source: branches/samba-3.3.x/source/smbd/open.c@ 221

Last change on this file since 221 was 221, checked in by Herwig Bauernfeind, 16 years ago

Update Samba 3.3 to 3.3.1
File size: 93.7 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20*/
21
22#include "includes.h"
23
24extern const struct generic_mapping file_generic_mapping;
25extern bool global_client_failed_oplock_break;
26
27struct deferred_open_record {
28 bool delayed_for_oplocks;
29 struct file_id id;
30};
31
32/****************************************************************************
33 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
34****************************************************************************/
35
36NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
37 const NT_USER_TOKEN *token,
38 uint32_t access_desired,
39 uint32_t *access_granted)
40{
41 return se_access_check(sd,
42 token,
43 (access_desired & ~FILE_READ_ATTRIBUTES),
44 access_granted);
45}
46
47/****************************************************************************
48 Check if we have open rights.
49****************************************************************************/
50
51static NTSTATUS check_open_rights(struct connection_struct *conn,
52 const char *fname,
53 uint32_t access_mask,
54 uint32_t *access_granted)
55{
56 /* Check if we have rights to open. */
57 NTSTATUS status;
58 struct security_descriptor *sd;
59
60 *access_granted = 0;
61
62 status = SMB_VFS_GET_NT_ACL(conn, fname,
63 (OWNER_SECURITY_INFORMATION |
64 GROUP_SECURITY_INFORMATION |
65 DACL_SECURITY_INFORMATION),&sd);
66
67 if (!NT_STATUS_IS_OK(status)) {
68 DEBUG(10, ("check_open_rights: Could not get acl "
69 "on %s: %s\n",
70 fname,
71 nt_errstr(status)));
72 return status;
73 }
74
75 status = smb1_file_se_access_check(sd,
76 conn->server_info->ptok,
77 access_mask,
78 access_granted);
79
80 TALLOC_FREE(sd);
81
82 DEBUG(10,("check_open_rights: file %s requesting "
83 "0x%x returning 0x%x (%s)\n",
84 fname,
85 (unsigned int)access_mask,
86 (unsigned int)*access_granted,
87 nt_errstr(status) ));
88
89 return status;
90}
91
92/****************************************************************************
93 fd support routines - attempt to do a dos_open.
94****************************************************************************/
95
96static NTSTATUS fd_open(struct connection_struct *conn,
97 const char *fname,
98 files_struct *fsp,
99 int flags,
100 mode_t mode)
101{
102 NTSTATUS status = NT_STATUS_OK;
103
104#ifdef O_NOFOLLOW
105 /*
106 * Never follow symlinks on a POSIX client. The
107 * client should be doing this.
108 */
109
110 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
111 flags |= O_NOFOLLOW;
112 }
113#endif
114
115 fsp->fh->fd = SMB_VFS_OPEN(conn,fname,fsp,flags,mode);
116 if (fsp->fh->fd == -1) {
117 status = map_nt_error_from_unix(errno);
118 }
119
120 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
121 fname, flags, (int)mode, fsp->fh->fd,
122 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
123
124 return status;
125}
126
127/****************************************************************************
128 Close the file associated with a fsp.
129****************************************************************************/
130
131NTSTATUS fd_close(files_struct *fsp)
132{
133 int ret;
134
135 if (fsp->fh->fd == -1) {
136 return NT_STATUS_OK; /* What we used to call a stat open. */
137 }
138 if (fsp->fh->ref_count > 1) {
139 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
140 }
141
142 ret = SMB_VFS_CLOSE(fsp);
143 fsp->fh->fd = -1;
144 if (ret == -1) {
145 return map_nt_error_from_unix(errno);
146 }
147 return NT_STATUS_OK;
148}
149
150/****************************************************************************
151 Change the ownership of a file to that of the parent directory.
152 Do this by fd if possible.
153****************************************************************************/
154
155static void change_file_owner_to_parent(connection_struct *conn,
156 const char *inherit_from_dir,
157 files_struct *fsp)
158{
159 SMB_STRUCT_STAT parent_st;
160 int ret;
161
162 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
163 if (ret == -1) {
164 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
165 "directory %s. Error was %s\n",
166 inherit_from_dir, strerror(errno) ));
167 return;
168 }
169
170 become_root();
171 ret = SMB_VFS_FCHOWN(fsp, parent_st.st_uid, (gid_t)-1);
172 unbecome_root();
173 if (ret == -1) {
174 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
175 "file %s to parent directory uid %u. Error "
176 "was %s\n", fsp->fsp_name,
177 (unsigned int)parent_st.st_uid,
178 strerror(errno) ));
179 }
180
181 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
182 "parent directory uid %u.\n", fsp->fsp_name,
183 (unsigned int)parent_st.st_uid ));
184}
185
186static NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
187 const char *inherit_from_dir,
188 const char *fname,
189 SMB_STRUCT_STAT *psbuf)
190{
191 char *saved_dir = NULL;
192 SMB_STRUCT_STAT sbuf;
193 SMB_STRUCT_STAT parent_st;
194 TALLOC_CTX *ctx = talloc_tos();
195 NTSTATUS status = NT_STATUS_OK;
196 int ret;
197
198 ret = SMB_VFS_STAT(conn, inherit_from_dir, &parent_st);
199 if (ret == -1) {
200 status = map_nt_error_from_unix(errno);
201 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
202 "directory %s. Error was %s\n",
203 inherit_from_dir, strerror(errno) ));
204 return status;
205 }
206
207 /* We've already done an lstat into psbuf, and we know it's a
208 directory. If we can cd into the directory and the dev/ino
209 are the same then we can safely chown without races as
210 we're locking the directory in place by being in it. This
211 should work on any UNIX (thanks tridge :-). JRA.
212 */
213
214 saved_dir = vfs_GetWd(ctx,conn);
215 if (!saved_dir) {
216 status = map_nt_error_from_unix(errno);
217 DEBUG(0,("change_dir_owner_to_parent: failed to get "
218 "current working directory. Error was %s\n",
219 strerror(errno)));
220 return status;
221 }
222
223 /* Chdir into the new path. */
224 if (vfs_ChDir(conn, fname) == -1) {
225 status = map_nt_error_from_unix(errno);
226 DEBUG(0,("change_dir_owner_to_parent: failed to change "
227 "current working directory to %s. Error "
228 "was %s\n", fname, strerror(errno) ));
229 goto out;
230 }
231
232 if (SMB_VFS_STAT(conn,".",&sbuf) == -1) {
233 status = map_nt_error_from_unix(errno);
234 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
235 "directory '.' (%s) Error was %s\n",
236 fname, strerror(errno)));
237 goto out;
238 }
239
240 /* Ensure we're pointing at the same place. */
241 if (sbuf.st_dev != psbuf->st_dev ||
242 sbuf.st_ino != psbuf->st_ino ||
243 sbuf.st_mode != psbuf->st_mode ) {
244 DEBUG(0,("change_dir_owner_to_parent: "
245 "device/inode/mode on directory %s changed. "
246 "Refusing to chown !\n", fname ));
247 status = NT_STATUS_ACCESS_DENIED;
248 goto out;
249 }
250
251 become_root();
252 ret = SMB_VFS_CHOWN(conn, ".", parent_st.st_uid, (gid_t)-1);
253 unbecome_root();
254 if (ret == -1) {
255 status = map_nt_error_from_unix(errno);
256 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
257 "directory %s to parent directory uid %u. "
258 "Error was %s\n", fname,
259 (unsigned int)parent_st.st_uid, strerror(errno) ));
260 goto out;
261 }
262
263 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
264 "directory %s to parent directory uid %u.\n",
265 fname, (unsigned int)parent_st.st_uid ));
266
267 out:
268
269 vfs_ChDir(conn,saved_dir);
270 return status;
271}
272
273/****************************************************************************
274 Open a file.
275****************************************************************************/
276
277static NTSTATUS open_file(files_struct *fsp,
278 connection_struct *conn,
279 struct smb_request *req,
280 const char *parent_dir,
281 const char *name,
282 const char *path,
283 SMB_STRUCT_STAT *psbuf,
284 int flags,
285 mode_t unx_mode,
286 uint32 access_mask, /* client requested access mask. */
287 uint32 open_access_mask) /* what we're actually using in the open. */
288{
289 NTSTATUS status = NT_STATUS_OK;
290 int accmode = (flags & O_ACCMODE);
291 int local_flags = flags;
292 bool file_existed = VALID_STAT(*psbuf);
293
294 fsp->fh->fd = -1;
295 errno = EPERM;
296
297 /* Check permissions */
298
299 /*
300 * This code was changed after seeing a client open request
301 * containing the open mode of (DENY_WRITE/read-only) with
302 * the 'create if not exist' bit set. The previous code
303 * would fail to open the file read only on a read-only share
304 * as it was checking the flags parameter directly against O_RDONLY,
305 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
306 * JRA.
307 */
308
309 if (!CAN_WRITE(conn)) {
310 /* It's a read-only share - fail if we wanted to write. */
311 if(accmode != O_RDONLY) {
312 DEBUG(3,("Permission denied opening %s\n", path));
313 return NT_STATUS_ACCESS_DENIED;
314 } else if(flags & O_CREAT) {
315 /* We don't want to write - but we must make sure that
316 O_CREAT doesn't create the file if we have write
317 access into the directory.
318 */
319 flags &= ~O_CREAT;
320 local_flags &= ~O_CREAT;
321 }
322 }
323
324 /*
325 * This little piece of insanity is inspired by the
326 * fact that an NT client can open a file for O_RDONLY,
327 * but set the create disposition to FILE_EXISTS_TRUNCATE.
328 * If the client *can* write to the file, then it expects to
329 * truncate the file, even though it is opening for readonly.
330 * Quicken uses this stupid trick in backup file creation...
331 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
332 * for helping track this one down. It didn't bite us in 2.0.x
333 * as we always opened files read-write in that release. JRA.
334 */
335
336 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
337 DEBUG(10,("open_file: truncate requested on read-only open "
338 "for file %s\n", path));
339 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
340 }
341
342 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
343 (!file_existed && (local_flags & O_CREAT)) ||
344 ((local_flags & O_TRUNC) == O_TRUNC) ) {
345 const char *wild;
346
347 /*
348 * We can't actually truncate here as the file may be locked.
349 * open_file_ntcreate will take care of the truncate later. JRA.
350 */
351
352 local_flags &= ~O_TRUNC;
353
354#if defined(O_NONBLOCK) && defined(S_ISFIFO)
355 /*
356 * We would block on opening a FIFO with no one else on the
357 * other end. Do what we used to do and add O_NONBLOCK to the
358 * open flags. JRA.
359 */
360
361 if (file_existed && S_ISFIFO(psbuf->st_mode)) {
362 local_flags |= O_NONBLOCK;
363 }
364#endif
365
366 /* Don't create files with Microsoft wildcard characters. */
367 if (fsp->base_fsp) {
368 /*
369 * wildcard characters are allowed in stream names
370 * only test the basefilename
371 */
372 wild = fsp->base_fsp->fsp_name;
373 } else {
374 wild = path;
375 }
376 if ((local_flags & O_CREAT) && !file_existed &&
377 ms_has_wild(wild)) {
378 return NT_STATUS_OBJECT_NAME_INVALID;
379 }
380
381 /* Actually do the open */
382 status = fd_open(conn, path, fsp, local_flags, unx_mode);
383 if (!NT_STATUS_IS_OK(status)) {
384 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
385 "(flags=%d)\n",
386 path,nt_errstr(status),local_flags,flags));
387 return status;
388 }
389
390 if ((local_flags & O_CREAT) && !file_existed) {
391
392 /* Inherit the ACL if required */
393 if (lp_inherit_perms(SNUM(conn))) {
394 inherit_access_posix_acl(conn, parent_dir, path,
395 unx_mode);
396 }
397
398 /* Change the owner if required. */
399 if (lp_inherit_owner(SNUM(conn))) {
400 change_file_owner_to_parent(conn, parent_dir,
401 fsp);
402 }
403
404 notify_fname(conn, NOTIFY_ACTION_ADDED,
405 FILE_NOTIFY_CHANGE_FILE_NAME, path);
406 }
407
408 } else {
409 fsp->fh->fd = -1; /* What we used to call a stat open. */
410 if (file_existed) {
411 uint32_t access_granted = 0;
412
413 status = check_open_rights(conn,
414 path,
415 access_mask,
416 &access_granted);
417 if (!NT_STATUS_IS_OK(status)) {
418 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
419 if ((access_mask & DELETE_ACCESS) &&
420 (access_granted == DELETE_ACCESS) &&
421 can_delete_file_in_directory(conn, path)) {
422 /* Were we trying to do a stat open
423 * for delete and didn't get DELETE
424 * access (only) ? Check if the
425 * directory allows DELETE_CHILD.
426 * See here:
427 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
428 * for details. */
429
430 DEBUG(10,("open_file: overrode ACCESS_DENIED "
431 "on file %s\n",
432 path ));
433 } else {
434 DEBUG(10, ("open_file: Access denied on "
435 "file %s\n",
436 path));
437 return status;
438 }
439 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
440 fsp->posix_open &&
441 S_ISLNK(psbuf->st_mode)) {
442 /* This is a POSIX stat open for delete
443 * or rename on a symlink that points
444 * nowhere. Allow. */
445 DEBUG(10, ("open_file: allowing POSIX open "
446 "on bad symlink %s\n",
447 path ));
448 } else {
449 DEBUG(10, ("open_file: check_open_rights "
450 "on file %s returned %s\n",
451 path, nt_errstr(status) ));
452 return status;
453 }
454 }
455 }
456 }
457
458 if (!file_existed) {
459 int ret;
460
461 if (fsp->fh->fd == -1) {
462 ret = SMB_VFS_STAT(conn, path, psbuf);
463 } else {
464 ret = SMB_VFS_FSTAT(fsp, psbuf);
465 /* If we have an fd, this stat should succeed. */
466 if (ret == -1) {
467 DEBUG(0,("Error doing fstat on open file %s "
468 "(%s)\n", path,strerror(errno) ));
469 }
470 }
471
472 /* For a non-io open, this stat failing means file not found. JRA */
473 if (ret == -1) {
474 status = map_nt_error_from_unix(errno);
475 fd_close(fsp);
476 return status;
477 }
478 }
479
480 /*
481 * POSIX allows read-only opens of directories. We don't
482 * want to do this (we use a different code path for this)
483 * so catch a directory open and return an EISDIR. JRA.
484 */
485
486 if(S_ISDIR(psbuf->st_mode)) {
487 fd_close(fsp);
488 errno = EISDIR;
489 return NT_STATUS_FILE_IS_A_DIRECTORY;
490 }
491
492 fsp->mode = psbuf->st_mode;
493 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
494 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
495 fsp->file_pid = req ? req->smbpid : 0;
496 fsp->can_lock = True;
497 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
498 if (!CAN_WRITE(conn)) {
499 fsp->can_write = False;
500 } else {
501 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
502 True : False;
503 }
504 fsp->print_file = False;
505 fsp->modified = False;
506 fsp->sent_oplock_break = NO_BREAK_SENT;
507 fsp->is_directory = False;
508 if (conn->aio_write_behind_list &&
509 is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
510 fsp->aio_write_behind = True;
511 }
512
513 string_set(&fsp->fsp_name, path);
514 fsp->wcp = NULL; /* Write cache pointer. */
515
516 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
517 conn->server_info->unix_name,
518 fsp->fsp_name,
519 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
520 conn->num_files_open));
521
522 errno = 0;
523 return NT_STATUS_OK;
524}
525
526/*******************************************************************
527 Return True if the filename is one of the special executable types.
528********************************************************************/
529
530static bool is_executable(const char *fname)
531{
532 if ((fname = strrchr_m(fname,'.'))) {
533 if (strequal(fname,".com") ||
534 strequal(fname,".dll") ||
535 strequal(fname,".exe") ||
536 strequal(fname,".sym")) {
537 return True;
538 }
539 }
540 return False;
541}
542
543/****************************************************************************
544 Check if we can open a file with a share mode.
545 Returns True if conflict, False if not.
546****************************************************************************/
547
548static bool share_conflict(struct share_mode_entry *entry,
549 uint32 access_mask,
550 uint32 share_access)
551{
552 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
553 "entry->share_access = 0x%x, "
554 "entry->private_options = 0x%x\n",
555 (unsigned int)entry->access_mask,
556 (unsigned int)entry->share_access,
557 (unsigned int)entry->private_options));
558
559 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
560 (unsigned int)access_mask, (unsigned int)share_access));
561
562 if ((entry->access_mask & (FILE_WRITE_DATA|
563 FILE_APPEND_DATA|
564 FILE_READ_DATA|
565 FILE_EXECUTE|
566 DELETE_ACCESS)) == 0) {
567 DEBUG(10,("share_conflict: No conflict due to "
568 "entry->access_mask = 0x%x\n",
569 (unsigned int)entry->access_mask ));
570 return False;
571 }
572
573 if ((access_mask & (FILE_WRITE_DATA|
574 FILE_APPEND_DATA|
575 FILE_READ_DATA|
576 FILE_EXECUTE|
577 DELETE_ACCESS)) == 0) {
578 DEBUG(10,("share_conflict: No conflict due to "
579 "access_mask = 0x%x\n",
580 (unsigned int)access_mask ));
581 return False;
582 }
583
584#if 1 /* JRA TEST - Superdebug. */
585#define CHECK_MASK(num, am, right, sa, share) \
586 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
587 (unsigned int)(num), (unsigned int)(am), \
588 (unsigned int)(right), (unsigned int)(am)&(right) )); \
589 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
590 (unsigned int)(num), (unsigned int)(sa), \
591 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
592 if (((am) & (right)) && !((sa) & (share))) { \
593 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
594sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
595 (unsigned int)(share) )); \
596 return True; \
597 }
598#else
599#define CHECK_MASK(num, am, right, sa, share) \
600 if (((am) & (right)) && !((sa) & (share))) { \
601 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
602sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
603 (unsigned int)(share) )); \
604 return True; \
605 }
606#endif
607
608 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
609 share_access, FILE_SHARE_WRITE);
610 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
611 entry->share_access, FILE_SHARE_WRITE);
612
613 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
614 share_access, FILE_SHARE_READ);
615 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
616 entry->share_access, FILE_SHARE_READ);
617
618 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
619 share_access, FILE_SHARE_DELETE);
620 CHECK_MASK(6, access_mask, DELETE_ACCESS,
621 entry->share_access, FILE_SHARE_DELETE);
622
623 DEBUG(10,("share_conflict: No conflict.\n"));
624 return False;
625}
626
627#if defined(DEVELOPER)
628static void validate_my_share_entries(int num,
629 struct share_mode_entry *share_entry)
630{
631 files_struct *fsp;
632
633 if (!procid_is_me(&share_entry->pid)) {
634 return;
635 }
636
637 if (is_deferred_open_entry(share_entry) &&
638 !open_was_deferred(share_entry->op_mid)) {
639 char *str = talloc_asprintf(talloc_tos(),
640 "Got a deferred entry without a request: "
641 "PANIC: %s\n",
642 share_mode_str(talloc_tos(), num, share_entry));
643 smb_panic(str);
644 }
645
646 if (!is_valid_share_mode_entry(share_entry)) {
647 return;
648 }
649
650 fsp = file_find_dif(share_entry->id,
651 share_entry->share_file_id);
652 if (!fsp) {
653 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
654 share_mode_str(talloc_tos(), num, share_entry) ));
655 smb_panic("validate_my_share_entries: Cannot match a "
656 "share entry with an open file\n");
657 }
658
659 if (is_deferred_open_entry(share_entry) ||
660 is_unused_share_mode_entry(share_entry)) {
661 goto panic;
662 }
663
664 if ((share_entry->op_type == NO_OPLOCK) &&
665 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
666 /* Someone has already written to it, but I haven't yet
667 * noticed */
668 return;
669 }
670
671 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
672 goto panic;
673 }
674
675 return;
676
677 panic:
678 {
679 char *str;
680 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
681 share_mode_str(talloc_tos(), num, share_entry) ));
682 str = talloc_asprintf(talloc_tos(),
683 "validate_my_share_entries: "
684 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
685 fsp->fsp_name, (unsigned int)fsp->oplock_type,
686 (unsigned int)share_entry->op_type );
687 smb_panic(str);
688 }
689}
690#endif
691
692static bool is_stat_open(uint32 access_mask)
693{
694 return (access_mask &&
695 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
696 FILE_WRITE_ATTRIBUTES))==0) &&
697 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
698 FILE_WRITE_ATTRIBUTES)) != 0));
699}
700
701/****************************************************************************
702 Deal with share modes
703 Invarient: Share mode must be locked on entry and exit.
704 Returns -1 on error, or number of share modes on success (may be zero).
705****************************************************************************/
706
707static NTSTATUS open_mode_check(connection_struct *conn,
708 const char *fname,
709 struct share_mode_lock *lck,
710 uint32 access_mask,
711 uint32 share_access,
712 uint32 create_options,
713 bool *file_existed)
714{
715 int i;
716
717 if(lck->num_share_modes == 0) {
718 return NT_STATUS_OK;
719 }
720
721 *file_existed = True;
722
723 /* A delete on close prohibits everything */
724
725 if (lck->delete_on_close) {
726 return NT_STATUS_DELETE_PENDING;
727 }
728
729 if (is_stat_open(access_mask)) {
730 /* Stat open that doesn't trigger oplock breaks or share mode
731 * checks... ! JRA. */
732 return NT_STATUS_OK;
733 }
734
735 /*
736 * Check if the share modes will give us access.
737 */
738
739#if defined(DEVELOPER)
740 for(i = 0; i < lck->num_share_modes; i++) {
741 validate_my_share_entries(i, &lck->share_modes[i]);
742 }
743#endif
744
745 if (!lp_share_modes(SNUM(conn))) {
746 return NT_STATUS_OK;
747 }
748
749 /* Now we check the share modes, after any oplock breaks. */
750 for(i = 0; i < lck->num_share_modes; i++) {
751
752 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
753 continue;
754 }
755
756 /* someone else has a share lock on it, check to see if we can
757 * too */
758 if (share_conflict(&lck->share_modes[i],
759 access_mask, share_access)) {
760 return NT_STATUS_SHARING_VIOLATION;
761 }
762 }
763
764 return NT_STATUS_OK;
765}
766
767static bool is_delete_request(files_struct *fsp) {
768 return ((fsp->access_mask == DELETE_ACCESS) &&
769 (fsp->oplock_type == NO_OPLOCK));
770}
771
772/*
773 * Send a break message to the oplock holder and delay the open for
774 * our client.
775 */
776
777static NTSTATUS send_break_message(files_struct *fsp,
778 struct share_mode_entry *exclusive,
779 uint16 mid,
780 int oplock_request)
781{
782 NTSTATUS status;
783 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
784
785 DEBUG(10, ("Sending break request to PID %s\n",
786 procid_str_static(&exclusive->pid)));
787 exclusive->op_mid = mid;
788
789 /* Create the message. */
790 share_mode_entry_to_message(msg, exclusive);
791
792 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
793 don't want this set in the share mode struct pointed to by lck. */
794
795 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
796 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
797 }
798
799 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
800 MSG_SMB_BREAK_REQUEST,
801 (uint8 *)msg,
802 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
803 if (!NT_STATUS_IS_OK(status)) {
804 DEBUG(3, ("Could not send oplock break message: %s\n",
805 nt_errstr(status)));
806 }
807
808 return status;
809}
810
811/*
812 * 1) No files open at all or internal open: Grant whatever the client wants.
813 *
814 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
815 * request, break if the oplock around is a batch oplock. If it's another
816 * requested access type, break.
817 *
818 * 3) Only level2 around: Grant level2 and do nothing else.
819 */
820
821static bool delay_for_oplocks(struct share_mode_lock *lck,
822 files_struct *fsp,
823 uint16 mid,
824 int pass_number,
825 int oplock_request)
826{
827 extern uint32 global_client_caps;
828 int i;
829 struct share_mode_entry *exclusive = NULL;
830 bool valid_entry = false;
831 bool have_level2 = false;
832 bool have_a_none_oplock = false;
833 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
834 lp_level2_oplocks(SNUM(fsp->conn));
835
836 if (oplock_request & INTERNAL_OPEN_ONLY) {
837 fsp->oplock_type = NO_OPLOCK;
838 }
839
840 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
841 return false;
842 }
843
844 for (i=0; i<lck->num_share_modes; i++) {
845
846 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
847 continue;
848 }
849
850 /* At least one entry is not an invalid or deferred entry. */
851 valid_entry = true;
852
853 if (pass_number == 1) {
854 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
855 SMB_ASSERT(exclusive == NULL);
856 exclusive = &lck->share_modes[i];
857 }
858 } else {
859 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
860 SMB_ASSERT(exclusive == NULL);
861 exclusive = &lck->share_modes[i];
862 }
863 }
864
865 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
866 SMB_ASSERT(exclusive == NULL);
867 have_level2 = true;
868 }
869
870 if (lck->share_modes[i].op_type == NO_OPLOCK) {
871 have_a_none_oplock = true;
872 }
873 }
874
875 if (exclusive != NULL) { /* Found an exclusive oplock */
876 bool delay_it = is_delete_request(fsp) ?
877 BATCH_OPLOCK_TYPE(exclusive->op_type) : true;
878 SMB_ASSERT(!have_level2);
879 if (delay_it) {
880 send_break_message(fsp, exclusive, mid, oplock_request);
881 return true;
882 }
883 }
884
885 /*
886 * Match what was requested (fsp->oplock_type) with
887 * what was found in the existing share modes.
888 */
889
890 if (!valid_entry) {
891 /* All entries are placeholders or deferred.
892 * Directly grant whatever the client wants. */
893 if (fsp->oplock_type == NO_OPLOCK) {
894 /* Store a level2 oplock, but don't tell the client */
895 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
896 }
897 } else if (have_a_none_oplock) {
898 fsp->oplock_type = NO_OPLOCK;
899 } else if (have_level2) {
900 if (fsp->oplock_type == NO_OPLOCK ||
901 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
902 /* Store a level2 oplock, but don't tell the client */
903 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
904 } else {
905 fsp->oplock_type = LEVEL_II_OPLOCK;
906 }
907 } else {
908 /* This case can never happen. */
909 SMB_ASSERT(1);
910 }
911
912 /*
913 * Don't grant level2 to clients that don't want them
914 * or if we've turned them off.
915 */
916 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
917 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
918 }
919
920 DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n",
921 fsp->oplock_type, fsp->fsp_name));
922
923 /* No delay. */
924 return false;
925}
926
927static bool request_timed_out(struct timeval request_time,
928 struct timeval timeout)
929{
930 struct timeval now, end_time;
931 GetTimeOfDay(&now);
932 end_time = timeval_sum(&request_time, &timeout);
933 return (timeval_compare(&end_time, &now) < 0);
934}
935
936/****************************************************************************
937 Handle the 1 second delay in returning a SHARING_VIOLATION error.
938****************************************************************************/
939
940static void defer_open(struct share_mode_lock *lck,
941 struct timeval request_time,
942 struct timeval timeout,
943 struct smb_request *req,
944 struct deferred_open_record *state)
945{
946 int i;
947
948 /* Paranoia check */
949
950 for (i=0; i<lck->num_share_modes; i++) {
951 struct share_mode_entry *e = &lck->share_modes[i];
952
953 if (!is_deferred_open_entry(e)) {
954 continue;
955 }
956
957 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
958 DEBUG(0, ("Trying to defer an already deferred "
959 "request: mid=%d, exiting\n", req->mid));
960 exit_server("attempt to defer a deferred request");
961 }
962 }
963
964 /* End paranoia check */
965
966 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
967 "open entry for mid %u\n",
968 (unsigned int)request_time.tv_sec,
969 (unsigned int)request_time.tv_usec,
970 (unsigned int)req->mid));
971
972 if (!push_deferred_smb_message(req, request_time, timeout,
973 (char *)state, sizeof(*state))) {
974 exit_server("push_deferred_smb_message failed");
975 }
976 add_deferred_open(lck, req->mid, request_time, state->id);
977
978 /*
979 * Push the MID of this packet on the signing queue.
980 * We only do this once, the first time we push the packet
981 * onto the deferred open queue, as this has a side effect
982 * of incrementing the response sequence number.
983 */
984
985 srv_defer_sign_response(req->mid);
986}
987
988
989/****************************************************************************
990 On overwrite open ensure that the attributes match.
991****************************************************************************/
992
993static bool open_match_attributes(connection_struct *conn,
994 const char *path,
995 uint32 old_dos_attr,
996 uint32 new_dos_attr,
997 mode_t existing_unx_mode,
998 mode_t new_unx_mode,
999 mode_t *returned_unx_mode)
1000{
1001 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1002
1003 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1004 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1005
1006 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1007 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1008 *returned_unx_mode = new_unx_mode;
1009 } else {
1010 *returned_unx_mode = (mode_t)0;
1011 }
1012
1013 DEBUG(10,("open_match_attributes: file %s old_dos_attr = 0x%x, "
1014 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1015 "returned_unx_mode = 0%o\n",
1016 path,
1017 (unsigned int)old_dos_attr,
1018 (unsigned int)existing_unx_mode,
1019 (unsigned int)new_dos_attr,
1020 (unsigned int)*returned_unx_mode ));
1021
1022 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1023 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1024 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1025 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1026 return False;
1027 }
1028 }
1029 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1030 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1031 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1032 return False;
1033 }
1034 }
1035 return True;
1036}
1037
1038/****************************************************************************
1039 Special FCB or DOS processing in the case of a sharing violation.
1040 Try and find a duplicated file handle.
1041****************************************************************************/
1042
1043static NTSTATUS fcb_or_dos_open(connection_struct *conn,
1044 files_struct *fsp_to_dup_into,
1045 const char *fname,
1046 struct file_id id,
1047 uint16 file_pid,
1048 uint16 vuid,
1049 uint32 access_mask,
1050 uint32 share_access,
1051 uint32 create_options)
1052{
1053 files_struct *fsp;
1054
1055 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1056 "file %s.\n", fname ));
1057
1058 for(fsp = file_find_di_first(id); fsp;
1059 fsp = file_find_di_next(fsp)) {
1060
1061 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1062 "vuid = %u, file_pid = %u, private_options = 0x%x "
1063 "access_mask = 0x%x\n", fsp->fsp_name,
1064 fsp->fh->fd, (unsigned int)fsp->vuid,
1065 (unsigned int)fsp->file_pid,
1066 (unsigned int)fsp->fh->private_options,
1067 (unsigned int)fsp->access_mask ));
1068
1069 if (fsp->fh->fd != -1 &&
1070 fsp->vuid == vuid &&
1071 fsp->file_pid == file_pid &&
1072 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1073 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1074 (fsp->access_mask & FILE_WRITE_DATA) &&
1075 strequal(fsp->fsp_name, fname)) {
1076 DEBUG(10,("fcb_or_dos_open: file match\n"));
1077 break;
1078 }
1079 }
1080
1081 if (!fsp) {
1082 return NT_STATUS_NOT_FOUND;
1083 }
1084
1085 /* quite an insane set of semantics ... */
1086 if (is_executable(fname) &&
1087 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1088 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1089 return NT_STATUS_INVALID_PARAMETER;
1090 }
1091
1092 /* We need to duplicate this fsp. */
1093 dup_file_fsp(fsp, access_mask, share_access,
1094 create_options, fsp_to_dup_into);
1095
1096 return NT_STATUS_OK;
1097}
1098
1099/****************************************************************************
1100 Open a file with a share mode - old openX method - map into NTCreate.
1101****************************************************************************/
1102
1103bool map_open_params_to_ntcreate(const char *fname, int deny_mode, int open_func,
1104 uint32 *paccess_mask,
1105 uint32 *pshare_mode,
1106 uint32 *pcreate_disposition,
1107 uint32 *pcreate_options)
1108{
1109 uint32 access_mask;
1110 uint32 share_mode;
1111 uint32 create_disposition;
1112 uint32 create_options = FILE_NON_DIRECTORY_FILE;
1113
1114 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
1115 "open_func = 0x%x\n",
1116 fname, (unsigned int)deny_mode, (unsigned int)open_func ));
1117
1118 /* Create the NT compatible access_mask. */
1119 switch (GET_OPENX_MODE(deny_mode)) {
1120 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
1121 case DOS_OPEN_RDONLY:
1122 access_mask = FILE_GENERIC_READ;
1123 break;
1124 case DOS_OPEN_WRONLY:
1125 access_mask = FILE_GENERIC_WRITE;
1126 break;
1127 case DOS_OPEN_RDWR:
1128 case DOS_OPEN_FCB:
1129 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
1130 break;
1131 default:
1132 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
1133 (unsigned int)GET_OPENX_MODE(deny_mode)));
1134 return False;
1135 }
1136
1137 /* Create the NT compatible create_disposition. */
1138 switch (open_func) {
1139 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
1140 create_disposition = FILE_CREATE;
1141 break;
1142
1143 case OPENX_FILE_EXISTS_OPEN:
1144 create_disposition = FILE_OPEN;
1145 break;
1146
1147 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
1148 create_disposition = FILE_OPEN_IF;
1149 break;
1150
1151 case OPENX_FILE_EXISTS_TRUNCATE:
1152 create_disposition = FILE_OVERWRITE;
1153 break;
1154
1155 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
1156 create_disposition = FILE_OVERWRITE_IF;
1157 break;
1158
1159 default:
1160 /* From samba4 - to be confirmed. */
1161 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
1162 create_disposition = FILE_CREATE;
1163 break;
1164 }
1165 DEBUG(10,("map_open_params_to_ntcreate: bad "
1166 "open_func 0x%x\n", (unsigned int)open_func));
1167 return False;
1168 }
1169
1170 /* Create the NT compatible share modes. */
1171 switch (GET_DENY_MODE(deny_mode)) {
1172 case DENY_ALL:
1173 share_mode = FILE_SHARE_NONE;
1174 break;
1175
1176 case DENY_WRITE:
1177 share_mode = FILE_SHARE_READ;
1178 break;
1179
1180 case DENY_READ:
1181 share_mode = FILE_SHARE_WRITE;
1182 break;
1183
1184 case DENY_NONE:
1185 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1186 break;
1187
1188 case DENY_DOS:
1189 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;
1190 if (is_executable(fname)) {
1191 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
1192 } else {
1193 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
1194 share_mode = FILE_SHARE_READ;
1195 } else {
1196 share_mode = FILE_SHARE_NONE;
1197 }
1198 }
1199 break;
1200
1201 case DENY_FCB:
1202 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;
1203 share_mode = FILE_SHARE_NONE;
1204 break;
1205
1206 default:
1207 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
1208 (unsigned int)GET_DENY_MODE(deny_mode) ));
1209 return False;
1210 }
1211
1212 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
1213 "share_mode = 0x%x, create_disposition = 0x%x, "
1214 "create_options = 0x%x\n",
1215 fname,
1216 (unsigned int)access_mask,
1217 (unsigned int)share_mode,
1218 (unsigned int)create_disposition,
1219 (unsigned int)create_options ));
1220
1221 if (paccess_mask) {
1222 *paccess_mask = access_mask;
1223 }
1224 if (pshare_mode) {
1225 *pshare_mode = share_mode;
1226 }
1227 if (pcreate_disposition) {
1228 *pcreate_disposition = create_disposition;
1229 }
1230 if (pcreate_options) {
1231 *pcreate_options = create_options;
1232 }
1233
1234 return True;
1235
1236}
1237
1238static void schedule_defer_open(struct share_mode_lock *lck,
1239 struct timeval request_time,
1240 struct smb_request *req)
1241{
1242 struct deferred_open_record state;
1243
1244 /* This is a relative time, added to the absolute
1245 request_time value to get the absolute timeout time.
1246 Note that if this is the second or greater time we enter
1247 this codepath for this particular request mid then
1248 request_time is left as the absolute time of the *first*
1249 time this request mid was processed. This is what allows
1250 the request to eventually time out. */
1251
1252 struct timeval timeout;
1253
1254 /* Normally the smbd we asked should respond within
1255 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1256 * the client did, give twice the timeout as a safety
1257 * measure here in case the other smbd is stuck
1258 * somewhere else. */
1259
1260 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1261
1262 /* Nothing actually uses state.delayed_for_oplocks
1263 but it's handy to differentiate in debug messages
1264 between a 30 second delay due to oplock break, and
1265 a 1 second delay for share mode conflicts. */
1266
1267 state.delayed_for_oplocks = True;
1268 state.id = lck->id;
1269
1270 if (!request_timed_out(request_time, timeout)) {
1271 defer_open(lck, request_time, timeout, req, &state);
1272 }
1273}
1274
1275/****************************************************************************
1276 Work out what access_mask to use from what the client sent us.
1277****************************************************************************/
1278
1279static NTSTATUS calculate_access_mask(connection_struct *conn,
1280 const char *fname,
1281 bool file_existed,
1282 uint32_t access_mask,
1283 uint32_t *access_mask_out)
1284{
1285 NTSTATUS status;
1286
1287 /*
1288 * Convert GENERIC bits to specific bits.
1289 */
1290
1291 se_map_generic(&access_mask, &file_generic_mapping);
1292
1293 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1294 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1295 if (file_existed) {
1296
1297 struct security_descriptor *sd;
1298 uint32_t access_granted = 0;
1299
1300 status = SMB_VFS_GET_NT_ACL(conn, fname,
1301 (OWNER_SECURITY_INFORMATION |
1302 GROUP_SECURITY_INFORMATION |
1303 DACL_SECURITY_INFORMATION),&sd);
1304
1305 if (!NT_STATUS_IS_OK(status)) {
1306 DEBUG(10, ("calculate_access_mask: Could not get acl "
1307 "on file %s: %s\n",
1308 fname,
1309 nt_errstr(status)));
1310 return NT_STATUS_ACCESS_DENIED;
1311 }
1312
1313 status = smb1_file_se_access_check(sd,
1314 conn->server_info->ptok,
1315 access_mask,
1316 &access_granted);
1317
1318 TALLOC_FREE(sd);
1319
1320 if (!NT_STATUS_IS_OK(status)) {
1321 DEBUG(10, ("calculate_access_mask: Access denied on "
1322 "file %s: when calculating maximum access\n",
1323 fname));
1324 return NT_STATUS_ACCESS_DENIED;
1325 }
1326
1327 access_mask = access_granted;
1328 } else {
1329 access_mask = FILE_GENERIC_ALL;
1330 }
1331 }
1332
1333 *access_mask_out = access_mask;
1334 return NT_STATUS_OK;
1335}
1336
1337/****************************************************************************
1338 Open a file with a share mode. Passed in an already created files_struct *.
1339****************************************************************************/
1340
1341static NTSTATUS open_file_ntcreate_internal(connection_struct *conn,
1342 struct smb_request *req,
1343 const char *fname,
1344 SMB_STRUCT_STAT *psbuf,
1345 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1346 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1347 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1348 uint32 create_options, /* options such as delete on close. */
1349 uint32 new_dos_attributes, /* attributes used for new file. */
1350 int oplock_request, /* internal Samba oplock codes. */
1351 /* Information (FILE_EXISTS etc.) */
1352 int *pinfo,
1353 files_struct *fsp)
1354{
1355 int flags=0;
1356 int flags2=0;
1357 bool file_existed = VALID_STAT(*psbuf);
1358 bool def_acl = False;
1359 bool posix_open = False;
1360 bool new_file_created = False;
1361 bool clear_ads = false;
1362 struct file_id id;
1363 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1364 mode_t new_unx_mode = (mode_t)0;
1365 mode_t unx_mode = (mode_t)0;
1366 int info;
1367 uint32 existing_dos_attributes = 0;
1368 struct pending_message_list *pml = NULL;
1369 struct timeval request_time = timeval_zero();
1370 struct share_mode_lock *lck = NULL;
1371 uint32 open_access_mask = access_mask;
1372 NTSTATUS status;
1373 int ret_flock;
1374 char *parent_dir;
1375 const char *newname;
1376
1377 ZERO_STRUCT(id);
1378
1379 if (conn->printer) {
1380 /*
1381 * Printers are handled completely differently.
1382 * Most of the passed parameters are ignored.
1383 */
1384
1385 if (pinfo) {
1386 *pinfo = FILE_WAS_CREATED;
1387 }
1388
1389 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname));
1390
1391 return print_fsp_open(conn, fname, req->vuid, fsp, psbuf);
1392 }
1393
1394 if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir,
1395 &newname)) {
1396 return NT_STATUS_NO_MEMORY;
1397 }
1398
1399 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1400 posix_open = True;
1401 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1402 new_dos_attributes = 0;
1403 } else {
1404 /* We add aARCH to this as this mode is only used if the file is
1405 * created new. */
1406 unx_mode = unix_mode(conn, new_dos_attributes | aARCH, fname,
1407 parent_dir);
1408 }
1409
1410 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1411 "access_mask=0x%x share_access=0x%x "
1412 "create_disposition = 0x%x create_options=0x%x "
1413 "unix mode=0%o oplock_request=%d\n",
1414 fname, new_dos_attributes, access_mask, share_access,
1415 create_disposition, create_options, (unsigned int)unx_mode,
1416 oplock_request));
1417
1418 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1419 DEBUG(0, ("No smb request but not an internal only open!\n"));
1420 return NT_STATUS_INTERNAL_ERROR;
1421 }
1422
1423 /*
1424 * Only non-internal opens can be deferred at all
1425 */
1426
1427 if ((req != NULL)
1428 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1429 struct deferred_open_record *state =
1430 (struct deferred_open_record *)pml->private_data.data;
1431
1432 /* Remember the absolute time of the original
1433 request with this mid. We'll use it later to
1434 see if this has timed out. */
1435
1436 request_time = pml->request_time;
1437
1438 /* Remove the deferred open entry under lock. */
1439 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1440 NULL);
1441 if (lck == NULL) {
1442 DEBUG(0, ("could not get share mode lock\n"));
1443 } else {
1444 del_deferred_open_entry(lck, req->mid);
1445 TALLOC_FREE(lck);
1446 }
1447
1448 /* Ensure we don't reprocess this message. */
1449 remove_deferred_open_smb_message(req->mid);
1450 }
1451
1452 status = check_name(conn, fname);
1453 if (!NT_STATUS_IS_OK(status)) {
1454 return status;
1455 }
1456
1457 if (!posix_open) {
1458 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1459 if (file_existed) {
1460 existing_dos_attributes = dos_mode(conn, fname, psbuf);
1461 }
1462 }
1463
1464 /* ignore any oplock requests if oplocks are disabled */
1465 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1466 IS_VETO_OPLOCK_PATH(conn, fname)) {
1467 /* Mask off everything except the private Samba bits. */
1468 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1469 }
1470
1471 /* this is for OS/2 long file names - say we don't support them */
1472 if (!lp_posix_pathnames() && strstr(fname,".+,;=[].")) {
1473 /* OS/2 Workplace shell fix may be main code stream in a later
1474 * release. */
1475 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1476 "supported.\n"));
1477 if (use_nt_status()) {
1478 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1479 }
1480 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1481 }
1482
1483 switch( create_disposition ) {
1484 /*
1485 * Currently we're using FILE_SUPERSEDE as the same as
1486 * FILE_OVERWRITE_IF but they really are
1487 * different. FILE_SUPERSEDE deletes an existing file
1488 * (requiring delete access) then recreates it.
1489 */
1490 case FILE_SUPERSEDE:
1491 /* If file exists replace/overwrite. If file doesn't
1492 * exist create. */
1493 flags2 |= (O_CREAT | O_TRUNC);
1494 clear_ads = true;
1495 break;
1496
1497 case FILE_OVERWRITE_IF:
1498 /* If file exists replace/overwrite. If file doesn't
1499 * exist create. */
1500 flags2 |= (O_CREAT | O_TRUNC);
1501 clear_ads = true;
1502 break;
1503
1504 case FILE_OPEN:
1505 /* If file exists open. If file doesn't exist error. */
1506 if (!file_existed) {
1507 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1508 "requested for file %s and file "
1509 "doesn't exist.\n", fname ));
1510 errno = ENOENT;
1511 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1512 }
1513 break;
1514
1515 case FILE_OVERWRITE:
1516 /* If file exists overwrite. If file doesn't exist
1517 * error. */
1518 if (!file_existed) {
1519 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1520 "requested for file %s and file "
1521 "doesn't exist.\n", fname ));
1522 errno = ENOENT;
1523 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1524 }
1525 flags2 |= O_TRUNC;
1526 clear_ads = true;
1527 break;
1528
1529 case FILE_CREATE:
1530 /* If file exists error. If file doesn't exist
1531 * create. */
1532 if (file_existed) {
1533 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1534 "requested for file %s and file "
1535 "already exists.\n", fname ));
1536 if (S_ISDIR(psbuf->st_mode)) {
1537 errno = EISDIR;
1538 } else {
1539 errno = EEXIST;
1540 }
1541 return map_nt_error_from_unix(errno);
1542 }
1543 flags2 |= (O_CREAT|O_EXCL);
1544 break;
1545
1546 case FILE_OPEN_IF:
1547 /* If file exists open. If file doesn't exist
1548 * create. */
1549 flags2 |= O_CREAT;
1550 break;
1551
1552 default:
1553 return NT_STATUS_INVALID_PARAMETER;
1554 }
1555
1556 /* We only care about matching attributes on file exists and
1557 * overwrite. */
1558
1559 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1560 (create_disposition == FILE_OVERWRITE_IF))) {
1561 if (!open_match_attributes(conn, fname,
1562 existing_dos_attributes,
1563 new_dos_attributes, psbuf->st_mode,
1564 unx_mode, &new_unx_mode)) {
1565 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1566 "for file %s (%x %x) (0%o, 0%o)\n",
1567 fname, existing_dos_attributes,
1568 new_dos_attributes,
1569 (unsigned int)psbuf->st_mode,
1570 (unsigned int)unx_mode ));
1571 errno = EACCES;
1572 return NT_STATUS_ACCESS_DENIED;
1573 }
1574 }
1575
1576 status = calculate_access_mask(conn, fname, file_existed,
1577 access_mask,
1578 &access_mask);
1579 if (!NT_STATUS_IS_OK(status)) {
1580 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1581 "on file %s returned %s\n",
1582 fname,
1583 nt_errstr(status)));
1584 return status;
1585 }
1586
1587 open_access_mask = access_mask;
1588
1589 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1590 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1591 }
1592
1593 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1594 "access_mask=0x%x\n", fname, access_mask ));
1595
1596 /*
1597 * Note that we ignore the append flag as append does not
1598 * mean the same thing under DOS and Unix.
1599 */
1600
1601 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1602 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1603 /* DENY_DOS opens are always underlying read-write on the
1604 file handle, no matter what the requested access mask
1605 says. */
1606 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1607 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1608 flags = O_RDWR;
1609 } else {
1610 flags = O_WRONLY;
1611 }
1612 } else {
1613 flags = O_RDONLY;
1614 }
1615
1616 /*
1617 * Currently we only look at FILE_WRITE_THROUGH for create options.
1618 */
1619
1620#if defined(O_SYNC)
1621 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1622 flags2 |= O_SYNC;
1623 }
1624#endif /* O_SYNC */
1625
1626 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1627 flags2 |= O_APPEND;
1628 }
1629
1630 if (!posix_open && !CAN_WRITE(conn)) {
1631 /*
1632 * We should really return a permission denied error if either
1633 * O_CREAT or O_TRUNC are set, but for compatibility with
1634 * older versions of Samba we just AND them out.
1635 */
1636 flags2 &= ~(O_CREAT|O_TRUNC);
1637 }
1638
1639 /*
1640 * Ensure we can't write on a read-only share or file.
1641 */
1642
1643 if (flags != O_RDONLY && file_existed &&
1644 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1645 DEBUG(5,("open_file_ntcreate: write access requested for "
1646 "file %s on read only %s\n",
1647 fname, !CAN_WRITE(conn) ? "share" : "file" ));
1648 errno = EACCES;
1649 return NT_STATUS_ACCESS_DENIED;
1650 }
1651
1652 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
1653 fsp->share_access = share_access;
1654 fsp->fh->private_options = create_options;
1655 fsp->access_mask = open_access_mask; /* We change this to the
1656 * requested access_mask after
1657 * the open is done. */
1658 fsp->posix_open = posix_open;
1659
1660 /* Ensure no SAMBA_PRIVATE bits can be set. */
1661 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1662
1663 if (timeval_is_zero(&request_time)) {
1664 request_time = fsp->open_time;
1665 }
1666
1667 if (file_existed) {
1668 struct timespec old_write_time = get_mtimespec(psbuf);
1669 id = vfs_file_id_from_sbuf(conn, psbuf);
1670
1671 lck = get_share_mode_lock(talloc_tos(), id,
1672 conn->connectpath,
1673 fname, &old_write_time);
1674
1675 if (lck == NULL) {
1676 DEBUG(0, ("Could not get share mode lock\n"));
1677 return NT_STATUS_SHARING_VIOLATION;
1678 }
1679
1680 /* First pass - send break only on batch oplocks. */
1681 if ((req != NULL)
1682 && delay_for_oplocks(lck, fsp, req->mid, 1,
1683 oplock_request)) {
1684 schedule_defer_open(lck, request_time, req);
1685 TALLOC_FREE(lck);
1686 return NT_STATUS_SHARING_VIOLATION;
1687 }
1688
1689 /* Use the client requested access mask here, not the one we
1690 * open with. */
1691 status = open_mode_check(conn, fname, lck,
1692 access_mask, share_access,
1693 create_options, &file_existed);
1694
1695 if (NT_STATUS_IS_OK(status)) {
1696 /* We might be going to allow this open. Check oplock
1697 * status again. */
1698 /* Second pass - send break for both batch or
1699 * exclusive oplocks. */
1700 if ((req != NULL)
1701 && delay_for_oplocks(lck, fsp, req->mid, 2,
1702 oplock_request)) {
1703 schedule_defer_open(lck, request_time, req);
1704 TALLOC_FREE(lck);
1705 return NT_STATUS_SHARING_VIOLATION;
1706 }
1707 }
1708
1709 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1710 /* DELETE_PENDING is not deferred for a second */
1711 TALLOC_FREE(lck);
1712 return status;
1713 }
1714
1715 if (!NT_STATUS_IS_OK(status)) {
1716 uint32 can_access_mask;
1717 bool can_access = True;
1718
1719 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1720
1721 /* Check if this can be done with the deny_dos and fcb
1722 * calls. */
1723 if (create_options &
1724 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1725 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1726 if (req == NULL) {
1727 DEBUG(0, ("DOS open without an SMB "
1728 "request!\n"));
1729 TALLOC_FREE(lck);
1730 return NT_STATUS_INTERNAL_ERROR;
1731 }
1732
1733 /* Use the client requested access mask here,
1734 * not the one we open with. */
1735 status = fcb_or_dos_open(conn,
1736 fsp,
1737 fname,
1738 id,
1739 req->smbpid,
1740 req->vuid,
1741 access_mask,
1742 share_access,
1743 create_options);
1744
1745 if (NT_STATUS_IS_OK(status)) {
1746 TALLOC_FREE(lck);
1747 if (pinfo) {
1748 *pinfo = FILE_WAS_OPENED;
1749 }
1750 return NT_STATUS_OK;
1751 }
1752 }
1753
1754 /*
1755 * This next line is a subtlety we need for
1756 * MS-Access. If a file open will fail due to share
1757 * permissions and also for security (access) reasons,
1758 * we need to return the access failed error, not the
1759 * share error. We can't open the file due to kernel
1760 * oplock deadlock (it's possible we failed above on
1761 * the open_mode_check()) so use a userspace check.
1762 */
1763
1764 if (flags & O_RDWR) {
1765 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1766 } else if (flags & O_WRONLY) {
1767 can_access_mask = FILE_WRITE_DATA;
1768 } else {
1769 can_access_mask = FILE_READ_DATA;
1770 }
1771
1772 if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
1773 !can_access_file_data(conn,fname,psbuf,can_access_mask)) {
1774 can_access = False;
1775 }
1776
1777 /*
1778 * If we're returning a share violation, ensure we
1779 * cope with the braindead 1 second delay.
1780 */
1781
1782 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1783 lp_defer_sharing_violations()) {
1784 struct timeval timeout;
1785 struct deferred_open_record state;
1786 int timeout_usecs;
1787
1788 /* this is a hack to speed up torture tests
1789 in 'make test' */
1790 timeout_usecs = lp_parm_int(SNUM(conn),
1791 "smbd","sharedelay",
1792 SHARING_VIOLATION_USEC_WAIT);
1793
1794 /* This is a relative time, added to the absolute
1795 request_time value to get the absolute timeout time.
1796 Note that if this is the second or greater time we enter
1797 this codepath for this particular request mid then
1798 request_time is left as the absolute time of the *first*
1799 time this request mid was processed. This is what allows
1800 the request to eventually time out. */
1801
1802 timeout = timeval_set(0, timeout_usecs);
1803
1804 /* Nothing actually uses state.delayed_for_oplocks
1805 but it's handy to differentiate in debug messages
1806 between a 30 second delay due to oplock break, and
1807 a 1 second delay for share mode conflicts. */
1808
1809 state.delayed_for_oplocks = False;
1810 state.id = id;
1811
1812 if ((req != NULL)
1813 && !request_timed_out(request_time,
1814 timeout)) {
1815 defer_open(lck, request_time, timeout,
1816 req, &state);
1817 }
1818 }
1819
1820 TALLOC_FREE(lck);
1821 if (can_access) {
1822 /*
1823 * We have detected a sharing violation here
1824 * so return the correct error code
1825 */
1826 status = NT_STATUS_SHARING_VIOLATION;
1827 } else {
1828 status = NT_STATUS_ACCESS_DENIED;
1829 }
1830 return status;
1831 }
1832
1833 /*
1834 * We exit this block with the share entry *locked*.....
1835 */
1836 }
1837
1838 SMB_ASSERT(!file_existed || (lck != NULL));
1839
1840 /*
1841 * Ensure we pay attention to default ACLs on directories if required.
1842 */
1843
1844 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1845 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1846 unx_mode = 0777;
1847 }
1848
1849 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1850 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1851 (unsigned int)flags, (unsigned int)flags2,
1852 (unsigned int)unx_mode, (unsigned int)access_mask,
1853 (unsigned int)open_access_mask));
1854
1855 /*
1856 * open_file strips any O_TRUNC flags itself.
1857 */
1858
1859 fsp_open = open_file(fsp, conn, req, parent_dir, newname, fname, psbuf,
1860 flags|flags2, unx_mode, access_mask,
1861 open_access_mask);
1862
1863 if (!NT_STATUS_IS_OK(fsp_open)) {
1864 if (lck != NULL) {
1865 TALLOC_FREE(lck);
1866 }
1867 return fsp_open;
1868 }
1869
1870 if (!file_existed) {
1871 struct timespec old_write_time = get_mtimespec(psbuf);
1872 /*
1873 * Deal with the race condition where two smbd's detect the
1874 * file doesn't exist and do the create at the same time. One
1875 * of them will win and set a share mode, the other (ie. this
1876 * one) should check if the requested share mode for this
1877 * create is allowed.
1878 */
1879
1880 /*
1881 * Now the file exists and fsp is successfully opened,
1882 * fsp->dev and fsp->inode are valid and should replace the
1883 * dev=0,inode=0 from a non existent file. Spotted by
1884 * Nadav Danieli <nadavd@exanet.com>. JRA.
1885 */
1886
1887 id = fsp->file_id;
1888
1889 lck = get_share_mode_lock(talloc_tos(), id,
1890 conn->connectpath,
1891 fname, &old_write_time);
1892
1893 if (lck == NULL) {
1894 DEBUG(0, ("open_file_ntcreate: Could not get share "
1895 "mode lock for %s\n", fname));
1896 fd_close(fsp);
1897 return NT_STATUS_SHARING_VIOLATION;
1898 }
1899
1900 /* First pass - send break only on batch oplocks. */
1901 if ((req != NULL)
1902 && delay_for_oplocks(lck, fsp, req->mid, 1,
1903 oplock_request)) {
1904 schedule_defer_open(lck, request_time, req);
1905 TALLOC_FREE(lck);
1906 fd_close(fsp);
1907 return NT_STATUS_SHARING_VIOLATION;
1908 }
1909
1910 status = open_mode_check(conn, fname, lck,
1911 access_mask, share_access,
1912 create_options, &file_existed);
1913
1914 if (NT_STATUS_IS_OK(status)) {
1915 /* We might be going to allow this open. Check oplock
1916 * status again. */
1917 /* Second pass - send break for both batch or
1918 * exclusive oplocks. */
1919 if ((req != NULL)
1920 && delay_for_oplocks(lck, fsp, req->mid, 2,
1921 oplock_request)) {
1922 schedule_defer_open(lck, request_time, req);
1923 TALLOC_FREE(lck);
1924 fd_close(fsp);
1925 return NT_STATUS_SHARING_VIOLATION;
1926 }
1927 }
1928
1929 if (!NT_STATUS_IS_OK(status)) {
1930 struct deferred_open_record state;
1931
1932 fd_close(fsp);
1933
1934 state.delayed_for_oplocks = False;
1935 state.id = id;
1936
1937 /* Do it all over again immediately. In the second
1938 * round we will find that the file existed and handle
1939 * the DELETE_PENDING and FCB cases correctly. No need
1940 * to duplicate the code here. Essentially this is a
1941 * "goto top of this function", but don't tell
1942 * anybody... */
1943
1944 if (req != NULL) {
1945 defer_open(lck, request_time, timeval_zero(),
1946 req, &state);
1947 }
1948 TALLOC_FREE(lck);
1949 return status;
1950 }
1951
1952 /*
1953 * We exit this block with the share entry *locked*.....
1954 */
1955
1956 }
1957
1958 SMB_ASSERT(lck != NULL);
1959
1960 /* Delete streams if create_disposition requires it */
1961 if (file_existed && clear_ads && !is_ntfs_stream_name(fname)) {
1962 status = delete_all_streams(conn, fname);
1963 if (!NT_STATUS_IS_OK(status)) {
1964 TALLOC_FREE(lck);
1965 fd_close(fsp);
1966 return status;
1967 }
1968 }
1969
1970 /* note that we ignore failure for the following. It is
1971 basically a hack for NFS, and NFS will never set one of
1972 these only read them. Nobody but Samba can ever set a deny
1973 mode and we have already checked our more authoritative
1974 locking database for permission to set this deny mode. If
1975 the kernel refuses the operations then the kernel is wrong.
1976 note that GPFS supports it as well - jmcd */
1977
1978 if (fsp->fh->fd != -1) {
1979 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access);
1980 if(ret_flock == -1 ){
1981
1982 TALLOC_FREE(lck);
1983 fd_close(fsp);
1984
1985 return NT_STATUS_SHARING_VIOLATION;
1986 }
1987 }
1988
1989 /*
1990 * At this point onwards, we can guarentee that the share entry
1991 * is locked, whether we created the file or not, and that the
1992 * deny mode is compatible with all current opens.
1993 */
1994
1995 /*
1996 * If requested, truncate the file.
1997 */
1998
1999 if (flags2&O_TRUNC) {
2000 /*
2001 * We are modifing the file after open - update the stat
2002 * struct..
2003 */
2004 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
2005 (SMB_VFS_FSTAT(fsp, psbuf)==-1)) {
2006 status = map_nt_error_from_unix(errno);
2007 TALLOC_FREE(lck);
2008 fd_close(fsp);
2009 return status;
2010 }
2011 }
2012
2013 /* Record the options we were opened with. */
2014 fsp->share_access = share_access;
2015 fsp->fh->private_options = create_options;
2016 /*
2017 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2018 */
2019 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2020
2021 if (file_existed) {
2022 /* stat opens on existing files don't get oplocks. */
2023 if (is_stat_open(open_access_mask)) {
2024 fsp->oplock_type = NO_OPLOCK;
2025 }
2026
2027 if (!(flags2 & O_TRUNC)) {
2028 info = FILE_WAS_OPENED;
2029 } else {
2030 info = FILE_WAS_OVERWRITTEN;
2031 }
2032 } else {
2033 info = FILE_WAS_CREATED;
2034 }
2035
2036 if (pinfo) {
2037 *pinfo = info;
2038 }
2039
2040 /*
2041 * Setup the oplock info in both the shared memory and
2042 * file structs.
2043 */
2044
2045 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2046 /* Could not get the kernel oplock */
2047 fsp->oplock_type = NO_OPLOCK;
2048 }
2049
2050 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2051 new_file_created = True;
2052 }
2053
2054 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
2055 fsp->oplock_type);
2056
2057 /* Handle strange delete on close create semantics. */
2058 if (create_options & FILE_DELETE_ON_CLOSE) {
2059
2060 status = can_set_delete_on_close(fsp, True, new_dos_attributes);
2061
2062 if (!NT_STATUS_IS_OK(status)) {
2063 /* Remember to delete the mode we just added. */
2064 del_share_mode(lck, fsp);
2065 TALLOC_FREE(lck);
2066 fd_close(fsp);
2067 return status;
2068 }
2069 /* Note that here we set the *inital* delete on close flag,
2070 not the regular one. The magic gets handled in close. */
2071 fsp->initial_delete_on_close = True;
2072 }
2073
2074 if (new_file_created) {
2075 /* Files should be initially set as archive */
2076 if (lp_map_archive(SNUM(conn)) ||
2077 lp_store_dos_attributes(SNUM(conn))) {
2078 if (!posix_open) {
2079 SMB_STRUCT_STAT tmp_sbuf;
2080 SET_STAT_INVALID(tmp_sbuf);
2081 if (file_set_dosmode(
2082 conn, fname,
2083 new_dos_attributes | aARCH,
2084 &tmp_sbuf, parent_dir,
2085 true) == 0) {
2086 unx_mode = tmp_sbuf.st_mode;
2087 }
2088 }
2089 }
2090 }
2091
2092 /*
2093 * Take care of inherited ACLs on created files - if default ACL not
2094 * selected.
2095 */
2096
2097 if (!posix_open && !file_existed && !def_acl) {
2098
2099 int saved_errno = errno; /* We might get ENOSYS in the next
2100 * call.. */
2101
2102 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2103 errno == ENOSYS) {
2104 errno = saved_errno; /* Ignore ENOSYS */
2105 }
2106
2107 } else if (new_unx_mode) {
2108
2109 int ret = -1;
2110
2111 /* Attributes need changing. File already existed. */
2112
2113 {
2114 int saved_errno = errno; /* We might get ENOSYS in the
2115 * next call.. */
2116 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2117
2118 if (ret == -1 && errno == ENOSYS) {
2119 errno = saved_errno; /* Ignore ENOSYS */
2120 } else {
2121 DEBUG(5, ("open_file_ntcreate: reset "
2122 "attributes of file %s to 0%o\n",
2123 fname, (unsigned int)new_unx_mode));
2124 ret = 0; /* Don't do the fchmod below. */
2125 }
2126 }
2127
2128 if ((ret == -1) &&
2129 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2130 DEBUG(5, ("open_file_ntcreate: failed to reset "
2131 "attributes of file %s to 0%o\n",
2132 fname, (unsigned int)new_unx_mode));
2133 }
2134
2135 /* If this is a successful open, we must remove any deferred open
2136 * records. */
2137 if (req != NULL) {
2138 del_deferred_open_entry(lck, req->mid);
2139 }
2140 TALLOC_FREE(lck);
2141
2142 return NT_STATUS_OK;
2143}
2144
2145/****************************************************************************
2146 Open a file with a share mode.
2147****************************************************************************/
2148
2149NTSTATUS open_file_ntcreate(connection_struct *conn,
2150 struct smb_request *req,
2151 const char *fname,
2152 SMB_STRUCT_STAT *psbuf,
2153 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
2154 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
2155 uint32 create_disposition, /* FILE_OPEN_IF etc. */
2156 uint32 create_options, /* options such as delete on close. */
2157 uint32 new_dos_attributes, /* attributes used for new file. */
2158 int oplock_request, /* internal Samba oplock codes. */
2159 /* Information (FILE_EXISTS etc.) */
2160 int *pinfo,
2161 files_struct **result)
2162{
2163 NTSTATUS status;
2164 files_struct *fsp = NULL;
2165
2166 *result = NULL;
2167
2168 status = file_new(conn, &fsp);
2169 if(!NT_STATUS_IS_OK(status)) {
2170 return status;
2171 }
2172
2173 status = open_file_ntcreate_internal(conn,
2174 req,
2175 fname,
2176 psbuf,
2177 access_mask,
2178 share_access,
2179 create_disposition,
2180 create_options,
2181 new_dos_attributes,
2182 oplock_request,
2183 pinfo,
2184 fsp);
2185
2186 if(!NT_STATUS_IS_OK(status)) {
2187 file_free(fsp);
2188 return status;
2189 }
2190
2191 *result = fsp;
2192 return status;
2193}
2194
2195/****************************************************************************
2196 Open a file for for write to ensure that we can fchmod it.
2197****************************************************************************/
2198
2199NTSTATUS open_file_fchmod(connection_struct *conn, const char *fname,
2200 SMB_STRUCT_STAT *psbuf, files_struct **result)
2201{
2202 files_struct *fsp = NULL;
2203 NTSTATUS status;
2204
2205 if (!VALID_STAT(*psbuf)) {
2206 return NT_STATUS_INVALID_PARAMETER;
2207 }
2208
2209 status = file_new(conn, &fsp);
2210 if(!NT_STATUS_IS_OK(status)) {
2211 return status;
2212 }
2213
2214 /* note! we must use a non-zero desired access or we don't get
2215 a real file descriptor. Oh what a twisted web we weave. */
2216 status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY,
2217 0, FILE_WRITE_DATA, FILE_WRITE_DATA);
2218
2219 /*
2220 * This is not a user visible file open.
2221 * Don't set a share mode.
2222 */
2223
2224 if (!NT_STATUS_IS_OK(status)) {
2225 file_free(fsp);
2226 return status;
2227 }
2228
2229 *result = fsp;
2230 return NT_STATUS_OK;
2231}
2232
2233/****************************************************************************
2234 Close the fchmod file fd - ensure no locks are lost.
2235****************************************************************************/
2236
2237NTSTATUS close_file_fchmod(files_struct *fsp)
2238{
2239 NTSTATUS status = fd_close(fsp);
2240 file_free(fsp);
2241 return status;
2242}
2243
2244static NTSTATUS mkdir_internal(connection_struct *conn,
2245 const char *name,
2246 uint32 file_attributes,
2247 SMB_STRUCT_STAT *psbuf)
2248{
2249 mode_t mode;
2250 char *parent_dir;
2251 const char *dirname;
2252 NTSTATUS status;
2253 bool posix_open = false;
2254
2255 if(!CAN_WRITE(conn)) {
2256 DEBUG(5,("mkdir_internal: failing create on read-only share "
2257 "%s\n", lp_servicename(SNUM(conn))));
2258 return NT_STATUS_ACCESS_DENIED;
2259 }
2260
2261 status = check_name(conn, name);
2262 if (!NT_STATUS_IS_OK(status)) {
2263 return status;
2264 }
2265
2266 if (!parent_dirname_talloc(talloc_tos(), name, &parent_dir,
2267 &dirname)) {
2268 return NT_STATUS_NO_MEMORY;
2269 }
2270
2271 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2272 posix_open = true;
2273 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2274 } else {
2275 mode = unix_mode(conn, aDIR, name, parent_dir);
2276 }
2277
2278 if (SMB_VFS_MKDIR(conn, name, mode) != 0) {
2279 return map_nt_error_from_unix(errno);
2280 }
2281
2282 /* Ensure we're checking for a symlink here.... */
2283 /* We don't want to get caught by a symlink racer. */
2284
2285 if (SMB_VFS_LSTAT(conn, name, psbuf) == -1) {
2286 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2287 name, strerror(errno)));
2288 return map_nt_error_from_unix(errno);
2289 }
2290
2291 if (!S_ISDIR(psbuf->st_mode)) {
2292 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2293 name));
2294 return NT_STATUS_ACCESS_DENIED;
2295 }
2296
2297 if (lp_store_dos_attributes(SNUM(conn))) {
2298 if (!posix_open) {
2299 file_set_dosmode(conn, name,
2300 file_attributes | aDIR, NULL,
2301 parent_dir,
2302 true);
2303 }
2304 }
2305
2306 if (lp_inherit_perms(SNUM(conn))) {
2307 inherit_access_posix_acl(conn, parent_dir, name, mode);
2308 }
2309
2310 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2311 /*
2312 * Check if high bits should have been set,
2313 * then (if bits are missing): add them.
2314 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2315 * dir.
2316 */
2317 if (mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) && (mode & ~psbuf->st_mode)) {
2318 SMB_VFS_CHMOD(conn, name,
2319 psbuf->st_mode | (mode & ~psbuf->st_mode));
2320 }
2321 }
2322
2323 /* Change the owner if required. */
2324 if (lp_inherit_owner(SNUM(conn))) {
2325 change_dir_owner_to_parent(conn, parent_dir, name, psbuf);
2326 }
2327
2328 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2329 name);
2330
2331 return NT_STATUS_OK;
2332}
2333
2334/****************************************************************************
2335 Open a directory from an NT SMB call.
2336****************************************************************************/
2337
2338NTSTATUS open_directory(connection_struct *conn,
2339 struct smb_request *req,
2340 const char *fname,
2341 SMB_STRUCT_STAT *psbuf,
2342 uint32 access_mask,
2343 uint32 share_access,
2344 uint32 create_disposition,
2345 uint32 create_options,
2346 uint32 file_attributes,
2347 int *pinfo,
2348 files_struct **result)
2349{
2350 files_struct *fsp = NULL;
2351 bool dir_existed = VALID_STAT(*psbuf) ? True : False;
2352 struct share_mode_lock *lck = NULL;
2353 NTSTATUS status;
2354 struct timespec mtimespec;
2355 int info = 0;
2356
2357 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2358 "share_access = 0x%x create_options = 0x%x, "
2359 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2360 fname,
2361 (unsigned int)access_mask,
2362 (unsigned int)share_access,
2363 (unsigned int)create_options,
2364 (unsigned int)create_disposition,
2365 (unsigned int)file_attributes));
2366
2367 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2368 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2369 is_ntfs_stream_name(fname)) {
2370 DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
2371 return NT_STATUS_NOT_A_DIRECTORY;
2372 }
2373
2374 status = calculate_access_mask(conn, fname, dir_existed,
2375 access_mask,
2376 &access_mask);
2377 if (!NT_STATUS_IS_OK(status)) {
2378 DEBUG(10, ("open_directory: calculate_access_mask "
2379 "on file %s returned %s\n",
2380 fname,
2381 nt_errstr(status)));
2382 return status;
2383 }
2384
2385 switch( create_disposition ) {
2386 case FILE_OPEN:
2387
2388 info = FILE_WAS_OPENED;
2389
2390 /*
2391 * We want to follow symlinks here.
2392 */
2393
2394 if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
2395 return map_nt_error_from_unix(errno);
2396 }
2397
2398 break;
2399
2400 case FILE_CREATE:
2401
2402 /* If directory exists error. If directory doesn't
2403 * exist create. */
2404
2405 status = mkdir_internal(conn,
2406 fname,
2407 file_attributes,
2408 psbuf);
2409
2410 if (!NT_STATUS_IS_OK(status)) {
2411 DEBUG(2, ("open_directory: unable to create "
2412 "%s. Error was %s\n", fname,
2413 nt_errstr(status)));
2414 return status;
2415 }
2416
2417 info = FILE_WAS_CREATED;
2418 break;
2419
2420 case FILE_OPEN_IF:
2421 /*
2422 * If directory exists open. If directory doesn't
2423 * exist create.
2424 */
2425
2426 status = mkdir_internal(conn,
2427 fname,
2428 file_attributes,
2429 psbuf);
2430
2431 if (NT_STATUS_IS_OK(status)) {
2432 info = FILE_WAS_CREATED;
2433 }
2434
2435 if (NT_STATUS_EQUAL(status,
2436 NT_STATUS_OBJECT_NAME_COLLISION)) {
2437 info = FILE_WAS_OPENED;
2438 status = NT_STATUS_OK;
2439 }
2440
2441 break;
2442
2443 case FILE_SUPERSEDE:
2444 case FILE_OVERWRITE:
2445 case FILE_OVERWRITE_IF:
2446 default:
2447 DEBUG(5,("open_directory: invalid create_disposition "
2448 "0x%x for directory %s\n",
2449 (unsigned int)create_disposition, fname));
2450 return NT_STATUS_INVALID_PARAMETER;
2451 }
2452
2453 if(!S_ISDIR(psbuf->st_mode)) {
2454 DEBUG(5,("open_directory: %s is not a directory !\n",
2455 fname ));
2456 return NT_STATUS_NOT_A_DIRECTORY;
2457 }
2458
2459 if (info == FILE_WAS_OPENED) {
2460 uint32_t access_granted = 0;
2461 status = check_open_rights(conn,
2462 fname,
2463 access_mask,
2464 &access_granted);
2465 if (!NT_STATUS_IS_OK(status)) {
2466 DEBUG(10, ("open_directory: check_open_rights on "
2467 "file %s failed with %s\n",
2468 fname,
2469 nt_errstr(status)));
2470 return status;
2471 }
2472 }
2473
2474 status = file_new(conn, &fsp);
2475 if(!NT_STATUS_IS_OK(status)) {
2476 return status;
2477 }
2478
2479 /*
2480 * Setup the files_struct for it.
2481 */
2482
2483 fsp->mode = psbuf->st_mode;
2484 fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
2485 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2486 fsp->file_pid = req ? req->smbpid : 0;
2487 fsp->can_lock = False;
2488 fsp->can_read = False;
2489 fsp->can_write = False;
2490
2491 fsp->share_access = share_access;
2492 fsp->fh->private_options = create_options;
2493 /*
2494 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2495 */
2496 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2497 fsp->print_file = False;
2498 fsp->modified = False;
2499 fsp->oplock_type = NO_OPLOCK;
2500 fsp->sent_oplock_break = NO_BREAK_SENT;
2501 fsp->is_directory = True;
2502 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2503
2504 string_set(&fsp->fsp_name,fname);
2505
2506 mtimespec = get_mtimespec(psbuf);
2507
2508 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2509 conn->connectpath,
2510 fname, &mtimespec);
2511
2512 if (lck == NULL) {
2513 DEBUG(0, ("open_directory: Could not get share mode lock for %s\n", fname));
2514 file_free(fsp);
2515 return NT_STATUS_SHARING_VIOLATION;
2516 }
2517
2518 status = open_mode_check(conn, fname, lck,
2519 access_mask, share_access,
2520 create_options, &dir_existed);
2521
2522 if (!NT_STATUS_IS_OK(status)) {
2523 TALLOC_FREE(lck);
2524 file_free(fsp);
2525 return status;
2526 }
2527
2528 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
2529
2530 /* For directories the delete on close bit at open time seems
2531 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2532 if (create_options & FILE_DELETE_ON_CLOSE) {
2533 status = can_set_delete_on_close(fsp, True, 0);
2534 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2535 TALLOC_FREE(lck);
2536 file_free(fsp);
2537 return status;
2538 }
2539
2540 if (NT_STATUS_IS_OK(status)) {
2541 /* Note that here we set the *inital* delete on close flag,
2542 not the regular one. The magic gets handled in close. */
2543 fsp->initial_delete_on_close = True;
2544 }
2545 }
2546
2547 TALLOC_FREE(lck);
2548
2549 if (pinfo) {
2550 *pinfo = info;
2551 }
2552
2553 *result = fsp;
2554 return NT_STATUS_OK;
2555}
2556
2557NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, const char *directory)
2558{
2559 NTSTATUS status;
2560 SMB_STRUCT_STAT sbuf;
2561 files_struct *fsp;
2562
2563 SET_STAT_INVALID(sbuf);
2564
2565 status = open_directory(conn, req, directory, &sbuf,
2566 FILE_READ_ATTRIBUTES, /* Just a stat open */
2567 FILE_SHARE_NONE, /* Ignored for stat opens */
2568 FILE_CREATE,
2569 0,
2570 FILE_ATTRIBUTE_DIRECTORY,
2571 NULL,
2572 &fsp);
2573
2574 if (NT_STATUS_IS_OK(status)) {
2575 close_file(fsp, NORMAL_CLOSE);
2576 }
2577
2578 return status;
2579}
2580
2581/****************************************************************************
2582 Receive notification that one of our open files has been renamed by another
2583 smbd process.
2584****************************************************************************/
2585
2586void msg_file_was_renamed(struct messaging_context *msg,
2587 void *private_data,
2588 uint32_t msg_type,
2589 struct server_id server_id,
2590 DATA_BLOB *data)
2591{
2592 files_struct *fsp;
2593 char *frm = (char *)data->data;
2594 struct file_id id;
2595 const char *sharepath;
2596 const char *newname;
2597 size_t sp_len;
2598
2599 if (data->data == NULL
2600 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2601 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2602 (int)data->length));
2603 return;
2604 }
2605
2606 /* Unpack the message. */
2607 pull_file_id_16(frm, &id);
2608 sharepath = &frm[16];
2609 newname = sharepath + strlen(sharepath) + 1;
2610 sp_len = strlen(sharepath);
2611
2612 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2613 "file_id %s\n",
2614 sharepath, newname, file_id_string_tos(&id)));
2615
2616 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2617 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2618 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2619 fsp->fnum, fsp->fsp_name, newname ));
2620 string_set(&fsp->fsp_name, newname);
2621 } else {
2622 /* TODO. JRA. */
2623 /* Now we have the complete path we can work out if this is
2624 actually within this share and adjust newname accordingly. */
2625 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2626 "not sharepath %s) "
2627 "fnum %d from %s -> %s\n",
2628 fsp->conn->connectpath,
2629 sharepath,
2630 fsp->fnum,
2631 fsp->fsp_name,
2632 newname ));
2633 }
2634 }
2635}
2636
2637struct case_semantics_state {
2638 connection_struct *conn;
2639 bool case_sensitive;
2640 bool case_preserve;
2641 bool short_case_preserve;
2642};
2643
2644/****************************************************************************
2645 Restore case semantics.
2646****************************************************************************/
2647static int restore_case_semantics(struct case_semantics_state *state)
2648{
2649 state->conn->case_sensitive = state->case_sensitive;
2650 state->conn->case_preserve = state->case_preserve;
2651 state->conn->short_case_preserve = state->short_case_preserve;
2652 return 0;
2653}
2654
2655/****************************************************************************
2656 Save case semantics.
2657****************************************************************************/
2658static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx,
2659 connection_struct *conn)
2660{
2661 struct case_semantics_state *result;
2662
2663 if (!(result = talloc(mem_ctx, struct case_semantics_state))) {
2664 DEBUG(0, ("talloc failed\n"));
2665 return NULL;
2666 }
2667
2668 result->conn = conn;
2669 result->case_sensitive = conn->case_sensitive;
2670 result->case_preserve = conn->case_preserve;
2671 result->short_case_preserve = conn->short_case_preserve;
2672
2673 /* Set to POSIX. */
2674 conn->case_sensitive = True;
2675 conn->case_preserve = True;
2676 conn->short_case_preserve = True;
2677
2678 talloc_set_destructor(result, restore_case_semantics);
2679
2680 return result;
2681}
2682
2683/*
2684 * If a main file is opened for delete, all streams need to be checked for
2685 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2686 * If that works, delete them all by setting the delete on close and close.
2687 */
2688
2689static NTSTATUS open_streams_for_delete(connection_struct *conn,
2690 const char *fname)
2691{
2692 struct stream_struct *stream_info;
2693 files_struct **streams;
2694 int i;
2695 unsigned int num_streams;
2696 TALLOC_CTX *frame = talloc_stackframe();
2697 NTSTATUS status;
2698
2699 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2700 &num_streams, &stream_info);
2701
2702 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2703 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2704 DEBUG(10, ("no streams around\n"));
2705 TALLOC_FREE(frame);
2706 return NT_STATUS_OK;
2707 }
2708
2709 if (!NT_STATUS_IS_OK(status)) {
2710 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2711 nt_errstr(status)));
2712 goto fail;
2713 }
2714
2715 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2716 num_streams));
2717
2718 if (num_streams == 0) {
2719 TALLOC_FREE(frame);
2720 return NT_STATUS_OK;
2721 }
2722
2723 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2724 if (streams == NULL) {
2725 DEBUG(0, ("talloc failed\n"));
2726 status = NT_STATUS_NO_MEMORY;
2727 goto fail;
2728 }
2729
2730 for (i=0; i<num_streams; i++) {
2731 char *streamname;
2732
2733 if (strequal(stream_info[i].name, "::$DATA")) {
2734 streams[i] = NULL;
2735 continue;
2736 }
2737
2738 streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
2739 stream_info[i].name);
2740
2741 if (streamname == NULL) {
2742 DEBUG(0, ("talloc_aprintf failed\n"));
2743 status = NT_STATUS_NO_MEMORY;
2744 goto fail;
2745 }
2746
2747 status = create_file_unixpath
2748 (conn, /* conn */
2749 NULL, /* req */
2750 streamname, /* fname */
2751 DELETE_ACCESS, /* access_mask */
2752 FILE_SHARE_READ | FILE_SHARE_WRITE
2753 | FILE_SHARE_DELETE, /* share_access */
2754 FILE_OPEN, /* create_disposition*/
2755 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2756 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2757 0, /* oplock_request */
2758 0, /* allocation_size */
2759 NULL, /* sd */
2760 NULL, /* ea_list */
2761 &streams[i], /* result */
2762 NULL, /* pinfo */
2763 NULL); /* psbuf */
2764
2765 TALLOC_FREE(streamname);
2766
2767 if (!NT_STATUS_IS_OK(status)) {
2768 DEBUG(10, ("Could not open stream %s: %s\n",
2769 streamname, nt_errstr(status)));
2770 break;
2771 }
2772 }
2773
2774 /*
2775 * don't touch the variable "status" beyond this point :-)
2776 */
2777
2778 for (i -= 1 ; i >= 0; i--) {
2779 if (streams[i] == NULL) {
2780 continue;
2781 }
2782
2783 DEBUG(10, ("Closing stream # %d, %s\n", i,
2784 streams[i]->fsp_name));
2785 close_file(streams[i], NORMAL_CLOSE);
2786 }
2787
2788 fail:
2789 TALLOC_FREE(frame);
2790 return status;
2791}
2792
2793/*
2794 * Wrapper around open_file_ntcreate and open_directory
2795 */
2796
2797NTSTATUS create_file_unixpath(connection_struct *conn,
2798 struct smb_request *req,
2799 const char *fname,
2800 uint32_t access_mask,
2801 uint32_t share_access,
2802 uint32_t create_disposition,
2803 uint32_t create_options,
2804 uint32_t file_attributes,
2805 uint32_t oplock_request,
2806 SMB_BIG_UINT allocation_size,
2807 struct security_descriptor *sd,
2808 struct ea_list *ea_list,
2809
2810 files_struct **result,
2811 int *pinfo,
2812 SMB_STRUCT_STAT *psbuf)
2813{
2814 SMB_STRUCT_STAT sbuf;
2815 int info = FILE_WAS_OPENED;
2816 files_struct *base_fsp = NULL;
2817 files_struct *fsp = NULL;
2818 NTSTATUS status;
2819
2820 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2821 "file_attributes = 0x%x, share_access = 0x%x, "
2822 "create_disposition = 0x%x create_options = 0x%x "
2823 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2824 "fname = %s\n",
2825 (unsigned int)access_mask,
2826 (unsigned int)file_attributes,
2827 (unsigned int)share_access,
2828 (unsigned int)create_disposition,
2829 (unsigned int)create_options,
2830 (unsigned int)oplock_request,
2831 ea_list, sd, fname));
2832
2833 if (create_options & FILE_OPEN_BY_FILE_ID) {
2834 status = NT_STATUS_NOT_SUPPORTED;
2835 goto fail;
2836 }
2837
2838 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2839 status = NT_STATUS_INVALID_PARAMETER;
2840 goto fail;
2841 }
2842
2843 if (req == NULL) {
2844 oplock_request |= INTERNAL_OPEN_ONLY;
2845 }
2846
2847 if (psbuf != NULL) {
2848 sbuf = *psbuf;
2849 }
2850 else {
2851 if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
2852 SET_STAT_INVALID(sbuf);
2853 }
2854 }
2855
2856 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2857 && (access_mask & DELETE_ACCESS)
2858 && !is_ntfs_stream_name(fname)) {
2859 /*
2860 * We can't open a file with DELETE access if any of the
2861 * streams is open without FILE_SHARE_DELETE
2862 */
2863 status = open_streams_for_delete(conn, fname);
2864
2865 if (!NT_STATUS_IS_OK(status)) {
2866 goto fail;
2867 }
2868 }
2869
2870 /* This is the correct thing to do (check every time) but can_delete
2871 * is expensive (it may have to read the parent directory
2872 * permissions). So for now we're not doing it unless we have a strong
2873 * hint the client is really going to delete this file. If the client
2874 * is forcing FILE_CREATE let the filesystem take care of the
2875 * permissions. */
2876
2877 /* Setting FILE_SHARE_DELETE is the hint. */
2878
2879 if (lp_acl_check_permissions(SNUM(conn))
2880 && (create_disposition != FILE_CREATE)
2881 && (share_access & FILE_SHARE_DELETE)
2882 && (access_mask & DELETE_ACCESS)
2883 && (!(can_delete_file_in_directory(conn, fname) ||
2884 can_access_file_acl(conn, fname, DELETE_ACCESS)))) {
2885 status = NT_STATUS_ACCESS_DENIED;
2886 DEBUG(10,("create_file_unixpath: open file %s "
2887 "for delete ACCESS_DENIED\n", fname ));
2888 goto fail;
2889 }
2890
2891#if 0
2892 /* We need to support SeSecurityPrivilege for this. */
2893 if ((access_mask & SEC_RIGHT_SYSTEM_SECURITY) &&
2894 !user_has_privileges(current_user.nt_user_token,
2895 &se_security)) {
2896 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2897 goto fail;
2898 }
2899#endif
2900
2901 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2902 && is_ntfs_stream_name(fname)
2903 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2904 char *base;
2905 uint32 base_create_disposition;
2906
2907 if (create_options & FILE_DIRECTORY_FILE) {
2908 status = NT_STATUS_NOT_A_DIRECTORY;
2909 goto fail;
2910 }
2911
2912 status = split_ntfs_stream_name(talloc_tos(), fname,
2913 &base, NULL);
2914 if (!NT_STATUS_IS_OK(status)) {
2915 DEBUG(10, ("create_file_unixpath: "
2916 "split_ntfs_stream_name failed: %s\n",
2917 nt_errstr(status)));
2918 goto fail;
2919 }
2920
2921 SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */
2922
2923 switch (create_disposition) {
2924 case FILE_OPEN:
2925 base_create_disposition = FILE_OPEN;
2926 break;
2927 default:
2928 base_create_disposition = FILE_OPEN_IF;
2929 break;
2930 }
2931
2932 status = create_file_unixpath(conn, NULL, base, 0,
2933 FILE_SHARE_READ
2934 | FILE_SHARE_WRITE
2935 | FILE_SHARE_DELETE,
2936 base_create_disposition,
2937 0, 0, 0, 0, NULL, NULL,
2938 &base_fsp, NULL, NULL);
2939 if (!NT_STATUS_IS_OK(status)) {
2940 DEBUG(10, ("create_file_unixpath for base %s failed: "
2941 "%s\n", base, nt_errstr(status)));
2942 goto fail;
2943 }
2944 /* we don't need to low level fd */
2945 fd_close(base_fsp);
2946 }
2947
2948 /*
2949 * If it's a request for a directory open, deal with it separately.
2950 */
2951
2952 if (create_options & FILE_DIRECTORY_FILE) {
2953
2954 if (create_options & FILE_NON_DIRECTORY_FILE) {
2955 status = NT_STATUS_INVALID_PARAMETER;
2956 goto fail;
2957 }
2958
2959 /* Can't open a temp directory. IFS kit test. */
2960 if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
2961 status = NT_STATUS_INVALID_PARAMETER;
2962 goto fail;
2963 }
2964
2965 /*
2966 * We will get a create directory here if the Win32
2967 * app specified a security descriptor in the
2968 * CreateDirectory() call.
2969 */
2970
2971 oplock_request = 0;
2972 status = open_directory(
2973 conn, req, fname, &sbuf, access_mask, share_access,
2974 create_disposition, create_options, file_attributes,
2975 &info, &fsp);
2976 } else {
2977
2978 /*
2979 * Ordinary file case.
2980 */
2981
2982 if (base_fsp) {
2983 /*
2984 * We're opening the stream element of a base_fsp
2985 * we already opened. We need to initialize
2986 * the fsp first, and set up the base_fsp pointer.
2987 */
2988 status = file_new(conn, &fsp);
2989 if(!NT_STATUS_IS_OK(status)) {
2990 goto fail;
2991 }
2992
2993 fsp->base_fsp = base_fsp;
2994
2995 status = open_file_ntcreate_internal(conn,
2996 req,
2997 fname,
2998 &sbuf,
2999 access_mask,
3000 share_access,
3001 create_disposition,
3002 create_options,
3003 file_attributes,
3004 oplock_request,
3005 &info,
3006 fsp);
3007
3008 if(!NT_STATUS_IS_OK(status)) {
3009 file_free(fsp);
3010 fsp = NULL;
3011 }
3012 } else {
3013 status = open_file_ntcreate(
3014 conn, req, fname, &sbuf, access_mask, share_access,
3015 create_disposition, create_options, file_attributes,
3016 oplock_request, &info, &fsp);
3017 }
3018
3019 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
3020
3021 /* A stream open never opens a directory */
3022
3023 if (base_fsp) {
3024 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3025 goto fail;
3026 }
3027
3028 /*
3029 * Fail the open if it was explicitly a non-directory
3030 * file.
3031 */
3032
3033 if (create_options & FILE_NON_DIRECTORY_FILE) {
3034 status = NT_STATUS_FILE_IS_A_DIRECTORY;
3035 goto fail;
3036 }
3037
3038 oplock_request = 0;
3039 status = open_directory(
3040 conn, req, fname, &sbuf, access_mask,
3041 share_access, create_disposition,
3042 create_options, file_attributes,
3043 &info, &fsp);
3044 }
3045 }
3046
3047 if (!NT_STATUS_IS_OK(status)) {
3048 goto fail;
3049 }
3050
3051 fsp->base_fsp = base_fsp;
3052
3053 /*
3054 * According to the MS documentation, the only time the security
3055 * descriptor is applied to the opened file is iff we *created* the
3056 * file; an existing file stays the same.
3057 *
3058 * Also, it seems (from observation) that you can open the file with
3059 * any access mask but you can still write the sd. We need to override
3060 * the granted access before we call set_sd
3061 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3062 */
3063
3064 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3065 && lp_nt_acl_support(SNUM(conn))) {
3066
3067 uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
3068 uint32_t saved_access_mask = fsp->access_mask;
3069
3070 if (sd->owner_sid == NULL) {
3071 sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
3072 }
3073 if (sd->group_sid == NULL) {
3074 sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
3075 }
3076 if (sd->sacl == NULL) {
3077 sec_info_sent &= ~SACL_SECURITY_INFORMATION;
3078 }
3079 if (sd->dacl == NULL) {
3080 sec_info_sent &= ~DACL_SECURITY_INFORMATION;
3081 }
3082
3083 fsp->access_mask = FILE_GENERIC_ALL;
3084
3085 /* Convert all the generic bits. */
3086 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3087 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3088
3089 if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
3090 GROUP_SECURITY_INFORMATION|
3091 DACL_SECURITY_INFORMATION|
3092 SACL_SECURITY_INFORMATION)) {
3093 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3094 }
3095
3096 fsp->access_mask = saved_access_mask;
3097
3098 if (!NT_STATUS_IS_OK(status)) {
3099 goto fail;
3100 }
3101 }
3102
3103 if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
3104 status = set_ea(conn, fsp, fname, ea_list);
3105 if (!NT_STATUS_IS_OK(status)) {
3106 goto fail;
3107 }
3108 }
3109
3110 if (!fsp->is_directory && S_ISDIR(sbuf.st_mode)) {
3111 status = NT_STATUS_ACCESS_DENIED;
3112 goto fail;
3113 }
3114
3115 /* Save the requested allocation size. */
3116 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3117 if (allocation_size
3118 && (allocation_size > sbuf.st_size)) {
3119 fsp->initial_allocation_size = smb_roundup(
3120 fsp->conn, allocation_size);
3121 if (fsp->is_directory) {
3122 /* Can't set allocation size on a directory. */
3123 status = NT_STATUS_ACCESS_DENIED;
3124 goto fail;
3125 }
3126 if (vfs_allocate_file_space(
3127 fsp, fsp->initial_allocation_size) == -1) {
3128 status = NT_STATUS_DISK_FULL;
3129 goto fail;
3130 }
3131 } else {
3132 fsp->initial_allocation_size = smb_roundup(
3133 fsp->conn, (SMB_BIG_UINT)sbuf.st_size);
3134 }
3135 }
3136
3137 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3138
3139 *result = fsp;
3140 if (pinfo != NULL) {
3141 *pinfo = info;
3142 }
3143 if (psbuf != NULL) {
3144 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
3145 *psbuf = sbuf;
3146 }
3147 else {
3148 SMB_VFS_FSTAT(fsp, psbuf);
3149 }
3150 }
3151 return NT_STATUS_OK;
3152
3153 fail:
3154 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3155
3156 if (fsp != NULL) {
3157 if (base_fsp && fsp->base_fsp == base_fsp) {
3158 /*
3159 * The close_file below will close
3160 * fsp->base_fsp.
3161 */
3162 base_fsp = NULL;
3163 }
3164 close_file(fsp, ERROR_CLOSE);
3165 fsp = NULL;
3166 }
3167 if (base_fsp != NULL) {
3168 close_file(base_fsp, ERROR_CLOSE);
3169 base_fsp = NULL;
3170 }
3171 return status;
3172}
3173
3174NTSTATUS create_file(connection_struct *conn,
3175 struct smb_request *req,
3176 uint16_t root_dir_fid,
3177 const char *fname,
3178 uint32_t access_mask,
3179 uint32_t share_access,
3180 uint32_t create_disposition,
3181 uint32_t create_options,
3182 uint32_t file_attributes,
3183 uint32_t oplock_request,
3184 SMB_BIG_UINT allocation_size,
3185 struct security_descriptor *sd,
3186 struct ea_list *ea_list,
3187
3188 files_struct **result,
3189 int *pinfo,
3190 SMB_STRUCT_STAT *psbuf)
3191{
3192 struct case_semantics_state *case_state = NULL;
3193 SMB_STRUCT_STAT sbuf;
3194 int info = FILE_WAS_OPENED;
3195 files_struct *fsp = NULL;
3196 NTSTATUS status;
3197
3198 DEBUG(10,("create_file: access_mask = 0x%x "
3199 "file_attributes = 0x%x, share_access = 0x%x, "
3200 "create_disposition = 0x%x create_options = 0x%x "
3201 "oplock_request = 0x%x "
3202 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3203 "fname = %s\n",
3204 (unsigned int)access_mask,
3205 (unsigned int)file_attributes,
3206 (unsigned int)share_access,
3207 (unsigned int)create_disposition,
3208 (unsigned int)create_options,
3209 (unsigned int)oplock_request,
3210 (unsigned int)root_dir_fid,
3211 ea_list, sd, fname));
3212
3213 /*
3214 * Get the file name.
3215 */
3216
3217 if (root_dir_fid != 0) {
3218 /*
3219 * This filename is relative to a directory fid.
3220 */
3221 char *parent_fname = NULL;
3222 files_struct *dir_fsp = file_fsp(root_dir_fid);
3223
3224 if (dir_fsp == NULL) {
3225 status = NT_STATUS_INVALID_HANDLE;
3226 goto fail;
3227 }
3228
3229 if (!dir_fsp->is_directory) {
3230
3231 /*
3232 * Check to see if this is a mac fork of some kind.
3233 */
3234
3235 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3236 is_ntfs_stream_name(fname)) {
3237 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3238 goto fail;
3239 }
3240
3241 /*
3242 we need to handle the case when we get a
3243 relative open relative to a file and the
3244 pathname is blank - this is a reopen!
3245 (hint from demyn plantenberg)
3246 */
3247
3248 status = NT_STATUS_INVALID_HANDLE;
3249 goto fail;
3250 }
3251
3252 if (ISDOT(dir_fsp->fsp_name)) {
3253 /*
3254 * We're at the toplevel dir, the final file name
3255 * must not contain ./, as this is filtered out
3256 * normally by srvstr_get_path and unix_convert
3257 * explicitly rejects paths containing ./.
3258 */
3259 parent_fname = talloc_strdup(talloc_tos(), "");
3260 if (parent_fname == NULL) {
3261 status = NT_STATUS_NO_MEMORY;
3262 goto fail;
3263 }
3264 } else {
3265 size_t dir_name_len = strlen(dir_fsp->fsp_name);
3266
3267 /*
3268 * Copy in the base directory name.
3269 */
3270
3271 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3272 dir_name_len+2);
3273 if (parent_fname == NULL) {
3274 status = NT_STATUS_NO_MEMORY;
3275 goto fail;
3276 }
3277 memcpy(parent_fname, dir_fsp->fsp_name,
3278 dir_name_len+1);
3279
3280 /*
3281 * Ensure it ends in a '/'.
3282 * We used TALLOC_SIZE +2 to add space for the '/'.
3283 */
3284
3285 if(dir_name_len
3286 && (parent_fname[dir_name_len-1] != '\\')
3287 && (parent_fname[dir_name_len-1] != '/')) {
3288 parent_fname[dir_name_len] = '/';
3289 parent_fname[dir_name_len+1] = '\0';
3290 }
3291 }
3292
3293 fname = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3294 fname);
3295 if (fname == NULL) {
3296 status = NT_STATUS_NO_MEMORY;
3297 goto fail;
3298 }
3299 }
3300
3301 /*
3302 * Check to see if this is a mac fork of some kind.
3303 */
3304
3305 if (is_ntfs_stream_name(fname)) {
3306 enum FAKE_FILE_TYPE fake_file_type;
3307
3308 fake_file_type = is_fake_file(fname);
3309
3310 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3311
3312 /*
3313 * Here we go! support for changing the disk quotas
3314 * --metze
3315 *
3316 * We need to fake up to open this MAGIC QUOTA file
3317 * and return a valid FID.
3318 *
3319 * w2k close this file directly after openening xp
3320 * also tries a QUERY_FILE_INFO on the file and then
3321 * close it
3322 */
3323 status = open_fake_file(conn, req->vuid,
3324 fake_file_type, fname,
3325 access_mask, &fsp);
3326 if (!NT_STATUS_IS_OK(status)) {
3327 goto fail;
3328 }
3329
3330 ZERO_STRUCT(sbuf);
3331 goto done;
3332 }
3333
3334 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3335 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3336 goto fail;
3337 }
3338 }
3339
3340 if ((req != NULL) && (req->flags2 & FLAGS2_DFS_PATHNAMES)) {
3341 char *resolved_fname;
3342
3343 status = resolve_dfspath(talloc_tos(), conn, true, fname,
3344 &resolved_fname);
3345
3346 if (!NT_STATUS_IS_OK(status)) {
3347 /*
3348 * For PATH_NOT_COVERED we had
3349 * reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
3350 * ERRSRV, ERRbadpath);
3351 * Need to fix in callers
3352 */
3353 goto fail;
3354 }
3355 fname = resolved_fname;
3356 }
3357
3358 /*
3359 * Check if POSIX semantics are wanted.
3360 */
3361
3362 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
3363 case_state = set_posix_case_semantics(talloc_tos(), conn);
3364 file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
3365 }
3366
3367 {
3368 char *converted_fname;
3369
3370 SET_STAT_INVALID(sbuf);
3371
3372 status = unix_convert(talloc_tos(), conn, fname, False,
3373 &converted_fname, NULL, &sbuf);
3374 if (!NT_STATUS_IS_OK(status)) {
3375 goto fail;
3376 }
3377 fname = converted_fname;
3378 }
3379
3380 TALLOC_FREE(case_state);
3381
3382 /* All file access must go through check_name() */
3383
3384 status = check_name(conn, fname);
3385 if (!NT_STATUS_IS_OK(status)) {
3386 goto fail;
3387 }
3388
3389 status = create_file_unixpath(
3390 conn, req, fname, access_mask, share_access,
3391 create_disposition, create_options, file_attributes,
3392 oplock_request, allocation_size, sd, ea_list,
3393 &fsp, &info, &sbuf);
3394
3395 if (!NT_STATUS_IS_OK(status)) {
3396 goto fail;
3397 }
3398
3399 done:
3400 DEBUG(10, ("create_file: info=%d\n", info));
3401
3402 *result = fsp;
3403 if (pinfo != NULL) {
3404 *pinfo = info;
3405 }
3406 if (psbuf != NULL) {
3407 *psbuf = sbuf;
3408 }
3409 return NT_STATUS_OK;
3410
3411 fail:
3412 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3413
3414 if (fsp != NULL) {
3415 close_file(fsp, ERROR_CLOSE);
3416 fsp = NULL;
3417 }
3418 return status;
3419}
Note: See TracBrowser for help on using the repository browser.