source: branches/samba-3.5.x/source3/smbd/open.c@ 738

Last change on this file since 738 was 738, checked in by Silvan Scherrer, 13 years ago

Samba Server 3.5: update branche to 3.5.18
File size: 93.7 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 file opening and share modes
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 2001-2004
6 Copyright (C) Volker Lendecke 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20*/
21
22#include "includes.h"
23#include "smbd/globals.h"
24
25extern struct current_user current_user;
26extern const struct generic_mapping file_generic_mapping;
27
28struct deferred_open_record {
29 bool delayed_for_oplocks;
30 struct file_id id;
31};
32
33static NTSTATUS create_file_unixpath(connection_struct *conn,
34 struct smb_request *req,
35 struct smb_filename *smb_fname,
36 uint32_t access_mask,
37 uint32_t share_access,
38 uint32_t create_disposition,
39 uint32_t create_options,
40 uint32_t file_attributes,
41 uint32_t oplock_request,
42 uint64_t allocation_size,
43 struct security_descriptor *sd,
44 struct ea_list *ea_list,
45
46 files_struct **result,
47 int *pinfo);
48
49/****************************************************************************
50 SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
51****************************************************************************/
52
53NTSTATUS smb1_file_se_access_check(connection_struct *conn,
54 const struct security_descriptor *sd,
55 const NT_USER_TOKEN *token,
56 uint32_t access_desired,
57 uint32_t *access_granted)
58{
59 *access_granted = 0;
60
61 if (conn->server_info->utok.uid == 0 || conn->admin_user) {
62 /* I'm sorry sir, I didn't know you were root... */
63 *access_granted = access_desired;
64 if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
65 *access_granted |= FILE_GENERIC_ALL;
66 }
67 return NT_STATUS_OK;
68 }
69
70 return se_access_check(sd,
71 token,
72 (access_desired & ~FILE_READ_ATTRIBUTES),
73 access_granted);
74}
75
76/****************************************************************************
77 Check if we have open rights.
78****************************************************************************/
79
80NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
81 const struct smb_filename *smb_fname,
82 uint32_t access_mask,
83 uint32_t *access_granted)
84{
85 /* Check if we have rights to open. */
86 NTSTATUS status;
87 struct security_descriptor *sd = NULL;
88
89 if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
90 *access_granted = access_mask;
91
92 DEBUG(10,("smbd_check_open_rights: not checking ACL "
93 "on DELETE_ACCESS on file %s. Granting 0x%x\n",
94 smb_fname_str_dbg(smb_fname),
95 (unsigned int)*access_granted ));
96 return NT_STATUS_OK;
97 }
98
99 if (access_mask == DELETE_ACCESS &&
100 VALID_STAT(smb_fname->st) &&
101 S_ISLNK(smb_fname->st.st_ex_mode)) {
102 /* We can always delete a symlink. */
103 DEBUG(10,("smbd_check_open_rights: not checking ACL "
104 "on DELETE_ACCESS on symlink %s.\n",
105 smb_fname_str_dbg(smb_fname) ));
106 return NT_STATUS_OK;
107 }
108
109 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
110 (OWNER_SECURITY_INFORMATION |
111 GROUP_SECURITY_INFORMATION |
112 DACL_SECURITY_INFORMATION),&sd);
113
114 if (!NT_STATUS_IS_OK(status)) {
115 DEBUG(10, ("smbd_check_open_rights: Could not get acl "
116 "on %s: %s\n",
117 smb_fname_str_dbg(smb_fname),
118 nt_errstr(status)));
119 return status;
120 }
121
122 status = smb1_file_se_access_check(conn,
123 sd,
124 conn->server_info->ptok,
125 access_mask,
126 access_granted);
127
128 DEBUG(10,("smbd_check_open_rights: file %s requesting "
129 "0x%x returning 0x%x (%s)\n",
130 smb_fname_str_dbg(smb_fname),
131 (unsigned int)access_mask,
132 (unsigned int)*access_granted,
133 nt_errstr(status) ));
134
135 if (!NT_STATUS_IS_OK(status)) {
136 if (DEBUGLEVEL >= 10) {
137 DEBUG(10,("smbd_check_open_rights: acl for %s is:\n",
138 smb_fname_str_dbg(smb_fname) ));
139 NDR_PRINT_DEBUG(security_descriptor, sd);
140 }
141 }
142
143 TALLOC_FREE(sd);
144
145 return status;
146}
147
148/****************************************************************************
149 fd support routines - attempt to do a dos_open.
150****************************************************************************/
151
152static NTSTATUS fd_open(struct connection_struct *conn,
153 files_struct *fsp,
154 int flags,
155 mode_t mode)
156{
157 struct smb_filename *smb_fname = fsp->fsp_name;
158 NTSTATUS status = NT_STATUS_OK;
159
160#ifdef O_NOFOLLOW
161 /*
162 * Never follow symlinks on a POSIX client. The
163 * client should be doing this.
164 */
165
166 if (fsp->posix_open || !lp_symlinks(SNUM(conn))) {
167 flags |= O_NOFOLLOW;
168 }
169#endif
170
171 fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
172 if (fsp->fh->fd == -1) {
173 status = map_nt_error_from_unix(errno);
174 if (errno == EMFILE) {
175 static time_t last_warned = 0L;
176
177 if (time((time_t *) NULL) > last_warned) {
178 DEBUG(0,("Too many open files, unable "
179 "to open more! smbd's max "
180 "open files = %d\n",
181 lp_max_open_files()));
182 last_warned = time((time_t *) NULL);
183 }
184 }
185
186 }
187
188 DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n",
189 smb_fname_str_dbg(smb_fname), flags, (int)mode, fsp->fh->fd,
190 (fsp->fh->fd == -1) ? strerror(errno) : "" ));
191
192 return status;
193}
194
195/****************************************************************************
196 Close the file associated with a fsp.
197****************************************************************************/
198
199NTSTATUS fd_close(files_struct *fsp)
200{
201 int ret;
202
203 if (fsp->fh->fd == -1) {
204 return NT_STATUS_OK; /* What we used to call a stat open. */
205 }
206 if (fsp->fh->ref_count > 1) {
207 return NT_STATUS_OK; /* Shared handle. Only close last reference. */
208 }
209
210 ret = SMB_VFS_CLOSE(fsp);
211 fsp->fh->fd = -1;
212 if (ret == -1) {
213 return map_nt_error_from_unix(errno);
214 }
215 return NT_STATUS_OK;
216}
217
218/****************************************************************************
219 Change the ownership of a file to that of the parent directory.
220 Do this by fd if possible.
221****************************************************************************/
222
223void change_file_owner_to_parent(connection_struct *conn,
224 const char *inherit_from_dir,
225 files_struct *fsp)
226{
227 struct smb_filename *smb_fname_parent = NULL;
228 NTSTATUS status;
229 int ret;
230
231 status = create_synthetic_smb_fname(talloc_tos(), inherit_from_dir,
232 NULL, NULL, &smb_fname_parent);
233 if (!NT_STATUS_IS_OK(status)) {
234 return;
235 }
236
237 ret = SMB_VFS_STAT(conn, smb_fname_parent);
238 if (ret == -1) {
239 DEBUG(0,("change_file_owner_to_parent: failed to stat parent "
240 "directory %s. Error was %s\n",
241 smb_fname_str_dbg(smb_fname_parent),
242 strerror(errno)));
243 return;
244 }
245
246 become_root();
247 ret = SMB_VFS_FCHOWN(fsp, smb_fname_parent->st.st_ex_uid, (gid_t)-1);
248 unbecome_root();
249 if (ret == -1) {
250 DEBUG(0,("change_file_owner_to_parent: failed to fchown "
251 "file %s to parent directory uid %u. Error "
252 "was %s\n", fsp_str_dbg(fsp),
253 (unsigned int)smb_fname_parent->st.st_ex_uid,
254 strerror(errno) ));
255 } else {
256 DEBUG(10,("change_file_owner_to_parent: changed new file %s to "
257 "parent directory uid %u.\n", fsp_str_dbg(fsp),
258 (unsigned int)smb_fname_parent->st.st_ex_uid));
259
260 /* Ensure the uid entry is updated. */
261 fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid;
262 }
263
264 TALLOC_FREE(smb_fname_parent);
265}
266
267NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
268 const char *inherit_from_dir,
269 const char *fname,
270 SMB_STRUCT_STAT *psbuf)
271{
272 struct smb_filename *smb_fname_parent = NULL;
273 struct smb_filename *smb_fname_cwd = NULL;
274 char *saved_dir = NULL;
275 TALLOC_CTX *ctx = talloc_tos();
276 NTSTATUS status = NT_STATUS_OK;
277 int ret;
278
279 status = create_synthetic_smb_fname(ctx, inherit_from_dir, NULL, NULL,
280 &smb_fname_parent);
281 if (!NT_STATUS_IS_OK(status)) {
282 return status;
283 }
284
285 ret = SMB_VFS_STAT(conn, smb_fname_parent);
286 if (ret == -1) {
287 status = map_nt_error_from_unix(errno);
288 DEBUG(0,("change_dir_owner_to_parent: failed to stat parent "
289 "directory %s. Error was %s\n",
290 smb_fname_str_dbg(smb_fname_parent),
291 strerror(errno)));
292 goto out;
293 }
294
295 /* We've already done an lstat into psbuf, and we know it's a
296 directory. If we can cd into the directory and the dev/ino
297 are the same then we can safely chown without races as
298 we're locking the directory in place by being in it. This
299 should work on any UNIX (thanks tridge :-). JRA.
300 */
301
302 saved_dir = vfs_GetWd(ctx,conn);
303 if (!saved_dir) {
304 status = map_nt_error_from_unix(errno);
305 DEBUG(0,("change_dir_owner_to_parent: failed to get "
306 "current working directory. Error was %s\n",
307 strerror(errno)));
308 goto out;
309 }
310
311 /* Chdir into the new path. */
312 if (vfs_ChDir(conn, fname) == -1) {
313 status = map_nt_error_from_unix(errno);
314 DEBUG(0,("change_dir_owner_to_parent: failed to change "
315 "current working directory to %s. Error "
316 "was %s\n", fname, strerror(errno) ));
317 goto chdir;
318 }
319
320 status = create_synthetic_smb_fname(ctx, ".", NULL, NULL,
321 &smb_fname_cwd);
322 if (!NT_STATUS_IS_OK(status)) {
323 return status;
324 }
325
326 ret = SMB_VFS_STAT(conn, smb_fname_cwd);
327 if (ret == -1) {
328 status = map_nt_error_from_unix(errno);
329 DEBUG(0,("change_dir_owner_to_parent: failed to stat "
330 "directory '.' (%s) Error was %s\n",
331 fname, strerror(errno)));
332 goto chdir;
333 }
334
335 /* Ensure we're pointing at the same place. */
336 if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev ||
337 smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) {
338 DEBUG(0,("change_dir_owner_to_parent: "
339 "device/inode on directory %s changed. "
340 "Refusing to chown !\n", fname ));
341 status = NT_STATUS_ACCESS_DENIED;
342 goto chdir;
343 }
344
345 become_root();
346 ret = SMB_VFS_CHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
347 (gid_t)-1);
348 unbecome_root();
349 if (ret == -1) {
350 status = map_nt_error_from_unix(errno);
351 DEBUG(10,("change_dir_owner_to_parent: failed to chown "
352 "directory %s to parent directory uid %u. "
353 "Error was %s\n", fname,
354 (unsigned int)smb_fname_parent->st.st_ex_uid,
355 strerror(errno) ));
356 goto chdir;
357 }
358
359 DEBUG(10,("change_dir_owner_to_parent: changed ownership of new "
360 "directory %s to parent directory uid %u.\n",
361 fname, (unsigned int)smb_fname_parent->st.st_ex_uid ));
362
363 /* Ensure the uid entry is updated. */
364 psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid;
365
366 chdir:
367 vfs_ChDir(conn,saved_dir);
368 out:
369 TALLOC_FREE(smb_fname_parent);
370 TALLOC_FREE(smb_fname_cwd);
371 return status;
372}
373
374/****************************************************************************
375 Open a file.
376****************************************************************************/
377
378static NTSTATUS open_file(files_struct *fsp,
379 connection_struct *conn,
380 struct smb_request *req,
381 const char *parent_dir,
382 int flags,
383 mode_t unx_mode,
384 uint32 access_mask, /* client requested access mask. */
385 uint32 open_access_mask) /* what we're actually using in the open. */
386{
387 struct smb_filename *smb_fname = fsp->fsp_name;
388 NTSTATUS status = NT_STATUS_OK;
389 int accmode = (flags & O_ACCMODE);
390 int local_flags = flags;
391 bool file_existed = VALID_STAT(fsp->fsp_name->st);
392 bool file_created = false;
393
394 fsp->fh->fd = -1;
395 errno = EPERM;
396
397 /* Check permissions */
398
399 /*
400 * This code was changed after seeing a client open request
401 * containing the open mode of (DENY_WRITE/read-only) with
402 * the 'create if not exist' bit set. The previous code
403 * would fail to open the file read only on a read-only share
404 * as it was checking the flags parameter directly against O_RDONLY,
405 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
406 * JRA.
407 */
408
409 if (!CAN_WRITE(conn)) {
410 /* It's a read-only share - fail if we wanted to write. */
411 if(accmode != O_RDONLY || (flags & O_TRUNC) || (flags & O_APPEND)) {
412 DEBUG(3,("Permission denied opening %s\n",
413 smb_fname_str_dbg(smb_fname)));
414 return NT_STATUS_ACCESS_DENIED;
415 } else if(flags & O_CREAT) {
416 /* We don't want to write - but we must make sure that
417 O_CREAT doesn't create the file if we have write
418 access into the directory.
419 */
420 flags &= ~(O_CREAT|O_EXCL);
421 local_flags &= ~(O_CREAT|O_EXCL);
422 }
423 }
424
425 /*
426 * This little piece of insanity is inspired by the
427 * fact that an NT client can open a file for O_RDONLY,
428 * but set the create disposition to FILE_EXISTS_TRUNCATE.
429 * If the client *can* write to the file, then it expects to
430 * truncate the file, even though it is opening for readonly.
431 * Quicken uses this stupid trick in backup file creation...
432 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
433 * for helping track this one down. It didn't bite us in 2.0.x
434 * as we always opened files read-write in that release. JRA.
435 */
436
437 if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC)) {
438 DEBUG(10,("open_file: truncate requested on read-only open "
439 "for file %s\n", smb_fname_str_dbg(smb_fname)));
440 local_flags = (flags & ~O_ACCMODE)|O_RDWR;
441 }
442
443 if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
444 (!file_existed && (local_flags & O_CREAT)) ||
445 ((local_flags & O_TRUNC) == O_TRUNC) ) {
446 const char *wild;
447
448 /*
449 * We can't actually truncate here as the file may be locked.
450 * open_file_ntcreate will take care of the truncate later. JRA.
451 */
452
453 local_flags &= ~O_TRUNC;
454
455#if defined(O_NONBLOCK) && defined(S_ISFIFO)
456 /*
457 * We would block on opening a FIFO with no one else on the
458 * other end. Do what we used to do and add O_NONBLOCK to the
459 * open flags. JRA.
460 */
461
462 if (file_existed && S_ISFIFO(smb_fname->st.st_ex_mode)) {
463 local_flags |= O_NONBLOCK;
464 }
465#endif
466
467 /* Don't create files with Microsoft wildcard characters. */
468 if (fsp->base_fsp) {
469 /*
470 * wildcard characters are allowed in stream names
471 * only test the basefilename
472 */
473 wild = fsp->base_fsp->fsp_name->base_name;
474 } else {
475 wild = smb_fname->base_name;
476 }
477 if ((local_flags & O_CREAT) && !file_existed &&
478 ms_has_wild(wild)) {
479 return NT_STATUS_OBJECT_NAME_INVALID;
480 }
481
482 /* Actually do the open */
483 status = fd_open(conn, fsp, local_flags, unx_mode);
484 if (!NT_STATUS_IS_OK(status)) {
485 DEBUG(3,("Error opening file %s (%s) (local_flags=%d) "
486 "(flags=%d)\n", smb_fname_str_dbg(smb_fname),
487 nt_errstr(status),local_flags,flags));
488 return status;
489 }
490
491 if ((local_flags & O_CREAT) && !file_existed) {
492 file_created = true;
493 }
494
495 } else {
496 fsp->fh->fd = -1; /* What we used to call a stat open. */
497 if (file_existed) {
498 uint32_t access_granted = 0;
499
500 status = smbd_check_open_rights(conn,
501 smb_fname,
502 access_mask,
503 &access_granted);
504 if (!NT_STATUS_IS_OK(status)) {
505 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
506 /*
507 * On NT_STATUS_ACCESS_DENIED, access_granted
508 * contains the denied bits.
509 */
510
511 if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
512 (access_granted & FILE_WRITE_ATTRIBUTES) &&
513 (lp_map_readonly(SNUM(conn)) ||
514 lp_map_archive(SNUM(conn)) ||
515 lp_map_hidden(SNUM(conn)) ||
516 lp_map_system(SNUM(conn)))) {
517 access_granted &= ~FILE_WRITE_ATTRIBUTES;
518
519 DEBUG(10,("open_file: "
520 "overrode "
521 "FILE_WRITE_"
522 "ATTRIBUTES "
523 "on file %s\n",
524 smb_fname_str_dbg(
525 smb_fname)));
526 }
527
528 if ((access_mask & DELETE_ACCESS) &&
529 (access_granted & DELETE_ACCESS) &&
530 can_delete_file_in_directory(conn,
531 smb_fname)) {
532 /* Were we trying to do a stat open
533 * for delete and didn't get DELETE
534 * access (only) ? Check if the
535 * directory allows DELETE_CHILD.
536 * See here:
537 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
538 * for details. */
539
540 access_granted &= ~DELETE_ACCESS;
541
542 DEBUG(10,("open_file: "
543 "overrode "
544 "DELETE_ACCESS on "
545 "file %s\n",
546 smb_fname_str_dbg(
547 smb_fname)));
548 }
549
550 if (access_granted != 0) {
551 DEBUG(10,("open_file: Access "
552 "denied on file "
553 "%s\n",
554 smb_fname_str_dbg(
555 smb_fname)));
556 return status;
557 }
558 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
559 fsp->posix_open &&
560 S_ISLNK(smb_fname->st.st_ex_mode)) {
561 /* This is a POSIX stat open for delete
562 * or rename on a symlink that points
563 * nowhere. Allow. */
564 DEBUG(10,("open_file: allowing POSIX "
565 "open on bad symlink %s\n",
566 smb_fname_str_dbg(
567 smb_fname)));
568 } else {
569 DEBUG(10,("open_file: "
570 "smbd_check_open_rights on file "
571 "%s returned %s\n",
572 smb_fname_str_dbg(smb_fname),
573 nt_errstr(status) ));
574 return status;
575 }
576 }
577 }
578 }
579
580 if (!file_existed) {
581 int ret;
582
583 if (fsp->fh->fd == -1) {
584 ret = SMB_VFS_STAT(conn, smb_fname);
585 } else {
586 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
587 /* If we have an fd, this stat should succeed. */
588 if (ret == -1) {
589 DEBUG(0,("Error doing fstat on open file %s "
590 "(%s)\n",
591 smb_fname_str_dbg(smb_fname),
592 strerror(errno) ));
593 }
594 }
595
596 /* For a non-io open, this stat failing means file not found. JRA */
597 if (ret == -1) {
598 status = map_nt_error_from_unix(errno);
599 fd_close(fsp);
600 return status;
601 }
602
603 if (file_created) {
604 /* Do all inheritance work after we've
605 done a successful stat call and filled
606 in the stat struct in fsp->fsp_name. */
607
608 /* Inherit the ACL if required */
609 if (lp_inherit_perms(SNUM(conn))) {
610 inherit_access_posix_acl(conn, parent_dir,
611 smb_fname->base_name,
612 unx_mode);
613 }
614
615 /* Change the owner if required. */
616 if (lp_inherit_owner(SNUM(conn))) {
617 change_file_owner_to_parent(conn, parent_dir,
618 fsp);
619 }
620
621 notify_fname(conn, NOTIFY_ACTION_ADDED,
622 FILE_NOTIFY_CHANGE_FILE_NAME,
623 smb_fname->base_name);
624 }
625 }
626
627 /*
628 * POSIX allows read-only opens of directories. We don't
629 * want to do this (we use a different code path for this)
630 * so catch a directory open and return an EISDIR. JRA.
631 */
632
633 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
634 fd_close(fsp);
635 errno = EISDIR;
636 return NT_STATUS_FILE_IS_A_DIRECTORY;
637 }
638
639 fsp->mode = smb_fname->st.st_ex_mode;
640 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
641 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
642 fsp->file_pid = req ? req->smbpid : 0;
643 fsp->can_lock = True;
644 fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False;
645 if (!CAN_WRITE(conn)) {
646 fsp->can_write = False;
647 } else {
648 fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ?
649 True : False;
650 }
651 fsp->print_file = False;
652 fsp->modified = False;
653 fsp->sent_oplock_break = NO_BREAK_SENT;
654 fsp->is_directory = False;
655 if (conn->aio_write_behind_list &&
656 is_in_path(smb_fname->base_name, conn->aio_write_behind_list,
657 conn->case_sensitive)) {
658 fsp->aio_write_behind = True;
659 }
660
661 fsp->wcp = NULL; /* Write cache pointer. */
662
663 DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
664 conn->server_info->unix_name,
665 smb_fname_str_dbg(smb_fname),
666 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
667 conn->num_files_open));
668
669 errno = 0;
670 return NT_STATUS_OK;
671}
672
673/****************************************************************************
674 Check if we can open a file with a share mode.
675 Returns True if conflict, False if not.
676****************************************************************************/
677
678static bool share_conflict(struct share_mode_entry *entry,
679 uint32 access_mask,
680 uint32 share_access)
681{
682 DEBUG(10,("share_conflict: entry->access_mask = 0x%x, "
683 "entry->share_access = 0x%x, "
684 "entry->private_options = 0x%x\n",
685 (unsigned int)entry->access_mask,
686 (unsigned int)entry->share_access,
687 (unsigned int)entry->private_options));
688
689 DEBUG(10,("share_conflict: access_mask = 0x%x, share_access = 0x%x\n",
690 (unsigned int)access_mask, (unsigned int)share_access));
691
692 if ((entry->access_mask & (FILE_WRITE_DATA|
693 FILE_APPEND_DATA|
694 FILE_READ_DATA|
695 FILE_EXECUTE|
696 DELETE_ACCESS)) == 0) {
697 DEBUG(10,("share_conflict: No conflict due to "
698 "entry->access_mask = 0x%x\n",
699 (unsigned int)entry->access_mask ));
700 return False;
701 }
702
703 if ((access_mask & (FILE_WRITE_DATA|
704 FILE_APPEND_DATA|
705 FILE_READ_DATA|
706 FILE_EXECUTE|
707 DELETE_ACCESS)) == 0) {
708 DEBUG(10,("share_conflict: No conflict due to "
709 "access_mask = 0x%x\n",
710 (unsigned int)access_mask ));
711 return False;
712 }
713
714#if 1 /* JRA TEST - Superdebug. */
715#define CHECK_MASK(num, am, right, sa, share) \
716 DEBUG(10,("share_conflict: [%d] am (0x%x) & right (0x%x) = 0x%x\n", \
717 (unsigned int)(num), (unsigned int)(am), \
718 (unsigned int)(right), (unsigned int)(am)&(right) )); \
719 DEBUG(10,("share_conflict: [%d] sa (0x%x) & share (0x%x) = 0x%x\n", \
720 (unsigned int)(num), (unsigned int)(sa), \
721 (unsigned int)(share), (unsigned int)(sa)&(share) )); \
722 if (((am) & (right)) && !((sa) & (share))) { \
723 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
724sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
725 (unsigned int)(share) )); \
726 return True; \
727 }
728#else
729#define CHECK_MASK(num, am, right, sa, share) \
730 if (((am) & (right)) && !((sa) & (share))) { \
731 DEBUG(10,("share_conflict: check %d conflict am = 0x%x, right = 0x%x, \
732sa = 0x%x, share = 0x%x\n", (num), (unsigned int)(am), (unsigned int)(right), (unsigned int)(sa), \
733 (unsigned int)(share) )); \
734 return True; \
735 }
736#endif
737
738 CHECK_MASK(1, entry->access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
739 share_access, FILE_SHARE_WRITE);
740 CHECK_MASK(2, access_mask, FILE_WRITE_DATA | FILE_APPEND_DATA,
741 entry->share_access, FILE_SHARE_WRITE);
742
743 CHECK_MASK(3, entry->access_mask, FILE_READ_DATA | FILE_EXECUTE,
744 share_access, FILE_SHARE_READ);
745 CHECK_MASK(4, access_mask, FILE_READ_DATA | FILE_EXECUTE,
746 entry->share_access, FILE_SHARE_READ);
747
748 CHECK_MASK(5, entry->access_mask, DELETE_ACCESS,
749 share_access, FILE_SHARE_DELETE);
750 CHECK_MASK(6, access_mask, DELETE_ACCESS,
751 entry->share_access, FILE_SHARE_DELETE);
752
753 DEBUG(10,("share_conflict: No conflict.\n"));
754 return False;
755}
756
757#if defined(DEVELOPER)
758static void validate_my_share_entries(int num,
759 struct share_mode_entry *share_entry)
760{
761 files_struct *fsp;
762
763 if (!procid_is_me(&share_entry->pid)) {
764 return;
765 }
766
767 if (is_deferred_open_entry(share_entry) &&
768 !open_was_deferred(share_entry->op_mid)) {
769 char *str = talloc_asprintf(talloc_tos(),
770 "Got a deferred entry without a request: "
771 "PANIC: %s\n",
772 share_mode_str(talloc_tos(), num, share_entry));
773 smb_panic(str);
774 }
775
776 if (!is_valid_share_mode_entry(share_entry)) {
777 return;
778 }
779
780 fsp = file_find_dif(share_entry->id,
781 share_entry->share_file_id);
782 if (!fsp) {
783 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
784 share_mode_str(talloc_tos(), num, share_entry) ));
785 smb_panic("validate_my_share_entries: Cannot match a "
786 "share entry with an open file\n");
787 }
788
789 if (is_deferred_open_entry(share_entry) ||
790 is_unused_share_mode_entry(share_entry)) {
791 goto panic;
792 }
793
794 if ((share_entry->op_type == NO_OPLOCK) &&
795 (fsp->oplock_type == FAKE_LEVEL_II_OPLOCK)) {
796 /* Someone has already written to it, but I haven't yet
797 * noticed */
798 return;
799 }
800
801 if (((uint16)fsp->oplock_type) != share_entry->op_type) {
802 goto panic;
803 }
804
805 return;
806
807 panic:
808 {
809 char *str;
810 DEBUG(0,("validate_my_share_entries: PANIC : %s\n",
811 share_mode_str(talloc_tos(), num, share_entry) ));
812 str = talloc_asprintf(talloc_tos(),
813 "validate_my_share_entries: "
814 "file %s, oplock_type = 0x%x, op_type = 0x%x\n",
815 fsp->fsp_name->base_name,
816 (unsigned int)fsp->oplock_type,
817 (unsigned int)share_entry->op_type );
818 smb_panic(str);
819 }
820}
821#endif
822
823bool is_stat_open(uint32 access_mask)
824{
825 return (access_mask &&
826 ((access_mask & ~(SYNCHRONIZE_ACCESS| FILE_READ_ATTRIBUTES|
827 FILE_WRITE_ATTRIBUTES))==0) &&
828 ((access_mask & (SYNCHRONIZE_ACCESS|FILE_READ_ATTRIBUTES|
829 FILE_WRITE_ATTRIBUTES)) != 0));
830}
831
832/****************************************************************************
833 Deal with share modes
834 Invarient: Share mode must be locked on entry and exit.
835 Returns -1 on error, or number of share modes on success (may be zero).
836****************************************************************************/
837
838static NTSTATUS open_mode_check(connection_struct *conn,
839 struct share_mode_lock *lck,
840 uint32 access_mask,
841 uint32 share_access,
842 uint32 create_options,
843 bool *file_existed)
844{
845 int i;
846
847 if(lck->num_share_modes == 0) {
848 return NT_STATUS_OK;
849 }
850
851 *file_existed = True;
852
853 /* A delete on close prohibits everything */
854
855 if (lck->delete_on_close) {
856 return NT_STATUS_DELETE_PENDING;
857 }
858
859 if (is_stat_open(access_mask)) {
860 /* Stat open that doesn't trigger oplock breaks or share mode
861 * checks... ! JRA. */
862 return NT_STATUS_OK;
863 }
864
865 /*
866 * Check if the share modes will give us access.
867 */
868
869#if defined(DEVELOPER)
870 for(i = 0; i < lck->num_share_modes; i++) {
871 validate_my_share_entries(i, &lck->share_modes[i]);
872 }
873#endif
874
875 if (!lp_share_modes(SNUM(conn))) {
876 return NT_STATUS_OK;
877 }
878
879 /* Now we check the share modes, after any oplock breaks. */
880 for(i = 0; i < lck->num_share_modes; i++) {
881
882 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
883 continue;
884 }
885
886 /* someone else has a share lock on it, check to see if we can
887 * too */
888 if (share_conflict(&lck->share_modes[i],
889 access_mask, share_access)) {
890 return NT_STATUS_SHARING_VIOLATION;
891 }
892 }
893
894 return NT_STATUS_OK;
895}
896
897/*
898 * Send a break message to the oplock holder and delay the open for
899 * our client.
900 */
901
902static NTSTATUS send_break_message(files_struct *fsp,
903 struct share_mode_entry *exclusive,
904 uint16 mid,
905 int oplock_request)
906{
907 NTSTATUS status;
908 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE];
909
910 DEBUG(10, ("Sending break request to PID %s\n",
911 procid_str_static(&exclusive->pid)));
912 exclusive->op_mid = mid;
913
914 /* Create the message. */
915 share_mode_entry_to_message(msg, exclusive);
916
917 /* Add in the FORCE_OPLOCK_BREAK_TO_NONE bit in the message if set. We
918 don't want this set in the share mode struct pointed to by lck. */
919
920 if (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE) {
921 SSVAL(msg,6,exclusive->op_type | FORCE_OPLOCK_BREAK_TO_NONE);
922 }
923
924 status = messaging_send_buf(smbd_messaging_context(), exclusive->pid,
925 MSG_SMB_BREAK_REQUEST,
926 (uint8 *)msg,
927 MSG_SMB_SHARE_MODE_ENTRY_SIZE);
928 if (!NT_STATUS_IS_OK(status)) {
929 DEBUG(3, ("Could not send oplock break message: %s\n",
930 nt_errstr(status)));
931 }
932
933 return status;
934}
935
936/*
937 * 1) No files open at all or internal open: Grant whatever the client wants.
938 *
939 * 2) Exclusive (or batch) oplock around: If the requested access is a delete
940 * request, break if the oplock around is a batch oplock. If it's another
941 * requested access type, break.
942 *
943 * 3) Only level2 around: Grant level2 and do nothing else.
944 */
945
946static bool delay_for_oplocks(struct share_mode_lock *lck,
947 files_struct *fsp,
948 uint16 mid,
949 int pass_number,
950 int oplock_request)
951{
952 int i;
953 struct share_mode_entry *exclusive = NULL;
954 bool valid_entry = false;
955 bool have_level2 = false;
956 bool have_a_none_oplock = false;
957 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) &&
958 lp_level2_oplocks(SNUM(fsp->conn));
959
960 if (oplock_request & INTERNAL_OPEN_ONLY) {
961 fsp->oplock_type = NO_OPLOCK;
962 }
963
964 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {
965 return false;
966 }
967
968 for (i=0; i<lck->num_share_modes; i++) {
969
970 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {
971 continue;
972 }
973
974 /* At least one entry is not an invalid or deferred entry. */
975 valid_entry = true;
976
977 if (pass_number == 1) {
978 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
979 SMB_ASSERT(exclusive == NULL);
980 exclusive = &lck->share_modes[i];
981 }
982 } else {
983 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
984 SMB_ASSERT(exclusive == NULL);
985 exclusive = &lck->share_modes[i];
986 }
987 }
988
989 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) {
990 SMB_ASSERT(exclusive == NULL);
991 have_level2 = true;
992 }
993
994 if (lck->share_modes[i].op_type == NO_OPLOCK) {
995 have_a_none_oplock = true;
996 }
997 }
998
999 if (exclusive != NULL) { /* Found an exclusive oplock */
1000 SMB_ASSERT(!have_level2);
1001 send_break_message(fsp, exclusive, mid, oplock_request);
1002 return true;
1003 }
1004
1005 /*
1006 * Match what was requested (fsp->oplock_type) with
1007 * what was found in the existing share modes.
1008 */
1009
1010 if (!valid_entry) {
1011 /* All entries are placeholders or deferred.
1012 * Directly grant whatever the client wants. */
1013 if (fsp->oplock_type == NO_OPLOCK) {
1014 /* Store a level2 oplock, but don't tell the client */
1015 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1016 }
1017 } else if (have_a_none_oplock) {
1018 fsp->oplock_type = NO_OPLOCK;
1019 } else if (have_level2) {
1020 if (fsp->oplock_type == NO_OPLOCK ||
1021 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) {
1022 /* Store a level2 oplock, but don't tell the client */
1023 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1024 } else {
1025 fsp->oplock_type = LEVEL_II_OPLOCK;
1026 }
1027 } else {
1028 /* This case can never happen. */
1029 SMB_ASSERT(1);
1030 }
1031
1032 /*
1033 * Don't grant level2 to clients that don't want them
1034 * or if we've turned them off.
1035 */
1036 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) {
1037 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;
1038 }
1039
1040 DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n",
1041 fsp->oplock_type, fsp_str_dbg(fsp)));
1042
1043 /* No delay. */
1044 return false;
1045}
1046
1047bool request_timed_out(struct timeval request_time,
1048 struct timeval timeout)
1049{
1050 struct timeval now, end_time;
1051 GetTimeOfDay(&now);
1052 end_time = timeval_sum(&request_time, &timeout);
1053 return (timeval_compare(&end_time, &now) < 0);
1054}
1055
1056/****************************************************************************
1057 Handle the 1 second delay in returning a SHARING_VIOLATION error.
1058****************************************************************************/
1059
1060static void defer_open(struct share_mode_lock *lck,
1061 struct timeval request_time,
1062 struct timeval timeout,
1063 struct smb_request *req,
1064 struct deferred_open_record *state)
1065{
1066 int i;
1067
1068 /* Paranoia check */
1069
1070 for (i=0; i<lck->num_share_modes; i++) {
1071 struct share_mode_entry *e = &lck->share_modes[i];
1072
1073 if (!is_deferred_open_entry(e)) {
1074 continue;
1075 }
1076
1077 if (procid_is_me(&e->pid) && (e->op_mid == req->mid)) {
1078 DEBUG(0, ("Trying to defer an already deferred "
1079 "request: mid=%d, exiting\n", req->mid));
1080 exit_server("attempt to defer a deferred request");
1081 }
1082 }
1083
1084 /* End paranoia check */
1085
1086 DEBUG(10,("defer_open_sharing_error: time [%u.%06u] adding deferred "
1087 "open entry for mid %u\n",
1088 (unsigned int)request_time.tv_sec,
1089 (unsigned int)request_time.tv_usec,
1090 (unsigned int)req->mid));
1091
1092 if (!push_deferred_smb_message(req, request_time, timeout,
1093 (char *)state, sizeof(*state))) {
1094 exit_server("push_deferred_smb_message failed");
1095 }
1096 add_deferred_open(lck, req->mid, request_time, state->id);
1097}
1098
1099
1100/****************************************************************************
1101 On overwrite open ensure that the attributes match.
1102****************************************************************************/
1103
1104bool open_match_attributes(connection_struct *conn,
1105 uint32 old_dos_attr,
1106 uint32 new_dos_attr,
1107 mode_t existing_unx_mode,
1108 mode_t new_unx_mode,
1109 mode_t *returned_unx_mode)
1110{
1111 uint32 noarch_old_dos_attr, noarch_new_dos_attr;
1112
1113 noarch_old_dos_attr = (old_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1114 noarch_new_dos_attr = (new_dos_attr & ~FILE_ATTRIBUTE_ARCHIVE);
1115
1116 if((noarch_old_dos_attr == 0 && noarch_new_dos_attr != 0) ||
1117 (noarch_old_dos_attr != 0 && ((noarch_old_dos_attr & noarch_new_dos_attr) == noarch_old_dos_attr))) {
1118 *returned_unx_mode = new_unx_mode;
1119 } else {
1120 *returned_unx_mode = (mode_t)0;
1121 }
1122
1123 DEBUG(10,("open_match_attributes: old_dos_attr = 0x%x, "
1124 "existing_unx_mode = 0%o, new_dos_attr = 0x%x "
1125 "returned_unx_mode = 0%o\n",
1126 (unsigned int)old_dos_attr,
1127 (unsigned int)existing_unx_mode,
1128 (unsigned int)new_dos_attr,
1129 (unsigned int)*returned_unx_mode ));
1130
1131 /* If we're mapping SYSTEM and HIDDEN ensure they match. */
1132 if (lp_map_system(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1133 if ((old_dos_attr & FILE_ATTRIBUTE_SYSTEM) &&
1134 !(new_dos_attr & FILE_ATTRIBUTE_SYSTEM)) {
1135 return False;
1136 }
1137 }
1138 if (lp_map_hidden(SNUM(conn)) || lp_store_dos_attributes(SNUM(conn))) {
1139 if ((old_dos_attr & FILE_ATTRIBUTE_HIDDEN) &&
1140 !(new_dos_attr & FILE_ATTRIBUTE_HIDDEN)) {
1141 return False;
1142 }
1143 }
1144 return True;
1145}
1146
1147/****************************************************************************
1148 Special FCB or DOS processing in the case of a sharing violation.
1149 Try and find a duplicated file handle.
1150****************************************************************************/
1151
1152NTSTATUS fcb_or_dos_open(struct smb_request *req,
1153 connection_struct *conn,
1154 files_struct *fsp_to_dup_into,
1155 const struct smb_filename *smb_fname,
1156 struct file_id id,
1157 uint16 file_pid,
1158 uint16 vuid,
1159 uint32 access_mask,
1160 uint32 share_access,
1161 uint32 create_options)
1162{
1163 files_struct *fsp;
1164
1165 DEBUG(5,("fcb_or_dos_open: attempting old open semantics for "
1166 "file %s.\n", smb_fname_str_dbg(smb_fname)));
1167
1168 for(fsp = file_find_di_first(id); fsp;
1169 fsp = file_find_di_next(fsp)) {
1170
1171 DEBUG(10,("fcb_or_dos_open: checking file %s, fd = %d, "
1172 "vuid = %u, file_pid = %u, private_options = 0x%x "
1173 "access_mask = 0x%x\n", fsp_str_dbg(fsp),
1174 fsp->fh->fd, (unsigned int)fsp->vuid,
1175 (unsigned int)fsp->file_pid,
1176 (unsigned int)fsp->fh->private_options,
1177 (unsigned int)fsp->access_mask ));
1178
1179 if (fsp->fh->fd != -1 &&
1180 fsp->vuid == vuid &&
1181 fsp->file_pid == file_pid &&
1182 (fsp->fh->private_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS |
1183 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) &&
1184 (fsp->access_mask & FILE_WRITE_DATA) &&
1185 strequal(fsp->fsp_name->base_name, smb_fname->base_name) &&
1186 strequal(fsp->fsp_name->stream_name,
1187 smb_fname->stream_name)) {
1188 DEBUG(10,("fcb_or_dos_open: file match\n"));
1189 break;
1190 }
1191 }
1192
1193 if (!fsp) {
1194 return NT_STATUS_NOT_FOUND;
1195 }
1196
1197 /* quite an insane set of semantics ... */
1198 if (is_executable(smb_fname->base_name) &&
1199 (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) {
1200 DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n"));
1201 return NT_STATUS_INVALID_PARAMETER;
1202 }
1203
1204 /* We need to duplicate this fsp. */
1205 return dup_file_fsp(req, fsp, access_mask, share_access,
1206 create_options, fsp_to_dup_into);
1207}
1208
1209static void schedule_defer_open(struct share_mode_lock *lck,
1210 struct timeval request_time,
1211 struct smb_request *req)
1212{
1213 struct deferred_open_record state;
1214
1215 /* This is a relative time, added to the absolute
1216 request_time value to get the absolute timeout time.
1217 Note that if this is the second or greater time we enter
1218 this codepath for this particular request mid then
1219 request_time is left as the absolute time of the *first*
1220 time this request mid was processed. This is what allows
1221 the request to eventually time out. */
1222
1223 struct timeval timeout;
1224
1225 /* Normally the smbd we asked should respond within
1226 * OPLOCK_BREAK_TIMEOUT seconds regardless of whether
1227 * the client did, give twice the timeout as a safety
1228 * measure here in case the other smbd is stuck
1229 * somewhere else. */
1230
1231 timeout = timeval_set(OPLOCK_BREAK_TIMEOUT*2, 0);
1232
1233 /* Nothing actually uses state.delayed_for_oplocks
1234 but it's handy to differentiate in debug messages
1235 between a 30 second delay due to oplock break, and
1236 a 1 second delay for share mode conflicts. */
1237
1238 state.delayed_for_oplocks = True;
1239 state.id = lck->id;
1240
1241 if (!request_timed_out(request_time, timeout)) {
1242 defer_open(lck, request_time, timeout, req, &state);
1243 }
1244}
1245
1246/****************************************************************************
1247 Work out what access_mask to use from what the client sent us.
1248****************************************************************************/
1249
1250static NTSTATUS calculate_access_mask(connection_struct *conn,
1251 const struct smb_filename *smb_fname,
1252 bool file_existed,
1253 uint32_t access_mask,
1254 uint32_t *access_mask_out)
1255{
1256 NTSTATUS status;
1257
1258 /*
1259 * Convert GENERIC bits to specific bits.
1260 */
1261
1262 se_map_generic(&access_mask, &file_generic_mapping);
1263
1264 /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
1265 if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
1266 if (file_existed) {
1267
1268 struct security_descriptor *sd;
1269 uint32_t access_granted = 0;
1270
1271 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
1272 (OWNER_SECURITY_INFORMATION |
1273 GROUP_SECURITY_INFORMATION |
1274 DACL_SECURITY_INFORMATION),&sd);
1275
1276 if (!NT_STATUS_IS_OK(status)) {
1277 DEBUG(10, ("calculate_access_mask: Could not get acl "
1278 "on file %s: %s\n",
1279 smb_fname_str_dbg(smb_fname),
1280 nt_errstr(status)));
1281 return NT_STATUS_ACCESS_DENIED;
1282 }
1283
1284 status = smb1_file_se_access_check(conn,
1285 sd,
1286 conn->server_info->ptok,
1287 access_mask,
1288 &access_granted);
1289
1290 TALLOC_FREE(sd);
1291
1292 if (!NT_STATUS_IS_OK(status)) {
1293 DEBUG(10, ("calculate_access_mask: Access denied on "
1294 "file %s: when calculating maximum access\n",
1295 smb_fname_str_dbg(smb_fname)));
1296 return NT_STATUS_ACCESS_DENIED;
1297 }
1298
1299 access_mask = access_granted;
1300 } else {
1301 access_mask = FILE_GENERIC_ALL;
1302 }
1303 }
1304
1305 *access_mask_out = access_mask;
1306 return NT_STATUS_OK;
1307}
1308
1309/****************************************************************************
1310 Open a file with a share mode. Passed in an already created files_struct *.
1311****************************************************************************/
1312
1313static NTSTATUS open_file_ntcreate(connection_struct *conn,
1314 struct smb_request *req,
1315 uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */
1316 uint32 share_access, /* share constants (FILE_SHARE_READ etc) */
1317 uint32 create_disposition, /* FILE_OPEN_IF etc. */
1318 uint32 create_options, /* options such as delete on close. */
1319 uint32 new_dos_attributes, /* attributes used for new file. */
1320 int oplock_request, /* internal Samba oplock codes. */
1321 /* Information (FILE_EXISTS etc.) */
1322 int *pinfo,
1323 files_struct *fsp)
1324{
1325 struct smb_filename *smb_fname = fsp->fsp_name;
1326 int flags=0;
1327 int flags2=0;
1328 bool file_existed = VALID_STAT(smb_fname->st);
1329 bool def_acl = False;
1330 bool posix_open = False;
1331 bool new_file_created = False;
1332 bool clear_ads = false;
1333 struct file_id id;
1334 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
1335 mode_t new_unx_mode = (mode_t)0;
1336 mode_t unx_mode = (mode_t)0;
1337 int info;
1338 uint32 existing_dos_attributes = 0;
1339 struct pending_message_list *pml = NULL;
1340 struct timeval request_time = timeval_zero();
1341 struct share_mode_lock *lck = NULL;
1342 uint32 open_access_mask = access_mask;
1343 NTSTATUS status;
1344 char *parent_dir;
1345
1346 ZERO_STRUCT(id);
1347
1348 if (conn->printer) {
1349 /*
1350 * Printers are handled completely differently.
1351 * Most of the passed parameters are ignored.
1352 */
1353
1354 if (pinfo) {
1355 *pinfo = FILE_WAS_CREATED;
1356 }
1357
1358 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n",
1359 smb_fname_str_dbg(smb_fname)));
1360
1361 if (!req) {
1362 DEBUG(0,("open_file_ntcreate: printer open without "
1363 "an SMB request!\n"));
1364 return NT_STATUS_INTERNAL_ERROR;
1365 }
1366
1367 return print_fsp_open(req, conn, smb_fname->base_name,
1368 req->vuid, fsp);
1369 }
1370
1371 if (!parent_dirname(talloc_tos(), smb_fname->base_name, &parent_dir,
1372 NULL)) {
1373 return NT_STATUS_NO_MEMORY;
1374 }
1375
1376 if (new_dos_attributes & FILE_FLAG_POSIX_SEMANTICS) {
1377 posix_open = True;
1378 unx_mode = (mode_t)(new_dos_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
1379 new_dos_attributes = 0;
1380 } else {
1381 /* Windows allows a new file to be created and
1382 silently removes a FILE_ATTRIBUTE_DIRECTORY
1383 sent by the client. Do the same. */
1384
1385 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
1386
1387 /* We add aARCH to this as this mode is only used if the file is
1388 * created new. */
1389 unx_mode = unix_mode(conn, new_dos_attributes | aARCH,
1390 smb_fname, parent_dir);
1391 }
1392
1393 DEBUG(10, ("open_file_ntcreate: fname=%s, dos_attrs=0x%x "
1394 "access_mask=0x%x share_access=0x%x "
1395 "create_disposition = 0x%x create_options=0x%x "
1396 "unix mode=0%o oplock_request=%d\n",
1397 smb_fname_str_dbg(smb_fname), new_dos_attributes,
1398 access_mask, share_access, create_disposition,
1399 create_options, (unsigned int)unx_mode, oplock_request));
1400
1401 if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
1402 DEBUG(0, ("No smb request but not an internal only open!\n"));
1403 return NT_STATUS_INTERNAL_ERROR;
1404 }
1405
1406 /*
1407 * Only non-internal opens can be deferred at all
1408 */
1409
1410 if ((req != NULL)
1411 && ((pml = get_open_deferred_message(req->mid)) != NULL)) {
1412 struct deferred_open_record *state =
1413 (struct deferred_open_record *)pml->private_data.data;
1414
1415 /* Remember the absolute time of the original
1416 request with this mid. We'll use it later to
1417 see if this has timed out. */
1418
1419 request_time = pml->request_time;
1420
1421 /* Remove the deferred open entry under lock. */
1422 lck = get_share_mode_lock(talloc_tos(), state->id, NULL, NULL,
1423 NULL);
1424 if (lck == NULL) {
1425 DEBUG(0, ("could not get share mode lock\n"));
1426 } else {
1427 del_deferred_open_entry(lck, req->mid);
1428 TALLOC_FREE(lck);
1429 }
1430
1431 /* Ensure we don't reprocess this message. */
1432 remove_deferred_open_smb_message(req->mid);
1433 }
1434
1435 if (!posix_open) {
1436 new_dos_attributes &= SAMBA_ATTRIBUTES_MASK;
1437 if (file_existed) {
1438 existing_dos_attributes = dos_mode(conn, smb_fname);
1439 }
1440 }
1441
1442 /* ignore any oplock requests if oplocks are disabled */
1443 if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break ||
1444 IS_VETO_OPLOCK_PATH(conn, smb_fname->base_name)) {
1445 /* Mask off everything except the private Samba bits. */
1446 oplock_request &= SAMBA_PRIVATE_OPLOCK_MASK;
1447 }
1448
1449 /* this is for OS/2 long file names - say we don't support them */
1450 if (!lp_posix_pathnames() && strstr(smb_fname->base_name,".+,;=[].")) {
1451 /* OS/2 Workplace shell fix may be main code stream in a later
1452 * release. */
1453 DEBUG(5,("open_file_ntcreate: OS/2 long filenames are not "
1454 "supported.\n"));
1455 if (use_nt_status()) {
1456 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1457 }
1458 return NT_STATUS_DOS(ERRDOS, ERRcannotopen);
1459 }
1460
1461 switch( create_disposition ) {
1462 /*
1463 * Currently we're using FILE_SUPERSEDE as the same as
1464 * FILE_OVERWRITE_IF but they really are
1465 * different. FILE_SUPERSEDE deletes an existing file
1466 * (requiring delete access) then recreates it.
1467 */
1468 case FILE_SUPERSEDE:
1469 /* If file exists replace/overwrite. If file doesn't
1470 * exist create. */
1471 flags2 |= (O_CREAT | O_TRUNC);
1472 clear_ads = true;
1473 break;
1474
1475 case FILE_OVERWRITE_IF:
1476 /* If file exists replace/overwrite. If file doesn't
1477 * exist create. */
1478 flags2 |= (O_CREAT | O_TRUNC);
1479 clear_ads = true;
1480 break;
1481
1482 case FILE_OPEN:
1483 /* If file exists open. If file doesn't exist error. */
1484 if (!file_existed) {
1485 DEBUG(5,("open_file_ntcreate: FILE_OPEN "
1486 "requested for file %s and file "
1487 "doesn't exist.\n",
1488 smb_fname_str_dbg(smb_fname)));
1489 errno = ENOENT;
1490 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1491 }
1492 break;
1493
1494 case FILE_OVERWRITE:
1495 /* If file exists overwrite. If file doesn't exist
1496 * error. */
1497 if (!file_existed) {
1498 DEBUG(5,("open_file_ntcreate: FILE_OVERWRITE "
1499 "requested for file %s and file "
1500 "doesn't exist.\n",
1501 smb_fname_str_dbg(smb_fname) ));
1502 errno = ENOENT;
1503 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1504 }
1505 flags2 |= O_TRUNC;
1506 clear_ads = true;
1507 break;
1508
1509 case FILE_CREATE:
1510 /* If file exists error. If file doesn't exist
1511 * create. */
1512 if (file_existed) {
1513 DEBUG(5,("open_file_ntcreate: FILE_CREATE "
1514 "requested for file %s and file "
1515 "already exists.\n",
1516 smb_fname_str_dbg(smb_fname)));
1517 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
1518 errno = EISDIR;
1519 } else {
1520 errno = EEXIST;
1521 }
1522 return map_nt_error_from_unix(errno);
1523 }
1524 flags2 |= (O_CREAT|O_EXCL);
1525 break;
1526
1527 case FILE_OPEN_IF:
1528 /* If file exists open. If file doesn't exist
1529 * create. */
1530 flags2 |= O_CREAT;
1531 break;
1532
1533 default:
1534 return NT_STATUS_INVALID_PARAMETER;
1535 }
1536
1537 /* We only care about matching attributes on file exists and
1538 * overwrite. */
1539
1540 if (!posix_open && file_existed && ((create_disposition == FILE_OVERWRITE) ||
1541 (create_disposition == FILE_OVERWRITE_IF))) {
1542 if (!open_match_attributes(conn, existing_dos_attributes,
1543 new_dos_attributes,
1544 smb_fname->st.st_ex_mode,
1545 unx_mode, &new_unx_mode)) {
1546 DEBUG(5,("open_file_ntcreate: attributes missmatch "
1547 "for file %s (%x %x) (0%o, 0%o)\n",
1548 smb_fname_str_dbg(smb_fname),
1549 existing_dos_attributes,
1550 new_dos_attributes,
1551 (unsigned int)smb_fname->st.st_ex_mode,
1552 (unsigned int)unx_mode ));
1553 errno = EACCES;
1554 return NT_STATUS_ACCESS_DENIED;
1555 }
1556 }
1557
1558 status = calculate_access_mask(conn, smb_fname, file_existed,
1559 access_mask,
1560 &access_mask);
1561 if (!NT_STATUS_IS_OK(status)) {
1562 DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
1563 "on file %s returned %s\n",
1564 smb_fname_str_dbg(smb_fname), nt_errstr(status)));
1565 return status;
1566 }
1567
1568 open_access_mask = access_mask;
1569
1570 if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1571 open_access_mask |= FILE_WRITE_DATA; /* This will cause oplock breaks. */
1572 }
1573
1574 DEBUG(10, ("open_file_ntcreate: fname=%s, after mapping "
1575 "access_mask=0x%x\n", smb_fname_str_dbg(smb_fname),
1576 access_mask));
1577
1578 /*
1579 * Note that we ignore the append flag as append does not
1580 * mean the same thing under DOS and Unix.
1581 */
1582
1583 if ((access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ||
1584 (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
1585 /* DENY_DOS opens are always underlying read-write on the
1586 file handle, no matter what the requested access mask
1587 says. */
1588 if ((create_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS) ||
1589 access_mask & (FILE_READ_ATTRIBUTES|FILE_READ_DATA|FILE_READ_EA|FILE_EXECUTE)) {
1590 flags = O_RDWR;
1591 } else {
1592 flags = O_WRONLY;
1593 }
1594 } else {
1595 flags = O_RDONLY;
1596 }
1597
1598 /*
1599 * Currently we only look at FILE_WRITE_THROUGH for create options.
1600 */
1601
1602#if defined(O_SYNC)
1603 if ((create_options & FILE_WRITE_THROUGH) && lp_strict_sync(SNUM(conn))) {
1604 flags2 |= O_SYNC;
1605 }
1606#endif /* O_SYNC */
1607
1608 if (posix_open && (access_mask & FILE_APPEND_DATA)) {
1609 flags2 |= O_APPEND;
1610 }
1611
1612 if (!posix_open && !CAN_WRITE(conn)) {
1613 /*
1614 * We should really return a permission denied error if either
1615 * O_CREAT or O_TRUNC are set, but for compatibility with
1616 * older versions of Samba we just AND them out.
1617 */
1618 flags2 &= ~(O_CREAT|O_TRUNC);
1619 }
1620
1621 /*
1622 * Ensure we can't write on a read-only share or file.
1623 */
1624
1625 if (flags != O_RDONLY && file_existed &&
1626 (!CAN_WRITE(conn) || IS_DOS_READONLY(existing_dos_attributes))) {
1627 DEBUG(5,("open_file_ntcreate: write access requested for "
1628 "file %s on read only %s\n",
1629 smb_fname_str_dbg(smb_fname),
1630 !CAN_WRITE(conn) ? "share" : "file" ));
1631 errno = EACCES;
1632 return NT_STATUS_ACCESS_DENIED;
1633 }
1634
1635 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1636 fsp->share_access = share_access;
1637 fsp->fh->private_options = create_options;
1638 fsp->access_mask = open_access_mask; /* We change this to the
1639 * requested access_mask after
1640 * the open is done. */
1641 fsp->posix_open = posix_open;
1642
1643 /* Ensure no SAMBA_PRIVATE bits can be set. */
1644 fsp->oplock_type = (oplock_request & ~SAMBA_PRIVATE_OPLOCK_MASK);
1645
1646 if (timeval_is_zero(&request_time)) {
1647 request_time = fsp->open_time;
1648 }
1649
1650 if (file_existed) {
1651 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
1652 id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
1653
1654 lck = get_share_mode_lock(talloc_tos(), id,
1655 conn->connectpath,
1656 smb_fname, &old_write_time);
1657
1658 if (lck == NULL) {
1659 DEBUG(0, ("Could not get share mode lock\n"));
1660 return NT_STATUS_SHARING_VIOLATION;
1661 }
1662
1663 /* First pass - send break only on batch oplocks. */
1664 if ((req != NULL)
1665 && delay_for_oplocks(lck, fsp, req->mid, 1,
1666 oplock_request)) {
1667 schedule_defer_open(lck, request_time, req);
1668 TALLOC_FREE(lck);
1669 return NT_STATUS_SHARING_VIOLATION;
1670 }
1671
1672 /* Use the client requested access mask here, not the one we
1673 * open with. */
1674 status = open_mode_check(conn, lck, access_mask, share_access,
1675 create_options, &file_existed);
1676
1677 if (NT_STATUS_IS_OK(status)) {
1678 /* We might be going to allow this open. Check oplock
1679 * status again. */
1680 /* Second pass - send break for both batch or
1681 * exclusive oplocks. */
1682 if ((req != NULL)
1683 && delay_for_oplocks(lck, fsp, req->mid, 2,
1684 oplock_request)) {
1685 schedule_defer_open(lck, request_time, req);
1686 TALLOC_FREE(lck);
1687 return NT_STATUS_SHARING_VIOLATION;
1688 }
1689 }
1690
1691 if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) {
1692 /* DELETE_PENDING is not deferred for a second */
1693 TALLOC_FREE(lck);
1694 return status;
1695 }
1696
1697 if (!NT_STATUS_IS_OK(status)) {
1698 uint32 can_access_mask;
1699 bool can_access = True;
1700
1701 SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
1702
1703 /* Check if this can be done with the deny_dos and fcb
1704 * calls. */
1705 if (create_options &
1706 (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS|
1707 NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) {
1708 if (req == NULL) {
1709 DEBUG(0, ("DOS open without an SMB "
1710 "request!\n"));
1711 TALLOC_FREE(lck);
1712 return NT_STATUS_INTERNAL_ERROR;
1713 }
1714
1715 /* Use the client requested access mask here,
1716 * not the one we open with. */
1717 status = fcb_or_dos_open(req,
1718 conn,
1719 fsp,
1720 smb_fname,
1721 id,
1722 req->smbpid,
1723 req->vuid,
1724 access_mask,
1725 share_access,
1726 create_options);
1727
1728 if (NT_STATUS_IS_OK(status)) {
1729 TALLOC_FREE(lck);
1730 if (pinfo) {
1731 *pinfo = FILE_WAS_OPENED;
1732 }
1733 return NT_STATUS_OK;
1734 }
1735 }
1736
1737 /*
1738 * This next line is a subtlety we need for
1739 * MS-Access. If a file open will fail due to share
1740 * permissions and also for security (access) reasons,
1741 * we need to return the access failed error, not the
1742 * share error. We can't open the file due to kernel
1743 * oplock deadlock (it's possible we failed above on
1744 * the open_mode_check()) so use a userspace check.
1745 */
1746
1747 if (flags & O_RDWR) {
1748 can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
1749 } else if (flags & O_WRONLY) {
1750 can_access_mask = FILE_WRITE_DATA;
1751 } else {
1752 can_access_mask = FILE_READ_DATA;
1753 }
1754
1755 if (((can_access_mask & FILE_WRITE_DATA) &&
1756 !CAN_WRITE(conn)) ||
1757 !can_access_file_data(conn, smb_fname,
1758 can_access_mask)) {
1759 can_access = False;
1760 }
1761
1762 /*
1763 * If we're returning a share violation, ensure we
1764 * cope with the braindead 1 second delay.
1765 */
1766
1767 if (!(oplock_request & INTERNAL_OPEN_ONLY) &&
1768 lp_defer_sharing_violations()) {
1769 struct timeval timeout;
1770 struct deferred_open_record state;
1771 int timeout_usecs;
1772
1773 /* this is a hack to speed up torture tests
1774 in 'make test' */
1775 timeout_usecs = lp_parm_int(SNUM(conn),
1776 "smbd","sharedelay",
1777 SHARING_VIOLATION_USEC_WAIT);
1778
1779 /* This is a relative time, added to the absolute
1780 request_time value to get the absolute timeout time.
1781 Note that if this is the second or greater time we enter
1782 this codepath for this particular request mid then
1783 request_time is left as the absolute time of the *first*
1784 time this request mid was processed. This is what allows
1785 the request to eventually time out. */
1786
1787 timeout = timeval_set(0, timeout_usecs);
1788
1789 /* Nothing actually uses state.delayed_for_oplocks
1790 but it's handy to differentiate in debug messages
1791 between a 30 second delay due to oplock break, and
1792 a 1 second delay for share mode conflicts. */
1793
1794 state.delayed_for_oplocks = False;
1795 state.id = id;
1796
1797 if ((req != NULL)
1798 && !request_timed_out(request_time,
1799 timeout)) {
1800 defer_open(lck, request_time, timeout,
1801 req, &state);
1802 }
1803 }
1804
1805 TALLOC_FREE(lck);
1806 if (can_access) {
1807 /*
1808 * We have detected a sharing violation here
1809 * so return the correct error code
1810 */
1811 status = NT_STATUS_SHARING_VIOLATION;
1812 } else {
1813 status = NT_STATUS_ACCESS_DENIED;
1814 }
1815 return status;
1816 }
1817
1818 /*
1819 * We exit this block with the share entry *locked*.....
1820 */
1821 }
1822
1823 SMB_ASSERT(!file_existed || (lck != NULL));
1824
1825 /*
1826 * Ensure we pay attention to default ACLs on directories if required.
1827 */
1828
1829 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1830 (def_acl = directory_has_default_acl(conn, parent_dir))) {
1831 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
1832 }
1833
1834 DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
1835 "access_mask = 0x%x, open_access_mask = 0x%x\n",
1836 (unsigned int)flags, (unsigned int)flags2,
1837 (unsigned int)unx_mode, (unsigned int)access_mask,
1838 (unsigned int)open_access_mask));
1839
1840 /*
1841 * open_file strips any O_TRUNC flags itself.
1842 */
1843
1844 fsp_open = open_file(fsp, conn, req, parent_dir,
1845 flags|flags2, unx_mode, access_mask,
1846 open_access_mask);
1847
1848 if (!NT_STATUS_IS_OK(fsp_open)) {
1849 if (lck != NULL) {
1850 TALLOC_FREE(lck);
1851 }
1852 return fsp_open;
1853 }
1854
1855 if (!file_existed) {
1856 struct timespec old_write_time = smb_fname->st.st_ex_mtime;
1857 /*
1858 * Deal with the race condition where two smbd's detect the
1859 * file doesn't exist and do the create at the same time. One
1860 * of them will win and set a share mode, the other (ie. this
1861 * one) should check if the requested share mode for this
1862 * create is allowed.
1863 */
1864
1865 /*
1866 * Now the file exists and fsp is successfully opened,
1867 * fsp->dev and fsp->inode are valid and should replace the
1868 * dev=0,inode=0 from a non existent file. Spotted by
1869 * Nadav Danieli <nadavd@exanet.com>. JRA.
1870 */
1871
1872 id = fsp->file_id;
1873
1874 lck = get_share_mode_lock(talloc_tos(), id,
1875 conn->connectpath,
1876 smb_fname, &old_write_time);
1877
1878 if (lck == NULL) {
1879 DEBUG(0, ("open_file_ntcreate: Could not get share "
1880 "mode lock for %s\n",
1881 smb_fname_str_dbg(smb_fname)));
1882 fd_close(fsp);
1883 return NT_STATUS_SHARING_VIOLATION;
1884 }
1885
1886 /* First pass - send break only on batch oplocks. */
1887 if ((req != NULL)
1888 && delay_for_oplocks(lck, fsp, req->mid, 1,
1889 oplock_request)) {
1890 schedule_defer_open(lck, request_time, req);
1891 TALLOC_FREE(lck);
1892 fd_close(fsp);
1893 return NT_STATUS_SHARING_VIOLATION;
1894 }
1895
1896 status = open_mode_check(conn, lck, access_mask, share_access,
1897 create_options, &file_existed);
1898
1899 if (NT_STATUS_IS_OK(status)) {
1900 /* We might be going to allow this open. Check oplock
1901 * status again. */
1902 /* Second pass - send break for both batch or
1903 * exclusive oplocks. */
1904 if ((req != NULL)
1905 && delay_for_oplocks(lck, fsp, req->mid, 2,
1906 oplock_request)) {
1907 schedule_defer_open(lck, request_time, req);
1908 TALLOC_FREE(lck);
1909 fd_close(fsp);
1910 return NT_STATUS_SHARING_VIOLATION;
1911 }
1912 }
1913
1914 if (!NT_STATUS_IS_OK(status)) {
1915 struct deferred_open_record state;
1916
1917 fd_close(fsp);
1918
1919 state.delayed_for_oplocks = False;
1920 state.id = id;
1921
1922 /* Do it all over again immediately. In the second
1923 * round we will find that the file existed and handle
1924 * the DELETE_PENDING and FCB cases correctly. No need
1925 * to duplicate the code here. Essentially this is a
1926 * "goto top of this function", but don't tell
1927 * anybody... */
1928
1929 if (req != NULL) {
1930 defer_open(lck, request_time, timeval_zero(),
1931 req, &state);
1932 }
1933 TALLOC_FREE(lck);
1934 return status;
1935 }
1936
1937 /*
1938 * We exit this block with the share entry *locked*.....
1939 */
1940
1941 }
1942
1943 SMB_ASSERT(lck != NULL);
1944
1945 /* Delete streams if create_disposition requires it */
1946 if (file_existed && clear_ads &&
1947 !is_ntfs_stream_smb_fname(smb_fname)) {
1948 status = delete_all_streams(conn, smb_fname->base_name);
1949 if (!NT_STATUS_IS_OK(status)) {
1950 TALLOC_FREE(lck);
1951 fd_close(fsp);
1952 return status;
1953 }
1954 }
1955
1956 /* note that we ignore failure for the following. It is
1957 basically a hack for NFS, and NFS will never set one of
1958 these only read them. Nobody but Samba can ever set a deny
1959 mode and we have already checked our more authoritative
1960 locking database for permission to set this deny mode. If
1961 the kernel refuses the operations then the kernel is wrong.
1962 note that GPFS supports it as well - jmcd */
1963
1964 if (fsp->fh->fd != -1) {
1965 int ret_flock;
1966 ret_flock = SMB_VFS_KERNEL_FLOCK(fsp, share_access, access_mask);
1967 if(ret_flock == -1 ){
1968
1969 TALLOC_FREE(lck);
1970 fd_close(fsp);
1971
1972 return NT_STATUS_SHARING_VIOLATION;
1973 }
1974 }
1975
1976 /*
1977 * At this point onwards, we can guarentee that the share entry
1978 * is locked, whether we created the file or not, and that the
1979 * deny mode is compatible with all current opens.
1980 */
1981
1982 /*
1983 * If requested, truncate the file.
1984 */
1985
1986 if (flags2&O_TRUNC) {
1987 /*
1988 * We are modifing the file after open - update the stat
1989 * struct..
1990 */
1991 if ((SMB_VFS_FTRUNCATE(fsp, 0) == -1) ||
1992 (SMB_VFS_FSTAT(fsp, &smb_fname->st)==-1)) {
1993 status = map_nt_error_from_unix(errno);
1994 TALLOC_FREE(lck);
1995 fd_close(fsp);
1996 return status;
1997 }
1998 }
1999
2000 /* Record the options we were opened with. */
2001 fsp->share_access = share_access;
2002 fsp->fh->private_options = create_options;
2003 /*
2004 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2005 */
2006 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2007
2008 if (file_existed) {
2009 /* stat opens on existing files don't get oplocks. */
2010 if (is_stat_open(open_access_mask)) {
2011 fsp->oplock_type = NO_OPLOCK;
2012 }
2013
2014 if (!(flags2 & O_TRUNC)) {
2015 info = FILE_WAS_OPENED;
2016 } else {
2017 info = FILE_WAS_OVERWRITTEN;
2018 }
2019 } else {
2020 info = FILE_WAS_CREATED;
2021 }
2022
2023 if (pinfo) {
2024 *pinfo = info;
2025 }
2026
2027 /*
2028 * Setup the oplock info in both the shared memory and
2029 * file structs.
2030 */
2031
2032 if (!set_file_oplock(fsp, fsp->oplock_type)) {
2033 /* Could not get the kernel oplock */
2034 fsp->oplock_type = NO_OPLOCK;
2035 }
2036
2037 if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) {
2038 new_file_created = True;
2039 }
2040
2041 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
2042 fsp->oplock_type);
2043
2044 /* Handle strange delete on close create semantics. */
2045 if (create_options & FILE_DELETE_ON_CLOSE) {
2046
2047 status = can_set_delete_on_close(fsp, new_dos_attributes);
2048
2049 if (!NT_STATUS_IS_OK(status)) {
2050 /* Remember to delete the mode we just added. */
2051 del_share_mode(lck, fsp);
2052 TALLOC_FREE(lck);
2053 fd_close(fsp);
2054 return status;
2055 }
2056 /* Note that here we set the *inital* delete on close flag,
2057 not the regular one. The magic gets handled in close. */
2058 fsp->initial_delete_on_close = True;
2059 }
2060
2061 if (new_file_created) {
2062 /* Files should be initially set as archive */
2063 if (lp_map_archive(SNUM(conn)) ||
2064 lp_store_dos_attributes(SNUM(conn))) {
2065 if (!posix_open) {
2066 if (file_set_dosmode(conn, smb_fname,
2067 new_dos_attributes | aARCH,
2068 parent_dir, true) == 0) {
2069 unx_mode = smb_fname->st.st_ex_mode;
2070 }
2071 }
2072 }
2073 }
2074
2075 /*
2076 * Take care of inherited ACLs on created files - if default ACL not
2077 * selected.
2078 */
2079
2080 if (!posix_open && !file_existed && !def_acl) {
2081
2082 int saved_errno = errno; /* We might get ENOSYS in the next
2083 * call.. */
2084
2085 if (SMB_VFS_FCHMOD_ACL(fsp, unx_mode) == -1 &&
2086 errno == ENOSYS) {
2087 errno = saved_errno; /* Ignore ENOSYS */
2088 }
2089
2090 } else if (new_unx_mode) {
2091
2092 int ret = -1;
2093
2094 /* Attributes need changing. File already existed. */
2095
2096 {
2097 int saved_errno = errno; /* We might get ENOSYS in the
2098 * next call.. */
2099 ret = SMB_VFS_FCHMOD_ACL(fsp, new_unx_mode);
2100
2101 if (ret == -1 && errno == ENOSYS) {
2102 errno = saved_errno; /* Ignore ENOSYS */
2103 } else {
2104 DEBUG(5, ("open_file_ntcreate: reset "
2105 "attributes of file %s to 0%o\n",
2106 smb_fname_str_dbg(smb_fname),
2107 (unsigned int)new_unx_mode));
2108 ret = 0; /* Don't do the fchmod below. */
2109 }
2110 }
2111
2112 if ((ret == -1) &&
2113 (SMB_VFS_FCHMOD(fsp, new_unx_mode) == -1))
2114 DEBUG(5, ("open_file_ntcreate: failed to reset "
2115 "attributes of file %s to 0%o\n",
2116 smb_fname_str_dbg(smb_fname),
2117 (unsigned int)new_unx_mode));
2118 }
2119
2120 /* If this is a successful open, we must remove any deferred open
2121 * records. */
2122 if (req != NULL) {
2123 del_deferred_open_entry(lck, req->mid);
2124 }
2125 TALLOC_FREE(lck);
2126
2127 return NT_STATUS_OK;
2128}
2129
2130
2131/****************************************************************************
2132 Open a file for for write to ensure that we can fchmod it.
2133****************************************************************************/
2134
2135NTSTATUS open_file_fchmod(connection_struct *conn,
2136 struct smb_filename *smb_fname,
2137 files_struct **result)
2138{
2139 if (!VALID_STAT(smb_fname->st)) {
2140 return NT_STATUS_INVALID_PARAMETER;
2141 }
2142
2143 return SMB_VFS_CREATE_FILE(
2144 conn, /* conn */
2145 NULL, /* req */
2146 0, /* root_dir_fid */
2147 smb_fname, /* fname */
2148 FILE_WRITE_DATA, /* access_mask */
2149 (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
2150 FILE_SHARE_DELETE),
2151 FILE_OPEN, /* create_disposition*/
2152 0, /* create_options */
2153 0, /* file_attributes */
2154 INTERNAL_OPEN_ONLY, /* oplock_request */
2155 0, /* allocation_size */
2156 NULL, /* sd */
2157 NULL, /* ea_list */
2158 result, /* result */
2159 NULL); /* pinfo */
2160}
2161
2162static NTSTATUS mkdir_internal(connection_struct *conn,
2163 struct smb_filename *smb_dname,
2164 uint32 file_attributes)
2165{
2166 mode_t mode;
2167 char *parent_dir;
2168 NTSTATUS status;
2169 bool posix_open = false;
2170 bool need_re_stat = false;
2171
2172 if(!CAN_WRITE(conn)) {
2173 DEBUG(5,("mkdir_internal: failing create on read-only share "
2174 "%s\n", lp_servicename(SNUM(conn))));
2175 return NT_STATUS_ACCESS_DENIED;
2176 }
2177
2178 status = check_name(conn, smb_dname->base_name);
2179 if (!NT_STATUS_IS_OK(status)) {
2180 return status;
2181 }
2182
2183 if (!parent_dirname(talloc_tos(), smb_dname->base_name, &parent_dir,
2184 NULL)) {
2185 return NT_STATUS_NO_MEMORY;
2186 }
2187
2188 if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
2189 posix_open = true;
2190 mode = (mode_t)(file_attributes & ~FILE_FLAG_POSIX_SEMANTICS);
2191 } else {
2192 mode = unix_mode(conn, aDIR, smb_dname, parent_dir);
2193 }
2194
2195 if (SMB_VFS_MKDIR(conn, smb_dname->base_name, mode) != 0) {
2196 return map_nt_error_from_unix(errno);
2197 }
2198
2199 /* Ensure we're checking for a symlink here.... */
2200 /* We don't want to get caught by a symlink racer. */
2201
2202 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2203 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2204 smb_fname_str_dbg(smb_dname), strerror(errno)));
2205 return map_nt_error_from_unix(errno);
2206 }
2207
2208 if (!S_ISDIR(smb_dname->st.st_ex_mode)) {
2209 DEBUG(0, ("Directory just '%s' created is not a directory\n",
2210 smb_fname_str_dbg(smb_dname)));
2211 return NT_STATUS_ACCESS_DENIED;
2212 }
2213
2214 if (lp_store_dos_attributes(SNUM(conn))) {
2215 if (!posix_open) {
2216 file_set_dosmode(conn, smb_dname,
2217 file_attributes | aDIR,
2218 parent_dir, true);
2219 }
2220 }
2221
2222 if (lp_inherit_perms(SNUM(conn))) {
2223 inherit_access_posix_acl(conn, parent_dir,
2224 smb_dname->base_name, mode);
2225 need_re_stat = true;
2226 }
2227
2228 if (!posix_open) {
2229 /*
2230 * Check if high bits should have been set,
2231 * then (if bits are missing): add them.
2232 * Consider bits automagically set by UNIX, i.e. SGID bit from parent
2233 * dir.
2234 */
2235 if ((mode & ~(S_IRWXU|S_IRWXG|S_IRWXO)) &&
2236 (mode & ~smb_dname->st.st_ex_mode)) {
2237 SMB_VFS_CHMOD(conn, smb_dname->base_name,
2238 (smb_dname->st.st_ex_mode |
2239 (mode & ~smb_dname->st.st_ex_mode)));
2240 need_re_stat = true;
2241 }
2242 }
2243
2244 /* Change the owner if required. */
2245 if (lp_inherit_owner(SNUM(conn))) {
2246 change_dir_owner_to_parent(conn, parent_dir,
2247 smb_dname->base_name,
2248 &smb_dname->st);
2249 need_re_stat = true;
2250 }
2251
2252 if (need_re_stat) {
2253 if (SMB_VFS_LSTAT(conn, smb_dname) == -1) {
2254 DEBUG(2, ("Could not stat directory '%s' just created: %s\n",
2255 smb_fname_str_dbg(smb_dname), strerror(errno)));
2256 return map_nt_error_from_unix(errno);
2257 }
2258 }
2259
2260 notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME,
2261 smb_dname->base_name);
2262
2263 return NT_STATUS_OK;
2264}
2265
2266/****************************************************************************
2267 Open a directory from an NT SMB call.
2268****************************************************************************/
2269
2270static NTSTATUS open_directory(connection_struct *conn,
2271 struct smb_request *req,
2272 struct smb_filename *smb_dname,
2273 uint32 access_mask,
2274 uint32 share_access,
2275 uint32 create_disposition,
2276 uint32 create_options,
2277 uint32 file_attributes,
2278 int *pinfo,
2279 files_struct **result)
2280{
2281 files_struct *fsp = NULL;
2282 bool dir_existed = VALID_STAT(smb_dname->st) ? True : False;
2283 struct share_mode_lock *lck = NULL;
2284 NTSTATUS status;
2285 struct timespec mtimespec;
2286 int info = 0;
2287
2288 SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
2289
2290 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS)) {
2291 /* Ensure we have a directory attribute. */
2292 file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
2293 }
2294
2295 DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2296 "share_access = 0x%x create_options = 0x%x, "
2297 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2298 smb_fname_str_dbg(smb_dname),
2299 (unsigned int)access_mask,
2300 (unsigned int)share_access,
2301 (unsigned int)create_options,
2302 (unsigned int)create_disposition,
2303 (unsigned int)file_attributes));
2304
2305 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2306 (conn->fs_capabilities & FILE_NAMED_STREAMS) &&
2307 is_ntfs_stream_smb_fname(smb_dname)) {
2308 DEBUG(2, ("open_directory: %s is a stream name!\n",
2309 smb_fname_str_dbg(smb_dname)));
2310 return NT_STATUS_NOT_A_DIRECTORY;
2311 }
2312
2313 status = calculate_access_mask(conn, smb_dname, dir_existed,
2314 access_mask, &access_mask);
2315 if (!NT_STATUS_IS_OK(status)) {
2316 DEBUG(10, ("open_directory: calculate_access_mask "
2317 "on file %s returned %s\n",
2318 smb_fname_str_dbg(smb_dname),
2319 nt_errstr(status)));
2320 return status;
2321 }
2322
2323 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2324 !user_has_privileges(current_user.nt_user_token, &se_security)) {
2325 DEBUG(10, ("open_directory: open on %s "
2326 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2327 smb_fname_str_dbg(smb_dname)));
2328 return NT_STATUS_PRIVILEGE_NOT_HELD;
2329 }
2330
2331 switch( create_disposition ) {
2332 case FILE_OPEN:
2333
2334 info = FILE_WAS_OPENED;
2335
2336 /*
2337 * We want to follow symlinks here.
2338 */
2339
2340 if (SMB_VFS_STAT(conn, smb_dname) != 0) {
2341 return map_nt_error_from_unix(errno);
2342 }
2343
2344 break;
2345
2346 case FILE_CREATE:
2347
2348 /* If directory exists error. If directory doesn't
2349 * exist create. */
2350
2351 status = mkdir_internal(conn, smb_dname,
2352 file_attributes);
2353
2354 if (!NT_STATUS_IS_OK(status)) {
2355 DEBUG(2, ("open_directory: unable to create "
2356 "%s. Error was %s\n",
2357 smb_fname_str_dbg(smb_dname),
2358 nt_errstr(status)));
2359 return status;
2360 }
2361
2362 info = FILE_WAS_CREATED;
2363 break;
2364
2365 case FILE_OPEN_IF:
2366 /*
2367 * If directory exists open. If directory doesn't
2368 * exist create.
2369 */
2370
2371 status = mkdir_internal(conn, smb_dname,
2372 file_attributes);
2373
2374 if (NT_STATUS_IS_OK(status)) {
2375 info = FILE_WAS_CREATED;
2376 }
2377
2378 if (NT_STATUS_EQUAL(status,
2379 NT_STATUS_OBJECT_NAME_COLLISION)) {
2380 info = FILE_WAS_OPENED;
2381 status = NT_STATUS_OK;
2382 }
2383
2384 break;
2385
2386 case FILE_SUPERSEDE:
2387 case FILE_OVERWRITE:
2388 case FILE_OVERWRITE_IF:
2389 default:
2390 DEBUG(5,("open_directory: invalid create_disposition "
2391 "0x%x for directory %s\n",
2392 (unsigned int)create_disposition,
2393 smb_fname_str_dbg(smb_dname)));
2394 return NT_STATUS_INVALID_PARAMETER;
2395 }
2396
2397 if(!S_ISDIR(smb_dname->st.st_ex_mode)) {
2398 DEBUG(5,("open_directory: %s is not a directory !\n",
2399 smb_fname_str_dbg(smb_dname)));
2400 return NT_STATUS_NOT_A_DIRECTORY;
2401 }
2402
2403 if (info == FILE_WAS_OPENED) {
2404 uint32_t access_granted = 0;
2405 status = smbd_check_open_rights(conn, smb_dname, access_mask,
2406 &access_granted);
2407
2408 /* Were we trying to do a directory open
2409 * for delete and didn't get DELETE
2410 * access (only) ? Check if the
2411 * directory allows DELETE_CHILD.
2412 * See here:
2413 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
2414 * for details. */
2415
2416 if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
2417 (access_mask & DELETE_ACCESS) &&
2418 (access_granted == DELETE_ACCESS) &&
2419 can_delete_file_in_directory(conn, smb_dname))) {
2420 DEBUG(10,("open_directory: overrode ACCESS_DENIED "
2421 "on directory %s\n",
2422 smb_fname_str_dbg(smb_dname)));
2423 status = NT_STATUS_OK;
2424 }
2425
2426 if (!NT_STATUS_IS_OK(status)) {
2427 DEBUG(10, ("open_directory: smbd_check_open_rights on "
2428 "file %s failed with %s\n",
2429 smb_fname_str_dbg(smb_dname),
2430 nt_errstr(status)));
2431 return status;
2432 }
2433 }
2434
2435 status = file_new(req, conn, &fsp);
2436 if(!NT_STATUS_IS_OK(status)) {
2437 return status;
2438 }
2439
2440 /*
2441 * Setup the files_struct for it.
2442 */
2443
2444 fsp->mode = smb_dname->st.st_ex_mode;
2445 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_dname->st);
2446 fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
2447 fsp->file_pid = req ? req->smbpid : 0;
2448 fsp->can_lock = False;
2449 fsp->can_read = False;
2450 fsp->can_write = False;
2451
2452 fsp->share_access = share_access;
2453 fsp->fh->private_options = create_options;
2454 /*
2455 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
2456 */
2457 fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
2458 fsp->print_file = False;
2459 fsp->modified = False;
2460 fsp->oplock_type = NO_OPLOCK;
2461 fsp->sent_oplock_break = NO_BREAK_SENT;
2462 fsp->is_directory = True;
2463 fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
2464 status = fsp_set_smb_fname(fsp, smb_dname);
2465 if (!NT_STATUS_IS_OK(status)) {
2466 return status;
2467 }
2468
2469 mtimespec = smb_dname->st.st_ex_mtime;
2470
2471 lck = get_share_mode_lock(talloc_tos(), fsp->file_id,
2472 conn->connectpath, smb_dname, &mtimespec);
2473
2474 if (lck == NULL) {
2475 DEBUG(0, ("open_directory: Could not get share mode lock for "
2476 "%s\n", smb_fname_str_dbg(smb_dname)));
2477 file_free(req, fsp);
2478 return NT_STATUS_SHARING_VIOLATION;
2479 }
2480
2481 status = open_mode_check(conn, lck, access_mask, share_access,
2482 create_options, &dir_existed);
2483
2484 if (!NT_STATUS_IS_OK(status)) {
2485 TALLOC_FREE(lck);
2486 file_free(req, fsp);
2487 return status;
2488 }
2489
2490 set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
2491
2492 /* For directories the delete on close bit at open time seems
2493 always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
2494 if (create_options & FILE_DELETE_ON_CLOSE) {
2495 status = can_set_delete_on_close(fsp, 0);
2496 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
2497 TALLOC_FREE(lck);
2498 file_free(req, fsp);
2499 return status;
2500 }
2501
2502 if (NT_STATUS_IS_OK(status)) {
2503 /* Note that here we set the *inital* delete on close flag,
2504 not the regular one. The magic gets handled in close. */
2505 fsp->initial_delete_on_close = True;
2506 }
2507 }
2508
2509 TALLOC_FREE(lck);
2510
2511 if (pinfo) {
2512 *pinfo = info;
2513 }
2514
2515 *result = fsp;
2516 return NT_STATUS_OK;
2517}
2518
2519NTSTATUS create_directory(connection_struct *conn, struct smb_request *req,
2520 struct smb_filename *smb_dname)
2521{
2522 NTSTATUS status;
2523 files_struct *fsp;
2524
2525 status = SMB_VFS_CREATE_FILE(
2526 conn, /* conn */
2527 req, /* req */
2528 0, /* root_dir_fid */
2529 smb_dname, /* fname */
2530 FILE_READ_ATTRIBUTES, /* access_mask */
2531 FILE_SHARE_NONE, /* share_access */
2532 FILE_CREATE, /* create_disposition*/
2533 FILE_DIRECTORY_FILE, /* create_options */
2534 FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
2535 0, /* oplock_request */
2536 0, /* allocation_size */
2537 NULL, /* sd */
2538 NULL, /* ea_list */
2539 &fsp, /* result */
2540 NULL); /* pinfo */
2541
2542 if (NT_STATUS_IS_OK(status)) {
2543 close_file(req, fsp, NORMAL_CLOSE);
2544 }
2545
2546 return status;
2547}
2548
2549/****************************************************************************
2550 Receive notification that one of our open files has been renamed by another
2551 smbd process.
2552****************************************************************************/
2553
2554void msg_file_was_renamed(struct messaging_context *msg,
2555 void *private_data,
2556 uint32_t msg_type,
2557 struct server_id server_id,
2558 DATA_BLOB *data)
2559{
2560 files_struct *fsp;
2561 char *frm = (char *)data->data;
2562 struct file_id id;
2563 const char *sharepath;
2564 const char *base_name;
2565 const char *stream_name;
2566 struct smb_filename *smb_fname = NULL;
2567 size_t sp_len, bn_len;
2568 NTSTATUS status;
2569
2570 if (data->data == NULL
2571 || data->length < MSG_FILE_RENAMED_MIN_SIZE + 2) {
2572 DEBUG(0, ("msg_file_was_renamed: Got invalid msg len %d\n",
2573 (int)data->length));
2574 return;
2575 }
2576
2577 /* Unpack the message. */
2578 pull_file_id_24(frm, &id);
2579 sharepath = &frm[24];
2580 sp_len = strlen(sharepath);
2581 base_name = sharepath + sp_len + 1;
2582 bn_len = strlen(base_name);
2583 stream_name = sharepath + sp_len + 1 + bn_len + 1;
2584
2585 /* stream_name must always be NULL if there is no stream. */
2586 if (stream_name[0] == '\0') {
2587 stream_name = NULL;
2588 }
2589
2590 status = create_synthetic_smb_fname(talloc_tos(), base_name,
2591 stream_name, NULL, &smb_fname);
2592 if (!NT_STATUS_IS_OK(status)) {
2593 return;
2594 }
2595
2596 DEBUG(10,("msg_file_was_renamed: Got rename message for sharepath %s, new name %s, "
2597 "file_id %s\n",
2598 sharepath, smb_fname_str_dbg(smb_fname),
2599 file_id_string_tos(&id)));
2600
2601 for(fsp = file_find_di_first(id); fsp; fsp = file_find_di_next(fsp)) {
2602 if (memcmp(fsp->conn->connectpath, sharepath, sp_len) == 0) {
2603
2604 DEBUG(10,("msg_file_was_renamed: renaming file fnum %d from %s -> %s\n",
2605 fsp->fnum, fsp_str_dbg(fsp),
2606 smb_fname_str_dbg(smb_fname)));
2607 status = fsp_set_smb_fname(fsp, smb_fname);
2608 if (!NT_STATUS_IS_OK(status)) {
2609 goto out;
2610 }
2611 } else {
2612 /* TODO. JRA. */
2613 /* Now we have the complete path we can work out if this is
2614 actually within this share and adjust newname accordingly. */
2615 DEBUG(10,("msg_file_was_renamed: share mismatch (sharepath %s "
2616 "not sharepath %s) "
2617 "fnum %d from %s -> %s\n",
2618 fsp->conn->connectpath,
2619 sharepath,
2620 fsp->fnum,
2621 fsp_str_dbg(fsp),
2622 smb_fname_str_dbg(smb_fname)));
2623 }
2624 }
2625 out:
2626 TALLOC_FREE(smb_fname);
2627 return;
2628}
2629
2630/*
2631 * If a main file is opened for delete, all streams need to be checked for
2632 * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
2633 * If that works, delete them all by setting the delete on close and close.
2634 */
2635
2636NTSTATUS open_streams_for_delete(connection_struct *conn,
2637 const char *fname)
2638{
2639 struct stream_struct *stream_info;
2640 files_struct **streams;
2641 int i;
2642 unsigned int num_streams;
2643 TALLOC_CTX *frame = talloc_stackframe();
2644 NTSTATUS status;
2645
2646 status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
2647 &num_streams, &stream_info);
2648
2649 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
2650 || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
2651 DEBUG(10, ("no streams around\n"));
2652 TALLOC_FREE(frame);
2653 return NT_STATUS_OK;
2654 }
2655
2656 if (!NT_STATUS_IS_OK(status)) {
2657 DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
2658 nt_errstr(status)));
2659 goto fail;
2660 }
2661
2662 DEBUG(10, ("open_streams_for_delete found %d streams\n",
2663 num_streams));
2664
2665 if (num_streams == 0) {
2666 TALLOC_FREE(frame);
2667 return NT_STATUS_OK;
2668 }
2669
2670 streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
2671 if (streams == NULL) {
2672 DEBUG(0, ("talloc failed\n"));
2673 status = NT_STATUS_NO_MEMORY;
2674 goto fail;
2675 }
2676
2677 for (i=0; i<num_streams; i++) {
2678 struct smb_filename *smb_fname = NULL;
2679
2680 if (strequal(stream_info[i].name, "::$DATA")) {
2681 streams[i] = NULL;
2682 continue;
2683 }
2684
2685 status = create_synthetic_smb_fname(talloc_tos(), fname,
2686 stream_info[i].name,
2687 NULL, &smb_fname);
2688 if (!NT_STATUS_IS_OK(status)) {
2689 goto fail;
2690 }
2691
2692 if (SMB_VFS_STAT(conn, smb_fname) == -1) {
2693 DEBUG(10, ("Unable to stat stream: %s\n",
2694 smb_fname_str_dbg(smb_fname)));
2695 }
2696
2697 status = SMB_VFS_CREATE_FILE(
2698 conn, /* conn */
2699 NULL, /* req */
2700 0, /* root_dir_fid */
2701 smb_fname, /* fname */
2702 DELETE_ACCESS, /* access_mask */
2703 (FILE_SHARE_READ | /* share_access */
2704 FILE_SHARE_WRITE | FILE_SHARE_DELETE),
2705 FILE_OPEN, /* create_disposition*/
2706 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
2707 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
2708 0, /* oplock_request */
2709 0, /* allocation_size */
2710 NULL, /* sd */
2711 NULL, /* ea_list */
2712 &streams[i], /* result */
2713 NULL); /* pinfo */
2714
2715 if (!NT_STATUS_IS_OK(status)) {
2716 DEBUG(10, ("Could not open stream %s: %s\n",
2717 smb_fname_str_dbg(smb_fname),
2718 nt_errstr(status)));
2719
2720 TALLOC_FREE(smb_fname);
2721 break;
2722 }
2723 TALLOC_FREE(smb_fname);
2724 }
2725
2726 /*
2727 * don't touch the variable "status" beyond this point :-)
2728 */
2729
2730 for (i -= 1 ; i >= 0; i--) {
2731 if (streams[i] == NULL) {
2732 continue;
2733 }
2734
2735 DEBUG(10, ("Closing stream # %d, %s\n", i,
2736 fsp_str_dbg(streams[i])));
2737 close_file(NULL, streams[i], NORMAL_CLOSE);
2738 }
2739
2740 fail:
2741 TALLOC_FREE(frame);
2742 return status;
2743}
2744
2745/*
2746 * Wrapper around open_file_ntcreate and open_directory
2747 */
2748
2749static NTSTATUS create_file_unixpath(connection_struct *conn,
2750 struct smb_request *req,
2751 struct smb_filename *smb_fname,
2752 uint32_t access_mask,
2753 uint32_t share_access,
2754 uint32_t create_disposition,
2755 uint32_t create_options,
2756 uint32_t file_attributes,
2757 uint32_t oplock_request,
2758 uint64_t allocation_size,
2759 struct security_descriptor *sd,
2760 struct ea_list *ea_list,
2761
2762 files_struct **result,
2763 int *pinfo)
2764{
2765 int info = FILE_WAS_OPENED;
2766 files_struct *base_fsp = NULL;
2767 files_struct *fsp = NULL;
2768 NTSTATUS status;
2769
2770 DEBUG(10,("create_file_unixpath: access_mask = 0x%x "
2771 "file_attributes = 0x%x, share_access = 0x%x, "
2772 "create_disposition = 0x%x create_options = 0x%x "
2773 "oplock_request = 0x%x ea_list = 0x%p, sd = 0x%p, "
2774 "fname = %s\n",
2775 (unsigned int)access_mask,
2776 (unsigned int)file_attributes,
2777 (unsigned int)share_access,
2778 (unsigned int)create_disposition,
2779 (unsigned int)create_options,
2780 (unsigned int)oplock_request,
2781 ea_list, sd, smb_fname_str_dbg(smb_fname)));
2782
2783 if (create_options & FILE_OPEN_BY_FILE_ID) {
2784 status = NT_STATUS_NOT_SUPPORTED;
2785 goto fail;
2786 }
2787
2788 if (create_options & NTCREATEX_OPTIONS_INVALID_PARAM_MASK) {
2789 status = NT_STATUS_INVALID_PARAMETER;
2790 goto fail;
2791 }
2792
2793 if (req == NULL) {
2794 oplock_request |= INTERNAL_OPEN_ONLY;
2795 }
2796
2797 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2798 && (access_mask & DELETE_ACCESS)
2799 && !is_ntfs_stream_smb_fname(smb_fname)) {
2800 /*
2801 * We can't open a file with DELETE access if any of the
2802 * streams is open without FILE_SHARE_DELETE
2803 */
2804 status = open_streams_for_delete(conn, smb_fname->base_name);
2805
2806 if (!NT_STATUS_IS_OK(status)) {
2807 goto fail;
2808 }
2809 }
2810
2811 /* This is the correct thing to do (check every time) but can_delete
2812 * is expensive (it may have to read the parent directory
2813 * permissions). So for now we're not doing it unless we have a strong
2814 * hint the client is really going to delete this file. If the client
2815 * is forcing FILE_CREATE let the filesystem take care of the
2816 * permissions. */
2817
2818 /* Setting FILE_SHARE_DELETE is the hint. */
2819
2820 if ((create_disposition != FILE_CREATE)
2821 && (access_mask & DELETE_ACCESS)
2822 && (!(can_delete_file_in_directory(conn, smb_fname) ||
2823 can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {
2824 status = NT_STATUS_ACCESS_DENIED;
2825 DEBUG(10,("create_file_unixpath: open file %s "
2826 "for delete ACCESS_DENIED\n",
2827 smb_fname_str_dbg(smb_fname)));
2828 goto fail;
2829 }
2830
2831 if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2832 !user_has_privileges(current_user.nt_user_token, &se_security)) {
2833 DEBUG(10, ("create_file_unixpath:: open on %s "
2834 "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2835 smb_fname_str_dbg(smb_fname)));
2836 status = NT_STATUS_PRIVILEGE_NOT_HELD;
2837 goto fail;
2838 }
2839
2840 if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
2841 && is_ntfs_stream_smb_fname(smb_fname)
2842 && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
2843 uint32 base_create_disposition;
2844 struct smb_filename *smb_fname_base = NULL;
2845
2846 if (create_options & FILE_DIRECTORY_FILE) {
2847 status = NT_STATUS_NOT_A_DIRECTORY;
2848 goto fail;
2849 }
2850
2851 switch (create_disposition) {
2852 case FILE_OPEN:
2853 base_create_disposition = FILE_OPEN;
2854 break;
2855 default:
2856 base_create_disposition = FILE_OPEN_IF;
2857 break;
2858 }
2859
2860 /* Create an smb_filename with stream_name == NULL. */
2861 status = create_synthetic_smb_fname(talloc_tos(),
2862 smb_fname->base_name,
2863 NULL, NULL,
2864 &smb_fname_base);
2865 if (!NT_STATUS_IS_OK(status)) {
2866 goto fail;
2867 }
2868
2869 if (SMB_VFS_STAT(conn, smb_fname_base) == -1) {
2870 DEBUG(10, ("Unable to stat stream: %s\n",
2871 smb_fname_str_dbg(smb_fname_base)));
2872 }
2873
2874 /* Open the base file. */
2875 status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
2876 FILE_SHARE_READ
2877 | FILE_SHARE_WRITE
2878 | FILE_SHARE_DELETE,
2879 base_create_disposition,
2880 0, 0, 0, 0, NULL, NULL,
2881 &base_fsp, NULL);
2882 TALLOC_FREE(smb_fname_base);
2883
2884 if (!NT_STATUS_IS_OK(status)) {
2885 DEBUG(10, ("create_file_unixpath for base %s failed: "
2886 "%s\n", smb_fname->base_name,
2887 nt_errstr(status)));
2888 goto fail;
2889 }
2890 /* we don't need to low level fd */
2891 fd_close(base_fsp);
2892 }
2893
2894 /*
2895 * If it's a request for a directory open, deal with it separately.
2896 */
2897
2898 if (create_options & FILE_DIRECTORY_FILE) {
2899
2900 if (create_options & FILE_NON_DIRECTORY_FILE) {
2901 status = NT_STATUS_INVALID_PARAMETER;
2902 goto fail;
2903 }
2904
2905 /* Can't open a temp directory. IFS kit test. */
2906 if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) &&
2907 (file_attributes & FILE_ATTRIBUTE_TEMPORARY)) {
2908 status = NT_STATUS_INVALID_PARAMETER;
2909 goto fail;
2910 }
2911
2912 /*
2913 * We will get a create directory here if the Win32
2914 * app specified a security descriptor in the
2915 * CreateDirectory() call.
2916 */
2917
2918 oplock_request = 0;
2919 status = open_directory(
2920 conn, req, smb_fname, access_mask, share_access,
2921 create_disposition, create_options, file_attributes,
2922 &info, &fsp);
2923 } else {
2924
2925 /*
2926 * Ordinary file case.
2927 */
2928
2929 status = file_new(req, conn, &fsp);
2930 if(!NT_STATUS_IS_OK(status)) {
2931 goto fail;
2932 }
2933
2934 status = fsp_set_smb_fname(fsp, smb_fname);
2935 if (!NT_STATUS_IS_OK(status)) {
2936 goto fail;
2937 }
2938
2939 /*
2940 * We're opening the stream element of a base_fsp
2941 * we already opened. Set up the base_fsp pointer.
2942 */
2943 if (base_fsp) {
2944 fsp->base_fsp = base_fsp;
2945 }
2946
2947 status = open_file_ntcreate(conn,
2948 req,
2949 access_mask,
2950 share_access,
2951 create_disposition,
2952 create_options,
2953 file_attributes,
2954 oplock_request,
2955 &info,
2956 fsp);
2957
2958 if(!NT_STATUS_IS_OK(status)) {
2959 file_free(req, fsp);
2960 fsp = NULL;
2961 }
2962
2963 if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
2964
2965 /* A stream open never opens a directory */
2966
2967 if (base_fsp) {
2968 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2969 goto fail;
2970 }
2971
2972 /*
2973 * Fail the open if it was explicitly a non-directory
2974 * file.
2975 */
2976
2977 if (create_options & FILE_NON_DIRECTORY_FILE) {
2978 status = NT_STATUS_FILE_IS_A_DIRECTORY;
2979 goto fail;
2980 }
2981
2982 oplock_request = 0;
2983 status = open_directory(
2984 conn, req, smb_fname, access_mask,
2985 share_access, create_disposition,
2986 create_options, file_attributes,
2987 &info, &fsp);
2988 }
2989 }
2990
2991 if (!NT_STATUS_IS_OK(status)) {
2992 goto fail;
2993 }
2994
2995 fsp->base_fsp = base_fsp;
2996
2997 /*
2998 * According to the MS documentation, the only time the security
2999 * descriptor is applied to the opened file is iff we *created* the
3000 * file; an existing file stays the same.
3001 *
3002 * Also, it seems (from observation) that you can open the file with
3003 * any access mask but you can still write the sd. We need to override
3004 * the granted access before we call set_sd
3005 * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
3006 */
3007
3008 if ((sd != NULL) && (info == FILE_WAS_CREATED)
3009 && lp_nt_acl_support(SNUM(conn))) {
3010
3011 uint32_t sec_info_sent;
3012 uint32_t saved_access_mask = fsp->access_mask;
3013
3014 sec_info_sent = get_sec_info(sd);
3015
3016 fsp->access_mask = FILE_GENERIC_ALL;
3017
3018 /* Convert all the generic bits. */
3019 security_acl_map_generic(sd->dacl, &file_generic_mapping);
3020 security_acl_map_generic(sd->sacl, &file_generic_mapping);
3021
3022 if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
3023 GROUP_SECURITY_INFORMATION|
3024 DACL_SECURITY_INFORMATION|
3025 SACL_SECURITY_INFORMATION)) {
3026 status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
3027 }
3028
3029 fsp->access_mask = saved_access_mask;
3030
3031 if (!NT_STATUS_IS_OK(status)) {
3032 goto fail;
3033 }
3034 }
3035
3036 if ((ea_list != NULL) &&
3037 ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
3038 status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
3039 if (!NT_STATUS_IS_OK(status)) {
3040 goto fail;
3041 }
3042 }
3043
3044 if (!fsp->is_directory && S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
3045 status = NT_STATUS_ACCESS_DENIED;
3046 goto fail;
3047 }
3048
3049 /* Save the requested allocation size. */
3050 if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
3051 if (allocation_size
3052 && (allocation_size > fsp->fsp_name->st.st_ex_size)) {
3053 fsp->initial_allocation_size = smb_roundup(
3054 fsp->conn, allocation_size);
3055 if (fsp->is_directory) {
3056 /* Can't set allocation size on a directory. */
3057 status = NT_STATUS_ACCESS_DENIED;
3058 goto fail;
3059 }
3060 if (vfs_allocate_file_space(
3061 fsp, fsp->initial_allocation_size) == -1) {
3062 status = NT_STATUS_DISK_FULL;
3063 goto fail;
3064 }
3065 } else {
3066 fsp->initial_allocation_size = smb_roundup(
3067 fsp->conn, (uint64_t)fsp->fsp_name->st.st_ex_size);
3068 }
3069 }
3070
3071 DEBUG(10, ("create_file_unixpath: info=%d\n", info));
3072
3073 *result = fsp;
3074 if (pinfo != NULL) {
3075 *pinfo = info;
3076 }
3077
3078 smb_fname->st = fsp->fsp_name->st;
3079
3080 return NT_STATUS_OK;
3081
3082 fail:
3083 DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
3084
3085 if (fsp != NULL) {
3086 if (base_fsp && fsp->base_fsp == base_fsp) {
3087 /*
3088 * The close_file below will close
3089 * fsp->base_fsp.
3090 */
3091 base_fsp = NULL;
3092 }
3093 close_file(req, fsp, ERROR_CLOSE);
3094 fsp = NULL;
3095 }
3096 if (base_fsp != NULL) {
3097 close_file(req, base_fsp, ERROR_CLOSE);
3098 base_fsp = NULL;
3099 }
3100 return status;
3101}
3102
3103/*
3104 * Calculate the full path name given a relative fid.
3105 */
3106NTSTATUS get_relative_fid_filename(connection_struct *conn,
3107 struct smb_request *req,
3108 uint16_t root_dir_fid,
3109 const struct smb_filename *smb_fname,
3110 struct smb_filename **smb_fname_out)
3111{
3112 files_struct *dir_fsp;
3113 char *parent_fname = NULL;
3114 char *new_base_name = NULL;
3115 NTSTATUS status;
3116
3117 if (root_dir_fid == 0 || !smb_fname) {
3118 status = NT_STATUS_INTERNAL_ERROR;
3119 goto out;
3120 }
3121
3122 dir_fsp = file_fsp(req, root_dir_fid);
3123
3124 if (dir_fsp == NULL) {
3125 status = NT_STATUS_INVALID_HANDLE;
3126 goto out;
3127 }
3128
3129 if (is_ntfs_stream_smb_fname(dir_fsp->fsp_name)) {
3130 status = NT_STATUS_INVALID_HANDLE;
3131 goto out;
3132 }
3133
3134 if (!dir_fsp->is_directory) {
3135
3136 /*
3137 * Check to see if this is a mac fork of some kind.
3138 */
3139
3140 if ((conn->fs_capabilities & FILE_NAMED_STREAMS) &&
3141 is_ntfs_stream_smb_fname(smb_fname)) {
3142 status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
3143 goto out;
3144 }
3145
3146 /*
3147 we need to handle the case when we get a
3148 relative open relative to a file and the
3149 pathname is blank - this is a reopen!
3150 (hint from demyn plantenberg)
3151 */
3152
3153 status = NT_STATUS_INVALID_HANDLE;
3154 goto out;
3155 }
3156
3157 if (ISDOT(dir_fsp->fsp_name->base_name)) {
3158 /*
3159 * We're at the toplevel dir, the final file name
3160 * must not contain ./, as this is filtered out
3161 * normally by srvstr_get_path and unix_convert
3162 * explicitly rejects paths containing ./.
3163 */
3164 parent_fname = talloc_strdup(talloc_tos(), "");
3165 if (parent_fname == NULL) {
3166 status = NT_STATUS_NO_MEMORY;
3167 goto out;
3168 }
3169 } else {
3170 size_t dir_name_len = strlen(dir_fsp->fsp_name->base_name);
3171
3172 /*
3173 * Copy in the base directory name.
3174 */
3175
3176 parent_fname = TALLOC_ARRAY(talloc_tos(), char,
3177 dir_name_len+2);
3178 if (parent_fname == NULL) {
3179 status = NT_STATUS_NO_MEMORY;
3180 goto out;
3181 }
3182 memcpy(parent_fname, dir_fsp->fsp_name->base_name,
3183 dir_name_len+1);
3184
3185 /*
3186 * Ensure it ends in a '/'.
3187 * We used TALLOC_SIZE +2 to add space for the '/'.
3188 */
3189
3190 if(dir_name_len
3191 && (parent_fname[dir_name_len-1] != '\\')
3192 && (parent_fname[dir_name_len-1] != '/')) {
3193 parent_fname[dir_name_len] = '/';
3194 parent_fname[dir_name_len+1] = '\0';
3195 }
3196 }
3197
3198 new_base_name = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3199 smb_fname->base_name);
3200 if (new_base_name == NULL) {
3201 status = NT_STATUS_NO_MEMORY;
3202 goto out;
3203 }
3204
3205 status = filename_convert(req,
3206 conn,
3207 req->flags2 & FLAGS2_DFS_PATHNAMES,
3208 new_base_name,
3209 0,
3210 NULL,
3211 smb_fname_out);
3212 if (!NT_STATUS_IS_OK(status)) {
3213 goto out;
3214 }
3215
3216 out:
3217 TALLOC_FREE(parent_fname);
3218 return status;
3219}
3220
3221NTSTATUS create_file_default(connection_struct *conn,
3222 struct smb_request *req,
3223 uint16_t root_dir_fid,
3224 struct smb_filename *smb_fname,
3225 uint32_t access_mask,
3226 uint32_t share_access,
3227 uint32_t create_disposition,
3228 uint32_t create_options,
3229 uint32_t file_attributes,
3230 uint32_t oplock_request,
3231 uint64_t allocation_size,
3232 struct security_descriptor *sd,
3233 struct ea_list *ea_list,
3234 files_struct **result,
3235 int *pinfo)
3236{
3237 int info = FILE_WAS_OPENED;
3238 files_struct *fsp = NULL;
3239 NTSTATUS status;
3240
3241 DEBUG(10,("create_file: access_mask = 0x%x "
3242 "file_attributes = 0x%x, share_access = 0x%x, "
3243 "create_disposition = 0x%x create_options = 0x%x "
3244 "oplock_request = 0x%x "
3245 "root_dir_fid = 0x%x, ea_list = 0x%p, sd = 0x%p, "
3246 "fname = %s\n",
3247 (unsigned int)access_mask,
3248 (unsigned int)file_attributes,
3249 (unsigned int)share_access,
3250 (unsigned int)create_disposition,
3251 (unsigned int)create_options,
3252 (unsigned int)oplock_request,
3253 (unsigned int)root_dir_fid,
3254 ea_list, sd, smb_fname_str_dbg(smb_fname)));
3255
3256 /*
3257 * Calculate the filename from the root_dir_if if necessary.
3258 */
3259
3260 if (root_dir_fid != 0) {
3261 struct smb_filename *smb_fname_out = NULL;
3262 status = get_relative_fid_filename(conn, req, root_dir_fid,
3263 smb_fname, &smb_fname_out);
3264 if (!NT_STATUS_IS_OK(status)) {
3265 goto fail;
3266 }
3267 smb_fname = smb_fname_out;
3268 }
3269
3270 /*
3271 * Check to see if this is a mac fork of some kind.
3272 */
3273
3274 if (is_ntfs_stream_smb_fname(smb_fname)) {
3275 enum FAKE_FILE_TYPE fake_file_type;
3276
3277 fake_file_type = is_fake_file(smb_fname);
3278
3279 if (fake_file_type != FAKE_FILE_TYPE_NONE) {
3280
3281 /*
3282 * Here we go! support for changing the disk quotas
3283 * --metze
3284 *
3285 * We need to fake up to open this MAGIC QUOTA file
3286 * and return a valid FID.
3287 *
3288 * w2k close this file directly after openening xp
3289 * also tries a QUERY_FILE_INFO on the file and then
3290 * close it
3291 */
3292 status = open_fake_file(req, conn, req->vuid,
3293 fake_file_type, smb_fname,
3294 access_mask, &fsp);
3295 if (!NT_STATUS_IS_OK(status)) {
3296 goto fail;
3297 }
3298
3299 ZERO_STRUCT(smb_fname->st);
3300 goto done;
3301 }
3302
3303 if (!(conn->fs_capabilities & FILE_NAMED_STREAMS)) {
3304 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3305 goto fail;
3306 }
3307 }
3308
3309 status = create_file_unixpath(
3310 conn, req, smb_fname, access_mask, share_access,
3311 create_disposition, create_options, file_attributes,
3312 oplock_request, allocation_size, sd, ea_list,
3313 &fsp, &info);
3314
3315 if (!NT_STATUS_IS_OK(status)) {
3316 goto fail;
3317 }
3318
3319 done:
3320 DEBUG(10, ("create_file: info=%d\n", info));
3321
3322 *result = fsp;
3323 if (pinfo != NULL) {
3324 *pinfo = info;
3325 }
3326 return NT_STATUS_OK;
3327
3328 fail:
3329 DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
3330
3331 if (fsp != NULL) {
3332 close_file(req, fsp, ERROR_CLOSE);
3333 fsp = NULL;
3334 }
3335 return status;
3336}
Note: See TracBrowser for help on using the repository browser.