno);
198 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
199 "directory %s to parent directory uid %u. "
200 "Error was %s\n", fname,
201 (unsigned int)parent_st.st_uid, strerror(errno) ));
202 goto out;
203 }
204
205 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
206 "directory %s to parent directory uid %u.\n",
207 fname, (unsigned int)parent_st.st_uid ));
208
209 out:
210
211 vfs_ChDir(conn,saved_dir);
212 return status;
213}
214
215/****************************************************************************
216 Open a file.
217****************************************************************************/
218
219static NTSTATUS open_file(files_struct *fsp,
220 connection_struct *conn,
221 struct smb_request *req,
222 const char *parent_dir,
223 const char *name,
224 const char *path,
225 SMB_STRUCT_STAT *psbuf,
226 int flags,
227 mode_t unx_mode,
228 uint32 access_mask, /* client requested access mask. */
229 uint32 open_access_mask) /* what we're actually using in the open. */
230{
231 NTSTATUS status = NT_STATUS_OK;
232 int accmode = (flags & O_ACCMODE);
233 int local_flags = flags;
234 bool file_existed = VALID_STAT(*psbuf);
235
236 fsp->fh->fd = -1;
237 errno = EPERM;
238
239 /* Check permissions */
240
241 /*
242 * This code was changed after seeing a client open request
243 * containing the open mode of (DENY_WRITE/read-only) with
244 * the 'create if not exist' bit set. The previous code
245 * would fail to open the file read only on a read-only share
246 * as it was checking the flags parameter directly against O_RDONLY,
247 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
248 * JRA.
249 */
250
251 if (!CAN_WRITE(conn)) {
252 /* It's a read-only share - fail if we wanted to write. */
253 if(accmode != O_RDONLY) {
254 DEBUG(3,("Permission denied opening %s\n", path));
255 return NT_STATUS_ACCESS_DENIED;
256 } else if(flags & O_CREAT) {
257 /* We don't want to write - but we must make sure that
258 O_CREAT doesn't create the file if we have write
259 access into the directory.
260 */
261 flags &= ~O_CREAT;
262 local_flags &= ~O_CREAT;
263 }
264 }
265
266 /*
267 * This little piece of insanity is inspired by the
268 * fact that an NT client can open a file for O_RDONLY,
269 * but set the create disposition to FILE_EXISTS_TRUNCATE.
270 * If the client *can* write to the file, then it expects to
271 * truncate the file, even though it is opening for readonly.
272 * Quicken uses this stupid trick in backup file creation...
273 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
274 * for helping track this one down. It didn't bite us in 2.0.x
275 * as we always opened files read-write in that release. JRA.
276 */
277
278 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
279 DEBUG(10,("open_file: truncate requested on read-only open "
280 "for file %s\n", path));
281 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
282 }
283
284 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
285 (!file_existed && (local_flags & O_CREAT)) ||
286 ((local_flags & O_TRUNC) == O_TRUNC) ) {
287
288 /*
289 * We can't actually truncate here as the file may be locked.
290 * open_file_ntcreate will take care of the truncate later. JRA.
291 */
292
293 local_flags &= ~O_TRUNC;
294
295#if defined(O_NONBLOCK) && defined(S_ISFIFO)
296 /*
297 * We would block on opening a FIFO with no one else on the
298 * other end. Do what we used to do and add O_NONBLOCK to the
299 * open flags. JRA.
300 */
301
302 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
303 local_flags |= O_NONBLOCK;
304 }
305#endif
306
307 /* Don't create files with Microsoft wildcard characters. */
308 if ((local_flags & O_CREAT) && !file_existed &&
309 ms_has_wild(path)) {
310 return NT_STATUS_OBJECT_NAME_INVALID;
311 }
312
313 /* Actually do the open */
314 status = fd_open(conn, path, fsp, local_flags, unx_mode);
315 if (!NT_STATUS_IS_OK(status)) {
316 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
317 "(flags=%d)\n",
318 path,nt_errstr(status),local_flags,flags));
319 return status;
320 }
321
322 if ((local_flags & O_CREAT) && !file_existed) {
323
324 /* Inherit the ACL if required */
325 if (lp_inherit_perms(SNUM(conn))) {
326 inherit_access_acl(conn, parent_dir, path,
327 unx_mode);
328 }
329
330 /* Change the owner if required. */
331 if (lp_inherit_owner(SNUM(conn))) {
332 change_file_owner_to_parent(conn, parent_dir,
333 fsp);
334 }
335
336 notify_fname(conn, NOTIFY_ACTION_ADDED,
337 FILE_NOTIFY_CHANGE_FILE_NAME, path);
338 }
339
340 } else {
341 fsp->fh->fd = -1; /* What we used to call a stat open. */
342 }
343
344 if (!file_existed) {
345 int ret;
346
347 if (fsp->fh->fd == -1) {
348 ret = SMB_VFS_STAT(conn, path, psbuf);
349 } else {
350 ret = SMB_VFS_FSTAT(fsp, psbuf);
351 /* If we have an fd, this stat should succeed. */
352 if (ret == -1) {
353 DEBUG(0,("Error doing fstat on open file %s "
354 "(%s)\n", path,strerror(errno) ));
355 }
356 }
357
358 /* For a non-io open, this stat failing means file not found. JRA */
359 if (ret == -1) {
360 status = map_nt_error_from_unix(errno);
361 fd_close(fsp);
362 return status;
363 }
364 }
365
366 /*
367 * POSIX allows read-only opens of directories. We don't
368 * want to do this (we use a different code path for this)
369 * so catch a directory open and return an EISDIR. JRA.
370 */
371
372 if(S_ISDIR(psbuf->st_mode)) {
373 fd_close(fsp);
374 errno = EISDIR;
375 return NT_STATUS_FILE_IS_A_DIRECTORY;
376 }
377
378 fsp->mode = psbuf->st_mode;
379 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
380 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
381 fsp->file_pid = req ? req->smbpid : 0;
382 fsp->can_lock = True;
383 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
384 if (!CAN_WRITE(conn)) {
385 fsp->can_write = False;
386 } else {
387 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
388 True : False;
389 }
390 fsp->print_file = False;
391 fsp->modified = False;
392 fsp->sent_oplock_break = NO_BREAK_SENT;
393 fsp->is_directory = False;
394 fsp->is_stat = False;
395 if (conn->aio_write_behind_list &&
396 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
397 fsp->aio_write_behind = True;
398 }
399
400 string_set(&fsp->fsp_name, path);
401 fsp->wcp = NULL; /* Write cache pointer. */
402
403 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
404 *current_user_info.smb_name ?
405 current_user_info.smb_name : conn->user,fsp->fsp_name,
406 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
407 conn->num_files_open + 1));
408
409 errno = 0;
410 return NT_STATUS_OK;
411}
412
413/*******************************************************************
414 Return True if the filename is one of the special executable types.
415********************************************************************/
416
417static bool is_executable(const char *fname)
418{
419 if ((fname = strrchr_m(fname,'.'))) {
420 if (strequal(fname,".com") ||
421 strequal(fname,".dll") ||
422 strequal(fname,".exe") ||
423 strequal(fname,".sym")) {
424 return True;
425 }
426 }
427 return False;
428}
429
430/****************************************************************************
431 Check if we can open a file with a share mode.
432 Returns True if conflict, False if not.
433****************************************************************************/
434
435static bool share_conflict(struct share_mode_entry *entry,
436 uint32 access_mask,
437 uint32 share_access)
438{
439 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
440 "entry->share_access = 0x%x, "
441 "entry->private_options = 0x%x\n",
442 (unsigned int)entry->access_mask,
443 (unsigned int)entry->share_access,
444 (unsigned int)entry->private_options));
445
446 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
447 (unsigned int)access_mask, (unsigned int)share_access));
448
449 if ((entry->access_mask & (FILE_WRITE_DATA|
450 FILE_APPEND_DATA|
451 FILE_READ_DATA|
452 FILE_EXECUTE|
453 DELETE_ACCESS)) == 0) {
454 DEBUG(10,("share_conflict: No conflict due to "
455 "entry->access_mask = 0x%x\n",
456 (unsigned int)entry->access_mask ));
457 return False;
458 }
459
460 if ((access_mask & (FILE_WRITE_DATA|
461 FILE_APPEND_DATA|
462 FILE_READ_DATA|
463 FILE_EXECUTE|
464 DELETE_ACCESS)) == 0) {
465 DEBUG(10,("share_conflict: No conflict due to "
466 "access_mask = 0x%x\n",
467 (unsigned int)access_mask ));
468 return False;
469 }
470
471#if 1 /* JRA TEST - Superdebug. */
472#define CHECK_MASK(num, am, right, sa, share) \
473 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
474 (unsigned int)(num), (unsigned int)(am), \
475 (unsigned int)(right), (unsigned int)(am)&(right) )); \
476 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
477 (unsigned int)(num), (unsigned int)(sa), \
478 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
479 if (((am) & (right)) && !((sa) & (share))) { \
480 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
481sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
482 (unsigned int)(share) )); \
483 return True; \
484 }
485#else
486#define CHECK_MASK(num, am, right, sa, share) \
487 if (((am) & (right)) && !((sa) & (share))) { \
488 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
489sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
490 (unsigned int)(share) )); \
491 return True; \
492 }
493#endif
494
495 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
496 share_access, FILE_SHARE_WRITE);
497 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
498 entry->share_access, FILE_SHARE_WRITE);
499
500 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
501 share_access, FILE_SHARE_READ);
502 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
503 entry->share_access, FILE_SHARE_READ);
504
505 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
506 share_access, FILE_SHARE_DELETE);
507 CHECK_MASK(6, access_mask, DELETE_ACCESS,
508 entry->share_access, FILE_SHARE_DELETE);
509
510 DEBUG(10,("share_conflict: No conflict.\n"));
511 return False;
512}
513
514#if defined(DEVELOPER)
515static void validate_my_share_entries(int num,
516 struct share_mode_entry *share_entry)
517{
518 files_struct *fsp;
519
520 if (!procid_is_me(&share_entry->pid)) {
521 return;
522 }
523
524 if (is_deferred_open_entry(share_entry) &&
525 !open_was_deferred(share_entry->op_mid)) {
526 char *str = talloc_asprintf(talloc_tos(),
527 "Got a deferred entry without a request: "
528 "PANIC: %s\n",
529 share_mode_str(talloc_tos(), num, share_entry));
530 smb_panic(str);
531 }
532
533 if (!is_valid_share_mode_entry(share_entry)) {
534 return;
535 }
536
537 fsp = file_find_dif(share_entry->id,
538 share_entry->share_file_id);
539 if (!fsp) {
540 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
541 share_mode_str(talloc_tos(), num, share_entry) ));
542 smb_panic("validate_my_share_entries: Cannot match a "
543 "share entry with an open file\n");
544 }
545
546 if (is_deferred_open_entry(share_entry) ||
547 is_unused_share_mode_entry(share_entry)) {
548 goto panic;
549 }
550
551 if ((share_entry->op_type == NO_OPLOCK) &&
552 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
553 /* Someone has already written to it, but I haven't yet
554 * noticed */
555 return;
556 }
557
558 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
559 goto panic;
560 }
561
562 return;
563
564 panic:
565 {
566 char *str;
567 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
568 share_mode_str(talloc_tos(), num, share_entry) ));
569 str = talloc_asprintf(talloc_tos(),
570 "validate_my_share_entries: "
571 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
572 fsp->fsp_name, (unsigned int)fsp->oplock_type,
573 (unsigned int)share_entry->op_type );
574 smb_panic(str);
575 }
576}
577#endif
578
579static bool is_stat_open(uint32 access_mask)
580{
581 return (access_mask &&
582 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
583 FILE_WRITE_ATTRIBUTES))==0) &&
584 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
585 FILE_WRITE_ATTRIBUTES)) != 0));
586}
587
588/****************************************************************************
589 Deal with share modes
590 Invarient: Share mode must be locked on entry and exit.
591 Returns -1 on error, or number of share modes on success (may be zero).
592****************************************************************************/
593
594static NTSTATUS open_mode_check(connection_struct *conn,
595 const char *fname,
596 struct share_mode_lock *lck,
597 uint32 access_mask,
598 uint32 share_access,
599 uint32 create_options,
600 bool *file_existed)
601{
602 int i;
603
604 if(lck->num_share_modes == 0) {
605 return NT_STATUS_OK;
606 }
607
608 *file_existed = True;
609
610 /* A delete on close prohibits everything */
611
612 if (lck->delete_on_close) {
613 return NT_STATUS_DELETE_PENDING;
614 }
615
616 if (is_stat_open(access_mask)) {
617 /* Stat open that doesn't trigger oplock breaks or share mode
618 * checks... ! JRA. */
619 return NT_STATUS_OK;
620 }
621
622 /*
623 * Check if the share modes will give us access.
624 */
625
626#if defined(DEVELOPER)
627 for(i = 0; i < lck->num_share_modes; i++) {
628 validate_my_share_entries(i, &lck->share_modes[i]);
629 }
630#endif
631
632 if (!lp_share_modes(SNUM(conn))) {
633 return NT_STATUS_OK;
634 }
635
636 /* Now we check the share modes, after any oplock breaks. */
637 for(i = 0; i < lck->num_share_modes; i++) {
638
639 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
640 continue;
641 }
642
643 /* someone else has a share lock on it, check to see if we can
644 * too */
645 if (share_conflict(&lck->share_modes[i],
646 access_mask, share_access)) {
647 return NT_STATUS_SHARING_VIOLATION;
648 }
649 }
650
651 return NT_STATUS_OK;
652}
653
654static bool is_delete_request(files_struct *fsp) {
655 return ((fsp->access_mask == DELETE_ACCESS) &&
656 (fsp->oplock_type == NO_OPLOCK));
657}
658
659/*
660 * 1) No files open at all or internal open: Grant whatever the client wants.
661 *
662 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
663 * request, break if the oplock around is a batch oplock. If it's another
664 * requested access type, break.
665 *
666 * 3) Only level2 around: Grant level2 and do nothing else.
667 */
668
669static bool delay_for_oplocks(struct share_mode_lock *lck,
670 files_struct *fsp,
671 uint16 mid,
672 int pass_number,
673 int oplock_request)
674{
675 int i;
676 struct share_mode_entry *exclusive = NULL;
677 bool valid_entry = False;
678 bool delay_it = False;
679 bool have_level2 = False;
680 NTSTATUS status;
681 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
682
683 if (oplock_request & INTERNAL_OPEN_ONLY) {
684 fsp->oplock_type = NO_OPLOCK;
685 }
686
687 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
688 return False;
689 }
690
691 for (i=0; i<lck->num_share_modes; i++) {
692
693 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
694 continue;
695 }
696
697 /* At least one entry is not an invalid or deferred entry. */
698 valid_entry = True;
699
700 if (pass_number == 1) {
701 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
702 SMB_ASSERT(exclusive == NULL);
703 exclusive = &lck->share_modes[i];
704 }
705 } else {
706 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
707 SMB_ASSERT(exclusive == NULL);
708 exclusive = &lck->share_modes[i];
709 }
710 }
711
712 if (lck->share_modes[i].op_type == LEVEL_II_OPLOCK) {
713 SMB_ASSERT(exclusive == NULL);
714 have_level2 = True;
715 }
716 }
717
718 if (!valid_entry) {
719 /* All entries are placeholders or deferred.
720 * Directly grant whatever the client wants. */
721 if (fsp->oplock_type == NO_OPLOCK) {
722 /* Store a level2 oplock, but don't tell the client */
723 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
724 }
725 return False;
726 }
727
728 if (exclusive != NULL) { /* Found an exclusive oplock */
729 SMB_ASSERT(!have_level2);
730 delay_it = is_delete_request(fsp) ?
731 BATCH_OPLOCK_TYPE(exclusive->op_type) : True;
732 }
733
734 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
735 /* We can at most grant level2 as there are other
736 * level2 or NO_OPLOCK entries. */
737 fsp->oplock_type = LEVEL_II_OPLOCK;
738 }
739
740 if ((fsp->oplock_type == NO_OPLOCK) && have_level2) {
741 /* Store a level2 oplock, but don't tell the client */
742 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
743 }
744
745 if (!delay_it) {
746 return False;
747 }
748
749 /*
750 * Send a break message to the oplock holder and delay the open for
751 * our client.
752 */
753
754 DEBUG(10, ("Sending break request to PID %s\n",
755 procid_str_static(&exclusive->pid)));
756 exclusive->op_mid = mid;
757
758 /* Create the message. */
759 share_mode_entry_to_message(msg, exclusive);
760
761 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
762 don't want this set in the share mode struct pointed to by lck. */
763
764 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
765 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
766 }
767
768 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
769 MSG_SMB_BREAK_REQUEST,
770 (uint8 *)msg,
771 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
772 if (!NT_STATUS_IS_OK(status)) {
773 DEBUG(3, ("Could not send oplock break message: %s\n",
774 nt_errstr(status)));
775 }
776
777 return True;
778}
779
780static bool request_timed_out(struct timeval request_time,
781 struct timeval timeout)
782{
783 struct timeval now, end_time;
784 GetTimeOfDay(&now);
785 end_time = timeval_sum(&request_time, &timeout);
786 return (timeval_compare(&end_time, &now) < 0);
787}
788
789/****************************************************************************
790 Handle the 1 second delay in returning a SHARING_VIOLATION error.
791****************************************************************************/
792
793static void defer_open(struct share_mode_lock *lck,
794 struct timeval request_time,
795 struct timeval timeout,
796 struct smb_request *req,
797 struct deferred_open_record *state)
798{
799 int i;
800
801 /* Paranoia check */
802
803 for (i=0; i<lck->num_share_modes; i++) {
804 struct share_mode_entry *e = &lck->share_modes[i];
805
806 if (!is_deferred_open_entry(e)) {
807 continue;
808 }
809
810 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
811 DEBUG(0, ("Trying to defer an already deferred "
812 "request: mid=%d, exiting\n", req->mid));
813 exit_server("attempt to defer a deferred request");
814 }
815 }
816
817 /* End paranoia check */
818
819 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
820 "open entry for mid %u\n",
821 (unsigned int)request_time.tv_sec,
822 (unsigned int)request_time.tv_usec,
823 (unsigned int)req->mid));
824
825 if (!push_deferred_smb_message(req, request_time, timeout,
826 (char *)state, sizeof(*state))) {
827 exit_server("push_deferred_smb_message failed");
828 }
829 add_deferred_open(lck, req->mid, request_time, state->id);
830
831 /*
832 * Push the MID of this packet on the signing queue.
833 * We only do this once, the first time we push the packet
834 * onto the deferred open queue, as this has a side effect
835 * of incrementing the response sequence number.
836 */
837
838 srv_defer_sign_response(req->mid);
839}
840
841
842/****************************************************************************
843 On overwrite open ensure that the attributes match.
844****************************************************************************/
845
846static bool open_match_attributes(connection_struct *conn,
847 const char *path,
848 uint32 old_dos_attr,
849 uint32 new_dos_attr,
850 mode_t existing_unx_mode,
851 mode_t new_unx_mode,
852 mode_t *returned_unx_mode)
853{
854 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
855
856 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
857 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
858
859 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
860 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
861 *returned_unx_mode = new_unx_mode;
862 } else {
863 *returned_unx_mode = (mode_t)0;
864 }
865
866 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
867 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
868 "returned_unx_mode = 0%o\n",
869 path,
870 (unsigned int)old_dos_attr,
871 (unsigned int)existing_unx_mode,
872 (unsigned int)new_dos_attr,
873 (unsigned int)*returned_unx_mode ));
874
875 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
876 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
877 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
878 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
879 return False;
880 }
881 }
882 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
883 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
884 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
885 return False;
886 }
887 }
888 return True;
889}
890
891/****************************************************************************
892 Special FCB or DOS processing in the case of a sharing violation.
893 Try and find a duplicated file handle.
894****************************************************************************/
895
896static files_struct *fcb_or_dos_open(connection_struct *conn,
897 const char *fname,
898 struct file_id id,
899 uint16 file_pid,
900 uint16 vuid,
901 uint32 access_mask,
902 uint32 share_access,
903 uint32 create_options)
904{
905 files_struct *fsp;
906 files_struct *dup_fsp;
907
908 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
909 "file %s.\n", fname ));
910
911 for(fsp = file_find_di_first(id); fsp;
912 fsp = file_find_di_next(fsp)) {
913
914 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
915 "vuid = %u, file_pid = %u, private_options = 0x%x "
916 "access_mask = 0x%x\n", fsp->fsp_name,
917 fsp->fh->fd, (unsigned int)fsp->vuid,
918 (unsigned int)fsp->file_pid,
919 (unsigned int)fsp->fh->private_options,
920 (unsigned int)fsp->access_mask ));
921
922 if (fsp->fh->fd != -1 &&
923 fsp->vuid == vuid &&
924 fsp->file_pid == file_pid &&
925 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
926 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
927 (fsp->access_mask & FILE_WRITE_DATA) &&
928 strequal(fsp->fsp_name, fname)) {
929 DEBUG(10,("fcb_or_dos_open: file match\n"));
930 break;
931 }
932 }
933
934 if (!fsp) {
935 return NULL;
936 }
937
938 /* quite an insane set of semantics ... */
939 if (is_executable(fname) &&
940 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
941 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
942 return NULL;
943 }
944
945 /* We need to duplicate this fsp. */
946 if (!NT_STATUS_IS_OK(dup_file_fsp(fsp, access_mask, share_access,
947 create_options, &dup_fsp))) {
948 return NULL;
949 }
950
951 return dup_fsp;
952}
953
954/****************************************************************************
955 Open a file with a share mode - old openX method - map into NTCreate.
956****************************************************************************/
957
958bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
959 uint32 *paccess_mask,
960 uint32 *pshare_mode,
961 uint32 *pcreate_disposition,
962 uint32 *pcreate_options)
963{
964 uint32 access_mask;
965 uint32 share_mode;
966 uint32 create_disposition;
967 uint32 create_options = 0;
968
969 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
970 "open_func = 0x%x\n",
971 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
972
973 /* Create the NT compatible access_mask. */
974 switch (GET_OPENX_MODE(deny_mode)) {
975 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
976 case DOS_OPEN_RDONLY:
977 access_mask = FILE_GENERIC_READ;
978 break;
979 case DOS_OPEN_WRONLY:
980 access_mask = FILE_GENERIC_WRITE;
981 break;
982 case DOS_OPEN_RDWR:
983 case DOS_OPEN_FCB:
984 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
985 break;
986 default:
987 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
988 (unsigned int)GET_OPENX_MODE(deny_mode)));
989 return False;
990 }
991
992 /* Create the NT compatible create_disposition. */
993 switch (open_func) {
994 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
995 create_disposition = FILE_CREATE;
996 break;
997
998 case OPENX_FILE_EXISTS_OPEN:
999 create_disposition = FILE_OPEN;
1000 break;
1001
1002 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1003 create_disposition = FILE_OPEN_IF;
1004 break;
1005
1006 case OPENX_FILE_EXISTS_TRUNCATE:
1007 create_disposition = FILE_OVERWRITE;
1008 break;
1009
1010 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1011 create_disposition = FILE_OVERWRITE_IF;
1012 break;
1013
1014 default:
1015 /* From samba4 - to be confirmed. */
1016 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1017 create_disposition = FILE_CREATE;
1018 break;
1019 }
1020 DEBUG(10,("map_open_params_to_ntcreate: bad "
1021 "open_func 0x%x\n", (unsigned int)open_func));
1022 return False;
1023 }
1024
1025 /* Create the NT compatible share modes. */
1026 switch (GET_DENY_MODE(deny_mode)) {
1027 case DENY_ALL:
1028 share_mode = FILE_SHARE_NONE;
1029 break;
1030
1031 case DENY_WRITE:
1032 share_mode = FILE_SHARE_READ;
1033 break;
1034
1035 case DENY_READ:
1036 share_mode = FILE_SHARE_WRITE;
1037 break;
1038
1039 case DENY_NONE:
1040 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1041 break;
1042
1043 case DENY_DOS:
1044 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1045 if (is_executable(fname)) {
1046 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1047 } else {
1048 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1049 share_mode = FILE_SHARE_READ;
1050 } else {
1051 share_mode = FILE_SHARE_NONE;
1052 }
1053 }
1054 break;
1055
1056 case DENY_FCB:
1057 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1058 share_mode = FILE_SHARE_NONE;
1059 break;
1060
1061 default:
1062 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1063 (unsigned int)GET_DENY_MODE(deny_mode) ));
1064 return False;
1065 }
1066
1067 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1068 "share_mode = 0x%x, create_disposition = 0x%x, "
1069 "create_options = 0x%x\n",
1070 fname,
1071 (unsigned int)access_mask,
1072 (unsigned int)share_mode,
1073 (unsigned int)create_disposition,
1074 (unsigned int)create_options ));
1075
1076 if (paccess_mask) {
1077 *paccess_mask = access_mask;
1078 }
1079 if (pshare_mode) {
1080 *pshare_mode = share_mode;
1081 }
1082 if (pcreate_disposition) {
1083 *pcreate_disposition = create_disposition;
1084 }
1085 if (pcreate_options) {
1086 *pcreate_options = create_options;
1087 }
1088
1089 return True;
1090
1091}
1092
1093static void schedule_defer_open(struct share_mode_lock *lck,
1094 struct timeval request_time,
1095 struct smb_request *req)
1096{
1097 struct deferred_open_record state;
1098
1099 /* This is a relative time, added to the absolute
1100 request_time value to get the absolute timeout time.
1101 Note that if this is the second or greater time we enter
1102 this codepath for this particular request mid then
1103 request_time is left as the absolute time of the *first*
1104 time this request mid was processed. This is what allows
1105 the request to eventually time out. */
1106
1107 struct timeval timeout;
1108
1109 /* Normally the smbd we asked should respond within
1110 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1111 * the client did, give twice the timeout as a safety
1112 * measure here in case the other smbd is stuck
1113 * somewhere else. */
1114
1115 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1116
1117 /* Nothing actually uses state.delayed_for_oplocks
1118 but it's handy to differentiate in debug messages
1119 between a 30 second delay due to oplock break, and
1120 a 1 second delay for share mode conflicts. */
1121
1122 state.delayed_for_oplocks = True;
1123 state.id = lck->id;
1124
1125 if (!request_timed_out(request_time, timeout)) {
1126 defer_open(lck, request_time, timeout, req, &state);
1127 }
1128}
1129
1130/****************************************************************************
1131 Open a file with a share mode.
1132****************************************************************************/
1133
1134NTSTATUS open_file_ntcreate(connection_struct *conn,
1135 struct smb_request *req,
1136 const char *fname,
1137 SMB_STRUCT_STAT *psbuf,
1138 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1139 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1140 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1141 uint32 create_options, /* options such as delete on close. */
1142 uint32 new_dos_attributes, /* attributes used for new file. */
1143 int oplock_request, /* internal Samba oplock codes. */
1144 /* Information (FILE_EXISTS etc.) */
1145 int *pinfo,
1146 files_struct **result)
1147{
1148 int flags=0;
1149 int flags2=0;
1150 bool file_existed = VALID_STAT(*psbuf);
1151 bool def_acl = False;
1152 bool posix_open = False;
1153 bool new_file_created = False;
1154 struct file_id id;
1155 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1156 files_struct *fsp = NULL;
1157 mode_t new_unx_mode = (mode_t)0;
1158 mode_t unx_mode = (mode_t)0;
1159 int info;
1160 uint32 existing_dos_attributes = 0;
1161 struct pending_message_list *pml = NULL;
1162 struct timeval request_time = timeval_zero();
1163 struct share_mode_lock *lck = NULL;
1164 uint32 open_access_mask = access_mask;
1165 NTSTATUS status;
1166 int ret_flock;
1167 char *parent_dir;
1168 const char *newname;
1169
1170 ZERO_STRUCT(id);
1171
1172 if (conn->printer) {
1173 /*
1174 * Printers are handled completely differently.
1175 * Most of the passed parameters are ignored.
1176 */
1177
1178 if (pinfo) {
1179 *pinfo = FILE_WAS_CREATED;
1180 }
1181
1182 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1183
1184 return print_fsp_open(conn, fname, result);
1185 }
1186
1187 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1188 &newname)) {
1189 return NT_STATUS_NO_MEMORY;
1190 }
1191
1192 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1193 posix_open = True;
1194 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1195 new_dos_attributes = 0;
1196 } else {
1197 /* We add aARCH to this as this mode is only used if the file is
1198 * created new. */
1199 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1200 parent_dir);
1201 }
1202
1203 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1204 "access_mask=0x%x share_access=0x%x "
1205 "create_disposition = 0x%x create_options=0x%x "
1206 "unix mode=0%o oplock_request=%d\n",
1207 fname, new_dos_attributes, access_mask, share_access,
1208 create_disposition, create_options, unx_mode,
1209 oplock_request));
1210
1211 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1212 DEBUG(0, ("No smb request but not an internal only open!\n"));
1213 return NT_STATUS_INTERNAL_ERROR;
1214 }
1215
1216 /*
1217 * Only non-internal opens can be deferred at all
1218 */
1219
1220 if ((req != NULL)
1221 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1222 struct deferred_open_record *state =
1223 (struct deferred_open_record *)pml->private_data.data;
1224
1225 /* Remember the absolute time of the original
1226 request with this mid. We'll use it later to
1227 see if this has timed out. */
1228
1229 request_time = pml->request_time;
1230
1231 /* Remove the deferred open entry under lock. */
1232 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1233 NULL);
1234 if (lck == NULL) {
1235 DEBUG(0, ("could not get share mode lock\n"));
1236 } else {
1237 del_deferred_open_entry(lck, req->mid);
1238 TALLOC_FREE(lck);
1239 }
1240
1241 /* Ensure we don't reprocess this message. */
1242 remove_deferred_open_smb_message(req->mid);
1243 }
1244
1245 status = check_name(conn, fname);
1246 if (!NT_STATUS_IS_OK(status)) {
1247 return status;
1248 }
1249
1250 if (!posix_open) {
1251 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1252 if (file_existed) {
1253 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1254 }
1255 }
1256
1257 /* ignore any oplock requests if oplocks are disabled */
1258 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1259 IS_VETO_OPLOCK_PATH(conn, fname)) {
1260 /* Mask off everything except the private Samba bits. */
1261 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1262 }
1263
1264 /* this is for OS/2 long file names - say we don't support them */
1265 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1266 /* OS/2 Workplace shell fix may be main code stream in a later
1267 * release. */
1268 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1269 "supported.\n"));
1270 if (use_nt_status()) {
1271 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1272 }
1273 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1274 }
1275
1276 switch( create_disposition ) {
1277 /*
1278 * Currently we're using FILE_SUPERSEDE as the same as
1279 * FILE_OVERWRITE_IF but they really are
1280 * different. FILE_SUPERSEDE deletes an existing file
1281 * (requiring delete access) then recreates it.
1282 */
1283 case FILE_SUPERSEDE:
1284 /* If file exists replace/overwrite. If file doesn't
1285 * exist create. */
1286 flags2 |= (O_CREAT | O_TRUNC);
1287 break;
1288
1289 case FILE_OVERWRITE_IF:
1290 /* If file exists replace/overwrite. If file doesn't
1291 * exist create. */
1292 flags2 |= (O_CREAT | O_TRUNC);
1293 break;
1294
1295 case FILE_OPEN:
1296 /* If file exists open. If file doesn't exist error. */
1297 if (!file_existed) {
1298 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1299 "requested for file %s and file "
1300 "doesn't exist.\n", fname ));
1301 errno = ENOENT;
1302 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1303 }
1304 break;
1305
1306 case FILE_OVERWRITE:
1307 /* If file exists overwrite. If file doesn't exist
1308 * error. */
1309 if (!file_existed) {
1310 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1311 "requested for file %s and file "
1312 "doesn't exist.\n", fname ));
1313 errno = ENOENT;
1314 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1315 }
1316 flags2 |= O_TRUNC;
1317 break;
1318
1319 case FILE_CREATE:
1320 /* If file exists error. If file doesn't exist
1321 * create. */
1322 if (file_existed) {
1323 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1324 "requested for file %s and file "
1325 "already exists.\n", fname ));
1326 if (S_ISDIR(psbuf->st_mode)) {
1327 errno = EISDIR;
1328 } else {
1329 errno = EEXIST;
1330 }
1331 return map_nt_error_from_unix(errno);
1332 }
1333 flags2 |= (O_CREAT|O_EXCL);
1334 break;
1335
1336 case FILE_OPEN_IF:
1337 /* If file exists open. If file doesn't exist
1338 * create. */
1339 flags2 |= O_CREAT;
1340 break;
1341
1342 default:
1343 return NT_STATUS_INVALID_PARAMETER;
1344 }
1345
1346 /* We only care about matching attributes on file exists and
1347 * overwrite. */
1348
1349 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1350 (create_disposition == FILE_OVERWRITE_IF))) {
1351 if (!open_match_attributes(conn, fname,
1352 existing_dos_attributes,
1353 new_dos_attributes, psbuf->st_mode,
1354 unx_mode, &new_unx_mode)) {
1355 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1356 "for file %s (%x %x) (0%o, 0%o)\n",
1357 fname, existing_dos_attributes,
1358 new_dos_attributes,
1359 (unsigned int)psbuf->st_mode,
1360 (unsigned int)unx_mode ));
1361 errno = EACCES;
1362 return NT_STATUS_ACCESS_DENIED;
1363 }
1364 }
1365
1366 /* This is a nasty hack - must fix... JRA. */
1367 if (access_mask == MAXIMUM_ALLOWED_ACCESS) {
1368 open_access_mask = access_mask = FILE_GENERIC_ALL;
1369 }
1370
1371 /*
1372 * Convert GENERIC bits to specific bits.
1373 */
1374
1375 se_map_generic(&access_mask, &file_generic_mapping);
1376 open_access_mask = access_mask;
1377
1378 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1379 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1380 }
1381
1382 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1383 "access_mask=0x%x\n", fname, access_mask ));
1384
1385 /*
1386 * Note that we ignore the append flag as append does not
1387 * mean the same thing under DOS and Unix.
1388 */
1389
1390 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1391 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1392 /* DENY_DOS opens are always underlying read-write on the
1393 file handle, no matter what the requested access mask
1394 says. */
1395 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1396 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1397 flags = O_RDWR;
1398 } else {
1399 flags = O_WRONLY;
1400 }
1401 } else {
1402 flags = O_RDONLY;
1403 }
1404
1405 /*
1406 * Currently we only look at FILE_WRITE_THROUGH for create options.
1407 */
1408
1409#if defined(O_SYNC)
1410 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1411 flags2 |= O_SYNC;
1412 }
1413#endif /* O_SYNC */
1414
1415 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1416 flags2 |= O_APPEND;
1417 }
1418
1419 if (!posix_open && !CAN_WRITE(conn)) {
1420 /*
1421 * We should really return a permission denied error if either
1422 * O_CREAT or O_TRUNC are set, but for compatibility with
1423 * older versions of Samba we just AND them out.
1424 */
1425 flags2 &= ~(O_CREAT|O_TRUNC);
1426 }
1427
1428 /*
1429 * Ensure we can't write on a read-only share or file.
1430 */
1431
1432 if (flags != O_RDONLY && file_existed &&
1433 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1434 DEBUG(5,("open_file_ntcreate: write access requested for "
1435 "file %s on read only %s\n",
1436 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1437 errno = EACCES;
1438 return NT_STATUS_ACCESS_DENIED;
1439 }
1440
1441 status = file_new(conn, &fsp);
1442 if(!NT_STATUS_IS_OK(status)) {
1443 return status;
1444 }
1445
1446 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1447 fsp->share_access = share_access;
1448 fsp->fh->private_options = create_options;
1449 fsp->access_mask = open_access_mask; /* We change this to the
1450 * requested access_mask after
1451 * the open is done. */
1452 fsp->posix_open = posix_open;
1453
1454 /* Ensure no SAMBA_PRIVATE bits can be set. */
1455 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1456
1457 if (timeval_is_zero(&request_time)) {
1458 request_time = fsp->open_time;
1459 }
1460
1461 if (file_existed) {
1462 struct timespec old_write_time = get_mtimespec(psbuf);
1463 id = vfs_file_id_from_sbuf(conn, psbuf);
1464
1465 lck = get_share_mode_lock(talloc_tos(), id,
1466 conn->connectpath,
1467 fname, &old_write_time);
1468
1469 if (lck == NULL) {
1470 file_free(fsp);
1471 DEBUG(0, ("Could not get share mode lock\n"));
1472 return NT_STATUS_SHARING_VIOLATION;
1473 }
1474
1475 /* First pass - send break only on batch oplocks. */
1476 if ((req != NULL)
1477 && delay_for_oplocks(lck, fsp, req->mid, 1,
1478 oplock_request)) {
1479 schedule_defer_open(lck, request_time, req);
1480 TALLOC_FREE(lck);
1481 file_free(fsp);
1482 return NT_STATUS_SHARING_VIOLATION;
1483 }
1484
1485 /* Use the client requested access mask here, not the one we
1486 * open with. */
1487 status = open_mode_check(conn, fname, lck,
1488 access_mask, share_access,
1489 create_options, &file_existed);
1490
1491 if (NT_STATUS_IS_OK(status)) {
1492 /* We might be going to allow this open. Check oplock
1493 * status again. */
1494 /* Second pass - send break for both batch or
1495 * exclusive oplocks. */
1496 if ((req != NULL)
1497 && delay_for_oplocks(lck, fsp, req->mid, 2,
1498 oplock_request)) {
1499 schedule_defer_open(lck, request_time, req);
1500 TALLOC_FREE(lck);
1501 file_free(fsp);
1502 return NT_STATUS_SHARING_VIOLATION;
1503 }
1504 }
1505
1506 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1507 /* DELETE_PENDING is not deferred for a second */
1508 TALLOC_FREE(lck);
1509 file_free(fsp);
1510 return status;
1511 }
1512
1513 if (!NT_STATUS_IS_OK(status)) {
1514 uint32 can_access_mask;
1515 bool can_access = True;
1516
1517 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1518
1519 /* Check if this can be done with the deny_dos and fcb
1520 * calls. */
1521 if (create_options &
1522 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1523 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1524 files_struct *fsp_dup;
1525
1526 if (req == NULL) {
1527 DEBUG(0, ("DOS open without an SMB "
1528 "request!\n"));
1529 TALLOC_FREE(lck);
1530 file_free(fsp);
1531 return NT_STATUS_INTERNAL_ERROR;
1532 }
1533
1534 /* Use the client requested access mask here,
1535 * not the one we open with. */
1536 fsp_dup = fcb_or_dos_open(conn, fname, id,
1537 req->smbpid,
1538 req->vuid,
1539 access_mask,
1540 share_access,
1541 create_options);
1542
1543 if (fsp_dup) {
1544 TALLOC_FREE(lck);
1545 file_free(fsp);
1546 if (pinfo) {
1547 *pinfo = FILE_WAS_OPENED;
1548 }
1549 conn->num_files_open++;
1550 *result = fsp_dup;
1551 return NT_STATUS_OK;
1552 }
1553 }
1554
1555 /*
1556 * This next line is a subtlety we need for
1557 * MS-Access. If a file open will fail due to share
1558 * permissions and also for security (access) reasons,
1559 * we need to return the access failed error, not the
1560 * share error. We can't open the file due to kernel
1561 * oplock deadlock (it's possible we failed above on
1562 * the open_mode_check()) so use a userspace check.
1563 */
1564
1565 if (flags & O_RDWR) {
1566 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1567 } else if (flags & O_WRONLY) {
1568 can_access_mask = FILE_WRITE_DATA;
1569 } else {
1570 can_access_mask = FILE_READ_DATA;
1571 }
1572
1573 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1574 !can_access_file(conn,fname,psbuf,can_access_mask)) {
1575 can_access = False;
1576 }
1577
1578 /*
1579 * If we're returning a share violation, ensure we
1580 * cope with the braindead 1 second delay.
1581 */
1582
1583 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1584 lp_defer_sharing_violations()) {
1585 struct timeval timeout;
1586 struct deferred_open_record state;
1587 int timeout_usecs;
1588
1589 /* this is a hack to speed up torture tests
1590 in 'make test' */
1591 timeout_usecs = lp_parm_int(SNUM(conn),
1592 "smbd","sharedelay",
1593 SHARING_VIOLATION_USEC_WAIT);
1594
1595 /* This is a relative time, added to the absolute
1596 request_time value to get the absolute timeout time.
1597 Note that if this is the second or greater time we enter
1598 this codepath for this particular request mid then
1599 request_time is left as the absolute time of the *first*
1600 time this request mid was processed. This is what allows
1601 the request to eventually time out. */
1602
1603 timeout = timeval_set(0, timeout_usecs);
1604
1605 /* Nothing actually uses state.delayed_for_oplocks
1606 but it's handy to differentiate in debug messages
1607 between a 30 second delay due to oplock break, and
1608 a 1 second delay for share mode conflicts. */
1609
1610 state.delayed_for_oplocks = False;
1611 state.id = id;
1612
1613 if ((req != NULL)
1614 && !request_timed_out(request_time,
1615 timeout)) {
1616 defer_open(lck, request_time, timeout,
1617 req, &state);
1618 }
1619 }
1620
1621 TALLOC_FREE(lck);
1622 if (can_access) {
1623 /*
1624 * We have detected a sharing violation here
1625 * so return the correct error code
1626 */
1627 status = NT_STATUS_SHARING_VIOLATION;
1628 } else {
1629 status = NT_STATUS_ACCESS_DENIED;
1630 }
1631 file_free(fsp);
1632 return status;
1633 }
1634
1635 /*
1636 * We exit this block with the share entry *locked*.....
1637 */
1638 }
1639
1640 SMB_ASSERT(!file_existed || (lck != NULL));
1641
1642 /*
1643 * Ensure we pay attention to default ACLs on directories if required.
1644 */
1645
1646 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1647 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1648 unx_mode = 0777;
1649 }
1650
1651 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1652 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1653 (unsigned int)flags, (unsigned int)flags2,
1654 (unsigned int)unx_mode, (unsigned int)access_mask,
1655 (unsigned int)open_access_mask));
1656
1657 /*
1658 * open_file strips any O_TRUNC flags itself.
1659 */
1660
1661 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1662 flags|flags2, unx_mode, access_mask,
1663 open_access_mask);
1664
1665 if (!NT_STATUS_IS_OK(fsp_open)) {
1666 if (lck != NULL) {
1667 TALLOC_FREE(lck);
1668 }
1669 file_free(fsp);
1670 return fsp_open;
1671 }
1672
1673 if (!file_existed) {
1674 struct timespec old_write_time = get_mtimespec(psbuf);
1675 /*
1676 * Deal with the race condition where two smbd's detect the
1677 * file doesn't exist and do the create at the same time. One
1678 * of them will win and set a share mode, the other (ie. this
1679 * one) should check if the requested share mode for this
1680 * create is allowed.
1681 */
1682
1683 /*
1684 * Now the file exists and fsp is successfully opened,
1685 * fsp->dev and fsp->inode are valid and should replace the
1686 * dev=0,inode=0 from a non existent file. Spotted by
1687 * Nadav Danieli <nadavd@exanet.com>. JRA.
1688 */
1689
1690 id = fsp->file_id;
1691
1692 lck = get_share_mode_lock(talloc_tos(), id,
1693 conn->connectpath,
1694 fname, &old_write_time);
1695
1696 if (lck == NULL) {
1697 DEBUG(0, ("open_file_ntcreate: Could not get share "
1698 "mode lock for %s\n", fname));
1699 fd_close(fsp);
1700 file_free(fsp);
1701 return NT_STATUS_SHARING_VIOLATION;
1702 }
1703
1704 /* First pass - send break only on batch oplocks. */
1705 if ((req != NULL)
1706 && delay_for_oplocks(lck, fsp, req->mid, 1,
1707 oplock_request)) {
1708 schedule_defer_open(lck, request_time, req);
1709 TALLOC_FREE(lck);
1710 fd_close(fsp);
1711 file_free(fsp);
1712 return NT_STATUS_SHARING_VIOLATION;
1713 }
1714
1715 status = open_mode_check(conn, fname, lck,
1716 access_mask, share_access,
1717 create_options, &file_existed);
1718
1719 if (NT_STATUS_IS_OK(status)) {
1720 /* We might be going to allow this open. Check oplock
1721 * status again. */
1722 /* Second pass - send break for both batch or
1723 * exclusive oplocks. */
1724 if ((req != NULL)
1725 && delay_for_oplocks(lck, fsp, req->mid, 2,
1726 oplock_request)) {
1727 schedule_defer_open(lck, request_time, req);
1728 TALLOC_FREE(lck);
1729 fd_close(fsp);
1730 file_free(fsp);
1731 return NT_STATUS_SHARING_VIOLATION;
1732 }
1733 }
1734
1735 if (!NT_STATUS_IS_OK(status)) {
1736 struct deferred_open_record state;
1737
1738 fd_close(fsp);
1739 file_free(fsp);
1740
1741 state.delayed_for_oplocks = False;
1742 state.id = id;
1743
1744 /* Do it all over again immediately. In the second
1745 * round we will find that the file existed and handle
1746 * the DELETE_PENDING and FCB cases correctly. No need
1747 * to duplicate the code here. Essentially this is a
1748 * "goto top of this function", but don't tell
1749 * anybody... */
1750
1751 if (req != NULL) {
1752 defer_open(lck, request_time, timeval_zero(),
1753 req, &state);
1754 }
1755 TALLOC_FREE(lck);
1756 return status;
1757 }
1758
1759 /*
1760 * We exit this block with the share entry *locked*.....
1761 */
1762
1763 }
1764
1765 SMB_ASSERT(lck != NULL);
1766
1767 /* note that we ignore failure for the following. It is
1768 basically a hack for NFS, and NFS will never set one of
1769 these only read them. Nobody but Samba can ever set a deny
1770 mode and we have already checked our more authoritative
1771 locking database for permission to set this deny mode. If
1772 the kernel refuses the operations then the kernel is wrong.
1773 note that GPFS supports it as well - jmcd */
1774
1775 if (fsp->fh->fd != -1) {
1776 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
1777 if(ret_flock == -1 ){
1778
1779 TALLOC_FREE(lck);
1780 fd_close(fsp);
1781 file_free(fsp);
1782
1783 return NT_STATUS_SHARING_VIOLATION;
1784 }
1785 }
1786
1787 /*
1788 * At this point onwards, we can guarentee that the share entry
1789 * is locked, whether we created the file or not, and that the
1790 * deny mode is compatible with all current opens.
1791 */
1792
1793 /*
1794 * If requested, truncate the file.
1795 */
1796
1797 if (flags2&O_TRUNC) {
1798 /*
1799 * We are modifing the file after open - update the stat
1800 * struct..
1801 */
1802 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
1803 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
1804 status = map_nt_error_from_unix(errno);
1805 TALLOC_FREE(lck);
1806 fd_close(fsp);
1807 file_free(fsp);
1808 return status;
1809 }
1810 }
1811
1812 /* Record the options we were opened with. */
1813 fsp->share_access = share_access;
1814 fsp->fh->private_options = create_options;
1815 fsp->access_mask = access_mask;
1816
1817 if (file_existed) {
1818 /* stat opens on existing files don't get oplocks. */
1819 if (is_stat_open(open_access_mask)) {
1820 fsp->oplock_type = NO_OPLOCK;
1821 }
1822
1823 if (!(flags2 & O_TRUNC)) {
1824 info = FILE_WAS_OPENED;
1825 } else {
1826 info = FILE_WAS_OVERWRITTEN;
1827 }
1828 } else {
1829 info = FILE_WAS_CREATED;
1830 }
1831
1832 if (pinfo) {
1833 *pinfo = info;
1834 }
1835
1836 /*
1837 * Setup the oplock info in both the shared memory and
1838 * file structs.
1839 */
1840
1841 if ((fsp->oplock_type != NO_OPLOCK) &&
1842 (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) {
1843 if (!set_file_oplock(fsp, fsp->oplock_type)) {
1844 /* Could not get the kernel oplock */
1845 fsp->oplock_type = NO_OPLOCK;
1846 }
1847 }
1848
1849 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
1850 new_file_created = True;
1851 }
1852
1853 set_share_mode(lck, fsp, current_user.ut.uid, 0, fsp->oplock_type, new_file_created);
1854
1855 /* Handle strange delete on close create semantics. */
1856 if ((create_options & FILE_DELETE_ON_CLOSE)
1857 && (((conn->fs_capabilities & FILE_NAMED_STREAMS)
1858 && is_ntfs_stream_name(fname))
1859 || can_set_initial_delete_on_close(lck))) {
1860 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
1861
1862 if (!NT_STATUS_IS_OK(status)) {
1863 /* Remember to delete the mode we just added. */
1864 del_share_mode(lck, fsp);
1865 TALLOC_FREE(lck);
1866 fd_close(fsp);
1867 file_free(fsp);
1868 return status;
1869 }
1870 /* Note that here we set the *inital* delete on close flag,
1871 not the regular one. The magic gets handled in close. */
1872 fsp->initial_delete_on_close = True;
1873 }
1874
1875 if (new_file_created) {
1876 /* Files should be initially set as archive */
1877 if (lp_map_archive(SNUM(conn)) ||
1878 lp_store_dos_attributes(SNUM(conn))) {
1879 if (!posix_open) {
1880 SMB_STRUCT_STAT tmp_sbuf;
1881 SET_STAT_INVALID(tmp_sbuf);
1882 if (file_set_dosmode(
1883 conn, fname,
1884 new_dos_attributes | aARCH,
1885 &tmp_sbuf, parent_dir,
1886 true) == 0) {
1887 unx_mode = tmp_sbuf.st_mode;
1888 }
1889 }
1890 }
1891 }
1892
1893 /*
1894 * Take care of inherited ACLs on created files - if default ACL not
1895 * selected.
1896 */
1897
1898 if (!posix_open && !file_existed && !def_acl) {
1899
1900 int saved_errno = errno; /* We might get ENOSYS in the next
1901 * call.. */
1902
1903 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
1904 errno == ENOSYS) {
1905 errno = saved_errno; /* Ignore ENOSYS */
1906 }
1907
1908 } else if (new_unx_mode) {
1909
1910 int ret = -1;
1911
1912 /* Attributes need changing. File already existed. */
1913
1914 {
1915 int saved_errno = errno; /* We might get ENOSYS in the
1916 * next call.. */
1917 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
1918
1919 if (ret == -1 && errno == ENOSYS) {
1920 errno = saved_errno; /* Ignore ENOSYS */
1921 } else {
1922 DEBUG(5, ("open_file_ntcreate: reset "
1923 "attributes of file %s to 0%o\n",
1924 fname, (unsigned int)new_unx_mode));
1925 ret = 0; /* Don't do the fchmod below. */
1926 }
1927 }
1928
1929 if ((ret == -1) &&
1930 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
1931 DEBUG(5, ("open_file_ntcreate: failed to reset "
1932 "attributes of file %s to 0%o\n",
1933 fname, (unsigned int)new_unx_mode));
1934 }
1935
1936 /* If this is a successful open, we must remove any deferred open
1937 * records. */
1938 if (req != NULL) {
1939 del_deferred_open_entry(lck, req->mid);
1940 }
1941 TALLOC_FREE(lck);
1942
1943 conn->num_files_open++;
1944
1945 *result = fsp;
1946 return NT_STATUS_OK;
1947}
1948
1949/****************************************************************************
1950 Open a file for for write to ensure that we can fchmod it.
1951****************************************************************************/
1952
1953NTSTATUS open_file_fchmod(connection_struct *conn, const char *fname,
1954 SMB_STRUCT_STAT *psbuf, files_struct **result)
1955{
1956 files_struct *fsp = NULL;
1957 NTSTATUS status;
1958
1959 if (!VALID_STAT(*psbuf)) {
1960 return NT_STATUS_INVALID_PARAMETER;
1961 }
1962
1963 status = file_new(conn, &fsp);
1964 if(!NT_STATUS_IS_OK(status)) {
1965 return status;
1966 }
1967
1968 /* note! we must use a non-zero desired access or we don't get
1969 a real file descriptor. Oh what a twisted web we weave. */
1970 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
1971 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
1972
1973 /*
1974 * This is not a user visible file open.
1975 * Don't set a share mode and don't increment
1976 * the conn->num_files_open.
1977 */
1978
1979 if (!NT_STATUS_IS_OK(status)) {
1980 file_free(fsp);
1981 return status;
1982 }
1983
1984 *result = fsp;
1985 return NT_STATUS_OK;
1986}
1987
1988/****************************************************************************
1989 Close the fchmod file fd - ensure no locks are lost.
1990****************************************************************************/
1991
1992NTSTATUS close_file_fchmod(files_struct *fsp)
1993{
1994 NTSTATUS status = fd_close(fsp);
1995 file_free(fsp);
1996 return status;
1997}
1998
1999static NTSTATUS mkdir_internal(connection_struct *conn,
2000 const char *name,
2001 uint32 file_attributes,
2002 SMB_STRUCT_STAT *psbuf)
2003{
2004 mode_t mode;
2005 char *parent_dir;
2006 const char *dirname;
2007 NTSTATUS status;
2008 bool posix_open = false;
2009
2010 if(!CAN_WRITE(conn)) {
2011 DEBUG(5,("mkdir_internal: failing create on read-only share "
2012 "%s\n", lp_servicename(SNUM(conn))));
2013 return NT_STATUS_ACCESS_DENIED;
2014 }
2015
2016 status = check_name(conn, name);
2017 if (!NT_STATUS_IS_OK(status)) {
2018 return status;
2019 }
2020
2021 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2022 &dirname)) {
2023 return NT_STATUS_NO_MEMORY;
2024 }
2025
2026 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2027 posix_open = true;
2028 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2029 } else {
2030 mode = unix_mode(conn, aDIR, name, parent_dir);
2031 }
2032
2033 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2034 return map_nt_error_from_unix(errno);
2035 }
2036
2037 /* Ensure we're checking for a symlink here.... */
2038 /* We don't want to get caught by a symlink racer. */
2039
2040 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2041 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2042 name, strerror(errno)));
2043 return map_nt_error_from_unix(errno);
2044 }
2045
2046 if (!S_ISDIR(psbuf->st_mode)) {
2047 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2048 name));
2049 return NT_STATUS_ACCESS_DENIED;
2050 }
2051
2052 if (lp_store_dos_attributes(SNUM(conn))) {
2053 if (!posix_open) {
2054 file_set_dosmode(conn, name,
2055 file_attributes | aDIR, NULL,
2056 parent_dir,
2057 true);
2058 }
2059 }
2060
2061 if (lp_inherit_perms(SNUM(conn))) {
2062 inherit_access_acl(conn, parent_dir, name, mode);
2063 }
2064
2065 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2066 /*
2067 * Check if high bits should have been set,
2068 * then (if bits are missing): add them.
2069 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2070 * dir.
2071 */
2072 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2073 SMB_VFS_CHMOD(conn, name,
2074 psbuf->st_mode | (mode & ~psbuf->st_mode));
2075 }
2076 }
2077
2078 /* Change the owner if required. */
2079 if (lp_inherit_owner(SNUM(conn))) {
2080 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2081 }
2082
2083 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2084 name);
2085
2086 return NT_STATUS_OK;
2087}
2088
2089/****************************************************************************
2090 Open a directory from an NT SMB call.
2091****************************************************************************/
2092
2093NTSTATUS open_directory(connection_struct *conn,
2094 struct smb_request *req,
2095 const char *fname,
2096 SMB_STRUCT_STAT *psbuf,
2097 uint32 access_mask,
2098 uint32 share_access,
2099 uint32 create_disposition,
2100 uint32 create_options,
2101 uint32 file_attributes,
2102 int *pinfo,
2103 files_struct **result)
2104{
2105 files_struct *fsp = NULL;
2106 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2107 struct share_mode_lock *lck = NULL;
2108 NTSTATUS status;
2109 struct timespec mtimespec;
2110 int info = 0;
2111
2112 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2113 "share_access = 0x%x create_options = 0x%x, "
2114 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2115 fname,
2116 (unsigned int)access_mask,
2117 (unsigned int)share_access,
2118 (unsigned int)create_options,
2119 (unsigned int)create_disposition,
2120 (unsigned int)file_attributes));
2121
2122 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2123 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2124 is_ntfs_stream_name(fname)) {
2125 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2126 return NT_STATUS_NOT_A_DIRECTORY;
2127 }
2128
2129 switch( create_disposition ) {
2130 case FILE_OPEN:
2131
2132 info = FILE_WAS_OPENED;
2133
2134 /*
2135 * We want to follow symlinks here.
2136 */
2137
2138 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2139 return map_nt_error_from_unix(errno);
2140 }
2141
2142 break;
2143
2144 case FILE_CREATE:
2145
2146 /* If directory exists error. If directory doesn't
2147 * exist create. */
2148
2149 status = mkdir_internal(conn,
2150 fname,
2151 file_attributes,
2152 psbuf);
2153
2154 if (!NT_STATUS_IS_OK(status)) {
2155 DEBUG(2, ("open_directory: unable to create "
2156 "%s. Error was %s\n", fname,
2157 nt_errstr(status)));
2158 return status;
2159 }
2160
2161 info = FILE_WAS_CREATED;
2162 break;
2163
2164 case FILE_OPEN_IF:
2165 /*
2166 * If directory exists open. If directory doesn't
2167 * exist create.
2168 */
2169
2170 status = mkdir_internal(conn,
2171 fname,
2172 file_attributes,
2173 psbuf);
2174
2175 if (NT_STATUS_IS_OK(status)) {
2176 info = FILE_WAS_CREATED;
2177 }
2178
2179 if (NT_STATUS_EQUAL(status,
2180 NT_STATUS_OBJECT_NAME_COLLISION)) {
2181 info = FILE_WAS_OPENED;
2182 status = NT_STATUS_OK;
2183 }
2184
2185 break;
2186
2187 case FILE_SUPERSEDE:
2188 case FILE_OVERWRITE:
2189 case FILE_OVERWRITE_IF:
2190 default:
2191 DEBUG(5,("open_directory: invalid create_disposition "
2192 "0x%x for directory %s\n",
2193 (unsigned int)create_disposition, fname));
2194 return NT_STATUS_INVALID_PARAMETER;
2195 }
2196
2197 if(!S_ISDIR(psbuf->st_mode)) {
2198 DEBUG(5,("open_directory: %s is not a directory !\n",
2199 fname ));
2200 return NT_STATUS_NOT_A_DIRECTORY;
2201 }
2202
2203 status = file_new(conn, &fsp);
2204 if(!NT_STATUS_IS_OK(status)) {
2205 return status;
2206 }
2207
2208 /*
2209 * Setup the files_struct for it.
2210 */
2211
2212 fsp->mode = psbuf->st_mode;
2213 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2214 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2215 fsp->file_pid = req ? req->smbpid : 0;
2216 fsp->can_lock = False;
2217 fsp->can_read = False;
2218 fsp->can_write = False;
2219
2220 fsp->share_access = share_access;
2221 fsp->fh->private_options = create_options;
2222 fsp->access_mask = access_mask;
2223
2224 fsp->print_file = False;
2225 fsp->modified = False;
2226 fsp->oplock_type = NO_OPLOCK;
2227 fsp->sent_oplock_break = NO_BREAK_SENT;
2228 fsp->is_directory = True;
2229 fsp->is_stat = False;
2230 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2231
2232 string_set(&fsp->fsp_name,fname);
2233
2234 mtimespec = get_mtimespec(psbuf);
2235
2236 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2237 conn->connectpath,
2238 fname, &mtimespec);
2239
2240 if (lck == NULL) {
2241 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2242 file_free(fsp);
2243 return NT_STATUS_SHARING_VIOLATION;
2244 }
2245
2246 status = open_mode_check(conn, fname, lck,
2247 access_mask, share_access,
2248 create_options, &dir_existed);
2249
2250 if (!NT_STATUS_IS_OK(status)) {
2251 TALLOC_FREE(lck);
2252 file_free(fsp);
2253 return status;
2254 }
2255
2256 set_share_mode(lck, fsp, current_user.ut.uid, 0, NO_OPLOCK, True);
2257
2258 /* For directories the delete on close bit at open time seems
2259 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2260 if (create_options & FILE_DELETE_ON_CLOSE) {
2261 status = can_set_delete_on_close(fsp, True, 0);
2262 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2263 TALLOC_FREE(lck);
2264 file_free(fsp);
2265 return status;
2266 }
2267
2268 if (NT_STATUS_IS_OK(status)) {
2269 /* Note that here we set the *inital* delete on close flag,
2270 not the regular one. The magic gets handled in close. */
2271 fsp->initial_delete_on_close = True;
2272 }
2273 }
2274
2275 TALLOC_FREE(lck);
2276
2277 if (pinfo) {
2278 *pinfo = info;
2279 }
2280
2281 conn->num_files_open++;
2282
2283 *result = fsp;
2284 return NT_STATUS_OK;
2285}
2286
2287NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2288{
2289 NTSTATUS status;
2290 SMB_STRUCT_STAT sbuf;
2291 files_struct *fsp;
2292
2293 SET_STAT_INVALID(sbuf);
2294
2295 status = open_directory(conn, req, directory, &sbuf,
2296 FILE_READ_ATTRIBUTES, /* Just a stat open */
2297 FILE_SHARE_NONE, /* Ignored for stat opens */
2298 FILE_CREATE,
2299 0,
2300 FILE_ATTRIBUTE_DIRECTORY,
2301 NULL,
2302 &fsp);
2303
2304 if (NT_STATUS_IS_OK(status)) {
2305 close_file(fsp, NORMAL_CLOSE);
2306 }
2307
2308 return status;
2309}
2310
2311/****************************************************************************
2312 Open a pseudo-file (no locking checks - a 'stat' open).
2313****************************************************************************/
2314
2315NTSTATUS open_file_stat(connection_struct *conn, struct smb_request *req,
2316 const char *fname, SMB_STRUCT_STAT *psbuf,
2317 files_struct **result)
2318{
2319 files_struct *fsp = NULL;
2320 NTSTATUS status;
2321
2322 if (!VALID_STAT(*psbuf)) {
2323 return NT_STATUS_INVALID_PARAMETER;
2324 }
2325
2326 /* Can't 'stat' open directories. */
2327 if(S_ISDIR(psbuf->st_mode)) {
2328 return NT_STATUS_FILE_IS_A_DIRECTORY;
2329 }
2330
2331 status = file_new(conn, &fsp);
2332 if(!NT_STATUS_IS_OK(status)) {
2333 return status;
2334 }
2335
2336 DEBUG(5,("open_file_stat: 'opening' file %s\n", fname));
2337
2338 /*
2339 * Setup the files_struct for it.
2340 */
2341
2342 fsp->mode = psbuf->st_mode;
2343 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2344 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2345 fsp->file_pid = req ? req->smbpid : 0;
2346 fsp->can_lock = False;
2347 fsp->can_read = False;
2348 fsp->can_write = False;
2349 fsp->print_file = False;
2350 fsp->modified = False;
2351 fsp->oplock_type = NO_OPLOCK;
2352 fsp->sent_oplock_break = NO_BREAK_SENT;
2353 fsp->is_directory = False;
2354 fsp->is_stat = True;
2355 string_set(&fsp->fsp_name,fname);
2356
2357 conn->num_files_open++;
2358
2359 *result = fsp;
2360 return NT_STATUS_OK;
2361}
2362
2363/****************************************************************************
2364 Receive notification that one of our open files has been renamed by another
2365 smbd process.
2366****************************************************************************/
2367
2368void msg_file_was_renamed(struct messaging_context *msg,
2369 void *private_data,
2370 uint32_t msg_type,
2371 struct server_id server_id,
2372 DATA_BLOB *data)
2373{
2374 files_struct *fsp;
2375 char *frm = (char *)data->data;
2376 struct file_id id;
2377 const char *sharepath;
2378 const char *newname;
2379 size_t sp_len;
2380
2381 if (data->data == NULL
2382 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2383 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2384 (int)data->length));
2385 return;
2386 }
2387
2388 /* Unpack the message. */
2389 pull_file_id_16(frm, &id);
2390 sharepath = &frm[16];
2391 newname = sharepath + strlen(sharepath) + 1;
2392 sp_len = strlen(sharepath);
2393
2394 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2395 "file_id %s\n",
2396 sharepath, newname, file_id_string_tos(&id)));
2397
2398 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2399 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2400 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2401 fsp->fnum, fsp->fsp_name, newname ));
2402 string_set(&fsp->fsp_name, newname);
2403 } else {
2404 /* TODO. JRA. */
2405 /* Now we have the complete path we can work out if this is
2406 actually within this share and adjust newname accordingly. */
2407 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2408 "not sharepath %s) "
2409 "fnum %d from %s -> %s\n",
2410 fsp->conn->connectpath,
2411 sharepath,
2412 fsp->fnum,
2413 fsp->fsp_name,
2414 newname ));
2415 }
2416 }
2417}
2418
2419struct case_semantics_state {
2420 connection_struct *conn;
2421 bool case_sensitive;
2422 bool case_preserve;
2423 bool short_case_preserve;
2424};
2425
2426/****************************************************************************
2427 Restore case semantics.
2428****************************************************************************/
2429static int restore_case_semantics(struct case_semantics_state *state)
2430{
2431 state->conn->case_sensitive = state->case_sensitive;
2432 state->conn->case_preserve = state->case_preserve;
2433 state->conn->short_case_preserve = state->short_case_preserve;
2434 return 0;
2435}
2436
2437/****************************************************************************
2438 Save case semantics.
2439****************************************************************************/
2440static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2441 connection_struct *conn)
2442{
2443 struct case_semantics_state *result;
2444
2445 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2446 DEBUG(0, ("talloc failed\n"));
2447 return NULL;
2448 }
2449
2450 result->conn = conn;
2451 result->case_sensitive = conn->case_sensitive;
2452 result->case_preserve = conn->case_preserve;
2453 result->short_case_preserve = conn->short_case_preserve;
2454
2455 /* Set to POSIX. */
2456 conn->case_sensitive = True;
2457 conn->case_preserve = True;
2458 conn->short_case_preserve = True;
2459
2460 talloc_set_destructor(result, restore_case_semantics);
2461
2462 return result;
2463}
2464
2465/*
2466 * If a main file is opened for delete, all streams need to be checked for
2467 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2468 * If that works, delete them all by setting the delete on close and close.
2469 */
2470
2471static NTSTATUS open_streams_for_delete(connection_struct *conn,
2472 const char *fname)
2473{
2474 struct stream_struct *stream_info;
2475 files_struct **streams;
2476 int i;
2477 unsigned int num_streams;
2478 TALLOC_CTX *frame = talloc_stackframe();
2479 NTSTATUS status;
2480
2481 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2482 &num_streams, &stream_info);
2483
2484 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2485 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2486 DEBUG(10, ("no streams around\n"));
2487 TALLOC_FREE(frame);
2488 return NT_STATUS_OK;
2489 }
2490
2491 if (!NT_STATUS_IS_OK(status)) {
2492 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2493 nt_errstr(status)));
2494 goto fail;
2495 }
2496
2497 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2498 num_streams));
2499
2500 if (num_streams == 0) {
2501 TALLOC_FREE(frame);
2502 return NT_STATUS_OK;
2503 }
2504
2505 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2506 if (streams == NULL) {
2507 DEBUG(0, ("talloc failed\n"));
2508 status = NT_STATUS_NO_MEMORY;
2509 goto fail;
2510 }
2511
2512 for (i=0; i<num_streams; i++) {
2513 char *streamname;
2514
2515 if (strequal(stream_info[i].name, "::$DATA")) {
2516 streams[i] = NULL;
2517 continue;
2518 }
2519
2520 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2521 stream_info[i].name);
2522
2523 if (streamname == NULL) {
2524 DEBUG(0, ("talloc_aprintf failed\n"));
2525 status = NT_STATUS_NO_MEMORY;
2526 goto fail;
2527 }
2528
2529 status = create_file_unixpath
2530 (conn, /* conn */
2531 NULL, /* req */
2532 streamname, /* fname */
2533 DELETE_ACCESS, /* access_mask */
2534 FILE_SHARE_READ | FILE_SHARE_WRITE
2535 | FILE_SHARE_DELETE, /* share_access */
2536 FILE_OPEN, /* create_disposition*/
2537 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2538 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2539 0, /* oplock_request */
2540 0, /* allocation_size */
2541 NULL, /* sd */
2542 NULL, /* ea_list */
2543 &streams[i], /* result */
2544 NULL, /* pinfo */
2545 NULL); /* psbuf */
2546
2547 TALLOC_FREE(streamname);
2548
2549 if (!NT_STATUS_IS_OK(status)) {
2550 DEBUG(10, ("Could not open stream %s: %s\n",
2551 streamname, nt_errstr(status)));
2552 break;
2553 }
2554 }
2555
2556 /*
2557 * don't touch the variable "status" beyond this point :-)
2558 */
2559
2560 for (i -= 1 ; i >= 0; i--) {
2561 if (streams[i] == NULL) {
2562 continue;
2563 }
2564
2565 DEBUG(10, ("Closing stream # %d, %s\n", i,
2566 streams[i]->fsp_name));
2567 close_file(streams[i], NORMAL_CLOSE);
2568 }
2569
2570 fail:
2571 TALLOC_FREE(frame);
2572 return status;
2573}
2574
2575/*
2576 * Wrapper around open_file_ntcreate and open_directory
2577 */
2578
2579NTSTATUS create_file_unixpath(connection_struct *conn,
2580 struct smb_request *req,
2581 const char *fname,
2582 uint32_t access_mask,
2583 uint32_t share_access,
2584 uint32_t create_disposition,
2585 uint32_t create_options,
2586 uint32_t file_attributes,
2587 uint32_t oplock_request,
2588 SMB_BIG_UINT allocation_size,
2589 struct security_descriptor *sd,
2590 struct ea_list *ea_list,
2591
2592 files_struct **result,
2593 int *pinfo,
2594 SMB_STRUCT_STAT *psbuf)
2595{
2596 SMB_STRUCT_STAT sbuf;
2597 int info = FILE_WAS_OPENED;
2598 files_struct *base_fsp = NULL;
2599 files_struct *fsp = NULL;
2600 NTSTATUS status;
2601
2602 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2603 "file_attributes = 0x%x, share_access = 0x%x, "
2604 "create_disposition = 0x%x create_options = 0x%x "
2605 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2606 "fname = %s\n",
2607 (unsigned int)access_mask,
2608 (unsigned int)file_attributes,
2609 (unsigned int)share_access,
2610 (unsigned int)create_disposition,
2611 (unsigned int)create_options,
2612 (unsigned int)oplock_request,
2613 ea_list, sd, fname));
2614
2615 if (create_options & FILE_OPEN_BY_FILE_ID) {
2616 status = NT_STATUS_NOT_SUPPORTED;
2617 goto fail;
2618 }
2619
2620 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2621 status = NT_STATUS_INVALID_PARAMETER;
2622 goto fail;
2623 }
2624
2625 if (req == NULL) {
2626 oplock_request |= INTERNAL_OPEN_ONLY;
2627 }
2628
2629 if (psbuf != NULL) {
2630 sbuf = *psbuf;
2631 }
2632 else {
2633 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2634 SET_STAT_INVALID(sbuf);
2635 }
2636 }
2637
2638 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2639 && (access_mask & DELETE_ACCESS)
2640 && !is_ntfs_stream_name(fname)) {
2641 /*
2642 * We can't open a file with DELETE access if any of the
2643 * streams is open without FILE_SHARE_DELETE
2644 */
2645 status = open_streams_for_delete(conn, fname);
2646
2647 if (!NT_STATUS_IS_OK(status)) {
2648 goto fail;
2649 }
2650 }
2651
2652 /* This is the correct thing to do (check every time) but can_delete
2653 * is expensive (it may have to read the parent directory
2654 * permissions). So for now we're not doing it unless we have a strong
2655 * hint the client is really going to delete this file. If the client
2656 * is forcing FILE_CREATE let the filesystem take care of the
2657 * permissions. */
2658
2659 /* Setting FILE_SHARE_DELETE is the hint. */
2660
2661 if (lp_acl_check_permissions(SNUM(conn))
2662 && (create_disposition != FILE_CREATE)
2663 && (share_access & FILE_SHARE_DELETE)
2664 && (access_mask & DELETE_ACCESS)
2665 && (((dos_mode(conn, fname, &sbuf) & FILE_ATTRIBUTE_READONLY)
2666 && !lp_delete_readonly(SNUM(conn)))
2667 || !can_delete_file_in_directory(conn, fname))) {
2668 status = NT_STATUS_ACCESS_DENIED;
2669 goto fail;
2670 }
2671
2672#if 0
2673 /* We need to support SeSecurityPrivilege for this. */
2674 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2675 !user_has_privileges(current_user.nt_user_token,
2676 &se_security)) {
2677 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2678 goto fail;
2679 }
2680#endif
2681
2682 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2683 && is_ntfs_stream_name(fname)
2684 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2685 char *base;
2686 uint32 base_create_disposition;
2687
2688 if (create_options & FILE_DIRECTORY_FILE) {
2689 status = NT_STATUS_NOT_A_DIRECTORY;
2690 goto fail;
2691 }
2692
2693 status = split_ntfs_stream_name(talloc_tos(), fname,
2694 &base, NULL);
2695 if (!NT_STATUS_IS_OK(status)) {
2696 DEBUG(10, ("create_file_unixpath: "
2697 "split_ntfs_stream_name failed: %s\n",
2698 nt_errstr(status)));
2699 goto fail;
2700 }
2701
2702 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2703
2704 switch (create_disposition) {
2705 case FILE_OPEN:
2706 base_create_disposition = FILE_OPEN;
2707 break;
2708 default:
2709 base_create_disposition = FILE_OPEN_IF;
2710 break;
2711 }
2712
2713 status = create_file_unixpath(conn, NULL, base, 0,
2714 FILE_SHARE_READ
2715 | FILE_SHARE_WRITE
2716 | FILE_SHARE_DELETE,
2717 base_create_disposition,
2718 0, 0, 0, 0, NULL, NULL,
2719 &base_fsp, NULL, NULL);
2720 if (!NT_STATUS_IS_OK(status)) {
2721 DEBUG(10, ("create_file_unixpath for base %s failed: "
2722 "%s\n", base, nt_errstr(status)));
2723 goto fail;
2724 }
2725 }
2726
2727 /*
2728 * If it's a request for a directory open, deal with it separately.
2729 */
2730
2731 if (create_options & FILE_DIRECTORY_FILE) {
2732
2733 if (create_options & FILE_NON_DIRECTORY_FILE) {
2734 status = NT_STATUS_INVALID_PARAMETER;
2735 goto fail;
2736 }
2737
2738 /* Can't open a temp directory. IFS kit test. */
2739 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2740 status = NT_STATUS_INVALID_PARAMETER;
2741 goto fail;
2742 }
2743
2744 /*
2745 * We will get a create directory here if the Win32
2746 * app specified a security descriptor in the
2747 * CreateDirectory() call.
2748 */
2749
2750 oplock_request = 0;
2751 status = open_directory(
2752 conn, req, fname, &sbuf, access_mask, share_access,
2753 create_disposition, create_options, file_attributes,
2754 &info, &fsp);
2755 } else {
2756
2757 /*
2758 * Ordinary file case.
2759 */
2760
2761 status = open_file_ntcreate(
2762 conn, req, fname, &sbuf, access_mask, share_access,
2763 create_disposition, create_options, file_attributes,
2764 oplock_request, &info, &fsp);
2765
2766 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2767
2768 /*
2769 * Fail the open if it was explicitly a non-directory
2770 * file.
2771 */
2772
2773 if (create_options & FILE_NON_DIRECTORY_FILE) {
2774 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2775 goto fail;
2776 }
2777
2778 oplock_request = 0;
2779 status = open_directory(
2780 conn, req, fname, &sbuf, access_mask,
2781 share_access, create_disposition,
2782 create_options, file_attributes,
2783 &info, &fsp);
2784 }
2785 }
2786
2787 if (!NT_STATUS_IS_OK(status)) {
2788 goto fail;
2789 }
2790
2791 /*
2792 * According to the MS documentation, the only time the security
2793 * descriptor is applied to the opened file is iff we *created* the
2794 * file; an existing file stays the same.
2795 *
2796 * Also, it seems (from observation) that you can open the file with
2797 * any access mask but you can still write the sd. We need to override
2798 * the granted access before we call set_sd
2799 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
2800 */
2801
2802 if ((sd != NULL) && (info == FILE_WAS_CREATED)
2803 && lp_nt_acl_support(SNUM(conn))) {
2804
2805 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
2806 uint32_t saved_access_mask = fsp->access_mask;
2807
2808 if (sd->owner_sid == NULL) {
2809 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
2810 }
2811 if (sd->group_sid == NULL) {
2812 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
2813 }
2814 if (sd->sacl == NULL) {
2815 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
2816 }
2817 if (sd->dacl == NULL) {
2818 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
2819 }
2820
2821 fsp->access_mask = FILE_GENERIC_ALL;
2822
2823 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
2824
2825 fsp->access_mask = saved_access_mask;
2826
2827 if (!NT_STATUS_IS_OK(status)) {
2828 goto fail;
2829 }
2830 }
2831
2832 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
2833 status = set_ea(conn, fsp, fname, ea_list);
2834 if (!NT_STATUS_IS_OK(status)) {
2835 goto fail;
2836 }
2837 }
2838
2839 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
2840 status = NT_STATUS_ACCESS_DENIED;
2841 goto fail;
2842 }
2843
2844 /* Save the requested allocation size. */
2845 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
2846 if (allocation_size
2847 && (allocation_size > sbuf.st_size)) {
2848 fsp->initial_allocation_size = smb_roundup(
2849 fsp->conn, allocation_size);
2850 if (fsp->is_directory) {
2851 /* Can't set allocation size on a directory. */
2852 status = NT_STATUS_ACCESS_DENIED;
2853 goto fail;
2854 }
2855 if (vfs_allocate_file_space(
2856 fsp, fsp->initial_allocation_size) == -1) {
2857 status = NT_STATUS_DISK_FULL;
2858 goto fail;
2859 }
2860 } else {
2861 fsp->initial_allocation_size = smb_roundup(
2862 fsp->conn, (SMB_BIG_UINT)sbuf.st_size);
2863 }
2864 }
2865
2866 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
2867
2868 /*
2869 * Set fsp->base_fsp late enough that we can't "goto fail" anymore. In
2870 * the fail: branch we call close_file(fsp, ERROR_CLOSE) which would
2871 * also close fsp->base_fsp which we have to also do explicitly in
2872 * this routine here, as not in all "goto fail:" we have the fsp set
2873 * up already to be initialized with the base_fsp.
2874 */
2875
2876 fsp->base_fsp = base_fsp;
2877
2878 *result = fsp;
2879 if (pinfo != NULL) {
2880 *pinfo = info;
2881 }
2882 if (psbuf != NULL) {
2883 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
2884 *psbuf = sbuf;
2885 }
2886 else {
2887 SMB_VFS_FSTAT(fsp, psbuf);
2888 }
2889 }
2890 return NT_STATUS_OK;
2891
2892 fail:
2893 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
2894
2895 if (fsp != NULL) {
2896 close_file(fsp, ERROR_CLOSE);
2897 fsp = NULL;
2898 }
2899 if (base_fsp != NULL) {
2900 close_file(base_fsp, ERROR_CLOSE);
2901 base_fsp = NULL;
2902 }
2903 return status;
2904}
2905
2906NTSTATUS create_file(connection_struct *conn,
2907 struct smb_request *req,
2908 uint16_t root_dir_fid,
2909 const char *fname,
2910 uint32_t access_mask,
2911 uint32_t share_access,
2912 uint32_t create_disposition,
2913 uint32_t create_options,
2914 uint32_t file_attributes,
2915 uint32_t oplock_request,
2916 SMB_BIG_UINT allocation_size,
2917 struct security_descriptor *sd,
2918 struct ea_list *ea_list,
2919
2920 files_struct **result,
2921 int *pinfo,
2922 SMB_STRUCT_STAT *psbuf)
2923{
2924 struct case_semantics_state *case_state = NULL;
2925 SMB_STRUCT_STAT sbuf;
2926 int info = FILE_WAS_OPENED;
2927 files_struct *fsp = NULL;
2928 NTSTATUS status;
2929
2930 DEBUG(10,("create_file: access_mask = 0x%x "
2931 "file_attributes = 0x%x, share_access = 0x%x, "
2932 "create_disposition = 0x%x create_options = 0x%x "
2933 "oplock_request = 0x%x "
2934 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
2935 "fname = %s\n",
2936 (unsigned int)access_mask,
2937 (unsigned int)file_attributes,
2938 (unsigned int)share_access,
2939 (unsigned int)create_disposition,
2940 (unsigned int)create_options,
2941 (unsigned int)oplock_request,
2942 (unsigned int)root_dir_fid,
2943 ea_list, sd, fname));
2944
2945 /*
2946 * Get the file name.
2947 */
2948
2949 if (root_dir_fid != 0) {
2950 /*
2951 * This filename is relative to a directory fid.
2952 */
2953 char *parent_fname = NULL;
2954 files_struct *dir_fsp = file_fsp(root_dir_fid);
2955
2956 if (dir_fsp == NULL) {
2957 status = NT_STATUS_INVALID_HANDLE;
2958 goto fail;
2959 }
2960
2961 if (!dir_fsp->is_directory) {
2962
2963 /*
2964 * Check to see if this is a mac fork of some kind.
2965 */
2966
2967 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2968 is_ntfs_stream_name(fname)) {
2969 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
2970 goto fail;
2971 }
2972
2973 /*
2974 we need to handle the case when we get a
2975 relative open relative to a file and the
2976 pathname is blank - this is a reopen!
2977 (hint from demyn plantenberg)
2978 */
2979
2980 status = NT_STATUS_INVALID_HANDLE;
2981 goto fail;
2982 }
2983
2984 if (ISDOT(dir_fsp->fsp_name)) {
2985 /*
2986 * We're at the toplevel dir, the final file name
2987 * must not contain ./, as this is filtered out
2988 * normally by srvstr_get_path and unix_convert
2989 * explicitly rejects paths containing ./.
2990 */
2991 parent_fname = talloc_strdup(talloc_tos(), "");
2992 if (parent_fname == NULL) {
2993 status = NT_STATUS_NO_MEMORY;
2994 goto fail;
2995 }
2996 } else {
2997 size_t dir_name_len = strlen(dir_fsp->fsp_name);
2998
2999 /*
3000 * Copy in the base directory name.
3001 */
3002
3003 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3004 dir_name_len+2);
3005 if (parent_fname == NULL) {
3006 status = NT_STATUS_NO_MEMORY;
3007 goto fail;
3008 }
3009 memcpy(parent_fname, dir_fsp->fsp_name,
3010 dir_name_len+1);
3011
3012 /*
3013 * Ensure it ends in a '/'.
3014 * We used TALLOC_SIZE +2 to add space for the '/'.
3015 */
3016
3017 if(dir_name_len
3018 && (parent_fname[dir_name_len-1] != '\\')
3019 && (parent_fname[dir_name_len-1] != '/')) {
3020 parent_fname[dir_name_len] = '/';
3021 parent_fname[dir_name_len+1] = '\0';
3022 }
3023 }
3024
3025 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3026 fname);
3027 if (fname == NULL) {
3028 status = NT_STATUS_NO_MEMORY;
3029 goto fail;
3030 }
3031 }
3032
3033 /*
3034 * Check to see if this is a mac fork of some kind.
3035 */
3036
3037 if (is_ntfs_stream_name(fname)) {
3038 enum FAKE_FILE_TYPE fake_file_type;
3039
3040 fake_file_type = is_fake_file(fname);
3041
3042 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3043
3044 /*
3045 * Here we go! support for changing the disk quotas
3046 * --metze
3047 *
3048 * We need to fake up to open this MAGIC QUOTA file
3049 * and return a valid FID.
3050 *
3051 * w2k close this file directly after openening xp
3052 * also tries a QUERY_FILE_INFO on the file and then
3053 * close it
3054 */
3055 status = open_fake_file(conn, fake_file_type, fname,
3056 access_mask, &fsp);
3057 if (!NT_STATUS_IS_OK(status)) {
3058 goto fail;
3059 }
3060
3061 ZERO_STRUCT(sbuf);
3062 goto done;
3063 }
3064
3065 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3066 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3067 goto fail;
3068 }
3069 }
3070
3071 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3072 char *resolved_fname;
3073
3074 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3075 &resolved_fname);
3076
3077 if (!NT_STATUS_IS_OK(status)) {
3078 /*
3079 * For PATH_NOT_COVERED we had
3080 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3081 * ERRSRV, ERRbadpath);
3082 * Need to fix in callers
3083 */
3084 goto fail;
3085 }
3086 fname = resolved_fname;
3087 }
3088
3089 /*
3090 * Check if POSIX semantics are wanted.
3091 */
3092
3093 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3094 case_state = set_posix_case_semantics(talloc_tos(), conn);
3095 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
3096 }
3097
3098 {
3099 char *converted_fname;
3100
3101 SET_STAT_INVALID(sbuf);
3102
3103 status = unix_convert(talloc_tos(), conn, fname, False,
3104 &converted_fname, NULL, &sbuf);
3105 if (!NT_STATUS_IS_OK(status)) {
3106 goto fail;
3107 }
3108 fname = converted_fname;
3109 }
3110
3111 TALLOC_FREE(case_state);
3112
3113 /* All file access must go through check_name() */
3114
3115 status = check_name(conn, fname);
3116 if (!NT_STATUS_IS_OK(status)) {
3117 goto fail;
3118 }
3119
3120 status = create_file_unixpath(
3121 conn, req, fname, access_mask, share_access,
3122 create_disposition, create_options, file_attributes,
3123 oplock_request, allocation_size, sd, ea_list,
3124 &fsp, &info, &sbuf);
3125
3126 if (!NT_STATUS_IS_OK(status)) {
3127 goto fail;
3128 }
3129
3130 done:
3131 DEBUG(10, ("create_file: info=%d\n", info));
3132
3133 *result = fsp;
3134 if (pinfo != NULL) {
3135 *pinfo = info;
3136 }
3137 if (psbuf != NULL) {
3138 *psbuf = sbuf;
3139 }
3140 return NT_STATUS_OK;
3141
3142 fail:
3143 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3144
3145 if (fsp != NULL) {
3146 close_file(fsp, ERROR_CLOSE);
3147 fsp = NULL;
3148 }
3149 return status;
3150}
Note: See TracBrowser for help on using the repository browser.